def test_user_can_be_loaded_from_session_token(self):
self.make_participant('alice')
user = User.from_username('alice')
user.sign_in(SimpleCookie())
token = user.participant.session_token
actual = User.from_session_token(token).participant.username
assert actual == 'alice'
def test_user_from_expired_session_is_anonymous(self):
self.make_participant('alice')
user = User.from_username('alice')
user.sign_in(SimpleCookie())
token = user.participant.session_token
user.participant.set_session_expires(utcnow())
user = User.from_session_token(token)
assert user.ANON
def test_session_cookie_is_secure_if_it_should_be(self):
canonical_scheme = gratipay.canonical_scheme
gratipay.canonical_scheme = 'https'
try:
cookies = SimpleCookie()
self.make_participant('alice')
user = User.from_username('alice')
user.sign_in(cookies)
assert '; secure' in cookies[SESSION].output()
finally:
gratipay.canonical_scheme = canonical_scheme
def test_session_cookie_is_secure_if_it_should_be(self):
use_secure_cookies = gratipay.use_secure_cookies
gratipay.use_secure_cookies = True
try:
cookies = SimpleCookie()
self.make_participant('alice')
user = User.from_username('alice')
user.sign_in(cookies)
assert '; secure' in cookies[SESSION].output()
finally:
gratipay.use_secure_cookies = use_secure_cookies
def test_session_is_regularly_refreshed(self):
self.make_participant('alice')
user = User.from_username('alice')
user.sign_in(SimpleCookie())
cookies = SimpleCookie()
user.keep_signed_in(cookies)
assert SESSION not in cookies
cookies = SimpleCookie()
expires = user.participant.session_expires
user.participant.set_session_expires(expires - SESSION_REFRESH)
user.keep_signed_in(cookies)
assert SESSION in cookies
def opt_in(self, desired_username):
"""Given a desired username, return a User object.
"""
from gratipay.security.user import User
user = User.from_username(self.participant.username)
assert not user.ANON, self.participant # sanity check
if self.participant.is_claimed:
newly_claimed = False
else:
newly_claimed = True
user.participant.set_as_claimed()
try:
user.participant.change_username(desired_username)
except ProblemChangingUsername:
pass
if user.participant.is_closed:
user.participant.update_is_closed(False)
return user, newly_claimed
def opt_in(self, desired_username):
"""Given a desired username, return a User object.
"""
from gratipay.security.user import User
user = User.from_username(self.participant.username)
assert not user.ANON, self.participant # sanity check
if self.participant.is_claimed:
newly_claimed = False
else:
newly_claimed = True
user.participant.set_as_claimed()
try:
user.participant.change_username(desired_username)
except ProblemChangingUsername:
pass
if user.participant.is_closed:
user.participant.update_is_closed(False)
return user, newly_claimed
def build_wsgi_environ(self, *a, **kw):
"""Extend base class to support authenticating as a certain user.
"""
# csrf - for both anon and authenticated
csrf_token = kw.get('csrf_token', b'sotokeny')
if csrf_token:
self.cookie[b'csrf_token'] = csrf_token
kw[b'HTTP_X-CSRF-TOKEN'] = csrf_token
# user authentication
auth_as = kw.pop('auth_as', None)
if auth_as is None:
if SESSION in self.cookie:
del self.cookie[SESSION]
else:
user = User.from_username(auth_as)
user.sign_in(self.cookie)
return Client.build_wsgi_environ(self, *a, **kw)
def build_wsgi_environ(self, *a, **kw):
"""Extend base class to support authenticating as a certain user.
"""
# csrf - for both anon and authenticated
csrf_token = kw.get('csrf_token', b'sotokeny')
if csrf_token:
self.cookie[b'csrf_token'] = csrf_token
kw[b'HTTP_X-CSRF-TOKEN'] = csrf_token
# user authentication
auth_as = kw.pop('auth_as', None)
if auth_as is None:
if SESSION in self.cookie:
del self.cookie[SESSION]
else:
user = User.from_username(auth_as)
user.sign_in(self.cookie)
return Client.build_wsgi_environ(self, *a, **kw)
def build_wsgi_environ(self, *a, **kw):
"""Extend base class to support authenticating as a certain user.
"""
self.cookie.clear()
# csrf - for both anon and authenticated
csrf_token = kw.get('csrf_token', b'ThisIsATokenThatIsThirtyTwoBytes')
if csrf_token:
self.cookie[b'csrf_token'] = csrf_token
kw[b'HTTP_X-CSRF-TOKEN'] = csrf_token
# user authentication
auth_as = kw.pop('auth_as', None)
if auth_as:
user = User.from_username(auth_as)
user.sign_in(self.cookie)
for k, v in kw.pop('cookies', {}).items():
self.cookie[k] = v
return Client.build_wsgi_environ(self, *a, **kw)
def build_wsgi_environ(self, *a, **kw):
"""Extend base class to support authenticating as a certain user.
"""
self.cookie.clear()
# csrf - for both anon and authenticated
csrf_token = kw.get('csrf_token', b'ThisIsATokenThatIsThirtyTwoBytes')
if csrf_token:
self.cookie[b'csrf_token'] = csrf_token
kw[b'HTTP_X-CSRF-TOKEN'] = csrf_token
# user authentication
auth_as = kw.pop('auth_as', None)
if auth_as:
user = User.from_username(auth_as)
user.sign_in(self.cookie)
for k, v in kw.pop('cookies', {}).items():
self.cookie[k] = v
return Client.build_wsgi_environ(self, *a, **kw)
def test_user_from_bad_username_is_anonymous(self):
user = User.from_username('deadbeef')
assert user.ANON
def test_blacklisted_user_is_not_ANON(self):
self.make_participant('alice', is_suspicious=True)
alice = User.from_username('alice')
assert alice.ANON is False
def test_unreviewed_user_is_not_ANON(self):
self.make_participant('alice', is_suspicious=None)
alice = User.from_username('alice')
assert alice.ANON is False
def test_suspicious_user_from_username_is_anonymous(self):
self.make_participant('alice', is_suspicious=True)
user = User.from_username('alice')
assert user.ANON
def test_show_plural_no_members_as_team_to_self(self):
group = self.make_participant('Group', number='plural')
assert group.show_as_team(User.from_username('Group'))
def test_show_as_team_to_non_team_member(self):
self.make_participant('alice')
self.team.add_member(self.make_participant('bob', claimed_time='now'))
user = User.from_username('alice')
assert self.team.show_as_team(user)
def test_show_as_team_to_admin(self):
self.make_participant('alice', is_admin=True)
user = User.from_username('alice')
assert self.team.show_as_team(user)
def test_signed_out_user_is_anonymous(self):
self.make_participant('alice')
alice = User.from_username('alice')
assert not alice.ANON
alice.sign_out(SimpleCookie())
assert alice.ANON
def test_dont_show_plural_no_members_as_team_to_auth(self):
group = self.make_participant('Group', number='plural')
self.make_participant('alice')
assert not group.show_as_team(User.from_username('alice'))
def test_username_is_case_insensitive(self):
self.make_participant('AlIcE')
actual = User.from_username('aLiCe').participant.username_lower
assert actual == 'alice'
def test_show_plural_no_members_as_team_to_admin(self):
group = self.make_participant('Group', number='plural')
self.make_participant('Admin', is_admin=True)
assert group.show_as_team(User.from_username('Admin'))
def test_known_user_is_not_admin(self):
self.make_participant('alice')
alice = User.from_username('alice')
assert not alice.ADMIN
def test_admin_user_is_admin(self):
self.make_participant('alice', is_admin=True)
alice = User.from_username('alice')
assert alice.ADMIN
def test_suspicious_user_from_username_is_anonymous(self):
self.make_participant('alice', is_suspicious=True)
user = User.from_username('alice')
assert user.ANON
