def test_new_wrong_user(self):
# First we add a Dataset with user 'test_new'
user = Account.by_name('test_new')
assert user.api_key == 'd0610659-627b-4403-8b7f-6e2820ebc95d'
u = url(controller='api/version2', action='create')
params = {
'metadata':
'https://dl.dropbox.com/u/3250791/sample-openspending-model.json',
'csv_file':
'http://mk.ucant.org/info/data/sample-openspending-dataset.csv'
}
apikey_header = 'apikey {0}'.format(user.api_key)
response = self.app.post(u, params, {'Authorization': apikey_header})
assert "200" in response.status
assert Dataset.by_name('openspending-example')
# After that we try to update the Dataset with user 'test_new2'
user = Account.by_name('test_new2')
assert user.api_key == 'c011c340-8dad-419c-8138-1c6ded86ead5'
u = url(controller='api/version2', action='create')
params = {
'metadata':
'https://dl.dropbox.com/u/3250791/sample-openspending-model.json',
'csv_file':
'http://mk.ucant.org/info/data/sample-openspending-dataset.csv'
}
apikey_header = 'apikey {0}'.format(user.api_key)
response = self.app.post(u,
params, {'Authorization': apikey_header},
expect_errors=True)
assert '403' in response.status
def test_new_wrong_user(self):
# First we add a Dataset with user 'test_new'
user = Account.by_name('test_new')
assert user.api_key == 'd0610659-627b-4403-8b7f-6e2820ebc95d'
u = url(controller='api/version2', action='create')
params = {
'metadata':
'https://dl.dropbox.com/u/3250791/sample-openspending-model.json',
'csv_file':
'http://mk.ucant.org/info/data/sample-openspending-dataset.csv'
}
apikey_header = 'apikey {0}'.format(user.api_key)
response = self.app.post(u, params, {'Authorization':apikey_header})
#Dataset.by_name('openspending-example').private = False
assert "200" in response.status
assert Dataset.by_name('openspending-example')
# After that we try to update the Dataset with user 'test_new2'
user = Account.by_name('test_new2')
assert user.api_key == 'c011c340-8dad-419c-8138-1c6ded86ead5'
u = url(controller='api/version2', action='create')
params = {
'metadata':
'https://dl.dropbox.com/u/3250791/sample-openspending-model.json',
'csv_file':
'http://mk.ucant.org/info/data/sample-openspending-dataset.csv'
}
apikey_header = 'apikey {0}'.format(user.api_key)
response = self.app.post(u, params, {'Authorization':apikey_header},
expect_errors=True)
assert '403' in response.status
def shell_account():
account = Account.by_name(SHELL_USER)
if account is not None:
return account
account = Account()
account.name = SHELL_USER
db.session.add(account)
return account
def shell_account():
account = Account.by_name(SHELL_USER)
if account is not None:
return account
account = Account()
account.name = SHELL_USER
db.session.add(account)
return account
def test_settings(self, model_mock, update_mock):
account = Account()
account.name = 'mockaccount'
db.session.add(account)
db.session.commit()
model_mock.return_value = account
update_mock.return_value = True
response = self.app.get(url(controller='account', action='settings'),
extra_environ={'REMOTE_USER': '******'})
def make_account(name='test', fullname='Test User', email='*****@*****.**'):
from openspending.model import Account
account = Account()
account.name = name
account.fullname = fullname
account.email = email
db.session.add(account)
db.session.commit()
return account
def test_settings(self, model_mock, update_mock):
account = Account()
account.name = 'mockaccount'
db.session.add(account)
db.session.commit()
model_mock.return_value = account
update_mock.return_value = True
response = self.app.get(url(controller='account', action='settings'),
extra_environ={'REMOTE_USER': '******'})
def test_settings(self, model_mock, update_mock):
account = Account()
account.name = "mockaccount"
db.session.add(account)
db.session.commit()
model_mock.return_value = account
update_mock.return_value = True
response = self.app.get(
url(controller="account", action="settings"), extra_environ={"REMOTE_USER": "******"}
)
def make_account(name='test', fullname='Test User',
email='*****@*****.**'):
from openspending.model import Account
account = Account()
account.name = name
account.fullname = fullname
account.email = email
db.session.add(account)
db.session.commit()
return account
def createuser():
""" Create a new user """
from openspending.core import db
from openspending.model import Account
import sys
import getpass
from werkzeug.security import check_password_hash, generate_password_hash
account = Account()
account.fullname = raw_input("User Full name: ")
account.email = raw_input("User email: ")
if Account.by_email(account.email):
raise CommandException("Account `%s` already exists." % account.email)
pass1 = getpass.getpass("Password: "******"Password again: ")
if pass1 != pass2:
print "passwords do not match"
sys.exit()
account.password = generate_password_hash(pass1)
isadmin = raw_input("User is admin (leave blank for no): ")
if not isadmin:
account.admin = False
else:
account.admin = True
account.verified = True
db.session.add(account)
db.session.commit()
def load_from_databank(sourcejson, dataproviderjson, dry_run=False, overwrite=True, meta_only=False, file_dir = None):
print "Working on ", sourcejson['fields']['indicator']
dataorg = DataOrg.by_name(dataproviderjson['fields']['title'])
dataorgMeta = {
'description': dataproviderjson['fields']['description'],
'label': dataproviderjson['fields']['title']
}
if not dataorg:
dataorg = DataOrg(dataorgMeta)
db.session.add(dataorg)
#dataorg will update with id here
db.session.commit()
#get or create dataset
dataset = Dataset.by_label(sourcejson['fields']['indicator'])
description = "http://databank.edip-maps.net/admin/etldata/dataconnection/" + str(sourcejson['pk']) + "/"
modelDataset = {'dataset':
{
'label': sourcejson['fields']['indicator'],
'name': sourcejson['fields']['indicator'],
'description': description,
'dataType': sourcejson['fields']['data_type'],
'dataorg_id': dataorg.id
}
}
if not dataset:
#create one
dataset = Dataset(modelDataset['dataset'])
#dataset.ORoperations = dataproviderjson['fields'].get('ORoperations', {})
#dataset.data = dataproviderjson['fields'].get('mapping',{})
db.session.add(dataset)
else:
#dataset.ORoperations = dataproviderjson['fields'].get('ORoperations', {})
#dataset.data = dataproviderjson['fields'].get('mapping',{})
dataset.update(modelDataset['dataset'])
db.session.commit()
systemaccount = Account.by_id(1)
if dataset.source:
try:
print "trying to delete source"
print dataset.source
dataset.source.delete()
except Exception, e:
print "could not delete source", e
def test_delete_source(self):
"""
Test source removal with a source that includes errors
"""
# Add and import source with errors (we want to remove it)
# The source is added to a dataset called 'test-csv' (but
# we'll just use source.dataset.name in case it changes)
source = csvimport_fixture('import_errors')
source.dataset.managers.append(Account.by_name('test'))
importer = CSVImporter(source)
importer.run()
# Make sure the source is imported
assert db.session.query(Source).filter_by(id=source.id).count() == 1, \
"Import of csv failed. Source not found"
# Delete the source
response = self.app.post(url(controller='source',
action='delete',
dataset=source.dataset.name,
id=source.id),
extra_environ={'REMOTE_USER': '******'})
# Check if source has been deleted
assert db.session.query(Source).filter_by(id=source.id).count() == 0, \
"Deleting source unsuccessful. Source still exists."
def test_delete_successfully_loaded_source(self):
"""
Test source removal with a source that has been successfully loaded.
Removing a source that has been successfully loaded should not be
possible.
"""
# Add and import source without errors.
# The source is added to a dataset called 'test-csv' (but
# we'll just use source.dataset.name in case it changes)
source = csvimport_fixture('successful_import')
source.dataset.managers.append(Account.by_name('test'))
importer = CSVImporter(source)
importer.run()
# Make sure the source is imported
assert db.session.query(Source).filter_by(id=source.id).count() == 1, \
"Import of csv failed. Source not found"
# Delete the source
response = self.app.post(url(controller='source',
action='delete',
dataset=source.dataset.name,
id=source.id),
extra_environ={'REMOTE_USER': '******'})
# Check if source has been deleted
assert db.session.query(Source).filter_by(id=source.id).count() == 1, \
"Deleting source succeeded. The source is gone."
def test_delete_successfully_loaded_source(self):
"""
Test source removal with a source that has been successfully loaded.
Removing a source that has been successfully loaded should not be
possible.
"""
# Add and import source without errors.
# The source is added to a dataset called 'test-csv' (but
# we'll just use source.dataset.name in case it changes)
source = csvimport_fixture('successful_import')
source.dataset.managers.append(Account.by_name('test'))
importer = CSVImporter(source)
importer.run()
# Make sure the source is imported
assert db.session.query(Source).filter_by(id=source.id).count() == 1, \
"Import of csv failed. Source not found"
# Delete the source
response = self.app.post(url(controller='source',
action='delete',
dataset=source.dataset.name,
id=source.id),
extra_environ={'REMOTE_USER': '******'})
# Check if source has been deleted
assert db.session.query(Source).filter_by(id=source.id).count() == 1, \
"Deleting source succeeded. The source is gone."
def test_delete_source(self):
"""
Test source removal with a source that includes errors
"""
# Add and import source with errors (we want to remove it)
# The source is added to a dataset called 'test-csv' (but
# we'll just use source.dataset.name in case it changes)
source = csvimport_fixture('import_errors')
source.dataset.managers.append(Account.by_name('test'))
importer = CSVImporter(source)
importer.run()
# Make sure the source is imported
assert db.session.query(Source).filter_by(id=source.id).count() == 1, \
"Import of csv failed. Source not found"
# Delete the source
response = self.app.post(url(controller='source',
action='delete',
dataset=source.dataset.name,
id=source.id),
extra_environ={'REMOTE_USER': '******'})
# Check if source has been deleted
assert db.session.query(Source).filter_by(id=source.id).count() == 0, \
"Deleting source unsuccessful. Source still exists."
def setup(self):
super(TestRunController, self).setup()
self.source = csvimport_fixture('import_errors')
self.source.dataset.managers.append(Account.by_name('test'))
self.importer = CSVImporter(self.source)
self.importer.run()
def setup(self):
super(TestRunController, self).setup()
self.source = csvimport_fixture('import_errors')
self.source.dataset.managers.append(Account.by_name('test'))
self.importer = CSVImporter(self.source)
self.importer.run()
def create_view(dataset, view_config):
"""
Create view for a provided dataset from a view provided as dict
"""
# Check if it exists (if not we create it)
existing = View.by_name(dataset, view_config['name'])
if existing is None:
# Create the view
view = View()
# Set saved configurations
view.widget = view_config['widget']
view.state = view_config['state']
view.name = view_config['name']
view.label = view_config['label']
view.description = view_config['description']
view.public = view_config['public']
# Set the dataset as the current dataset
view.dataset = dataset
# Try and set the account provided but if it doesn't exist
# revert to shell account
view.account = Account.by_name(view_config['account'])
if view.account is None:
view.account = shell_account()
# Commit view to database
db.session.add(view)
db.session.commit()
def create_view(dataset, view_config):
"""
Create view for a provided dataset from a view provided as dict
"""
# Check if it exists (if not we create it)
existing = View.by_name(dataset, view_config['name'])
if existing is None:
# Create the view
view = View()
# Set saved configurations
view.widget = view_config['widget']
view.state = view_config['state']
view.name = view_config['name']
view.label = view_config['label']
view.description = view_config['description']
view.public = view_config['public']
# Set the dataset as the current dataset
view.dataset = dataset
# Try and set the account provided but if it doesn't exist
# revert to shell account
view.account = Account.by_name(view_config['account'])
if view.account is None:
view.account = shell_account()
# Commit view to database
db.session.add(view)
db.session.commit()
def authenticate(self, environ, identity):
if not 'login' in identity or not 'password' in identity:
return None
account = Account.by_name(identity['login'])
if account is None:
return None
if check_password_hash(account.password, identity['password']):
return account.name
return None
def authenticate(self, environ, identity):
if not 'login' in identity or not 'password' in identity:
return None
account = Account.by_name(identity['login'])
if account is None:
return None
if check_password_hash(account.password, identity['password']):
return account.name
return None
def authenticate(self, environ, identity):
authorization = AUTHORIZATION(environ)
try:
authmeth, auth = authorization.split(' ', 1)
except ValueError: # not enough values to unpack
return None
if authmeth.lower() == 'apikey':
acc = Account.by_api_key(auth.strip())
if acc is not None:
return acc.name
def authenticate(self, environ, identity):
authorization = AUTHORIZATION(environ)
try:
authmeth, auth = authorization.split(' ', 1)
except ValueError: # not enough values to unpack
return None
if authmeth.lower() == 'apikey':
acc = Account.by_api_key(auth.strip())
if acc is not None:
return acc.name
def grantadmin(username):
""" Grant admin privileges to given user """
from openspending.core import db
from openspending.model import Account
a = Account.by_name(username)
if a is None:
raise CommandException("Account `%s` not found." % username)
a.admin = True
db.session.add(a)
db.session.commit()
def authenticate(self, environ, identity):
"""
Try to authenticate user based on api key identity
"""
# If identity has apikey we get the account by the api key
# and return none if no account or apikey is found is found
if 'apikey' in identity:
acc = Account.by_api_key(identity.get('apikey'))
if acc is not None:
return acc.name
return None
def authenticate(self, environ, identity):
"""
Try to authenticate user based on api key identity
"""
# If identity has apikey we get the account by the api key
# and return none if no account or apikey is found is found
if 'apikey' in identity:
acc = Account.by_api_key(identity.get('apikey'))
if acc is not None:
return acc.name
return None
def test_new_dataset(self):
user = Account.by_name('test_new')
assert user.api_key == 'd0610659-627b-4403-8b7f-6e2820ebc95d'
u = url(controller='api/version2', action='create')
params = {
'metadata':
'https://dl.dropbox.com/u/3250791/sample-openspending-model.json',
'csv_file':
'http://mk.ucant.org/info/data/sample-openspending-dataset.csv'
}
apikey_header = 'apikey {0}'.format(user.api_key)
response = self.app.post(u, params, {'Authorization': apikey_header})
assert "200" in response.status
assert Dataset.by_name('openspending-example')
def test_new_dataset(self):
user = Account.by_name('test_new')
assert user.api_key == 'd0610659-627b-4403-8b7f-6e2820ebc95d'
u = url(controller='api/version2', action='create')
params = {
'metadata':
'https://dl.dropbox.com/u/3250791/sample-openspending-model.json',
'csv_file':
'http://mk.ucant.org/info/data/sample-openspending-dataset.csv'
}
apikey_header = 'apikey {0}'.format(user.api_key)
response = self.app.post(u, params, {'Authorization': apikey_header})
assert "200" in response.status
assert Dataset.by_name('openspending-example')
def team_update(self, dataset, format='html'):
self._get_dataset(dataset)
require.dataset.update(c.dataset)
errors, accounts = {}, []
for account_name in request.params.getall('accounts'):
account = Account.by_name(account_name)
if account is None:
errors[account_name] = _("User account cannot be found.")
else:
accounts.append(account)
if c.account not in accounts:
accounts.append(c.account)
if not len(errors):
c.dataset.managers = accounts
c.dataset.updated_at = datetime.utcnow()
db.session.commit()
h.flash_success(_("The team has been updated."))
return self.team_edit(dataset, errors=errors, accounts=accounts)
def team_update(self, dataset, format='html'):
self._get_dataset(dataset)
require.dataset.update(c.dataset)
errors, accounts = {}, []
for account_name in request.params.getall('accounts'):
account = Account.by_name(account_name)
if account is None:
errors[account_name] = _("User account cannot be found.")
else:
accounts.append(account)
if not c.account in accounts:
accounts.append(c.account)
if not len(errors):
c.dataset.managers = accounts
c.dataset.updated_at = datetime.utcnow()
db.session.commit()
h.flash_success(_("The team has been updated."))
return self.team_edit(dataset, errors=errors, accounts=accounts)
def make_account(name="test", fullname="Test User", email="*****@*****.**", twitter="testuser", admin=False):
from openspending.model import Account
# First see if the account already exists and if so, return it
account = Account.by_name(name)
if account:
return account
# Account didn't exist so we create it and return it
account = Account()
account.name = name
account.fullname = fullname
account.email = email
account.twitter_handle = twitter
account.admin = admin
db.session.add(account)
db.session.commit()
return account
def make_account(name='test',
fullname='Test User',
email='*****@*****.**',
twitter='testuser',
admin=False):
from openspending.model import Account
# First see if the account already exists and if so, return it
account = Account.by_name(name)
if account:
return account
# Account didn't exist so we create it and return it
account = Account()
account.name = name
account.fullname = fullname
account.email = email
account.twitter_handle = twitter
account.admin = admin
db.session.add(account)
db.session.commit()
return account
def load_from_databank(sourcejson,
dataproviderjson,
dry_run=False,
overwrite=True,
meta_only=False,
file_dir=None):
print "Working on ", sourcejson['fields']['indicator']
dataorg = DataOrg.by_name(dataproviderjson['fields']['title'])
dataorgMeta = {
'description': dataproviderjson['fields']['description'],
'label': dataproviderjson['fields']['title']
}
if not dataorg:
dataorg = DataOrg(dataorgMeta)
db.session.add(dataorg)
#dataorg will update with id here
db.session.commit()
#get or create dataset
dataset = Dataset.by_label(sourcejson['fields']['indicator'])
description = "http://databank.edip-maps.net/admin/etldata/dataconnection/" + str(
sourcejson['pk']) + "/"
modelDataset = {
'dataset': {
'label': sourcejson['fields']['indicator'],
'name': sourcejson['fields']['indicator'],
'description': description,
'dataType': sourcejson['fields']['data_type'],
'dataorg_id': dataorg.id
}
}
if not dataset:
#create one
dataset = Dataset(modelDataset['dataset'])
#dataset.ORoperations = dataproviderjson['fields'].get('ORoperations', {})
#dataset.data = dataproviderjson['fields'].get('mapping',{})
db.session.add(dataset)
else:
#dataset.ORoperations = dataproviderjson['fields'].get('ORoperations', {})
#dataset.data = dataproviderjson['fields'].get('mapping',{})
dataset.update(modelDataset['dataset'])
db.session.commit()
systemaccount = Account.by_id(1)
if dataset.source:
try:
print "trying to delete source"
print dataset.source
dataset.source.delete()
except Exception, e:
print "could not delete source", e
def test_account_lookup_by_api_key(self):
res = Account.by_api_key(self.acc.api_key)
assert res == self.acc
def test_user_scoreboard(self):
"""
Test if the user scoreboard works and is only accessible by
administrators
"""
# Create dataset and users and make normal user owner of dataset
admin_user = h.make_account('test_admin', admin=True)
dataset = h.load_fixture('cra')
normal_user = h.make_account('test_user')
normal_user.datasets.append(dataset)
db.session.add(normal_user)
db.session.commit()
# Refetch the accounts into scope after the commit
admin_user = Account.by_name('test_admin')
normal_user = Account.by_name('test_user')
# Get the URL to user scoreboard
scoreboard_url = url(controller='account', action='scoreboard')
# Get the home page (could be just any page
user_response = self.app.get(url(controller='home', action='index'),
extra_environ={'REMOTE_USER':
str(normal_user.name)})
admin_response = self.app.get(url(controller='home', action='index'),
extra_environ={'REMOTE_USER':
str(admin_user.name)})
# Admin user should be the only one to see a link
# to the user scoreboard (not the normal user)
assert scoreboard_url not in user_response.body, \
"Normal user can see scoreboard url on the home page"
assert scoreboard_url in admin_response.body, \
"Admin user cannot see the scoreboard url on the home page"
# Normal user should not be able to access the scoreboard url
user_response = self.app.get(scoreboard_url,
expect_errors=True,
extra_environ={'REMOTE_USER':
str(normal_user.name)})
assert '403' in user_response.status, \
"Normal user is authorized to see user scoreboard"
# Administrator should see scoreboard and users should be there in
# in the following order normal user - admin user (with 10 and 0 points
# respectively)
admin_response = self.app.get(scoreboard_url,
extra_environ={'REMOTE_USER':
str(admin_user.name)})
assert '200' in admin_response.status, \
"Administrator did not get a 200 status for user scoreboard"
# We need to remove everything before an 'Dataset Maintainers' because
# the admin user name comes first because of the navigational bar
heading_index = admin_response.body.find('Dataset Maintainers')
check_body = admin_response.body[heading_index:]
admin_index = check_body.find(admin_user.name)
user_index = check_body.find(normal_user.name)
assert admin_index > user_index, \
"Admin index comes before normal user index"
# Same thing as with the username we check for the scores
# they are represented as <p>10</p> and <p>0</p>
admin_index = check_body.find('<p>0</p>')
user_index = check_body.find('<p>10</p>')
assert admin_index > user_index, \
"Admin score does not come before the user score"
def test_user_scoreboard(self):
"""
Test if the user scoreboard works and is only accessible by
administrators
"""
# Create dataset and users and make normal user owner of dataset
admin_user = make_account('test_admin', admin=True)
dataset = load_fixture('cra')
normal_user = make_account('test_user')
normal_user.datasets.append(dataset)
db.session.add(normal_user)
db.session.commit()
# Refetch the accounts into scope after the commit
admin_user = Account.by_name('test_admin')
normal_user = Account.by_name('test_user')
# Get the URL to user scoreboard
scoreboard_url = url(controller='account', action='scoreboard')
# Get the home page (could be just any page
user_response = self.app.get(url(controller='home', action='index'),
extra_environ={'REMOTE_USER':
str(normal_user.name)})
admin_response = self.app.get(url(controller='home', action='index'),
extra_environ={'REMOTE_USER':
str(admin_user.name)})
# Admin user should be the only one to see a link
# to the user scoreboard (not the normal user)
assert scoreboard_url not in user_response.body, \
"Normal user can see scoreboard url on the home page"
assert scoreboard_url in admin_response.body, \
"Admin user cannot see the scoreboard url on the home page"
# Normal user should not be able to access the scoreboard url
user_response = self.app.get(scoreboard_url,
expect_errors=True,
extra_environ={'REMOTE_USER':
str(normal_user.name)})
assert '403' in user_response.status, \
"Normal user is authorized to see user scoreboard"
# Administrator should see scoreboard and users should be there in
# in the following order normal user - admin user (with 10 and 0 points
# respectively)
admin_response = self.app.get(scoreboard_url,
extra_environ={'REMOTE_USER':
str(admin_user.name)})
assert '200' in admin_response.status, \
"Administrator did not get a 200 status for user scoreboard"
# We need to remove everything before an 'Dataset Maintainers' because
# the admin user name comes first because of the navigational bar
heading_index = admin_response.body.find('Dataset Maintainers')
check_body = admin_response.body[heading_index:]
admin_index = check_body.find(admin_user.name)
user_index = check_body.find(normal_user.name)
assert admin_index > user_index, \
"Admin index comes before normal user index"
# Same thing as with the username we check for the scores
# they are represented as <p>10</p> and <p>0</p>
admin_index = check_body.find('<p>0</p>')
user_index = check_body.find('<p>10</p>')
assert admin_index > user_index, \
"Admin score does not come before the user score"
def test_account_lookup_by_name(self):
res = Account.by_name('Joe Bloggs')
assert res == self.acc
