Exemple #1
0
 def test2_ok_users(self):
     application.connect_db()
     for user in test_normal_users:
         response = yield self.post_user(user)
         #
         # 'user_was_created' is the anchor,
         # that is rendered special for testing in
         # case of successfull user creation,
         # @sa users_management.html file.
         #
         self.assertIn('user_was_created', response)
     logger.info('ok - permit normal users')
Exemple #2
0
    def test2_insert_reports(self):
        application.connect_db()

        tx = yield application.begin()

        user = test_users[-1]
        logged = yield self.login_user(user['email'], user['password'])
        self.assertEqual(logged['name'], user['name'])
        for path, dirs_list, files_list in os.walk('../test_reports'):
            for f_name in files_list:
                if not '.xl' in f_name:
                    continue
                file_path = os.path.join(path, f_name)
                yield self.post_file(logged, file_path)
Exemple #3
0
 def test4_delete_user(self):
     application.connect_db()
     logged = yield self.get_logged()
     client = self.get_client()
     headers = logged['headers']
     user = test_normal_users[0]
     tx = yield application.begin()
     id = yield get_user_by_email(tx, [
         'id',
     ], user['email'])
     id = id['id']
     url = '{}?id={}&action=delete'\
           .format(self.get_url('/users_management'), id)
     response = yield client.fetch(url, headers=headers, method='GET')
     body = response.body.decode('utf-8')
     self.assertIn('user_was_deleted', body)
     self.assertNotIn(user['email'], body)
     yield tx.commit()
     logger.info('ok - user was deleted')
     #
     # Recreate the deleted user.
     #
     yield self.post_user(user)
Exemple #4
0
    def test1_create_users(self):
        application.connect_db()

        tx = yield application.begin()
        yield prepare_tests(tx, sc.db_name, sc.test_db_name)
        #
        # Insert users to testing and ensure the
        # correctness of the insert.
        #
        for user in test_users:
            passwd = user['password']
            salt, pass_hash = sc.generate_password_hash(passwd)
            yield insert_user(tx, user['email'], pass_hash, salt, user['name'],
                              user['rights'])

        for i, user in enumerate(test_users):
            cols = ['id', 'email', 'name', 'rights']
            db_user = yield get_user_by_email(tx, cols, user['email'])
            self.assertEqual(db_user['id'], i + 1)
            self.assertEqual(db_user['email'], user['email'])
            self.assertEqual(db_user['name'], user['name'])
            self.assertEqual(db_user['rights'], user['rights'])

        tx.commit()
Exemple #5
0
    def test5_edit_user(self):
        application.connect_db()
        logged = yield self.get_logged()
        client = self.get_client()
        headers = logged['headers']
        user = test_normal_users[0]
        self.assertEqual(user['name'], 'John Doe 1')
        self.assertEqual(user['email'], '*****@*****.**')
        post = dict(user)
        #
        # Edit email
        #
        tx = yield application.begin()
        id = yield get_user_by_email(tx, [
            'id',
        ], user['email'])
        yield tx.commit()
        id = id['id']
        post['email'] = '*****@*****.**'
        post['action'] = 'edit'
        post['id'] = id
        post['password'] = ''
        post['password-repeat'] = ''
        body = urllib.parse.urlencode(post)
        response = yield client.fetch(self.get_url('/users_management'),
                                      headers=headers,
                                      method='POST',
                                      body=body)
        body = response.body.decode('utf-8')
        self.assertIn('user_was_edited', body)
        self.assertIn(post['email'], body)
        logger.info("ok - user's email is edited")
        user['email'] = post['email']
        #
        # Change email to the existing email. Also we try
        # to change the password, but is must not happen,
        # since the duplicate error occures.
        #
        self.assertGreaterEqual(len(test_normal_users), 1)
        another_user = test_normal_users[1]
        post['email'] = another_user['email']
        post['password'] = '******'
        post['password-repeat'] = 'new_password'
        body = urllib.parse.urlencode(post)
        response = yield client.fetch(self.get_url('/users_management'),
                                      headers=headers,
                                      method='POST',
                                      body=body)
        body = response.body.decode('utf-8')
        self.assertNotIn('user_was_edited', body)
        self.assertIn(ERR_INSERT, body)
        #
        # The user still can login with the old password.
        #
        response = yield self.login_user(user['email'], user['password'])
        self.assertNotIn('error', response)
        self.assertIn('headers', response)
        logger.info("ok - it is forbidden to choose the existing email"\
             " during an user editing")
        #
        # Send the old password as edited.
        #
        post = dict(user)
        post['action'] = 'edit'
        post['id'] = id
        body = urllib.parse.urlencode(post)
        response = yield client.fetch(self.get_url('/users_management'),
                                      headers=headers,
                                      method='POST',
                                      body=body)
        body = response.body.decode('utf-8')
        self.assertIn('user_was_edited', body)
        self.assertIn(post['email'], body)
        #
        # The user still can login.
        #
        response = yield self.login_user(user['email'], user['password'])
        self.assertNotIn('error', response)
        self.assertIn('headers', response)
        logger.info('ok - an user can keep the old password')
        #
        # Try to set incorrect passwords.
        #
        post['password'] = ''  # password-repeat remains.
        body = urllib.parse.urlencode(post)
        response = yield client.fetch(self.get_url('/users_management'),
                                      headers=headers,
                                      method='POST',
                                      body=body)
        body = response.body.decode('utf-8')
        self.assertNotIn('user_was_edited', body)
        self.assertIn(ERR_PASSWORD_ABSENSE, body)

        post['password'] = '******'  # too short password.
        post['password-repeat'] = '123'
        body = urllib.parse.urlencode(post)
        response = yield client.fetch(self.get_url('/users_management'),
                                      headers=headers,
                                      method='POST',
                                      body=body)
        body = response.body.decode('utf-8')
        self.assertNotIn('user_was_edited', body)
        self.assertIn(ERR_PASSWORD_LENGTH, body)

        # Password differs from password-repeat.
        post['password'] = '******'
        post['password-repeat'] = '1234567'
        body = urllib.parse.urlencode(post)
        response = yield client.fetch(self.get_url('/users_management'),
                                      headers=headers,
                                      method='POST',
                                      body=body)
        body = response.body.decode('utf-8')
        self.assertNotIn('user_was_edited', body)
        self.assertIn(ERR_PASSWORD_MATCH, body)
        logger.info('ok - new password can not be invalid')
        #
        # Edit the current user.
        #
        post = {}
        post['email'] = logged['email']
        post['action'] = 'edit'
        post['id'] = logged['id']
        post['see_reports'] = 'on'
        post['upload_reports'] = 'on'
        post['delete_reports'] = 'on'
        post['see_users'] = 'on'
        post['edit_users'] = 'on'
        self.assertNotEqual('Great Admin', logged['name'])
        post['name'] = 'Great Admin'
        body = urllib.parse.urlencode(post)
        response = yield client.fetch(self.get_url('/users_management'),
                                      headers=headers,
                                      method='POST',
                                      body=body)
        body = response.body.decode('utf-8')
        self.assertIn('user_was_edited', body)
        self.assertIn('Вы вошли как <b>%s</b>' % post['name'], body)
        logger.info('ok - edit the current user')
Exemple #6
0
 def test3_test_users_show(self):
     application.connect_db()
     #
     # First, we test the users management page under
     # the admin account.
     #
     logged = yield self.get_logged()
     client = self.get_client()
     headers = logged['headers']
     response = yield client.fetch(self.get_url('/users_management'),
                                   headers=headers,
                                   method='GET')
     body = response.body.decode('utf-8')
     #
     # The user with right on users edit must see the
     # following labels on the page.
     #
     self.assertIn('Управление пользователями', body)
     self.assertNotIn('user_was_created', body)
     self.assertNotIn('user_was_deleted', body)
     self.assertNotIn('user_was_edited', body)
     self.assertIn('Добавить пользователя', body)
     self.assertIn('modal fade user-modal-window', body)
     self.assertIn('Вперед <span aria-hidden="true">&rarr;</span>', body)
     self.assertNotIn('<span aria-hidden="true">&larr;</span> Назад', body)
     logger.info('ok - header of users page, if the current user '\
          'can edit')
     # Check that on the page the correct list of users
     # is showed.
     #
     all_inserted = list(test_normal_users)
     all_inserted.extend(test_users)
     self.assertEqual(len(all_inserted), 12)
     key = lambda x: (not x['name'], x['name'], x['email'])
     all_inserted = sorted(all_inserted, key=key)
     for i, user in enumerate(all_inserted):
         if i >= USERS_ON_PAGE:
             break
         self.assertIn('<td>%s</td>' % user['email'], body)
     logger.info('ok - first page of users list')
     #
     # Try to get the second page.
     #
     url = '%s?page=2' % self.get_url('/users_management')
     response = yield client.fetch(url, headers=headers, method='GET')
     body = response.body.decode('utf-8')
     self.assertNotIn('Вперед <span aria-hidden="true">&rarr;</span>', body)
     self.assertIn('<span aria-hidden="true">&larr;</span> Назад', body)
     for i, user in enumerate(all_inserted):
         if i < USERS_ON_PAGE:
             continue
         if i >= USERS_ON_PAGE * 2:
             break
         self.assertIn('<td>%s</td>' % user['email'], body)
     logger.info('ok - second page of users list')
     #
     # Get incorrect page.
     #
     url = self.get_url('/users_management')
     urls = ['%s?page=-1' % url, '%s?page=abc' % url, '%s?page=1000' % url]
     for url in urls:
         response = yield client.fetch(url, headers=headers, method='GET')
         body = response.body.decode('utf-8')
         self.assertIn(ERR_PAGE_NUMBER, body)
     logger.info('ok - incorrect page numbers')
     #
     # Make incorrect action.
     #
     url = self.get_url('/users_management')
     urls = [
         '%s?action=del' % url,
         '%s?action=create' % url,
         '%s?action=edit' % url,
         '%s?action=^' % url,
         '%s?action=123' % url
     ]
     for url in urls:
         response = yield client.fetch(url, headers=headers, method='GET')
         body = response.body.decode('utf-8')
         self.assertIn(ERR_ACTION, body)
     logger.info('ok - incorrect actions')
Exemple #7
0
 def test1_error_users(self):
     application.connect_db()
     for user in test_error_users:
         response = yield self.post_user(user)
         self.assertIn(user['error'], response)
     logger.info('ok - reject invalid users')
Exemple #8
0
 idle = secret_conf.db_idle_seconds
 conn_timeout = secret_conf.db_connection_timeout
 db_name = secret_conf.db_name
 if args.test:
     db_name = secret_conf.test_db_name
 application.connect_db_args = {
     'max_connections': max_conn,
     'idle_seconds': idle,
     'wait_connection_timeout': conn_timeout,
     'host': secret_conf.db_host,
     'user': secret_conf.db_user,
     'passwd': secret_conf.db_passwd,
     'db': db_name,
     'charset': secret_conf.db_charset
 }
 application.connect_db()
 application.handlers_list = [
     (r'/', MainHandler), (r'/upload', UploadHandler),
     (r'/show_table', ShowHandler), (r'/login', LoginHandler),
     (r'/logout', LogoutHandler), (r'/drop_report', DropHandler),
     (r'/water_consum', WaterConsumHandler),
     (r'/year_plot', YearPlotHandler),
     (r'/get_year_parameter', GetYearParameterHandler),
     (r'/temperature', TemperatureHandler),
     (r'/get_month_parameter', GetMonthParameterHandler),
     (r'/users_management', UsersManagementHandler)
 ]
 application.template_path = 'templates/'
 application.static_path = 'static/'
 application.login_url = '/login'
 logger.setLevel(logging.DEBUG)