def test_create_new_association(self, user): session = Client().session() response = self.app.post('/association/new', data={'name': 'codescouts'}) association = session.query(Association).one() user_association = session.query(UserAssociation).one() eq_(user_association.association_id, association.association_id) eq_(user_association.user_id, user.user_id) eq_(association.name, 'codescouts') eq_(response.status_code, 302, response.data) eq_(response.headers['Location'], 'http://localhost/association/{0}'.format( association.association_id))
def token_url(): token = request.form['token'] api_params = { 'token': token, 'apiKey': os.environ['ENGAGE_API_KEY'], 'format': 'json', } response = requests.get('https://rpxnow.com/api/v2/auth_info', params=api_params) auth_info = json.loads(response.text) if 'profile' not in auth_info: return make_response('An error occurred interacting with your ' 'identity provider. Since that does not ' 'usually happen unless you are a radlibs ' 'developer, here is the error in all its ' 'terrible beauty: ' + response.text) identifier = auth_info['profile']['identifier'] email = auth_info['profile'].get('email') redirect_uri = request.form.get('redirect_uri', '/') db_session = Client().session() try: user = db_session.query(User).\ filter(User.identifier == identifier).\ one() except NoResultFound: if email: existing_users = db_session.query(User).\ filter(User.email == email).\ all() if existing_users: provider = provider_for_identifier( existing_users[0].identifier) return render_template( 'identifier_mismatch.html.jinja', existing_provider=provider) user = User(email=email, identifier=identifier, email_verified_at=utcnow()) db_session.add(user) else: session['partial_user'] = {'identifier': identifier} return redirect(url_for('show_registration', redirect_uri=redirect_uri)) session['user'] = {'identifier': identifier, 'email': email} return redirect(redirect_uri)
def test_invite_new_user_to_association(self, user, send_invitation_mail): user.email = "*****@*****.**" session = Client().session() association = Association(name='prancing ponies') session.add(association) session.flush() session.add(UserAssociation(user_id=user.user_id, association_id=association.association_id)) session.flush() response = self.app.post( '/association/{0}/invite_user'.format(association.association_id), data={'email': '*****@*****.**'}) eq_(response.status_code, 200, response.data) body = json.loads(response.data) eq_(body, {'status': 'ok', 'action': 'invited'}) invite = session.query(AssociationInvite).one() eq_(invite.email, '*****@*****.**') eq_(invite.association_id, association.association_id) send_invitation_mail.assert_called_once_with( '*****@*****.**', '*****@*****.**', 'prancing ponies', 'http://localhost/accept_invitation/{0}/'.format(invite.token))
def new_rad_by_name(): if not g.user: return error_response('login required') try: parse(request.form['rad']) except ParseError as e: return error_response('parse error: {0}'.format(e.message)) session = Client().session() lib_name = request.form['lib'] association_id = request.form['association_id'] try: find_association(association_id) except NoResultFound: return error_response('no such association') try: lib = session.query(Lib).\ filter(Lib.name == lib_name).\ filter(Lib.association_id == association_id).\ one() except NoResultFound: return error_response("no such lib '{0}'".format(lib_name)) rad = Rad(created_by=g.user.user_id, lib_id=lib.lib_id, rad=request.form['rad']) session.add(rad) radlibs.lib.decache_lib(lib.name, lib.association_id) return { 'status': 'ok', 'rad_id': rad.rad_id, }
def test_add_existing_user_to_association(self, user): session = Client().session() association = Association(name='prancing ponies') session.add(association) session.flush() session.add(UserAssociation(user_id=user.user_id, association_id=association.association_id)) other_user = User(email_verified_at=utcnow(), email='*****@*****.**') session.add(other_user) session.flush() response = self.app.post( '/association/{0}/invite_user'.format(association.association_id), data={'email': '*****@*****.**'}) eq_(response.status_code, 200, response.data) body = json.loads(response.data) eq_(body, {'status': 'ok', 'action': 'added'}) user_associations = session.query( UserAssociation.user_id, UserAssociation.association_id).\ all() eq_(user_associations, [ (user.user_id, association.association_id), (other_user.user_id, association.association_id), ])
def edit_rad(rad_id): if rad_id == 0: abort(404) if not g.user: return error_response('login required') try: parse(request.form['rad']) except ParseError as e: return error_response('parse error: {0}'.format(e.message)) session = Client().session() try: (rad, lib) = session.query(Rad, Lib).\ join(Lib).\ join(Association).\ join(UserAssociation).\ filter(UserAssociation.user_id == g.user.user_id).\ filter(Rad.rad_id == rad_id).\ one() except NoResultFound: return error_response('no such rad') rad.rad = request.form['rad'] session.add(rad) radlibs.lib.decache_lib(lib.name, lib.association_id) return {'status': 'ok'}
def find_association(association_id): session = Client().session() return session.query(Association).\ join(UserAssociation, UserAssociation.association_id == Association.association_id).\ filter(Association.association_id == association_id).\ filter(UserAssociation.user_id == g.user.user_id).\ one()
def test_verify_email(self): session = Client().session() user = User() session.add(user) session.flush() token = EmailVerificationToken.generate(user) response = self.app.get('/verify_email/{0}'.format(token.token)) eq_(response.status_code, 200, response.data) assert 'Thanks!' in response.data, 'response was rude' del(user) user = session.query(User).one() assert user.email_verified_at, "email wasn't verified!" tokens = session.query(EmailVerificationToken).all() eq_(tokens, [])
def verify_email(token): db_session = Client().session() try: verification_token = db_session.query(EmailVerificationToken).\ filter(EmailVerificationToken.token == token).\ one() user = db_session.query(User).\ filter(User.user_id == verification_token.user_id).\ one() except NoResultFound: abort(404) user.email_verified_at = utcnow() db_session.add(user) db_session.delete(verification_token) return render_template('verification_complete.html.jinja')
def test_accept_invite_while_logged_in(self, user): user.email = '*****@*****.**' session = Client().session() association = Association(name="tower of power") session.add(association) session.flush() invite = AssociationInvite.generate(association.association_id, '*****@*****.**') session.flush() response = self.app.get('/accept_invitation/{0}/'.format(invite.token)) eq_(response.status_code, 302, response.data) eq_(response.headers['Location'], 'http://localhost/association/{0}'.format(association.association_id)) user_association = session.query(UserAssociation).\ filter(UserAssociation.user_id == user.user_id).\ one() eq_(user_association.association_id, association.association_id) invites = session.query(AssociationInvite).all() eq_(invites, [])
def manage_association(association_id): if not g.user: abort(401) session = Client().session() try: association = session.query(Association).\ join(UserAssociation, UserAssociation.association_id == Association.association_id).\ filter(Association.association_id == association_id).\ filter(UserAssociation.user_id == g.user.user_id).\ one() except NoResultFound: abort(404) radlibs = session.query(Lib.name, Lib.lib_id, Rad.rad_id, Rad.rad).\ select_from(Lib).\ outerjoin(Rad, Lib.lib_id == Rad.lib_id).\ filter(Lib.association_id == association.association_id).\ all() member_emails = session.query(User.email).\ join(UserAssociation, UserAssociation.user_id == User.user_id).\ filter(UserAssociation.association_id == association_id).\ all() libs = {} for (lib_name, lib_id, rad_id, rad) in radlibs: if lib_name not in libs: libs[lib_name] = {'rads': []} libs[lib_name]['lib_id'] = lib_id if rad: libs[lib_name]['rads'].append({'rad_id': rad_id, 'rad': rad}) return render_template('manage_association.html.jinja', association=association, libs=libs, member_emails=[e[0] for e in member_emails], breadcrumbs=breadcrumbs(association.name))
def test_bypass_login__new_user(self): session = Client().session() response = self.app.post('/login_bypass', data={ 'email': '*****@*****.**', 'identifier': 'http://www.facebook.com/itsme', }) eq_(response.status_code, 302) eq_(response.headers['Location'], 'http://localhost/') user = session.query(User).one() eq_(user.email, '*****@*****.**') eq_(user.identifier, 'http://www.facebook.com/itsme')
def test_accept_invite_while_unverified_verifies_email(self, user): user.email = '*****@*****.**' user.email_verified_at = None session = Client().session() association = Association(name="tower of power") session.add(association) session.flush() invite = AssociationInvite.generate(association.association_id, '*****@*****.**') session.flush() response = self.app.get('/accept_invitation/{0}/'.format(invite.token)) eq_(response.status_code, 302, response.data) del(user) user = session.query(User).one() assert user.email_verified_at, "Email wasn't verified"
def test_log_in_with_a_provider_that_does_not_supply_email( self, requests, os, send_verification_mail): session = Client().session() os.environ = {'ENGAGE_API_KEY': 'aoeu'} response = Mock() requests.get.return_value = response response.text = json.dumps({ 'profile': { 'identifier': 'twitter.com/tpain', } }) response = self.app.post( '/token_url', data={'token': 'asdf', 'redirect_uri': '/language'}) eq_(response.status_code, 302) eq_(response.headers['Location'], 'http://localhost/complete_registration?redirect_uri=%2Flanguage') response = self.app.get('/complete_registration', data={'redirect_uri': '/language'}) eq_(response.status_code, 200, response.data) response = self.app.post('/complete_registration', data={ 'redirect_uri': '/language', 'email': '*****@*****.**'}) eq_(response.status_code, 302, response.data) eq_(response.headers['Location'], 'http://localhost/language') user = session.query(User).one() eq_(user.email, '*****@*****.**') eq_(user.identifier, 'twitter.com/tpain') eq_(user.email_verified_at, None) token = session.query(EmailVerificationToken).one() send_verification_mail.assert_called_once_with( user, 'http://localhost/verify_email/{0}'.format(token.token))
def load_lib(lib_name): lib_key = '{0}:{1}'.format(g.association_id, lib_name) lib = app.cache.get(lib_key) if not lib: session = Client().session() lib = session.query(Rad.rad).\ join(Lib, Lib.lib_id == Rad.lib_id).\ filter(Lib.name == lib_name).\ filter(Lib.association_id == g.association_id).\ all() if not lib: raise KeyError(lib_name) lib = [rad[0] for rad in lib] app.cache.set(lib_key, lib, timeout=60*60) return lib
def test_create_new_lib(self, user): session = Client().session() association_id = self.create_association(user) response = self.app.post( '/association/{0}/lib/new'.format(association_id), data={"name": "Rant"}) lib = session.query(Lib).one() eq_(lib.name, 'Rant') eq_(response.status_code, 200, response.data) body = json.loads(response.data) eq_(body, { 'status': 'ok', 'lib_id': lib.lib_id, })
def bypass_login(): if not app.config['DEBUG']: abort(404) db_session = Client().session() email = request.form['email'] identifier = request.form['identifier'] try: user = db_session.query(User).\ filter(User.identifier == identifier).\ one() except NoResultFound: user = User() user.email = email user.identifier = identifier db_session.add(user) session['user'] = {'identifier': identifier, 'email': email} return redirect('/')
def test_add_rad__invalid_syntax(self, user): session = Client().session() association_id = self.create_association(user) lib = Lib(name="Artist", association_id=association_id) session.add(lib) session.flush() response = self.app.post('/lib/{0}/rad/new'.format(lib.lib_id), data={'rad': 'Ziggy Astral_body>dust'}) eq_(response.status_code, 200) rads = session.query(Rad).all() eq_(rads, []) body = json.loads(response.data) eq_(body, {'status': 'error', 'error': "parse error: Unexpected token '>' at line 1 " "character 18 of 'Ziggy Astral_body>dust'"})
def test_add_new_rad(self, user): session = Client().session() association_id = self.create_association(user) lib = Lib(name="Artist", association_id=association_id) session.add(lib) session.flush() response = self.app.post('/lib/{0}/rad/new'.format(lib.lib_id), data={'rad': 'Shania Twain'}) eq_(response.status_code, 200) rad = session.query(Rad).one() eq_(rad.created_by, user.user_id) eq_(rad.lib_id, lib.lib_id) eq_(rad.rad, 'Shania Twain') body = json.loads(response.data) eq_(body, {'status': 'ok', 'rad_id': rad.rad_id})
def test_add_new_rad_by_name(self, user): session = Client().session() association_id = self.create_association(user) lib = Lib(name="Song", association_id=association_id) session.add(lib) session.flush() response = self.app.post('/lib/rad/new', data={ 'association_id': association_id, 'lib': 'Song', 'rad': 'Stairway to <Location>', }) eq_(response.status_code, 200) rad = session.query(Rad).one() eq_(rad.rad, 'Stairway to <Location>') body = json.loads(response.data) eq_(body, {'status': 'ok', 'rad_id': rad.rad_id})
def accept_invitation(token): if not g.user: return render_template('invitation_registration.html.jinja') session = Client().session() try: invite = session.query(AssociationInvite).\ filter(AssociationInvite.token == token).\ one() except NoResultFound: abort(404) if invite.email != g.user.email: raise StandardError('Logged-in user had email {0} and a token for an ' 'invite for {1}'.format(g.user.email, invite.email)) session.add(UserAssociation(association_id=invite.association_id, user_id=g.user.user_id)) session.delete(invite) if g.user.email_verified_at is None: g.user.email_verified_at = utcnow() session.add(g.user) return redirect(url_for('manage_association', association_id=invite.association_id))
def invite_user(association_id): if not g.user: return error_response('login required') session = Client().session() email = request.form['email'] if not re.search(r'@.*\.', email): return error_response("invalid email address '{0}'".format(email)) try: association = association_for_logged_in_user(association_id) except NoResultFound: return error_response('no such association') try: user = session.query(User).\ filter(User.email == email).\ one() except NoResultFound: invite = AssociationInvite.generate(association_id, email) try: session.flush() except IntegrityError: return error_response('already invited') send_invitation_mail( email, g.user.email, association.name, url_for('accept_invitation', token=invite.token, _external=True)) return {'status': 'ok', 'action': 'invited'} user_association = UserAssociation( user_id=user.user_id, association_id=association_id) session.add(user_association) try: session.flush() except IntegrityError: return error_response('already in association') return {'status': 'ok', 'action': 'added'}