def test_disable_user(self): # user was not pending assert_equal(M.User.by_username('test-user-3').disabled, False) assert_equal(M.User.by_username('test-user-3').pending, False) r = self.app.get('/nf/admin/user/test-user-3') form = r.forms[0] assert_equal(form['username'].value, 'test-user-3') assert_equal(form['status'].value, 'enable') form['status'].value = 'disable' with td.audits('Account disabled', user=True): r = form.submit() assert_equal(M.AuditLog.query.find().count(), 1) assert_in(u'User disabled', self.webflash(r)) assert_equal(M.User.by_username('test-user-3').disabled, True) assert_equal(M.User.by_username('test-user-3').pending, False) # user was pending user = M.User.by_username('test-user-3') user.disabled = False user.pending = True ThreadLocalORMSession.flush_all() assert_equal(M.User.by_username('test-user-3').disabled, False) assert_equal(M.User.by_username('test-user-3').pending, True) r = self.app.get('/nf/admin/user/test-user-3') form = r.forms[0] assert_equal(form['username'].value, 'test-user-3') assert_equal(form['status'].value, 'pending') form['status'].value = 'disable' with td.audits('Account disabled', user=True): r = form.submit() assert_equal(M.AuditLog.query.find().count(), 1) assert_in(u'User disabled', self.webflash(r)) assert_equal(M.User.by_username('test-user-3').disabled, True) assert_equal(M.User.by_username('test-user-3').pending, True)
def test_emails(self): # add [email protected] with td.audits('New email address: [email protected]', user=True): r = self.app.post('/nf/admin/user/update_emails', params={ 'username': '******', 'new_addr.addr': '*****@*****.**', 'new_addr.claim': 'Claim Address', 'primary_addr': '*****@*****.**'}, extra_environ=dict(username='******')) r = self.app.get('/nf/admin/user/test-user') assert_in('*****@*****.**', r) em = M.EmailAddress.get(email='*****@*****.**') assert_equal(em.confirmed, True) user = M.User.query.get(username='******') assert_equal(user.get_pref('email_address'), '*****@*****.**') # add [email protected] with td.audits('New email address: [email protected]', user=True): r = self.app.post('/nf/admin/user/update_emails', params={ 'username': '******', 'new_addr.addr': '*****@*****.**', 'new_addr.claim': 'Claim Address', 'primary_addr': '*****@*****.**'}, extra_environ=dict(username='******')) r = self.app.get('/nf/admin/user/test-user') assert_in('*****@*****.**', r) em = M.EmailAddress.get(email='*****@*****.**') assert_equal(em.confirmed, True) user = M.User.query.get(username='******') assert_equal(user.get_pref('email_address'), '*****@*****.**') # change primary: test -> test2 with td.audits('Primary email changed: [email protected] => [email protected]', user=True): r = self.app.post('/nf/admin/user/update_emails', params={ 'username': '******', 'new_addr.addr': '', 'primary_addr': '*****@*****.**'}, extra_environ=dict(username='******')) r = self.app.get('/nf/admin/user/test-user') user = M.User.query.get(username='******') assert_equal(user.get_pref('email_address'), '*****@*****.**') # remove [email protected] with td.audits('Email address deleted: [email protected]', user=True): r = self.app.post('/nf/admin/user/update_emails', params={ 'username': '******', 'addr-1.ord': '1', 'addr-2.ord': '2', 'addr-3.ord': '3', 'addr-3.delete': 'on', 'new_addr.addr': '', 'primary_addr': '*****@*****.**'}, extra_environ=dict(username='******')) r = self.app.get('/nf/admin/user/test-user') user = M.User.query.get(username='******') # [email protected] set as primary since [email protected] is deleted assert_equal(user.get_pref('email_address'), '*****@*****.**')
def test_edit(self): webhook = self.webhooks[0] url = '{}/repo-push/{}'.format(self.url, webhook._id) # change only url data = {'url': 'http://hook.slack.com/abcd'} msg = ('edit webhook repo-push\n' 'http://httpbin.org/post/0 => http://hook.slack.com/abcd\n') with td.audits(msg): r = self.api_post(url, status=200, **data) webhook = M.Webhook.query.get(_id=webhook._id) assert_equal(webhook.hook_url, data['url']) assert_equal(webhook.secret, 'secret-0') expected = { '_id': unicode(webhook._id), 'url': 'http://localhost/rest/adobe/adobe-1/admin' '/src/webhooks/repo-push/{}'.format(webhook._id), 'type': 'repo-push', 'hook_url': data['url'], 'mod_date': unicode(webhook.mod_date), } dd.assert_equal(r.json, expected) # change only secret data = {'secret': 'new-secret'} msg = ('edit webhook repo-push\n' 'http://hook.slack.com/abcd => http://hook.slack.com/abcd\n' 'secret changed') with td.audits(msg): r = self.api_post(url, status=200, **data) webhook = M.Webhook.query.get(_id=webhook._id) assert_equal(webhook.hook_url, 'http://hook.slack.com/abcd') assert_equal(webhook.secret, 'new-secret') expected = { '_id': unicode(webhook._id), 'url': 'http://localhost/rest/adobe/adobe-1/admin' '/src/webhooks/repo-push/{}'.format(webhook._id), 'type': 'repo-push', 'hook_url': 'http://hook.slack.com/abcd', 'mod_date': unicode(webhook.mod_date), } dd.assert_equal(r.json, expected)
def test_create(self): assert_equal(M.Webhook.query.find().count(), 0) r = self.app.get(self.url) assert_in('<h1>repo-push</h1>', r) assert_not_in('http://httpbin.org/post', r) data = {'url': u'http://httpbin.org/post', 'secret': ''} msg = 'add webhook repo-push {} {}'.format( data['url'], self.git.config.url()) with td.audits(msg): r = self.create_webhook(data).follow() assert_in('http://httpbin.org/post', r) hooks = M.Webhook.query.find().all() assert_equal(len(hooks), 1) assert_equal(hooks[0].type, 'repo-push') assert_equal(hooks[0].hook_url, 'http://httpbin.org/post') assert_equal(hooks[0].app_config_id, self.git.config._id) assert_equal(hooks[0].secret, 'super-secret') # Try to create duplicate with td.out_audits(msg): r = self.app.post(self.url + '/repo-push/create', data) self.find_error(r, '_the_form', '"repo-push" webhook already exists for Git http://httpbin.org/post') assert_equal(M.Webhook.query.find().count(), 1)
def test_disable_user(self): user = Mock(disabled=False, __ming__=Mock(), is_anonymous=lambda: False, _id=ObjectId()) c.user = Mock(username='******') with audits('Account disabled', user=True, actor='test-admin'): self.provider.disable_user(user) ThreadLocalORMSession.flush_all() assert_equal(user.disabled, True)
def test_create(self): assert_equal(M.Webhook.query.find().count(), 0) r = self.app.get(self.url) assert_in('<h1>repo-push</h1>', r) assert_not_in('http://httpbin.org/post', r) data = {'url': u'http://httpbin.org/post', 'secret': ''} msg = 'add webhook repo-push {} {}'.format(data['url'], self.git.config.url()) with td.audits(msg): r = self.create_webhook(data).follow() assert_in('http://httpbin.org/post', r) hooks = M.Webhook.query.find().all() assert_equal(len(hooks), 1) assert_equal(hooks[0].type, 'repo-push') assert_equal(hooks[0].hook_url, 'http://httpbin.org/post') assert_equal(hooks[0].app_config_id, self.git.config._id) assert_equal(hooks[0].secret, 'super-secret') # Try to create duplicate with td.out_audits(msg): r = self.app.post(self.url + '/repo-push/create', data) self.find_error( r, '_the_form', '"repo-push" webhook already exists for Git http://httpbin.org/post' ) assert_equal(M.Webhook.query.find().count(), 1)
def test_send_password_reset_link(self, gen_message_id, sendmail): user = M.User.by_username('test-user') user.set_pref('email_address', '*****@*****.**') M.EmailAddress(email='*****@*****.**', confirmed=True, claimed_by_user_id=user._id) ThreadLocalORMSession.flush_all() with td.audits('Password recovery link sent to: [email protected]', user=True): r = self.app.post('/nf/admin/user/send_password_reset_link', params={'username': '******'}) hash = user.get_tool_data('AuthPasswordReset', 'hash') text = '''Your username is test-user To update your password on %s, please visit the following URL: %s/auth/forgotten_password/%s''' % (config['site_name'], config['base_url'], hash) sendmail.post.assert_called_once_with( sender='noreply@localhost', toaddr='*****@*****.**', fromaddr='"{}" <{}>'.format(config['site_name'], config['forgemail.return_path']), reply_to=config['forgemail.return_path'], subject='Allura Password recovery', message_id=gen_message_id(), text=text)
def test_create(self): assert_equal(M.Webhook.query.find().count(), len(self.webhooks)) data = {u'url': u'http://hook.slack.com/abcd'} limit = json.dumps({'git': 10}) with h.push_config(config, **{'webhook.repo_push.max_hooks': limit}): msg = 'add webhook repo-push {} {}'.format(data['url'], self.git.config.url()) with td.audits(msg): r = self.api_post(self.url + '/repo-push', status=201, **data) webhook = M.Webhook.query.get(hook_url=data['url']) assert_equal(webhook.secret, 'super-secret') # secret generated expected = { '_id': unicode(webhook._id), 'url': 'http://localhost/rest/adobe/adobe-1/admin' '/src/webhooks/repo-push/{}'.format(webhook._id), 'type': 'repo-push', 'hook_url': data['url'], 'mod_date': unicode(webhook.mod_date), } dd.assert_equal(r.json, expected) assert_equal(M.Webhook.query.find().count(), len(self.webhooks) + 1)
def test_make_password_reset_url(self): with td.audits( 'Generated new password reset URL and shown to admin user', user=True): r = self.app.post('/nf/admin/user/make_password_reset_url', params={'username': '******'}) user = M.User.by_username('test-user') hash = user.get_tool_data('AuthPasswordReset', 'hash') assert_in(hash, r.text)
def test_delete(self): assert_equal(M.Webhook.query.find().count(), 3) webhook = self.webhooks[0] url = '{}/repo-push/{}'.format(self.url, webhook._id) msg = 'delete webhook repo-push {} {}'.format( webhook.hook_url, self.git.config.url()) with td.audits(msg): r = self.api_delete(url, status=200) dd.assert_equal(r.json, {u'result': u'ok'}) assert_equal(M.Webhook.query.find().count(), 2) assert_equal(M.Webhook.query.get(_id=webhook._id), None)
def test_delete(self): assert_equal(M.Webhook.query.find().count(), 3) webhook = self.webhooks[0] url = '{}/repo-push/{}'.format(self.url, webhook._id) msg = 'delete webhook repo-push {} {}'.format(webhook.hook_url, self.git.config.url()) with td.audits(msg): r = self.api_delete(url, status=200) dd.assert_equal(r.json, {u'result': u'ok'}) assert_equal(M.Webhook.query.find().count(), 2) assert_equal(M.Webhook.query.get(_id=webhook._id), None)
def test_delete(self): data = {'url': u'http://httpbin.org/post', 'secret': u'secret'} self.create_webhook(data).follow() assert_equal(M.Webhook.query.find().count(), 1) wh = M.Webhook.query.get(hook_url=data['url']) data = {'webhook': unicode(wh._id)} msg = 'delete webhook repo-push {} {}'.format(wh.hook_url, self.git.config.url()) with td.audits(msg): r = self.app.post(self.url + '/repo-push/delete', data) assert_equal(r.json, {'status': 'ok'}) assert_equal(M.Webhook.query.find().count(), 0)
def test_user_icon(self): file_name = 'neo-icon-set-454545-256x350.png' file_path = os.path.join(allura.__path__[0], 'nf', 'allura', 'images', file_name) file_data = file(file_path).read() upload = ('icon', file_name, file_data) with td.audits('update project icon'): self.app.post('/u/test-admin/admin/update', params=dict( name='Test Project', shortname='test', short_description='A Test Project'), upload_files=[upload]) r = self.app.get('/u/test-admin/user_icon') assert_equal(r.content_type, 'image/png')
def test_delete(self): data = {'url': u'http://httpbin.org/post', 'secret': u'secret'} self.create_webhook(data).follow() assert_equal(M.Webhook.query.find().count(), 1) wh = M.Webhook.query.get(hook_url=data['url']) data = {'webhook': unicode(wh._id)} msg = 'delete webhook repo-push {} {}'.format( wh.hook_url, self.git.config.url()) with td.audits(msg): r = self.app.post(self.url + '/repo-push/delete', data) assert_equal(r.json, {'status': 'ok'}) assert_equal(M.Webhook.query.find().count(), 0)
def test_user_icon(self): file_name = 'neo-icon-set-454545-256x350.png' file_path = os.path.join(allura.__path__[0], 'nf', 'allura', 'images', file_name) file_data = open(file_path, 'rb').read() upload = ('icon', file_name, file_data) with td.audits('update project icon'): self.app.post('/u/test-admin/admin/update', params=dict(name='Test Project', shortname='test', short_description='A Test Project'), upload_files=[upload]) r = self.app.get('/u/test-admin/user_icon') assert_equal(r.content_type, 'image/png')
def test_AAAA_WORKAROUND__edit(self): """ This must run first in this test class for unknown reasons ever since https://github.com/TurboGears/tg2/commit/02fb49b14e70fdd8ac16973488fb3637e5e59114 If any test runs the self.app.post from create_webhook before this one, then this test will fail on: with td.audits(msg): r = form.submit() because WebhookValidator's `value` will be "create" instead of an objectid str Maybe something to do with WebhookControllerMeta setup of `validate` decorators? """ data1 = {'url': 'http://httpbin.org/post', 'secret': 'secret'} data2 = {'url': 'http://example.com/hook', 'secret': 'secret2'} self.create_webhook(data1).follow() self.create_webhook(data2).follow() assert_equal(M.Webhook.query.find().count(), 2) wh1 = M.Webhook.query.get(hook_url=data1['url']) r = self.app.get(self.url + '/repo-push/%s' % wh1._id) form = r.forms[0] assert_equal(form['url'].value, data1['url']) assert_equal(form['secret'].value, data1['secret']) assert_equal(form['webhook'].value, six.text_type(wh1._id)) form['url'] = 'http://host.org/hook' form['secret'] = 'new secret' msg = 'edit webhook repo-push\n{} => {}\n{}'.format( data1['url'], form['url'].value, 'secret changed') with td.audits(msg): r = form.submit() wf = json.loads(self.webflash(r)) assert_equal(wf['status'], 'ok') assert_equal(wf['message'], 'Edited successfully') assert_equal(M.Webhook.query.find().count(), 2) wh1 = M.Webhook.query.get(_id=wh1._id) assert_equal(wh1.hook_url, 'http://host.org/hook') assert_equal(wh1.app_config_id, self.git.config._id) assert_equal(wh1.secret, 'new secret') assert_equal(wh1.type, 'repo-push') # Duplicates r = self.app.get(self.url + '/repo-push/%s' % wh1._id) form = r.forms[0] form['url'] = data2['url'] r = form.submit() self.find_error( r, '_the_form', '"repo-push" webhook already exists for Git http://example.com/hook', form_type='edit')
def test_AAAA_WORKAROUND__edit(self): """ This must run first in this test class for unknown reasons ever since https://github.com/TurboGears/tg2/commit/02fb49b14e70fdd8ac16973488fb3637e5e59114 If any test runs the self.app.post from create_webhook before this one, then this test will fail on: with td.audits(msg): r = form.submit() because WebhookValidator's `value` will be "create" instead of an objectid str Maybe something to do with WebhookControllerMeta setup of `validate` decorators? """ data1 = {'url': u'http://httpbin.org/post', 'secret': u'secret'} data2 = {'url': u'http://example.com/hook', 'secret': u'secret2'} self.create_webhook(data1).follow() self.create_webhook(data2).follow() assert_equal(M.Webhook.query.find().count(), 2) wh1 = M.Webhook.query.get(hook_url=data1['url']) r = self.app.get(self.url + '/repo-push/%s' % wh1._id) form = r.forms[0] assert_equal(form['url'].value, data1['url']) assert_equal(form['secret'].value, data1['secret']) assert_equal(form['webhook'].value, unicode(wh1._id)) form['url'] = 'http://host.org/hook' form['secret'] = 'new secret' msg = 'edit webhook repo-push\n{} => {}\n{}'.format( data1['url'], form['url'].value, 'secret changed') with td.audits(msg): r = form.submit() wf = json.loads(self.webflash(r)) assert_equal(wf['status'], 'ok') assert_equal(wf['message'], 'Edited successfully') assert_equal(M.Webhook.query.find().count(), 2) wh1 = M.Webhook.query.get(_id=wh1._id) assert_equal(wh1.hook_url, 'http://host.org/hook') assert_equal(wh1.app_config_id, self.git.config._id) assert_equal(wh1.secret, 'new secret') assert_equal(wh1.type, 'repo-push') # Duplicates r = self.app.get(self.url + '/repo-push/%s' % wh1._id) form = r.forms[0] form['url'] = data2['url'] r = form.submit() self.find_error(r, '_the_form', u'"repo-push" webhook already exists for Git http://example.com/hook', form_type='edit')
def test_send_password_reset_link(self, gen_message_id, sendmail): user = M.User.by_username('test-user') user.set_pref('email_address', '*****@*****.**') M.EmailAddress(email='*****@*****.**', confirmed=True, claimed_by_user_id=user._id) ThreadLocalORMSession.flush_all() with td.audits('Password recovery link sent to: [email protected]', user=True): r = self.app.post('/nf/admin/user/send_password_reset_link', params={'username': '******'}) hash = user.get_tool_data('AuthPasswordReset', 'hash') text = '''Your username is test-user To reset your password on %s, please visit the following URL: %s/auth/forgotten_password/%s''' % (config['site_name'], config['base_url'], hash) sendmail.post.assert_called_once_with( toaddr='*****@*****.**', fromaddr=config['forgemail.return_path'], reply_to=config['forgemail.return_path'], subject='Allura Password recovery', message_id=gen_message_id(), text=text)
def test_create(self): assert_equal(M.Webhook.query.find().count(), len(self.webhooks)) data = {u'url': u'http://hook.slack.com/abcd'} limit = json.dumps({'git': 10}) with h.push_config(config, **{'webhook.repo_push.max_hooks': limit}): msg = 'add webhook repo-push {} {}'.format( data['url'], self.git.config.url()) with td.audits(msg): r = self.api_post(self.url + '/repo-push', status=201, **data) webhook = M.Webhook.query.get(hook_url=data['url']) assert_equal(webhook.secret, 'super-secret') # secret generated expected = { '_id': unicode(webhook._id), 'url': 'http://localhost/rest/adobe/adobe-1/admin' '/src/webhooks/repo-push/{}'.format(webhook._id), 'type': 'repo-push', 'hook_url': data['url'], 'mod_date': unicode(webhook.mod_date), } dd.assert_equal(r.json, expected) assert_equal(M.Webhook.query.find().count(), len(self.webhooks) + 1)
def test_edit(self): data1 = {'url': u'http://httpbin.org/post', 'secret': u'secret'} data2 = {'url': u'http://example.com/hook', 'secret': u'secret2'} self.create_webhook(data1).follow() self.create_webhook(data2).follow() assert_equal(M.Webhook.query.find().count(), 2) wh1 = M.Webhook.query.get(hook_url=data1['url']) r = self.app.get(self.url + '/repo-push/%s' % wh1._id) form = r.forms[0] assert_equal(form['url'].value, data1['url']) assert_equal(form['secret'].value, data1['secret']) assert_equal(form['webhook'].value, unicode(wh1._id)) form['url'] = 'http://host.org/hook' form['secret'] = 'new secret' msg = 'edit webhook repo-push\n{} => {}\n{}'.format( data1['url'], form['url'].value, 'secret changed') with td.audits(msg): r = form.submit() wf = json.loads(self.webflash(r)) assert_equal(wf['status'], 'ok') assert_equal(wf['message'], 'Edited successfully') assert_equal(M.Webhook.query.find().count(), 2) wh1 = M.Webhook.query.get(_id=wh1._id) assert_equal(wh1.hook_url, 'http://host.org/hook') assert_equal(wh1.app_config_id, self.git.config._id) assert_equal(wh1.secret, 'new secret') assert_equal(wh1.type, 'repo-push') # Duplicates r = self.app.get(self.url + '/repo-push/%s' % wh1._id) form = r.forms[0] form['url'] = data2['url'] r = form.submit() self.find_error(r, '_the_form', u'"repo-push" webhook already exists for Git http://example.com/hook', form_type='edit')
def test_edit(self): data1 = {'url': u'http://httpbin.org/post', 'secret': u'secret'} data2 = {'url': u'http://example.com/hook', 'secret': u'secret2'} self.create_webhook(data1).follow() self.create_webhook(data2).follow() assert_equal(M.Webhook.query.find().count(), 2) wh1 = M.Webhook.query.get(hook_url=data1['url']) r = self.app.get(self.url + '/repo-push/%s' % wh1._id) form = r.forms[1] assert_equal(form['url'].value, data1['url']) assert_equal(form['secret'].value, data1['secret']) assert_equal(form['webhook'].value, unicode(wh1._id)) form['url'] = 'http://host.org/hook' form['secret'] = 'new secret' msg = 'edit webhook repo-push\n{} => {}\n{}'.format( data1['url'], form['url'].value, 'secret changed') with td.audits(msg): r = form.submit() wf = json.loads(self.webflash(r)) assert_equal(wf['status'], 'ok') assert_equal(wf['message'], 'Edited successfully') assert_equal(M.Webhook.query.find().count(), 2) wh1 = M.Webhook.query.get(_id=wh1._id) assert_equal(wh1.hook_url, 'http://host.org/hook') assert_equal(wh1.app_config_id, self.git.config._id) assert_equal(wh1.secret, 'new secret') assert_equal(wh1.type, 'repo-push') # Duplicates r = self.app.get(self.url + '/repo-push/%s' % wh1._id) form = r.forms[1] form['url'] = data2['url'] r = form.submit() self.find_error( r, '_the_form', u'"repo-push" webhook already exists for Git http://example.com/hook', form_type='edit')
def test_set_random_password(self, set_password): with td.audits('Set random password', user=True, actor='test-admin'): r = self.app.post('/nf/admin/user/set_random_password', params={'username': '******'}) assert_in('Password is set', self.webflash(r)) assert_equal(set_password.call_count, 1)
def test_set_random_password(self, set_password): with td.audits('Set random password', user=True, actor='test-admin'): r = self.app.post('/nf/admin/user/set_random_password', params={'username': '******'}) assert_in('Password is set', self.webflash(r)) set_password.assert_called_once()