def auth_calculate(self, objid=None): CrudBase.auth_calculate(self, objid=objid) # prevent non-super users from editing super users if objid and session_user.is_authenticated: sess_user_obj = orm_User.get(session_user.id) edited_user_obj = orm_User.get(objid) if edited_user_obj and edited_user_obj.super_user and not sess_user_obj.super_user: self.is_authorized = False
def post(self): if self.form.is_valid(): orm_User.get(session_user.id).update_password(self.form.elements.password.value) session_user.reset_required = False session_user.add_message('notice', 'Your password has been changed successfully.') url = after_login_url() if rg.request.url == url_for('auth:ChangePassword') \ else rg.request.url redirect(url) elif self.form.is_submitted(): # form was submitted, but invalid self.form.assign_user_errors() self.default()
def update(cls, oid=None, **kwargs): from compstack.auth.model.orm import User if oid is None: g = cls() db.sess.add(g) else: g = cls.get(oid) for k, v in six.iteritems(kwargs): try: # some values can not be set directly if k in ('assigned_users', 'approved_permissions', 'denied_permissions'): pass else: setattr(g, k, v) except AttributeError: pass g.users = [ User.get(uid) for uid in tolist(kwargs.get('assigned_users', [])) ] db.sess.flush() g.assign_permissions(kwargs.get('approved_permissions', []), kwargs.get('denied_permissions', [])) return g
def test_user_permission_map(self): permissions_approved = [ 'ugp_approved', 'ugp_approved_grp'] # test user perms map perm_map = User.get(self.user.id).permission_map for rec in perm_map: assert rec['resulting_approval'] == (rec['permission_name'] in permissions_approved)
def test_password_changes(self): user = User.get(self.userid) pass_hash = user.pass_hash r = self.c.post('users/profile', data=self.get_to_post()) assert r.status_code == 200, r.status user = User.get(self.userid) assert user.pass_hash == pass_hash topost = self.get_to_post() topost['password'] = '******' topost['password-confirm'] = 'newpass' r = self.c.post('users/profile', data=topost) assert r.status_code == 200, r.status db.sess.expire(user) assert user.pass_hash != pass_hash
def test_login_id_dups(self): user2 = User.get(self.userid2) topost = self.get_to_post() topost['login_id'] = user2.login_id r = self.c.post('users/profile', data=topost) assert r.status_code == 200, r.status assert b'Login Id: that user already exists' in r.data
def test_email_dups(self): user2 = User.get(self.userid2) topost = self.get_to_post() topost['email_address'] = user2.email_address r = self.c.post('users/profile', data=topost) assert r.status_code == 200, r.status assert b'Email: a user with that email address already exists' in r.data
def test_fields_load(self): """ make sure fields load with data currently in db """ r = self.c.get('users/profile') assert r.status_code == 200, r.status user = User.get(self.userid) assert user.email_address.encode() in r.data assert user.login_id.encode() in r.data r = self.c.post('users/profile', data=self.get_to_post()) assert r.status_code == 200, r.status user = User.get(self.userid) assert user.email_address.encode() in r.data assert user.login_id.encode() in r.data assert b'usersfirstname' in r.data assert b'userslastname' in r.data assert b'profile updated succesfully' in r.data
def test_perm_changes(self): p1 = Permission.get_by(name=u'prof-test-1').id p2 = Permission.get_by(name=u'prof-test-2').id # add user to group user = User.get(self.userid) gp = Group.add_iu(name=u'test-group', approved_permissions=[], denied_permissions=[], assigned_users=[user.id]).id r = self.c.post('users/profile', data=self.get_to_post()) assert r.status_code == 200, r.status user = User.get(self.userid) approved, denied = user.assigned_permission_ids assert p1 in approved assert p2 in denied assert gp in [g.id for g in user.groups]
def get_to_post(self): user = User.get(self.userid) topost = { 'name_first': 'usersfirstname', 'name_last': 'userslastname', 'login_id': user.login_id, 'email_address': user.email_address, 'user-profile-form-submit-flag': 'submitted' } return topost
def test_non_existing_id(self): non_existing_id = 9999 while User.get(non_existing_id): non_existing_id += 1000 req, resp = self.c.get('users/edit/%s' % non_existing_id, follow_redirects=True) assert req.url.endswith('/users/edit/%s' % non_existing_id), req.url assert resp.status_code == 404, resp.status req, resp = self.c.get('users/delete/%s' % non_existing_id, follow_redirects=True) assert req.url.endswith('users/delete/%s' % non_existing_id), req.url assert resp.status_code == 404, resp.status
def test_loginid_unique(self): user = User.get(self.userid) topost = { 'login_id': user.login_id, 'password': '******', 'email_address': '*****@*****.**', 'password-confirm': 'testtest', 'user-submit-flag': 'submitted', 'inactive_flag': False, 'inactive_date': '', 'name_first': '', 'name_last': '' } r = self.c.post('users/add', data=topost) assert r.status_code == 200, r.status assert b'Login Id: that user already exists' in r.data
def test_user_permission_map_groups(self): # test group perms map perm_map = User.get(self.user.id).permission_map_groups assert not Permission.get_by(name=u'ugp_approved').id in perm_map assert not Permission.get_by(name=u'ugp_not_approved').id in perm_map assert len(perm_map[self.perm_approved_grp.id]['approved']) == 1 assert perm_map[self.perm_approved_grp.id]['approved'][0]['id'] == self.g1.id assert len(perm_map[self.perm_approved_grp.id]['denied']) == 0 assert len(perm_map[self.perm_denied.id]['approved']) == 1 assert perm_map[self.perm_denied.id]['approved'][0]['id'] == self.g1.id assert len(perm_map[self.perm_denied.id]['denied']) == 0 assert len(perm_map[self.perm_denied_grp.id]['approved']) == 1 assert perm_map[self.perm_denied_grp.id]['approved'][0]['id'] == self.g1.id assert len(perm_map[self.perm_denied_grp.id]['denied']) == 1 assert perm_map[self.perm_denied_grp.id]['denied'][0]['id'] == self.g2.id
def validate_password(self, value): dbobj = orm_User.get(user.id) if not dbobj.validate_password(value): raise ValueInvalid('incorrect password') return value
def default(self, objid): dbuser = orm_User.get(objid) self.assign('dbuser', dbuser) self.assign('result', dbuser.permission_map) self.assign('permgroups', dbuser.permission_map_groups) self.render_template()
def auth_post(self): self.objid = session_user.id self.objinst = orm_User.get(self.objid) self.form.set_defaults(self.objinst.to_dict())