def test_dependent_enrollments_link(db, granting_user, enrolled_user): parent_enrollment = Enrollment.create('test', None, '*****@*****.**', granting_user, actions=['read', 'update', 'delete']) dependent_enrollment_1 = Enrollment.create( 'dependent', None, '*****@*****.**', granting_user, parent_enrollment=parent_enrollment) dependent_enrollment_2 = Enrollment.create( 'dependent', None, '*****@*****.**', granting_user, parent_enrollment=parent_enrollment) db.session.commit() assert dependent_enrollment_1.state == parent_enrollment.state assert dependent_enrollment_2.state == parent_enrollment.state parent_enrollment.attach_user(enrolled_user) assert parent_enrollment.enrolled_user == enrolled_user assert parent_enrollment.state == Enrollment.LINKED assert dependent_enrollment_1.enrolled_user == enrolled_user assert dependent_enrollment_1.enrolled_user == enrolled_user assert dependent_enrollment_1.state == parent_enrollment.state assert dependent_enrollment_2.state == parent_enrollment.state
def linked_enrollment(db, granting_user, enrolled_user): enrollment = Enrollment.create('role', 'blah', enrolled_user.email, granting_user, extra_data=dict(role='test')) db.session.commit() return enrollment
def pending_accept_enrollment(db, granting_user): enrollment = Enrollment.create('role-accept', None, '*****@*****.**', granting_user, extra_data=dict(role='test')) db.session.commit() return enrollment
def get(self, external_key=None, enrollment_type=None, state=None, **kwargs): if state: state = [x.strip() for x in state.split(',')] state = [Enrollment.ENROLLMENT_STATUS_CHOICES_REVERSE.get(s, s) for s in state if s] enrollments = Enrollment.list(external_key=external_key, enrollment_type=enrollment_type, state=state) query_filter = current_enrollments.list_permission_filter enrollments = query_filter(enrollments) pagination = Pagination(current_app, db) return pagination.paginate(enrollments, self.enrollment_fields, post_query_hook=lambda l: NeverEmptyList(l))
def expired_enrollment(db, granting_user): enrollment = Enrollment.create( 'role', None, '*****@*****.**', granting_user, extra_data=dict(role='test'), expiration_interval=-1 # expired yesterday ) db.session.commit() return enrollment
def test_actions(db, granting_user): enrollment = Enrollment.create('test', None, '*****@*****.**', granting_user, actions=['read', 'update', 'delete']) db.session.commit() assert list(Enrollment.query.filter( Enrollment.actions.any('read'))) == [enrollment] assert list(Enrollment.query.filter( Enrollment.actions.any('update'))) == [enrollment] assert list(Enrollment.query.filter( Enrollment.actions.any('delete'))) == [enrollment] assert list(Enrollment.query.filter(Enrollment.actions.any('blah'))) == []
def test_create_linked_enrollment(db, granting_user, enrolled_user): enrollment = Enrollment.create('role', None, enrolled_user.email, granting_user) db.session.commit() assert enrollment.granting_email == granting_user.email assert enrollment.state == Enrollment.LINKED
def test_dependent_enrollments_enroll_revoke(db, granting_user, enrolled_user): class TestEnrollmentHandler(EnrollmentHandler): enroll_count = 0 def enroll(self, user: User, **kwargs) -> None: TestEnrollmentHandler.enroll_count += 1 def revoke(self, user: User, **kwargs) -> None: TestEnrollmentHandler.enroll_count -= 1 current_enrollments.handlers['test'] = TestEnrollmentHandler current_enrollments.handlers['dependent'] = TestEnrollmentHandler try: parent_enrollment = Enrollment.create( 'test', None, '*****@*****.**', granting_user, actions=['read', 'update', 'delete']) dependent_enrollment_1 = Enrollment.create( 'dependent', None, '*****@*****.**', granting_user, parent_enrollment=parent_enrollment) dependent_enrollment_2 = Enrollment.create( 'dependent', None, '*****@*****.**', granting_user, parent_enrollment=parent_enrollment) db.session.commit() parent_enrollment.enroll(enrolled_user) assert parent_enrollment.enrolled_user == enrolled_user assert parent_enrollment.state == Enrollment.SUCCESS assert dependent_enrollment_1.enrolled_user == enrolled_user assert dependent_enrollment_1.enrolled_user == enrolled_user assert dependent_enrollment_1.state == parent_enrollment.state assert dependent_enrollment_2.state == parent_enrollment.state assert TestEnrollmentHandler.enroll_count == 3 parent_enrollment.revoke(granting_user) assert parent_enrollment.enrolled_user == enrolled_user assert parent_enrollment.state == Enrollment.REVOKED assert dependent_enrollment_1.state == parent_enrollment.state assert dependent_enrollment_2.state == parent_enrollment.state assert TestEnrollmentHandler.enroll_count == 0 finally: current_enrollments.handlers.pop('test') current_enrollments.handlers.pop('dependent')
def test_create_enrollment(db, granting_user): enrollment = Enrollment.create('role', None, '*****@*****.**', granting_user) db.session.commit() assert enrollment.granting_email == granting_user.email assert enrollment.state == Enrollment.PENDING
def list_enrollments(external_key=None, enrollment_type=None, states=None, actions=None) -> List[Enrollment]: return Enrollment.list(external_key, enrollment_type, states, actions)
def enroll(enrollment_type: str, recipient: str, sender: User, sender_email: str = None, subject: str = None, body: str = None, email_template=None, html: bool = None, language: str = None, mode: EnrollmentMethod = EnrollmentMethod.AUTOMATIC, accept_url: str = None, reject_url: str = None, success_url: str = None, failure_url: str = None, commit=True, external_key: str = None, expiration_interval=None, actions=None, extra_data=None, parent_enrollment=None) -> Enrollment: if enrollment_type not in current_enrollments.handlers: raise AttributeError( f'Unknown enrollment {enrollment_type}. Registered enrollment types: {list(current_enrollments.handlers.keys())}' ) if not recipient: raise AttributeError('Enrollment recipient must not be empty') if not sender: raise AttributeError('Enrollment sender must not be empty') db_enrollment = Enrollment.create(enrollment_type=enrollment_type, external_key=external_key, enrolled_email=recipient, granting_user=sender, granting_email=sender_email, accept_url=accept_url, reject_url=reject_url, success_url=success_url, failure_url=failure_url, expiration_interval=expiration_interval, actions=actions, extra_data=extra_data or {}, parent_enrollment=parent_enrollment) if parent_enrollment: parent_enrollment.process_dependent_enrollment(db_enrollment) if commit: db.session.commit() return db_enrollment handler = db_enrollment.handler tmpl = handler.email_template if tmpl: subject = subject or tmpl.get('subject') body = body or tmpl.get('body') html = html if html is not None else tmpl.get('html') if email_template: tmpl = current_app.config['OAREPO_ENROLLMENT_MAIL_TEMPLATES'][ email_template] subject = subject or tmpl.get('subject') body = body or tmpl.get('body') html = html if html is not None else tmpl.get('html') if not subject and body or not body and subject: raise AttributeError( 'Subject and body must not be empty (or both empty in some circumstances, see the readme)' ) try: if db_enrollment.state == Enrollment.LINKED: if mode == EnrollmentMethod.SKIP_EMAIL: # enroll the user automatically, do not send email try: return db_enrollment.enroll(db_enrollment.enrolled_user) finally: if commit: db.session.commit() elif mode == EnrollmentMethod.AUTOMATIC: # enroll the user automatically and send email try: db_enrollment.enroll(db_enrollment.enrolled_user) except: if commit: db.session.commit() raise if not subject or not body: return db_enrollment _send_enrollment_mail(subject, body, db_enrollment, language, html, extra_data or {}) except: db_enrollment.revoke(current_user) raise finally: if commit: db.session.commit() return db_enrollment