def test_import_auth_cant_write_node(self):
ea = self.ExternalAccountFactory()
user = AuthUserFactory()
user.add_addon(self.ADDON_SHORT_NAME, auth=Auth(user))
user.external_accounts.append(ea)
user.save()
node = ProjectFactory(creator=self.user)
node.add_contributor(user,
permissions=[permissions.READ],
auth=self.auth,
save=True)
node.add_addon(self.ADDON_SHORT_NAME, auth=self.auth)
node.save()
url = node.api_url_for('{0}_import_auth'.format(self.ADDON_SHORT_NAME))
res = self.app.put_json(url, {'external_account_id': ea._id},
auth=user.auth,
expect_errors=True)
assert_equal(res.status_code, http.FORBIDDEN)
def setUp(self):
super(TestNodeContributorDelete, self).setUp()
self.user = AuthUserFactory()
self.user_two = AuthUserFactory()
self.user_three = AuthUserFactory()
self.project = ProjectFactory(creator=self.user)
self.project.add_contributor(
self.user_two,
permissions=[permissions.READ, permissions.WRITE],
visible=True,
save=True)
self.url_user = '******'.format(
API_BASE, self.project._id, self.user._id)
self.url_user_two = '/{}nodes/{}/contributors/{}/'.format(
API_BASE, self.project._id, self.user_two._id)
self.url_user_three = '/{}nodes/{}/contributors/{}/'.format(
API_BASE, self.project._id, self.user_three._id)
def test_do_migration(self):
project = ProjectFactory()
user = UserFactory()
node = NodeFactory(parent=project)
node.add_contributor(contributor=user)
node.save()
for log in node.logs:
if log.action == 'contributor_added':
project.logs.append(log)
project.save()
node_list = get_targets()
do_migration(node_list)
logs = [
each for each in project.logs if each.action == 'contributor_added'
]
assert len(logs) is 1
assert logs[0].should_hide is True
def test_node_child_filtering(self):
user = AuthUserFactory()
project = ProjectFactory(creator=user)
title1, title2 = fake.bs(), fake.bs()
component = NodeFactory(title=title1, parent=project)
component2 = NodeFactory(title=title2, parent=project)
url = '/{}nodes/{}/children/?filter[title]={}'.format(
API_BASE,
project._id,
title1
)
res = self.app.get(url, auth=user.auth)
ids = [node['id'] for node in res.json['data']]
assert_in(component._id, ids)
assert_not_in(component2._id, ids)
def setUp(self):
super(TestNodeChildCreate, self).setUp()
self.user = AuthUserFactory()
self.user_two = AuthUserFactory()
self.project = ProjectFactory(creator=self.user, is_public=True)
self.url = '/{}nodes/{}/children/'.format(API_BASE, self.project._id)
self.child = {
'data': {
'type': 'nodes',
'attributes': {
'title': 'child',
'description': 'this is a child project',
'category': 'project'
}
}
}
def test_unregistered_users_names_are_project_specific(self):
name1, name2, email = fake.name(), fake.name(), fake.email()
project2 = ProjectFactory(creator=self.referrer)
# different projects use different names for the same unreg contributor
self.project.add_unregistered_contributor(email=email,
fullname=name1,
auth=Auth(self.referrer))
self.project.save()
project2.add_unregistered_contributor(email=email,
fullname=name2,
auth=Auth(self.referrer))
project2.save()
self.app.authenticate(*self.referrer.auth)
# Each project displays a different name in the contributor list
res = self.app.get(self.project.url)
assert_in_html(name1, res)
res2 = self.app.get(project2.url)
assert_in_html(name2, res2)
def setUp(self):
super(TestFileVersionView, self).setUp()
self.user = AuthUserFactory()
self.node = ProjectFactory(creator=self.user)
self.osfstorage = self.node.get_addon('osfstorage')
self.root_node = self.osfstorage.get_root()
self.file = self.root_node.append_file('test_file')
self.file.create_version(
self.user, {
'object': '06d80e',
'service': 'cloud',
osfstorage_settings.WATERBUTLER_RESOURCE: 'osf',
}, {
'size': 1337,
'contentType': 'img/png'
}).save()
def setUp(self):
super(TestShortUrls, self).setUp()
self.user = UserFactory()
# Add an API key for quicker authentication
api_key = ApiKeyFactory()
self.user.api_keys.append(api_key)
self.user.save()
self.auth = ('test', api_key._primary_key)
self.consolidate_auth = Auth(user=self.user, api_key=api_key)
self.project = ProjectFactory(creator=self.user)
# A non-project componenet
self.component = NodeFactory(category='hypothesis', creator=self.user)
self.project.nodes.append(self.component)
self.component.save()
# Hack: Add some logs to component; should be unnecessary pending
# improvements to factories from @rliebz
self.component.set_privacy('public', auth=self.consolidate_auth)
self.component.set_privacy('private', auth=self.consolidate_auth)
self.wiki = NodeWikiFactory(user=self.user, node=self.component)
def test_GET_disapprove_with_valid_token_returns_redirect_to_parent(self):
project = ProjectFactory(creator=self.user)
registration = RegistrationFactory(project=project)
registration.embargo_registration(
self.user,
datetime.datetime.utcnow() + datetime.timedelta(days=10))
registration.save()
assert_true(registration.is_pending_embargo)
rejection_token = registration.embargo.approval_state[
self.user._id]['rejection_token']
res = self.app.get(
registration.web_url_for('view_project', token=rejection_token),
auth=self.user.auth,
)
registration.embargo.reload()
assert_equal(registration.embargo.state, Embargo.REJECTED)
assert_false(registration.is_pending_embargo)
assert_equal(res.status_code, 302)
def setUp(self):
super(AddonSerializerTestSuiteMixin, self).setUp()
self.user = AuthUserFactory()
self.node = ProjectFactory(creator=self.user)
self.set_user_settings(self.user)
assert_is_not_none(
getattr(self, 'user_settings'),
"'set_user_settings' should set the 'user_settings' attribute of the instance to an instance of the appropriate user settings model."
)
self.set_node_settings(self.user_settings)
assert_is_not_none(
getattr(self, 'node_settings'),
"'set_node_settings' should set the 'user_settings' attribute of the instance to an instance of the appropriate node settings model."
)
self.ser = self.Serializer(
user_settings=self.user_settings,
node_settings=self.node_settings
)
def setUp(self):
super(MendeleyViewsTestCase, self).setUp()
self.account = MendeleyAccountFactory()
self.user = AuthUserFactory(external_accounts=[self.account])
self.account.display_name = self.user.fullname
self.account.save()
self.user_addon = MendeleyUserSettingsFactory(owner=self.user, external_account=self.account)
self.project = ProjectFactory(creator=self.user)
self.node_addon = MendeleyNodeSettingsFactory(owner=self.project)
self.node_addon.set_auth(external_account=self.account, user=self.user)
#self.user_addon.grant_oauth_access(self.node_addon, self.account, metadata={'lists': 'list'})
self.node = MockNode()
self.node.addon = self.node_addon
self.id_patcher = mock.patch('website.addons.mendeley.model.Mendeley.client_id')
self.secret_patcher = mock.patch('website.addons.mendeley.model.Mendeley.client_secret')
self.id_patcher.__get__ = mock.Mock(return_value='1234567890asdf')
self.secret_patcher.__get__ = mock.Mock(return_value='1234567890asdf')
self.id_patcher.start()
self.secret_patcher.start()
def setUp(self):
super(TestMigrateFiles, self).setUp()
self.clear()
self.nodes = []
for idx in range(3):
node = ProjectFactory()
node.add_file(
Auth(user=node.creator),
'name',
'contents',
len('contents'),
'text/plain',
)
self.nodes.append(node)
self.nodes[-1].files_versions = {}
self.nodes[-1].save()
# Sanity check
assert_in('name', self.nodes[-1].files_current)
assert_not_in('name', self.nodes[-1].files_versions)
def test_get_summary_private_fork_private_project_should_include_is_fork(self):
# contributor on a private project
user = UserFactory()
node = ProjectFactory(public=False)
node.add_contributor(user)
# contributor cannot see private fork of this project
consolidated_auth = Auth(user=node.creator)
fork = node.fork_node(consolidated_auth)
res = _get_summary(
fork, auth=Auth(user),
rescale_ratio=None,
primary=True,
link_id=None
)
# serialized result should have is_fork
assert_false(res['summary']['can_view'])
assert_true(res['summary']['is_fork'])
def test_has_permission_decommissioned_scope_no_error(self):
component_admin = AuthUserFactory()
component = ProjectFactory(creator=component_admin,
is_public=False,
parent=self.node)
cas_resp = cas.CasResponse(authenticated=True,
status=None,
user=self.user._id,
attributes={
'accessTokenScope': {
'decommissioned.scope+write',
'osf.nodes.data+read',
}
})
assert_false(component.has_permission(self.user, 'write'))
res = views.check_access(component, Auth(user=self.user), 'download',
cas_resp)
assert_true(res)
def test_POST_register_make_public_immediately_creates_private_pending_registration_for_public_project(self, mock_enqueue):
self.project.is_public = True
self.project.save()
component = NodeFactory(
creator=self.user,
parent=self.project,
title='Component',
is_public=True
)
subproject = ProjectFactory(
creator=self.user,
parent=self.project,
title='Subproject',
is_public=True
)
subproject_component = NodeFactory(
creator=self.user,
parent=subproject,
title='Subcomponent',
is_public=True
)
res = self.app.post(
self.project.api_url_for('register_draft_registration', draft_id=self.draft._id),
self.valid_make_public_payload,
content_type='application/json',
auth=self.user.auth
)
self.project.reload()
assert_equal(res.status_code, 202)
assert_equal(res.json['urls']['registrations'], self.project.web_url_for('node_registrations'))
# Last node directly registered from self.project
registration = Node.find(
Q('registered_from', 'eq', self.project)
).sort('-registered_date')[0]
assert_true(registration.is_registration)
assert_false(registration.is_public)
for node in registration.get_descendants_recursive():
assert_true(node.is_registration)
assert_false(node.is_public)
def test_new_primary_not_in_node(self):
project = ProjectFactory()
file_for_project = test_utils.create_test_file(project, 'letoutthatantidote.pdf')
relationships = {
"primary_file": {
"data": {
"type": "file",
"id": file_for_project._id
}
}
}
update_file_payload = build_preprint_update_payload(self.preprint._id, relationships=relationships)
res = self.app.patch_json_api(self.url, update_file_payload, auth=self.user.auth, expect_errors=True)
assert_equal(res.status_code, 400)
self.preprint.reload()
assert_not_equal(self.preprint.primary_file, file_for_project)
def setUp(self):
super(TestAddonFileViews, self).setUp()
self.user = AuthUserFactory()
self.project = ProjectFactory(creator=self.user)
self.user.add_addon('github')
self.project.add_addon('github', auth=Auth(self.user))
self.user_addon = self.user.get_addon('github')
self.node_addon = self.project.get_addon('github')
self.oauth = AddonGitHubOauthSettings(github_user_id='denbarell',
oauth_access_token='Truthy')
self.oauth.save()
self.user_addon.oauth_settings = self.oauth
self.user_addon.save()
self.node_addon.user_settings = self.user_addon
self.node_addon.save()
def setUp(self):
super(RegistrationRetractionApprovalDisapprovalViewsTestCase,
self).setUp()
self.user = AuthUserFactory()
self.registered_from = ProjectFactory(is_public=True,
creator=self.user)
self.registration = RegistrationFactory(is_public=True,
project=self.registered_from)
self.registration.retract_registration(self.user)
self.registration.save()
self.approval_token = self.registration.retraction.approval_state[
self.user._id]['approval_token']
self.rejection_token = self.registration.retraction.approval_state[
self.user._id]['rejection_token']
self.corrupt_token = fake.sentence()
self.token_without_sanction = tokens.encode({
'action': 'approve_retraction',
'user_id': self.user._id,
'sanction_id': 'invalid id'
})
def test_public_node_contributor_cannot_delete_other_users_comment(self):
public_project = ProjectFactory(is_public=True, creator=self.user)
comment = CommentFactory(node=public_project,
target=public_project,
user=self.user)
url = '/{}comments/{}/'.format(API_BASE, comment._id)
payload = {
'data': {
'id': comment._id,
'type': 'comments',
'attributes': {
'deleted': True
}
}
}
res = self.app.patch_json_api(url,
payload,
auth=self.contributor.auth,
expect_errors=True)
assert_equal(res.status_code, 403)
def test_import_auth(self):
ea = self.ExternalAccountFactory()
self.user.external_accounts.append(ea)
self.user.save()
node = ProjectFactory(creator=self.user)
node_settings = node.get_or_add_addon(self.ADDON_SHORT_NAME, auth=Auth(self.user))
node.save()
url = node.api_url_for('{0}_import_auth'.format(self.ADDON_SHORT_NAME))
res = self.app.put_json(url, {
'external_account_id': ea._id
}, auth=self.user.auth)
assert_equal(res.status_code, http.OK)
assert_in('result', res.json)
node_settings.reload()
assert_equal(node_settings.external_account._id, ea._id)
node.reload()
last_log = node.logs.latest()
assert_equal(last_log.action, '{0}_node_authorized'.format(self.ADDON_SHORT_NAME))
def setUp(self):
super(TestCommentRepliesFiltering, self).setUp()
self.user = AuthUserFactory()
self.project = ProjectFactory(creator=self.user)
self.comment = CommentFactory(node=self.project, user=self.user)
self.reply = CommentFactory(node=self.project,
target=self.comment,
user=self.user)
self.deleted_reply = CommentFactory(node=self.project,
target=self.comment,
user=self.user,
is_deleted=True)
self.base_url = '/{}comments/{}/replies/'.format(
API_BASE, self.comment._id)
self.formatted_date_created = self.reply.date_created.strftime(
'%Y-%m-%dT%H:%M:%S.%f')
self.reply.edit('Edited comment', auth=core.Auth(self.user), save=True)
self.formatted_date_modified = self.reply.date_modified.strftime(
'%Y-%m-%dT%H:%M:%S.%f')
def test_sees_log_events_on_watched_projects(self):
# Another user has a public project
u2 = UserFactory(username='******', fullname='Bono')
key = ApiKeyFactory()
u2.api_keys.append(key)
u2.save()
project = ProjectFactory(creator=u2, is_public=True)
project.add_contributor(u2)
auth = Auth(user=u2, api_key=key)
project.save()
# User watches the project
watch_config = WatchConfigFactory(node=project)
self.user.watch(watch_config)
self.user.save()
# Goes to her dashboard, already logged in
res = self.app.get('/dashboard/', auth=self.auth, auto_follow=True)
# Sees logs for the watched project
assert_in('Watched Projects', res) # Watched Projects header
# The log action is in the feed
assert_in(project.title, res)
def test_wiki_pages_with_invalid_nodes_are_removed_after_cloning(self):
project = ProjectFactory(creator=self.user, is_public=True)
wiki = NodeWikiFactory(node=project)
fork = project.fork_node(auth=Auth(self.user))
fork.wiki_pages_versions = project.wiki_pages_versions
fork.wiki_pages_current = project.wiki_pages_current
fork.save()
# Remove original node - wiki.node no longer points to an existing project
Node.remove_one(project._id)
# clone wiki page
main()
fork.reload()
cloned_wiki_id = fork.wiki_pages_versions[wiki.page_name][0]
cloned_wiki = NodeWikiPage.load(cloned_wiki_id)
assert_equal(cloned_wiki.node._id, fork._id)
# move original wiki page to unmigratedwikipages collection
assert_false(db.nodewikipage.find_one({'_id': wiki._id}))
assert_true(db.unmigratedwikipages.find_one({'_id': wiki._id}))
def test_public_node_private_comment_level_non_contributor_cannot_see_reports(
self):
project = ProjectFactory(is_public=True,
creator=self.user,
comment_level='private')
comment = CommentFactory(node=project, user=self.user)
comment.reports = dict()
comment.reports[self.user._id] = {
'category': 'spam',
'text': 'This is spam',
'date': datetime.utcnow(),
'retracted': False,
}
comment.save()
url = '/{}comments/{}/reports/'.format(API_BASE, comment._id)
res = self.app.get(url,
auth=self.non_contributor.auth,
expect_errors=True)
assert_equal(res.status_code, 403)
assert_equal(res.json['errors'][0]['detail'],
'You do not have permission to perform this action.')
def setUp(self):
super(TestSearchSerializer, self).setUp()
self.user = AuthUserFactory()
self.project = ProjectFactory(creator=self.user, is_public=True)
self.component = NodeFactory(parent=self.project,
creator=self.user,
is_public=True)
self.file = utils.create_test_file(self.component, self.user)
ensure_schemas()
self.schema = MetaSchema.find_one(
Q('name', 'eq',
'Replication Recipe (Brandt et al., 2013): Post-Completion')
& Q('schema_version', 'eq', LATEST_SCHEMA_VERSION))
with mock_archive(self.project,
autocomplete=True,
autoapprove=True,
schema=self.schema) as registration:
self.registration = registration
def test_forward_slash_is_removed_from_wiki_title(self):
project = ProjectFactory()
wiki = NodeWikiFactory(node=project, is_current=True)
invalid_name = 'invalid/name'
db.nodewikipage.update({'_id': wiki._id},
{'$set': {
'page_name': invalid_name
}})
project.wiki_pages_current[
'invalid/name'] = project.wiki_pages_current[wiki.page_name]
project.wiki_pages_versions[
'invalid/name'] = project.wiki_pages_versions[wiki.page_name]
project.save()
main()
wiki.reload()
assert_equal(wiki.page_name, 'invalidname')
assert_in('invalidname', project.wiki_pages_current)
assert_in('invalidname', project.wiki_pages_versions)
def test_redirect_when_viewing_private_project_file_through_view_only_link(
self):
project = ProjectFactory()
test_file = OsfStorageFile.create(
is_file=True,
node=project,
path='/test',
name='test',
materialized_path='/test',
)
test_file.save()
guid = test_file.get_guid(create=True)
view_only_link = self._add_private_link(project)
url = '/{}guids/{}/?view_only={}'.format(API_BASE, guid._id,
view_only_link.key)
res = self.app.get(url, auth=AuthUserFactory().auth)
redirect_url = '{}{}files/{}/?view_only={}'.format(
API_DOMAIN, API_BASE, test_file._id, view_only_link.key)
assert_equal(res.status_code, 302)
assert_equal(res.location, redirect_url)
def setUp(self):
super(TestWikiRename, self).setUp()
self.project = ProjectFactory(is_public=True)
api_key = ApiKeyFactory()
self.project.creator.api_keys.append(api_key)
self.project.creator.save()
self.consolidate_auth = Auth(user=self.project.creator, api_key=api_key)
self.auth = ('test', api_key._primary_key)
self.project.update_node_wiki('home', 'Hello world', self.consolidate_auth)
self.page_name = 'page2'
self.project.update_node_wiki(self.page_name, 'content', self.consolidate_auth)
self.project.save()
self.page = self.project.get_wiki_page(self.page_name)
self.wiki = self.project.get_wiki_page('home')
self.url = self.project.api_url_for(
'project_wiki_rename',
wname=self.page_name,
)
def setUp(self):
super(TestAddonFileViews, self).setUp()
self.user = AuthUserFactory()
self.project = ProjectFactory(creator=self.user)
self.user.add_addon('github')
self.project.add_addon('github', auth=Auth(self.user))
self.user_addon = self.user.get_addon('github')
self.node_addon = self.project.get_addon('github')
self.oauth = GitHubAccountFactory()
self.oauth.save()
self.user.external_accounts.append(self.oauth)
self.user.save()
self.node_addon.user_settings = self.user_addon
self.node_addon.external_account = self.oauth
self.node_addon.repo = 'Truth'
self.node_addon.user = '******'
self.node_addon.save()
def setUp(self):
super(OAuthAddonNodeSettingsTestSuiteMixin, self).setUp()
self.node = ProjectFactory()
self.user = self.node.creator
self.external_account = self.ExternalAccountFactory()
self.user.add_addon(self.short_name)
self.user.external_accounts.append(self.external_account)
self.user.save()
self.user_settings = self.user.get_addon(self.short_name)
self.user_settings.grant_oauth_access(
node=self.node,
external_account=self.external_account,
metadata={'folder': '1234567890'})
self.user_settings.save()
self.node_settings = self.NodeSettingsFactory(
**self._node_settings_class_kwargs(self.node, self.user_settings))
self.node_settings.external_account = self.external_account
self.node_settings.save()
