def testGetAdminByUsername(self): """Test if getting by email works as intended.""" # The email should not exist initially. self.assertIsNone(models.AdminUser.get_by_email(self.FAKE_ADMIN_EMAIL)) admin_user = models.AdminUser() admin_user.email = self.FAKE_ADMIN_EMAIL admin_user.set_password(self.FAKE_ADMIN_PASSWORD) admin_user.save() self.assertIsNotNone( models.AdminUser.get_by_email(self.FAKE_ADMIN_EMAIL)) self.assertEquals(models.AdminUser.get_by_email(self.FAKE_ADMIN_EMAIL), admin_user) admin_user_2 = models.AdminUser() admin_user_2.email = self.FAKE_ADMIN_EMAIL_2 admin_user_2.set_password(self.FAKE_ADMIN_PASSWORD) admin_user_2.save() self.assertIsNotNone( models.AdminUser.get_by_email(self.FAKE_ADMIN_EMAIL_2)) self.assertEquals( models.AdminUser.get_by_email(self.FAKE_ADMIN_EMAIL_2), admin_user_2) admin_user.delete() self.assertIsNone(models.AdminUser.get_by_email(self.FAKE_ADMIN_EMAIL))
def setup_admin(): """Create the first admin in the system from the setup page. Returns: A json message indicating a redirect to login if successful. """ config = ufo.get_user_config() if config.isConfigured: flask.abort(403, ufo.get_json_message('cantSetAdminAfterInitialSetupError')) admin_email = flask.request.form.get('admin_email', None) admin_password = flask.request.form.get('admin_password', None) if admin_email is None or admin_password is None: flask.abort(403, ufo.get_json_message('noAdministratorError')) admin_user = models.AdminUser(email=admin_email) admin_user.set_password(admin_password) admin_user.save() config.isConfigured = True config.should_show_recaptcha = False config.save() response_json = json.dumps(({'shouldRedirect': True})) return flask.Response(ufo.XSSI_PREFIX + response_json, headers=ufo.JSON_HEADERS)
def setup_auth(self): """Sets up a user in the database and in the current session.""" user = models.AdminUser() user.email = FAKE_ADMIN_EMAIL user.set_password(FAKE_ADMIN_PASSWORD) user.save() with self.client as c: with c.session_transaction() as sess: sess['email'] = FAKE_ADMIN_EMAIL
def testAdminUserToDict(self): """Whether the necessary fields match in a dictionary representation.""" admin_user = models.AdminUser() admin_user.email = self.FAKE_ADMIN_EMAIL admin_user.set_password(self.FAKE_ADMIN_PASSWORD) admin_user.save() admin_dict = admin_user.to_dict() self.assertEqual(admin_dict['id'], admin_user.id) self.assertEqual(admin_dict['email'], admin_user.email) self.assertNotIn('password', admin_dict)
def add_admin(): """Stores new admin in the database on post. Returns: A redirect to the admin_list handler after inserting the specified admin. """ admin_email = flask.request.form.get('admin_email', None) admin_password = flask.request.form.get('admin_password', None) if admin_email is not None or admin_password is not None: admin_user = models.AdminUser(email=json.loads(admin_email)) admin_user.set_password(json.loads(admin_password)) try: admin_user.save() except custom_exceptions.UnableToSaveToDB as e: flask.abort(e.code, e.message) return flask.redirect(flask.url_for('admin_list'))
def testAdminPassword(self): """Test that setting password and comparing works.""" other_password = '******' self.assertNotEqual(other_password, self.FAKE_ADMIN_PASSWORD) admin_user = models.AdminUser() admin_user.email = self.FAKE_ADMIN_EMAIL admin_user.set_password(self.FAKE_ADMIN_PASSWORD) admin_user.save() self.assertTrue( admin_user.does_password_match(self.FAKE_ADMIN_PASSWORD)) self.assertFalse(admin_user.does_password_match(other_password)) admin_user.set_password(other_password) admin_user.save() self.assertTrue(admin_user.does_password_match(other_password)) self.assertFalse( admin_user.does_password_match(self.FAKE_ADMIN_PASSWORD))
def setup(): """Handle showing the user the setup page and processing the response. Returns: On get: a rendered setup page template with appropriate resources passed in. On post: a rendered setup page template with the error set in event of a known error, a 403 flask.abort in the event of a FlowExchangeError during oauth, or a redirect back to get the setup page on success. """ config = ufo.get_user_config() flow = oauth.getOauthFlow() oauth_url = flow.step1_get_authorize_url() oauth_resources_dict = _get_oauth_configration_resources_dict( config, oauth_url) if flask.request.method == 'GET': return flask.render_template( 'setup.html', oauth_url=oauth_url, oauth_configuration_resources=json.dumps(oauth_resources_dict)) credentials = None domain = flask.request.form.get('domain', None) if flask.request.form.get('oauth_code', None): try: credentials = flow.step2_exchange(flask.request.form['oauth_code']) except oauth2client.client.FlowExchangeError as e: flask.abort(403) # TODO better error apiClient = credentials.authorize(httplib2.Http()) plusApi = discovery.build(serviceName='plus', version='v1', http=apiClient) adminApi = discovery.build(serviceName='admin', version='directory_v1', http=apiClient) try: profileResult = plusApi.people().get(userId='me').execute() if domain is None or domain != profileResult.get('domain', None): return flask.render_template( 'setup.html', error=DOMAIN_INVALID_TEXT, oauth_configuration_resources=json.dumps( oauth_resources_dict)) user_id = profileResult['id'] userResult = adminApi.users().get(userKey=user_id).execute() if not userResult.get('isAdmin', False): return flask.render_template( 'setup.html', error=NON_ADMIN_TEXT, oauth_configuration_resources=json.dumps( oauth_resources_dict)) except Exception as e: ufo.app.logger.error(e, exc_info=True) return flask.render_template( 'setup.html', error=str(e), oauth_configuration_resources=json.dumps(oauth_resources_dict)) if not config.isConfigured: admin_email = flask.request.form.get('admin_email', None) admin_password = flask.request.form.get('admin_password', None) if admin_email is None or admin_password is None: return flask.render_template( 'setup.html', error=NO_ADMINISTRATOR, oauth_configuration_resources=json.dumps(oauth_resources_dict)) admin_user = models.AdminUser(email=admin_email) admin_user.set_password(admin_password) admin_user.save() # if credentials were set above, moved down here to give us a chance to error # out of admin user and password, could be moved inline with proper form # validation for that (we also don't want to create a user if another step # is going to fail) if credentials is not None: config.credentials = credentials.to_json() config.domain = domain flask.session['domain'] = domain config.isConfigured = True config.should_show_recaptcha = False config.save() return flask.redirect(flask.url_for('setup'))