def canview (request, userid, domain): '''This method ensures that current user is eligable to see the requested page. It first checks to see that the passed in userid and domain is a valid entry in the database. If so, the session user (accessed via the request object) is examined. Being an administrator of the system ensures that all valid requests are viewable. A standard user must match the the crendentials stored in the session against the requested page. If no conditions are met it returns false by default. This method should only be called in a view method as it requires the instance of the HttpRequest object.''' # Create model instance model = AuthModel() # The requested page owner request_user = model.getuser(userid, domain) # If there is no such user or the function # threw and error raise a page not found # exception if ((request_user and not request_user.userid) or (not request_user and model.error)): raise Http404 # Now that we have ensured the requested page # actually belongs to someone, see if the current # session viewer is allowed to see it. try: session_user = request.session['user'] except KeyError: # If there is no user then # we return False return False else: # if the user admin it will always be viewable if session_user.b_isadmin: return True # If the user is not an admin then check that the requested page # belongs to the session user. This will only be the case # if the domain and userid of the requested page match that # of the logged in user. elif (session_user.username == userid and session_user.domain == domain): return True else: return False return False
def setUp(self):
# Get connection singleton
connection = CLWConnection(test_db_host, test_db_name, test_db_user,
test_db_pass)
# Create a new cursor object.
cursor = connection.cursor()
params = {'mode': 1,
'domainname': 'example.co.uk',
'newdomainname': None,
}
self.adminmodel = AdminModel()
self.authmodel = AuthModel()
self.mailmodel = MailModel()
self.eximmodel = EximModel()
domainadded = self.adminmodel.managedomain(params)
# Create a user
params = {'mode': 1,
'userid': 'test.a',
'password': '******',
'home': '/home/mailstore/',
'domain': 'example.co.uk',
'uid': 1001,
'gid': 1001,
'status': 1,
'typer':'Person',
'role':"",
'fullname':'Test User',
'notes':None
}
# add the user
useradded = self.adminmodel.manageuser(params)
# Check user added
self.assertNotEqual(useradded, False)
def login(request):
''' This method provides a mechanism for users
to log into the system. If credentials are
correctly supplied the user will be set
as the session user. Othewise, the view
is rendered anew with appropriate error messages'''
# Create model instance
model = AuthModel()
# The object which will contain
# the current session user, if one exists
user = None
# The error to be displayed if form validates
# but credentials are incorrect
error = None
#Default data if no post
new_data = None
form = LoginForm()
# If a user is already logged in, then redirect
# to the appropirate holiday page.
if request.session['user'].is_authenticated():
user = request.session['user']
if user.b_isadmin:
return HttpResponseRedirect(urlrel + 'admin/user/manage/' )
else:
return HttpResponseRedirect(urlrel +
'mailstore/user/%s/domain/%s/holiday/' % (user.username, user.domain))
# Otherwise go to login page
else:
# Check if we are validating post information
if request.method == "POST" and "username" in request.POST:
# Get post information
new_data = request.POST.copy()
# Bind form to post data
form = LoginForm(new_data)
if form.is_valid():
# Get cleaned data. This a standardized
# output for a range of given input
cleaned_data = form.clean()
username = str(cleaned_data['username'])
password = str(cleaned_data['password'])
user = model.login(username,password)
if not model.error and not user.userid:
# If user doesnt exist, then supplied crendentials are incorrect
error = "Your username and password combination was not found"
else:
# If the user was found check he/she is active
try:
string_status = status_mapper[user.status]
except KeyError:
# if the status is not found default to not active.
error = "Your account is not active. Please contact Rory Campbell-Lange."
else:
# We have found a valid status. Check its active
if status_mapper[user.status] == "Inactive":
# If user status is inactive
error = "Your account is not active. Please contact Rory Campbell-Lange."
else:
# If user does exist, then we assign them as current session user
session_user = AuthUser(user.userid,
user.domain,
user.status,
user.b_isadmin)
request.session['user'] = session_user
# Get the request url to redirect to
# This is the url the user wanted to go to before logging in.
redirect_url = request.session.get('pre_auth_url', None)
if redirect_url:
# Remove the request url as it is no longer needed.
del request.session['pre_auth_url']
return HttpResponseRedirect(redirect_url)
else:
if session_user.b_isadmin:
# redirect to management page
return HttpResponseRedirect(urlrel + 'admin/user/manage/')
else:
# otherwise Redirect to user home page
return HttpResponseRedirect(urlrel + 'mailstore/user/%s/domain/%s/holiday/' %
(session_user.username,
session_user.domain))
return render_to_response('auth/login.html',
{'thistemplate':thistemplate,
'form':form,
'new_data':new_data,
'loginerror':error},
context_instance=RequestContext(request))
class MailTestCase(unittest.TestCase):
def setUp(self):
# Get connection singleton
connection = CLWConnection(test_db_host, test_db_name, test_db_user,
test_db_pass)
# Create a new cursor object.
cursor = connection.cursor()
params = {'mode': 1,
'domainname': 'example.co.uk',
'newdomainname': None,
}
self.adminmodel = AdminModel()
self.authmodel = AuthModel()
self.mailmodel = MailModel()
self.eximmodel = EximModel()
domainadded = self.adminmodel.managedomain(params)
# Create a user
params = {'mode': 1,
'userid': 'test.a',
'password': '******',
'home': '/home/mailstore/',
'domain': 'example.co.uk',
'uid': 1001,
'gid': 1001,
'status': 1,
'typer':'Person',
'role':"",
'fullname':'Test User',
'notes':None
}
# add the user
useradded = self.adminmodel.manageuser(params)
# Check user added
self.assertNotEqual(useradded, False)
def test_auth(self):
# Check login
user = self.authmodel.login('*****@*****.**', 'password')
# check user returned
self.assertEqual(user.userid, 'test.a')
# Check not working
user = self.authmodel.login('*****@*****.**', 'password')
self.assertEqual(user.userid, None)
def test_usermanage(self):
# Create a user
params = {'mode': 1,
'userid': 'test.b',
'password': '******',
'home': '/home/mailstore/',
'domain': 'example.co.uk',
'uid': 1001,
'gid': 1001,
'status': 1,
'typer':'Person',
'role':"Architect",
'fullname':'Test User',
'notes':"here are some notes"
}
# add the user
useradded = self.adminmodel.manageuser(params)
# Check user added
self.assertNotEqual(useradded, False)
# add the user
useradded = self.adminmodel.manageuser(params)
user = self.adminmodel.getuser('test.b', 'example.co.uk')
self.assertNotEqual(user, None)
self.assertEqual(user.password,'password')
self.assertEqual(user.userid,'test.b')
self.assertEqual(user.domain,'example.co.uk')
self.assertEqual(user.status,1)
self.assertEqual(user.typer,'Person')
self.assertEqual(user.uid,1001)
self.assertEqual(user.gid,1001)
self.assertEqual(user.role,'Architect')
self.assertEqual(user.notes,'here are some notes')
# Edit a user
params = {'mode': 2,
'userid': 'test.b',
'password': '******',
'home': '/home/mailstore/',
'domain': 'example.co.uk',
'uid': 1001,
'gid': 1001,
'status': 1,
'typer':'Person',
'role':"Architect",
'fullname':'Test User edited',
'notes':"here are some notes"
}
# edit the user
useredited = self.adminmodel.manageuser(params)
# Check user edited
self.assertNotEqual(useredited, False)
user = self.adminmodel.getuser('test.b', 'example.co.uk')
self.assertNotEqual(user, None)
self.assertEqual(user.password,'changedpass')
self.assertEqual(user.fullname,'Test User edited')
#hide a user
params = {'mode': 4,
'userid': 'test.b',
'password': None,
'home': None,
'domain':'example.co.uk',
'uid': None,
'gid': None,
'status': 9,
'typer':None,
'role':None,
'fullname':None,
'notes':None
}
# edit the user
userhidden = self.adminmodel.manageuser(params)
# Check user edited
self.assertNotEqual(userhidden, False)
user = self.adminmodel.getuser('test.b', 'example.co.uk')
self.assertNotEqual(user, None)
self.assertEqual(user.status,9)
# delete a user
params = {'mode': 3,
'userid': 'test.b',
'password': None,
'home': None,
'domain': 'example.co.uk',
'uid': None,
'gid': None,
'status': 9,
'typer':None,
'role':None,
'fullname':None,
'notes':None
}
# delete the user
userdeleted = self.adminmodel.manageuser(params)
self.assertNotEqual(userdeleted, False)
user = self.adminmodel.getuser('test.b', 'example.co.uk')
self.assertEqual(user.userid, None)
def test_goupmanage(self):
# Create a group
params = {'mode': 1,
'alias': 'agroup',
'domain': 'example.co.uk',
'new_alias': None,
'notes':"test"
}
# try add the group
groupadded = self.adminmodel.managealias(params)
# Check group was added
self.assertEqual(groupadded, True)
params = {'mode':1, # add alias users
'alias':'agroup',
'userid':'test.a',
'domain':'example.co.uk'
}
# check added user to alias
aliasuseradded = self.adminmodel.managealiasuser(params)
self.assertEqual(aliasuseradded, True)
# Retrieve info
alias = self.adminmodel.getalias('agroup', 'example.co.uk')
self.assertNotEqual(alias, None)
self.assertEqual(alias.aliasname,'agroup')
self.assertEqual(alias.notes,'test')
users = self.adminmodel.getaliasusers('agroup','example.co.uk')
self.assertNotEqual(users, None)
users = list(users)
self.assertEqual(len(users),1)
user = users[0]
self.assertEqual(user.username,'*****@*****.**')
# create function parameter list
params = {'mode': 2,
'alias': 'agroup',
'domain': 'example.co.uk',
'new_alias': 'bgroup',
'notes': None
}
# edit the group
groupedited = self.adminmodel.managealias(params)
# Check alias edited
self.assertNotEqual(groupedited, False)
alias = self.adminmodel.getalias('bgroup', 'example.co.uk')
self.assertNotEqual(alias, None)
self.assertEqual(alias.aliasname,'bgroup')
self.assertEqual(alias.notes,None)
users = self.adminmodel.getaliasusers('bgroup','example.co.uk')
self.assertNotEqual(users, None)
users = list(users)
self.assertEqual(len(users),1)
user = users[0]
self.assertEqual(user.username,'*****@*****.**')
# create function parameter list
params = {'mode': 3,
'alias': 'bgroup',
'domain': 'example.co.uk',
'new_alias': None,
'notes':None
}
# delete the group
groupdeleted = self.adminmodel.managealias(params)
# Check user edited
self.assertNotEqual(groupdeleted, False)
# Ensure there was a cascding delete of alias users
users = self.adminmodel.getaliasusers('bgroup','example.co.uk')
self.assertEqual(users, None)
def test_domainmanage(self):
# Create a domain
params = {'mode': 1,
'domainname': 'HOPKINS.CO.UK',
'newdomainname': None,
}
# try add the domain
domainadded = self.adminmodel.managedomain(params)
# Check domain was NOT added
self.assertEqual(domainadded, False)
self.assertEqual(self.adminmodel.error, "This domain already exists\n")
# Create a domain
params = {'mode': 1,
'domainname': 'otherdomain.com',
'newdomainname': None,
}
# try add the domain
domainadded = self.adminmodel.managedomain(params)
# Check domain was added
self.assertEqual(domainadded, True)
# Get the domain
request_domain = self.adminmodel.getdomain('otherdomain.com')
self.assertEqual(request_domain.domainname, 'otherdomain.com')
params = {'mode': 2,
'domainname': 'example.co.uk',
'newdomainname': 'newexample.co.uk',
}
# check edited domain
domainedited = self.adminmodel.managedomain(params)
self.assertEqual(domainedited, True)
# Get the domain
request_domain = self.adminmodel.getdomain('newexample.co.uk')
self.assertEqual(request_domain.domainname, 'newexample.co.uk')
# Check changed reflected in users
user = self.adminmodel.getuser('test.a', 'newexample.co.uk')
self.assertNotEqual(user, None)
self.assertEqual(user.domain, 'newexample.co.uk')
self.assertEqual(user.userid, 'test.a')
# Delete a domain
params = {'mode': 3,
'domainname': 'otherdomain.com',
'newdomainname': None,
}
# try delete the domain
domaindeleted = self.adminmodel.managedomain(params)
# Check domain was deleted
self.assertEqual(domaindeleted, True)
# Get the domain
request_domain = self.adminmodel.getdomain('otherdomain.com')
self.assertEqual(request_domain.domainname, None)
# try delete domain with reference to user
params = {'mode': 3,
'domainname': 'newexample.co.uk',
'newdomainname': None,
}
# try delete the domain
domaindeleted = self.adminmodel.managedomain(params)
# Check domain was Not deleted
self.assertEqual(domaindeleted, False)
self.assertEqual(self.adminmodel.error,
"This domain is referenced by users of the system and cannot be deleted.\n")
# Get the domain
request_domain = self.adminmodel.getdomain('newexample.co.uk')
self.assertNotEqual(request_domain, None)
def test_holidaymanage(self):
#Add holiday
param_dict = {'mode':1,
'username':'******',
'domain':'example.co.uk',
'hstart':'2008-01-01 09:00:00',
'hend':'2008-01-10 09:00:00',
'message':"The holiday message",
'id':-1,
'b_default':False}
result = self.mailmodel.manageholiday(**param_dict)
self.assertNotEqual(result, None)
holidays = self.mailmodel.getuserholidays( 'test.a', 'example.co.uk')
self.assertNotEqual(holidays, None)
holidays = list(holidays)
self.assertEqual(len(holidays), 1)
holiday = holidays[0]
self.assertEqual(holiday.holstart.year,2008)
self.assertEqual(holiday.holstart.month,1)
self.assertEqual(holiday.holstart.day,1)
self.assertEqual(holiday.holstart.hour,9)
self.assertEqual(holiday.holstart.minute,0)
self.assertEqual(holiday.holend.year,2008)
self.assertEqual(holiday.holend.month,1)
self.assertEqual(holiday.holend.day,10)
self.assertEqual(holiday.holend.hour,9)
self.assertEqual(holiday.holend.minute,0)
self.assertEqual(holiday.holmsg,'The holiday message')
#Edit holiday
param_dict = {'mode':2,
'username':'******',
'domain':'example.co.uk',
'hstart':'2008-01-01 10:00:00',
'hend':'2008-01-10 09:00:00',
'message':"The edit message",
'id':holiday.holid,
'b_default':False}
result = self.mailmodel.manageholiday(**param_dict)
self.assertNotEqual(result, None)
holidays = self.mailmodel.getuserholidays( 'test.a', 'example.co.uk')
self.assertNotEqual(holidays, None)
holidays = list(holidays)
self.assertEqual(len(holidays), 1)
holiday = holidays[0]
self.assertEqual(holiday.holstart.year,2008)
self.assertEqual(holiday.holstart.month,1)
self.assertEqual(holiday.holstart.day,1)
self.assertEqual(holiday.holstart.hour,10)
self.assertEqual(holiday.holstart.minute,0)
self.assertEqual(holiday.holmsg,'The edit message')
#Delete holiday
param_dict = {'mode':3,
'username':'******',
'domain':'example.co.uk',
'hstart':None,
'hend':None,
'message':None,
'id':holiday.holid,
'b_default': None}
result = self.mailmodel.manageholiday(**param_dict)
self.assertNotEqual(result, None)
holidays = self.mailmodel.getuserholidays( 'test.a', 'example.co.uk')
self.assertEqual(holidays, None)
# Check setting of holdiday to current
now = datetime.now()
tendays = now + timedelta (days =10)
#Add holiday
param_dict = {'mode':1,
'username':'******',
'domain':'example.co.uk',
'hstart':now,
'hend':tendays,
'message':"current message",
'id':-1,
'b_default':False}
result = self.mailmodel.manageholiday(**param_dict)
self.assertNotEqual(result, None)
b_holset = self.eximmodel.setholidays()
self.assertEqual(b_holset, 1)
holmessage = self.mailmodel.getcurrentholiday('test.a','example.co.uk')
self.assertNotEqual(holmessage, None)
self.assertEqual(holmessage.message, 'current message')
# Remove current holiday
param_dict = {'mode':2,
'username':'******',
'domain':'example.co.uk',
'hstart':None,
'hend':None,
'message':None,
'id':None}
result = self.mailmodel.removeleave(**param_dict)
user = self.adminmodel.getuser('test.a', 'example.co.uk')
self.assertNotEqual(user, None)
self.assertEqual(user.status,1)
# Test leaver
# Create a user
params = {'mode': 1,
'userid': 'leaver',
'password': '******',
'home': '/home/mailstore/',
'domain': 'example.co.uk',
'uid': 1001,
'gid': 1001,
'status': 1,
'typer':'Person',
'role':"",
'fullname':'Leaver',
'notes':None
}
# add the user
useradded = self.adminmodel.manageuser(params)
# Check user added
self.assertNotEqual(useradded, False)
# set user to leaver
params = {'mode': 1,
'userid': 'leaver',
'domain': 'example.co.uk',
'leavedate': now,
'message': 'This person has left'
}
result = self.eximmodel.manageleaver(params)
self.assertNotEqual(result, None)
message = self.eximmodel.getleavermessage('leaver','example.co.uk')
self.assertNotEqual(message,None)
self.assertEqual(message,'This person has left')
# unset user to leaver
params = {'mode': 2,
'userid': 'leaver',
'domain': 'example.co.uk',
'leavedate':None,
'message':None
}
result = self.eximmodel.manageleaver(params)
self.assertNotEqual(result, None)
# Check changed reflected in users
user = self.adminmodel.getuser('test.a', 'example.co.uk')
self.assertNotEqual(result, None)
self.assertEqual(user.status,1)
def test_exim(self):
''' This test case ensures that the exim functions used are
working properly'''
active_user = self.eximmodel.getactiveuser('test.a','example.co.uk')
self.assertNotEqual(active_user, None)
self.assertEqual(active_user.userid,'test.a')
holiday_user = self.eximmodel.getactiveuser('test.a','example.co.uk')
self.assertNotEqual(holiday_user, None)
self.assertEqual(holiday_user.userid,'test.a')
now = datetime.now()
tendays = now + timedelta (days =10)
#Add holiday
param_dict = {'mode':1,
'username':'******',
'domain':'example.co.uk',
'hstart':now,
'hend':tendays,
'message':"current message",
'id':-1,
'b_default':False}
result = self.mailmodel.manageholiday(**param_dict)
self.assertNotEqual(result, None)
b_holset = self.eximmodel.setholidays()
self.assertEqual(b_holset, 1)
# unset user to leaver
params = {'mode': 1,
'userid': 'test.a',
'domain': 'example.co.uk',
'leavedate':now,
'message':"leaving"
}
result = self.eximmodel.manageleaver(params)
self.assertNotEqual(result, None)
leave_user = self.eximmodel.getleaveruser('test.a','example.co.uk')
self.assertNotEqual(leave_user, None)
self.assertEqual(leave_user.userid,'test.a')
params = {'userid': 'test.a',
'domain': 'example.co.uk'}
result = self.eximmodel.manageactiveusers(params)
self.assertNotEqual(result, None)
active_user = self.adminmodel.getuser('test.a','example.co.uk')
self.assertNotEqual(active_user, None)
self.assertEqual(active_user.status,1)
def tearDown(self):
query = "DELETE FROM users;"
self.adminmodel.executequery(query)
query = "DELETE FROM domains;"
self.adminmodel.executequery(query)
