def test_article_about(self): category = Category(name="zh-hans") category.save() body = urlencode(dict( title="sdf是地方", active=1, category='zh-hans', create_time='2015-06-14 16:07', md_content='test 1 2 3 <pre><code>def123</code></pre>', )) response = self.fetch('/admin/article/add', method="POST", headers=self.headers, body=body) self.assertIn(b'<code>', response.body) article = Article.objects(title='sdf是地方').first() self.assertIn('<code>', article.html_content) response = self.fetch('/admin/articles/1', headers=self.headers) self.assertIn('sdf是地方', response.body.decode()) self.assertIn('/zh-hans/%s/%s' % (article.create_time.strftime('%d-%m'), article.id_no), response.body.decode()) self.assertIn('/admin/article/%s/edit' % article.id_no, response.body.decode()) response = self.fetch('/admin', headers=self.headers) self.assertIn('sdf是地方', response.body.decode()) self.assertIn('/admin/article/%s/edit' % article.id_no, response.body.decode()) body = urlencode(dict( # title="sdf是地方", active=1, category='zh-hans', create_time='2015-06-14 16:07', md_content='test 1 2 3 <pre><code>def123</code></pre>', )) response = self.fetch('/admin/article/add', method="POST", headers=self.headers, body=body) self.assertEqual(400, response.code) body = urlencode(dict( title="sdf是地方", active=1, category='zh-hans', create_time='2015-06-14 24:07fc', md_content='test 1 2 3 <pre><code>def123</code></pre>', )) response = self.fetch('/admin/article/add', method="POST", headers=self.headers, body=body) self.assertEqual(500, response.code) response = self.fetch('/admin/article/%s/del' % article.id_no, method="DELETE", headers=self.headers) self.assertIn('1', response.body.decode()) article = Article.objects(title='sdf是地方').first() self.assertEqual(1, article.is_del)
def get(self): """转到SSO登录页面""" next_url = self.get_query_argument('next') next_url += ('&' if '?' in next_url else '?') + 'info=1' url = self.get_login_url() url += ('&' if '?' in url else '?') + urlencode(dict(next=next_url)) self.redirect(url)
def test_home(self): response = self.fetch('/admin', headers=self.headers) body = response.body.decode() self.assertIn('Add Quote', body) body = urlencode(dict(quote_body="test quo body", quote_author="arion")) response = self.fetch('/admin', method="POST", headers=self.headers, body=body) self.assertEqual(response.code, 200)
def test_login(self): url = "/auth/login" response = self.fetch(url) self.assertIn(b'email', response.body) body = urlencode(dict( email='*****@*****.**', pass_word='12345' )) response = self.fetch(url, method="POST", headers=self.headers, body=body) self.assertIn(b'Add Quote', response.body)
def wrapper(self, *args, **kwargs): if not self.current_user: if self.request.method in ("GET", "HEAD"): url = self.get_admin_login_url() if "?" not in url: if urlparse.urlsplit(url).scheme: next_url = self.request.full_url() else: next_url = self.request.uri url += "?" + urlencode(dict(next=next_url)) return self.redirect(url) raise HTTPError(403) return func(self, *args, **kwargs)
def wrapper(self, *args, **kwargs): user = self.current_user if not user: if self.request.method in ("GET", "HEAD"): url = self.get_login_url() if "?" not in url: if urlparse.urlsplit(url).scheme: # if login url is absolute, make next absolute too next_url = self.request.full_url() else: next_url = self.request.uri url += "?" + urlencode(dict(next=next_url)) self.redirect(url) return elif f(user): return method(self, *args, **kwargs) raise HTTPError(403)
def _wrapper(self, *args, **kwargs): if not (self.current_user and self.current_user.active is True): if self.request.method in ("GET", "HEAD"): url = self.get_login_url( ) if not self.current_user else self.get_verify_url() if "?" not in url: if urllib.parse.urlsplit(url).scheme: # if login url is absolute, make next absolute too next_url = self.request.full_url() else: assert self.request.uri is not None next_url = self.request.uri url += "?" + urlencode(dict(next=next_url)) self.redirect(url) return None raise HTTPError(403) return f(self, *args, **kwargs)
def wrapper(self, *args, **kwargs): """ @type self BaseHandler """ # 如果没有登录,强制登录 if not self.current_user: if self.request.method in ("GET", "HEAD"): url = self.get_login_url() if "?" not in url: if urlparse.urlsplit(url).scheme: # if login url is absolute, make next absolute too next_url = self.request.full_url() else: next_url = self.request.uri url += "?" + urlencode(dict(next=next_url)) self.redirect(url) return raise tornado.web.HTTPError(403) # 如果1小时内不活跃,强制退出 if (datetime.now() - self.current_user.last_active).total_seconds() >= 60 * 60: self.redirect( url_concat(self.reverse_url('logout'), {'next': self.request.uri})) return self.db.execute( 'update operator set last_active=NOW() where id=%s', self.current_user.id) # 检查权限 if required_roles: roles = self.current_user.roles.split(',') passed = False if required_roles == ('developer_mgr', ): # 如果标明只有开发主管可以访问,那么真的你需要 developer_mgr 这个角色才能访问 if 'developer_mgr' in roles: passed = True else: for role in roles: if role == 'developer' or role in required_roles: passed = True break if not passed: self.render('403.html') return return method(self, *args, **kwargs)
def wrapper(self, *args, **kwargs): """ @type self BaseHandler """ # 如果没有登录,强制登录 if not self.current_user: if self.request.method in ("GET", "HEAD"): url = self.get_login_url() if "?" not in url: if urlparse.urlsplit(url).scheme: # if login url is absolute, make next absolute too next_url = self.request.full_url() else: next_url = self.request.uri url += "?" + urlencode(dict(next=next_url)) self.redirect(url) return raise tornado.web.HTTPError(403) # 如果是已登录用户,但账号被禁止,强制退出 if self.current_user.deleted == '1': self.redirect(self.reverse_url('logout')) return # 检查微信是否绑定,未绑定跳转到设置页面 if self.request.uri.startswith('/wx'): if 'sp_props' in self.current_user: if not 'wx_type' in self.current_user.sp_props: return self.redirect(self.reverse_url('wx.setting')) # 检查权限 if required_roles: roles = self.current_user.roles.split(',') passed = False for role in roles: if role == 'manager' or role in required_roles: passed = True break if not passed: self.render('403.html') return # if self.current_user.password.lower() == hashlib.md5('123456' + self.current_user.pwd_salt).hexdigest(): # if self.request.uri not in ('/password', '/message/unread'): # return self.redirect(self.reverse_url('password')) return method(self, *args, **kwargs)
def f(self, *args, **kwargs): # self = requestHandler if localAccess and (self.request.remote_ip in ('::1', '127.0.0.1') or \ addressInNetwork(self.request.remote_ip, '192.168.1.0/24')): return method(self, *args, **kwargs) if not self.current_user: if self.request.method in ("GET", "HEAD"): url = self.get_login_url() if "?" not in url: if urlparse.urlsplit(url).scheme: # if login url is absolute, make next absolute too next_url = self.request.full_url() else: next_url = self.request.uri url += "?" + urlencode(dict(next=next_url)) if 'application/json' in self.request.headers.get('Accept'): raise HTTPError(401) else: self.redirect(url) return raise HTTPError(403) return method(self, *args, **kwargs)
def f(self, *args, **kwargs): # self = requestHandler ip = ipaddress.ip_address(self.request.remote_ip) if localAccess and (ip.is_private or ip in ipaddress.ip_network('192.168.1.0/24')): return method(self, *args, **kwargs) if not self.current_user: if self.request.method in ("GET", "HEAD"): url = self.get_login_url() if "?" not in url: if urlparse.urlsplit(url).scheme: # if login url is absolute, make next absolute too next_url = self.request.full_url() else: next_url = self.request.uri url += "?" + urlencode(dict(next=next_url)) if 'application/json' in self.request.headers.get('Accept'): raise HTTPError(401) else: self.redirect(url) return raise HTTPError(403) return method(self, *args, **kwargs)
def wrapper(self, *args, **kwargs): """ @type self BaseHandler """ # 如果没有登录,强制登录 if not self.current_user: if self.request.method in ("GET", "HEAD"): url = self.get_login_url() if "?" not in url: if urlparse.urlsplit(url).scheme: # if login url is absolute, make next absolute too next_url = self.request.full_url() else: next_url = self.request.uri url += "?" + urlencode(dict(next=next_url)) self.redirect(url) return raise tornado.web.HTTPError(403) # 如果1小时内不活跃,强制退出 if (datetime.now() - self.current_user.last_active).total_seconds() >= 60*60: self.redirect(url_concat(self.reverse_url('logout'), {'next': self.request.uri})) return self.db.execute('update operator set last_active=NOW() where id=%s', self.current_user.id) # 检查权限 if required_roles: roles = self.current_user.roles.split(',') passed = False if required_roles == ('developer_mgr',): # 如果标明只有开发主管可以访问,那么真的你需要 developer_mgr 这个角色才能访问 if 'developer_mgr' in roles: passed = True else: for role in roles: if role == 'developer' or role in required_roles: passed = True break if not passed: self.render('403.html') return return method(self, *args, **kwargs)
def test_quote_about(self): quote = Quote( body="test quote 1", author="arion_______") quote.save() response = self.fetch('/admin/quotes/1', headers=self.headers) self.assertIn(b'test quote 1', response.body) self.assertIn(b'arion_______', response.body) response = self.fetch('/admin/quote/%s' % quote.id_no, headers=self.headers) self.assertIn(b'test quote 1', response.body) self.assertIn(b'arion_______', response.body) body = urlencode(dict( quote_body="test quote edit", quote_author="arion______" )) response = self.fetch('/admin/quote/%s' % quote.id_no, method="POST", headers=self.headers, body=body) self.assertIn(b'test quote edit', response.body) self.assertIn(b'arion______', response.body)