def create_user_and_return_id_and_token(self,
roles=[],
suspended=None,
is_internal_user=None,
enabled=None):
# create a user to login with
user = factories.UserFactory(password='******')
user.roles = roles
if suspended is not None:
user.suspended = suspended
if is_internal_user is not None:
user.is_internal_user = is_internal_user
if enabled is not None:
user.enabled = enabled
db_session_users.add(user)
db_session_users.flush()
db_session_users.refresh(user)
# create a token to use for authorization for all api calls for the user created above
seconds_until_expiration = 60 * 60 * 24 * 14
expiration_datetime = dt.datetime.utcnow() + dt.timedelta(
seconds=seconds_until_expiration)
return user, jwt.encode(
{
'user_id': user.id,
'exp': expiration_datetime
}, SECRET_JWT)
def setUp(self):
self.user, self.token = self.create_user_and_return_id_and_token()
# create a second user/token so the user updates tests are independent of all else
self.new_user, self.new_user_token = self.create_user_and_return_id_and_token(
)
self.admin_user, self.admin_user_token = self.create_user_and_return_id_and_token(
roles=['admin'])
self.qa_user, self.qa_user_token = self.create_user_and_return_id_and_token(
roles=['qa'])
self.suspended_user, self.suspended_user_token = self.create_user_and_return_id_and_token(
suspended=True)
self.internal_user, self.internal_user_token = self.create_user_and_return_id_and_token(
is_internal_user=True)
self.contributor_user, self.contributor_user_token = self.create_user_and_return_id_and_token(
roles=['contributor'])
self.unenabled_user, self.unenabled_user_token = self.create_user_and_return_id_and_token(
enabled=False)
api_key = ApiKey({'enabled': True})
api_key.gen_token()
db_session_users.add(api_key)
db_session_users.commit()
db_session_users.refresh(api_key)
self.api_key = api_key
# for the sake of testing populate plans table
add_plans()
# n.b. this should be removed when mainstream news category is launched
os.environ["MAINSTREAM_NEWS_ENABLED"] = "true"
def test_reset_disabled_user(self):
user = factories.UserFactory.build(
first_name=None,
last_name=None,
)
user.enabled = False
user.gen_reset_token()
db_session_users.add(user)
db_session_users.flush()
db_session_users.refresh(user)
req_body = {
'email': user.email,
}
resp = self.client.post(
"/reset",
data=json.dumps(req_body),
)
self.assert200(resp)
updated_user = db_session_users.query(User).filter_by(email=user.email).first()
self.assertEqual(user.reset_token, updated_user.reset_token)
def test_reset(self):
user = factories.UserFactory.build(
first_name=None,
last_name=None,
)
user.enabled = True
user.update_password('foo')
user.properties = {"activation_time": 'foo'}
db_session_users.add(user)
db_session_users.flush()
db_session_users.refresh(user)
req_body = {
'email': user.email,
'password': '******',
}
resp = self.client.post(
"/login",
data=json.dumps(req_body),
)
self.assert200(resp)
req_body = {
'email': user.email,
}
resp = self.client.post(
"/reset",
data=json.dumps(req_body),
)
self.assert200(resp)
# original password still works
req_body = {
'email': user.email,
'password': '******',
}
resp = self.client.post(
"/login",
data=json.dumps(req_body),
)
self.assert200(resp)
# now actually set a new password
req_body = {
'email': user.email,
'new_password': '******',
'token': user.reset_token,
}
resp = self.client.post(
"/activate",
data=json.dumps(req_body),
)
self.assert200(resp)
db_session_users.refresh(user)
self.assertEqual(user.properties['activation_time'], 'foo')
# original password doesn't work
req_body = {
'email': user.email,
'password': '******',
}
resp = self.client.post(
"/login",
data=json.dumps(req_body),
)
self.assert401(resp)
# but the new one does!
req_body = {
'email': user.email,
'password': '******',
}
resp = self.client.post(
"/login",
data=json.dumps(req_body),
)
self.assert200(resp)
def test_login(self):
user = factories.UserFactory.build(
first_name=None,
last_name=None,
)
user.enabled = False
db_session_users.add(user)
db_session_users.flush()
db_session_users.refresh(user)
# test with a disabled account
req_body = {
'email': user.email,
'password': '******',
}
resp = self.client.post(
"/login",
data=json.dumps(req_body),
)
# test that proper error message is sent back, in the case a user is not from a campaign
# but has signed-up with open registration so the msg must contain the term `verified`
user_part_of_campaign = db_session_users.query(
MarketingCampaignUsers).filter_by(id=user.id).first()
if user_part_of_campaign or "invited_by" not in user.properties:
self.assertRegexpMatches(resp.json['error'], r'verified')
# invite a random user
req_body = json.dumps({'email': '*****@*****.**'})
resp = self.client.post(
"/invite",
headers={'Authorization': self.admin_user_token},
data=req_body)
self.assert200(resp)
new_user = db_session_users.query(User).filter_by(
email='*****@*****.**').first()
self.assertFalse(new_user.enabled)
# then have the user login before becoming enabled
req_body = {
'email': '*****@*****.**',
'password': '******',
}
resp = self.client.post(
"/login",
data=json.dumps(req_body),
)
# test that proper error message is sent out, in the case a user is neither from a campaign
# nor has signed-up with open registration, but has been invited so the msg must contain the term `enabled`
self.assertRegexpMatches(resp.json['error'], r'enabled')
# enable but don't set password
user.enabled = True
db_session_users.add(user)
db_session_users.flush()
db_session_users.refresh(user)
req_body = {
'email': user.email,
'password': '',
}
resp = self.client.post(
"/login",
data=json.dumps(req_body),
)
self.assert400(resp)
# set a password and login
user.update_password('foo')
db_session_users.add(user)
db_session_users.flush()
db_session_users.refresh(user)
req_body = {
'email': user.email,
'password': '******',
}
resp = self.client.post(
"/login",
data=json.dumps(req_body),
)
self.assert200(resp)
# make sure bad password is rejected
req_body = {
'email': user.email,
'password': '******',
}
resp = self.client.post(
"/login",
data=json.dumps(req_body),
)
self.assert401(resp)
# now suspend the user and make sure it fails
user.suspended = True
db_session_users.add(user)
db_session_users.flush()
db_session_users.refresh(user)
req_body = {
'email': user.email,
'password': '******',
}
resp = self.client.post(
"/login",
data=json.dumps(req_body),
)
self.assert401(resp)