def test_total_users_count(self): """Test total_users return 1 if there is one user""" UserFactory.create() count = self.user_repo.total_users() assert count == 1, count
def test_user_not_allowed_actions_user(self, caching_mock): """Test POST, PUT and DELETE for USER actions are not allowed for user in the API""" clean_user_mock = MagicMock() caching_mock.get.return_value = dict(refresh=clean_user_mock) admin = UserFactory.create() auth = UserFactory.create() user = UserFactory.create() url = 'api/user' res = self.app.post(url + '?api_key=%s' % auth.api_key, data=json.dumps(user.to_public_json())) data = json.loads(res.data) assert res.status_code == 405, res.status_code assert data['status_code'] == 405, data # Update another user url += '/%s' % user.id res = self.app.put(url + '?api_key=%s' % auth.api_key, data=json.dumps(dict(name='new'))) assert res.status_code == 403, res.data res = self.app.delete(url + '?apikey=%s' % auth.api_key) assert res.status_code == 405, res.status_code # Update the same user url = 'api/user/%s' % auth.id res = self.app.put(url + '?api_key=%s' % auth.api_key, data=json.dumps(dict(name='new'))) data = json.loads(res.data) assert res.status_code == 200, res.data assert data['name'] == 'new', data clean_user_mock.assert_called_with(data['id'])
def test_org_decline_invitation(self): user_a = UserFactory.create(email="*****@*****.**") user_b = UserFactory.create(email="*****@*****.**") org = create_sample_organization(user_a, org_kwargs={ 'name': u"My first org", }) project = create_sample_project(user_a, project_kwargs={ 'org': org }) auth = AuthorizationAssociation.objects.create( org=org, user=user_b, is_active=False, is_admin=True ) auth_p = AuthorizationAssociation.objects.create( project=project, user=user_b, is_active=False, is_admin=True ) url = reverse("my_notifications") response = self.app.get(url, user=user_b) self.assertContains(response, org.name) form = response.forms['form_decline_{0}'.format(auth.pk)] response = form.submit().follow() self.assertContains(response, "Invitation has been declined") auth_filter = AuthorizationAssociation.objects.filter(pk=auth.pk) self.assertFalse(auth_filter.exists()) auth_filter = AuthorizationAssociation.objects.filter(pk=auth_p.pk) self.assertFalse(auth_filter.exists())
def test_org_accept_invitation(self): user_a = UserFactory.create(email="*****@*****.**") user_b = UserFactory.create(email="*****@*****.**") org = create_sample_organization(user_a, org_kwargs={ 'name': u"My first org", }) project = create_sample_project(user_a, project_kwargs={ 'org': org }) auth = AuthorizationAssociation.objects.create( org=org, user=user_b, is_active=False, is_admin=True ) project.add_user(user_b, is_active=False) project = Project.objects.get(pk=project.pk) self.assertFalse(project.can_read(user_b)) url = reverse("my_notifications") response = self.app.get(url, user=user_b) self.assertContains(response, org.name) form = response.forms['form_accept_{0}'.format(auth.pk)] response = form.submit().follow() self.assertContains(response, "You are now a member of this " "organization") auth = AuthorizationAssociation.objects.get(pk=auth.pk) self.assertTrue(auth.is_active) project = Project.objects.get(pk=project.pk) self.assertTrue(project.can_read(user_b))
def test_parse_post(self): response = '''{"comments": {"can_post": 0, "count": 4}, "date": 1298365200, "from_id": 55555, "geo": {"coordinates": "55.6745689498 37.8724562529", "place": {"city": "Moskovskaya oblast", "country": "Russian Federation", "title": "Shosseynaya ulitsa, Moskovskaya oblast"}, "type": "point"}, "id": 465, "likes": {"can_like": 1, "can_publish": 1, "count": 10, "user_likes": 0}, "online": 1, "post_source": {"type": "api"}, "reply_count": 0, "reposts": {"count": 3, "user_reposted": 0}, "text": "qwerty", "to_id": 201164356} ''' instance = Post() owner = UserFactory.create(remote_id=201164356) # Travis Djangov author = UserFactory.create(remote_id=55555) instance.parse(json.loads(response)) instance.save() self.assertTrue(instance.remote_id.startswith('201164356_')) self.assertEqual(instance.wall_owner, owner) self.assertEqual(instance.author, author) self.assertEqual(instance.reply_count, 0) self.assertEqual(instance.likes, 10) self.assertEqual(instance.reposts, 3) self.assertEqual(instance.comments, 4) self.assertEqual(instance.text, 'qwerty') self.assertTrue(isinstance(instance.date, datetime))
def test_get_total_users_returns_number_of_users(self): expected_number_of_users = 3 UserFactory.create_batch(expected_number_of_users) total_users = cached_users.get_total_users() assert total_users == expected_number_of_users, total_users
def test_taskrun_cannot_be_deleted_associated_result_variation_2(self): """Test API taskrun cannot be deleted when a result is associated variation.""" root = UserFactory.create(admin=True) results = self.create_result(filter_by=True) project = project_repo.get(results[0].project_id) task = task_repo.get_task(results[0].task_id) task.n_answers = 30 task_repo.update(task) volunteer = UserFactory.create() tr_delete = TaskRunFactory.create(task=task, user=volunteer) results = result_repo.filter_by(project_id=project.id, task_id=task.id) assert len(results) == 1, len(results) # Owner for result in results: for tr in result.task_run_ids: url = '/api/taskrun/%s?api_key=%s' % (tr, root.api_key) res = self.app.delete(url) assert_equal(res.status, '403 FORBIDDEN', res.status) url = '/api/taskrun/%s?api_key=%s' % (tr_delete.id, volunteer.api_key) res = self.app.delete(url) assert_equal(res.status, '204 NO CONTENT', res.status)
def test_user_not_allowed_actions_admin (self): """Test POST, PUT and DELETE for ADMIN actions are not allowed for user in the API""" admin = UserFactory.create() auth = UserFactory.create() user = UserFactory.create() url = 'api/user' res = self.app.post(url + '?api_key=%s' % admin.api_key, data=json.dumps(user.to_public_json())) data = json.loads(res.data) assert res.status_code == 405, res.status_code assert data['status_code'] == 405, data # Update another user url += '/%s' % user.id new_info = user.info new_info['foo'] = 'bar' res = self.app.put(url + '?api_key=%s' % admin.api_key, data=json.dumps(dict(name='new', info=new_info))) data = json.loads(res.data) assert res.status_code == 200, res.data assert data['name'] == 'new', data assert data['info']['foo'] == 'bar', data res = self.app.delete(url + '?apikey=%s' % auth.api_key) assert res.status_code == 405, res.status_code # Update the same user url = 'api/user/%s' % admin.id res = self.app.put(url + '?api_key=%s' % admin.api_key, data=json.dumps(dict(name='newadmin'))) data = json.loads(res.data) assert res.status_code == 200, res.data assert data['name'] == 'newadmin', data
def test_order_allocations(app): org = OrganizationFactory.create() u1 = UserFactory.create(organization=org) u2 = UserFactory.create(organization=org) u3 = UserFactory.create(organization=org) vendor = VendorFactory.create() order = Order( ordered_by=u1, vendor=vendor, for_date=date.today(), placed_at=datetime.now(), ) db.session.add(order) db.session.commit() assert order.total_amount == Decimal("0.00") oc1 = OrderContribution(order=order, user=u1, amount=Decimal("10.80")) db.session.add(oc1) db.session.commit() assert order.total_amount == Decimal("10.80") oc2 = OrderContribution(order=order, user=u2, amount=Decimal("2.50")) db.session.add(oc2) db.session.commit() assert order.total_amount == Decimal("13.30") oc3 = OrderContribution(order=order, user=u3, amount=Decimal("4.75")) db.session.add(oc3) db.session.commit() assert order.total_amount == Decimal("18.05")
def test_project_revoke_invitation(self): user_a = UserFactory.create(email="*****@*****.**") user_b = UserFactory.create(email="*****@*****.**") project = create_sample_project(user_a, project_kwargs={ 'name': u"My first project", }) project.add_user(user_b) url = reverse("dashboard") response = self.app.get(url, user=user_b) self.assertContains(response, u"My first project") auth = AuthorizationAssociation.objects.get( project=project, user=user_b ) url = reverse("project_auth_delete", args=(project.pk, auth.pk)) self.app.get(url, user=user_b, status=403) response = self.app.get(url, user=user_a) form = response.forms['delete_form'] response = form.submit().follow() self.assertContains( response, 'User {0} has been revoked.'.format(user_b.email), ) url = reverse("dashboard") response = self.app.get(url, user=user_b) self.assertNotContains(response, u"My first project")
def test_query_post_favorites_auth(self): """Test API POST Favorites works for user.""" user = UserFactory.create() user2 = UserFactory.create() task = TaskFactory.create() url = self.url + '?api_key=%s' % user.api_key res = self.app.post(url, data=json.dumps(dict(task_id=task.id))) data = json.loads(res.data) assert res.status_code == 200, res.status_code assert data['fav_user_ids'] == [user.id], data url = self.url + '?api_key=%s' % user2.api_key res = self.app.post(url, data=json.dumps(dict(task_id=task.id))) data = json.loads(res.data) assert res.status_code == 200, res.status_code assert user.id in data['fav_user_ids'], data assert user2.id in data['fav_user_ids'], data url = self.url + '?api_key=%s' % user2.api_key res = self.app.post(url, data=json.dumps(dict(task_id=4000000000))) data = json.loads(res.data) assert res.status_code == 404, res.status_code assert data['status_code'] == 404, data url = self.url + '?api_key=%s' % user2.api_key res = self.app.post(url, data=json.dumps(dict(task_id=task.id))) data = json.loads(res.data) assert res.status_code == 200, res.status_code assert user.id in data['fav_user_ids'], data assert user2.id in data['fav_user_ids'], data
def test_delete_blogpost(self, mock_delete): """Test API Blogpost delete post (DEL).""" mock_delete.return_value = True admin = UserFactory.create() owner = UserFactory.create() user = UserFactory.create() project = ProjectFactory.create(owner=owner) blogpost = BlogpostFactory.create(project=project) blogpost2 = BlogpostFactory.create(project=project) # As anon url = '/api/blogpost/%s' % blogpost.id res = self.app.delete(url) data = json.loads(res.data) assert res.status_code == 401, res.status_code # As user url = '/api/blogpost/%s?api_key=%s' % (blogpost.id, user.api_key) res = self.app.delete(url) assert res.status_code == 403, res.status_code # As owner url = '/api/blogpost/%s?api_key=%s' % (blogpost.id, owner.api_key) res = self.app.delete(url) assert res.status_code == 204, res.status_code assert mock_delete.called_with(blogpost.info['file_name'], blogpost.info['container']) # As admin url = '/api/blogpost/%s?api_key=%s' % (blogpost2.id, admin.api_key) res = self.app.delete(url) assert res.status_code == 204, res.status_code
def test_user_03_respects_limit_tasks(self): """ Test SCHED newtask respects the limit of 30 TaskRuns per Task""" project = ProjectFactory.create(info=dict(sched='depth_first_all'), owner=UserFactory.create(id=500)) orig_tasks = TaskFactory.create_batch(1, project=project, n_answers=10) user = UserFactory.create() tasks = get_depth_first_all_task(project.id, user.id) assert len(tasks) == 1, len(tasks) assert tasks[0].id == orig_tasks[0].id, tasks assert tasks[0].state == 'ongoing', tasks for i in range(10): tr = TaskRun(project_id=project.id, task_id=orig_tasks[0].id, user_ip='127.0.0.%s' % i) db.session.add(tr) db.session.commit() tasks = get_depth_first_all_task(project.id, user.id) assert len(tasks) == 1, len(tasks) assert tasks[0].id == orig_tasks[0].id, tasks assert tasks[0].state == 'completed', tasks assert len(tasks[0].task_runs) == 10, tasks tr = TaskRun(project_id=project.id, task_id=orig_tasks[0].id, user_id=user.id) db.session.add(tr) db.session.commit() tasks = get_depth_first_all_task(project.id, user.id) assert len(tasks) == 0, tasks
def test_result_post(self): """Test API Result creation""" admin = UserFactory.create() user = UserFactory.create() non_owner = UserFactory.create() project = ProjectFactory.create(owner=user) data = dict(info='final result') # anonymous user # no api-key res = self.app.post('/api/result', data=json.dumps(data)) error_msg = 'Should not be allowed to create' assert_equal(res.status, '401 UNAUTHORIZED', error_msg) ### real user but not allowed as not owner! res = self.app.post('/api/result?api_key=' + non_owner.api_key, data=json.dumps(data)) error_msg = 'Should not be able to post tasks for projects of others' assert_equal(res.status, '403 FORBIDDEN', error_msg) # now a real user res = self.app.post('/api/result?api_key=' + user.api_key, data=json.dumps(data)) assert_equal(res.status, '403 FORBIDDEN', error_msg) # now the root user res = self.app.post('/api/result?api_key=' + admin.api_key, data=json.dumps(data)) assert_equal(res.status, '403 FORBIDDEN', error_msg) # POST with not JSON data url = '/api/result?api_key=%s' % user.api_key res = self.app.post(url, data=data) err = json.loads(res.data) assert res.status_code == 415, err assert err['status'] == 'failed', err assert err['target'] == 'result', err assert err['action'] == 'POST', err assert err['exception_cls'] == 'ValueError', err # POST with not allowed args res = self.app.post(url + '&foo=bar', data=json.dumps(data)) err = json.loads(res.data) assert res.status_code == 415, err assert err['status'] == 'failed', err assert err['target'] == 'result', err assert err['action'] == 'POST', err assert err['exception_cls'] == 'AttributeError', err # POST with fake data data['wrongfield'] = 13 res = self.app.post(url, data=json.dumps(data)) err = json.loads(res.data) assert res.status_code == 415, err assert err['status'] == 'failed', err assert err['target'] == 'result', err assert err['action'] == 'POST', err assert err['exception_cls'] == 'TypeError', err
def test_notify_news_admins(self): user = UserFactory.create(admin=False) user2 = UserFactory.create(admin=False) notify_news_admins() key = "notify:admin:%s" % user2.id value = sentinel.slave.get(key) err_msg = "Key should not exist" assert value is None, err_msg
def test_user_check_duplicated_username(self): # create a user UserFactory.create(username='******') # try to create another user with the same username self.data.update({'username': '******'}) response = self.client.post(reverse('accounts_registration'), self.data) self.assertContains(response, u'Erro ao processar formulário')
def test_admins_can_delete_any_user(self): """Test admins users can delete any given user""" himself = UserFactory.create() other_user = UserFactory.create() assert himself.id == self.mock_admin.id assert other_user.id != self.mock_admin.id assert_not_raises(Exception, getattr(require, 'user').delete, other_user)
def test_get_users(self): tyrion = UserFactory.create(name='Tyrion Lannister') theon = UserFactory.create(name='reek', fullname='Theon Greyjoy') retrieved_users = self.user_repo.get_users([tyrion.id, theon.id]) assert any(user == tyrion for user in retrieved_users) assert any(user == theon for user in retrieved_users)
def test_get_by_returns_none_if_no_user(self): """Test get_by returns None if no user matches the query""" UserFactory.create(name='Tyrion Lannister') user = self.user_repo.get_by(name='no_name') assert user is None, user
def test_admins_can_delete_any_user(self): """Test admins users can delete any given user""" himself = UserFactory.create() other_user = UserFactory.create() assert himself.id == self.mock_admin.id assert other_user.id != self.mock_admin.id assert_not_raises(Exception, ensure_authorized_to, 'delete', other_user)
def test_limits_query(self): """Test API GET limits works""" owner = UserFactory.create() projects = ProjectFactory.create_batch(30, owner=owner) for project in projects: task = TaskFactory.create(project=project) TaskRunFactory.create(task=task) res = self.app.get('/api/project') data = json.loads(res.data) assert len(data) == 20, len(data) res = self.app.get('/api/project?limit=10') data = json.loads(res.data) assert len(data) == 10, len(data) # DEPRECATED res = self.app.get('/api/project?limit=10&offset=10') data = json.loads(res.data) assert len(data) == 10, len(data) assert data[0].get('name') == projects[10].name, data[0] # Keyset pagination url = '/api/project?limit=10&last_id=%s' % projects[9].id res = self.app.get(url) data = json.loads(res.data) assert len(data) == 10, len(data) assert data[0].get('name') == projects[10].name, data[0] res = self.app.get('/api/task') data = json.loads(res.data) assert len(data) == 20, len(data) res = self.app.get('/api/taskrun') data = json.loads(res.data) assert len(data) == 20, len(data) UserFactory.create_batch(30) res = self.app.get('/api/user') data = json.loads(res.data) assert len(data) == 20, len(data) res = self.app.get('/api/user?limit=10') data = json.loads(res.data) assert len(data) == 10, len(data) # DEPRECATED res = self.app.get('/api/user?limit=10&offset=10') data = json.loads(res.data) assert len(data) == 10, len(data) assert data[0].get('name') == 'user11', data res = self.app.get('/api/user?limit=10&last_id=10') data = json.loads(res.data) assert len(data) == 10, len(data) assert data[0].get('name') == 'user11', data
def test_filter_by_no_matches(self): """Test filter_by returns an empty list if no users match the query""" UserFactory.create(name='reek', fullname='Theon Greyjoy') retrieved_users = self.user_repo.filter_by(name='asha') assert isinstance(retrieved_users, list) assert len(retrieved_users) == 0, retrieved_users
def test_result_update(self): """Test API result update""" admin = UserFactory.create() user = UserFactory.create() non_owner = UserFactory.create() data = dict(info=dict(foo='bar')) datajson = json.dumps(data) result = self.create_result(owner=user) ## anonymous res = self.app.put('/api/result/%s' % result.id, data=datajson) assert_equal(res.status, '401 UNAUTHORIZED', res.status) ### real user but not allowed as not owner! url = '/api/result/%s?api_key=%s' % (result.id, non_owner.api_key) res = self.app.put(url, data=datajson) assert_equal(res.status, '403 FORBIDDEN', res.status) ### real user url = '/api/result/%s?api_key=%s' % (result.id, user.api_key) res = self.app.put(url, data=datajson) out = json.loads(res.data) assert_equal(res.status, '200 OK', res.data) assert_equal(result.info['foo'], data['info']['foo']) assert result.id == out['id'], out ### root res = self.app.put('/api/result/%s?api_key=%s' % (result.id, admin.api_key), data=datajson) assert_equal(res.status, '403 FORBIDDEN', res.status) # PUT with not JSON data res = self.app.put(url, data=None) err = json.loads(res.data) assert res.status_code == 415, err assert err['status'] == 'failed', err assert err['target'] == 'result', err assert err['action'] == 'PUT', err assert err['exception_cls'] == 'ValueError', err # PUT with not allowed args res = self.app.put(url + "&foo=bar", data=json.dumps(data)) err = json.loads(res.data) assert res.status_code == 415, err assert err['status'] == 'failed', err assert err['target'] == 'result', err assert err['action'] == 'PUT', err assert err['exception_cls'] == 'AttributeError', err # PUT with fake data data['wrongfield'] = 13 res = self.app.put(url, data=json.dumps(data)) err = json.loads(res.data) assert res.status_code == 415, err assert err['status'] == 'failed', err assert err['target'] == 'result', err assert err['action'] == 'PUT', err assert err['exception_cls'] == 'TypeError', err
def test_result_update(self): """Test API result update""" admin = UserFactory.create() user = UserFactory.create() non_owner = UserFactory.create() data = dict(info=dict(foo="bar")) datajson = json.dumps(data) result = self.create_result(owner=user) ## anonymous res = self.app.put("/api/result/%s" % result.id, data=datajson) assert_equal(res.status, "401 UNAUTHORIZED", res.status) ### real user but not allowed as not owner! url = "/api/result/%s?api_key=%s" % (result.id, non_owner.api_key) res = self.app.put(url, data=datajson) assert_equal(res.status, "403 FORBIDDEN", res.status) ### real user url = "/api/result/%s?api_key=%s" % (result.id, user.api_key) res = self.app.put(url, data=datajson) out = json.loads(res.data) assert_equal(res.status, "200 OK", res.data) assert_equal(result.info["foo"], data["info"]["foo"]) assert result.id == out["id"], out ### root res = self.app.put("/api/result/%s?api_key=%s" % (result.id, admin.api_key), data=datajson) assert_equal(res.status, "403 FORBIDDEN", res.status) # PUT with not JSON data res = self.app.put(url, data=None) err = json.loads(res.data) assert res.status_code == 415, err assert err["status"] == "failed", err assert err["target"] == "result", err assert err["action"] == "PUT", err assert err["exception_cls"] == "ValueError", err # PUT with not allowed args res = self.app.put(url + "&foo=bar", data=json.dumps(data)) err = json.loads(res.data) assert res.status_code == 415, err assert err["status"] == "failed", err assert err["target"] == "result", err assert err["action"] == "PUT", err assert err["exception_cls"] == "AttributeError", err # PUT with fake data data["wrongfield"] = 13 res = self.app.put(url, data=json.dumps(data)) err = json.loads(res.data) assert res.status_code == 415, err assert err["status"] == "failed", err assert err["target"] == "result", err assert err["action"] == "PUT", err assert err["exception_cls"] == "TypeError", err
def test_result_post(self): """Test API Result creation""" admin = UserFactory.create() user = UserFactory.create() non_owner = UserFactory.create() project = ProjectFactory.create(owner=user) data = dict(info="final result") # anonymous user # no api-key res = self.app.post("/api/result", data=json.dumps(data)) error_msg = "Should not be allowed to create" assert_equal(res.status, "401 UNAUTHORIZED", error_msg) ### real user but not allowed as not owner! res = self.app.post("/api/result?api_key=" + non_owner.api_key, data=json.dumps(data)) error_msg = "Should not be able to post tasks for projects of others" assert_equal(res.status, "403 FORBIDDEN", error_msg) # now a real user res = self.app.post("/api/result?api_key=" + user.api_key, data=json.dumps(data)) assert_equal(res.status, "403 FORBIDDEN", error_msg) # now the root user res = self.app.post("/api/result?api_key=" + admin.api_key, data=json.dumps(data)) assert_equal(res.status, "403 FORBIDDEN", error_msg) # POST with not JSON data url = "/api/result?api_key=%s" % user.api_key res = self.app.post(url, data=data) err = json.loads(res.data) assert res.status_code == 415, err assert err["status"] == "failed", err assert err["target"] == "result", err assert err["action"] == "POST", err assert err["exception_cls"] == "ValueError", err # POST with not allowed args res = self.app.post(url + "&foo=bar", data=json.dumps(data)) err = json.loads(res.data) assert res.status_code == 415, err assert err["status"] == "failed", err assert err["target"] == "result", err assert err["action"] == "POST", err assert err["exception_cls"] == "AttributeError", err # POST with fake data data["wrongfield"] = 13 res = self.app.post(url, data=json.dumps(data)) err = json.loads(res.data) assert res.status_code == 415, err assert err["status"] == "failed", err assert err["target"] == "result", err assert err["action"] == "POST", err assert err["exception_cls"] == "TypeError", err
def test_delete_if_correct_user(self): new_user = UserFactory() new_user.set_password('asdf') new_user.save() total_users = User.objects.count() self.client.login(username=new_user.username, password='******') response = self.client.post(reverse('users:destroy', kwargs={'pk': new_user.pk}), {'_method': 'delete'}) self.assertRedirects(response, reverse('home')) self.assertEqual(User.objects.count(), total_users - 1)
class LoginTest(TestCase): def test_root(self): self.c = Client() self.u = UserFactory() self.u.set_password("test") self.u.save() self.c.login(username=self.u.username, password="******") response = self.c.get("/") self.assertEquals(response.status_code, 200)
def test_get_user_summary_user_exists(self): """Test CACHE USERS get_user_summary returns a dict with the user data if the user exists""" UserFactory.create(name='zidane') UserFactory.create(name='figo') zizou = cached_users.get_user_summary('zidane') assert type(zizou) is dict, type(zizou) assert zizou != None, zizou
def test_get_user_summary_returns_fields(self): """Test CACHE USERS get_user_summary all the fields in the dict""" UserFactory.create(name='user') fields = ('id', 'name', 'fullname', 'created', 'api_key', 'twitter_user_id', 'google_user_id', 'facebook_user_id', 'info', 'email_addr', 'n_answers', 'rank', 'score', 'total') user = cached_users.get_user_summary('user') for field in fields: assert field in user.keys(), field
class CrudTest(TestCase): def setUp(self): self.c = Client() self.u = UserFactory(is_staff=True) self.u.set_password("test") self.u.save() # need to make the user have at least one group g = Group.objects.create(name=self.u.username) g.user_set.add(self.u) g.save() self.c.login(username=self.u.username, password="******") def test_category_crud(self): r = self.c.get("/") self.assertFalse("test category" in r.content) r = self.c.post("/category/add/", {'name': 'test category'}) self.assertEqual(r.status_code, 302) r = self.c.get("/") self.assertTrue("test category" in r.content) category = Category.objects.get(name="test category") r = self.c.post("/category/%d/delete/" % category.id, dict()) self.assertEqual(r.status_code, 302) r = self.c.get("/") self.assertFalse("test category" in r.content) def test_application_crud(self): c = CategoryFactory() r = self.c.get(c.get_absolute_url()) self.assertFalse("test application" in r.content) r = self.c.post(c.get_absolute_url() + "add_application/", {'name': 'test application'}) self.assertEqual(r.status_code, 302) r = self.c.get(c.get_absolute_url()) self.assertTrue("test application" in r.content) def test_deployment_crud(self): a = ApplicationFactory() r = self.c.get(a.get_absolute_url()) self.assertFalse("test deployment" in r.content) r = self.c.post(a.get_absolute_url() + "add_deployment/", {'name': 'test deployment'}) self.assertEqual(r.status_code, 302) r = self.c.get(a.get_absolute_url()) self.assertTrue("test deployment" in r.content) def test_setting_crud(self): d = DeploymentFactory() d.add_editor(self.u) r = self.c.get(d.get_absolute_url()) self.assertFalse("test setting" in r.content) r = self.c.post(d.get_absolute_url() + "add_setting/", {'name': 'test setting', 'value': 'test value'}) self.assertEqual(r.status_code, 302) r = self.c.get(d.get_absolute_url()) self.assertTrue("test setting" in r.content)
def test_task_rejected(self, mock_client): """Test Z3950 annotation not created when task rejected * n_answers.""" n_answers = 3 target = 'example.com' anno_collection = 'annotations.example.com' task = self.ctx.create_task(n_answers, target, anno_collection=anno_collection) user = UserFactory() reason = 'invalid-task' TaskRunFactory.create_batch(n_answers, user=user, task=task, info={'reject': reason}) result = self.result_repo.filter_by(project_id=task.project_id)[0] fake_search = MagicMock() fake_search.return_value = [] mock_client.search_annotations = fake_search self.z3950_analyst.analyse(result.id) assert not mock_client.create_annotation.called assert_dict_equal(result.info, { 'annotations': anno_collection, 'rejected': reason })
def setUp(self): # Competition and creator self.creator = UserFactory(username='******', password='******') self.comp = CompetitionFactory(created_by=self.creator) self.phase = PhaseFactory(competition=self.comp) for _ in range(2): self.phase.tasks.add(TaskFactory.create()) # Extra phase for testing tasks can't be run on the wrong phase self.other_phase = PhaseFactory(competition=self.comp) # URL and data for making submissions self.submission_url = reverse('submission-list') self.submission_data = { 'phase': self.phase.id, 'data': Data.objects.create(created_by=self.creator, type=Data.SUBMISSION).key, 'tasks': random.sample( list(self.phase.tasks.all().values_list('id', flat=True)), 2) } self.sorted_tasks = sorted(self.submission_data['tasks'])
def test_push_notification(self, mock_queue, mock_onesignal): """Test push_notification with config works.""" user = UserFactory.create() project = ProjectFactory.create(owner=user) blog = dict(title="hello", body="world", project_id=project.id) url = '/api/blogpost?api_key=%s' % user.api_key res = self.app.post(url, data=json.dumps(blog)) blogdata = json.loads(res.data) assert res.status_code == 200, res.data contents = {"en": "New update!"} headings = {"en": blog['title']} launch_url = url_for('project.show_blogpost', short_name=project.short_name, id=blogdata['id'], _external=True) web_buttons = [{ "id": "read-more-button", "text": "Read more", "icon": "http://i.imgur.com/MIxJp1L.png", "url": launch_url }] mock_queue.assert_called_with(push_notification, project_id=project.id, contents=contents, headings=headings, web_buttons=web_buttons, launch_url=launch_url)
def test_annotation_collection_iri_added_to_result_info(self, mock_client): """Test IIIF result info updated with AnnotationCollection IRI.""" n_answers = 3 target = 'example.com' anno_collection = 'annotations.example.com' task = self.ctx.create_task(n_answers, target, anno_collection=anno_collection) user = UserFactory() TaskRunFactory.create_batch(n_answers, user=user, task=task, info=[{ 'motivation': 'commenting', 'body': { 'value': 'foo' } }]) result = self.result_repo.filter_by(project_id=task.project_id)[0] fake_search = MagicMock() fake_search.return_value = [] mock_client.search_annotations = fake_search self.iiif_analyst.analyse(result.id) assert_dict_equal(result.info, {'annotations': anno_collection})
def test_taskrun_query_list_project_ids(self): """Get a list of tasks runs using a list of project_ids.""" admin = UserFactory.create() projects = ProjectFactory.create_batch(3) task_runs = [] for project in projects: tmp = TaskRunFactory.create_batch(2, project=project) for t in tmp: task_runs.append(t) project_ids = [project.id for project in projects] url = '/api/taskrun?project_id=%s&limit=100&all=1&api_key=%s' % (project_ids, admin.api_key) res = self.app.get(url) data = json.loads(res.data) assert len(data) == 3 * 2, len(data) for task in data: assert task['project_id'] in project_ids task_run_project_ids = list(set([task['project_id'] for task in data])) assert sorted(project_ids) == sorted(task_run_project_ids) # more filters res = self.app.get(url + '&orderby=created&desc=true') data = json.loads(res.data) assert data[0]['id'] == task_runs[-1].id
def setUpClass(self): """ Create user locations if does not exist already """ if not UserLocation.objects.all(): fnames, lnames = self.create_names_list() # Iterate 50 times to create batch profiles of about 10000 users for iteration in range(50): fname = (random.choice(fnames)).lower() lname = (random.choice(lnames)).lower() sname = fname[0] + lname users = UserFactory.create_batch(200, first_name=fname, last_name=lname, short_name=sname) for user in users: # Create a batch of 200 userlocations corresponding # to each user new_lat, new_lng = self.calc_rand_loctn( 40.7033127, -73.979681, 5) UserLocationFactory.create(lat=new_lat, lng=new_lng, user=user)
def test_05_app_stats_index(self): '''Test PRIVACY project stats privacy is respected''' # As Anonymou user admin, user, owner = UserFactory.create_batch(3) task = TaskFactory.create(n_answers=3) TaskRunFactory.create_batch(3, task=task) url = '/project/%s/stats' % task.project.short_name update_stats(task.project.id) res = self.app.get(url, follow_redirects=True) assert 'This feature requires being logged in' in res.data, res.data # As Authenticated user but NOT ADMIN res = self.app.get(url + '?api_key=%s' % user.api_key, follow_redirects=True) dom = BeautifulSoup(res.data) err_msg = 'Project Stats page should not be shown to authenticated users' assert dom.find(id='enforce_privacy') is not None, err_msg self.signout # As Authenticated user but ADMIN res = self.app.get(url + '?api_key=%s' % admin.api_key, follow_redirects=True) dom = BeautifulSoup(res.data) err_msg = 'Project Stats page should be shown to admin users' assert dom.find(id='enforce_privacy') is None, err_msg self.signout()
def test_newtask_extends_expiration_by_timeout(self): """Test API project new_task extends expiration according to timeout""" project = ProjectFactory.create( info={ 'timeout': 120 * 60, 'data_classification': dict(input_data="L4 - public", output_data="L4 - public") }) project.set_password('the_password') project_repo.save(project) TaskFactory.create_batch(2, project=project, info={'question': 'answer'}) user = UserFactory.create() url = '/project/%s/password?api_key=%s' % (project.short_name, user.api_key) data = dict(password='******') res = self.app.post(url, data=data) c, v, e = get_pwd_cookie(project.short_name, res) assert c self.app.set_cookie('/', c, v) now = datetime.utcnow() url = '/api/project/%s/newtask?api_key=%s' % (project.id, user.api_key) res = self.app.get(url) assert res.status_code == 200, (res, res.data) task = json.loads(res.data) assert task['info'].get('question') == 'answer' c, v, new_exp = get_pwd_cookie(project.short_name, res) assert new_exp - now > timedelta(minutes=115) assert new_exp - now < timedelta(minutes=125)
def test_export_tasks_bucket(self, create_conn, mail): """Test JOB export_tasks to bucket works.""" user = UserFactory.create(admin=True) project = ProjectFactory.create(name='test_project', info={'export-bucket': 'buck'}) task = TaskFactory.create(project=project) task_run = TaskRunFactory.create(project=project, task=task) conn = create_conn.return_value buck = conn.get_bucket.return_value key = buck.new_key.return_value key.generate_url.return_value = 'https://s3.com/buck/key' with patch.dict(self.flask_app.config, { 'EXPORT_MAX_SIZE': 0, 'EXPORT_BUCKET': 'export-bucket' }): export_tasks(user.email_addr, project.short_name, 'consensus', False, 'csv') args, kwargs = mail.send.call_args message = args[0] assert message.recipients[0] == user.email_addr, message.recipients assert message.subject == 'Data exported for your project: test_project', message.subject assert not message.attachments assert 'https://s3.com/buck/key' in message.html
def test_get_query_with_api_key_and_all(self): """ Test API GET query with an API-KEY requesting all results""" users = UserFactory.create_batch(3) project = ProjectFactory.create(owner=users[0], info={'total': 150}) task = TaskFactory.create(project=project, info={'url': 'my url'}) taskrun = TaskRunFactory.create(task=task, user=users[0], info={'answer': 'annakarenina'}) for endpoint in self.endpoints: url = '/api/' + endpoint + '?api_key=' + users[1].api_key + '&all=1' res = self.app.get(url) data = json.loads(res.data) if endpoint == 'project': assert len(data) == 1, data project = data[0] assert project['info']['total'] == 150, data assert res.mimetype == 'application/json', res if endpoint == 'task': assert len(data) == 1, data task = data[0] assert task['info']['url'] == 'my url', data assert res.mimetype == 'application/json', res if endpoint == 'taskrun': assert len(data) == 1, data taskrun = data[0] assert taskrun['info']['answer'] == 'annakarenina', data assert res.mimetype == 'application/json', res if endpoint == 'user': assert len(data) == 3, data user = data[0] assert user['name'] == 'user1', data assert res.mimetype == 'application/json', res
def test_project_update_attributes_non_owner(self): """Test Auditlog API project update attributes works for non owners.""" project = ProjectFactory.create() user = UserFactory.create() data = { 'name': 'New Name', 'short_name': project.short_name, 'description': 'new_description', 'long_description': 'new_long_description', 'allow_anonymous_contributors': False, 'data_classification': dict(input_data="L4 - public", output_data="L4 - public") } url = '/api/project/%s?api_key=%s' % (project.id, user.api_key) self.app.put(url, data=json.dumps(data)) logs = auditlog_repo.filter_by(project_id=project.id) assert len(logs) == 0, logs
def test_04_global_stats_index(self): '''Test PRIVACY global stats privacy is respected''' admin, user, owner = UserFactory.create_batch(3) # As Anonymou user url = '/stats' res = self.app.get(url, follow_redirects=True) dom = BeautifulSoup(res.data) err_msg = 'Stats page should not be shown to anonymous users' assert dom.find(id='enforce_privacy') is not None, err_msg # As Authenticated user but NOT ADMIN self.signin() res = self.app.get(url + '?api_key=%s' % user.api_key, follow_redirects=True) dom = BeautifulSoup(res.data) err_msg = 'Stats page should not be shown to authenticated users' assert dom.find(id='enforce_privacy') is not None, err_msg self.signout # As Authenticated user but ADMIN res = self.app.get(url + '?api_key=%s' % admin.api_key, follow_redirects=True) dom = BeautifulSoup(res.data) err_msg = 'Stats page should be shown to admin users' assert dom.find(id='enforce_privacy') is None, err_msg self.signout()
def test_task_query_without_params_with_context(self): """ Test API Task query with context""" user = UserFactory.create() project_oc = ProjectFactory.create(owner=user) project_two = ProjectFactory.create() TaskFactory.create_batch(10, project=project_oc, info={'question': 'answer'}) TaskFactory.create_batch(10, project=project_two, info={'question': 'answer'}) res = self.app.get('/api/task?api_key=' + user.api_key) tasks = json.loads(res.data) assert len(tasks) == 10, tasks for task in tasks: assert task['project_id'] == project_oc.id, task assert task['info']['question'] == 'answer', task # The output should have a mime-type: application/json assert res.mimetype == 'application/json', res res = self.app.get('/api/task?api_key=' + user.api_key + "&all=1") tasks = json.loads(res.data) assert len(tasks) == 20, tasks
def test_leaderboard_foo_key_current_user_window(self): """Test JOB leaderboard returns users for foo key with current user and window.""" UserFactory.create_batch(10, info=dict(n=0)) UserFactory.create_batch(10, info=dict(n=2)) users = [] for score in range(11, 22): users.append(UserFactory.create(info=dict(n=score))) myself = UserFactory.create(info=dict(n=1)) leaderboard(info='n') top_users = get_leaderboard(user_id=myself.id, info='n', window=5) assert len(top_users) == 20 + 5 + 1 + 5, len(top_users) assert top_users[25]['name'] == myself.name assert top_users[25]['score'] == myself.info.get('n') assert top_users[24]['score'] >= myself.info.get('n') assert top_users[26]['score'] <= myself.info.get('n')
def test_privacy_mode_user_get(self): """Test API user queries for privacy mode""" admin = UserFactory.create() user = UserFactory.create() # Add user with fullname 'Public user', privacy mode disabled user_with_privacy_disabled = UserFactory.create(email_addr='*****@*****.**', name='publicUser', fullname='Public user', privacy_mode=False) # Add user with fullname 'Private user', privacy mode enabled user_with_privacy_enabled = UserFactory.create(email_addr='*****@*****.**', name='privateUser', fullname='Private user', privacy_mode=True) # With no API-KEY # User with privacy disabled res = self.app.get('/api/user/3') data = json.loads(res.data) user_with_privacy_disabled = data # When checking a public field it should be returned assert user_with_privacy_disabled['locale'] == 'en', data # When checking a private field it should be returned too assert user_with_privacy_disabled['fullname'] == 'Public user', data # User with privacy enabled res = self.app.get('/api/user/4') data = json.loads(res.data) user_with_privacy_enabled = data # When checking a public field it should be returned assert user_with_privacy_enabled['locale'] == 'en', data # When checking a private field it should not be returned assert 'fullname' not in user_with_privacy_enabled, data # Users with privacy enabled and disabled, mixed together res = self.app.get('/api/user') data = json.loads(res.data) user_with_privacy_disabled = data[2] user_with_privacy_enabled = data[3] assert user_with_privacy_disabled['locale'] == 'en', data assert user_with_privacy_disabled['fullname'] == 'Public user', data assert user_with_privacy_enabled['locale'] == 'en', data assert 'fullname' not in user_with_privacy_enabled, data # With a non-admin API-KEY # User with privacy disabled res = self.app.get('/api/user/3?api_key=' + user.api_key) data = json.loads(res.data) user_with_privacy_disabled = data # When checking a public field it should be returned assert user_with_privacy_disabled['locale'] == 'en', data # When checking a private field it should be returned too assert user_with_privacy_disabled['fullname'] == 'Public user', data # User with privacy enabled res = self.app.get('/api/user/4?api_key=' + user.api_key) data = json.loads(res.data) user_with_privacy_enabled = data # When checking a public field it should be returned assert user_with_privacy_enabled['locale'] == 'en', data # When checking a private field it should not be returned assert 'fullname' not in user_with_privacy_enabled, data # Users with privacy enabled and disabled, mixed together res = self.app.get('/api/user?api_key=' + user.api_key) data = json.loads(res.data) user_with_privacy_disabled = data[2] user_with_privacy_enabled = data[3] assert user_with_privacy_disabled['locale'] == 'en', data assert user_with_privacy_disabled['fullname'] == 'Public user', data assert user_with_privacy_enabled['locale'] == 'en', data assert 'fullname' not in user_with_privacy_enabled, data # Admin API-KEY should be able to retrieve every field in user res = self.app.get('/api/user/3?api_key=' + admin.api_key) data = json.loads(res.data) user_with_privacy_disabled = data # When checking a public field it should be returned assert user_with_privacy_disabled['locale'] == 'en', data # When checking a private field it should be returned too assert user_with_privacy_disabled['fullname'] == 'Public user', data # User with privacy enabled res = self.app.get('/api/user/4?api_key=' + admin.api_key) data = json.loads(res.data) user_with_privacy_enabled = data # When checking a public field it should be returned assert user_with_privacy_enabled['locale'] == 'en', data # When checking a private field it should be returned too assert user_with_privacy_enabled['fullname'] == 'Private user', data # Users with privacy enabled and disabled, mixed together res = self.app.get('/api/user?api_key=' + admin.api_key) data = json.loads(res.data) user_with_privacy_disabled = data[2] user_with_privacy_enabled = data[3] assert user_with_privacy_disabled['locale'] == 'en', data assert user_with_privacy_disabled['fullname'] == 'Public user', data assert user_with_privacy_enabled['locale'] == 'en', data assert user_with_privacy_enabled['fullname'] == 'Private user', data
def test_user_timeline(): """Should only return posts from users I'm following""" user1 = UserFactory() user2 = UserFactory() user3 = UserFactory() user4 = UserFactory() user2_post1 = TextPostFactory() user2_post2 = TextPostFactory() user3_post1 = PicturePostFactory() user4_post1 = TextPostFactory() user2.add_post(user2_post1) user2.add_post(user2_post2) user3.add_post(user3_post1) user4.add_post(user4_post1) # user1 follows user2 and user3 user1.follow(user2) user1.follow(user3) # 2 posts from user2 and 1 from user3 # post from user4 is excluded assert len(user1.get_timeline()) == 3 assert user4_post1 not in user1.get_timeline() # should be sorted by creation timestamp assert user1.get_timeline() == [user2_post1, user2_post2, user3_post1]
def test_admin_cannot_publish_if_project_has_no_tasks(self): """Test admins cannot publish a project that has no tasks""" owner = UserFactory.build_batch(2)[1] project = ProjectFactory.create(owner=owner, published=False) assert_raises(Forbidden, ensure_authorized_to, 'publish', project)
def test_locked_sched_gold_task(self, mock_random): """ Test gold tasks presented with locked scheduler """ [admin, owner, user] = UserFactory.create_batch(3) make_admin(admin) make_subadmin(owner) project = ProjectFactory.create(owner=owner) project.info['sched'] = Schedulers.locked project_repo.save(project) tasks = TaskFactory.create_batch(4, project=project, n_answers=1) gold_task = tasks[3] gold_task.calibration = 1 gold_task.gold_answers = dict(field_3='someans') # gold task to be presented to the user when available with randomness # set to a value (to zero) that means gold task to be presented mock_random.return_value = 0 # user #1 self.set_proj_passwd_cookie(project, user) res = self.app.get('api/project/{}/newtask?api_key={}'.format( project.id, user.api_key)) assert res.status_code == 200, res.status_code resp = json.loads(res.data) assert resp['id'] == gold_task.id, \ 'task presented to regular user under locked sched should be gold task' # submit answer for gold task task_run = dict(project_id=project.id, task_id=gold_task.id, info='hi there!') res = self.app.post('api/taskrun?api_key={}'.format(user.api_key), data=json.dumps(task_run)) assert res.status_code == 200, res.status_code # user #2 also gets gold_task even when redundancy was set to 1 res = self.app.get('api/project/{}/newtask?api_key={}'.format( project.id, owner.api_key)) assert res.status_code == 200, res.status_code resp = json.loads(res.data) assert resp['id'] == gold_task.id, \ 'task presented to owner under locked sched should be gold task' # after two task run submissions for gold task, state is unchanged to ongoing task_run = dict(project_id=project.id, task_id=gold_task.id, info='hi there!') res = self.app.post('api/taskrun?api_key={}'.format(owner.api_key), data=json.dumps(task_run)) assert res.status_code == 200, res.status_code res = self.app.get('api/task/{}?api_key={}'.format( gold_task.id, admin.api_key)) assert res.status_code == 200, res.status_code resp = json.loads(res.data) assert resp['id'] == gold_task.id and resp['state'] == 'ongoing', \ 'gold task state should be unchanged to ongoing' # user #3 don't receive gold_task when randomness is not zero mock_random.return_value = 1 res = self.app.get('api/project/{}/newtask?api_key={}'.format( project.id, admin.api_key)) assert res.status_code == 200, res.status_code resp = json.loads(res.data) assert resp['id'] == tasks[0].id, \ 'task presented should not be gold task'
class TestIPTTTimePeriodsReportResponseBase(test.TestCase): timeperiods = Indicator.ANNUAL def setUp(self): self.user = UserFactory(first_name="FN", last_name="LN", username="******", is_superuser=True) self.user.set_password('password') self.user.save() self.tola_user = TolaUserFactory(user=self.user) self.tola_user.save() self.client = test.Client(enforce_csrf_checks=False) self.client.login(username='******', password='******') self.response = None startdate = datetime.strptime('2017-02-04', '%Y-%m-%d') enddate = datetime.strptime('2019-10-01', '%Y-%m-%d') self.program = ProgramFactory(reporting_period_start=startdate, reporting_period_end=enddate) self.request_params = { 'csrfmiddlewaretoken': 'asdf', 'program': self.program.id } def tearDown(self): Indicator.objects.all().delete() self.response = None def set_dates(self, start, end): self.program.reporting_period_start = datetime.strptime( start, '%Y-%m-%d') self.program.reporting_period_end = datetime.strptime(end, '%Y-%m-%d') self.program.save() def get_indicator_for_program(self, **kwargs): make_kwargs = {'program': self.program} make_kwargs.update(kwargs) indicator = IndicatorFactory(**make_kwargs) return indicator def add_indicator(self, frequency=Indicator.ANNUAL, **kwargs): kwargs['target_frequency'] = frequency return self.get_indicator_for_program(**kwargs) def add_indicator_with_data(self, frequency, values): indicator = self.add_indicator(frequency=frequency) collect_date = self.program.reporting_period_start + timedelta(days=1) for value in values: _ = ResultFactory(indicator=indicator, date_collected=collect_date, achieved=value) if frequency == Indicator.ANNUAL: collect_date = datetime(collect_date.year + 1, collect_date.month, collect_date.day) elif frequency == Indicator.SEMI_ANNUAL: collect_date = datetime( collect_date.year if collect_date.month < 7 else collect_date.year + 1, collect_date.month + 6 if collect_date.month < 7 else collect_date.month - 6, collect_date.day) elif frequency == Indicator.TRI_ANNUAL: collect_date = datetime( collect_date.year if collect_date.month < 9 else collect_date.year + 1, collect_date.month + 4 if collect_date.month < 9 else collect_date.month - 8, collect_date.day) elif frequency == Indicator.QUARTERLY: collect_date = datetime( collect_date.year if collect_date.month < 10 else collect_date.year + 1, collect_date.month + 3 if collect_date.month < 10 else collect_date.month - 9, collect_date.day) elif frequency == Indicator.MONTHLY: collect_date = datetime( collect_date.year if collect_date.month < 12 else collect_date.year + 1, collect_date.month + 1 if collect_date.month < 12 else collect_date.month - 11, collect_date.day) def get_showall_response(self): self.request_params['timeframe'] = 1 self.request_params['numrecentperiods'] = None return self.get_response() def get_recent_periods(self, numrecent): self.request_params['timeframe'] = 2 self.request_params['numrecentperiods'] = numrecent return self.get_response() def get_date_range_periods(self, start, end): self.request_params['start_period'] = start.strftime( '%Y-%m-%d') if isinstance(start, datetime) else start self.request_params['end_period'] = end.strftime( '%Y-%m-%d') if isinstance(end, datetime) else end return self.get_response() def get_response(self, reporttype=IPTT_Mixin.REPORT_TYPE_TIMEPERIODS): self.request_params['timeperiods'] = self.timeperiods response = self.client.post( '/indicators/iptt_report/{program}/{reporttype}/'.format( program=self.program.id, reporttype=reporttype), self.request_params, follow=True) self.assertEqual( response.status_code, 200, "response gave status code {0} instead of 200".format( response.status_code)) self.response = IPTTResponse(response.content, timeperiods=True) return self.response def get_indicator_results(self, response, indicator_row=0): indicator = response.indicators[indicator_row]['ranges'] return indicator[0], indicator[1:] def format_assert_message(self, msg): return "{0}:\n{1} timeperiods, {2}".format(self.response, { k: v for k, v in Indicator.TARGET_FREQUENCIES }[self.timeperiods], msg) def number_of_ranges_test(self, start, end, expected_ranges): self.set_dates(start, end) self.add_indicator() response = self.get_showall_response() ranges = response.indicators[0]['ranges'][1:] self.assertEqual( len(ranges), expected_ranges, self.format_assert_message( "expected {0} ranges for {1} to {2}, got {3}".format( expected_ranges, start, end, len(ranges))))
def test_n_auth_users_returns_number_of_registered_users(self): UserFactory.create_batch(2) users = stats.n_auth_users() assert users == 2, users
class QueuesAPITestCase(TestCase): def setUp(self): self.user = UserFactory(username='******') self.admin = UserFactory(username='******', super_user=True) self.norm = UserFactory(username='******') self.collab = UserFactory(username='******') self.created_queue = self.mock_create_queue(owner=self.user, name='TestUserQueue') self.created_queue.organizers.add(self.collab) def _get_test_update_data(self, return_id=True): data = { 'name': 'A BRAND NEW NAME', 'owner': self.user.id, 'is_public': False, } if return_id: data['id'] = self.created_queue.id return data def mock_create_queue(self, **kwargs): # Prevent queue creation with mock.patch('queues.models.rabbit.create_queue') as rabbit_create_queue: rabbit_create_queue.return_value = uuid.uuid4() return QueueFactory(**kwargs) def queue_api_request_with_mock(self, http_method, url_name, url_kwargs=None, data=None): # So we can make API requests without triggering rabbitmq actual queue creation with mock.patch('queues.models.rabbit.create_queue') as rabbit_create_queue: url_kwargs = url_kwargs if url_kwargs is not None else {} data = data if data is not None else {} rabbit_create_queue.return_value = uuid.uuid4() response = getattr(self.client, http_method.lower())( reverse(url_name, kwargs=url_kwargs), data=data, content_type='application/json' ) return response, rabbit_create_queue.called def test_create_queue_through_api(self): self.client.login(username='******', password='******') assert Queue.objects.count() == 1 data = { 'name': 'A brand new queue', 'owner': self.user.id, 'is_public': False, } response, rabbit_create_queue_called = self.queue_api_request_with_mock('post', 'queues-list', {}, data) assert rabbit_create_queue_called assert Queue.objects.count() == 2 assert response.status_code == 201 # --------- Permission tests --------- def test_organizer_can_perform_all_operations(self): self.client.login(username='******', password='******') assert Queue.objects.get(pk=self.created_queue.id).name == 'TestUserQueue' response, rabbit_create_queue_called = self.queue_api_request_with_mock( 'put', 'queues-detail', {'pk': self.created_queue.id}, self._get_test_update_data() ) assert not rabbit_create_queue_called assert response.status_code == 200 assert Queue.objects.get(pk=self.created_queue.id).name == 'A BRAND NEW NAME' response, rabbit_create_queue_called = self.queue_api_request_with_mock( 'delete', 'queues-detail', {'pk': self.created_queue.id}, ) assert response.status_code == 204 assert not Queue.objects.filter(pk=self.created_queue.id).exists() def test_other_user_cannot_delete_or_edit_queue(self): self.client.login(username='******', password='******') response, rabbit_create_queue_called = self.queue_api_request_with_mock( 'put', 'queues-detail', {'pk': self.created_queue.id}, self._get_test_update_data() ) assert not rabbit_create_queue_called assert response.status_code == 404 assert Queue.objects.get(pk=self.created_queue.id).name != 'A BRAND NEW NAME' response, rabbit_create_queue_called = self.queue_api_request_with_mock( 'delete', 'queues-detail', {'pk': self.created_queue.id}, ) assert response.status_code == 404 assert Queue.objects.filter(pk=self.created_queue.id).exists() def test_collab_cannot_delete_or_edit_queue(self): self.client.login(username='******', password='******') response, rabbit_create_queue_called = self.queue_api_request_with_mock( 'put', 'queues-detail', {'pk': self.created_queue.id}, self._get_test_update_data() ) assert not rabbit_create_queue_called assert response.status_code == 403 assert Queue.objects.get(pk=self.created_queue.id).name != 'A BRAND NEW NAME' response, rabbit_create_queue_called = self.queue_api_request_with_mock( 'delete', 'queues-detail', {'pk': self.created_queue.id}, ) assert response.status_code == 403 assert Queue.objects.filter(pk=self.created_queue.id).exists() # --------- Queue Limit Tests --------- # Test user queue limits def test_queue_limits_for_regular_users(self): self.client.login(username='******', password='******') self.user.rabbitmq_queue_limit = 2 self.user.save() # Ensure we can still create a queue to reaach our limit response, rabbit_create_queue_called = self.queue_api_request_with_mock( 'post', 'queues-list', data=self._get_test_update_data(return_id=False) ) assert rabbit_create_queue_called assert response.status_code == 201 assert self.user.rabbitmq_queue_limit == self.user.queues.count() response, rabbit_create_queue_called = self.queue_api_request_with_mock( 'post', 'queues-list', data=self._get_test_update_data(return_id=False) ) assert not rabbit_create_queue_called assert response.status_code == 403 assert self.user.rabbitmq_queue_limit == self.user.queues.count() # Test super user queue limits def test_super_users_has_no_queue_limit(self): # Set user rabbit queue limit self.admin.rabbitmq_queue_limit = 1 self.admin.save() # Reach our limit self.mock_create_queue(owner=self.admin) assert self.admin.queues.count() == self.admin.rabbitmq_queue_limit self.client.login(username='******', password='******') response, rabbit_create_queue_called = self.queue_api_request_with_mock( 'post', 'queues-list', data=self._get_test_update_data(return_id=False) ) assert rabbit_create_queue_called assert response.status_code == 201 # --------- Filter Test --------- def test_public_filter_does_not_exclude_own_users_public_queues_and_search_works(self): # Create a public queue we want to show in our results by search/public=True self.mock_create_queue(owner=self.norm, name='TestPublicQueue', is_public=True) # Create another queue we do not want to show up that is not public, and should not return in results self.mock_create_queue(owner=self.norm) # Create yet another queue that IS public, that we want filtered out by search self.mock_create_queue(owner=self.norm, is_public=True) self.client.login(username='******', password='******') response = self.client.get(f"{reverse('queues-list')}?search=test&public=True") assert response.status_code == 200 assert len(response.data['results']) == 2 assert response.data['results'][0]['name'] == 'TestPublicQueue' assert response.data['results'][0]['is_public'] assert response.data['results'][1]['name'] == 'TestUserQueue' assert not response.data['results'][1]['is_public']
def test_task_query_with_params_with_context(self): """Test API query for task with params works with context""" user = UserFactory.create() user_two = UserFactory.create() project_oc = ProjectFactory.create(owner=user) project_two = ProjectFactory.create() tasks = TaskFactory.create_batch(10, project=project_oc) TaskFactory.create_batch(10, project=project_two) # Test for real field res = self.app.get("/api/task?project_id=" + str(project_oc.id) + "&api_key=" + user.api_key) data = json.loads(res.data) # Should return then results assert len(data) == 10, data # Correct result for t in data: assert t['project_id'] == project_oc.id, t res = self.app.get("/api/task?api_key=" + user.api_key + "&all=1") data = json.loads(res.data) # Should return one result assert len(data) == 20, data # Valid field but wrong value res = self.app.get("/api/task?project_id=99999999&api_key=" + user.api_key) data = json.loads(res.data) assert len(data) == 0, data # Multiple fields res = self.app.get('/api/task?project_id=1&state=ongoing&api_key=' + user.api_key) data = json.loads(res.data) # One result assert len(data) == 10, data # Correct result for t in data: assert t['project_id'] == project_oc.id, data assert t['state'] == u'ongoing', data # Limits res = self.app.get("/api/task?project_id=1&limit=5&api_key=" + user.api_key) data = json.loads(res.data) assert len(data) == 5, data for item in data: assert item['project_id'] == project_oc.id, item # Keyset pagination url = "/api/task?project_id=1&limit=5&last_id=%s&api_key=%s" % ( tasks[4].id, user.api_key) res = self.app.get(url) data = json.loads(res.data) assert len(data) == 5, data assert data[0]['id'] == tasks[5].id, data for item in data: assert item['project_id'] == project_oc.id, item # Test for real field with user_two res = self.app.get("/api/task?project_id=" + str(project_oc.id) + "&api_key=" + user_two.api_key) data = json.loads(res.data) # Should return then results assert len(data) == 0, data # Test for real field with user_two res = self.app.get("/api/task?all=1&project_id=" + str(project_oc.id) + "&api_key=" + user_two.api_key) data = json.loads(res.data) # Should return then results assert len(data) == 10, data # Correct result for t in data: assert t['project_id'] == project_oc.id, t res = self.app.get("/api/task?api_key=" + user_two.api_key + "&all=1") data = json.loads(res.data) # Should return one result assert len(data) == 20, data # Valid field but wrong value res = self.app.get("/api/task?project_id=99999999&api_key=" + user_two.api_key) data = json.loads(res.data) assert len(data) == 0, data # Multiple fields res = self.app.get('/api/task?project_id=1&state=ongoing&api_key=' + user_two.api_key) data = json.loads(res.data) # One result assert len(data) == 0, data res = self.app.get( '/api/task?all=1&project_id=1&state=ongoing&api_key=' + user_two.api_key) data = json.loads(res.data) # One result assert len(data) == 10, data # Correct result for t in data: assert t['project_id'] == project_oc.id, data assert t['state'] == u'ongoing', data # Limits res = self.app.get("/api/task?project_id=1&limit=5&api_key=" + user_two.api_key) data = json.loads(res.data) assert len(data) == 0, data res = self.app.get("/api/task?all=1&project_id=1&limit=5&api_key=" + user_two.api_key) data = json.loads(res.data) assert len(data) == 5, data for item in data: assert item['project_id'] == project_oc.id, item # Keyset pagination url = "/api/task?project_id=1&limit=5&last_id=%s&api_key=%s" % ( tasks[4].id, user_two.api_key) res = self.app.get(url) data = json.loads(res.data) assert len(data) == 0, data url = "/api/task?all=1&project_id=1&limit=5&last_id=%s&api_key=%s" % ( tasks[4].id, user_two.api_key) res = self.app.get(url) data = json.loads(res.data) assert len(data) == 5, data assert data[0]['id'] == tasks[5].id, data for item in data: assert item['project_id'] == project_oc.id, item
def test__str__(): new_user = UserFactory() assert new_user.__str__() == new_user.email
def test_task_update(self): """Test API task update""" admin = UserFactory.create() user = UserFactory.create() non_owner = UserFactory.create() project = ProjectFactory.create(owner=user) task = TaskFactory.create(project=project) root_task = TaskFactory.create(project=project) data = {'n_answers': 1} datajson = json.dumps(data) root_data = {'n_answers': 4} root_datajson = json.dumps(root_data) # anonymous res = self.app.put('/api/task/%s' % task.id, data=data) assert_equal(res.status, '401 UNAUTHORIZED', res.status) # real user but not allowed as not owner! url = '/api/task/%s?api_key=%s' % (task.id, non_owner.api_key) res = self.app.put(url, data=datajson) assert_equal(res.status, '403 FORBIDDEN', res.status) # real user url = '/api/task/%s?api_key=%s' % (task.id, user.api_key) res = self.app.put(url, data=datajson) out = json.loads(res.data) assert_equal(res.status, '200 OK', res.data) assert_equal(task.n_answers, data['n_answers']) assert_equal(task.state, 'ongoing') assert task.id == out['id'], out # root res = self.app.put('/api/task/%s?api_key=%s' % (root_task.id, admin.api_key), data=root_datajson) assert_equal(res.status, '200 OK', res.data) assert_equal(root_task.n_answers, root_data['n_answers']) assert_equal(task.state, 'ongoing') # PUT with not JSON data res = self.app.put(url, data=data) err = json.loads(res.data) assert res.status_code == 415, err assert err['status'] == 'failed', err assert err['target'] == 'task', err assert err['action'] == 'PUT', err assert err['exception_cls'] == 'ValueError', err # PUT with not allowed args res = self.app.put(url + "&foo=bar", data=json.dumps(data)) err = json.loads(res.data) assert res.status_code == 415, err assert err['status'] == 'failed', err assert err['target'] == 'task', err assert err['action'] == 'PUT', err assert err['exception_cls'] == 'AttributeError', err # PUT with fake data data['wrongfield'] = 13 res = self.app.put(url, data=json.dumps(data)) err = json.loads(res.data) assert res.status_code == 415, err assert err['status'] == 'failed', err assert err['target'] == 'task', err assert err['action'] == 'PUT', err assert err['exception_cls'] == 'TypeError', err
def test_task_query_participated(self): """Test API Task query with participated arg.""" admin, owner, user = UserFactory.create_batch(3) project = ProjectFactory.create(owner=owner) tasks1 = TaskFactory.create_batch(10, project=project, info=dict(foo='fox')) tasks2 = TaskFactory.create_batch(10, project=project, info=dict(foo='dog')) tasks = tasks1 + tasks2 TaskRunFactory.create(task=tasks[0], user=user) TaskRunFactory.create(task=tasks[1], user=user) TaskRunFactory.create(task=tasks[2], user=user) url = '/api/task?api_key=%s&participated=1&all=1' % user.api_key res = self.app.get(url) data = json.loads(res.data) assert len(data) == 17, len(data) participated_tasks = [tasks[0].id, tasks[1].id, tasks[2].id] for task in data: assert task['id'] not in participated_tasks, task['id'] # limit & offset url = '/api/task?api_key=%s&participated=1&all=1&limit=10&offset=10' % user.api_key res = self.app.get(url) data = json.loads(res.data) assert len(data) == 7, len(data) participated_tasks = [tasks[0].id, tasks[1].id, tasks[2].id] for task in data: assert task['id'] not in participated_tasks, task['id'] # last_id url = '/api/task?api_key=%s&participated=1&all=1&last_id=%s' % ( user.api_key, tasks[0].id) res = self.app.get(url) data = json.loads(res.data) assert len(data) == 17, len(data) participated_tasks = [tasks[0].id, tasks[1].id, tasks[2].id] for task in data: assert task['id'] not in participated_tasks, task['id'] # orderby & desc url = '/api/task?api_key=%s&participated=1&all=1&orderby=created&desc=1' % user.api_key res = self.app.get(url) data = json.loads(res.data) assert len(data) == 17, len(data) participated_tasks = [tasks[0].id, tasks[1].id, tasks[2].id] assert data[0]['id'] == tasks[-1].id for task in data: assert task['id'] not in participated_tasks, task['id'] # info & fulltextsearch url = '/api/task?api_key=%s&participated=1&all=1&orderby=created&desc=1&info=foo::fox&fulltextsearch=1' % user.api_key res = self.app.get(url) data = json.loads(res.data) assert len(data) == 7, len(data) participated_tasks = [tasks[0].id, tasks[1].id, tasks[2].id] assert data[0]['id'] == tasks1[-1].id for task in data: assert task['id'] not in participated_tasks, task['id']
def test_export_tasks_csv_json(self, mail): """Test JOB export_tasks task csv works.""" user = UserFactory.create(admin=True) project = ProjectFactory.create(name='test_project') task = TaskFactory.create(project=project) task_run = TaskRunFactory.create(project=project, task=task) export_tasks(user.email_addr, project.short_name, 'task', False, 'csv') args, kwargs = mail.send.call_args message = args[0] assert message.recipients[0] == user.email_addr, message.recipients assert message.subject == 'Data exported for your project: test_project', message.subject attachment = message.attachments[0] proj_name = unidecode(project.short_name) filename = '{}_{}'.format(project.id, proj_name) assert attachment.filename == '{}_task_csv.zip'.format(filename) export_tasks(user.email_addr, project.short_name, 'task', False, 'json') args, kwargs = mail.send.call_args message = args[0] assert message.recipients[0] == user.email_addr, message.recipients assert message.subject == 'Data exported for your project: test_project', message.subject attachment = message.attachments[0] assert attachment.filename == '{}_task_json.zip'.format(filename) export_tasks(user.email_addr, project.short_name, 'task_run', False, 'csv') args, kwargs = mail.send.call_args message = args[0] assert message.recipients[0] == user.email_addr, message.recipients assert message.subject == 'Data exported for your project: test_project', message.subject attachment = message.attachments[0] assert attachment.filename == '{}_task_run_csv.zip'.format(filename) export_tasks(user.email_addr, project.short_name, 'task_run', False, 'json') args, kwargs = mail.send.call_args message = args[0] assert message.recipients[0] == user.email_addr, message.recipients assert message.subject == 'Data exported for your project: test_project', message.subject attachment = message.attachments[0] assert attachment.filename == '{}_task_run_json.zip'.format(filename) filters = dict(task_id=1, hide_completed=True, pcomplete_from='2018-01-01T00:00:00.0001', pcomplete_to='2018-12-12T00:00:00.0001', priority_from=0.0, priority_to=0.5, created_from='2018-01-01T00:00:00.0001', created_to='2018-12-12T00:00:00.0001') filters = { 'display_info_columns': [], 'pcomplete_from': 0.0, 'pcomplete_to': 0.45 } export_tasks(user.email_addr, project.short_name, 'task', False, 'csv', filters) args, kwargs = mail.send.call_args message = args[0] assert message.recipients[0] == user.email_addr, message.recipients assert message.subject == 'Data exported for your project: test_project', message.subject export_tasks(user.email_addr, project.short_name, 'task', False, 'json', filters) args, kwargs = mail.send.call_args message = args[0] assert message.recipients[0] == user.email_addr, message.recipients assert message.subject == 'Data exported for your project: test_project', message.subject
def test_task_post(self): """Test API Task creation""" admin = UserFactory.create() user = UserFactory.create() non_owner = UserFactory.create() project = ProjectFactory.create(owner=user) data = dict(project_id=project.id, info='my task data') root_data = dict(project_id=project.id, info='my root task data') # anonymous user # no api-key res = self.app.post('/api/task', data=json.dumps(data)) error_msg = 'Should not be allowed to create' assert_equal(res.status, '401 UNAUTHORIZED', error_msg) # real user but not allowed as not owner! res = self.app.post('/api/task?api_key=' + non_owner.api_key, data=json.dumps(data)) error_msg = 'Should not be able to post tasks for projects of others' assert_equal(res.status, '403 FORBIDDEN', error_msg) # now a real user res = self.app.post('/api/task?api_key=' + user.api_key, data=json.dumps(data)) assert res.data, res datajson = json.loads(res.data) out = task_repo.get_task(datajson['id']) assert out, out assert_equal(out.info, 'my task data'), out assert_equal(out.project_id, project.id) # now the root user res = self.app.post('/api/task?api_key=' + admin.api_key, data=json.dumps(root_data)) assert res.data, res datajson = json.loads(res.data) out = task_repo.get_task(datajson['id']) assert out, out assert_equal(out.info, 'my root task data'), out assert_equal(out.project_id, project.id) # POST with not JSON data url = '/api/task?api_key=%s' % user.api_key res = self.app.post(url, data=data) err = json.loads(res.data) assert res.status_code == 415, err assert err['status'] == 'failed', err assert err['target'] == 'task', err assert err['action'] == 'POST', err assert err['exception_cls'] == 'ValueError', err # POST with not allowed args res = self.app.post(url + '&foo=bar', data=json.dumps(data)) err = json.loads(res.data) assert res.status_code == 415, err assert err['status'] == 'failed', err assert err['target'] == 'task', err assert err['action'] == 'POST', err assert err['exception_cls'] == 'AttributeError', err # POST with fake data data['wrongfield'] = 13 res = self.app.post(url, data=json.dumps(data)) err = json.loads(res.data) assert res.status_code == 415, err assert err['status'] == 'failed', err assert err['target'] == 'task', err assert err['action'] == 'POST', err assert err['exception_cls'] == 'TypeError', err
def setUp(self): self.user = UserFactory(username='******') self.competition = CompetitionFactory(created_by=self.user, id=1) self.phase = PhaseFactory(competition=self.competition) self.leaderboard = LeaderboardFactory(competition=self.competition)
def test_00_link_object(self, auth): """Test HATEOAS object link is created""" user = UserFactory.create(admin=True) auth.return_value = True # For project res = self.app.get('/api/project/1?api_key=' + user.api_key, follow_redirects=True) output = json.loads(res.data) err_msg = "There should be a Link with the object URI" assert output['link'] is not None, err_msg err_msg = "There should be a Links list with the category URI" assert output['links'] is not None, err_msg assert len(output['links']) == 1, err_msg project_link = self.hateoas.link(rel='category', title='category', href='http://{}/api/category/1'.format(self.flask_app.config['SERVER_NAME'])) assert project_link == output['links'][0], (project_link, output['links'][0], err_msg) project_link = self.hateoas.link(rel='self', title='project', href='http://{}/api/project/1'.format(self.flask_app.config['SERVER_NAME'])) err_msg = "The object link is wrong: %s" % output['link'] assert project_link == output['link'], err_msg # For task res = self.app.get('/api/task/1?api_key=' + user.api_key, follow_redirects=True) output = json.loads(res.data) err_msg = "There should be a Link with the object URI" assert output['link'] is not None, err_msg task_link = self.hateoas.link(rel='self', title='task', href='http://{}/api/task/1'.format(self.flask_app.config['SERVER_NAME'])) err_msg = "The object link is wrong: %s" % output['link'] assert task_link == output['link'], err_msg err_msg = "There should be one parent link: project" assert output.get('links') is not None, err_msg assert len(output.get('links')) == 1, err_msg err_msg = "The parent link is wrong" project_link = self.hateoas.link(rel='parent', title='project', href='http://{}/api/project/1'.format(self.flask_app.config['SERVER_NAME'])) assert output.get('links')[0] == project_link, err_msg # For taskrun res = self.app.get('/api/taskrun/1?api_key=' + user.api_key, follow_redirects=True) output = json.loads(res.data) err_msg = "There should be a Link with the object URI" assert output['link'] is not None, err_msg task_link = self.hateoas.link(rel='self', title='taskrun', href='http://{}/api/taskrun/1'.format(self.flask_app.config['SERVER_NAME'])) err_msg = "The object link is wrong: %s" % output['link'] assert task_link == output['link'], err_msg err_msg = "There should be two parent links: project and task" assert output.get('links') is not None, err_msg assert len(output.get('links')) == 2, err_msg err_msg = "The parent project link is wrong" project_link = self.hateoas.link(rel='parent', title='project', href='http://{}/api/project/1'.format(self.flask_app.config['SERVER_NAME'])) assert output.get('links')[0] == project_link, err_msg err_msg = "The parent task link is wrong" project_link = self.hateoas.link(rel='parent', title='task', href='http://{}/api/task/1'.format(self.flask_app.config['SERVER_NAME'])) assert output.get('links')[1] == project_link, err_msg res = self.app.post("/api/taskrun") # For category res = self.app.get("/api/category/1", follow_redirects=True) output = json.loads(res.data) err_msg = "There should be a Link with the object URI" assert output['link'] is not None, err_msg category_link = self.hateoas.link(rel='self', title='category', href='http://{}/api/category/1'.format(self.flask_app.config['SERVER_NAME'])) err_msg = "The object link is wrong: %s" % output['link'] assert category_link == output['link'], err_msg err_msg = "There should be no other links" assert output.get('links') is None, err_msg err_msg = "The object links should are wrong"
def test_get_absolute_url(): new_user = UserFactory() assert new_user.get_absolute_url() == f'/api/accounts/{new_user.id}/'