Example #1
0
    def test_post_redirects_user(self, pyramid_request, expected_next_url,
                                 observed_next_url):
        pyramid_request.method = "POST"

        pyramid_request.POST["next"] = expected_next_url

        result = views.logout(pyramid_request)

        assert isinstance(result, HTTPSeeOther)
        assert result.headers["Location"] == observed_next_url
Example #2
0
    def test_post_redirects_user(self, pyramid_request, expected_next_url,
                                 observed_next_url):
        pyramid_request.user = pretend.stub()
        pyramid_request.method = "POST"
        pyramid_request.POST["next"] = expected_next_url

        result = views.logout(pyramid_request)

        assert isinstance(result, HTTPSeeOther)
        assert result.headers["Location"] == observed_next_url
Example #3
0
    def test_get_returns_empty(self, pyramid_request, next_url):
        if next_url is not None:
            pyramid_request.GET["next"] = next_url

        assert views.logout(pyramid_request) == {
            "redirect": {
                "field": "next",
                "data": next_url
            }
        }
Example #4
0
    def test_get_redirects_anonymous_user(self, pyramid_request,
                                          expected_next_url,
                                          observed_next_url):
        pyramid_request.user = None
        pyramid_request.method = "GETT"
        pyramid_request.GET["next"] = expected_next_url

        result = views.logout(pyramid_request)

        assert isinstance(result, HTTPSeeOther)
        assert result.headers["Location"] == observed_next_url
Example #5
0
def test_user_logout_get(app):
    request = pretend.stub(
        method="GET",
        values={},
        _session=Session({"user.id": 1}, "1234", False),
    )

    resp = logout(app, request)

    assert resp.status_code == 200
    assert resp.response.template.name == "accounts/logout.html"
    assert resp.response.context == {"next": None}
Example #6
0
def test_user_logout_get(app):
    request = pretend.stub(
        method="GET",
        values={},
        _session=Session({"user.id": 1}, "1234", False),
    )

    resp = logout(app, request)

    assert resp.status_code == 200
    assert resp.response.template.name == "accounts/logout.html"
    assert resp.response.context == {"next": None}
Example #7
0
    def test_post_forgets_user(self, monkeypatch, pyramid_request):
        forget = pretend.call_recorder(lambda request: [("foo", "bar")])
        monkeypatch.setattr(views, "forget", forget)

        pyramid_request.method = "POST"
        pyramid_request.session = pretend.stub(
            invalidate=pretend.call_recorder(lambda: None))

        result = views.logout(pyramid_request)

        assert isinstance(result, HTTPSeeOther)
        assert result.headers["Location"] == "/"
        assert result.headers["foo"] == "bar"
        assert forget.calls == [pretend.call(pyramid_request)]
        assert pyramid_request.session.invalidate.calls == [pretend.call()]
Example #8
0
    def test_post_forgets_user(self, monkeypatch, pyramid_request):
        forget = pretend.call_recorder(lambda request: [("foo", "bar")])
        monkeypatch.setattr(views, "forget", forget)

        pyramid_request.method = "POST"
        pyramid_request.session = pretend.stub(
            invalidate=pretend.call_recorder(lambda: None),
        )

        result = views.logout(pyramid_request)

        assert isinstance(result, HTTPSeeOther)
        assert result.headers["Location"] == "/"
        assert result.headers["foo"] == "bar"
        assert forget.calls == [pretend.call(pyramid_request)]
        assert pyramid_request.session.invalidate.calls == [pretend.call()]
Example #9
0
    def delete_account(self):
        username = self.request.params.get('confirm_username')

        if not username:
            self.request.session.flash(
                "Must confirm the request.", queue='error'
            )
            return self.default_response

        if username != self.request.user.username:
            self.request.session.flash(
                f"Could not delete account - {username!r} is not the same as "
                f"{self.request.user.username!r}",
                queue='error'
            )
            return self.default_response

        if self.active_projects:
            self.request.session.flash(
                "Cannot delete account with active project ownerships.",
                queue='error',
            )
            return self.default_response

        # Update all journals to point to `deleted-user` instead
        deleted_user = (
            self.request.db.query(User)
            .filter(User.username == 'deleted-user')
            .one()
        )

        journals = (
            self.request.db.query(JournalEntry)
            .filter(JournalEntry.submitted_by == self.request.user)
            .all()
        )

        for journal in journals:
            journal.submitted_by = deleted_user

        # Send a notification email
        send_account_deletion_email(self.request, self.request.user)

        # Actually delete the user
        self.request.db.delete(self.request.user)

        return logout(self.request)
Example #10
0
    def delete_account(self):
        username = self.request.params.get('confirm_username')

        if not username:
            self.request.session.flash(
                "Must confirm the request", queue='error'
            )
            return self.default_response

        if username != self.request.user.username:
            self.request.session.flash(
                f"Could not delete account - {username!r} is not the same as "
                f"{self.request.user.username!r}",
                queue='error'
            )
            return self.default_response

        if self.active_projects:
            self.request.session.flash(
                "Cannot delete account with active project ownerships",
                queue='error',
            )
            return self.default_response

        # Update all journals to point to `deleted-user` instead
        deleted_user = (
            self.request.db.query(User)
            .filter(User.username == 'deleted-user')
            .one()
        )

        journals = (
            self.request.db.query(JournalEntry)
            .filter(JournalEntry.submitted_by == self.request.user)
            .all()
        )

        for journal in journals:
            journal.submitted_by = deleted_user

        # Send a notification email
        send_account_deletion_email(self.request, self.request.user)

        # Actually delete the user
        self.request.db.delete(self.request.user)

        return logout(self.request)
Example #11
0
    def delete_account(self):
        confirm_password = self.request.params.get("confirm_password")
        if not confirm_password:
            self.request.session.flash("Confirm the request", queue="error")
            return self.default_response

        form = ConfirmPasswordForm(
            password=confirm_password,
            username=self.request.user.username,
            user_service=self.user_service,
        )

        if not form.validate():
            self.request.session.flash(
                f"Could not delete account - Invalid credentials. Please try again.",
                queue="error",
            )
            return self.default_response

        if self.active_projects:
            self.request.session.flash(
                "Cannot delete account with active project ownerships", queue="error"
            )
            return self.default_response

        # Update all journals to point to `deleted-user` instead
        deleted_user = (
            self.request.db.query(User).filter(User.username == "deleted-user").one()
        )

        journals = (
            self.request.db.query(JournalEntry)
            .options(joinedload("submitted_by"))
            .filter(JournalEntry.submitted_by == self.request.user)
            .all()
        )

        for journal in journals:
            journal.submitted_by = deleted_user

        # Send a notification email
        send_account_deletion_email(self.request, self.request.user)

        # Actually delete the user
        self.request.db.delete(self.request.user)

        return logout(self.request)
Example #12
0
def test_user_logout_post(values, location):
    app = pretend.stub(config=pretend.stub())
    request = pretend.stub(
        method="POST",
        host="example.com",
        values=values,
        url_adapter=pretend.stub(build=lambda *a, **kw: "/",
                                 ),
        _session=Session({"user.id": 1}, "1234", False),
    )

    resp = logout(app, request)

    assert resp.status_code == 303
    assert resp.headers["Location"] == location
    assert resp.headers.getlist("Set-Cookie") == [
        "username=; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Path=/",
    ]
    assert request._session.deleted
Example #13
0
def test_user_logout_post(values, location):
    app = pretend.stub(config=pretend.stub())
    request = pretend.stub(
        method="POST",
        host="example.com",
        values=values,
        url_adapter=pretend.stub(
            build=lambda *a, **kw: "/",
        ),
        _session=Session({"user.id": 1}, "1234", False),
    )

    resp = logout(app, request)

    assert resp.status_code == 303
    assert resp.headers["Location"] == location
    assert resp.headers.getlist("Set-Cookie") == [
        "username=; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Path=/",
    ]
    assert request._session.deleted
Example #14
0
def test_user_logout_get():
    app = pretend.stub(
        config=pretend.stub(),
        templates=pretend.stub(
            get_template=pretend.call_recorder(
                lambda t: pretend.stub(render=lambda **ctx: ""),
            ),
        ),
    )
    request = pretend.stub(
        method="GET",
        values={},
        _session=Session({"user.id": 1}, "1234", False),
    )

    resp = logout(app, request)

    assert resp.status_code == 200
    assert app.templates.get_template.calls == [
        pretend.call("accounts/logout.html"),
    ]
Example #15
0
 def test_get_returns_empty(self, pyramid_request):
     assert views.logout(pyramid_request) == {}
Example #16
0
 def test_get_returns_empty(self, pyramid_request):
     assert views.logout(pyramid_request) == {}
Example #17
0
    def test_get_returns_empty(self, pyramid_request, next_url):
        if next_url is not None:
            pyramid_request.GET["next"] = next_url

        assert views.logout(pyramid_request) == \
            {"redirect": {"field": "next", "data": next_url}}