def test_import_auth_cant_write_node(self): ea = self.ExternalAccountFactory() user = AuthUserFactory() user.add_addon(self.ADDON_SHORT_NAME, auth=Auth(user)) user.external_accounts.append(ea) user.save() node = ProjectFactory(creator=self.user) node.add_contributor(user, permissions=[permissions.READ], auth=self.auth, save=True) node.add_addon(self.ADDON_SHORT_NAME, auth=self.auth) node.save() url = node.api_url_for('{0}_import_auth'.format(self.ADDON_SHORT_NAME)) res = self.app.put_json(url, {'external_account_id': ea._id}, auth=user.auth, expect_errors=True) assert_equal(res.status_code, http.FORBIDDEN)
def setUp(self): super(TestNodeContributorDelete, self).setUp() self.user = AuthUserFactory() self.user_two = AuthUserFactory() self.user_three = AuthUserFactory() self.project = ProjectFactory(creator=self.user) self.project.add_contributor( self.user_two, permissions=[permissions.READ, permissions.WRITE], visible=True, save=True) self.url_user = '******'.format( API_BASE, self.project._id, self.user._id) self.url_user_two = '/{}nodes/{}/contributors/{}/'.format( API_BASE, self.project._id, self.user_two._id) self.url_user_three = '/{}nodes/{}/contributors/{}/'.format( API_BASE, self.project._id, self.user_three._id)
def test_do_migration(self): project = ProjectFactory() user = UserFactory() node = NodeFactory(parent=project) node.add_contributor(contributor=user) node.save() for log in node.logs: if log.action == 'contributor_added': project.logs.append(log) project.save() node_list = get_targets() do_migration(node_list) logs = [ each for each in project.logs if each.action == 'contributor_added' ] assert len(logs) is 1 assert logs[0].should_hide is True
def test_node_child_filtering(self): user = AuthUserFactory() project = ProjectFactory(creator=user) title1, title2 = fake.bs(), fake.bs() component = NodeFactory(title=title1, parent=project) component2 = NodeFactory(title=title2, parent=project) url = '/{}nodes/{}/children/?filter[title]={}'.format( API_BASE, project._id, title1 ) res = self.app.get(url, auth=user.auth) ids = [node['id'] for node in res.json['data']] assert_in(component._id, ids) assert_not_in(component2._id, ids)
def setUp(self): super(TestNodeChildCreate, self).setUp() self.user = AuthUserFactory() self.user_two = AuthUserFactory() self.project = ProjectFactory(creator=self.user, is_public=True) self.url = '/{}nodes/{}/children/'.format(API_BASE, self.project._id) self.child = { 'data': { 'type': 'nodes', 'attributes': { 'title': 'child', 'description': 'this is a child project', 'category': 'project' } } }
def test_unregistered_users_names_are_project_specific(self): name1, name2, email = fake.name(), fake.name(), fake.email() project2 = ProjectFactory(creator=self.referrer) # different projects use different names for the same unreg contributor self.project.add_unregistered_contributor(email=email, fullname=name1, auth=Auth(self.referrer)) self.project.save() project2.add_unregistered_contributor(email=email, fullname=name2, auth=Auth(self.referrer)) project2.save() self.app.authenticate(*self.referrer.auth) # Each project displays a different name in the contributor list res = self.app.get(self.project.url) assert_in_html(name1, res) res2 = self.app.get(project2.url) assert_in_html(name2, res2)
def setUp(self): super(TestFileVersionView, self).setUp() self.user = AuthUserFactory() self.node = ProjectFactory(creator=self.user) self.osfstorage = self.node.get_addon('osfstorage') self.root_node = self.osfstorage.get_root() self.file = self.root_node.append_file('test_file') self.file.create_version( self.user, { 'object': '06d80e', 'service': 'cloud', osfstorage_settings.WATERBUTLER_RESOURCE: 'osf', }, { 'size': 1337, 'contentType': 'img/png' }).save()
def setUp(self): super(TestShortUrls, self).setUp() self.user = UserFactory() # Add an API key for quicker authentication api_key = ApiKeyFactory() self.user.api_keys.append(api_key) self.user.save() self.auth = ('test', api_key._primary_key) self.consolidate_auth = Auth(user=self.user, api_key=api_key) self.project = ProjectFactory(creator=self.user) # A non-project componenet self.component = NodeFactory(category='hypothesis', creator=self.user) self.project.nodes.append(self.component) self.component.save() # Hack: Add some logs to component; should be unnecessary pending # improvements to factories from @rliebz self.component.set_privacy('public', auth=self.consolidate_auth) self.component.set_privacy('private', auth=self.consolidate_auth) self.wiki = NodeWikiFactory(user=self.user, node=self.component)
def test_GET_disapprove_with_valid_token_returns_redirect_to_parent(self): project = ProjectFactory(creator=self.user) registration = RegistrationFactory(project=project) registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) registration.save() assert_true(registration.is_pending_embargo) rejection_token = registration.embargo.approval_state[ self.user._id]['rejection_token'] res = self.app.get( registration.web_url_for('view_project', token=rejection_token), auth=self.user.auth, ) registration.embargo.reload() assert_equal(registration.embargo.state, Embargo.REJECTED) assert_false(registration.is_pending_embargo) assert_equal(res.status_code, 302)
def setUp(self): super(AddonSerializerTestSuiteMixin, self).setUp() self.user = AuthUserFactory() self.node = ProjectFactory(creator=self.user) self.set_user_settings(self.user) assert_is_not_none( getattr(self, 'user_settings'), "'set_user_settings' should set the 'user_settings' attribute of the instance to an instance of the appropriate user settings model." ) self.set_node_settings(self.user_settings) assert_is_not_none( getattr(self, 'node_settings'), "'set_node_settings' should set the 'user_settings' attribute of the instance to an instance of the appropriate node settings model." ) self.ser = self.Serializer( user_settings=self.user_settings, node_settings=self.node_settings )
def setUp(self): super(MendeleyViewsTestCase, self).setUp() self.account = MendeleyAccountFactory() self.user = AuthUserFactory(external_accounts=[self.account]) self.account.display_name = self.user.fullname self.account.save() self.user_addon = MendeleyUserSettingsFactory(owner=self.user, external_account=self.account) self.project = ProjectFactory(creator=self.user) self.node_addon = MendeleyNodeSettingsFactory(owner=self.project) self.node_addon.set_auth(external_account=self.account, user=self.user) #self.user_addon.grant_oauth_access(self.node_addon, self.account, metadata={'lists': 'list'}) self.node = MockNode() self.node.addon = self.node_addon self.id_patcher = mock.patch('website.addons.mendeley.model.Mendeley.client_id') self.secret_patcher = mock.patch('website.addons.mendeley.model.Mendeley.client_secret') self.id_patcher.__get__ = mock.Mock(return_value='1234567890asdf') self.secret_patcher.__get__ = mock.Mock(return_value='1234567890asdf') self.id_patcher.start() self.secret_patcher.start()
def setUp(self): super(TestMigrateFiles, self).setUp() self.clear() self.nodes = [] for idx in range(3): node = ProjectFactory() node.add_file( Auth(user=node.creator), 'name', 'contents', len('contents'), 'text/plain', ) self.nodes.append(node) self.nodes[-1].files_versions = {} self.nodes[-1].save() # Sanity check assert_in('name', self.nodes[-1].files_current) assert_not_in('name', self.nodes[-1].files_versions)
def test_get_summary_private_fork_private_project_should_include_is_fork(self): # contributor on a private project user = UserFactory() node = ProjectFactory(public=False) node.add_contributor(user) # contributor cannot see private fork of this project consolidated_auth = Auth(user=node.creator) fork = node.fork_node(consolidated_auth) res = _get_summary( fork, auth=Auth(user), rescale_ratio=None, primary=True, link_id=None ) # serialized result should have is_fork assert_false(res['summary']['can_view']) assert_true(res['summary']['is_fork'])
def test_has_permission_decommissioned_scope_no_error(self): component_admin = AuthUserFactory() component = ProjectFactory(creator=component_admin, is_public=False, parent=self.node) cas_resp = cas.CasResponse(authenticated=True, status=None, user=self.user._id, attributes={ 'accessTokenScope': { 'decommissioned.scope+write', 'osf.nodes.data+read', } }) assert_false(component.has_permission(self.user, 'write')) res = views.check_access(component, Auth(user=self.user), 'download', cas_resp) assert_true(res)
def test_POST_register_make_public_immediately_creates_private_pending_registration_for_public_project(self, mock_enqueue): self.project.is_public = True self.project.save() component = NodeFactory( creator=self.user, parent=self.project, title='Component', is_public=True ) subproject = ProjectFactory( creator=self.user, parent=self.project, title='Subproject', is_public=True ) subproject_component = NodeFactory( creator=self.user, parent=subproject, title='Subcomponent', is_public=True ) res = self.app.post( self.project.api_url_for('register_draft_registration', draft_id=self.draft._id), self.valid_make_public_payload, content_type='application/json', auth=self.user.auth ) self.project.reload() assert_equal(res.status_code, 202) assert_equal(res.json['urls']['registrations'], self.project.web_url_for('node_registrations')) # Last node directly registered from self.project registration = Node.find( Q('registered_from', 'eq', self.project) ).sort('-registered_date')[0] assert_true(registration.is_registration) assert_false(registration.is_public) for node in registration.get_descendants_recursive(): assert_true(node.is_registration) assert_false(node.is_public)
def test_new_primary_not_in_node(self): project = ProjectFactory() file_for_project = test_utils.create_test_file(project, 'letoutthatantidote.pdf') relationships = { "primary_file": { "data": { "type": "file", "id": file_for_project._id } } } update_file_payload = build_preprint_update_payload(self.preprint._id, relationships=relationships) res = self.app.patch_json_api(self.url, update_file_payload, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) self.preprint.reload() assert_not_equal(self.preprint.primary_file, file_for_project)
def setUp(self): super(TestAddonFileViews, self).setUp() self.user = AuthUserFactory() self.project = ProjectFactory(creator=self.user) self.user.add_addon('github') self.project.add_addon('github', auth=Auth(self.user)) self.user_addon = self.user.get_addon('github') self.node_addon = self.project.get_addon('github') self.oauth = AddonGitHubOauthSettings(github_user_id='denbarell', oauth_access_token='Truthy') self.oauth.save() self.user_addon.oauth_settings = self.oauth self.user_addon.save() self.node_addon.user_settings = self.user_addon self.node_addon.save()
def setUp(self): super(RegistrationRetractionApprovalDisapprovalViewsTestCase, self).setUp() self.user = AuthUserFactory() self.registered_from = ProjectFactory(is_public=True, creator=self.user) self.registration = RegistrationFactory(is_public=True, project=self.registered_from) self.registration.retract_registration(self.user) self.registration.save() self.approval_token = self.registration.retraction.approval_state[ self.user._id]['approval_token'] self.rejection_token = self.registration.retraction.approval_state[ self.user._id]['rejection_token'] self.corrupt_token = fake.sentence() self.token_without_sanction = tokens.encode({ 'action': 'approve_retraction', 'user_id': self.user._id, 'sanction_id': 'invalid id' })
def test_public_node_contributor_cannot_delete_other_users_comment(self): public_project = ProjectFactory(is_public=True, creator=self.user) comment = CommentFactory(node=public_project, target=public_project, user=self.user) url = '/{}comments/{}/'.format(API_BASE, comment._id) payload = { 'data': { 'id': comment._id, 'type': 'comments', 'attributes': { 'deleted': True } } } res = self.app.patch_json_api(url, payload, auth=self.contributor.auth, expect_errors=True) assert_equal(res.status_code, 403)
def test_import_auth(self): ea = self.ExternalAccountFactory() self.user.external_accounts.append(ea) self.user.save() node = ProjectFactory(creator=self.user) node_settings = node.get_or_add_addon(self.ADDON_SHORT_NAME, auth=Auth(self.user)) node.save() url = node.api_url_for('{0}_import_auth'.format(self.ADDON_SHORT_NAME)) res = self.app.put_json(url, { 'external_account_id': ea._id }, auth=self.user.auth) assert_equal(res.status_code, http.OK) assert_in('result', res.json) node_settings.reload() assert_equal(node_settings.external_account._id, ea._id) node.reload() last_log = node.logs.latest() assert_equal(last_log.action, '{0}_node_authorized'.format(self.ADDON_SHORT_NAME))
def setUp(self): super(TestCommentRepliesFiltering, self).setUp() self.user = AuthUserFactory() self.project = ProjectFactory(creator=self.user) self.comment = CommentFactory(node=self.project, user=self.user) self.reply = CommentFactory(node=self.project, target=self.comment, user=self.user) self.deleted_reply = CommentFactory(node=self.project, target=self.comment, user=self.user, is_deleted=True) self.base_url = '/{}comments/{}/replies/'.format( API_BASE, self.comment._id) self.formatted_date_created = self.reply.date_created.strftime( '%Y-%m-%dT%H:%M:%S.%f') self.reply.edit('Edited comment', auth=core.Auth(self.user), save=True) self.formatted_date_modified = self.reply.date_modified.strftime( '%Y-%m-%dT%H:%M:%S.%f')
def test_sees_log_events_on_watched_projects(self): # Another user has a public project u2 = UserFactory(username='******', fullname='Bono') key = ApiKeyFactory() u2.api_keys.append(key) u2.save() project = ProjectFactory(creator=u2, is_public=True) project.add_contributor(u2) auth = Auth(user=u2, api_key=key) project.save() # User watches the project watch_config = WatchConfigFactory(node=project) self.user.watch(watch_config) self.user.save() # Goes to her dashboard, already logged in res = self.app.get('/dashboard/', auth=self.auth, auto_follow=True) # Sees logs for the watched project assert_in('Watched Projects', res) # Watched Projects header # The log action is in the feed assert_in(project.title, res)
def test_wiki_pages_with_invalid_nodes_are_removed_after_cloning(self): project = ProjectFactory(creator=self.user, is_public=True) wiki = NodeWikiFactory(node=project) fork = project.fork_node(auth=Auth(self.user)) fork.wiki_pages_versions = project.wiki_pages_versions fork.wiki_pages_current = project.wiki_pages_current fork.save() # Remove original node - wiki.node no longer points to an existing project Node.remove_one(project._id) # clone wiki page main() fork.reload() cloned_wiki_id = fork.wiki_pages_versions[wiki.page_name][0] cloned_wiki = NodeWikiPage.load(cloned_wiki_id) assert_equal(cloned_wiki.node._id, fork._id) # move original wiki page to unmigratedwikipages collection assert_false(db.nodewikipage.find_one({'_id': wiki._id})) assert_true(db.unmigratedwikipages.find_one({'_id': wiki._id}))
def test_public_node_private_comment_level_non_contributor_cannot_see_reports( self): project = ProjectFactory(is_public=True, creator=self.user, comment_level='private') comment = CommentFactory(node=project, user=self.user) comment.reports = dict() comment.reports[self.user._id] = { 'category': 'spam', 'text': 'This is spam', 'date': datetime.utcnow(), 'retracted': False, } comment.save() url = '/{}comments/{}/reports/'.format(API_BASE, comment._id) res = self.app.get(url, auth=self.non_contributor.auth, expect_errors=True) assert_equal(res.status_code, 403) assert_equal(res.json['errors'][0]['detail'], 'You do not have permission to perform this action.')
def setUp(self): super(TestSearchSerializer, self).setUp() self.user = AuthUserFactory() self.project = ProjectFactory(creator=self.user, is_public=True) self.component = NodeFactory(parent=self.project, creator=self.user, is_public=True) self.file = utils.create_test_file(self.component, self.user) ensure_schemas() self.schema = MetaSchema.find_one( Q('name', 'eq', 'Replication Recipe (Brandt et al., 2013): Post-Completion') & Q('schema_version', 'eq', LATEST_SCHEMA_VERSION)) with mock_archive(self.project, autocomplete=True, autoapprove=True, schema=self.schema) as registration: self.registration = registration
def test_forward_slash_is_removed_from_wiki_title(self): project = ProjectFactory() wiki = NodeWikiFactory(node=project, is_current=True) invalid_name = 'invalid/name' db.nodewikipage.update({'_id': wiki._id}, {'$set': { 'page_name': invalid_name }}) project.wiki_pages_current[ 'invalid/name'] = project.wiki_pages_current[wiki.page_name] project.wiki_pages_versions[ 'invalid/name'] = project.wiki_pages_versions[wiki.page_name] project.save() main() wiki.reload() assert_equal(wiki.page_name, 'invalidname') assert_in('invalidname', project.wiki_pages_current) assert_in('invalidname', project.wiki_pages_versions)
def test_redirect_when_viewing_private_project_file_through_view_only_link( self): project = ProjectFactory() test_file = OsfStorageFile.create( is_file=True, node=project, path='/test', name='test', materialized_path='/test', ) test_file.save() guid = test_file.get_guid(create=True) view_only_link = self._add_private_link(project) url = '/{}guids/{}/?view_only={}'.format(API_BASE, guid._id, view_only_link.key) res = self.app.get(url, auth=AuthUserFactory().auth) redirect_url = '{}{}files/{}/?view_only={}'.format( API_DOMAIN, API_BASE, test_file._id, view_only_link.key) assert_equal(res.status_code, 302) assert_equal(res.location, redirect_url)
def setUp(self): super(TestWikiRename, self).setUp() self.project = ProjectFactory(is_public=True) api_key = ApiKeyFactory() self.project.creator.api_keys.append(api_key) self.project.creator.save() self.consolidate_auth = Auth(user=self.project.creator, api_key=api_key) self.auth = ('test', api_key._primary_key) self.project.update_node_wiki('home', 'Hello world', self.consolidate_auth) self.page_name = 'page2' self.project.update_node_wiki(self.page_name, 'content', self.consolidate_auth) self.project.save() self.page = self.project.get_wiki_page(self.page_name) self.wiki = self.project.get_wiki_page('home') self.url = self.project.api_url_for( 'project_wiki_rename', wname=self.page_name, )
def setUp(self): super(TestAddonFileViews, self).setUp() self.user = AuthUserFactory() self.project = ProjectFactory(creator=self.user) self.user.add_addon('github') self.project.add_addon('github', auth=Auth(self.user)) self.user_addon = self.user.get_addon('github') self.node_addon = self.project.get_addon('github') self.oauth = GitHubAccountFactory() self.oauth.save() self.user.external_accounts.append(self.oauth) self.user.save() self.node_addon.user_settings = self.user_addon self.node_addon.external_account = self.oauth self.node_addon.repo = 'Truth' self.node_addon.user = '******' self.node_addon.save()
def setUp(self): super(OAuthAddonNodeSettingsTestSuiteMixin, self).setUp() self.node = ProjectFactory() self.user = self.node.creator self.external_account = self.ExternalAccountFactory() self.user.add_addon(self.short_name) self.user.external_accounts.append(self.external_account) self.user.save() self.user_settings = self.user.get_addon(self.short_name) self.user_settings.grant_oauth_access( node=self.node, external_account=self.external_account, metadata={'folder': '1234567890'}) self.user_settings.save() self.node_settings = self.NodeSettingsFactory( **self._node_settings_class_kwargs(self.node, self.user_settings)) self.node_settings.external_account = self.external_account self.node_settings.save()