def assemble(self, login_bookmark=None, get_queues=None): self.get_queues = get_queues self.web_session = ExecutionContext.get_context().session self.first_log_in = ViewPreCondition( LoginSession.for_current_session().is_logged_in, exception=Detour(login_bookmark)) self.workflow_interface = WorkflowInterface() self.inbox = Inbox(self.get_queues()) inbox_view_factory = self.define_view('/', title=_('Inbox')) inbox_view_factory.set_slot('main_slot', InboxWidget.factory(self.inbox)) task_view_factory = self.define_view('/task', view_class=TaskView, task=PersistedField( Task, required=True)) task_view_factory.add_precondition(self.first_log_in) inbox_view_factory.add_precondition(self.first_log_in) self.define_transition(self.workflow_interface.events.take_task, inbox_view_factory, task_view_factory) self.define_transition(self.workflow_interface.events.go_to_task, inbox_view_factory, task_view_factory) self.define_transition(self.workflow_interface.events.defer_task, task_view_factory, inbox_view_factory) self.define_transition(self.workflow_interface.events.release_task, task_view_factory, inbox_view_factory)
def test_login_queries(party_account_fixture, web_fixture): """""" context = ExecutionContext.get_context() config = context.config user_session = context.session login_session = LoginSession.for_session(context.session) system_account = party_account_fixture.system_account web_fixture.request.scheme = 'https' context.request.cookies[ config.web.secure_key_name] = user_session.secure_salt assert config.web.idle_secure_lifetime < config.web.idle_lifetime assert config.web.idle_lifetime < config.web.idle_lifetime_max # Case: user logs in user_session.last_activity = None login_session.set_as_logged_in(system_account, False) assert login_session.is_logged_in() assert login_session.is_logged_in(secured=True) # Case: user logs out login_session.log_out() assert not login_session.is_logged_in() assert not login_session.is_logged_in(secured=True) # Case: user activity is older than secure lifetime assert (config.web.idle_lifetime - config.web.idle_secure_lifetime) > 50 login_session.set_as_logged_in(system_account, False) user_session.last_activity = datetime.now() - timedelta( seconds=config.web.idle_secure_lifetime + 50) assert login_session.is_logged_in() assert not login_session.is_logged_in(secured=True) # Case: user activity is older than all lifetimes assert (config.web.idle_lifetime - config.web.idle_secure_lifetime) > 50 login_session.set_as_logged_in(system_account, False) user_session.last_activity = datetime.now() - timedelta( seconds=config.web.idle_lifetime + 50) assert not login_session.is_logged_in() assert not login_session.is_logged_in(secured=True) # Case: user activity is older than non-secure lifetime, but keep_me_logged_in is set assert (config.web.idle_lifetime - config.web.idle_secure_lifetime) > 50 assert (config.web.idle_lifetime_max - config.web.idle_lifetime) > 50 login_session.set_as_logged_in(system_account, True) user_session.last_activity = datetime.now() - timedelta( seconds=config.web.idle_lifetime + 50) assert login_session.is_logged_in() assert not login_session.is_logged_in(secured=True) # Case: user activity is older than non-secure lifetime max, but keep_me_logged_in is set assert (config.web.idle_lifetime - config.web.idle_secure_lifetime) > 50 assert (config.web.idle_lifetime_max - config.web.idle_lifetime) > 50 login_session.set_as_logged_in(system_account, True) Session.flush() user_session.last_activity = datetime.now() - timedelta( seconds=config.web.idle_lifetime_max + 50) assert not login_session.is_logged_in() assert not login_session.is_logged_in(secured=True)
def __init__(self, view, address_book_ui): super(HomePageWidget, self).__init__(view) accounts = AccountManagementInterface.for_current_session() login_session = LoginSession.for_current_session() if login_session.is_logged_in(): self.add_child(AddressBookList(view, address_book_ui)) self.add_child(LogoutForm(view, accounts)) else: self.add_child(LoginForm(view, accounts))
def __init__(self, view, address_book_ui): super(AddressBookList, self).__init__(view) current_account = LoginSession.for_current_session().account address_books = [book for book in AddressBook.address_books_visible_to(current_account)] bookmarks = [address_book_ui.get_address_book_bookmark(address_book, description=address_book.display_name) for address_book in address_books] for bookmark in bookmarks: p = self.add_child(P(view)) p.add_child(A.from_bookmark(view, bookmark))
def log_in(self, browser=None, session=None, system_account=None, stay_logged_in=False): """Logs the user into the current webapp without having to navigate to a login page.""" session = session or self.party_account_fixture.session browser = browser or self.driver_browser login_session = LoginSession.for_session(session) login_session.set_as_logged_in( system_account or self.party_account_fixture.system_account, stay_logged_in) self.set_session_cookies(browser, session)
def test_logging_in(reahl_system_fixture, party_account_fixture): fixture = party_account_fixture system_account = fixture.system_account login_session = LoginSession.for_session( reahl_system_fixture.context.session) account_management_interface = fixture.account_management_interface account_management_interface.stay_logged_in = False # Case: successful email attempt assert login_session.account is not system_account account_management_interface.log_in() assert login_session.account is system_account # Case: failed email attempts disable the account login_session.account = None assert system_account.account_enabled account_management_interface.email = system_account.email account_management_interface.password = '******' for i in list(range(3)): with expected(InvalidPasswordException, test=assert_is_set_to_commit): account_management_interface.log_in() assert system_account.failed_logins == i + 1 assert login_session.account is None assert not system_account.account_enabled # Case: Account is locked system_account.disable() assert isinstance(system_account.status, AccountDisabled) with expected(AccountNotActiveException): account_management_interface.log_in() assert login_session.account is None # Case: Account is not activated yet login_session.account = None system_account = fixture.new_system_account(email='*****@*****.**', activated=False) assert isinstance(system_account.status, AccountNotActivated) with expected(AccountNotActiveException): account_management_interface.log_in() assert login_session.account is None # Case: Login for nonexistant email name account_management_interface.email = 'i@do not exist' account_management_interface.password = '******' with expected(InvalidPasswordException, test=assert_not_set_to_commit): account_management_interface.log_in() assert login_session.account is None
def __init__(self, view, home_bookmark): super(AddressAppPage, self).__init__(view) self.use_layout(PageLayout(document_layout=Container())) contents_layout = ColumnLayout(('main', ResponsiveSize(lg=6))).with_slots() self.layout.contents.use_layout(contents_layout) login_session = LoginSession.for_current_session() if login_session.is_logged_in(): logged_in_as = login_session.account.email else: logged_in_as = 'Not logged in' self.layout.header.add_child(P(view, text=logged_in_as)) self.layout.header.add_child(Nav(view).use_layout(TabLayout()).with_bookmarks([home_bookmark]))
def logging_in(self, fixture): system_account = fixture.system_account login_session = LoginSession.for_session(fixture.context.session) account_management_interface = fixture.account_management_interface account_management_interface.stay_logged_in = False # Case: successful email attempt vassert(login_session.account is not system_account) account_management_interface.log_in() vassert(login_session.account is system_account) # Case: failed email attempts disable the account login_session.account = None vassert(system_account.account_enabled) account_management_interface.email = system_account.email account_management_interface.password = '******' for i in list(range(3)): with expected(InvalidPasswordException, test=lambda e: vassert(e.commit)): account_management_interface.log_in() vassert(system_account.failed_logins == i + 1) vassert(login_session.account is None) vassert(not system_account.account_enabled) # Case: Account is locked system_account.disable() vassert(isinstance(system_account.status, AccountDisabled)) with expected(AccountNotActiveException): account_management_interface.log_in() vassert(login_session.account is None) # Case: Account is not activated yet login_session.account = None system_account = fixture.new_system_account(email='*****@*****.**', activated=False) vassert(isinstance(system_account.status, AccountNotActivated)) with expected(AccountNotActiveException): account_management_interface.log_in() vassert(login_session.account is None) # Case: Login for nonexistant email name account_management_interface.email = 'i@do not exist' account_management_interface.password = '******' with expected(InvalidPasswordException, test=lambda e: vassert(not e.commit)): account_management_interface.log_in() vassert(login_session.account is None)
def assemble(self): login_session = LoginSession.for_current_session() if login_session.account: logged_in_as = login_session.account.email else: logged_in_as = 'Guest' home = self.define_view('/', title='Home') home.set_slot('main', P.factory(text='Welcome %s' % logged_in_as)) login_page = self.define_view('/login', title='Log in') login_page.set_slot('main', LoginForm.factory()) bookmarks = [i.as_bookmark(self) for i in [home, login_page]] self.define_page(MenuPage, bookmarks)
def assemble(self): login_session = LoginSession.for_current_session() if login_session.account: logged_in_as = login_session.account.email else: logged_in_as = 'Guest' home = self.define_view('/', title='Home') home.set_slot('main', P.factory(text='Welcome %s' % logged_in_as)) terms_of_service = self.define_view('/terms_of_service', title='Terms of service') terms_of_service.set_slot( 'main', LegalNotice.factory('The terms of services defined as ...', 'terms')) privacy_policy = self.define_view('/privacy_policy', title='Privacy policy') privacy_policy.set_slot( 'main', LegalNotice.factory('You have the right to remain silent ...', 'privacypolicy')) disclaimer = self.define_view('/disclaimer', title='Disclaimer') disclaimer.set_slot( 'main', LegalNotice.factory('Disclaim ourselves from negligence ...', 'disclaimer')) class LegalBookmarks: terms_bookmark = terms_of_service.as_bookmark(self) privacy_bookmark = privacy_policy.as_bookmark(self) disclaimer_bookmark = disclaimer.as_bookmark(self) accounts = self.define_user_interface('/accounts', AccountUI, {'main_slot': 'main'}, name='accounts', bookmarks=LegalBookmarks) account_bookmarks = [ accounts.get_bookmark(relative_path=relative_path) for relative_path in ['/login', '/register', '/registerHelp', '/verify'] ] bookmarks = [home.as_bookmark(self)] + account_bookmarks self.define_page(MenuPage, bookmarks)
def log_in(self, browser=None, session=None, system_account=None, stay_logged_in=False): session = session or self.session browser = browser or self.driver_browser login_session = LoginSession.for_session(session) login_session.set_as_logged_in(system_account or self.system_account, stay_logged_in) # quickly create a response so the fw sets the cookies, which we copy and explicitly set on selenium. response = Response() self.session.set_session_key(response) cookies = http_cookies.BaseCookie( ascii_as_bytes_or_str(', '.join( response.headers.getall('set-cookie')))) for name, morsel in cookies.items(): cookie = {'name': name, 'value': morsel.value} cookie.update( dict([(key, value) for key, value in morsel.items() if value])) browser.create_cookie(cookie)
def __init__(self, view, bookmarks): super(FundingRequestPage, self).__init__(view) self.head.add_css(Url('/css/pyconza2019.css')) self.use_layout(PageLayout(document_layout=Container())) contents_layout = ColumnLayout( ColumnOptions('main', size=ResponsiveSize())).with_slots() self.layout.contents.use_layout(contents_layout) layout = ResponsiveLayout('md', colour_theme='dark', bg_scheme='primary') navbar = Navbar(view, css_id='my_nav').use_layout(layout) navbar.layout.set_brand_text('PyConZA 2019 Financial Aid') navbar.layout.add(Nav(view).with_bookmarks(bookmarks)) if LoginSession.for_current_session().is_logged_in(): navbar.layout.add(LogoutForm(view)) self.layout.header.add_child(navbar)
def log_in(self, browser=None, session=None, system_account=None, stay_logged_in=False): """Logs the user into the current webapp without having to navigate to a login page.""" session = session or self.party_account_fixture.session browser = browser or self.driver_browser login_session = LoginSession.for_session(session) login_session.set_as_logged_in( system_account or self.party_account_fixture.system_account, stay_logged_in) # quickly create a response so the fw sets the cookies, which we copy and explicitly set on selenium. response = Response() session.set_session_key(response) cookies = http.cookies.BaseCookie(', '.join( response.headers.getall('set-cookie'))) for name, morsel in cookies.items(): cookie = {'name': name, 'value': morsel.value} cookie.update( dict([(key, value) for key, value in morsel.items() if value])) browser.create_cookie(cookie)
def is_reserved_for_current_party(self): from reahl.domain.systemaccountmodel import LoginSession # To prevent circular dependency with systemaccountmodel current_account = LoginSession.for_current_session().account return current_account and self.is_reserved_for(current_account.owner)
def can_be_added(self): current_account = LoginSession.for_current_session().account return self.address_book.can_be_added_to_by(current_account)
def new_session(self, system_account=None): session = super(TaskQueueZooMixin, self).new_session() system_account = self.new_system_account(party=self.party) login_session = LoginSession.for_session(session) login_session.set_as_logged_in(system_account, True) return session
def log_in_test_user(self): session = self.party_account_fixture.session system_account = self.party_account_fixture.system_account login_session = LoginSession.for_session(session) login_session.set_as_logged_in(system_account, True)
def is_visible(self): account = LoginSession.for_current_session().account return self.is_visible_to(account)
def collaborators_can_be_added(self): account = LoginSession.for_current_session().account return self.collaborators_can_be_added_by(account)
def can_be_added_to(self): account = LoginSession.for_current_session().account return self.can_be_added_to_by(account)
def save(self): login_session = LoginSession.for_current_session() self.account = login_session.account Session.add(self)
def login_queries(self, fixture): """""" user_session = fixture.context.session login_session = LoginSession.for_session(fixture.context.session) system_account = fixture.system_account config = fixture.context.config context = fixture.context fixture.request.scheme = 'https' context.request.cookies[ context.config.web.secure_key_name] = user_session.secure_salt vassert(config.web.idle_secure_lifetime < config.web.idle_lifetime) vassert(config.web.idle_lifetime < config.web.idle_lifetime_max) # Case: user logs in user_session.last_activity = None login_session.set_as_logged_in(system_account, False) vassert(login_session.is_logged_in()) vassert(login_session.is_logged_in(secured=True)) # Case: user logs out login_session.log_out() vassert(not login_session.is_logged_in()) vassert(not login_session.is_logged_in(secured=True)) # Case: user activity is older than secure lifetime vassert( (config.web.idle_lifetime - config.web.idle_secure_lifetime) > 50) login_session.set_as_logged_in(system_account, False) user_session.last_activity = datetime.now() - timedelta( seconds=config.web.idle_secure_lifetime + 50) vassert(login_session.is_logged_in()) vassert(not login_session.is_logged_in(secured=True)) # Case: user activity is older than all lifetimes vassert( (config.web.idle_lifetime - config.web.idle_secure_lifetime) > 50) login_session.set_as_logged_in(system_account, False) user_session.last_activity = datetime.now() - timedelta( seconds=config.web.idle_lifetime + 50) vassert(not login_session.is_logged_in()) vassert(not login_session.is_logged_in(secured=True)) # Case: user activity is older than non-secure lifetime, but keep_me_logged_in is set vassert( (config.web.idle_lifetime - config.web.idle_secure_lifetime) > 50) vassert((config.web.idle_lifetime_max - config.web.idle_lifetime) > 50) login_session.set_as_logged_in(system_account, True) user_session.last_activity = datetime.now() - timedelta( seconds=config.web.idle_lifetime + 50) vassert(login_session.is_logged_in()) vassert(not login_session.is_logged_in(secured=True)) # Case: user activity is older than non-secure lifetime max, but keep_me_logged_in is set vassert( (config.web.idle_lifetime - config.web.idle_secure_lifetime) > 50) vassert((config.web.idle_lifetime_max - config.web.idle_lifetime) > 50) login_session.set_as_logged_in(system_account, True) Session.flush() user_session.last_activity = datetime.now() - timedelta( seconds=config.web.idle_lifetime_max + 50) vassert(not login_session.is_logged_in()) vassert(not login_session.is_logged_in(secured=True))
def __init__(self): self.login_session = LoginSession.for_current_session()