def test_change_password(self):
self.create_data()
# With existing users
for name in ["alice", "bob", "charlie"]:
user = db.User.get(name=name)
# Good password
UserManager.change_password(user.id, name.upper(), "newpass")
self.assertEqual(UserManager.try_auth(name, "newpass"), user)
# Old password
self.assertEqual(UserManager.try_auth(name, name.upper()), None)
# Wrong password
self.assertRaises(ValueError, UserManager.change_password, user.id,
"badpass", "newpass")
# Ensure we still got the same number of users
self.assertEqual(db.User.select().count(), 3)
# With invalid UUID
self.assertRaises(
ValueError,
UserManager.change_password,
"invalid-uuid",
"oldpass",
"newpass",
)
# Non-existent user
self.assertRaises(
ObjectNotFound,
UserManager.change_password,
uuid.uuid4(),
"oldpass",
"newpass",
)
def login():
return_url = request.args.get('returnUrl') or url_for('index')
if session.get('userid'):
flash('Already logged in')
return redirect(return_url)
if request.method == 'GET':
return render_template('login.html')
name, password = map(request.form.get, [ 'user', 'password' ])
error = False
if name in ('', None):
flash('Missing user name')
error = True
if password in ('', None):
flash('Missing password')
error = True
if not error:
status, user = UserManager.try_auth(store, name, password)
if status == UserManager.SUCCESS:
session['userid'] = str(user.id)
session['username'] = user.name
flash('Logged in!')
return redirect(return_url)
else:
flash(UserManager.error_str(status))
return render_template('login.html')
def login():
return_url = request.args.get('returnUrl') or url_for('index')
if request.user:
flash('Already logged in')
return redirect(return_url)
if request.method == 'GET':
return render_template('login.html')
name, password = map(request.form.get, [ 'user', 'password' ])
error = False
if name in ('', None):
flash('Missing user name')
error = True
if password in ('', None):
flash('Missing password')
error = True
if not error:
status, user = UserManager.try_auth(store, name, password)
if status == UserManager.SUCCESS:
session['userid'] = str(user.id)
flash('Logged in!')
return redirect(return_url)
else:
flash(UserManager.error_str(status))
return render_template('login.html')
def change_username_form(uid):
code, user = UserManager.get(store, uid)
if code != UserManager.SUCCESS:
flash(UserManager.error_str(code))
return redirect(url_for('index'))
return render_template('change_username.html', user = user)
def add_user_post():
error = False
(name, passwd, passwd_confirm, mail, admin) = map(request.form.get, [ 'user', 'passwd', 'passwd_confirm', 'mail', 'admin' ])
if not name:
flash('The name is required.')
error = True
if not passwd:
flash('Please provide a password.')
error = True
elif passwd != passwd_confirm:
flash("The passwords don't match.")
error = True
if admin is None:
admin = True if store.find(User, User.admin == True).count() == 0 else False
else:
admin = True
if not error:
status = UserManager.add(store, name, passwd, mail, admin)
if status == UserManager.SUCCESS:
flash("User '%s' successfully added" % name)
return redirect(url_for('user_index'))
else:
flash(UserManager.error_str(status))
return add_user_form()
def change_password_post(uid, user):
error = False
if user.id == request.user.id:
current = request.form.get('current')
if not current:
flash('The current password is required')
error = True
new, confirm = map(request.form.get, [ 'new', 'confirm' ])
if not new:
flash('The new password is required')
error = True
if new != confirm:
flash("The new password and its confirmation don't match")
error = True
if not error:
if user.id == request.user.id:
status = UserManager.change_password(store, user.id, current, new)
else:
status = UserManager.change_password2(store, user.name, new)
if status != UserManager.SUCCESS:
flash(UserManager.error_str(status))
else:
flash('Password changed')
return redirect(url_for('user_profile', uid = uid))
return change_password_form(uid, user)
def add_user_post():
error = False
(name, passwd, passwd_confirm, mail, admin) = map(request.form.get, [ 'user', 'passwd', 'passwd_confirm', 'mail', 'admin' ])
if not name:
flash('The name is required.')
error = True
if not passwd:
flash('Please provide a password.')
error = True
elif passwd != passwd_confirm:
flash("The passwords don't match.")
error = True
if admin is None:
admin = True if store.find(User, User.admin == True).count() == 0 else False
else:
admin = True
if not error:
status = UserManager.add(store, name, passwd, mail, admin)
if status == UserManager.SUCCESS:
flash("User '%s' successfully added" % name)
return redirect(url_for('user_index'))
else:
flash(UserManager.error_str(status))
return add_user_form()
def update_clients(uid):
clients_opts = {}
for client in set(map(lambda k: k.rsplit('_', 1)[0], request.form.keys())):
clients_opts[client] = { k.rsplit('_', 1)[1]: v for k, v in filter(lambda (k, v): k.startswith(client), request.form.iteritems()) }
app.logger.debug(clients_opts)
if uid == 'me':
userid = uuid.UUID(session.get('userid'))
else:
if not UserManager.get(store, session.get('userid'))[1].admin or not UserManager.get(store, uid)[0] is UserManager.SUCCESS:
return redirect(url_for('index'))
userid = uuid.UUID(uid)
for client, opts in clients_opts.iteritems():
prefs = store.get(ClientPrefs, (userid, client))
if 'delete' in opts and opts['delete'] in [ 'on', 'true', 'checked', 'selected', '1' ]:
store.remove(prefs)
continue
prefs.format = opts['format'] if 'format' in opts and opts['format'] else None
prefs.bitrate = int(opts['bitrate']) if 'bitrate' in opts and opts['bitrate'] else None
store.commit()
flash('Clients preferences updated.')
return user_profile(uid)
def add_user():
if request.method == 'GET':
return render_template('adduser.html', admin = UserManager.get(store, session.get('userid'))[1].admin)
error = False
(name, passwd, passwd_confirm, mail, admin) = map(request.form.get, [ 'user', 'passwd', 'passwd_confirm', 'mail', 'admin' ])
if name in (None, ''):
flash('The name is required.')
error = True
if passwd in (None, ''):
flash('Please provide a password.')
error = True
elif passwd != passwd_confirm:
flash("The passwords don't match.")
error = True
if admin is None:
admin = True if store.find(User, User.admin == True).count() == 0 else False
else:
admin = True
if not error:
status = UserManager.add(store, name, passwd, mail, admin)
if status == UserManager.SUCCESS:
flash("User '%s' successfully added" % name)
return redirect(url_for('user_index'))
else:
flash(UserManager.error_str(status))
return render_template('adduser.html', admin = UserManager.get(store, session.get('userid'))[1].admin)
def change_password_post(uid, user):
error = False
if user.id == request.user.id:
current = request.form.get('current')
if not current:
flash('The current password is required')
error = True
new, confirm = map(request.form.get, [ 'new', 'confirm' ])
if not new:
flash('The new password is required')
error = True
if new != confirm:
flash("The new password and its confirmation don't match")
error = True
if not error:
if user.id == request.user.id:
status = UserManager.change_password(store, user.id, current, new)
else:
status = UserManager.change_password2(store, user.name, new)
if status != UserManager.SUCCESS:
flash(UserManager.error_str(status))
else:
flash('Password changed')
return redirect(url_for('user_profile', uid = uid))
return change_password_form(uid, user)
def change_username_form(uid):
code, user = UserManager.get(store, uid)
if code != UserManager.SUCCESS:
flash(UserManager.error_str(code))
return redirect(url_for('index'))
return render_template('change_username.html', user = user)
def create_data(self):
# Create some users
self.assertIsInstance(
UserManager.add("alice", "ALICE", "*****@*****.**", True),
db.User)
self.assertIsInstance(
UserManager.add("bob", "BOB", "*****@*****.**", False), db.User)
self.assertIsInstance(
UserManager.add("charlie", "CHARLIE", "*****@*****.**",
False), db.User)
folder = db.Folder(name="Root", path="tests/assets", root=True)
artist = db.Artist(name="Artist")
album = db.Album(name="Album", artist=artist)
track = db.Track(
title="Track",
disc=1,
number=1,
duration=1,
artist=artist,
album=album,
path="tests/assets/empty",
folder=folder,
root_folder=folder,
bitrate=320,
last_modification=0,
)
playlist = db.Playlist(name="Playlist", user=db.User.get(name="alice"))
playlist.add(track)
def change_username(uid):
if not UserManager.get(store, session.get('userid'))[1].admin or not UserManager.get(store, uid)[0] is UserManager.SUCCESS:
return redirect(url_for('index'))
user = UserManager.get(store, uid)[1]
if request.method == 'POST':
username = request.form.get('user')
if username in ('', None):
flash('The username is required')
return render_template('change_username.html', user = user, admin = UserManager.get(store, session.get('userid'))[1].admin)
if request.form.get('admin') is None:
admin = False
else:
admin = True
changed = False
if user.name != username or user.admin != admin:
user.name = username
user.admin = admin
store.commit()
flash("User '%s' updated." % username)
return redirect(url_for('user_profile', uid = uid))
else:
flash("No changes for '%s'." % username)
return redirect(url_for('user_profile', uid = uid))
return render_template('change_username.html', user = user, admin = UserManager.get(store, session.get('userid'))[1].admin)
def authorize():
if not request.path.startswith('/rest/'):
return
error = request.error_formatter(40, 'Unauthorized'), 401
if request.authorization:
status, user = UserManager.try_auth(store,
request.authorization.username,
request.authorization.password)
if status == UserManager.SUCCESS:
request.username = request.authorization.username
request.user = user
return
(username, password) = map(request.values.get, ['u', 'p'])
if not username or not password:
return error
password = decode_password(password)
status, user = UserManager.try_auth(store, username, password)
if status != UserManager.SUCCESS:
return error
request.username = username
request.user = user
def del_user(uid):
status = UserManager.delete(store, uid)
if status == UserManager.SUCCESS:
flash('Deleted user')
else:
flash(UserManager.error_str(status))
return redirect(url_for('user_index'))
def test_change_password2(self):
# With existing users
for name in ['alice', 'bob', 'charlie']:
self.assertEqual(UserManager.change_password2(self.store, name, 'newpass'), UserManager.SUCCESS)
user = self.store.find(db.User, db.User.name == name).one()
self.assertEqual(UserManager.try_auth(self.store, name, 'newpass'), (UserManager.SUCCESS, user))
# Non-existent user
self.assertEqual(UserManager.change_password2(self.store, 'null', 'newpass'), UserManager.NO_SUCH_USER)
def del_user(uid):
status = UserManager.delete(store, uid)
if status == UserManager.SUCCESS:
flash('Deleted user')
else:
flash(UserManager.error_str(status))
return redirect(url_for('user_index'))
def user_profile(uid):
if uid == 'me':
prefs = store.find(ClientPrefs, ClientPrefs.user_id == uuid.UUID(session.get('userid')))
return render_template('profile.html', user = UserManager.get(store, session.get('userid'))[1], api_key = config.get('lastfm', 'api_key'), clients = prefs, admin = UserManager.get(store, session.get('userid'))[1].admin)
else:
if not UserManager.get(store, session.get('userid'))[1].admin or not UserManager.get(store, uid)[0] is UserManager.SUCCESS:
return redirect(url_for('index'))
prefs = store.find(ClientPrefs, ClientPrefs.user_id == uuid.UUID(uid))
return render_template('profile.html', user = UserManager.get(store, uid)[1], api_key = config.get('lastfm', 'api_key'), clients = prefs, admin = UserManager.get(store, session.get('userid'))[1].admin)
def test_get_user(self):
# Get existing users
for name in ['alice', 'bob', 'charlie']:
user = self.store.find(db.User, db.User.name == name).one()
self.assertEqual(UserManager.get(self.store, user.id), (UserManager.SUCCESS, user))
# Get with invalid UUID
self.assertEqual(UserManager.get(self.store, 'invalid-uuid'), (UserManager.INVALID_ID, None))
# Non-existent user
self.assertEqual(UserManager.get(self.store, uuid.uuid4()), (UserManager.NO_SUCH_USER, None))
def test_delete_user(self):
# Delete existing users
for name in ['alice', 'bob', 'charlie']:
user = self.store.find(db.User, db.User.name == name).one()
self.assertEqual(UserManager.delete(self.store, user.id), UserManager.SUCCESS)
# Delete invalid UUID
self.assertEqual(UserManager.delete(self.store, 'invalid-uuid'), UserManager.INVALID_ID)
# Delete non-existent user
self.assertEqual(UserManager.delete(self.store, uuid.uuid4()), UserManager.NO_SUCH_USER)
def test_try_auth(self):
# Test authentication
for name in ['alice', 'bob', 'charlie']:
user = self.store.find(db.User, db.User.name == name).one()
self.assertEqual(UserManager.try_auth(self.store, name, name), (UserManager.SUCCESS, user))
# Wrong password
self.assertEqual(UserManager.try_auth(self.store, name, 'bad'), (UserManager.WRONG_PASS, None))
# Non-existent user
self.assertEqual(UserManager.try_auth(self.store, 'null', 'null'), (UserManager.NO_SUCH_USER, None))
def test_change_password2(self):
# With existing users
for name in ['alice', 'bob', 'charlie']:
self.assertEqual(UserManager.change_password2(self.store, name, 'newpass'), UserManager.SUCCESS)
user = self.store.find(db.User, db.User.name == name).one()
self.assertEqual(UserManager.try_auth(self.store, name, 'newpass'), (UserManager.SUCCESS, user))
self.assertEqual(UserManager.try_auth(self.store, name, name.upper()), (UserManager.WRONG_PASS, None))
# Non-existent user
self.assertEqual(UserManager.change_password2(self.store, 'null', 'newpass'), UserManager.NO_SUCH_USER)
def test_delete_by_name(self):
self.create_data()
# Delete existing users
for name in ["alice", "bob", "charlie"]:
UserManager.delete_by_name(name)
self.assertFalse(db.User.exists(name=name))
# Delete non-existent user
self.assertRaises(ObjectNotFound, UserManager.delete_by_name, "null")
def change_password(uid):
if uid == 'me':
user = UserManager.get(store, session.get('userid'))[1].name
else:
if not UserManager.get(store, session.get('userid'))[1].admin or not UserManager.get(store, uid)[0] is UserManager.SUCCESS:
return redirect(url_for('index'))
user = UserManager.get(store, uid)[1].name
if request.method == 'POST':
error = False
if uid == 'me' or uid == session.get('userid'):
current, new, confirm = map(request.form.get, [ 'current', 'new', 'confirm' ])
if current in ('', None):
flash('The current password is required')
error = True
else:
new, confirm = map(request.form.get, [ 'new', 'confirm' ])
if new in ('', None):
flash('The new password is required')
error = True
if new != confirm:
flash("The new password and its confirmation don't match")
error = True
if not error:
if uid == 'me' or uid == session.get('userid'):
status = UserManager.change_password(store, session.get('userid'), current, new)
else:
status = UserManager.change_password2(store, UserManager.get(store, uid)[1].name, new)
if status != UserManager.SUCCESS:
flash(UserManager.error_str(status))
else:
flash('Password changed')
return redirect(url_for('user_profile', uid = uid))
return render_template('change_pass.html', user = user, admin = UserManager.get(store, session.get('userid'))[1].admin)
def lastfm_unreg(uid):
if uid == 'me':
lfm = LastFm(UserManager.get(store, session.get('userid'))[1], app.logger)
else:
if not UserManager.get(store, session.get('userid'))[1].admin or not UserManager.get(store, uid)[0] is UserManager.SUCCESS:
return redirect(url_for('index'))
lfm = LastFm(UserManager.get(store, uid)[1], app.logger)
lfm.unlink_account()
store.commit()
flash('Unliked LastFM account')
return redirect(url_for('user_profile', uid = uid))
def test_try_auth(self):
# Test authentication
for name in ['alice', 'bob', 'charlie']:
user = self.store.find(db.User, db.User.name == name).one()
self.assertEqual(UserManager.try_auth(self.store, name, name.upper()), (UserManager.SUCCESS, user))
# Wrong password
self.assertEqual(UserManager.try_auth(self.store, 'alice', 'bad'), (UserManager.WRONG_PASS, None))
self.assertEqual(UserManager.try_auth(self.store, 'alice', 'alice'), (UserManager.WRONG_PASS, None))
# Non-existent user
self.assertEqual(UserManager.try_auth(self.store, 'null', 'null'), (UserManager.NO_SUCH_USER, None))
def test_get_user(self):
# Get existing users
for name in ['alice', 'bob', 'charlie']:
user = self.store.find(db.User, db.User.name == name).one()
self.assertEqual(UserManager.get(self.store, user.id), (UserManager.SUCCESS, user))
# Get with invalid UUID
self.assertEqual(UserManager.get(self.store, 'invalid-uuid'), (UserManager.INVALID_ID, None))
self.assertEqual(UserManager.get(self.store, 0xfee1bad), (UserManager.INVALID_ID, None))
# Non-existent user
self.assertEqual(UserManager.get(self.store, uuid.uuid4()), (UserManager.NO_SUCH_USER, None))
def user_changepass():
username, password = map(request.args.get, [ 'username', 'password' ])
if not username or not password:
return request.error_formatter(10, 'Missing parameter')
if username != request.username and not request.user.admin:
return request.error_formatter(50, 'Admin restricted')
status = UserManager.change_password2(store, username, password)
if status != UserManager.SUCCESS:
return request.error_formatter(0, UserManager.error_str(status))
return request.formatter({})
def setUp(self):
# Create an empty sqlite database in memory
self.store = db.get_store("sqlite:")
# Read schema from file
with open('schema/sqlite.sql') as sql:
schema = sql.read()
# Create tables on memory database
for command in schema.split(';'):
self.store.execute(command)
# Create some users
self.assertEqual(UserManager.add(self.store, 'alice', 'alice', '*****@*****.**', True), UserManager.SUCCESS)
self.assertEqual(UserManager.add(self.store, 'bob', 'bob', '*****@*****.**', False), UserManager.SUCCESS)
self.assertEqual(UserManager.add(self.store, 'charlie', 'charlie', '*****@*****.**', False), UserManager.SUCCESS)
def test_change_password(self):
# With existing users
for name in ['alice', 'bob', 'charlie']:
user = self.store.find(db.User, db.User.name == name).one()
# God password
self.assertEqual(UserManager.change_password(self.store, user.id, name, 'newpass'), UserManager.SUCCESS)
self.assertEqual(UserManager.try_auth(self.store, name, 'newpass'), (UserManager.SUCCESS, user))
# Wrong password
self.assertEqual(UserManager.change_password(self.store, user.id, 'badpass', 'newpass'), UserManager.WRONG_PASS)
# With invalid UUID
self.assertEqual(UserManager.change_password(self.store, 'invalid-uuid', 'oldpass', 'newpass'), UserManager.INVALID_ID)
# Non-existent user
self.assertEqual(UserManager.change_password(self.store, uuid.uuid4(), 'oldpass', 'newpass'), UserManager.NO_SUCH_USER)
def user_changepass():
username, password = map(request.args.get, ['username', 'password'])
if not username or not password:
return request.error_formatter(10, 'Missing parameter')
if username != request.username and not request.user.admin:
return request.error_formatter(50, 'Admin restricted')
status = UserManager.change_password2(store, username, password)
if status != UserManager.SUCCESS:
return request.error_formatter(0, UserManager.error_str(status))
return request.formatter({})
def test_change_password2(self):
self.create_data()
# With existing users
for name in ["alice", "bob", "charlie"]:
UserManager.change_password2(name, "newpass")
user = db.User.get(name=name)
self.assertEqual(UserManager.try_auth(name, "newpass"), user)
self.assertEqual(UserManager.try_auth(name, name.upper()), None)
# Non-existent user
self.assertRaises(ObjectNotFound, UserManager.change_password2, "null",
"newpass")
def setUp(self):
# Create an empty sqlite database in memory
self.store = db.get_store("sqlite:")
# Read schema from file
with io.open('schema/sqlite.sql', 'r') as sql:
schema = sql.read()
# Create tables on memory database
for command in schema.split(';'):
self.store.execute(command)
# Create some users
self.assertEqual(UserManager.add(self.store, 'alice', 'ALICE', '*****@*****.**', True), UserManager.SUCCESS)
self.assertEqual(UserManager.add(self.store, 'bob', 'BOB', '*****@*****.**', False), UserManager.SUCCESS)
self.assertEqual(UserManager.add(self.store, 'charlie', 'CHARLIE', '*****@*****.**', False), UserManager.SUCCESS)
folder = db.Folder()
folder.name = 'Root'
folder.path = 'tests/assets'
folder.root = True
artist = db.Artist()
artist.name = 'Artist'
album = db.Album()
album.name = 'Album'
album.artist = artist
track = db.Track()
track.title = 'Track'
track.disc = 1
track.number = 1
track.duration = 1
track.artist = artist
track.album = album
track.path = 'tests/assets/empty'
track.folder = folder
track.root_folder = folder
track.duration = 2
track.content_type = 'audio/mpeg'
track.bitrate = 320
track.last_modification = 0
self.store.add(track)
self.store.commit()
playlist = db.Playlist()
playlist.name = 'Playlist'
playlist.user = self.store.find(db.User, db.User.name == 'alice').one()
playlist.add(track)
self.store.add(playlist)
self.store.commit()
def user_del():
if not request.user.admin:
return request.error_formatter(50, 'Admin restricted')
username = request.args.get('username')
user = store.find(User, User.name == username).one()
if not user:
return request.error_formatter(70, 'Unknown user')
status = UserManager.delete(store, user.id)
if status != UserManager.SUCCESS:
return request.error_formatter(0, UserManager.error_str(status))
return request.formatter({})
def user_del():
if not request.user.admin:
return request.error_formatter(50, 'Admin restricted')
username = request.args.get('username')
user = store.find(User, User.name == username).one()
if not user:
return request.error_formatter(70, 'Unknown user')
status = UserManager.delete(store, user.id)
if status != UserManager.SUCCESS:
return request.error_formatter(0, UserManager.error_str(status))
return request.formatter({})
def test_try_auth(self):
self.create_data()
# Test authentication
for name in ["alice", "bob", "charlie"]:
user = db.User.get(name=name)
authed = UserManager.try_auth(name, name.upper())
self.assertEqual(authed, user)
# Wrong password
self.assertIsNone(UserManager.try_auth("alice", "bad"))
self.assertIsNone(UserManager.try_auth("alice", "alice"))
# Non-existent user
self.assertIsNone(UserManager.try_auth("null", "null"))
def change_mail(uid):
if uid == 'me':
user = UserManager.get(store, session.get('userid'))[1]
else:
if not UserManager.get(store, session.get('userid'))[1].admin or not UserManager.get(store, uid)[0] is UserManager.SUCCESS:
return redirect(url_for('index'))
user = UserManager.get(store, uid)[1]
if request.method == 'POST':
mail = request.form.get('mail')
# No validation, lol.
user.mail = mail
store.commit()
return redirect(url_for('user_profile', uid = uid))
return render_template('change_mail.html', user = user, admin = UserManager.get(store, session.get('userid'))[1].admin)
def change_username_post(uid):
code, user = UserManager.get(store, uid)
if code != UserManager.SUCCESS:
return redirect(url_for('index'))
username = request.form.get('user')
if username in ('', None):
flash('The username is required')
return render_template('change_username.html', user = user)
if user.name != username and store.find(User, User.name == username).one():
flash('This name is already taken')
return render_template('change_username.html', user = user)
if request.form.get('admin') is None:
admin = False
else:
admin = True
if user.name != username or user.admin != admin:
user.name = username
user.admin = admin
store.commit()
flash("User '%s' updated." % username)
else:
flash("No changes for '%s'." % username)
return redirect(url_for('user_profile', uid = uid))
def setUp(self):
self.__db = tempfile.mkstemp()
self.__dir = tempfile.mkdtemp()
self.config = TestConfig(self.__with_webui__, self.__with_api__)
self.config.BASE["database_uri"] = "sqlite:///" + self.__db[1]
self.config.WEBAPP["cache_dir"] = self.__dir
init_database(self.config.BASE["database_uri"])
release_database()
self.__app = create_application(self.config)
self.client = self.__app.test_client()
with db_session:
UserManager.add("alice", "Alic3", admin=True)
UserManager.add("bob", "B0b")
def change_username_post(uid):
code, user = UserManager.get(store, uid)
if code != UserManager.SUCCESS:
return redirect(url_for('index'))
username = request.form.get('user')
if username in ('', None):
flash('The username is required')
return render_template('change_username.html', user = user)
if user.name != username and store.find(User, User.name == username).one():
flash('This name is already taken')
return render_template('change_username.html', user = user)
if request.form.get('admin') is None:
admin = False
else:
admin = True
if user.name != username or user.admin != admin:
user.name = username
user.admin = admin
store.commit()
flash("User '%s' updated." % username)
else:
flash("No changes for '%s'." % username)
return redirect(url_for('user_profile', uid = uid))
def test_delete_user(self):
# Delete invalid UUID
self.assertEqual(UserManager.delete(self.store, 'invalid-uuid'), UserManager.INVALID_ID)
self.assertEqual(UserManager.delete(self.store, 0xfee1b4d), UserManager.INVALID_ID)
self.assertEqual(self.store.find(db.User).count(), 3)
# Delete non-existent user
self.assertEqual(UserManager.delete(self.store, uuid.uuid4()), UserManager.NO_SUCH_USER)
self.assertEqual(self.store.find(db.User).count(), 3)
# Delete existing users
for name in ['alice', 'bob', 'charlie']:
user = self.store.find(db.User, db.User.name == name).one()
self.assertEqual(UserManager.delete(self.store, user.id), UserManager.SUCCESS)
self.assertIsNone(self.store.get(db.User, user.id))
self.assertEqual(self.store.find(db.User).count(), 0)
def do_user_import():
if not request.files['file']:
return render_template('importusers.html', admin = UserManager.get(store, session.get('userid'))[1].admin)
users = []
reader = csv.reader(request.files['file'])
for id, name, mail, password, salt, admin, lfmsess, lfmstatus in reader:
mail = None if mail == 'None' else mail
admin = admin == 'True'
lfmsess = None if lfmsess == 'None' else lfmsess
lfmstatus = lfmstatus == 'True'
user = User()
user.id = uuid.UUID(id)
user.name = name
user.password = password
user.salt = salt
user.admin = admin
user.lastfm_session = lfmsess
user.lastfm_status = lfmstatus
users.append(user)
store.find(User).remove()
for u in users:
store.add(u)
store.commit()
return redirect(url_for('user_index'))
def index():
stats = {
'artists': store.find(Artist).count(),
'albums': store.find(Album).count(),
'tracks': store.find(Track).count()
}
return render_template('home.html', stats = stats, admin = UserManager.get(store, session.get('userid'))[1].admin)
def lastfm_reg(uid):
token = request.args.get('token')
if token in ('', None):
flash('Missing LastFM auth token')
return redirect(url_for('user_profile', uid = uid))
if uid == 'me':
lfm = LastFm(UserManager.get(store, session.get('userid'))[1], app.logger)
else:
if not UserManager.get(store, session.get('userid'))[1].admin or not UserManager.get(store, uid)[0] is UserManager.SUCCESS:
return redirect(url_for('index'))
lfm = LastFm(UserManager.get(store, uid)[1], app.logger)
status, error = lfm.link_account(token)
store.commit()
flash(error if not status else 'Successfully linked LastFM account')
return redirect(url_for('user_profile', uid = uid))
def user_changepass():
username, password = map(request.values.get, ['username', 'password'])
if not username or not password:
return request.error_formatter(10, 'Missing parameter')
if username != request.username and not request.user.admin:
return request.error_formatter(50, 'Admin restricted')
password = decode_password(password)
status = UserManager.change_password2(store, username, password)
if status != UserManager.SUCCESS:
code = 0
if status == UserManager.NO_SUCH_USER:
code = 70
return request.error_formatter(code, UserManager.error_str(status))
return request.formatter({})
def user_changepass():
username, password = map(request.values.get, [ 'username', 'password' ])
if not username or not password:
return request.error_formatter(10, 'Missing parameter')
if username != request.username and not request.user.admin:
return request.error_formatter(50, 'Admin restricted')
password = decode_password(password)
status = UserManager.change_password2(store, username, password)
if status != UserManager.SUCCESS:
code = 0
if status == UserManager.NO_SUCH_USER:
code = 70
return request.error_formatter(code, UserManager.error_str(status))
return request.formatter({})
def change_mail():
user = UserManager.get(store, session.get('userid'))[1]
if request.method == 'POST':
mail = request.form.get('mail')
# No validation, lol.
user.mail = mail
store.commit()
return redirect(url_for('user_profile'))
return render_template('change_mail.html', user = user)
def index():
stats = {
'artists': store.find(Artist).count(),
'albums': store.find(Album).count(),
'tracks': store.find(Track).count()
}
return render_template('home.html',
stats=stats,
admin=UserManager.get(
store, session.get('userid'))[1].admin)
def test_delete_user(self):
self.create_data()
# Delete invalid UUID
self.assertRaises(ValueError, UserManager.delete, "invalid-uuid")
self.assertRaises(ValueError, UserManager.delete, 0xFEE1B4D)
self.assertEqual(db.User.select().count(), 3)
# Delete non-existent user
self.assertRaises(ObjectNotFound, UserManager.delete, uuid.uuid4())
self.assertEqual(db.User.select().count(), 3)
# Delete existing users
for name in ["alice", "bob", "charlie"]:
user = db.User.get(name=name)
UserManager.delete(user.id)
self.assertRaises(ObjectNotFound, db.User.__getitem__, user.id)
commit()
self.assertEqual(db.User.select().count(), 0)
def setUp(self):
self.__dir = tempfile.mkdtemp()
config = TestConfig(self.__with_webui__, self.__with_api__)
config.WEBAPP['cache_dir'] = self.__dir
app = create_application(config)
self.__ctx = app.app_context()
self.__ctx.push()
self.store = store
with io.open('schema/sqlite.sql', 'r') as sql:
schema = sql.read()
for statement in schema.split(';'):
self.store.execute(statement)
self.store.commit()
self.client = app.test_client()
UserManager.add(self.store, 'alice', 'Alic3', '*****@*****.**', True)
UserManager.add(self.store, 'bob', 'B0b', '*****@*****.**', False)
def lastfm_reg():
token = request.args.get('token')
if token in ('', None):
flash('Missing LastFM auth token')
return redirect(url_for('user_profile'))
lfm = LastFm(UserManager.get(store, session.get('userid'))[1], app.logger)
status, error = lfm.link_account(token)
store.commit()
flash(error if not status else 'Successfully linked LastFM account')
return redirect(url_for('user_profile'))
def login_check():
if request.path.startswith('/rest/'):
return
if request.path.startswith('/static/'):
return
if request.endpoint != 'login':
should_login = False
if not session.get('userid'):
should_login = True
elif UserManager.get(store, session.get('userid'))[0] != UserManager.SUCCESS:
session.clear()
should_login = True
elif UserManager.get(store, session.get('userid'))[1].name != session.get('username'):
session.clear()
should_login = True
if should_login:
flash('Please login')
return redirect(url_for('login', returnUrl = request.script_root + request.url[len(request.url_root)-1:]))
def playlist_details(uid):
try:
uid = uuid.UUID(uid) if type(uid) in (str, unicode) else uid
except:
flash('Invalid playlist id')
return redirect(url_for('playlist_index'))
playlist = store.get(Playlist, uid)
if not playlist:
flash('Unknown playlist')
return redirect(url_for('playlist_index'))
return render_template('playlist.html', playlist = playlist, admin = UserManager.get(store, session.get('userid'))[1].admin)
def decorated_func(*args, **kwargs):
if kwargs:
uid = kwargs[arg]
else:
uid = args[0]
if uid == 'me':
user = request.user
elif not request.user.admin:
return redirect(url_for('index'))
else:
code, user = UserManager.get(store, uid)
if code != UserManager.SUCCESS:
flash(UserManager.error_str(code))
return redirect(url_for('index'))
if kwargs:
kwargs['user'] = user
else:
args = (uid, user)
return f(*args, **kwargs)
def test_get_user(self):
self.create_data()
# Get existing users
for name in ["alice", "bob", "charlie"]:
user = db.User.get(name=name)
self.assertEqual(UserManager.get(user.id), user)
# Get with invalid UUID
self.assertRaises(ValueError, UserManager.get, "invalid-uuid")
self.assertRaises(ValueError, UserManager.get, 0xFEE1BAD)
# Non-existent user
self.assertRaises(ObjectNotFound, UserManager.get, uuid.uuid4())
def change_password():
if request.method == 'POST':
current, new, confirm = map(request.form.get, [ 'current', 'new', 'confirm' ])
error = False
if current in ('', None):
flash('The current password is required')
error = True
if new in ('', None):
flash('The new password is required')
error = True
if new != confirm:
flash("The new password and its confirmation don't match")
error = True
if not error:
status = UserManager.change_password(store, session.get('userid'), current, new)
if status != UserManager.SUCCESS:
flash(UserManager.error_str(status))
else:
flash('Password changed')
return redirect(url_for('user_profile'))
return render_template('change_pass.html', user = UserManager.get(store, session.get('userid'))[1].name)
def user_add():
if not request.user.admin:
return request.error_formatter(50, 'Admin restricted')
username, password, email, admin = map(
request.args.get, ['username', 'password', 'email', 'adminRole'])
if not username or not password or not email:
return request.error_formatter(10, 'Missing parameter')
admin = True if admin in (True, 'True', 'true', 1, '1') else False
status = UserManager.add(store, username, password, email, admin)
if status == UserManager.NAME_EXISTS:
return request.error_formatter(
0, 'There is already a user with that username')
return request.formatter({})
