Exemple #1
0
class TestPrivateLink(OsfTestCase):

    def setUp(self):
        super(TestPrivateLink, self).setUp()
        self.flaskapp = Flask('testing_private_links')

        @self.flaskapp.route('/project/<pid>/')
        @must_be_contributor
        def project_get(**kwargs):
            return 'success', 200

        self.app = TestApp(self.flaskapp)

        self.user = AuthUserFactory()
        self.project = ProjectFactory(is_public=False)
        self.link = PrivateLinkFactory()
        self.link.nodes.append(self.project)
        self.link.save()

    @mock.patch('website.project.decorators.Auth.from_kwargs')
    def test_has_private_link_key(self, mock_from_kwargs):
        mock_from_kwargs.return_value = Auth(user=None)
        res = self.app.get('/project/{0}'.format(self.project._primary_key),
            {'view_only': self.link.key})
        res = res.follow()
        assert_equal(res.status_code, 200)
        assert_equal(res.body, 'success')

    @mock.patch('website.project.decorators.Auth.from_kwargs')
    def test_does_not_have_key(self, mock_from_kwargs):
        mock_from_kwargs.return_value = Auth(user=None)
        res = self.app.get('/project/{0}'.format(self.project._primary_key),
            {'key': None})
        assert_is_redirect(res)
Exemple #2
0
    def setUp(self):
        super(TestMustBeContributorOrPublicButNotAnonymizedDecorator, self).setUp()
        self.contrib = AuthUserFactory()
        self.non_contrib = AuthUserFactory()
        admin = UserFactory()
        self.public_project = ProjectFactory(is_public=True)
        self.public_project.add_contributor(admin, auth=Auth(self.public_project.creator), permissions=['read', 'write', 'admin'])
        self.private_project = ProjectFactory(is_public=False)
        self.private_project.add_contributor(admin, auth=Auth(self.private_project.creator), permissions=['read', 'write', 'admin'])
        self.public_project.add_contributor(self.contrib, auth=Auth(self.public_project.creator))
        self.private_project.add_contributor(self.contrib, auth=Auth(self.private_project.creator))
        self.public_project.save()
        self.private_project.save()
        self.anonymized_link_to_public_project = PrivateLinkFactory(anonymous=True)
        self.anonymized_link_to_private_project = PrivateLinkFactory(anonymous=True)
        self.anonymized_link_to_public_project.nodes.append(self.public_project)
        self.anonymized_link_to_public_project.save()
        self.anonymized_link_to_private_project.nodes.append(self.private_project)
        self.anonymized_link_to_private_project.save()
        self.flaskapp = Flask('Testing decorator')

        @self.flaskapp.route('/project/<pid>/')
        @must_be_contributor_or_public_but_not_anonymized
        def project_get(**kwargs):
            return 'success', 200
        self.app = TestApp(self.flaskapp)
 def test_public_node_user_with_private_link_can_view_comment(self):
     self._set_up_public_project_with_comment()
     private_link = PrivateLinkFactory(anonymous=False)
     private_link.nodes.append(self.public_project)
     private_link.save()
     res = self.app.get('/{}comments/{}/'.format(API_BASE, self.public_comment._id), {'view_only': private_link.key}, expect_errors=True)
     assert_equal(self.public_comment._id, res.json['data']['id'])
     assert_equal(self.public_comment.content, res.json['data']['attributes']['content'])
 def test_private_node_user_with_view_only_link_can_view_wiki(self):
     self._set_up_private_project_with_wiki_page()
     private_link = PrivateLinkFactory(anonymous=False)
     private_link.nodes.append(self.private_project)
     private_link.save()
     url = furl.furl(self.private_url).add(query_params={'view_only': private_link.key}).url
     res = self.app.get(url)
     assert_equal(res.status_code, 200)
     assert_equal(res.json['data']['id'], self.private_wiki._id)
 def test_private_node_user_with_anonymous_link_cannot_see_commenter_info(self):
     self._set_up_private_project_with_comment()
     private_link = PrivateLinkFactory(anonymous=True)
     private_link.nodes.append(self.private_project)
     private_link.save()
     res = self.app.get('/{}comments/{}/'.format(API_BASE, self.comment._id), {'view_only': private_link.key})
     assert_equal(res.status_code, 200)
     assert_equal(self.comment._id, res.json['data']['id'])
     assert_equal(self.comment.content, res.json['data']['attributes']['content'])
     assert_not_in('user', res.json['data']['relationships'])
Exemple #6
0
 def test_private_node_user_with_anonymous_link_can_view_wiki(self):
     self._set_up_private_project_with_wiki_page()
     private_link = PrivateLinkFactory(anonymous=True)
     private_link.nodes.append(self.private_project)
     private_link.save()
     url = furl.furl(self.private_url).add(query_params={
         'view_only': private_link.key
     }).url
     res = self.app.get(url)
     assert_equal(res.status_code, 200)
     assert_equal(res.json['data']['id'], self.private_wiki._id)
 def test_file_info_with_anonymous_link(self):
     link = PrivateLinkFactory(anonymous=True)
     link.nodes.append(self.project)
     link.save()
     self._upload_file('firstfile', 'secondcontent')
     url = self.project.api_url_for(
         'file_info', fid=self.project.uploads[0].filename
     )
     res = self.app.get(url, {'view_only': link.key})
     assert_not_in(self.user.fullname, res.body)
     assert_not_in(self.user._id, res.body)
Exemple #8
0
 def test_no_warning_for_read_only_user_with_valid_link(self):
     link2 = PrivateLinkFactory(anonymous=False)
     link2.nodes.append(self.project)
     link2.save()
     self.project.add_contributor(self.user, permissions=["read"], save=True)
     res = self.app.get(self.project_url, {"view_only": link2.key}, auth=self.user.auth)
     assert_not_in(
         "is being viewed through a private, view-only link. "
         "Anyone with the link can view this project. Keep "
         "the link safe.",
         res.body,
     )
Exemple #9
0
 def test_public_node_user_with_private_link_can_view_comment(self):
     self._set_up_public_project_with_comment()
     private_link = PrivateLinkFactory(anonymous=False)
     private_link.nodes.append(self.public_project)
     private_link.save()
     res = self.app.get('/{}comments/{}/'.format(API_BASE,
                                                 self.public_comment._id),
                        {'view_only': private_link.key},
                        expect_errors=True)
     assert_equal(self.public_comment._id, res.json['data']['id'])
     assert_equal(self.public_comment.content,
                  res.json['data']['attributes']['content'])
    def test_public_node_view_only_link_user_cannot_see_deleted_comment(self):
        self._set_up_public_project_with_comment()
        self.public_comment.is_deleted = True
        self.public_comment.save()

        private_link = PrivateLinkFactory(anonymous=False)
        private_link.nodes.append(self.public_project)
        private_link.save()

        res = self.app.get('/{}comments/{}/'.format(API_BASE, self.public_comment._id), {'view_only': private_link.key}, expect_errors=True)
        assert_equal(res.status_code, 200)
        assert_is_none(res.json['data']['attributes']['content'])
    def test_public_node_view_only_link_user_cannot_see_deleted_comment(self):
        self._set_up_public_project_with_comment()
        self.public_comment.is_deleted = True
        self.public_comment.save()

        private_link = PrivateLinkFactory(anonymous=False)
        private_link.nodes.append(self.public_project)
        private_link.save()

        res = self.app.get('/{}comments/{}/'.format(API_BASE, self.public_comment._id), {'view_only': private_link.key}, expect_errors=True)
        assert_equal(res.status_code, 200)
        assert_is_none(res.json['data']['attributes']['content'])
Exemple #12
0
class TestPrivateLinkView(OsfTestCase):

    def setUp(self):
        super(TestPrivateLinkView, self).setUp()
        self.user = AuthUserFactory()  # Is NOT a contributor
        self.project = ProjectFactory(is_public=False)
        self.link = PrivateLinkFactory(anonymous=True)
        self.link.nodes.append(self.project)
        self.link.save()
        self.project_url = self.project.web_url_for('view_project')

    def test_anonymous_link_hide_contributor(self):
        res = self.app.get(self.project_url, {'view_only': self.link.key})
        assert_in("Anonymous Contributors", res.body)
        assert_not_in(self.user.fullname, res)

    def test_anonymous_link_hides_citations(self):
        res = self.app.get(self.project_url, {'view_only': self.link.key})
        assert_not_in('Citation:', res)

    def test_no_warning_for_read_only_user_with_valid_link(self):
        link2 = PrivateLinkFactory(anonymous=False)
        link2.nodes.append(self.project)
        link2.save()
        self.project.add_contributor(
            self.user,
            permissions=['read'],
            save=True,
        )
        res = self.app.get(self.project_url, {'view_only': link2.key},
                           auth=self.user.auth)
        assert_not_in(
            "is being viewed through a private, view-only link. "
            "Anyone with the link can view this project. Keep "
            "the link safe.",
            res.body
        )

    def test_no_warning_for_read_only_user_with_invalid_link(self):
        self.project.add_contributor(
            self.user,
            permissions=['read'],
            save=True,
        )
        res = self.app.get(self.project_url, {'view_only': "not_valid"},
                           auth=self.user.auth)
        assert_not_in(
            "is being viewed through a private, view-only link. "
            "Anyone with the link can view this project. Keep "
            "the link safe.",
            res.body
        )
Exemple #13
0
class TestPrivateLinkView(OsfTestCase):

    def setUp(self):
        super(TestPrivateLinkView, self).setUp()
        self.user = AuthUserFactory()  # Is NOT a contributor
        self.project = ProjectFactory(is_public=False)
        self.link = PrivateLinkFactory(anonymous=True)
        self.link.nodes.append(self.project)
        self.link.save()
        self.project_url = self.project.web_url_for('view_project')

    def test_anonymous_link_hide_contributor(self):
        res = self.app.get(self.project_url, {'view_only': self.link.key})
        assert_in("Anonymous Contributors", res.body)
        assert_not_in(self.user.fullname, res)

    def test_anonymous_link_hides_citations(self):
        res = self.app.get(self.project_url, {'view_only': self.link.key})
        assert_not_in('Citation:', res)

    def test_no_warning_for_read_only_user_with_valid_link(self):
        link2 = PrivateLinkFactory(anonymous=False)
        link2.nodes.append(self.project)
        link2.save()
        self.project.add_contributor(
            self.user,
            permissions=['read'],
            save=True,
        )
        res = self.app.get(self.project_url, {'view_only': link2.key},
                           auth=self.user.auth)
        assert_not_in(
            "is being viewed through a private, view-only link. "
            "Anyone with the link can view this project. Keep "
            "the link safe.",
            res.body
        )

    def test_no_warning_for_read_only_user_with_invalid_link(self):
        self.project.add_contributor(
            self.user,
            permissions=['read'],
            save=True,
        )
        res = self.app.get(self.project_url, {'view_only': "not_valid"},
                           auth=self.user.auth)
        assert_not_in(
            "is being viewed through a private, view-only link. "
            "Anyone with the link can view this project. Keep "
            "the link safe.",
            res.body
        )
Exemple #14
0
 def test_view_file_with_anonymous_link(self, mock_fig):
     link = PrivateLinkFactory(anonymous=True)
     link.nodes.append(self.project)
     link.save()
     mock_fig.return_value = self.figshare
     url = self.project.web_url_for(
         'figshare_view_file', aid='564',fid='1348803'
     )
     self.app.auth = self.user.auth
     resp = self.app.get(url, {'view_only': link.key}).maybe_follow()
     assert_equal(resp.status_int, http.OK)
     assert_true('file is unpublished we cannot render it.' in resp.body)
     assert_not_in('View on Figshare', resp.body)
Exemple #15
0
    def test_build_addon_root_for_anonymous_vols_shows_path(self):
        private_link = PrivateLinkFactory()
        private_link.nodes.append(self.project)
        private_link.save()
        project_viewer = UserFactory()

        result = rubeus.build_addon_root(self.node_settings,
                                         self.node_settings.bucket,
                                         user=project_viewer,
                                         private_key=private_link.key)

        assert result['name'] == 'Amazon S3: {0}'.format(
            self.node_settings.bucket)
Exemple #16
0
 def test_view_file_with_anonymous_link(self, mock_fig):
     link = PrivateLinkFactory(anonymous=True)
     link.nodes.append(self.project)
     link.save()
     mock_fig.return_value = self.figshare
     url = self.project.web_url_for(
         'figshare_view_file', aid='564',fid='1348803'
     )
     self.app.auth = self.user.auth
     resp = self.app.get(url, {'view_only': link.key}).maybe_follow()
     assert_equal(resp.status_int, http.OK)
     assert_true('file is unpublished we cannot render it.' in resp.body)
     assert_not_in('View on Figshare', resp.body)
Exemple #17
0
    def test_dataverse_view_file_with_anonymous_link(self, mock_fail_if_private, mock_get_files, mock_connection, mock_scrape):
        link = PrivateLinkFactory(anonymous=True)
        link.nodes.append(self.project)
        link.save()
        mock_connection.return_value = create_mock_connection()
        mock_get_files.return_value = [create_mock_draft_file('foo')]
        mock_scrape.return_value = ('filename', 'content')

        url = self.project.api_url_for('dataverse_get_file_info', path='foo')
        res = self.app.get(url, {'view_only': link.key}).maybe_follow()
        assert_equal(res.status_code, 200)
        assert_not_in(self.node_settings.dataverse_alias, res.body)
        assert_not_in(self.node_settings.dataverse, res.body)
        assert_not_in(self.node_settings.study, res.body)
Exemple #18
0
 def test_private_node_user_with_anonymous_link_cannot_see_commenter_info(
         self):
     self._set_up_private_project_with_comment()
     private_link = PrivateLinkFactory(anonymous=True)
     private_link.nodes.append(self.private_project)
     private_link.save()
     res = self.app.get(
         '/{}comments/{}/'.format(API_BASE, self.comment._id),
         {'view_only': private_link.key})
     assert_equal(res.status_code, 200)
     assert_equal(self.comment._id, res.json['data']['id'])
     assert_equal(self.comment.content,
                  res.json['data']['attributes']['content'])
     assert_not_in('user', res.json['data']['relationships'])
Exemple #19
0
    def test_build_addon_root_for_anonymous_vols_hides_path(self):
        private_anonymous_link = PrivateLinkFactory(anonymous=True)
        private_anonymous_link.nodes.append(self.project)
        private_anonymous_link.save()
        project_viewer = UserFactory()

        result = rubeus.build_addon_root(
            self.node_settings,
            self.node_settings.bucket,
            user=project_viewer,
            private_key=private_anonymous_link.key
        )

        assert result['name'] == 'Amazon S3'
Exemple #20
0
    def test_dataverse_view_file_with_anonymous_link(self, mock_fail_if_private, mock_get_files, mock_connection, mock_scrape):
        link = PrivateLinkFactory(anonymous=True)
        link.nodes.append(self.project)
        link.save()
        mock_connection.return_value = create_mock_connection()
        mock_get_files.return_value = [create_mock_draft_file('foo')]
        mock_scrape.return_value = ('filename', 'content')

        url = self.project.api_url_for('dataverse_get_file_info', path='foo')
        res = self.app.get(url, {'view_only': link.key}).maybe_follow()
        assert_equal(res.status_code, 200)
        assert_not_in(self.node_settings.dataverse_alias, res.body)
        assert_not_in(self.node_settings.dataverse, res.body)
        assert_not_in(self.node_settings.study, res.body)
    def setUp(self):
        super(ViewOnlyLinkTestCase, self).setUp()
        self.user = AuthUserFactory()
        self.read_only_user = AuthUserFactory()
        self.read_write_user = AuthUserFactory()
        self.non_contributor = AuthUserFactory()

        self.public_project = ProjectFactory(is_public=True, creator=self.user)
        self.public_project.add_contributor(self.read_only_user, permissions=[permissions.READ])
        self.public_project.add_contributor(self.read_write_user, permissions=[permissions.WRITE])
        self.public_project.save()

        self.view_only_link = PrivateLinkFactory(name='testlink')
        self.view_only_link.nodes.append(self.public_project)
        self.view_only_link.save()
    def test_params_do_not_appear_on_private_project_with_anonymous_view_only_link(self):

        private_link = PrivateLinkFactory(anonymous=True)
        private_link.nodes.append(self.node)
        private_link.save()

        url = self.url + '{}/'.format(self.log_add_contributor._id)

        res = self.app.get(url, {'view_only': private_link.key}, expect_errors=True)
        assert_equal(res.status_code, 200)
        data = res.json['data']
        assert_in('attributes', data)
        assert_not_in('params', data['attributes'])
        body = res.body
        assert_not_in(self.user._id, body)
 def test_no_warning_for_read_only_user_with_valid_link(self):
     link2 = PrivateLinkFactory(anonymous=False)
     link2.nodes.append(self.project)
     link2.save()
     self.project.add_contributor(
         self.user,
         permissions=['read'],
         save=True,
     )
     res = self.app.get(self.project_url, {'view_only': link2.key},
                        auth=self.user.auth)
     assert_not_in(
         "is being viewed through a private, view-only link. "
         "Anyone with the link can view this project. Keep "
         "the link safe.", res.body)
Exemple #24
0
    def setUp(self):
        super(TestPrivateLink, self).setUp()
        self.flaskapp = Flask('testing_private_links')

        @self.flaskapp.route('/project/<pid>/')
        @must_be_contributor
        def project_get(**kwargs):
            return 'success', 200

        self.app = TestApp(self.flaskapp)

        self.user = AuthUserFactory()
        self.project = ProjectFactory(is_public=False)
        self.link = PrivateLinkFactory()
        self.link.nodes.append(self.project)
        self.link.save()
Exemple #25
0
    def test_file_view_with_anonymous_link(self, mock_contents, mock_repo, mock_file, mock_commits):
        mock_contents.return_value = None
        mock_commits.return_value = [Commit.from_json({
            "url": "https://api.github.com/repos/octocat/Hello-World/commits/6dcb09b5b57875f334f61aebed695e2e4193db5e",
            "sha": "6dcb09b5b57875f334f61aebed695e2e4193db5e",
            "commit": {
                "url": "https://api.github.com/repos/octocat/Hello-World/git/commits/6dcb09b5b57875f334f61aebed695e2e4193db5e",
                "author": {
                    "name": "Monalisa Octocat",
                    "email": "*****@*****.**",
                   "date": "2011-04-14T16:00:49Z"
                }
            }
        })]

        mock_repo.return_value = Repository.from_json({
            "default_branch": "dev",
            'url': u'https://api.github.com/repos/{user}/mock-repo/git/trees/dev'.format(user=self.user),
            'sha': 'dev',
            'private': False,
            'tree': [
                {u'mode': u'100644',
                 u'path': u'coveragerc',
                 u'sha': u'92029ff5ce192425d346b598d7e7dd25f5f05185',
                 u'size': 245,
                 u'type': u'file',
                 u'url': u'https://api.github.com/repos/{user}/mock-repo/git/blobs/92029ff5ce192425d346b598d7e7dd25f5f05185'.format(user=self.user)}]
        })

        mock_file.return_value = {
            u'name': u'coveragerc',
            u'content': u'ClRleHRCbG9iOiBTaW1wbGlmaWVkIFRleHQgUHJvY2Vzc2luZwo9PT09PT09',
            u'size': 245
        }

        link = PrivateLinkFactory(anonymous=True)
        link.nodes.append(self.project)
        link.save()
        url = self.project.web_url_for('github_view_file', path="coveragerc")
        res = self.app.get(url, {'view_only': link.key}).maybe_follow()
        assert_in("6dcb09b5b57875f334f61aebed695e2e4193db5e", res)
        assert_in("Thu Apr 14 16:00:49 2011", res)
        assert_in("file-version-history", res)
        assert_in("icon-download-alt", res)
        assert_not_in("Monalisa Octocat", res)
        assert_not_in("*****@*****.**", res)
class ViewOnlyLinkTestCase(ApiTestCase):

    def setUp(self):
        super(ViewOnlyLinkTestCase, self).setUp()
        self.user = AuthUserFactory()
        self.read_only_user = AuthUserFactory()
        self.read_write_user = AuthUserFactory()
        self.non_contributor = AuthUserFactory()

        self.public_project = ProjectFactory(is_public=True, creator=self.user)
        self.public_project.add_contributor(self.read_only_user, permissions=[permissions.READ])
        self.public_project.add_contributor(self.read_write_user, permissions=[permissions.WRITE])
        self.public_project.save()

        self.view_only_link = PrivateLinkFactory(name='testlink')
        self.view_only_link.nodes.append(self.public_project)
        self.view_only_link.save()
Exemple #27
0
 def setUp(self):
     super(TestPrivateLinkView, self).setUp()
     self.user = AuthUserFactory()  # Is NOT a contributor
     self.project = ProjectFactory(is_public=False)
     self.link = PrivateLinkFactory(anonymous=True)
     self.link.nodes.append(self.project)
     self.link.save()
     self.project_url = self.project.web_url_for('view_project')
Exemple #28
0
    def test_params_do_not_appear_on_private_project_with_anonymous_view_only_link(
            self):

        private_link = PrivateLinkFactory(anonymous=True)
        private_link.nodes.append(self.node)
        private_link.save()

        url = self.url + '{}/'.format(self.log_add_contributor._id)

        res = self.app.get(url, {'view_only': private_link.key},
                           expect_errors=True)
        assert_equal(res.status_code, 200)
        data = res.json['data']
        assert_in('attributes', data)
        assert_not_in('params', data['attributes'])
        body = res.body
        assert_not_in(self.user._id, body)
Exemple #29
0
    def test_file_view_with_anonymous_link(self, mock_repo, mock_file, mock_commits):
        mock_commits.return_value = [Commit.from_json({
            "url": "https://api.github.com/repos/octocat/Hello-World/commits/6dcb09b5b57875f334f61aebed695e2e4193db5e",
            "sha": "6dcb09b5b57875f334f61aebed695e2e4193db5e",
            "commit": {
                "url": "https://api.github.com/repos/octocat/Hello-World/git/commits/6dcb09b5b57875f334f61aebed695e2e4193db5e",
                "author": {
                    "name": "Monalisa Octocat",
                    "email": "*****@*****.**",
                   "date": "2011-04-14T16:00:49Z"
                }
            }
        })]

        mock_repo.return_value = Repository.from_json({
            "default_branch": "dev",
            'url': u'https://api.github.com/repos/{user}/mock-repo/git/trees/dev'.format(user=self.user),
            'sha': 'dev',
            'private': False,
            'tree': [
                {u'mode': u'100644',
                 u'path': u'coveragerc',
                 u'sha': u'92029ff5ce192425d346b598d7e7dd25f5f05185',
                 u'size': 245,
                 u'type': u'file',
                 u'url': u'https://api.github.com/repos/{user}/mock-repo/git/blobs/92029ff5ce192425d346b598d7e7dd25f5f05185'.format(user=self.user)}]
        })

        mock_file.return_value = {
            u'name': u'coveragerc',
            u'content': u'ClRleHRCbG9iOiBTaW1wbGlmaWVkIFRleHQgUHJvY2Vzc2luZwo9PT09PT09',
            u'size': 245
        }

        link = PrivateLinkFactory(anonymous=True)
        link.nodes.append(self.project)
        link.save()
        url = self.project.web_url_for('github_view_file', path="coveragerc")
        res = self.app.get(url, {'view_only': link.key}).maybe_follow()
        assert_in("6dcb09b5b57875f334f61aebed695e2e4193db5e", res)
        assert_in("Thu Apr 14 16:00:49 2011", res)
        assert_in("file-version-history", res)
        assert_in("icon-download-alt", res)
        assert_not_in("Monalisa Octocat", res)
        assert_not_in("*****@*****.**", res)
Exemple #30
0
class TestPrivateLinkView(OsfTestCase):

    def setUp(self):
        super(TestPrivateLinkView, self).setUp()
        self.user = AuthUserFactory()  # Is NOT a contributor
        self.project = ProjectFactory(is_public=False)
        self.link = PrivateLinkFactory(anonymous=True)
        self.link.nodes.append(self.project)
        self.link.save()
        self.project_url = self.project.web_url_for('view_project')

    def test_anonymous_link_hide_contributor(self):
        res = self.app.get(self.project_url, {'view_only': self.link.key})
        assert_in("Anonymous Contributors", res.body)
        assert_not_in(self.user.fullname, res)

    def test_anonymous_link_hides_citations(self):
        res = self.app.get(self.project_url, {'view_only': self.link.key})
        assert_not_in('Citation:', res)
    def setUp(self):
        super(ViewOnlyTestCase, self).setUp()
        self.creation_user = AuthUserFactory()
        self.viewing_user = AuthUserFactory()
        self.contributing_read_user = AuthUserFactory()
        self.contributing_write_user = AuthUserFactory()
        self.valid_contributors = [
            self.creation_user._id,
            self.contributing_read_user._id,
            self.contributing_write_user._id,
        ]

        self.private_node_one = ProjectFactory(is_public=False, creator=self.creation_user, title="Private One")
        self.private_node_one.add_contributor(self.contributing_read_user, permissions=[permissions.READ], save=True)
        self.private_node_one.add_contributor(self.contributing_write_user, permissions=[permissions.WRITE], save=True)
        self.private_node_one_anonymous_link = PrivateLinkFactory(anonymous=True)
        self.private_node_one_anonymous_link.nodes.append(self.private_node_one)
        self.private_node_one_anonymous_link.save()
        self.private_node_one_private_link = PrivateLinkFactory(anonymous=False)
        self.private_node_one_private_link.nodes.append(self.private_node_one)
        self.private_node_one_private_link.save()
        self.private_node_one_url = '/{}nodes/{}/'.format(API_BASE, self.private_node_one._id)

        self.private_node_two = ProjectFactory(is_public=False, creator=self.creation_user, title="Private Two")
        self.private_node_two.add_contributor(self.contributing_read_user, permissions=[permissions.READ], save=True)
        self.private_node_two.add_contributor(self.contributing_write_user, permissions=[permissions.WRITE], save=True)
        self.private_node_two_url = '/{}nodes/{}/'.format(API_BASE, self.private_node_two._id)

        self.public_node_one = ProjectFactory(is_public=True, creator=self.creation_user, title="Public One")
        self.public_node_one.add_contributor(self.contributing_read_user, permissions=[permissions.READ], save=True)
        self.public_node_one.add_contributor(self.contributing_write_user, permissions=[permissions.WRITE], save=True)
        self.public_node_one_anonymous_link = PrivateLinkFactory(anonymous=True)
        self.public_node_one_anonymous_link.nodes.append(self.public_node_one)
        self.public_node_one_anonymous_link.save()
        self.public_node_one_private_link = PrivateLinkFactory(anonymous=False)
        self.public_node_one_private_link.nodes.append(self.public_node_one)
        self.public_node_one_private_link.save()
        self.public_node_one_url = '/{}nodes/{}/'.format(API_BASE, self.public_node_one._id)

        self.public_node_two = ProjectFactory(is_public=True, creator=self.creation_user, title="Public Two")
        self.public_node_two.add_contributor(self.contributing_read_user, permissions=[permissions.READ], save=True)
        self.public_node_two.add_contributor(self.contributing_write_user, permissions=[permissions.WRITE], save=True)
        self.public_node_two_url = '/{}nodes/{}/'.format(API_BASE, self.public_node_two._id)
Exemple #32
0
    def setUp(self):
        super(TestMustBeContributorOrPublicButNotAnonymizedDecorator,
              self).setUp()
        self.contrib = AuthUserFactory()
        self.non_contrib = AuthUserFactory()
        admin = UserFactory()
        self.public_project = ProjectFactory(is_public=True)
        self.public_project.add_contributor(
            admin,
            auth=Auth(self.public_project.creator),
            permissions=['read', 'write', 'admin'])
        self.private_project = ProjectFactory(is_public=False)
        self.private_project.add_contributor(
            admin,
            auth=Auth(self.private_project.creator),
            permissions=['read', 'write', 'admin'])
        self.public_project.add_contributor(self.contrib,
                                            auth=Auth(
                                                self.public_project.creator))
        self.private_project.add_contributor(self.contrib,
                                             auth=Auth(
                                                 self.private_project.creator))
        self.public_project.save()
        self.private_project.save()
        self.anonymized_link_to_public_project = PrivateLinkFactory(
            anonymous=True)
        self.anonymized_link_to_private_project = PrivateLinkFactory(
            anonymous=True)
        self.anonymized_link_to_public_project.nodes.append(
            self.public_project)
        self.anonymized_link_to_public_project.save()
        self.anonymized_link_to_private_project.nodes.append(
            self.private_project)
        self.anonymized_link_to_private_project.save()
        self.flaskapp = Flask('Testing decorator')

        @self.flaskapp.route('/project/<pid>/')
        @must_be_contributor_or_public_but_not_anonymized
        def project_get(**kwargs):
            return 'success', 200

        self.app = TestApp(self.flaskapp)
Exemple #33
0
    def setUp(self):
        super(TestPrivateLink, self).setUp()
        self.flaskapp = Flask('testing_private_links')

        @self.flaskapp.route('/project/<pid>/')
        @must_be_contributor
        def project_get(**kwargs):
            return 'success', 200

        self.app = TestApp(self.flaskapp)

        self.user = AuthUserFactory()
        self.project = ProjectFactory(is_public=False)
        self.link = PrivateLinkFactory()
        self.link.nodes.append(self.project)
        self.link.save()
    def test_deleted_vols_not_returned(self):
        view_only_link = PrivateLinkFactory(name='testlink2')
        view_only_link.nodes.append(self.public_project)
        view_only_link.save()

        res = self.app.get(self.url, auth=self.user.auth)
        data = res.json['data']
        assert_equal(res.status_code, 200)
        assert_equal(len(data), 2)

        view_only_link.nodes.remove(self.public_project)
        view_only_link.save()

        res = self.app.get(self.url, auth=self.user.auth)
        data = res.json['data']
        assert_equal(res.status_code, 200)
        assert_equal(len(data), 1)
Exemple #35
0
 def _add_private_link(self, project, anonymous=False):
     view_only_link = PrivateLinkFactory(anonymous=anonymous)
     view_only_link.nodes.append(project)
     view_only_link.save()
     return view_only_link
Exemple #36
0
class TestMustBeContributorOrPublicButNotAnonymizedDecorator(AuthAppTestCase):
    def setUp(self):
        super(TestMustBeContributorOrPublicButNotAnonymizedDecorator, self).setUp()
        self.contrib = AuthUserFactory()
        self.non_contrib = AuthUserFactory()
        admin = UserFactory()
        self.public_project = ProjectFactory(is_public=True)
        self.public_project.add_contributor(admin, auth=Auth(self.public_project.creator), permissions=['read', 'write', 'admin'])
        self.private_project = ProjectFactory(is_public=False)
        self.private_project.add_contributor(admin, auth=Auth(self.private_project.creator), permissions=['read', 'write', 'admin'])
        self.public_project.add_contributor(self.contrib, auth=Auth(self.public_project.creator))
        self.private_project.add_contributor(self.contrib, auth=Auth(self.private_project.creator))
        self.public_project.save()
        self.private_project.save()
        self.anonymized_link_to_public_project = PrivateLinkFactory(anonymous=True)
        self.anonymized_link_to_private_project = PrivateLinkFactory(anonymous=True)
        self.anonymized_link_to_public_project.nodes.append(self.public_project)
        self.anonymized_link_to_public_project.save()
        self.anonymized_link_to_private_project.nodes.append(self.private_project)
        self.anonymized_link_to_private_project.save()
        self.flaskapp = Flask('Testing decorator')

        @self.flaskapp.route('/project/<pid>/')
        @must_be_contributor_or_public_but_not_anonymized
        def project_get(**kwargs):
            return 'success', 200
        self.app = TestApp(self.flaskapp)

    def test_must_be_contributor_when_user_is_contributor_and_public_project(self):
        result = view_that_needs_contributor_or_public_but_not_anonymized(
            pid=self.public_project._primary_key,
            user=self.contrib)
        assert_equal(result, self.public_project)

    def test_must_be_contributor_when_user_is_not_contributor_and_public_project(self):
        result = view_that_needs_contributor_or_public_but_not_anonymized(
            pid=self.public_project._primary_key,
            user=self.non_contrib)
        assert_equal(result, self.public_project)

    def test_must_be_contributor_when_user_is_contributor_and_private_project(self):
        result = view_that_needs_contributor_or_public_but_not_anonymized(
            pid=self.private_project._primary_key,
            user=self.contrib)
        assert_equal(result, self.private_project)

    def test_must_be_contributor_when_user_is_not_contributor_and_private_project_raise_error(self):
        with assert_raises(HTTPError):
            view_that_needs_contributor_or_public_but_not_anonymized(
                pid=self.private_project._primary_key,
                user=self.non_contrib
            )

    def test_must_be_contributor_no_user_and_public_project(self):
        res = view_that_needs_contributor_or_public_but_not_anonymized(
            pid=self.public_project._primary_key,
            user=None,
        )
        assert_equal(res, self.public_project)

    def test_must_be_contributor_no_user_and_private_project(self):
        res = view_that_needs_contributor_or_public_but_not_anonymized(
            pid=self.private_project._primary_key,
            user=None,
        )
        assert_is_redirect(res)
        # redirects to login url
        redirect_url = res.headers['Location']
        login_url = cas.get_login_url(service_url='http://localhost/')
        assert_equal(redirect_url, login_url)

    def test_must_be_contributor_parent_admin_and_public_project(self):
        user = UserFactory()
        node = NodeFactory(parent=self.public_project, creator=user)
        res = view_that_needs_contributor_or_public_but_not_anonymized(
            pid=self.public_project._id,
            nid=node._id,
            user=self.public_project.creator,
        )
        assert_equal(res, node)

    def test_must_be_contributor_parent_admin_and_private_project(self):
        user = UserFactory()
        node = NodeFactory(parent=self.private_project, creator=user)
        res = view_that_needs_contributor_or_public_but_not_anonymized(
            pid=self.private_project._id,
            nid=node._id,
            user=self.private_project.creator,
        )
        assert_equal(res, node)

    def test_must_be_contributor_parent_write_public_project(self):
        user = UserFactory()
        node = NodeFactory(parent=self.public_project, creator=user)
        self.public_project.set_permissions(self.public_project.creator, ['read', 'write'])
        self.public_project.save()
        with assert_raises(HTTPError) as exc_info:
            view_that_needs_contributor_or_public_but_not_anonymized(
                pid=self.public_project._id,
                nid=node._id,
                user=self.public_project.creator,
            )
        assert_equal(exc_info.exception.code, 403)

    def test_must_be_contributor_parent_write_private_project(self):
        user = UserFactory()
        node = NodeFactory(parent=self.private_project, creator=user)
        self.private_project.set_permissions(self.private_project.creator, ['read', 'write'])
        self.private_project.save()
        with assert_raises(HTTPError) as exc_info:
            view_that_needs_contributor_or_public_but_not_anonymized(
                pid=self.private_project._id,
                nid=node._id,
                user=self.private_project.creator,
            )
        assert_equal(exc_info.exception.code, 403)

    @mock.patch('website.project.decorators.Auth.from_kwargs')
    def test_decorator_does_allow_anonymous_link_public_project(self, mock_from_kwargs):
        mock_from_kwargs.return_value = Auth(user=None)
        res = self.app.get('/project/{0}'.format(self.public_project._primary_key),
            {'view_only': self.anonymized_link_to_public_project.key})
        res = res.follow()
        assert_equal(res.status_code, 200)

    @mock.patch('website.project.decorators.Auth.from_kwargs')
    def test_decorator_does_not_allow_anonymous_link_private_project(self, mock_from_kwargs):
        mock_from_kwargs.return_value = Auth(user=None)
        res = self.app.get('/project/{0}'.format(self.private_project._primary_key),
                           {'view_only': self.anonymized_link_to_private_project.key})
        res = res.follow(expect_errors=True)
        assert_equal(res.status_code, 500)
Exemple #37
0
class TestMustBeContributorOrPublicButNotAnonymizedDecorator(AuthAppTestCase):
    def setUp(self):
        super(TestMustBeContributorOrPublicButNotAnonymizedDecorator,
              self).setUp()
        self.contrib = AuthUserFactory()
        self.non_contrib = AuthUserFactory()
        admin = UserFactory()
        self.public_project = ProjectFactory(is_public=True)
        self.public_project.add_contributor(
            admin,
            auth=Auth(self.public_project.creator),
            permissions=['read', 'write', 'admin'])
        self.private_project = ProjectFactory(is_public=False)
        self.private_project.add_contributor(
            admin,
            auth=Auth(self.private_project.creator),
            permissions=['read', 'write', 'admin'])
        self.public_project.add_contributor(self.contrib,
                                            auth=Auth(
                                                self.public_project.creator))
        self.private_project.add_contributor(self.contrib,
                                             auth=Auth(
                                                 self.private_project.creator))
        self.public_project.save()
        self.private_project.save()
        self.anonymized_link_to_public_project = PrivateLinkFactory(
            anonymous=True)
        self.anonymized_link_to_private_project = PrivateLinkFactory(
            anonymous=True)
        self.anonymized_link_to_public_project.nodes.append(
            self.public_project)
        self.anonymized_link_to_public_project.save()
        self.anonymized_link_to_private_project.nodes.append(
            self.private_project)
        self.anonymized_link_to_private_project.save()
        self.flaskapp = Flask('Testing decorator')

        @self.flaskapp.route('/project/<pid>/')
        @must_be_contributor_or_public_but_not_anonymized
        def project_get(**kwargs):
            return 'success', 200

        self.app = TestApp(self.flaskapp)

    def test_must_be_contributor_when_user_is_contributor_and_public_project(
            self):
        result = view_that_needs_contributor_or_public_but_not_anonymized(
            pid=self.public_project._primary_key, user=self.contrib)
        assert_equal(result, self.public_project)

    def test_must_be_contributor_when_user_is_not_contributor_and_public_project(
            self):
        result = view_that_needs_contributor_or_public_but_not_anonymized(
            pid=self.public_project._primary_key, user=self.non_contrib)
        assert_equal(result, self.public_project)

    def test_must_be_contributor_when_user_is_contributor_and_private_project(
            self):
        result = view_that_needs_contributor_or_public_but_not_anonymized(
            pid=self.private_project._primary_key, user=self.contrib)
        assert_equal(result, self.private_project)

    def test_must_be_contributor_when_user_is_not_contributor_and_private_project_raise_error(
            self):
        with assert_raises(HTTPError):
            view_that_needs_contributor_or_public_but_not_anonymized(
                pid=self.private_project._primary_key, user=self.non_contrib)

    def test_must_be_contributor_no_user_and_public_project(self):
        res = view_that_needs_contributor_or_public_but_not_anonymized(
            pid=self.public_project._primary_key,
            user=None,
        )
        assert_equal(res, self.public_project)

    def test_must_be_contributor_no_user_and_private_project(self):
        res = view_that_needs_contributor_or_public_but_not_anonymized(
            pid=self.private_project._primary_key,
            user=None,
        )
        assert_is_redirect(res)
        # redirects to login url
        redirect_url = res.headers['Location']
        login_url = cas.get_login_url(service_url='http://localhost/')
        assert_equal(redirect_url, login_url)

    def test_must_be_contributor_parent_admin_and_public_project(self):
        user = UserFactory()
        node = NodeFactory(parent=self.public_project, creator=user)
        res = view_that_needs_contributor_or_public_but_not_anonymized(
            pid=self.public_project._id,
            nid=node._id,
            user=self.public_project.creator,
        )
        assert_equal(res, node)

    def test_must_be_contributor_parent_admin_and_private_project(self):
        user = UserFactory()
        node = NodeFactory(parent=self.private_project, creator=user)
        res = view_that_needs_contributor_or_public_but_not_anonymized(
            pid=self.private_project._id,
            nid=node._id,
            user=self.private_project.creator,
        )
        assert_equal(res, node)

    def test_must_be_contributor_parent_write_public_project(self):
        user = UserFactory()
        node = NodeFactory(parent=self.public_project, creator=user)
        self.public_project.set_permissions(self.public_project.creator,
                                            ['read', 'write'])
        self.public_project.save()
        with assert_raises(HTTPError) as exc_info:
            view_that_needs_contributor_or_public_but_not_anonymized(
                pid=self.public_project._id,
                nid=node._id,
                user=self.public_project.creator,
            )
        assert_equal(exc_info.exception.code, 403)

    def test_must_be_contributor_parent_write_private_project(self):
        user = UserFactory()
        node = NodeFactory(parent=self.private_project, creator=user)
        self.private_project.set_permissions(self.private_project.creator,
                                             ['read', 'write'])
        self.private_project.save()
        with assert_raises(HTTPError) as exc_info:
            view_that_needs_contributor_or_public_but_not_anonymized(
                pid=self.private_project._id,
                nid=node._id,
                user=self.private_project.creator,
            )
        assert_equal(exc_info.exception.code, 403)

    @mock.patch('website.project.decorators.Auth.from_kwargs')
    def test_decorator_does_allow_anonymous_link_public_project(
            self, mock_from_kwargs):
        mock_from_kwargs.return_value = Auth(user=None)
        res = self.app.get(
            '/project/{0}'.format(self.public_project._primary_key),
            {'view_only': self.anonymized_link_to_public_project.key})
        res = res.follow()
        assert_equal(res.status_code, 200)

    @mock.patch('website.project.decorators.Auth.from_kwargs')
    def test_decorator_does_not_allow_anonymous_link_private_project(
            self, mock_from_kwargs):
        mock_from_kwargs.return_value = Auth(user=None)
        res = self.app.get(
            '/project/{0}'.format(self.private_project._primary_key),
            {'view_only': self.anonymized_link_to_private_project.key})
        res = res.follow(expect_errors=True)
        assert_equal(res.status_code, 500)
    def setUp(self):
        super(ViewOnlyTestCase, self).setUp()
        self.creation_user = AuthUserFactory()
        self.viewing_user = AuthUserFactory()
        self.contributing_read_user = AuthUserFactory()
        self.contributing_write_user = AuthUserFactory()
        self.valid_contributors = [
            self.creation_user._id,
            self.contributing_read_user._id,
            self.contributing_write_user._id,
        ]

        self.private_node_one = ProjectFactory(is_public=False,
                                               creator=self.creation_user,
                                               title="Private One")
        self.private_node_one.add_contributor(self.contributing_read_user,
                                              permissions=[permissions.READ],
                                              save=True)
        self.private_node_one.add_contributor(self.contributing_write_user,
                                              permissions=[permissions.WRITE],
                                              save=True)
        self.private_node_one_anonymous_link = PrivateLinkFactory(
            anonymous=True)
        self.private_node_one_anonymous_link.nodes.append(
            self.private_node_one)
        self.private_node_one_anonymous_link.save()
        self.private_node_one_private_link = PrivateLinkFactory(
            anonymous=False)
        self.private_node_one_private_link.nodes.append(self.private_node_one)
        self.private_node_one_private_link.save()
        self.private_node_one_url = '/{}nodes/{}/'.format(
            API_BASE, self.private_node_one._id)

        self.private_node_two = ProjectFactory(is_public=False,
                                               creator=self.creation_user,
                                               title="Private Two")
        self.private_node_two.add_contributor(self.contributing_read_user,
                                              permissions=[permissions.READ],
                                              save=True)
        self.private_node_two.add_contributor(self.contributing_write_user,
                                              permissions=[permissions.WRITE],
                                              save=True)
        self.private_node_two_url = '/{}nodes/{}/'.format(
            API_BASE, self.private_node_two._id)

        self.public_node_one = ProjectFactory(is_public=True,
                                              creator=self.creation_user,
                                              title="Public One")
        self.public_node_one.add_contributor(self.contributing_read_user,
                                             permissions=[permissions.READ],
                                             save=True)
        self.public_node_one.add_contributor(self.contributing_write_user,
                                             permissions=[permissions.WRITE],
                                             save=True)
        self.public_node_one_anonymous_link = PrivateLinkFactory(
            anonymous=True)
        self.public_node_one_anonymous_link.nodes.append(self.public_node_one)
        self.public_node_one_anonymous_link.save()
        self.public_node_one_private_link = PrivateLinkFactory(anonymous=False)
        self.public_node_one_private_link.nodes.append(self.public_node_one)
        self.public_node_one_private_link.save()
        self.public_node_one_url = '/{}nodes/{}/'.format(
            API_BASE, self.public_node_one._id)

        self.public_node_two = ProjectFactory(is_public=True,
                                              creator=self.creation_user,
                                              title="Public Two")
        self.public_node_two.add_contributor(self.contributing_read_user,
                                             permissions=[permissions.READ],
                                             save=True)
        self.public_node_two.add_contributor(self.contributing_write_user,
                                             permissions=[permissions.WRITE],
                                             save=True)
        self.public_node_two_url = '/{}nodes/{}/'.format(
            API_BASE, self.public_node_two._id)
 def _add_private_link(self, project, anonymous=False):
     view_only_link = PrivateLinkFactory(anonymous=anonymous)
     view_only_link.nodes.append(project)
     view_only_link.save()
     return view_only_link