Example #1
0
    def test_get_user(self):
        user = add_user(self.session,
                        role=UserRole,
                        email='*****@*****.**',
                        firstname='User')
        user2 = add_user(self.session,
                         role=UserRole,
                         email='*****@*****.**',
                         firstname='User')
        admin = add_user(self.session,
                         role=Administrator,
                         email='*****@*****.**',
                         firstname='Admin')
        req = dummy_request(self.session)
        req.matchdict = {}

        with self.assertRaises(exc.HTTPBadRequest):
            get_user_view(req)
        req.matchdict['id'] = user.id
        self.config.testing_securitypolicy(userid=user2.id, permissive=True)
        with self.assertRaises(exc.HTTPForbidden):
            get_user_view(req)
        self.config.testing_securitypolicy(userid=admin.id, permissive=True)
        req.matchdict['id'] = 100
        with self.assertRaises(exc.HTTPNotFound):
            get_user_view(req)

        req.matchdict['id'] = user.id
        resp = get_user_view(req)
        self.assertEqual(resp, user.as_dict())
    def test_edit_collection(self):
        user1 = add_user(self.session, role=User, email='*****@*****.**', firstname='User1')
        user2 = add_user(self.session, role=User, email='*****@*****.**', firstname='User2')

        collection = add_collection(self.session, 'Collection', 'Description', users=[user1])
        self.assertEqual(collection.users[0], user1)

        req = dummy_request(self.session)
        req.matchdict = {}

        with self.assertRaises(exc.HTTPBadRequest):
            req.json_body = {}
            edit_collection(req)
        with self.assertRaises(exc.HTTPNotFound):
            req.matchdict['id'] = 100
            req.json_body = {'title': 'Edited title', 'description': 'Edited description', 'users': [user2.as_dict()]}
            edit_collection(req)
        with self.assertRaises(exc.HTTPBadRequest):
            req.matchdict['id'] = collection.id
            req.json_body = {'description': 'Description'}
            edit_collection(req)

        req.json_body = {'title': 'Edited title', 'description': 'Edited description', 'users': [user2.as_dict()]}
        resp = edit_collection(req)
        self.assertEqual(resp['title'], 'Edited title')
        self.assertEqual(resp['users'][0], user2.as_dict())
    def test_edit_dashboard_view(self):
        collection = Collection(title='Title')
        self.session.add(collection)
        self.session.flush()
        user = add_user(self.session)
        dashboard = add_dashboard(self.session, title='Test title')
        req = dummy_request(self.session)

        with self.assertRaises(exc.HTTPBadRequest):
            edit_dashboard_view(req)

        req.matchdict = {'id': dashboard.id}
        req.json_body = {
            'title': 'Edit title',
            'description': 'Description',
            'collection_id': collection.id,
            'type': 'new',
            'content': '<h1>Hello world!</h1>',
            'users': [user.as_dict()]
        }
        dashboard = edit_dashboard_view(req)
        self.assertEqual(dashboard['title'], 'Edit title')
        self.assertEqual(dashboard['description'], 'Description')
        self.assertEqual(dashboard['type'], 'new')
        self.assertEqual(dashboard['content'], '<h1>Hello world!</h1>')
        self.assertEqual(dashboard['users'][0], user.as_dict())
    def test_create_dashboard_in_collection(self):
        collection = Collection(title='Title')
        self.session.add(collection)
        self.session.flush()
        user = add_user(self.session)
        req = dummy_request(self.session)
        req.json_body = {
            'title': 'Title',
            'description': 'Description',
            'collection_id': collection.id,
            'users': [user.as_dict()]
        }
        resp = create_dashboard_view(req)
        self.assertEqual(resp['title'], 'Title')
        self.assertEqual(resp['collection_id'], collection.id)
        self.assertEqual(resp['index'], 0)
        self.assertEqual(resp['users'][0], user.as_dict())

        req.json_body = {
            'title': 'Title',
            'description': 'Description',
            'collection_id': collection.id
        }
        resp = create_dashboard_view(req)
        self.assertEqual(resp['index'], 1)
    def test_list_dashboards_view(self):
        user = add_user(self.session)
        self.config.testing_securitypolicy(userid=user.id, permissive=True)
        add_dashboard(self.session, title='Dashboard 1')
        add_dashboard(self.session, title='Dashboard 2')
        add_dashboard(self.session, title='Dashboard 3', users=[user])

        collection = Collection(title='Title')
        self.session.add(collection)
        self.session.flush()
        add_dashboard(self.session,
                      title='Dashboard 4',
                      collection_id=collection.id)
        add_dashboard(self.session,
                      title='Dashboard 5',
                      collection_id=collection.id,
                      users=[user])
        req = dummy_request(self.session)
        req.params = {}
        dashboards = list_dashboards_view(req)
        self.assertEqual(len(dashboards), 5)

        req.params = {'collection_id': None}
        dashboards = list_dashboards_view(req)
        self.assertEqual(len(dashboards), 3)

        req.params = {'collection_id': collection.id}
        dashboards = list_dashboards_view(req)
        self.assertEqual(len(dashboards), 2)

        req.params = {'user_id': True}
        dashboards = list_dashboards_view(req)
        self.assertEqual(len(dashboards), 2)
    def test_paste_dashboard_view(self):
        collection = Collection(title='Collection 1')
        self.session.add(collection)
        self.session.flush()
        collection_id = collection.id
        collection2 = Collection(title='Collection 2')
        self.session.add(collection2)
        self.session.flush()
        collection2_id = collection2.id
        data_source = DataSource(name='Data source')
        self.session.add(data_source)
        self.session.flush()

        user = add_user(self.session)
        dashboard = add_dashboard(self.session,
                                  title='Test title',
                                  collection_id=collection.id,
                                  users=[user])
        dashboard_id = dashboard.id
        self.session.add(
            Variable(name='Variable', value='V', dashboard_id=dashboard.id))
        self.session.add(
            Chart(title='Chart',
                  data_source_id=data_source.id,
                  dashboard_id=dashboard.id))
        self.session.add(
            Chart(title='Chart',
                  data_source_id=data_source.id,
                  dashboard_id=dashboard.id))
        self.session.add(
            SingleStat(title='Single stat',
                       data_source_id=data_source.id,
                       dashboard_id=dashboard_id))
        self.session.add(
            Query(name="Query",
                  query="query",
                  dashboard_id=dashboard.id,
                  data_source_id=data_source.id))
        self.session.flush()

        req = dummy_request(self.session)
        req.json_body = {}
        with self.assertRaises(exc.HTTPBadRequest):
            paste_dashboard_view(req)

        req.matchdict = {'id': dashboard_id}
        req.json_body = {'collection_id': collection_id}
        dashboard = paste_dashboard_view(req)
        self.assertEqual(dashboard['title'], 'Copy of Test title')
        self.assertEqual(len(dashboard['variables']), 1)

        req.matchdict = {'id': dashboard_id}
        req.json_body = {'collection_id': collection2_id}
        dashboard = paste_dashboard_view(req)
        self.assertEqual(dashboard['title'], 'Test title')

        dashboard = self.session.query(Dashboard).get(dashboard['id'])
        self.assertEqual(dashboard.queries[0].name, "Query")
    def test_create_collection(self):
        admin = add_user(self.session, role=Administrator, firstname='Admin')
        user1 = add_user(self.session, role=User, email='*****@*****.**', firstname='User1')
        self.config.testing_securitypolicy(userid=admin.id, permissive=True)

        req = dummy_request(self.session)
        req.json_body = {}
        with self.assertRaises(exc.HTTPBadRequest):
            create_collection(req)

        req.json_body = {'title': 'Collection',
                         'description': 'Description',
                         'users': [user1.as_dict()]}
        collection = create_collection(req)

        self.assertIsNotNone(collection['id'])
        self.assertEqual(collection['title'], 'Collection')
        self.assertEqual(len(collection['users']), 2)
    def test_paste_collection(self):
        user1 = add_user(self.session, role=User, email='*****@*****.**', firstname='User1')
        user2 = add_user(self.session, role=User, email='*****@*****.**', firstname='User2')

        collection = add_collection(self.session, 'Collection', 'Description', users=[user1, user2])
        add_dashboard(self.session, 'Dash', 'Dashboard', collection_id=collection.id)
        collection_id = collection.id

        req = dummy_request(self.session)
        req.json_body = {}
        with self.assertRaises(exc.HTTPBadRequest):
            paste_collection_view(req)

        req.matchdict['id'] = collection_id
        pasted = paste_collection_view(req)
        self.assertEqual(pasted['title'], 'Copy of Collection')
        self.assertEqual(len(pasted['users']), len(collection.users))

        pasted = paste_collection_view(req)
        self.assertEqual(pasted['title'], 'Copy of Collection (2)')
        pasted = paste_collection_view(req)
        self.assertEqual(pasted['title'], 'Copy of Collection (3)')
    def test_get_collection(self):
        user1 = add_user(self.session, role=User, email='*****@*****.**', firstname='User1')
        user2 = add_user(self.session, role=User, email='*****@*****.**', firstname='User2')

        collection = add_collection(self.session, 'Collection', 'Description', users=[user1, user2])
        dash = add_dashboard(self.session, 'Dash', 'Dashboard', collection_id=collection.id)

        req = dummy_request(self.session)
        req.matchdict = {}

        with self.assertRaises(exc.HTTPBadRequest):
            get_collection_view(req)

        with self.assertRaises(exc.HTTPNotFound):
            req.matchdict['id'] = 100
            get_collection_view(req)

        req.matchdict['id'] = collection.id
        resp = get_collection_view(req)

        self.assertEqual(resp['id'], collection.id)
        self.assertEqual(resp['title'], 'Collection')
        self.assertEqual(resp['dashboards'][0], dash.as_dict())
    def test_list_collections(self):
        admin = add_user(self.session, role=Administrator, firstname='Admin')
        user1 = add_user(self.session, role=User, email='*****@*****.**', firstname='User1')
        user2 = add_user(self.session, role=User, email='*****@*****.**', firstname='User2')
        user3 = add_user(self.session, role=User, email='*****@*****.**', firstname='User3')

        ca = add_collection(self.session, 'Collection A', 'Weather stats', users=[user1, user2])
        cada = add_dashboard(self.session, 'Dash CAA', 'Dashboard CAA', collection_id=ca.id)
        cadb = add_dashboard(self.session, 'Dash CAB', 'Dashboard CAB', collection_id=ca.id)
        cb = add_collection(self.session, 'Collection B', 'Temperature stats', users=[user3])
        cbda = add_dashboard(self.session, 'Dash CBA', 'Dashboard CBA', collection_id=cb.id)
        cbdb = add_dashboard(self.session, 'Dash CBB', 'Dashboard CBB', collection_id=cb.id)

        req = dummy_request(self.session)
        req.params = {}

        self.config.testing_securitypolicy(userid=admin.id, permissive=True)
        lst = list_collections(req)
        self.assertEqual(lst, [ca.as_dict(), cb.as_dict()])

        self.config.testing_securitypolicy(userid=user1.id, permissive=True)
        lst = list_collections(req)
        self.assertEqual(lst, [ca.as_dict()])

        self.config.testing_securitypolicy(userid=user2.id, permissive=True)
        lst = list_collections(req)
        self.assertEqual(lst, [ca.as_dict()])

        self.config.testing_securitypolicy(userid=user3.id, permissive=True)
        lst = list_collections(req)
        self.assertEqual(lst, [cb.as_dict()])

        req.params = {'list_dashboards': True}
        lst = list_collections(req)
        collection = cb.as_dict()
        collection['dashboards'] = [cbda.as_dict(), cbdb.as_dict()]
        self.assertEqual(lst, [collection])
Example #11
0
    def test_delete_user(self):
        user = add_user(self.session,
                        role=UserRole,
                        email='*****@*****.**',
                        firstname='User')
        req = dummy_request(self.session)
        req.matchdict = {}

        with self.assertRaises(exc.HTTPBadRequest):
            delete_user(req)
        req.matchdict['id'] = 100
        with self.assertRaises(exc.HTTPNotFound):
            delete_user(req)

        req.matchdict['id'] = user.id
        delete_user(req)

        with self.assertRaises(exc.HTTPNotFound):
            delete_user(req)
 def test_add_collection(self):
     """ Test add a collection """
     dashboard = add_dashboard(self.session, 'Dashboard')
     user = add_user(self.session)
     collection = Collection(title="Collection", description="Description")
     collection.dashboards.append(dashboard)
     collection.users.append(user)
     self.session.add(collection)
     self.session.flush()
     collection_id = collection.id
     collection = self.session.query(Collection).get(collection_id)
     self.assertIsNotNone(collection.id)
     self.assertEqual(collection.title, 'Collection')
     self.assertEqual(collection.description, 'Description')
     self.assertEqual(collection.dashboards[0], dashboard)
     self.assertEqual(collection.users[0], user)
     self.assertEqual(
         collection.__repr__(),
         'Collection<id: %s, title: "Collection">' % collection_id)
    def test_as_dict(self):
        """ Test as_dict method """
        user = add_user(self.session)
        collection = Collection(title="Collection", description="Description")
        collection.users.append(user)
        self.session.add(collection)
        self.session.flush()
        collection_id = collection.id
        collection = self.session.query(Collection).get(collection_id)

        self.assertEqual(
            collection.as_dict(), {
                'id': collection.id,
                'title': "Collection",
                'description': "Description",
                'users': [
                    user.as_dict(),
                ],
                'image': None
            })
    def test_set_new_password(self):
        mock_otp()
        add_roles_and_permissions(self.session)
        req = dummy_request(self.session)
        user = add_user(self.session)
        req.json_body = {'application_url': '/'}

        secrets = generate_and_send_otp(req, user)
        otp = self.session.query(OTP).filter(OTP.user_id == user.id).first()

        req.json_body = {
            'user_id': user.id,
            'password': '******',
            'otp': otp.otp,
            'secret': secrets.get('emailsecret'),
        }

        response = set_new_password(req)
        user = get_user(user_id=response.get('id'))
        self.assertTrue(user.validate_password('new_password'))
Example #15
0
    def test_list_users(self):
        add_user(self.session,
                 role=UserRole,
                 email='*****@*****.**',
                 firstname='User')
        add_user(self.session,
                 role=UserRole,
                 email='*****@*****.**',
                 firstname='User',
                 surname='Filter')
        user = add_user(self.session,
                        role=UserRole,
                        email='*****@*****.**',
                        firstname='User3')
        user.inactive = True
        add_user(self.session, role=Administrator, firstname='Admin')

        req = dummy_request(self.session)
        users = list_users(req)
        self.assertEqual(len(users), 4)

        # TODO no concat function in sqlite

        req.params = {'role': UserRole}
        users = list_users(req)
        self.assertEqual(len(users), 3)
        req.params = {'name': 'User'}
        users = list_users(req)
        self.assertEqual(len(users), 3)
        req.params = {'name': 'Admin'}
        users = list_users(req)
        self.assertEqual(len(users), 1)
        req.params = {'search': 'Fil'}
        users = list_users(req)
        self.assertEqual(len(users), 1)
        req.params = {'inactive': True}
        users = list_users(req)
        self.assertEqual(len(users), 1)
Example #16
0
    def test_edit_user(self):
        """  Test edit a user """
        user = add_user(self.session,
                        role='User',
                        firstname='Henry',
                        surname='Jones',
                        telephone='098111222',
                        address='1 Never road, Never Never Land',
                        password='******',
                        email='*****@*****.**')
        user1 = add_user(self.session,
                         email='*****@*****.**',
                         telephone='00000')
        self.session.add(user)
        self.session.flush()
        self.assertIsNotNone(user.id)
        self.config.testing_securitypolicy(userid=user.id, permissive=True)
        req = dummy_request(self.session)
        req.matchdict = {}
        req.json_body = {}
        with self.assertRaises(exc.HTTPBadRequest):
            edit_user(req)
        req.matchdict = {'id': 100}
        req.json_body = {
            'firstname': 'Sarah',
            'surname': 'Johnson',
            'telephone': '021888000',
            'address': '1 New road',
            'password': '******',
            # 'email': '*****@*****.**',
            'role': 'Administrator'
        }
        with self.assertRaises(exc.HTTPNotFound):
            edit_user(req)
        req.matchdict = {'id': user.id}
        with self.assertRaises(exc.HTTPBadRequest):
            edit_user(req)
        req.json_body = {
            # 'firstname': 'Sarah',
            # 'surname': 'Johnson',
            'telephone': '021888000',
            'address': '1 New road',
            'password': '******',
            'email': '*****@*****.**',
            'role': 'Administrator'
        }
        with self.assertRaises(exc.HTTPBadRequest):
            edit_user(req)
        req.json_body = {
            'firstname': 'Sarah',
            'surname': 'Johnson',
            'telephone': '021888000',
            'address': '1 New road',
            'password': '******',
            'email': '*****@*****.**',
            # 'role': 'Administrator'
        }
        with self.assertRaises(exc.HTTPBadRequest):
            edit_user(req)
        req.json_body = {
            'firstname': 'Sarah',
            'surname': 'Johnson',
            'telephone': '00000',
            'address': '1 New road',
            'password': '******',
            'email': '*****@*****.**',
            'role': 'Administrator'
        }

        req.json_body = {
            'firstname': 'Sarah',
            'surname': 'Johnson',
            'telephone': '00000',
            'address': '1 New road',
            'password': '******',
            'email': '*****@*****.**',
            'role': 'Administrator'
        }
        req.json_body = {
            'firstname': 'Sarah',
            'surname': 'Johnson',
            'telephone': '021888000',
            'address': '1 New road',
            'password': '******',
            'email': '*****@*****.**',
            'role': 'Administrator'
        }
        with self.assertRaises(exc.HTTPBadRequest):
            edit_user(req)

        req.json_body = {
            'firstname': 'Sarah',
            'surname': 'Johnson',
            'telephone': '021888000',
            'address': '1 New road',
            'password': '******',
            'email': '*****@*****.**',
            'role': 'Administrator'
        }
        edit_user(req)
        self.assertEqual(user.firstname, req.json_body['firstname'])
        self.assertEqual(user.surname, req.json_body['surname'])
        self.assertEqual(user.telephone, req.json_body['telephone'])
        self.assertEqual(user.email, req.json_body['email'])
        self.assertEqual(user.address, req.json_body['address'])
        self.assertEqual(user.roles[0].name, req.json_body['role'])
        self.assertTrue(user.validate_password(req.json_body['password']))
    def test_user_login(self):
        mock_otp()
        user = add_user(self.session, email='*****@*****.**', password='******')
        user2 = add_user(self.session, email='*****@*****.**', telephone='02188911', password='******')
        req = dummy_request(self.session)
        req.method = 'POST'

        with self.assertRaises(exc.HTTPBadRequest):
            req.json_body = {}
            login(req)

        # Attempt to login to account with no password set
        with self.assertRaises(exc.HTTPBadRequest):
            req.json_body = {
                'email': user2.email,
                'application_url': '/'
            }
            login(req)

        # Attempt successful login
        req.json_body = {
            'email': user2.email,
            'password': '******'
        }
        response = login(req)
        self.assertIsNotNone(response.get('access_token'))

        # Check that log in with email is case insensitive
        req.json_body = {
            'email': user2.email.upper(),
            'password': '******'
        }
        response = login(req)
        self.assertIsNotNone(response.get('access_token'))

        # Attempt to login to invalid account
        user3 = add_user(self.session, email='*****@*****.**', password='******', confirmed_registration=False)
        req.json_body = {
            'email': user3.email,
            'application_url': '/'
        }
        response = login(req)
        self.assertEqual(response.get('message'),
                         'You have not yet confirmed your account. Please check your email for further instructions.')

        # Validate account
        otp = self.session.query(OTP).filter(OTP.user_id == user3.id).first()
        req.json_body = {'otp': otp.otp, 'secret': response.get('secrets').get('emailsecret')}
        response = confirm_otp_registration(req)
        self.assertIsNotNone(response.get('id'))
        user3 = get_user(user_id=response.get('id'))
        self.assertEqual(user3.confirmed_registration, True)

        # Attempt missing password login
        req.json_body = {
            'email': user.email,
            'password': ''
        }
        with self.assertRaises(exc.HTTPBadRequest):
            login(req)

        # Attempt wrong password login
        req.json_body = {
            'email': user.email,
            'password': '******'
        }
        with self.assertRaises(exc.HTTPBadRequest):
            login(req)

        # Attempt successful login
        req.json_body = {
            'email': user.email,
            'password': '******'
        }
        response = login(req)
        self.assertEqual(response.get('id'), user.id)
        self.assertEqual(response.get('firstname'), user.firstname)
        self.assertEqual(response.get('surname'), user.surname)

        # Attempt login with case insensitive email
        req.json_body = {
            'email': '*****@*****.**',
            'password': '******'
        }
        response = login(req)
        self.assertEqual(response.get('id'), user.id)
 def test_has_role(self):
     admin = add_user(self.session, Administrator)
     self.assertTrue(admin.has_role(Administrator))
     self.assertFalse(admin.has_role(User))