def test_user_group_assignment():
g1 = Group.add_iu(name=u'group_for_testing_%s' % randchars(15))
g2 = Group.add_iu(name=u'group_for_testing_%s' % randchars(15))
u = create_user_with_permissions()
assert u.groups == []
User.edit(u.id, assigned_groups=[g1.id, g2.id])
assert len(u.groups) == 2
assert len(g1.users) == len(g2.users) == 1
User.edit(u.id, assigned_groups=g2.id)
assert len(u.groups) == 1
assert u.groups[0].id == g2.id
def test_email_maxlength(self):
topost = {
'login_id': randchars(10),
'email_address': ('r' * 140) + '@example.com',
'user-submit-flag': 'submitted'
}
r = self.c.post('users/add', data=topost)
assert r.status_code == 200, r.status
assert b'Email: Enter a value not greater than 150 characters long' in r.data
def test_constant_time_compare():
# Known cases
assert crypto.constant_time_compare(b'a', b'a')
assert not crypto.constant_time_compare(b'aa', b'c')
try:
assert crypto.constant_time_compare('a', True)
except TypeError:
pass
else:
raise AssertionError('Should have raised a TypeError')
# Fuzz Test
rando1 = randchars(200).encode()
rando2 = randchars(200).encode()
rando3 = randchars(201).encode()
assert crypto.constant_time_compare(rando1, rando1)
assert crypto.constant_time_compare(rando2, rando2)
assert crypto.constant_time_compare(rando3, rando3)
assert not crypto.constant_time_compare(rando1, rando2)
assert not crypto.constant_time_compare(rando1, rando3)
def create_user_with_permissions(approved_perms=None,
denied_perms=None,
super_user=False):
from compstack.auth.model.orm import User, Permission
appr_perm_ids = []
denied_perm_ids = []
# create the permissions
for perm in tolist(approved_perms):
p = Permission.get_by(name=perm)
if p is None:
raise ValueError('permission %s does not exist' % perm)
appr_perm_ids.append(p.id)
for perm in tolist(denied_perms):
p = Permission.get_by(name=perm)
if p is None:
raise ValueError('permission %s does not exist' % perm)
denied_perm_ids.append(p.id)
# create the user
username = u'user_for_testing_%s' % randchars(15)
password = randchars(15)
user = User.add(login_id=username,
email_address=u'*****@*****.**' % username,
password=password,
super_user=super_user,
assigned_groups=[],
approved_permissions=appr_perm_ids,
denied_permissions=denied_perm_ids)
# turn login flag off
user.reset_required = False
db.sess.commit()
# make text password available
user.text_password = password
return user
def __call__(self, environ, start_response):
if self.enabled:
self.headers = EnvironHeaders(environ)
should_log = True
if self.pi_filter is not None and self.pi_filter not in environ['PATH_INFO']:
should_log = False
if self.rm_filter is not None and environ['REQUEST_METHOD'].lower() not in [
x.lower() for x in tolist(self.rm_filter)
]:
should_log = False
if should_log:
wsgi_input = self.replace_wsgi_input(environ)
fname = '%s_%s' % (time.time(), randchars())
fh = open(path.join(self.log_dir, fname), 'wb+')
try:
fh.write(pformat(environ))
fh.write('\n')
fh.write(wsgi_input.read())
wsgi_input.seek(0)
finally:
fh.close()
return self.application(environ, start_response)
def __call__(self, environ, start_response):
if self.enabled:
self.headers = EnvironHeaders(environ)
should_log = True
if self.pi_filter is not None and self.pi_filter not in environ[
'PATH_INFO']:
should_log = False
if self.rm_filter is not None and environ['REQUEST_METHOD'].lower(
) not in [x.lower() for x in tolist(self.rm_filter)]:
should_log = False
if should_log:
wsgi_input = self.replace_wsgi_input(environ)
fname = '%s_%s' % (time.time(), randchars())
fh = open(path.join(self.log_dir, fname), 'wb+')
try:
fh.write(pformat(environ))
fh.write('\n')
fh.write(wsgi_input.read())
wsgi_input.seek(0)
finally:
fh.close()
return self.application(environ, start_response)
def test_email_fail(self):
userlogin = randchars(12)
topost = {
'login_id': userlogin,
'email_address': '*****@*****.**' % userlogin,
'user-submit-flag': 'submitted',
'approved_permissions': [],
'denied_permissions': [],
'assigned_groups': [],
'super_user': 1,
'inactive_flag': False,
'inactive_date': '10/11/2010',
'name_first': 'test',
'name_last': 'user',
'email_notify': 1
}
# cause an email exception
smtp_orig = smtplib.SMTP
smtplib.SMTP = None
req, r = self.c.post('users/add', data=topost, follow_redirects=True)
assert b'User added successfully' in r.data
assert b'An error occurred while sending the user notification email.' in r.data
assert req.url.endswith('users/manage')
topost['password'] = '******'
topost['password-confirm'] = 'new_password'
user = User.get_by_email('*****@*****.**' % userlogin)
req, r = self.c.post('users/edit/%s' % user.id,
data=topost,
follow_redirects=True)
assert b'User edited successfully' in r.data, r.data
assert b'An error occurred while sending the user notification email.' in r.data
assert req.url.endswith('users/manage')
smtplib.SMTP = smtp_orig
def test_encrypt_str():
s = randchars()
encrypted = crypto.encrypt_str(s, CRYPTO_KEY)
assert s.encode() not in encrypted
assert encrypted != crypto.encrypt_str(s, CRYPTO_KEY)
def test_permission_get_by_name():
p = Permission.add_iu(name=u'permission_for_testing_%s' % randchars(15))
assert Permission.get_by(name=p.name).id == p.id
def test_group_get_by_name():
g = Group.add_iu(name=u'group_for_testing_%s' % randchars(15))
assert Group.get_by(name=g.name).id == g.id
def pre(self, command, output_dir, vars):
# convert user's name into a username var
author = vars['author']
vars['username'] = author.split(' ')[0].capitalize()
vars['password'] = randchars(6)