Example #1
0
def new_rad_by_name():
    if not g.user:
        return error_response('login required')
    try:
        parse(request.form['rad'])
    except ParseError as e:
        return error_response('parse error: {0}'.format(e.message))
    session = Client().session()
    lib_name = request.form['lib']
    association_id = request.form['association_id']
    try:
        find_association(association_id)
    except NoResultFound:
        return error_response('no such association')
    try:
        lib = session.query(Lib).\
            filter(Lib.name == lib_name).\
            filter(Lib.association_id == association_id).\
            one()
    except NoResultFound:
        return error_response("no such lib '{0}'".format(lib_name))
    rad = Rad(created_by=g.user.user_id,
              lib_id=lib.lib_id,
              rad=request.form['rad'])
    session.add(rad)
    radlibs.lib.decache_lib(lib.name, lib.association_id)
    return {
        'status': 'ok',
        'rad_id': rad.rad_id,
    }
Example #2
0
    def test_invite_new_user_to_association(self, user, send_invitation_mail):
        user.email = "*****@*****.**"
        session = Client().session()

        association = Association(name='prancing ponies')
        session.add(association)
        session.flush()
        session.add(UserAssociation(user_id=user.user_id,
                                    association_id=association.association_id))
        session.flush()

        response = self.app.post(
            '/association/{0}/invite_user'.format(association.association_id),
            data={'email': '*****@*****.**'})
        eq_(response.status_code, 200, response.data)
        body = json.loads(response.data)
        eq_(body, {'status': 'ok', 'action': 'invited'})

        invite = session.query(AssociationInvite).one()
        eq_(invite.email, '*****@*****.**')
        eq_(invite.association_id, association.association_id)

        send_invitation_mail.assert_called_once_with(
            '*****@*****.**',
            '*****@*****.**',
            'prancing ponies',
            'http://localhost/accept_invitation/{0}/'.format(invite.token))
Example #3
0
def edit_rad(rad_id):
    if rad_id == 0:
        abort(404)
    if not g.user:
        return error_response('login required')
    try:
        parse(request.form['rad'])
    except ParseError as e:
        return error_response('parse error: {0}'.format(e.message))
    session = Client().session()
    try:
        (rad, lib) = session.query(Rad, Lib).\
            join(Lib).\
            join(Association).\
            join(UserAssociation).\
            filter(UserAssociation.user_id == g.user.user_id).\
            filter(Rad.rad_id == rad_id).\
            one()
    except NoResultFound:
        return error_response('no such rad')

    rad.rad = request.form['rad']
    session.add(rad)
    radlibs.lib.decache_lib(lib.name, lib.association_id)
    return {'status': 'ok'}
Example #4
0
    def test_no_such_lib_raises_keyerror(self, g):
        session = Client().session()
        association = Association(name="prancing ponies")
        session.add(association)
        session.flush()
        g.association_id = association.association_id

        radlibs.lib.load_lib('Loot')
Example #5
0
def find_association(association_id):
    session = Client().session()
    return session.query(Association).\
        join(UserAssociation,
             UserAssociation.association_id == Association.association_id).\
        filter(Association.association_id == association_id).\
        filter(UserAssociation.user_id == g.user.user_id).\
        one()
Example #6
0
    def test_generate(self):
        session = Client().session()
        association = Association(name='crazy train')
        session.add(association)
        session.flush()

        invite = AssociationInvite.generate(association.association_id,
                                            '*****@*****.**')
Example #7
0
    def test_generate_token(self):
        session = Client().session()
        user = User()
        session.add(user)
        session.flush()

        token = EmailVerificationToken.generate(user)
        eq_(len(token.token), 32)
Example #8
0
 def test_breadcrumb_for_an_association(self):
     session = Client().session()
     association = Association(name="Harpy")
     session.add(association)
     session.flush()
     with app.app_context():
         crumb = breadcrumb_for(association)
     eq_(crumb, ('Harpy', 'http://localhost/association/{0}'.format(
         association.association_id)))
Example #9
0
def register():
    db_session = Client().session()
    user = User(
        email=request.form['email'],
        identifier=session['partial_user']['identifier'])
    db_session.add(user)
    db_session.flush()
    token = EmailVerificationToken.generate(user)
    send_verification_mail(
        user, url_for('verify_email', token=token.token, _external=True))
    session['user'] = {'email': user.email, 'identifier': user.identifier}
    return redirect(request.form['redirect_uri'])
Example #10
0
 def test_create_new_association(self, user):
     session = Client().session()
     response = self.app.post('/association/new',
                              data={'name': 'codescouts'})
     association = session.query(Association).one()
     user_association = session.query(UserAssociation).one()
     eq_(user_association.association_id, association.association_id)
     eq_(user_association.user_id, user.user_id)
     eq_(association.name, 'codescouts')
     eq_(response.status_code, 302, response.data)
     eq_(response.headers['Location'],
         'http://localhost/association/{0}'.format(
             association.association_id))
Example #11
0
 def test_test_radlib_requires_login(self):
     session = Client().session()
     association = Association(name="somebody's private stuff")
     session.add(association)
     session.flush()
     response = self.app.post(
         '/association/{0}/test_radlib'.format(association.association_id),
         data={'rad': 'I ate some <Food>'})
     eq_(response.status_code, 200)
     body = json.loads(response.data)
     eq_(body, {
         'status': 'error',
         'error': 'login required'})
Example #12
0
    def test_bypass_login__new_user(self):
        session = Client().session()

        response = self.app.post('/login_bypass', data={
            'email': '*****@*****.**',
            'identifier': 'http://www.facebook.com/itsme',
        })
        eq_(response.status_code, 302)
        eq_(response.headers['Location'], 'http://localhost/')

        user = session.query(User).one()
        eq_(user.email, '*****@*****.**')
        eq_(user.identifier, 'http://www.facebook.com/itsme')
Example #13
0
    def test_bypass_login__existing_user(self):
        session = Client().session()
        user = User(identifier='http://www.facebook.com/itsme',
                    email='*****@*****.**')
        session.add(user)
        session.flush()

        response = self.app.post('/login_bypass', data={
            'email': '*****@*****.**',
            'identifier': 'http://www.facebook.com/itsme',
        })
        eq_(response.status_code, 302)
        eq_(response.headers['Location'], 'http://localhost/')
Example #14
0
 def test_hmac_auth__invalid_datetime_format(self):
     session = Client().session()
     user = User(api_key='hurfdurf')
     session.add(user)
     session.flush()
     response = self.app.post(
         '/test_authorization', data={'user_id': user.user_id,
                                      'signature': 'johnhancock',
                                      'time': 'beer:30',
                                      'other_param': 'frabjous'})
     eq_(response.status_code, 200, response.data)
     body = json.loads(response.data)
     eq_(body, {'status': 'error', 'error': 'not logged in'})
Example #15
0
    def test_add_new_rad__requires_correct_user(self, user):
        session = Client().session()
        other_user = User()
        association_id = self.create_association(other_user)
        lib = Lib(name="Song", association_id=association_id)
        session.add(lib)
        session.flush()

        response = self.app.post('/lib/{0}/rad/new'.format(lib.lib_id),
                                 data={'rad': '<Song_which_never_ends>'})
        eq_(response.status_code, 200)
        body = json.loads(response.data)
        eq_(body, {
            'status': 'error',
            'error': 'no such lib'})
Example #16
0
 def test_hmac_auth__user_has_no_api_key(self):
     session = Client().session()
     user = User()
     session.add(user)
     session.flush()
     time = datetime.datetime.utcnow().strftime('%Y%m%dT%H:%M:%S')
     signature = "mloop droop"
     response = self.app.post(
         '/test_authorization', data={'user_id': user.user_id,
                                      'signature': signature,
                                      'time': time,
                                      'other_param': 'frabjous'})
     eq_(response.status_code, 200, response.data)
     body = json.loads(response.data)
     eq_(body, {'status': 'error', 'error': 'not logged in'})
Example #17
0
def token_url():
    token = request.form['token']
    api_params = {
        'token': token,
        'apiKey': os.environ['ENGAGE_API_KEY'],
        'format': 'json',
    }

    response = requests.get('https://rpxnow.com/api/v2/auth_info',
                            params=api_params)
    auth_info = json.loads(response.text)
    if 'profile' not in auth_info:
        return make_response('An error occurred interacting with your '
                             'identity provider. Since that does not '
                             'usually happen unless you are a radlibs '
                             'developer, here is the error in all its '
                             'terrible beauty: ' + response.text)
    identifier = auth_info['profile']['identifier']
    email = auth_info['profile'].get('email')
    redirect_uri = request.form.get('redirect_uri', '/')

    db_session = Client().session()
    try:
        user = db_session.query(User).\
            filter(User.identifier == identifier).\
            one()
    except NoResultFound:
        if email:
            existing_users = db_session.query(User).\
                filter(User.email == email).\
                all()
            if existing_users:
                provider = provider_for_identifier(
                    existing_users[0].identifier)
                return render_template(
                    'identifier_mismatch.html.jinja',
                    existing_provider=provider)
            user = User(email=email,
                        identifier=identifier,
                        email_verified_at=utcnow())
            db_session.add(user)
        else:
            session['partial_user'] = {'identifier': identifier}
            return redirect(url_for('show_registration',
                                    redirect_uri=redirect_uri))

    session['user'] = {'identifier': identifier, 'email': email}
    return redirect(redirect_uri)
Example #18
0
def load_lib(lib_name):
    lib_key = '{0}:{1}'.format(g.association_id, lib_name)
    lib = app.cache.get(lib_key)
    if not lib:
        session = Client().session()
        lib = session.query(Rad.rad).\
            join(Lib, Lib.lib_id == Rad.lib_id).\
            filter(Lib.name == lib_name).\
            filter(Lib.association_id == g.association_id).\
            all()

        if not lib:
            raise KeyError(lib_name)
        lib = [rad[0] for rad in lib]
        app.cache.set(lib_key, lib, timeout=60*60)
    return lib
Example #19
0
    def test_add_user_to_association_requires_correct_login(self, user):
        session = Client().session()

        association = Association(name='prancing ponies')
        session.add(association)
        session.flush()

        response = self.app.post(
            '/association/{0}/invite_user'.format(association.association_id),
            data={'email': '*****@*****.**'})
        eq_(response.status_code, 200)

        body = json.loads(response.data)
        eq_(body, {
            'status': 'error',
            'error': 'no such association'})
Example #20
0
    def test_create_new_lib(self, user):
        session = Client().session()
        association_id = self.create_association(user)

        response = self.app.post(
            '/association/{0}/lib/new'.format(association_id),
            data={"name": "Rant"})
        lib = session.query(Lib).one()
        eq_(lib.name, 'Rant')

        eq_(response.status_code, 200, response.data)
        body = json.loads(response.data)
        eq_(body, {
            'status': 'ok',
            'lib_id': lib.lib_id,
            })
Example #21
0
def bypass_login():
    if not app.config['DEBUG']:
        abort(404)
    db_session = Client().session()
    email = request.form['email']
    identifier = request.form['identifier']
    try:
        user = db_session.query(User).\
            filter(User.identifier == identifier).\
            one()
    except NoResultFound:
        user = User()
    user.email = email
    user.identifier = identifier
    db_session.add(user)
    session['user'] = {'identifier': identifier, 'email': email}
    return redirect('/')
Example #22
0
    def test_create_new_lib__lib_already_exists(self, user):
        session = Client().session()
        association_id = self.create_association(user)
        lib = Lib(name="Rant", association_id=association_id)
        session.add(lib)
        session.flush()

        response = self.app.post(
            '/association/{0}/lib/new'.format(association_id),
            data={"name": "Rant"})

        eq_(response.status_code, 200, response.data)
        body = json.loads(response.data)
        eq_(body, {
            'status': 'error',
            'error': 'lib already exists'
            })
Example #23
0
    def test_new_rad_by_name__missing_params(self, user):
        session = Client().session()
        association_id = self.create_association(user)
        lib = Lib(name="Song", association_id=association_id)
        session.add(lib)
        session.flush()

        response = self.app.post('/lib/rad/new', data={
            'lib': 'Song',
            'rad': 'Stairway to <Location>',
        })
        eq_(response.status_code, 200)
        body = json.loads(response.data)
        eq_(body, {
            'status': 'error',
            'error': "missing param 'association_id'"
            })
Example #24
0
    def test_add_new_rad_by_name__syntax_error(self, user):
        session = Client().session()
        association_id = self.create_association(user)
        lib = Lib(name="Song", association_id=association_id)
        session.add(lib)
        session.flush()

        response = self.app.post('/lib/rad/new', data={
            'association_id': association_id,
            'lib': 'Song',
            'rad': 'All you need is <Emotion',
        })
        eq_(response.status_code, 200)
        body = json.loads(response.data)
        eq_(body, {'status': 'error',
                   'error': "parse error: Unexpected token '<' at line 1 "
                            "character 17 of 'All you need is <Emotion'"})
Example #25
0
 def test_authenticate_with_hmac_signature(self):
     session = Client().session()
     user = User(api_key='hurfdurf')
     session.add(user)
     session.flush()
     time = datetime.datetime.utcnow().strftime('%Y%m%dT%H:%M:%S')
     endpoint = '/test_authorization'
     plaintext = "{0}\nother_param: frabjous\n{1}\n{2}".format(
         time, endpoint, 'hurfdurf')
     signature = sha.sha(plaintext).hexdigest()
     response = self.app.post(
         endpoint, data={'user_id': user.user_id,
                         'signature': signature,
                         'time': time,
                         'other_param': 'frabjous'})
     eq_(response.status_code, 200, response.data)
     body = json.loads(response.data)
     eq_(body, {'status': 'ok'})
Example #26
0
 def test_hmac_auth__time_must_be_within_five_minutes_of_server(self):
     session = Client().session()
     user = User(api_key='hurfdurf')
     session.add(user)
     session.flush()
     time = '20010101T01:01:01'
     endpoint = '/test_authorization'
     plaintext = "{0}\nother_param: frabjous\n{1}\n{2}".format(
         time, endpoint, 'hurfdurf')
     signature = sha.sha(plaintext).hexdigest()
     response = self.app.post(
         endpoint, data={'user_id': user.user_id,
                         'signature': signature,
                         'time': time,
                         'other_param': 'frabjous'})
     eq_(response.status_code, 200, response.data)
     body = json.loads(response.data)
     eq_(body, {'status': 'error', 'error': 'not logged in'})
Example #27
0
def create_lib(association_id):
    if not g.user:
        return error_response('login required')
    name = request.form['name']
    if not re.search('^[A-Z][a-z_]*$', name):
        return error_response("'{0}' is not a valid lib name".format(name))
    session = Client().session()
    try:
        find_association(association_id)
    except NoResultFound:
        return error_response('no such association')
    lib = Lib(association_id=association_id,
              name=name)
    session.add(lib)
    try:
        session.flush()
    except IntegrityError:
        return error_response('lib already exists')
    return {'status': 'ok', 'lib_id': lib.lib_id}
Example #28
0
    def test_new_rad_by_name__requires_correct_login(self, user):
        session = Client().session()
        other_user = User()
        association_id = self.create_association(other_user)
        lib = Lib(name="Song", association_id=association_id)
        session.add(lib)
        session.flush()

        response = self.app.post('/lib/rad/new', data={
            'association_id': association_id,
            'lib': 'Song',
            'rad': 'The sound of <Sound>',
        })
        eq_(response.status_code, 200)
        body = json.loads(response.data)
        eq_(body, {
            "status": 'error',
            'error': "no such association",
            })
Example #29
0
    def test_add_new_rad__requires_user(self):
        session = Client().session()
        association = Association(name='Partytown')
        session.add(association)
        session.flush()
        lib = Lib(name="Animal", association_id=association.association_id)
        session.add(lib)
        session.flush()

        response = self.app.post('/lib/{0}/rad/new'.format(lib.lib_id),
                                 data={'rad': 'what is happening'})
        eq_(response.status_code, 200)
        body = json.loads(response.data)
        eq_(body, {
            'status': 'error',
            'error': 'login required'})
Example #30
0
    def test_edit_rad(self, user):
        session = Client().session()
        association_id = self.create_association(user)
        lib = Lib(name="Band", association_id=association_id)
        session.add(lib)
        session.flush()
        rad = Rad(lib_id=lib.lib_id,
                  created_by=user.user_id,
                  rad='Huey Lewis and the Nws')
        session.add(rad)
        session.flush()

        response = self.app.post('/lib/rad/{0}/edit'.format(rad.rad_id),
                                 data={'rad': 'Huey Lewis and the News'})
        eq_(response.status_code, 200, response.data)
        body = json.loads(response.data)
        eq_(body, {'status': 'ok'})