class PasswordCollectionRESTView(object):
def __init__(self, request):
self.request = request
self.passwords_manager = PasswordsManager(request.db)
@view_config(request_method='OPTIONS', renderer='string')
def options(self):
headers = self.request.response.headers
headers['Access-Control-Allow-Methods'] = 'GET, POST'
headers['Access-Control-Allow-Headers'] = ('Origin, Content-Type, '
'Accept, Authorization')
return ''
@view_config(request_method='GET')
def get(self):
user = authorize_user(self.request)
return list(self.passwords_manager.retrieve(user))
@view_config(request_method='POST')
def post(self):
user = authorize_user(self.request)
password, errors = validate_password(self.request.body,
self.request.charset)
if errors:
result = {'message': ','.join(errors)}
return HTTPBadRequest(body=json.dumps(result),
content_type='application/json')
return self.passwords_manager.create(user, password)
def destroy(request):
schema = AccountDestroySchema()
button1 = Button('submit', _('Yes, I am sure. Destroy my account'))
button1.css_class = 'btn-danger'
button2 = Button('cancel', _('Cancel'))
button2.css_class = ''
form = Form(schema, buttons=(button1, button2))
passwords_manager = PasswordsManager(request.db)
context = {
'passwords': passwords_manager.retrieve(request.user).count(),
}
if 'submit' in request.POST:
controls = request.POST.items()
try:
appstruct = form.validate(controls)
except ValidationFailure as e:
context['form'] = e.render()
return context
reason = appstruct['reason']
admin_emails = request.registry.settings['admin_emails']
if admin_emails:
notify_admins_of_account_removal(request, request.user,
reason, admin_emails)
passwords_manager.delete(request.user)
# TODO: remove user's applications
delete_user(request.db, request.user)
request.session.flash(
_('Your account has been removed. Have a nice day!'),
'success',
)
return logout(request)
elif 'cancel' in request.POST:
request.session.flash(
_('Thanks for reconsidering removing your account!'),
'info',
)
return HTTPFound(location=request.route_path('user_information'))
context['form'] = form.render()
return context
def setUp(self):
self.config = testing.setUp()
mdb = MongoDB(MONGO_URI)
self.db = mdb.get_database()
self.pm = PasswordsManager(self.db)
self.user_id = self.db.users.insert({'name': 'John'}, safe=True)
self.user = self.db.users.find_one({'_id': self.user_id}, safe=True)
def backups_import(request):
response = HTTPFound(location=request.route_path('backups_index'))
if 'passwords-file' in request.POST:
passwords_field = request.POST['passwords-file']
if passwords_field != '':
try:
json_data = uncompress(passwords_field.file.read())
passwords_manager = PasswordsManager(request.db)
passwords_manager.delete(request.user)
passwords_manager.create(request.user, json_data)
except (IOError, ValueError):
request.session.flash(
_('There was a problem reading your passwords file'),
'error')
return response
n_passwords = len(json_data)
localizer = get_localizer(request)
msg = localizer.pluralize(
_('Congratulations, ${n_passwords} password has been imported'),
_('Congratulations, ${n_passwords} passwords have been imported'),
n_passwords,
domain=translation_domain,
mapping={'n_passwords': n_passwords},
)
request.session.flash(msg, 'success')
else:
request.session.flash(
_('The passwords file is required to upload the passwords'),
'error')
return response
else:
request.session.flash(
_('The passwords file is required to upload the passwords'),
'error')
return response
return response
class PasswordsManagerTests(unittest.TestCase):
def setUp(self):
self.config = testing.setUp()
mdb = MongoDB(MONGO_URI)
self.db = mdb.get_database()
self.pm = PasswordsManager(self.db)
self.user_id = self.db.users.insert({'name': 'John'}, safe=True)
self.user = self.db.users.find_one({'_id': self.user_id}, safe=True)
def tearDown(self):
testing.tearDown()
self.db.drop_collection('users')
self.db.drop_collection('passwords')
def test_create(self):
n_passwords = self.db.passwords.count()
password = {'secret': 'secret1'}
created_password = self.pm.create(self.user, password)
self.assertEqual(created_password['owner'], self.user_id)
self.assertTrue('_id' in created_password)
self.assertEqual(n_passwords + 1, self.db.passwords.count())
def test_retrieve(self):
p1 = self.db.passwords.insert({
'secret': 'secret1',
'owner': self.user_id,
}, safe=True)
password = self.pm.retrieve(self.user, p1)
self.assertEqual(password, {
'secret': 'secret1',
'owner': self.user_id,
'_id': p1,
})
p2 = self.db.passwords.insert({
'secret': 'secret2',
'owner': self.user_id,
}, safe=True)
passwords = self.pm.retrieve(self.user)
self.assertEqual(list(passwords), [{
'secret': 'secret1',
'owner': self.user_id,
'_id': p1,
}, {
'secret': 'secret2',
'owner': self.user_id,
'_id': p2,
}])
def test_update(self):
p1 = self.db.passwords.insert({
'secret': 'secret1',
'owner': self.user_id,
}, safe=True)
new_password = {'secret': 'new secret'}
updated_password = self.pm.update(self.user, p1, new_password)
self.assertEqual(updated_password, {
'_id': p1,
'owner': self.user_id,
'secret': 'new secret',
})
fake_user = {'_id': '000000000000000000000000'}
new_password['secret'] = 'another secret'
updated_password = self.pm.update(fake_user, p1, new_password)
self.assertEqual(None, updated_password)
def test_delete(self):
p1 = self.db.passwords.insert({
'secret': 'secret1',
'owner': self.user_id,
}, safe=True)
n_passwords = self.db.passwords.count()
self.assertTrue(self.pm.delete(self.user, p1))
self.assertEqual(n_passwords - 1, self.db.passwords.count())
password = self.db.passwords.find_one({'_id': p1}, safe=True)
self.assertEqual(None, password)
p1 = self.db.passwords.insert({
'secret': 'secret1',
'owner': self.user_id,
}, safe=True)
p2 = self.db.passwords.insert({
'secret': 'secret2',
'owner': self.user_id,
}, safe=True)
n_passwords = self.db.passwords.count()
self.assertTrue(self.pm.delete(self.user))
self.assertEqual(n_passwords - 2, self.db.passwords.count())
password1 = self.db.passwords.find_one({'_id': p1}, safe=True)
self.assertEqual(None, password1)
password2 = self.db.passwords.find_one({'_id': p2}, safe=True)
self.assertEqual(None, password2)
def __init__(self, request):
self.request = request
self.passwords_manager = PasswordsManager(request.db)
self.password_id = self.request.matchdict['password']
class PasswordRESTView(object):
def __init__(self, request):
self.request = request
self.passwords_manager = PasswordsManager(request.db)
self.password_id = self.request.matchdict['password']
@view_config(request_method='OPTIONS', renderer='string')
def options(self):
headers = self.request.response.headers
headers['Access-Control-Allow-Methods'] = 'GET, PUT, DELETE'
headers['Access-Control-Allow-Headers'] = ('Origin, Content-Type, '
'Accept, Authorization')
return ''
@view_config(request_method='GET')
@protected_method(['read-passwords'])
def get(self):
try:
_id = bson.ObjectId(self.password_id)
except bson.errors.InvalidId:
return invalid_password_id()
password = self.passwords_manager.retrieve(self.request.user, _id)
if password is None:
return password_not_found()
else:
password['id'] = password['_id']
return {'password': password}
@view_config(request_method='PUT')
@protected_method(['write-passwords'])
def put(self):
try:
_id = bson.ObjectId(self.password_id)
except bson.errors.InvalidId:
return invalid_password_id()
password, errors = validate_password(self.request.body,
self.request.charset,
_id)
if errors:
result = {'message': ','.join(errors)}
return HTTPBadRequest(body=json.dumps(result),
content_type='application/json')
result = self.passwords_manager.update(self.request.user, _id,
password)
if result is None:
return password_not_found()
else:
result['id'] = result['_id']
return {'password': result}
@view_config(request_method='DELETE')
@protected_method(['write-passwords'])
def delete(self):
try:
_id = bson.ObjectId(self.password_id)
except bson.errors.InvalidId:
return invalid_password_id()
if self.passwords_manager.delete(self.request.user, _id):
return {'password': {'id': _id}}
else:
return password_not_found()
def __init__(self, request):
self.request = request
self.passwords_manager = PasswordsManager(request.db)
def get_user_passwords(db, user):
passwords_manager = PasswordsManager(db)
return [remove_attrs(password, 'owner', '_id')
for password in passwords_manager.retrieve(user)]
class PasswordsManagerTests(unittest.TestCase):
def setUp(self):
self.config = testing.setUp()
mdb = MongoDB(MONGO_URI)
self.db = mdb.get_database()
self.pm = PasswordsManager(self.db)
self.user_id = self.db.users.insert({'name': 'John'})
self.user = self.db.users.find_one({'_id': self.user_id})
def tearDown(self):
testing.tearDown()
clean_db(self.db)
def test_create(self):
n_passwords = self.db.passwords.count()
result = self.pm.create(self.user, {})
self.assertEqual(result, None)
self.assertEqual(n_passwords, self.db.passwords.count())
password = {'secret': 'secret1'}
created_password = self.pm.create(self.user, password)
self.assertEqual(created_password['owner'], self.user_id)
self.assertTrue('_id' in created_password)
self.assertEqual(n_passwords + 1, self.db.passwords.count())
result = self.pm.create(self.user, [])
self.assertEqual(result, None)
self.assertEqual(n_passwords + 1, self.db.passwords.count())
result = self.pm.create(self.user, [{}])
self.assertEqual(result, None)
self.assertEqual(n_passwords + 1, self.db.passwords.count())
passwords = [{
'secret1': 'abc',
}, {
'secret2': 'def',
}, {
'secret3': 'ghi',
}]
created_passwords = self.pm.create(self.user, passwords)
self.assertEqual(created_passwords[0]['owner'], self.user_id)
self.assertEqual(created_passwords[1]['owner'], self.user_id)
self.assertEqual(created_passwords[2]['owner'], self.user_id)
self.assertTrue('_id' in created_passwords[0])
self.assertTrue('_id' in created_passwords[1])
self.assertTrue('_id' in created_passwords[2])
self.assertEqual(n_passwords + 4, self.db.passwords.count())
def test_retrieve(self):
p1 = self.db.passwords.insert({
'secret': 'secret1',
'owner': self.user_id,
})
password = self.pm.retrieve(self.user, p1)
self.assertEqual(password, {
'secret': 'secret1',
'owner': self.user_id,
'_id': p1,
})
p2 = self.db.passwords.insert({
'secret': 'secret2',
'owner': self.user_id,
})
passwords = self.pm.retrieve(self.user)
self.assertEqual(list(passwords), [{
'secret': 'secret1',
'owner': self.user_id,
'_id': p1,
}, {
'secret': 'secret2',
'owner': self.user_id,
'_id': p2,
}])
def test_update(self):
p1 = self.db.passwords.insert({
'secret': 'secret1',
'owner': self.user_id,
})
new_password = {'secret': 'new secret'}
updated_password = self.pm.update(self.user, p1, new_password)
self.assertEqual(updated_password, {
'_id': p1,
'owner': self.user_id,
'secret': 'new secret',
})
fake_user = {'_id': '000000000000000000000000'}
new_password['secret'] = 'another secret'
updated_password = self.pm.update(fake_user, p1, new_password)
self.assertEqual(None, updated_password)
def test_delete(self):
p1 = self.db.passwords.insert({
'secret': 'secret1',
'owner': self.user_id,
})
n_passwords = self.db.passwords.count()
self.assertTrue(self.pm.delete(self.user, p1))
self.assertEqual(n_passwords - 1, self.db.passwords.count())
password = self.db.passwords.find_one({'_id': p1})
self.assertEqual(None, password)
p1 = self.db.passwords.insert({
'secret': 'secret1',
'owner': self.user_id,
})
p2 = self.db.passwords.insert({
'secret': 'secret2',
'owner': self.user_id,
})
n_passwords = self.db.passwords.count()
self.assertTrue(self.pm.delete(self.user))
self.assertEqual(n_passwords - 2, self.db.passwords.count())
password1 = self.db.passwords.find_one({'_id': p1})
self.assertEqual(None, password1)
password2 = self.db.passwords.find_one({'_id': p2})
self.assertEqual(None, password2)
