def test_acc_get_uid_from_request(self):
        """webapikey - Login user from request using REST key"""
        path = '/search'
        params = 'ln=es&sc=1&c=Articles & Preprints&action_search=Buscar&p=ellis'

        self.assertEqual(0, len(web_api_key.show_web_api_keys(uid=self.id_admin)))
        web_api_key.create_new_web_api_key(self.id_admin, "Test key I")

        key_info = run_sql("SELECT id FROM webapikey WHERE id_user=%s", (self.id_admin,))
        url = web_api_key.build_web_request(path, params, api_key=key_info[0][0])
        url = string.split(url, '?')
        uid = web_api_key.acc_get_uid_from_request(url[0], url[1])
        self.assertEqual(uid, self.id_admin)

        url = web_api_key.build_web_request(path, params, api_key=key_info[0][0])
        url += "123" # corrupt the key
        url = string.split(url, '?')
        uid = web_api_key.acc_get_uid_from_request(url[0], url[1])
        self.assertEqual(uid, -1)

        path = '/bad'
        uid = web_api_key.acc_get_uid_from_request(path, "")
        self.assertEqual(uid, -1)
        params = { 'nocache': 'yes', 'limit': 123 }
        url = web_api_key.build_web_request(path, params, api_key=key_info[0][0])
        url = string.split(url, '?')
        uid = web_api_key.acc_get_uid_from_request(url[0], url[1])
        self.assertEqual(uid, -1)

        run_sql("DELETE FROM webapikey")
Example #2
0
    def test_create_remove_show_key(self):
        """apikey - create/list/delete REST key"""
        self.assertEqual(0,
                         len(web_api_key.show_web_api_keys(uid=self.id_admin)))
        web_api_key.create_new_web_api_key(self.id_admin, "Test key I")
        web_api_key.create_new_web_api_key(self.id_admin, "Test key II")
        web_api_key.create_new_web_api_key(self.id_admin, "Test key III")
        web_api_key.create_new_web_api_key(self.id_admin, "Test key IV")
        web_api_key.create_new_web_api_key(self.id_admin, "Test key V")
        self.assertEqual(5,
                         len(web_api_key.show_web_api_keys(uid=self.id_admin)))
        self.assertEqual(
            5,
            len(
                web_api_key.show_web_api_keys(uid=self.id_admin,
                                              diff_status='')))
        keys_info = web_api_key.show_web_api_keys(uid=self.id_admin)
        web_api_key.mark_web_api_key_as_removed(keys_info[0][0])
        self.assertEqual(4,
                         len(web_api_key.show_web_api_keys(uid=self.id_admin)))
        self.assertEqual(
            5,
            len(
                web_api_key.show_web_api_keys(uid=self.id_admin,
                                              diff_status='')))

        run_sql("UPDATE webapikey SET status='WARNING' WHERE id=%s",
                (keys_info[1][0], ))
        run_sql("UPDATE webapikey SET status='REVOKED' WHERE id=%s",
                (keys_info[2][0], ))

        self.assertEqual(4,
                         len(web_api_key.show_web_api_keys(uid=self.id_admin)))
        self.assertEqual(
            5,
            len(
                web_api_key.show_web_api_keys(uid=self.id_admin,
                                              diff_status='')))

        run_sql("DELETE FROM webapikey")
    def test_create_remove_show_key(self):
        """apikey - create/list/delete REST key"""
        self.assertEqual(0, len(web_api_key.show_web_api_keys(uid=self.id_admin)))
        web_api_key.create_new_web_api_key(self.id_admin, "Test key I")
        web_api_key.create_new_web_api_key(self.id_admin, "Test key II")
        web_api_key.create_new_web_api_key(self.id_admin, "Test key III")
        web_api_key.create_new_web_api_key(self.id_admin, "Test key IV")
        web_api_key.create_new_web_api_key(self.id_admin, "Test key V")
        self.assertEqual(5, len(web_api_key.show_web_api_keys(uid=self.id_admin)))
        self.assertEqual(5, len(web_api_key.show_web_api_keys(uid=self.id_admin, diff_status='')))
        keys_info = web_api_key.show_web_api_keys(uid=self.id_admin)
        web_api_key.mark_web_api_key_as_removed(keys_info[0][0])
        self.assertEqual(4, len(web_api_key.show_web_api_keys(uid=self.id_admin)))
        self.assertEqual(5, len(web_api_key.show_web_api_keys(uid=self.id_admin,diff_status='')))

        run_sql("UPDATE webapikey SET status='WARNING' WHERE id=%s", (keys_info[1][0],))
        run_sql("UPDATE webapikey SET status='REVOKED' WHERE id=%s", (keys_info[2][0],))

        self.assertEqual(4, len(web_api_key.show_web_api_keys(uid=self.id_admin)))
        self.assertEqual(5, len(web_api_key.show_web_api_keys(uid=self.id_admin, diff_status='')))

        run_sql("DELETE FROM webapikey")
Example #4
0
    def test_acc_get_uid_from_request(self):
        """webapikey - Login user from request using REST key"""
        path = '/search'
        params = 'ln=es&sc=1&c=Articles & Preprints&action_search=Buscar&p=ellis'

        self.assertEqual(0,
                         len(web_api_key.show_web_api_keys(uid=self.id_admin)))
        web_api_key.create_new_web_api_key(self.id_admin, "Test key I")

        key_info = run_sql("SELECT id FROM webapikey WHERE id_user=%s",
                           (self.id_admin, ))
        url = web_api_key.build_web_request(path,
                                            params,
                                            api_key=key_info[0][0])
        url = string.split(url, '?')
        uid = web_api_key.acc_get_uid_from_request(url[0], url[1])
        self.assertEqual(uid, self.id_admin)

        url = web_api_key.build_web_request(path,
                                            params,
                                            api_key=key_info[0][0])
        url += "123"  # corrupt the key
        url = string.split(url, '?')
        uid = web_api_key.acc_get_uid_from_request(url[0], url[1])
        self.assertEqual(uid, -1)

        path = '/bad'
        uid = web_api_key.acc_get_uid_from_request(path, "")
        self.assertEqual(uid, -1)
        params = {'nocache': 'yes', 'limit': 123}
        url = web_api_key.build_web_request(path,
                                            params,
                                            api_key=key_info[0][0])
        url = string.split(url, '?')
        uid = web_api_key.acc_get_uid_from_request(url[0], url[1])
        self.assertEqual(uid, -1)

        run_sql("DELETE FROM webapikey")
Example #5
0
def perform_set(email, ln, can_config_bibcatalog=False,
                can_config_profiling=False, verbose=0, csrf_token=''):
    """Perform_set(email,password): edit your account parameters, email and
    password.
    If can_config_bibcatalog is True, show the bibcatalog dialog (if configured).
    """

    try:
        res = run_sql("SELECT id, nickname FROM user WHERE email=%s", (email,))
        uid = res[0][0]
        nickname = res[0][1]
    except IndexError:
        uid = 0
        nickname = ""

    CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS_LOCAL = CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS
    prefs = get_user_preferences(uid)
    if prefs['login_method'] in CFG_EXTERNAL_AUTHENTICATION and CFG_EXTERNAL_AUTHENTICATION[prefs['login_method']] is not None:
        CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS_LOCAL = 3

    out = websession_templates.tmpl_user_preferences(
             ln = ln,
             email = email,
             email_disabled = (CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS_LOCAL >= 2),
             password_disabled = (CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS_LOCAL >= 3),
             nickname = nickname,
             csrf_token = csrf_token
           )
    if len(CFG_EXTERNAL_AUTHENTICATION) > 1:
        try:
            uid = run_sql("SELECT id FROM user where email=%s", (email,))
            uid = uid[0][0]
        except IndexError:
            uid = 0
        current_login_method = prefs['login_method']
        methods = CFG_EXTERNAL_AUTHENTICATION.keys()

        # Filtering out methods that don't provide user_exists to check if
        # a user exists in the external auth method before letting him/her
        # to switch.

        for method in methods:
            if CFG_EXTERNAL_AUTHENTICATION[method] is not None:
                try:
                    if not CFG_EXTERNAL_AUTHENTICATION[method].user_exists(email):
                        methods.remove(method)
                except (AttributeError, InvenioWebAccessExternalAuthError, NotImplementedError):
                    methods.remove(method)
        methods.sort()

        if len(methods) > 1:
            out += websession_templates.tmpl_user_external_auth(
                    ln = ln,
                    methods = methods,
                    current = current_login_method,
                    method_disabled = (CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS >= 4),
                    csrf_token = csrf_token,
                )

    current_group_records = prefs.get('websearch_group_records', 10)
    show_latestbox = prefs.get('websearch_latestbox', True)
    show_helpbox = prefs.get('websearch_helpbox', True)
    out += websession_templates.tmpl_user_websearch_edit(
                ln = ln,
                current = current_group_records,
                show_latestbox = show_latestbox,
                show_helpbox = show_helpbox,
                csrf_token = csrf_token,
                )

    preferred_lang = prefs.get('language', ln)
    out += websession_templates.tmpl_user_lang_edit(
                ln = ln,
                preferred_lang = preferred_lang,
                csrf_token = csrf_token,
                )

    keys_info = web_api_key.show_web_api_keys(uid=uid)
    out+=websession_templates.tmpl_user_api_key(
                ln = ln,
                keys_info = keys_info,
                csrf_token = csrf_token,
                )

    #show this dialog only if the system has been configured to use a ticket system
    from invenio.config import CFG_BIBCATALOG_SYSTEM
    if CFG_BIBCATALOG_SYSTEM and can_config_bibcatalog:
        bibcatalog_username = prefs.get('bibcatalog_username', "")
        bibcatalog_password = prefs.get('bibcatalog_password', "")
        out += websession_templates.tmpl_user_bibcatalog_auth(bibcatalog_username,
                                                              bibcatalog_password, ln=ln,
                                                              csrf_token=csrf_token)

    if can_config_profiling:
        out += websession_templates.tmpl_user_profiling_settings(ln=ln,
                                                                 enable_profiling=prefs.get('enable_profiling'),
                                                                 csrf_token=csrf_token)

    if verbose >= 9:
        for key, value in prefs.items():
            out += "<b>%s</b>:%s<br />" % (key, value)
    out += perform_display_external_user_settings(prefs, ln)
    return out
Example #6
0
def perform_set(email,
                ln,
                can_config_bibcatalog=False,
                can_config_profiling=False,
                verbose=0):
    """Perform_set(email,password): edit your account parameters, email and
    password.
    If can_config_bibcatalog is True, show the bibcatalog dialog (if configured).
    """

    try:
        res = run_sql("SELECT id, nickname FROM user WHERE email=%s",
                      (email, ))
        uid = res[0][0]
        nickname = res[0][1]
    except IndexError:
        uid = 0
        nickname = ""

    CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS_LOCAL = CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS
    prefs = get_user_preferences(uid)
    if prefs[
            'login_method'] in CFG_EXTERNAL_AUTHENTICATION and CFG_EXTERNAL_AUTHENTICATION[
                prefs['login_method']] is not None:
        CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS_LOCAL = 3

    out = websession_templates.tmpl_user_preferences(
        ln=ln,
        email=email,
        email_disabled=(CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS_LOCAL >= 2),
        password_disabled=(CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS_LOCAL >= 3),
        nickname=nickname,
    )
    if len(CFG_EXTERNAL_AUTHENTICATION) > 1:
        try:
            uid = run_sql("SELECT id FROM user where email=%s", (email, ))
            uid = uid[0][0]
        except IndexError:
            uid = 0
        current_login_method = prefs['login_method']
        methods = CFG_EXTERNAL_AUTHENTICATION.keys()

        # Filtering out methods that don't provide user_exists to check if
        # a user exists in the external auth method before letting him/her
        # to switch.

        for method in methods:
            if CFG_EXTERNAL_AUTHENTICATION[method] is not None:
                try:
                    if not CFG_EXTERNAL_AUTHENTICATION[method].user_exists(
                            email):
                        methods.remove(method)
                except (AttributeError, InvenioWebAccessExternalAuthError,
                        NotImplementedError):
                    methods.remove(method)
        methods.sort()

        if len(methods) > 1:
            out += websession_templates.tmpl_user_external_auth(
                ln=ln,
                methods=methods,
                current=current_login_method,
                method_disabled=(CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS >= 4))

    current_group_records = prefs.get('websearch_group_records', 10)
    show_latestbox = prefs.get('websearch_latestbox', True)
    show_helpbox = prefs.get('websearch_helpbox', True)
    out += websession_templates.tmpl_user_websearch_edit(
        ln=ln,
        current=current_group_records,
        show_latestbox=show_latestbox,
        show_helpbox=show_helpbox,
    )

    preferred_lang = prefs.get('language', ln)
    out += websession_templates.tmpl_user_lang_edit(
        ln=ln, preferred_lang=preferred_lang)

    keys_info = web_api_key.show_web_api_keys(uid=uid)
    out += websession_templates.tmpl_user_api_key(ln=ln, keys_info=keys_info)

    #show this dialog only if the system has been configured to use a ticket system
    from invenio.config import CFG_BIBCATALOG_SYSTEM
    if CFG_BIBCATALOG_SYSTEM and can_config_bibcatalog:
        bibcatalog_username = prefs.get('bibcatalog_username', "")
        bibcatalog_password = prefs.get('bibcatalog_password', "")
        out += websession_templates.tmpl_user_bibcatalog_auth(
            bibcatalog_username, bibcatalog_password, ln=ln)

    if can_config_profiling:
        out += websession_templates.tmpl_user_profiling_settings(
            ln=ln, enable_profiling=prefs.get('enable_profiling'))

    if verbose >= 9:
        for key, value in prefs.items():
            out += "<b>%s</b>:%s<br />" % (key, value)
    out += perform_display_external_user_settings(prefs, ln)
    return out