Example #1
0
    def setUp(self):
        super(TestNodeRelationshipInstitutions, self).setUp()

        self.institution2 = InstitutionFactory()
        self.institution1 = InstitutionFactory()

        self.user = AuthUserFactory()
        self.user.affiliated_institutions.append(self.institution1)
        self.user.affiliated_institutions.append(self.institution2)
        self.user.save()

        self.read_write_contributor = AuthUserFactory()
        self.read_write_contributor_institution = InstitutionFactory()
        self.read_write_contributor.affiliated_institutions.append(self.read_write_contributor_institution)
        self.read_write_contributor.save()

        self.read_only_contributor = AuthUserFactory()
        self.read_only_contributor_institution = InstitutionFactory()
        self.read_only_contributor.affiliated_institutions.append(self.read_only_contributor_institution)
        self.read_only_contributor.save()

        self.node = NodeFactory(creator=self.user)
        self.node.add_contributor(self.read_write_contributor, permissions=[permissions.WRITE])
        self.node.add_contributor(self.read_only_contributor, permissions=[permissions.READ])
        self.node.save()

        self.node_institutions_url = '/{0}nodes/{1}/relationships/institutions/'.format(API_BASE, self.node._id)
Example #2
0
    def test_set_user_config_fail(self, mock_connection):

        mock_connection.return_value = create_mock_connection('wrong', 'info')

        # Create a user with no settings
        user = AuthUserFactory()
        user.add_addon('dataverse')
        user_settings = user.get_addon('dataverse')

        url = api_url_for('dataverse_set_user_config')
        params = {'dataverse_username': '******',
                  'dataverse_password': '******'}

        # Post incorrect credentials to existing user
        res = self.app.post_json(url, params, auth=self.user.auth,
                                 expect_errors=True)
        self.user_settings.reload()

        # Original user's info has not changed
        assert_equal(res.status_code, http.UNAUTHORIZED)
        assert_equal(self.user_settings.dataverse_username, 'snowman')
        assert_equal(self.user_settings.dataverse_password, 'frosty')

        # Post incorrect credentials to new user
        res = self.app.post_json(url, params, auth=user.auth,
                                 expect_errors=True)
        user_settings.reload()

        # New user's incorrect credentials were not saved
        assert_equal(res.status_code, http.UNAUTHORIZED)
        assert_equal(user_settings.dataverse_username, None)
        assert_equal(user_settings.dataverse_password, None)
Example #3
0
class TestUserSettingsModel(OsfTestCase):

    def setUp(self):
        super(TestUserSettingsModel, self).setUp()
        self.user = AuthUserFactory()
        self.user.add_addon('badges', override=True)
        self.usersettings = self.user.get_addon('badges')
        self.usersettings.save()

    def test_can_award(self):
        assert_false(self.usersettings.can_award)
        create_mock_badge(self.usersettings)
        assert_true(self.usersettings.can_award)

    def test_to_openbadge(self):
        self.user.fullname = 'HoneyBadger'
        self.user.username = '******'
        self.user.save()

        test = {
            'name': 'HoneyBadger',
            'email': '*****@*****.**'
        }

        assert_equal(self.usersettings.to_openbadge(), test)

    def test_badges(self):
        create_mock_badge(self.usersettings)
        create_mock_badge(self.usersettings)
        assert_equal(len(self.usersettings.badges), 2)
        create_mock_badge(self.usersettings)
        assert_equal(len(self.usersettings.badges), 3)
Example #4
0
    def test_set_user_config_fail(self, mock_connection):

        mock_connection.side_effect = UnauthorizedError('Bad credentials!')

        # Create a user with no settings
        user = AuthUserFactory()
        user.add_addon('dataverse')
        user_settings = user.get_addon('dataverse')

        url = api_url_for('dataverse_set_user_config')
        params = {'api_token': 'wrong-info'}

        # Post incorrect credentials to existing user
        res = self.app.post_json(url, params, auth=self.user.auth,
                                 expect_errors=True)
        self.user_settings.reload()

        # Original user's info has not changed
        assert_equal(res.status_code, http.UNAUTHORIZED)
        assert_equal(self.user_settings.api_token, 'snowman-frosty')

        # Post incorrect credentials to new user
        res = self.app.post_json(url, params, auth=user.auth,
                                 expect_errors=True)
        user_settings.reload()

        # New user's incorrect credentials were not saved
        assert_equal(res.status_code, http.UNAUTHORIZED)
        assert_equal(user_settings.api_token, None)
Example #5
0
class TestAssertion(OsfTestCase):

    def setUp(self):
        super(TestAssertion, self).setUp()
        self.user = AuthUserFactory()
        self.user.add_addon('badges', override=True)
        self.usersettings = self.user.get_addon('badges', self.user.auth)
        self.usersettings.save()
        self.project = ProjectFactory()
        self.node_settings = self.project.get_addon('badges')
        create_mock_badge(self.usersettings)
        self.badge = self.usersettings.badges[0]

    def test_parent(self):
        assertion = BadgeAssertion.create(self.badge, self.project)
        assert_equals(assertion.badge, self.badge)

    def test_recipient(self):
        assertion = BadgeAssertion.create(self.badge, self.project)
        test_data = {
            'idenity': self.project._id,
            'type': 'osfnode',
            'hashed': False
        }
        assert_equals(assertion.recipient, test_data)

    def test_awarder(self):
        assertion = BadgeAssertion.create(self.badge, self.project)
        assert_equals(assertion.awarder, self.usersettings)
Example #6
0
    def test_reviewer_can_update_nested_comment_fields_draft_registration(self):
        user = AuthUserFactory()
        user.system_tags.append(PREREG_ADMIN_TAG)
        user.save()

        payload = {
            "data": {
                "id": self.prereg_draft_registration._id,
                "type": "draft_registrations",
                "attributes": {
                    "registration_metadata": {
                        'q7': {
                            'value': {
                                 'question': {
                                    'comments': [{'value': 'Add some clarity here.'}]
                                }
                            }
                        }
                    }
                }
            }
        }

        url = '/{}nodes/{}/draft_registrations/{}/'.format(API_BASE, self.public_project._id, self.prereg_draft_registration._id)

        res = self.app.put_json_api(url, payload, auth=user.auth, expect_errors=True)
        assert_equal(res.status_code, 200)
        assert_equal(res.json['data']['attributes']['registration_metadata']['q7']['value']['question']['comments'][0]['value'], 'Add some clarity here.')
Example #7
0
    def test_reviewer_cannot_update_nested_value_fields_draft_registration(self):
        user = AuthUserFactory()
        user.system_tags.append(PREREG_ADMIN_TAG)
        user.save()

        payload = {
            "data": {
                "id": self.prereg_draft_registration._id,
                "type": "draft_registrations",
                "attributes": {
                    "registration_metadata": {
                        'q7': {
                            'value': {
                                 'question': {
                                    'value': 'This is the answer'
                                }
                            }
                        }
                    }
                }
            }
        }

        url = '/{}nodes/{}/draft_registrations/{}/'.format(API_BASE, self.public_project._id, self.prereg_draft_registration._id)

        res = self.app.put_json_api(url, payload, auth=user.auth, expect_errors=True)
        assert_equal(res.status_code, 400)
        assert_equal(res.json['errors'][0]['detail'], "Additional properties are not allowed (u'value' was unexpected)")
Example #8
0
class TestUserGet(AdminTestCase):
    def setUp(self):
        super(TestUserGet, self).setUp()
        User.remove()
        self.user_1 = AuthUserFactory()
        self.auth = Auth(user=self.user_1)
        self.project = ProjectFactory(creator=self.user_1)
        self.project.add_unregistered_contributor(
            email='*****@*****.**',
            fullname='Weezy F. Baby',
            auth=self.auth
        )
        self.user_3 = AuthUserFactory()
        self.user_3.date_confirmed = None
        self.user_3.save()
        self.user_4 = AuthUserFactory()

    def test_get_all_user_count(self):
        time_now = datetime.utcnow()
        count = get_all_user_count(time_now)
        nt.assert_equal(count, 4)

    def test_get_unregistered_users(self):
        count = get_unregistered_users()
        nt.assert_equal(count, 1)
Example #9
0
class TestMenbibAuthViews(OsfTestCase):

    def setUp(self):
        self.app = TestApp(app)
        self.user = AuthUserFactory()
        self.app.authenticate(*self.user.auth)

    def test_menbib_oauth_start(self):
        url = api_url_for('menbib_oauth_start_user')
        res = self.app.get(url)
        assert_is_redirect(res)

    @mock.patch('website.addons.menbib.views.auth.finish_auth')
    def test_menbib_oauth_finish(self, mock_finish):
        mock_finish.return_value = AuthResult('mytokenabc', 'myrefreshabc', 'cool', '3600')
        url = api_url_for('menbib_oauth_finish')
        res = self.app.get(url)
        assert_is_redirect(res)

    def test_menbib_oauth_delete_user(self):
        self.user.add_addon('menbib')
        user_settings = self.user.get_addon('menbib')
        user_settings.access_token = '12345abc'
        assert_true(user_settings.has_auth)
        self.user.save()
        url = api_url_for('menbib_oauth_delete_user')
        res = self.app.delete(url)
        user_settings.reload()
        assert_false(user_settings.has_auth)
Example #10
0
 def setUp(self):
     super(TestSpamListView, self).setUp()
     Comment.remove()
     self.project = ProjectFactory(is_public=True)
     self.user_1 = AuthUserFactory()
     self.user_2 = AuthUserFactory()
     self.project.add_contributor(self.user_1)
     self.project.add_contributor(self.user_2)
     self.project.save()
     self.user_1.save()
     self.user_2.save()
     date = datetime.utcnow()
     self.comment_1 = CommentFactory(node=self.project, user=self.user_1)
     self.comment_2 = CommentFactory(node=self.project, user=self.user_1)
     self.comment_3 = CommentFactory(node=self.project, user=self.user_1)
     self.comment_4 = CommentFactory(node=self.project, user=self.user_1)
     self.comment_5 = CommentFactory(node=self.project, user=self.user_2)
     self.comment_6 = CommentFactory(node=self.project, user=self.user_2)
     self.comment_1.report_abuse(user=self.user_2, save=True, category="spam", date=date - timedelta(seconds=5))
     self.comment_2.report_abuse(user=self.user_2, save=True, category="spam", date=date - timedelta(seconds=4))
     self.comment_3.report_abuse(user=self.user_2, save=True, category="spam", date=date - timedelta(seconds=3))
     self.comment_4.report_abuse(user=self.user_2, save=True, category="spam", date=date - timedelta(seconds=2))
     self.comment_5.report_abuse(user=self.user_1, save=True, category="spam", date=date - timedelta(seconds=1))
     self.comment_6.report_abuse(user=self.user_1, save=True, category="spam")
     self.request = RequestFactory().get("/fake_path")
     self.view = SpamList()
     self.view = setup_view(self.view, self.request, user_id=self.user_1._id)
Example #11
0
class TestDataverseRestrictions(DataverseAddonTestCase, OsfTestCase):

    def setUp(self):

        super(DataverseAddonTestCase, self).setUp()

        # Nasty contributor who will try to access content that he shouldn't
        # have access to
        self.contrib = AuthUserFactory()
        self.project.add_contributor(self.contrib, auth=Auth(self.user))
        self.project.save()

    @mock.patch('addons.dataverse.views.client.connect_from_settings')
    def test_restricted_set_dataset_not_owner(self, mock_connection):
        mock_connection.return_value = create_mock_connection()

        # Contributor has dataverse auth, but is not the node authorizer
        self.contrib.add_addon('dataverse')
        self.contrib.save()

        url = api_url_for('dataverse_set_config', pid=self.project._primary_key)
        params = {
            'dataverse': {'alias': 'ALIAS1'},
            'dataset': {'doi': 'doi:12.3456/DVN/00002'},
        }
        res = self.app.post_json(url, params, auth=self.contrib.auth,
                                 expect_errors=True)
        assert_equal(res.status_code, http.FORBIDDEN)
Example #12
0
class TestGoogleDriveHgridViews(OsfTestCase):

    def setUp(self):
        super(TestGoogleDriveHgridViews, self).setUp()
        self.user = AuthUserFactory()
        self.user.add_addon('googledrive')
        self.project = ProjectFactory(creator=self.user)
        self.project.add_addon('googledrive', Auth(self.user))
        self.node_settings = self.project.get_addon('googledrive')
        self.user_settings = self.user.get_addon('googledrive')
        self.node_settings.user_settings = self.user_settings
        self.user_settings.save()
        self.node_settings.save()
        # Log user in
        self.app.authenticate(*self.user.auth)

    @mock.patch('website.addons.googledrive.views.hgrid.GoogleDriveClient.folders')
    def test_googledrive_folders(self, mock_drive_client_folders):
        folderId = '12345'
        mock_drive_client_folders.return_value = mock_folders['items']
        url = api_url_for('googledrive_folders', pid=self.project._primary_key, folderId=folderId)
        res = self.app.get(url, auth=self.user.auth)
        assert_equal(res.status_code, 200)
        assert_equal(len(res.json), len(mock_folders['items']))

    @mock.patch('website.addons.googledrive.views.hgrid.GoogleDriveClient.about')
    def test_googledrive_folders_returns_only_root(self, mock_about):
        mock_about.return_value = {'rootFolderId': '24601'}

        url = self.project.api_url_for('googledrive_folders')
        res = self.app.get(url, auth=self.user.auth)

        assert_equal(len(res.json), 1)
        assert_equal(res.status_code, 200)
        assert_equal(res.json[0]['id'], '24601')
Example #13
0
 def test_set_config_not_owner(self, mock_metadata):
     mock_metadata.return_value = {
         'data': {
             'name': 'Fake Folder'
         }
     }
     user = AuthUserFactory()
     user.add_addon('zotero')
     self.project.add_contributor(user)
     self.project.save()
     res = self.app.put_json(
         self.project.api_url_for('zotero_set_config'),
         {
             'external_account_id': self.account._id,
             'external_list_id': 'list',
         },
         auth=user.auth,
     )
     self.node_addon.reload()
     assert_equal(self.user_addon, self.node_addon.user_settings)
     serializer = ZoteroSerializer(node_settings=self.node_addon, user_settings=None)
     result = {
         'result': serializer.serialized_node_settings
     }
     assert_equal(res.json, result)
Example #14
0
    def test_confirm_non_contrib_viewers_dont_have_pid_in_comments_view_timestamp(self):
        non_contributor = AuthUserFactory()
        url = self.project.api_url_for("update_comments_timestamp")
        res = self.app.put_json(url, {"page": "node", "rootId": self.project._id}, auth=self.user.auth)

        non_contributor.reload()
        assert_not_in(self.project._id, non_contributor.comments_viewed_timestamp)
Example #15
0
 def test_revoke_remote_access_not_called(self, mock_decorator, mock_revoke):
     mock_decorator.return_value = self.user
     user2 = AuthUserFactory()
     user2.external_accounts.append(self.external_account)
     user2.save()
     self.user_settings.delete()
     assert_equal(mock_revoke.call_count, 0)
Example #16
0
    def test_claim_user_registered_with_correct_password(self):
        reg_user = AuthUserFactory()
        reg_user.set_password('killerqueen')
        reg_user.save()
        url = self.user.get_claim_url(self.project._primary_key)
        # Follow to password re-enter page
        res = self.app.get(url, auth=reg_user.auth).follow(auth=reg_user.auth)

        # verify that the "Claim Account" form is returned
        assert_in('Claim Contributor', res.body)

        form = res.forms['claimContributorForm']
        form['password'] = '******'
        res = form.submit(auth=reg_user.auth).follow(auth=reg_user.auth)

        self.project.reload()
        self.user.reload()
        # user is now a contributor to the project
        assert_in(reg_user._primary_key, self.project.contributors)

        # the unregistered user (self.user) is removed as a contributor, and their
        assert_not_in(self.user._primary_key, self.project.contributors)

        # unclaimed record for the project has been deleted
        assert_not_in(self.project._primary_key, self.user.unclaimed_records)
Example #17
0
class TestAuthViews(OsfTestCase):

    def setUp(self):
        self.app = TestApp(app)
        self.user = AuthUserFactory()
        self.app.authenticate(*self.user.auth)


    def test_mendeley_oauth_start(self):
        self.user.add_addon('mendeley')
        settings = self.user.get_addon('mendeley')
        settings.access_token = '12345abc'
        print settings.has_auth
        settings.save()
       # assert_true(settings.has_auth)
        url = views.mendeley_oauth_start(self)
        print url



    def test_mendeley_oauth_delete_user(self):
        pass

    def test_mendeley_oauth_delete_node(self):
        pass

    def test_mendeley_oauth_callback(self):
        pass
Example #18
0
class TestUsers(ApiTestCase):

    def setUp(self):
        super(TestUsers, self).setUp()
        self.user_one = AuthUserFactory()
        self.user_two = AuthUserFactory()

    def tearDown(self):
        super(TestUsers, self).tearDown()

    def test_returns_200(self):
        res = self.app.get('/{}users/'.format(API_BASE))
        assert_equal(res.status_code, 200)
        assert_equal(res.content_type, 'application/vnd.api+json')

    def test_find_user_in_users(self):
        url = "/{}users/".format(API_BASE)

        res = self.app.get(url)
        user_son = res.json['data']

        ids = [each['id'] for each in user_son]
        assert_in(self.user_two._id, ids)

    def test_all_users_in_users(self):
        url = "/{}users/".format(API_BASE)

        res = self.app.get(url)
        user_son = res.json['data']

        ids = [each['id'] for each in user_son]
        assert_in(self.user_one._id, ids)
        assert_in(self.user_two._id, ids)

    def test_find_multiple_in_users(self):
        url = "/{}users/?filter[fullname]=fred".format(API_BASE)

        res = self.app.get(url)
        user_json = res.json['data']
        ids = [each['id'] for each in user_json]
        assert_in(self.user_one._id, ids)
        assert_in(self.user_two._id, ids)

    def test_find_single_user_in_users(self):
        url = "/{}users/?filter[fullname]=my".format(API_BASE)
        self.user_one.fullname = 'My Mom'
        self.user_one.save()
        res = self.app.get(url)
        user_json = res.json['data']
        ids = [each['id'] for each in user_json]
        assert_in(self.user_one._id, ids)
        assert_not_in(self.user_two._id, ids)

    def test_find_no_user_in_users(self):
        url = "/{}users/?filter[fullname]=NotMyMom".format(API_BASE)
        res = self.app.get(url)
        user_json = res.json['data']
        ids = [each['id'] for each in user_json]
        assert_not_in(self.user_one._id, ids)
        assert_not_in(self.user_two._id, ids)
Example #19
0
 def setUp(self):
     super(TestUserSpamListView, self).setUp()
     self.project = ProjectFactory(is_public=True)
     self.user_1 = AuthUserFactory()
     self.user_2 = AuthUserFactory()
     self.project.add_contributor(self.user_1)
     self.project.add_contributor(self.user_2)
     self.project.save()
     self.user_2.save()
     self.user_1.save()
     self.comment_1 = CommentFactory(node=self.project, user=self.user_1)
     self.comment_2 = CommentFactory(node=self.project, user=self.user_1)
     self.comment_3 = CommentFactory(node=self.project, user=self.user_1)
     self.comment_4 = CommentFactory(node=self.project, user=self.user_1)
     self.comment_5 = CommentFactory(node=self.project, user=self.user_2)
     self.comment_6 = CommentFactory(node=self.project, user=self.user_2)
     self.comment_1.report_abuse(user=self.user_2, save=True,
                                 category='spam')
     self.comment_2.report_abuse(user=self.user_2, save=True,
                                 category='spam')
     self.comment_3.report_abuse(user=self.user_2, save=True,
                                 category='spam')
     self.comment_4.report_abuse(user=self.user_2, save=True,
                                 category='spam')
     self.comment_5.report_abuse(user=self.user_1, save=True,
                                 category='spam')
     self.comment_6.report_abuse(user=self.user_1, save=True,
                                 category='spam')
Example #20
0
 def setUp(self):
     super(TestUserSpamListView, self).setUp()
     self.project = ProjectFactory(is_public=True)
     self.user_1 = AuthUserFactory()
     self.user_2 = AuthUserFactory()
     self.project.add_contributor(self.user_1)
     self.project.add_contributor(self.user_2)
     self.project.save()
     self.user_1.save()
     self.user_2.save()
     self.comment_1 = CommentFactory(node=self.project, user=self.user_1)
     self.comment_2 = CommentFactory(node=self.project, user=self.user_1)
     self.comment_3 = CommentFactory(node=self.project, user=self.user_1)
     self.comment_4 = CommentFactory(node=self.project, user=self.user_1)
     self.comment_5 = CommentFactory(node=self.project, user=self.user_2)
     self.comment_6 = CommentFactory(node=self.project, user=self.user_2)
     self.comment_1.report_abuse(user=self.user_2, save=True, category="spam")
     self.comment_2.report_abuse(user=self.user_2, save=True, category="spam")
     self.comment_3.report_abuse(user=self.user_2, save=True, category="spam")
     self.comment_4.report_abuse(user=self.user_2, save=True, category="spam")
     self.comment_5.report_abuse(user=self.user_1, save=True, category="spam")
     self.comment_6.report_abuse(user=self.user_1, save=True, category="spam")
     self.request = RequestFactory().get("/fake_path")
     self.view = UserSpamList()
     self.view = setup_view(self.view, self.request, user_id=self.user_1._id)
Example #21
0
class TestBadge(OsfTestCase):

    def setUp(self):
        super(TestBadge, self).setUp()
        self.user = AuthUserFactory()
        self.user.add_addon('badges', override=True)
        self.usersettings = self.user.get_addon('badges', self.user.auth)
        self.usersettings.save()

    def test_fields(self):
        badgedata = create_badge_dict()
        create_mock_badge(self.usersettings, badge_data=badgedata)
        badge = self.usersettings.badges[0]
        assert_equals(badge.name, badgedata['badgeName'])
        assert_equals(badge.description, badgedata['description'])
        assert_equals(badge.image, 'temp.png')
        assert_equals(badge.criteria, badgedata['criteria'])

    def test_system_badge(self):
        create_mock_badge(self.usersettings)
        badge = self.usersettings.badges[0]
        badge.make_system_badge()
        assert_true(badge.is_system_badge)
        assert_equals(badge, Badge.get_system_badges()[0])

    def test_assertions(self):
        create_mock_badge(self.usersettings)
        badge = self.usersettings.badges[0]
        assert_equals(len(badge.assertions), 0)
        for n in xrange(4):
            BadgeAssertion.create(badge, None)
            assert_equals(len(badge.assertions), n + 1)
Example #22
0
 def test_many_users_each_with_the_same_github(self):
     user = AuthUserFactory()
     user.add_addon('github')
     user.external_accounts.append(self.oauth_settings)
     user.save()
     results = AddonSnapshot().get_events()
     github_res = [res for res in results if res['provider']['name'] == 'github'][0]
     assert_equal(github_res['users']['total'], 2)
Example #23
0
    def test_reviewer_cannot_delete_draft_registration(self):
        user = AuthUserFactory()
        user.system_tags.append(PREREG_ADMIN_TAG)
        user.save()

        res = self.app.delete_json_api(self.url, auth=user.auth, expect_errors=True)
        assert_equal(res.status_code, 403)
        assert_equal(res.json['errors'][0]['detail'], 'You do not have permission to perform this action.')
Example #24
0
 def test_user_settings_when_user_does_not_have_addon(self, _):
     user = AuthUserFactory()
     url = self.project.api_url_for("s3_post_user_settings")
     self.app.post_json(url, {"access_key": "ABCDEFG", "secret_key": "We are the champions"}, auth=user.auth)
     user.reload()
     user_settings = user.get_addon("s3")
     assert_equals(user_settings.access_key, "ABCDEFG")
     assert_equals(user_settings.secret_key, "We are the champions")
Example #25
0
 def test_many_users_each_with_the_same_github_enabled(self):
     user = AuthUserFactory()
     user.add_addon("github")
     user.external_accounts.append(self.external_account)
     user.save()
     results = AddonSnapshot().get_events()
     github_res = [res for res in results if res["provider"]["name"] == "github"][0]
     assert_equal(github_res["users"]["enabled"], 2)
Example #26
0
    def test_s3_set_bucket_no_auth(self):

        user = AuthUserFactory()
        user.add_addon("s3")
        self.project.add_contributor(user, save=True)
        url = self.project.api_url_for("s3_post_node_settings")
        res = self.app.post_json(url, {"s3_bucket": "hammertofall"}, auth=user.auth, expect_errors=True)
        assert_equal(res.status_code, http.BAD_REQUEST)
Example #27
0
    def test_reviewer_cannot_create_draft_registration(self):
        user = AuthUserFactory()
        user.system_tags.append(PREREG_ADMIN_TAG)
        user.save()

        assert_in(self.read_only_user._id, self.public_project.contributors)
        res = self.app.post_json_api(self.url, self.payload, auth=user.auth, expect_errors=True)
        assert_equal(res.status_code, 403)
Example #28
0
class TestGoogleDriveUtils(OsfTestCase):

    def setUp(self):
        super(TestGoogleDriveUtils, self).setUp()
        self.user = AuthUserFactory()
        self.user.add_addon('googledrive')
        self.project = ProjectFactory(creator=self.user)
        self.project.add_addon('googledrive', Auth(self.user))
        self.node_settings = self.project.get_addon('googledrive')
        self.user_settings = self.user.get_addon('googledrive')
        oauth_settings = GoogleDriveOAuthSettingsFactory()
        self.user_settings.oauth_settings = oauth_settings
        self.node_settings.user_settings = self.user_settings
        self.node_settings.folder_id = '09120912'
        self.node_settings.folder_path = 'foo/bar'

        self.user_settings.save()
        self.node_settings.save()
        # Log user in
        self.app.authenticate(*self.user.auth)

    def test_serialize_settings_helper_returns_correct_urls(self):
        result = serialize_settings(self.node_settings, self.user)
        urls = result['urls']

        assert_equal(urls['files'], self.project.web_url_for('collect_file_trees'))
        assert_equal(urls['config'], self.project.api_url_for('googledrive_config_put'))
        assert_equal(urls['deauthorize'], self.project.api_url_for('googledrive_deauthorize'))
        assert_equal(urls['importAuth'], self.project.api_url_for('googledrive_import_user_auth'))
        # Includes endpoint for fetching folders only
        # NOTE: Querystring params are in camelCase
        assert_equal(urls['get_folders'], self.project.api_url_for('googledrive_folders'))

    def test_serialize_settings_helper_returns_correct_auth_info(self):
        self.user_settings.access_token = 'abc123'
        result = serialize_settings(self.node_settings, self.user)
        assert_equal(result['nodeHasAuth'], self.node_settings.has_auth)
        assert_true(result['userHasAuth'])
        assert_true(result['userIsOwner'])

    def test_serialize_settings_for_user_no_auth(self):
        no_addon_user = AuthUserFactory()
        result = serialize_settings(self.node_settings, no_addon_user)
        assert_false(result['userIsOwner'])
        assert_false(result['userHasAuth'])

    def test_googledrive_import_user_auth_returns_serialized_settings(self):
        self.node_settings.user_settings = None
        self.node_settings.save()
        url = api_url_for('googledrive_import_user_auth', pid=self.project._primary_key)
        res = self.app.put(url, auth=self.user.auth)
        self.project.reload()
        self.node_settings.reload()

        expected_result = serialize_settings(self.node_settings, self.user)
        result = res.json['result']
        assert_equal(result, expected_result)
Example #29
0
class TestCheckPreregAuth(OsfTestCase):

    def setUp(self):
        super(TestCheckPreregAuth, self).setUp()

        ensure_schemas()
        self.prereg_challenge_admin_user = AuthUserFactory()
        self.prereg_challenge_admin_user.system_tags.append(settings.PREREG_ADMIN_TAG)
        self.prereg_challenge_admin_user.save()
        prereg_schema = MetaSchema.find_one(
                Q('name', 'eq', 'Prereg Challenge') &
                Q('schema_version', 'eq', 2)
        )

        self.user = AuthUserFactory()
        self.node = factories.ProjectFactory(creator=self.user)

        self.parent = factories.ProjectFactory()
        self.child = factories.NodeFactory(parent=self.parent)

        self.draft_registration = factories.DraftRegistrationFactory(
            initiator=self.user,
            registration_schema=prereg_schema,
            branched_from=self.parent
        )

    def test_has_permission_download_prereg_challenge_admin(self):
        res = views.check_access(self.draft_registration.branched_from,
            Auth(user=self.prereg_challenge_admin_user), 'download', None)
        assert_true(res)

    def test_has_permission_download_on_component_prereg_challenge_admin(self):
        try:
            res = views.check_access(self.draft_registration.branched_from.nodes[0],
                                     Auth(user=self.prereg_challenge_admin_user), 'download', None)
        except Exception:
            self.fail()
        assert_true(res)

    def test_has_permission_download_not_prereg_challenge_admin(self):
        new_user = AuthUserFactory()
        with assert_raises(HTTPError) as exc_info:
            views.check_access(self.draft_registration.branched_from,
                 Auth(user=new_user), 'download', None)
            assert_equal(exc_info.exception.code, http.FORBIDDEN)

    def test_has_permission_download_prereg_challenge_admin_not_draft(self):
        with assert_raises(HTTPError) as exc_info:
            views.check_access(self.node,
                 Auth(user=self.prereg_challenge_admin_user), 'download', None)
            assert_equal(exc_info.exception.code, http.FORBIDDEN)

    def test_has_permission_write_prereg_challenge_admin(self):
        with assert_raises(HTTPError) as exc_info:
            views.check_access(self.draft_registration.branched_from,
                Auth(user=self.prereg_challenge_admin_user), 'write', None)
            assert_equal(exc_info.exception.code, http.FORBIDDEN)
Example #30
0
 def test_dropbox_get_share_emails_returns_error_if_not_authorizer(self):
     contrib = AuthUserFactory()
     contrib.add_addon('dropbox')
     contrib.save()
     self.project.add_contributor(contrib, auth=Auth(self.user))
     self.project.save()
     url = api_url_for('dropbox_get_share_emails', pid=self.project._primary_key)
     # Non-authorizing contributor sends request
     res = self.app.get(url, auth=contrib.auth, expect_errors=True)
     assert_equal(res.status_code, httplib.FORBIDDEN)
Example #31
0
    def test_GET_disapprove_with_wrong_admins_token_returns_HTTPBad_Request(
            self):
        user2 = AuthUserFactory()
        self.registration.contributors.append(user2)
        self.registration.add_permission(user2, 'admin', save=True)
        self.registration.retract_registration(self.user)
        self.registration.save()
        assert_true(self.registration.pending_retraction)
        assert_equal(len(self.registration.retraction.approval_state), 2)

        wrong_disapproval_token = self.registration.retraction.approval_state[
            user2._id]['disapproval_token']
        res = self.app.get(self.registration.web_url_for(
            'node_registration_retraction_disapprove',
            token=wrong_disapproval_token),
                           auth=self.auth,
                           expect_errors=True)
        assert_true(self.registration.pending_retraction)
        assert_equal(res.status_code, 400)
Example #32
0
 def setUp(self):
     super(MendeleyViewsTestCase, self).setUp()
     self.account = MendeleyAccountFactory()
     self.user = AuthUserFactory(external_accounts=[self.account])
     self.account.display_name = self.user.fullname
     self.account.save()
     self.user_addon = MendeleyUserSettingsFactory(owner=self.user, external_account=self.account)
     self.project = ProjectFactory(creator=self.user)
     self.node_addon = MendeleyNodeSettingsFactory(owner=self.project)
     self.node_addon.set_auth(external_account=self.account, user=self.user)
     #self.user_addon.grant_oauth_access(self.node_addon, self.account, metadata={'lists': 'list'})
     self.node = MockNode()
     self.node.addon = self.node_addon
     self.id_patcher = mock.patch('website.addons.mendeley.model.Mendeley.client_id')
     self.secret_patcher = mock.patch('website.addons.mendeley.model.Mendeley.client_secret')
     self.id_patcher.__get__ = mock.Mock(return_value='1234567890asdf')
     self.secret_patcher.__get__ = mock.Mock(return_value='1234567890asdf')
     self.id_patcher.start()
     self.secret_patcher.start()
Example #33
0
    def setUp(self):
        super(AddonSerializerTestSuiteMixin, self).setUp()
        self.user = AuthUserFactory()
        self.node = ProjectFactory(creator=self.user)
        self.set_user_settings(self.user)
        assert_is_not_none(
            getattr(self, 'user_settings'),
            "'set_user_settings' should set the 'user_settings' attribute of the instance to an instance of the appropriate user settings model."
        )
        self.set_node_settings(self.user_settings)
        assert_is_not_none(
            getattr(self, 'node_settings'),
            "'set_node_settings' should set the 'user_settings' attribute of the instance to an instance of the appropriate node settings model."
        )

        self.ser = self.Serializer(
            user_settings=self.user_settings,
            node_settings=self.node_settings
        )
Example #34
0
 def test_must_be_self(self):
     user = AuthUserFactory()
     self.file.checkout = self.user
     self.file.save()
     res = self.app.put_json_api(
         '/{}files/{}/'.format(API_BASE, self.file._id),
         {
             'id': self.file._id,
             'type': 'files',
             'attributes': {
                 'checkout': user._id
             }
         },
         auth=user.auth,
         expect_errors=True,
     )
     self.file.reload()
     assert_equal(res.status_code, 403)
     assert_equal(self.file.checkout, self.user)
Example #35
0
 def setUp(self):
     super(TestDraftListView, self).setUp()
     self.user = AuthUserFactory()
     schema = utils.draft_reg_util()
     self.dr1 = DraftRegistrationFactory(
         initiator=self.user,
         registration_schema=schema,
         registration_metadata=utils.SCHEMA_DATA
     )
     self.dr1.submit_for_review(self.user, {}, save=True)
     self.dr2 = DraftRegistrationFactory(
         initiator=self.user,
         registration_schema=schema,
         registration_metadata=utils.SCHEMA_DATA
     )
     self.dr2.submit_for_review(self.user, {}, save=True)
     self.request = RequestFactory().get('/fake_path')
     self.view = DraftListView()
     self.view = setup_view(self.view, self.request)
Example #36
0
    def setUp(self):
        super(TestApplicationReset, self).setUp()

        self.user1 = AuthUserFactory()

        self.user1_app = ApiOAuth2ApplicationFactory(owner=self.user1)
        self.user1_reset_url = _get_application_reset_route(self.user1_app)

        self.correct = {
            'data': {
                'id': self.user1_app.client_id,
                'type': 'applications',
                'attributes': {
                    'name': 'A shiny new application',
                    'home_url': 'http://osf.io',
                    'callback_url': 'https://cos.io'
                }
            }
        }
Example #37
0
    def test_dataverse_data_contents_state_on_dashboard(
            self, mock_request, mock_connection):
        mock_connection.return_value = create_mock_connection()
        mock_request.referrer = 'some_url/'
        mock_request.args = {}

        self.project.set_privacy('public')
        self.project.save()

        url = api_url_for('dataverse_hgrid_data_contents',
                          pid=self.project._primary_key)

        # All users get released version
        res = self.app.get(url, auth=self.user.auth)
        assert_equal(res.json['data'][0]['name'], 'released.txt')

        user2 = AuthUserFactory()
        res = self.app.get(url, auth=user2.auth)
        assert_equal(res.json['data'][0]['name'], 'released.txt')
Example #38
0
    def test_dataverse_data_contents_state_on_file_page(
            self, mock_request, mock_connection):
        mock_connection.return_value = create_mock_connection()
        mock_request.referrer = 'some_url/files/'

        self.project.set_privacy('public')
        self.project.save()

        url = api_url_for('dataverse_hgrid_data_contents',
                          pid=self.project._primary_key)

        # Creator posts, gets draft version
        res = self.app.get(url, auth=self.user.auth)
        assert_equal(res.json['data'][0]['name'], 'file.txt')

        # Noncontributor posts, gets released version
        user2 = AuthUserFactory()
        res = self.app.get(url, auth=user2.auth)
        assert_equal(res.json['data'][0]['name'], 'released.txt')
Example #39
0
 def test_serialize_settings_non_authorizer(self):
     #"""dict: a serialized version of user-specific addon settings"""
     non_authorizing_user = AuthUserFactory()
     self.project.add_contributor(non_authorizing_user, save=True)
     res = self.app.get(
         self.project.api_url_for('mendeley_get_config'),
         auth=non_authorizing_user.auth,
     )
     assert_true(res.json['nodeHasAuth'])
     assert_false(res.json['userHasAuth'])
     assert_false(res.json['userIsOwner'])
     assert_equal(res.json['folder'], '')
     assert_equal(res.json['ownerName'], self.user.fullname)
     assert_true(res.json['urls']['auth'])
     assert_true(res.json['urls']['config'])
     assert_true(res.json['urls']['deauthorize'])
     assert_true(res.json['urls']['folders'])
     assert_true(res.json['urls']['importAuth'])
     assert_true(res.json['urls']['settings'])
Example #40
0
    def test_non_contributor_GET_approval_returns_HTTPError(self):
        non_contributor = AuthUserFactory()
        self.registration.embargo_registration(
            self.user,
            datetime.datetime.utcnow() + datetime.timedelta(days=10))
        self.registration.save()
        assert_true(self.registration.is_pending_embargo)

        approval_token = self.registration.embargo.approval_state[
            self.user._id]['approval_token']
        approval_url = self.registration.web_url_for('view_project',
                                                     token=approval_token)

        res = self.app.get(approval_url,
                           auth=non_contributor.auth,
                           expect_errors=True)
        assert_equal(http.FORBIDDEN, res.status_code)
        assert_true(self.registration.is_pending_embargo)
        assert_true(self.registration.embargo_end_date)
Example #41
0
    def test_has_permission_decommissioned_scope_no_error(self):
        component_admin = AuthUserFactory()
        component = ProjectFactory(creator=component_admin,
                                   is_public=False,
                                   parent=self.node)
        cas_resp = cas.CasResponse(authenticated=True,
                                   status=None,
                                   user=self.user._id,
                                   attributes={
                                       'accessTokenScope': {
                                           'decommissioned.scope+write',
                                           'osf.nodes.data_read',
                                       }
                                   })

        assert_false(component.has_permission(self.user, 'write'))
        res = views.check_access(component, Auth(user=self.user), 'download',
                                 cas_resp)
        assert_true(res)
Example #42
0
    def setUp(self):
        super(TestFileVersionView, self).setUp()

        self.user = AuthUserFactory()
        self.node = ProjectFactory(creator=self.user)

        self.osfstorage = self.node.get_addon('osfstorage')

        self.root_node = self.osfstorage.get_root()
        self.file = self.root_node.append_file('test_file')
        self.file.create_version(
            self.user, {
                'object': '06d80e',
                'service': 'cloud',
                osfstorage_settings.WATERBUTLER_RESOURCE: 'osf',
            }, {
                'size': 1337,
                'contentType': 'img/png'
            }).save()
Example #43
0
 def test_many_users_each_with_a_different_github(self):
     user = AuthUserFactory()
     user.add_addon('github')
     oauth_settings2 = GitHubAccountFactory(display_name='hmoco2')
     oauth_settings2.save()
     user.external_accounts.append(oauth_settings2)
     user.save()
     results = AddonSnapshot().get_events()
     github_res = [
         res for res in results if res['provider']['name'] == 'github'
     ][0]
     assert_equal(github_res['users']['enabled'], 2)
     assert_equal(github_res['users']['authorized'], 1)
     assert_equal(github_res['users']['linked'], 1)
Example #44
0
    def setUp(self):
        super(TestDraftFormView, self).setUp()
        self.user = AuthUserFactory()
        self.dr1 = DraftRegistrationFactory(
            initiator=self.user,
            registration_schema=utils.draft_reg_util(),
            registration_metadata=utils.SCHEMA_DATA)
        self.dr1.submit_for_review(self.user, {}, save=True)
        self.dr1.flags  # sets flags if there aren't any yet.
        self.request = RequestFactory().get('/fake_path')
        self.view = DraftFormView()
        self.view = setup_view(self.view, self.request, draft_pk=self.dr1._id)

        self.post = RequestFactory().post('/fake_path')
        self.post.user = UserFactory()
        self.post_view = DraftFormView()
        self.form_data = {
            'notes': 'Far between',
            'proof_of_publication': 'approved',
        }
Example #45
0
 def test_read_contrib_cannot_checkout(self):
     user = AuthUserFactory()
     self.node.add_contributor(user, permissions=['read'])
     self.node.save()
     assert_false(self.node.can_edit(user=user))
     res = self.app.put_json_api(self.file_url, {
         'data': {
             'id': self.file._id,
             'type': 'files',
             'attributes': {
                 'checkout': None
             }
         }
     },
                                 auth=user.auth,
                                 expect_errors=True)
     self.file.reload()
     assert_equal(res.status_code, 403)
     assert_equal(self.file.checkout, None)
     assert self.node.logs[-1].action != NodeLog.CHECKED_OUT
Example #46
0
    def test_dataverse_root_not_published(self, mock_files, mock_connection):
        mock_connection.return_value = create_mock_connection()
        mock_files.return_value = []

        self.project.set_privacy('public')
        self.project.save()

        url = api_url_for('dataverse_root_folder_public',
                          pid=self.project._primary_key)

        # Contributor gets draft, no options
        res = self.app.get(url, auth=self.user.auth)
        assert_true(res.json[0]['permissions']['edit'])
        assert_false(res.json[0]['hasPublishedFiles'])
        assert_equal(res.json[0]['version'], 'latest')

        # Non-contributor gets nothing
        user2 = AuthUserFactory()
        res = self.app.get(url, auth=user2.auth)
        assert_equal(res.json, [])
Example #47
0
    def setUp(self):
        super(TestNodeLinkedNodes, self).setUp()
        self.user = AuthUserFactory()
        self.auth = Auth(self.user)
        self.linking_node_source = NodeFactory(creator=self.user)
        self.linked_node = NodeFactory(creator=self.user)
        self.linked_node2 = NodeFactory(creator=self.user)
        self.public_node = NodeFactory(is_public=True, creator=self.user)
        self.linking_node_source.add_pointer(self.linked_node, auth=self.auth)
        self.linking_node_source.add_pointer(self.linked_node2, auth=self.auth)
        self.linking_node_source.add_pointer(self.public_node, auth=self.auth)
        self.linking_node_source.save()
        self.linking_node = RegistrationFactory(
            project=self.linking_node_source, creator=self.user)

        self.url = '/{}registrations/{}/linked_nodes/'.format(
            API_BASE, self.linking_node._id)
        self.node_ids = [
            pointer.node._id for pointer in self.linking_node.nodes_pointer
        ]
Example #48
0
 def setUp(self):
     super(RegistrationRetractionApprovalDisapprovalViewsTestCase,
           self).setUp()
     self.user = AuthUserFactory()
     self.registered_from = ProjectFactory(is_public=True,
                                           creator=self.user)
     self.registration = RegistrationFactory(is_public=True,
                                             project=self.registered_from)
     self.registration.retract_registration(self.user)
     self.registration.save()
     self.approval_token = self.registration.retraction.approval_state[
         self.user._id]['approval_token']
     self.rejection_token = self.registration.retraction.approval_state[
         self.user._id]['rejection_token']
     self.corrupt_token = fake.sentence()
     self.token_without_sanction = tokens.encode({
         'action': 'approve_retraction',
         'user_id': self.user._id,
         'sanction_id': 'invalid id'
     })
Example #49
0
 def setUp(self):
     super(TestEmailFormView, self).setUp()
     self.comment = CommentFactory()
     self.comment.report_abuse(user=AuthUserFactory(),
                               save=True,
                               category='spam')
     self.request = RequestFactory().post('/fake_path')
     self.request.user = UserFactory()
     self.view = EmailFormView()
     self.form = EmailForm(
         data={
             'author': 'Nemo',
             'message': 'A message for spammers.',
             'subject': 'stop spamming',
             'email': ('*****@*****.**', '*****@*****.**')
         })
     self.view = setup_form_view(self.view,
                                 self.request,
                                 self.form,
                                 spam_id=self.comment._id)
Example #50
0
    def setUp(self):
        super(TestPreprintFiltering, self).setUp()
        self.user = AuthUserFactory()
        self.provider = PreprintProviderFactory(name='wwe')
        self.preprint = PreprintFactory(creator=self.user, providers=[self.provider])

        self.preprint.add_tag('nature boy', Auth(self.user), save=False)
        self.preprint.add_tag('ric flair', Auth(self.user), save=False)
        self.preprint.save()

        self.provider_two = PreprintProviderFactory(name='wcw')
        self.preprint_two = PreprintFactory(creator=self.user, filename='woo.txt', providers=[self.provider_two])
        self.preprint_two.add_tag('nature boy', Auth(self.user), save=False)
        self.preprint_two.add_tag('woo', Auth(self.user), save=False)
        self.preprint_two.save()

        self.preprint_three = PreprintFactory(creator=self.user, filename='stonecold.txt', providers=[self.provider])
        self.preprint_three.add_tag('stone', Auth(self.user), save=False)
        self.preprint_two.add_tag('cold', Auth(self.user), save=False)
        self.preprint_three.save()
Example #51
0
 def test_googledrive_oauth_finish(self, mock_session, mock_auth_client_finish, mock_auth_client_userinfo):
     user_no_addon = AuthUserFactory()
     nid = self.project._primary_key
     state = '1234'
     mock_session.data = {
         'googledrive_auth_nid': nid,
         'googledrive_auth_state': state,
     }
     mock_auth_client_finish.return_value = {
         'access_token': '1111',
         'refresh_token': '2222',
         'expires_at': time.time() + 3600,
     }
     mock_auth_client_userinfo.return_value = {
         'sub': 'unique id',
         'name': 'test-user',
     }
     url = api_url_for('googledrive_oauth_finish', user_no_addon.auth, nid=self.project._primary_key, code='1234', state=state)
     res = self.app.get(url)
     assert_is_redirect(res)
Example #52
0
    def setUp(self):
        super(TestCommentRepliesFiltering, self).setUp()
        self.user = AuthUserFactory()
        self.project = ProjectFactory(creator=self.user)
        self.comment = CommentFactory(node=self.project, user=self.user)
        self.reply = CommentFactory(node=self.project,
                                    target=self.comment,
                                    user=self.user)
        self.deleted_reply = CommentFactory(node=self.project,
                                            target=self.comment,
                                            user=self.user,
                                            is_deleted=True)
        self.base_url = '/{}comments/{}/replies/'.format(
            API_BASE, self.comment._id)

        self.formatted_date_created = self.reply.date_created.strftime(
            '%Y-%m-%dT%H:%M:%S.%f')
        self.reply.edit('Edited comment', auth=core.Auth(self.user), save=True)
        self.formatted_date_modified = self.reply.date_modified.strftime(
            '%Y-%m-%dT%H:%M:%S.%f')
Example #53
0
class TestGoogleDriveHgridViews(OsfTestCase):
    def setUp(self):
        super(TestGoogleDriveHgridViews, self).setUp()
        self.account = GoogleDriveAccountFactory()
        self.user = AuthUserFactory(external_accounts=[self.account])
        self.user_settings = self.user.get_or_add_addon('googledrive')
        self.project = ProjectFactory(creator=self.user)
        self.project.add_addon('googledrive', Auth(self.user))
        self.node_settings = self.project.get_addon('googledrive')
        self.node_settings.user_settings = self.user_settings
        self.user_settings.save()
        self.node_settings.save()
        # Log user in
        self.app.authenticate(*self.user.auth)

    @mock.patch.object(GoogleDriveClient, 'folders')
    def test_googledrive_folders(self, mock_drive_client_folders):
        folderId = '12345'
        self.node_settings.set_auth(external_account=self.account,
                                    user=self.user)
        self.node_settings.save()
        mock_drive_client_folders.return_value = sample_folder_data['items']
        url = self.project.api_url_for('googledrive_folders',
                                       folderId=folderId)
        res = self.app.get(url)
        assert_equal(res.status_code, 200)
        assert_equal(len(res.json), len(sample_folder_data['items']))

    @mock.patch(
        'website.addons.googledrive.views.hgrid.GoogleDriveClient.about')
    def test_googledrive_folders_returns_only_root(self, mock_about):
        mock_about.return_value = {'rootFolderId': '24601'}
        self.node_settings.set_auth(external_account=self.account,
                                    user=self.user)
        self.node_settings.save()
        url = self.project.api_url_for('googledrive_folders')
        res = self.app.get(url, auth=self.user.auth)

        assert_equal(len(res.json), 1)
        assert_equal(res.status_code, 200)
        assert_equal(res.json[0]['id'], '24601')
Example #54
0
 def setUp(self):
     super(RegistrationWithChildNodesEmbargoModelTestCase, self).setUp()
     self.user = AuthUserFactory()
     self.auth = self.user.auth
     self.valid_embargo_end_date = datetime.datetime.utcnow(
     ) + datetime.timedelta(days=3)
     self.project = ProjectFactory(title='Root',
                                   is_public=False,
                                   creator=self.user)
     self.component = NodeFactory(creator=self.user,
                                  parent=self.project,
                                  title='Component')
     self.subproject = ProjectFactory(creator=self.user,
                                      parent=self.project,
                                      title='Subproject')
     self.subproject_component = NodeFactory(creator=self.user,
                                             parent=self.subproject,
                                             title='Subcomponent')
     self.registration = RegistrationFactory(project=self.project)
     # Reload the registration; else tests won't catch failures to save
     self.registration.reload()
Example #55
0
    def setUp(self):
        super(TestIdentifierDetail, self).setUp()
        self.user = AuthUserFactory()

        self.registration = RegistrationFactory(creator=self.user,
                                                is_public=True)
        self.registration_identifier = IdentifierFactory(
            referent=self.registration)
        self.registration_url = '/{}identifiers/{}/'.format(
            API_BASE, self.registration_identifier._id)

        self.node = NodeFactory(creator=self.user, is_public=True)
        self.node_identifier = IdentifierFactory(referent=self.node)
        self.node_url = '/{}identifiers/{}/'.format(API_BASE,
                                                    self.node_identifier._id)

        self.registration_res = self.app.get(self.registration_url)
        self.registration_data = self.registration_res.json['data']

        self.node_res = self.app.get(self.node_url)
        self.node_data = self.node_res.json['data']
Example #56
0
    def setUp(self):
        super(TestSearchSerializer, self).setUp()

        self.user = AuthUserFactory()
        self.project = ProjectFactory(creator=self.user, is_public=True)
        self.component = NodeFactory(parent=self.project,
                                     creator=self.user,
                                     is_public=True)
        self.file = utils.create_test_file(self.component, self.user)

        ensure_schemas()
        self.schema = MetaSchema.find_one(
            Q('name', 'eq',
              'Replication Recipe (Brandt et al., 2013): Post-Completion')
            & Q('schema_version', 'eq', LATEST_SCHEMA_VERSION))

        with mock_archive(self.project,
                          autocomplete=True,
                          autoapprove=True,
                          schema=self.schema) as registration:
            self.registration = registration
Example #57
0
    def test_redirect_when_viewing_private_project_file_through_view_only_link(
            self):
        project = ProjectFactory()
        test_file = OsfStorageFile.create(
            is_file=True,
            node=project,
            path='/test',
            name='test',
            materialized_path='/test',
        )
        test_file.save()
        guid = test_file.get_guid(create=True)
        view_only_link = self._add_private_link(project)

        url = '/{}guids/{}/?view_only={}'.format(API_BASE, guid._id,
                                                 view_only_link.key)
        res = self.app.get(url, auth=AuthUserFactory().auth)
        redirect_url = '{}{}files/{}/?view_only={}'.format(
            API_DOMAIN, API_BASE, test_file._id, view_only_link.key)
        assert_equal(res.status_code, 302)
        assert_equal(res.location, redirect_url)
Example #58
0
 def setUp(self):
     super(TestCampaignsAuthViews, self).setUp()
     self.campaigns = {
         'prereg': {
             'title_register': 'Preregistration Challenge',
             'title_landing': 'Welcome to the Prereg Challenge!'
         },
         'erpc': {
             'title_register':
             'Election Research Preacceptance Competition',
             'title_landing':
             'Welcome to the Election Research Preacceptance Competition!'
         },
     }
     for key, value in self.campaigns.items():
         value.update(
             {'url_login': web_url_for('auth_login', campaign=key)})
         value.update(
             {'url_register': web_url_for('auth_register', campaign=key)})
         value.update({'url_landing': campaigns.campaign_url_for(key)})
     self.user = AuthUserFactory()
Example #59
0
    def test_import_auth_cant_write_node(self):
        ea = self.ExternalAccountFactory()
        user = AuthUserFactory()
        user.add_addon(self.ADDON_SHORT_NAME, auth=Auth(user))
        user.external_accounts.append(ea)
        user.save()

        node = ProjectFactory(creator=self.user)
        node.add_contributor(user, permissions=[permissions.READ], auth=self.auth, save=True)
        node.add_addon(self.ADDON_SHORT_NAME, auth=self.auth)
        node.save()
        url = node.api_url_for('{0}_import_auth'.format(self.ADDON_SHORT_NAME))
        res = self.app.put_json(url, {
            'external_account_id': ea._id
        }, auth=user.auth, expect_errors=True)
        assert_equal(res.status_code, http.FORBIDDEN)
Example #60
0
    def test_linked_nodes_only_return_viewable_nodes(self):
        user = AuthUserFactory()
        new_linking_node = NodeFactory(creator=user)
        self.linked_node.add_contributor(user, auth=self.auth, save=True)
        self.linked_node2.add_contributor(user, auth=self.auth, save=True)
        self.public_node.add_contributor(user, auth=self.auth, save=True)
        new_linking_node.add_pointer(self.linked_node, auth=Auth(user))
        new_linking_node.add_pointer(self.linked_node2, auth=Auth(user))
        new_linking_node.add_pointer(self.public_node, auth=Auth(user))
        new_linking_node.save()
        new_linking_registration = RegistrationFactory(
            project=new_linking_node, creator=self.user)

        res = self.app.get('/{}registrations/{}/linked_nodes/'.format(
            API_BASE, new_linking_registration._id),
                           auth=user.auth)

        assert_equal(res.status_code, 200)
        nodes_returned = [
            linked_node['id'] for linked_node in res.json['data']
        ]
        assert_equal(len(nodes_returned), len(self.node_ids))

        for node_id in self.node_ids:
            assert_in(node_id, nodes_returned)

        self.linked_node2.remove_contributor(user, auth=self.auth)
        self.public_node.remove_contributor(user, auth=self.auth)

        res = self.app.get('/{}registrations/{}/linked_nodes/'.format(
            API_BASE, new_linking_registration._id),
                           auth=user.auth)
        nodes_returned = [
            linked_node['id'] for linked_node in res.json['data']
        ]
        assert_equal(len(nodes_returned), len(self.node_ids) - 1)

        assert_in(self.linked_node._id, nodes_returned)
        assert_in(self.public_node._id, nodes_returned)
        assert_not_in(self.linked_node2._id, nodes_returned)