Example #1
0
    def test_set_user_permission_multiple_users(session, client):
        with session() as session:
            user = register_user(session, 'diageo', 'St._Jamess_Gate_Dublin',
                                 'Arthur', 'Guinness')
            session.add(user)
            session.commit()
            perm = set_user_permission(session, 'admin', user.id)
            session.add(perm)
            session.commit()

            admin_perm = session.query(Permission).filter_by(
                name='admin').first()
            user_perm = session.query(UserPermission).filter_by(
                user_id=user.id).first()

            assert admin_perm.id == user_perm.permission_id

            new_user_2 = register_user(session, 'anheuserbusch', 'DillyDilly',
                                       'Bud', 'Light')
            session.add(new_user_2)
            session.commit()
            perm_2 = set_user_permission(session, 'user', new_user_2.id)
            session.add(perm_2)
            session.commit()

            user_permission = session.query(Permission).filter_by(
                name='user').first()
            user2_perm = session.query(UserPermission).filter_by(
                user_id=new_user_2.id).first()

            assert user_permission.id == user2_perm.permission_id
Example #2
0
    def test_is_admin(session, client):
        with session() as session:
            new_user_1 = register_user(session, 'especial1925', 'ABInBev',
                                       'Grupo', 'Modelo')
            session.add(new_user_1)
            session.commit()
            # First user must always be admin even though we are asking for user
            perm_1 = set_user_permission(session, 'user', new_user_1.id)
            session.add(perm_1)
            session.commit()

            test_with_authenticated_user(session)

            admin = is_admin(session, new_user_1)
            assert admin

            new_user_2 = register_user(session, 'anheuserbusch', 'DillyDilly',
                                       'Bud', 'Light')
            session.add(new_user_2)
            session.commit()
            perm_2 = set_user_permission(session, 'admin', new_user_2.id)
            session.add(perm_2)
            session.commit()

            # Now that there is a second user, change first user to 'user'
            change_user_permission(session, new_user_1.id)
            session.commit()

            admin = is_admin(session, new_user_1)
            assert not admin
Example #3
0
    def test_change_second_user(session, client):
        with session() as session:
            new_user_1 = register_user(session, 'sabmiller',
                                       'ColdAsTheRockies', 'Coors', 'Light')
            session.add(new_user_1)
            session.commit()
            perm = set_user_permission(session, 'admin', new_user_1.id)
            session.add(perm)
            session.commit()
            new_user_2 = register_user(session, 'anheuserbusch', 'DillyDilly',
                                       'Bud', 'Light')
            session.add(new_user_2)
            session.commit()
            perm_2 = set_user_permission(session, 'user', new_user_2.id)
            session.add(perm_2)
            session.commit()

            user_permission = session.query(Permission).filter_by(
                name='user').first()
            admin_permission = session.query(Permission).filter_by(
                name='admin').first()
            user_perm_2 = session.query(UserPermission).filter_by(
                user_id=new_user_2.id).first()
            assert user_perm_2.permission_id == user_permission.id

            change_user_permission(session, new_user_2.id)
            session.commit()
            assert user_perm_2.permission_id == admin_permission.id
            change_user_permission(session, new_user_2.id)
            session.commit()
            assert user_perm_2.permission_id == user_permission.id
Example #4
0
 def test_get_user_with_permissions(session, client):
     with session() as session:
         new_user_1 = register_user(session, 'anheuserbusch', 'DillyDilly',
                                    'Bud', 'Light')
         session.add(new_user_1)
         session.commit()
         perm_1 = set_user_permission(session, 'admin', new_user_1.id)
         session.add(perm_1)
         session.commit()
         new_user_2 = register_user(session, 'especial1925', 'ABInBev',
                                    'Grupo', 'Modelo')
         session.add(new_user_2)
         session.commit()
         perm_2 = set_user_permission(session, 'user', new_user_2.id)
         session.add(perm_2)
         session.commit()
         user = get_user_with_permissions(session, new_user_1.id)
         assert new_user_1 in user
         assert perm_1 in user
         assert user.User.first_name == 'Bud'
         assert user.Permission.name == 'admin'
Example #5
0
    def test_change_only_admin(session, client):
        with session() as session:
            user = register_user(session, 'diageo', 'St._Jamess_Gate_Dublin',
                                 'Arthur', 'Guinness')
            session.add(user)
            session.commit()
            perm = set_user_permission(session, 'admin', user.id)
            session.add(perm)
            session.commit()

            with pytest.raises(Exception) as exc:
                change_user_permission(session, user.id)
            assert str(exc.value) == 'Cannot remove last admin'
Example #6
0
 def test_user_already_registered(client, session):
     with session() as session:
         new_user = register_user(
             session, 'sabmiller', 'ColdAsTheRockies', 'Coors', 'Light')
         session.add(new_user)
         session.commit()
         perm = set_user_permission(session, 'admin', new_user.id)
         session.add(perm)
         session.commit()
         data = {'username': '******', 'password': '******',
                 'password_conf': 'ColdAsTheRockies', 'first_name': 'Coors', 'last_name': 'Light'}
         resp = client.post('/register', data=data, follow_redirects=True)
         assert b'Username already used' in resp.data
Example #7
0
 def test_get_all_users_with_permissions(session, client):
     with session() as session:
         new_user_1 = register_user(session, 'anheuserbusch', 'DillyDilly',
                                    'Bud', 'Light')
         session.add(new_user_1)
         session.commit()
         perm_1 = set_user_permission(session, 'admin', new_user_1.id)
         session.add(perm_1)
         session.commit()
         new_user_2 = register_user(session, 'especial1925', 'ABInBev',
                                    'Grupo', 'Modelo')
         session.add(new_user_2)
         session.commit()
         perm_2 = set_user_permission(session, 'user', new_user_2.id)
         session.add(perm_2)
         session.commit()
         users = get_all_users_with_permissions(session)
         assert new_user_1 in users[0] or new_user_1 in users[1]
         assert new_user_2 in users[0] or new_user_2 in users[1]
         assert perm_1 in users[0] or perm_1 in users[1]
         assert perm_2 in users[0] or perm_2 in users[1]
         assert len(users) == 2
Example #8
0
    def test_delete_user(client, session):
        with session() as session:
            new_user = register_user(
                session, 'anheuserbusch', 'DillyDilly', 'Bud', 'Light')
            session.add(new_user)
            session.commit()
            perm = set_user_permission(session, 'admin', new_user.id)
            session.add(perm)
            session.commit()
            new_user = register_user(
                session, 'especial1925', 'ABInBev', 'Grupo', 'Modelo')
            session.add(new_user)
            session.commit()
            perm = set_user_permission(session, 'user', new_user.id)
            session.add(perm)
            session.commit()

            test_with_authenticated_user(session)

            delete_id = new_user.id
            resp = client.delete('/admin', json={'user': delete_id})
            assert resp.status_code == 200
            assert resp.json == {
                'msg': f'User with ID {delete_id} successfully deleted'}
Example #9
0
    def test_patch_user(client, session):
        with session() as session:
            new_user = register_user(
                session, 'anheuserbusch', 'DillyDilly', 'Bud', 'Light')
            session.add(new_user)
            session.commit()
            perm = set_user_permission(session, 'admin', new_user.id)
            session.add(perm)
            session.commit()
            new_user = register_user(
                session, 'especial1925', 'ABInBev', 'Grupo', 'Modelo')
            session.add(new_user)
            session.commit()
            perm = set_user_permission(session, 'user', new_user.id)
            session.add(perm)
            session.commit()

            test_with_authenticated_user(session)

            user_id = new_user.id
        resp = client.patch('/admin', json={'user': user_id})
        assert resp.status_code == 200
        assert resp.json == {
            'msg': f'User permissions changed for ID {user_id}'}
Example #10
0
    def test_delete_user_bad_json(client, session):
        with session() as session:
            new_user = register_user(
                session, 'anheuserbusch', 'DillyDilly', 'Bud', 'Light')
            session.add(new_user)
            session.commit()
            perm = set_user_permission(session, 'admin', new_user.id)
            session.add(perm)
            session.commit()

            test_with_authenticated_user(session)

            resp = client.delete('/admin', json={'bad_key': new_user.id})
            assert resp.status_code == 400
            assert resp.json == {'msg': 'A known value was not supplied'}
Example #11
0
    def test_set_user_permission(session, client):
        with session() as session:
            user = register_user(session, 'diageo', 'St._Jamess_Gate_Dublin',
                                 'Arthur', 'Guinness')
            session.add(user)
            session.commit()
            perm = set_user_permission(session, 'admin', user.id)
            session.add(perm)
            session.commit()

            admin_perm = session.query(Permission).filter_by(
                name='admin').first()
            user_perm = session.query(UserPermission).filter_by(
                user_id=user.id).first()

            assert user_perm.permission_id == admin_perm.id
Example #12
0
    def test_patch_control(client, session):
        from app.main.admin import get_admin_control_by_name
        with session() as session:
            control_id = get_admin_control_by_name(session, 'new_users').id
            new_user = register_user(
                session, 'anheuserbusch', 'DillyDilly', 'Bud', 'Light')
            session.add(new_user)
            session.commit()
            perm = set_user_permission(session, 'admin', new_user.id)
            session.add(perm)
            session.commit()

            test_with_authenticated_user(session)

        resp = client.patch('/admin', json={'control': control_id})
        assert resp.status_code == 200
        assert resp.json == {
            'msg': f'Control ID: {control_id} successfull changed'}
Example #13
0
    def test_patch_user_bad_json(client, session):
        with session() as session:
            new_user = register_user(
                session, 'especial1925', 'ABInBev', 'Grupo', 'Modelo')
            session.add(new_user)
            session.commit()
            perm = set_user_permission(session, 'user', new_user.id)
            session.add(perm)
            session.commit()

            test_with_authenticated_user(session)

            user_id = new_user.id

        with patch('app.main.routes.routes.change_user_permission', side_effect=BaseException('user_permission_err')):
            resp = client.patch(
                '/admin', json={'bad_key': user_id}, follow_redirects=True)
            assert resp.status_code == 400
            assert resp.json == {'msg': 'A known value was not supplied'}
Example #14
0
    def test_admin_page(client, session):
        with session() as session:
            new_user = register_user(
                session, 'sabmiller', 'ColdAsTheRockies', 'Coors', 'Light')
            session.add(new_user)
            session.commit()
            perm = set_user_permission(session, 'admin', new_user.id)
            session.add(perm)
            session.commit()

            test_with_authenticated_user(session)

            resp = client.get('/admin')
            assert b'<title>Socks Chat | Admin</title>' in resp.data
            assert b'''<span class="horizontal">
            new_users''' in resp.data
            assert b'''sabmiller''' in resp.data
            assert b'''Coors Light''' in resp.data
            assert b'''<span class="horizontal">\n            new_users''' in resp.data
Example #15
0
    def test_user_already_logged_in(client, session):
        with session() as session:
            new_user = register_user(
                session, 'anheuserbusch', 'DillyDilly', 'Bud', 'Light')
            session.add(new_user)
            session.commit()
            perm = set_user_permission(session, 'user', new_user.id)
            session.add(perm)
            session.commit()

            test_with_authenticated_user(session)

            with client.session_transaction() as f_session:
                f_session['username'] = '******'
                f_session['name'] = 'Bud Light'
                f_session['room'] = 'ABInBev'

            resp = client.get('/', follow_redirects=True)
            assert b'<title>Socks Chat | Chat</title>' in resp.data
Example #16
0
    def test_patch_control_exception(client, session):
        from app.main.admin import get_admin_control_by_name
        with session() as session:
            control_id = get_admin_control_by_name(session, 'new_users').id
            new_user = register_user(
                session, 'especial1925', 'ABInBev', 'Grupo', 'Modelo')
            session.add(new_user)
            session.commit()
            perm = set_user_permission(session, 'user', new_user.id)
            session.add(perm)
            session.commit()

            test_with_authenticated_user(session)

        with patch('app.main.routes.routes.get_admin_control_by_id', side_effect=Exception('admin_switch_err')):
            resp = client.patch(
                '/admin', json={'control': control_id}, follow_redirects=True)
            assert resp.status_code == 500
            assert resp.json == {
                'msg': 'Something went wrong changing the control'}
Example #17
0
def register():
    admin = is_admin(g.session, current_user)
    form = RegisterForm()
    # Check if 'new_users' is turned on or off
    if not get_admin_control_by_name(g.session, 'new_users').value:
        return render_template(
            'register.html',
            form=form,
            admin=admin,
            msg='New user registration has been disabled at this time',
            svg=Markup(svg_contents('./app/static/socks.svg')))
    if request.method == 'GET':
        return render_template('register.html',
                               form=form,
                               svg=Markup(
                                   svg_contents('./app/static/socks.svg')))
    elif request.method == 'POST':
        if form.validate_on_submit():
            username = request.form.get('username')
            password = request.form.get('password')
            password_conf = request.form.get('password_conf')
            first_name = request.form.get('first_name')
            last_name = request.form.get('last_name')
            if password != password_conf:
                return render_template(
                    'register.html',
                    form=form,
                    admin=admin,
                    msg='Passwords did not match',
                    svg=Markup(svg_contents('./app/static/socks.svg')))
            try:
                new_user = register_user(g.session, username, password,
                                         first_name, last_name)
                try:
                    # add the new user to the database
                    g.session.add(new_user)
                    g.session.commit()
                except:
                    g.session.rollback()
                    raise Exception('Error adding new user')
                # Set user's role as 'user'
                user_permission = set_user_permission(g.session, 'user',
                                                      new_user.id)
                try:
                    # add the new user's related permission to the database
                    g.session.add(user_permission)
                    g.session.commit()
                except:
                    g.session.rollback()
                    raise Exception('Error setting user permissions')
            except Exception as err:
                return render_template(
                    'register.html',
                    form=form,
                    admin=admin,
                    msg=str(err),
                    svg=Markup(svg_contents('./app/static/socks.svg')))
            except:
                return render_template(
                    'register.html',
                    form=form,
                    admin=admin,
                    msg=f'Unexpected error: {sys.exc_info()[0]}',
                    svg=Markup(svg_contents('./app/static/socks.svg')))
        else:
            return render_template('register.html',
                                   form=form,
                                   admin=admin,
                                   msg='Not all required fields provided',
                                   svg=Markup(
                                       svg_contents('./app/static/socks.svg')))
    flash('Registration successful')
    return redirect(url_for('.index'))