def test_joins(self): # Create some items so that we get a valid query (otherwise the query would be empty as django-guardian # would discover that the user doesn't have permissions to get any items). item = models.ExampleItem() item.name = 'Example' item.enabled = False item.save() subitem = models.ExampleSubItem(parent=item, enabled=True) subitem.save() shortcuts.assign_perm('rest_framework_reactive.view_exampleitem', auth_models.AnonymousUser(), item) shortcuts.assign_perm('rest_framework_reactive.view_examplesubitem', auth_models.AnonymousUser(), subitem) observer = QueryObserver(self.request(views.ExampleSubItemViewSet, parent__enabled=True)) items = observer.evaluate() add_subscriber('test-session', observer.id) self.assertEquals(observer.id, '009955bdb64c21f679a7dfa2f747d6025ffef3185e5e01805662ebe8ca89c1d3') self.assertEquals(len(items), 0) observer_state = observer_models.Observer.objects.get(pk=observer.id) dependencies = observer_state.dependencies.all().values_list('table', flat=True) self.assertIn('rest_framework_reactive_tests_exampleitem', dependencies) self.assertIn('rest_framework_reactive_tests_examplesubitem', dependencies)
def get_user(request): try: user_id = request.session[auth.SESSION_KEY] backend_path = request.session[auth.BACKEND_SESSION_KEY] backend = auth.load_backend(backend_path) backend.request = request user = backend.get_user(user_id) or models.AnonymousUser() except KeyError: user = models.AnonymousUser() return user
def test_order(self): observer = pool.observe_viewset(self.request(views.ExampleItemViewSet, ordering='name'), 'test-subscriber') items = observer.evaluate() self.assertEquals(len(items), 0) item = models.ExampleItem() item.name = 'D' item.enabled = False item.save() shortcuts.assign_perm('rest_framework_reactive.view_exampleitem', auth_models.AnonymousUser(), item) added, changed, removed = observer.evaluate(return_emitted=True) self.assertEquals(len(added), 1) self.assertEquals(added[0], {'id': item.pk, 'name': item.name, 'enabled': item.enabled}) self.assertEquals(added[0]._order, 0) self.assertEquals(len(changed), 0) self.assertEquals(len(removed), 0) item2 = models.ExampleItem() item2.name = 'A' item2.enabled = True item2.save() shortcuts.assign_perm('rest_framework_reactive.view_exampleitem', auth_models.AnonymousUser(), item2) added, changed, removed = observer.evaluate(return_emitted=True) self.assertEquals(len(added), 1) self.assertEquals(added[0], {'id': item2.pk, 'name': item2.name, 'enabled': item2.enabled}) self.assertEquals(added[0]._order, 0) # Check that the first item has changed, because its order has changed. self.assertEquals(len(changed), 1) self.assertEquals(changed[0], {'id': item.pk, 'name': item.name, 'enabled': item.enabled}) self.assertEquals(changed[0]._order, 1) self.assertEquals(len(removed), 0) item3 = models.ExampleItem() item3.name = 'C' item3.enabled = True item3.save() shortcuts.assign_perm('rest_framework_reactive.view_exampleitem', auth_models.AnonymousUser(), item3) added, changed, removed = observer.evaluate(return_emitted=True) self.assertEquals(len(added), 1) self.assertEquals(added[0], {'id': item3.pk, 'name': item3.name, 'enabled': item3.enabled}) self.assertEquals(added[0]._order, 1) self.assertEquals(len(changed), 1) self.assertEquals(changed[0], {'id': item.pk, 'name': item.name, 'enabled': item.enabled}) self.assertEquals(changed[0]._order, 2) self.assertEquals(len(removed), 0)
def get_request_and_strategy(self, auth_entry=None, redirect_uri=None): """Gets a fully-configured request and strategy. These two objects contain circular references, so we create them together. The references themselves are a mixture of normal __init__ stuff and monkey-patching done by python-social-auth. See, for example, social.apps.django_apps.utils.strategy(). """ request = self.request_factory.get( pipeline.get_complete_url(self.backend_name) + '?redirect_state=redirect_state_value&code=code_value&state=state_value' ) request.user = auth_models.AnonymousUser() request.session = cache.SessionStore() request.session[self.backend_name + '_state'] = 'state_value' if auth_entry: request.session[pipeline.AUTH_ENTRY_KEY] = auth_entry strategy = social_utils.load_strategy(request=request) request.social_strategy = strategy request.backend = social_utils.load_backend(strategy, self.backend_name, redirect_uri) return request, strategy
def show_review(request, review_id=None): """ View a review for a product. If no review_id is given, a page for selecting the review to show is displayed. If no product_id is given, a page for selecting the product is displayed. """ if review_id is None: return redirect("product-reviews") review_mgr = reviews.models.Review.objects if (request.session.get(settings.MASTER_WRITE_KEY, 0) > time.time() - settings.WRITE_BIND_TIME): # Tie reads to the master reviews database. review_mgr = review_mgr.db_manager("reviews") try: review = review_mgr.get(id=review_id) except reviews.models.Review.DoesNotExist: return http.HttpResponseNotFound( loader.render_to_string("reviews/missing.html", context_instance=RequestContext(request))) if review.author_id == -1: user = auth_models.AnonymousUser() else: user = auth_models.User.objects.get(id=review.author_id) product = products.models.Product.objects.get(id=review.product_id) data = { "title": "Reviews", "product": product, "review": review, "reviewer": user, } return render_to_response("reviews/review.html", data, RequestContext(request))
def show_review(request, review_id=None): """ View a review for a product. If no review_id is given, a page for selecting the review to show is displayed. If no product_id is given, a page for selecting the product is displayed. """ if review_id is None: return redirect("product-reviews") alias = "reviews-%d" % reviews.models.get_db_for_id(review_id) try: review = reviews.models.Review.objects.using(alias).get(id=review_id) except reviews.models.Review.DoesNotExist: return http.HttpResponseNotFound( loader.render_to_string("reviews/missing.html", context_instance=RequestContext(request))) if review.author_id == -1: user = auth_models.AnonymousUser() else: user = auth_models.User.objects.get(id=review.author_id) product = products.models.Product.objects.get(id=review.product_id) data = { "title": "Reviews", "product": product, "review": review, "reviewer": user, } return render_to_response("reviews/review.html", data, RequestContext(request))
def test_conditions(self): observer = QueryObserver(self.request(views.ExampleItemViewSet, enabled=True)) items = observer.evaluate() add_subscriber('test-session', observer.id) self.assertEquals(observer.id, '0c2544b340aeb1919180ee6898a8e117de76b4a09dcedff7d6d172f3caa677c2') self.assertEquals(len(items), 0) item = models.ExampleItem() item.name = 'Example' item.enabled = False item.save() shortcuts.assign_perm('rest_framework_reactive.view_exampleitem', auth_models.AnonymousUser(), item) added, changed, removed = observer.evaluate(return_emitted=True) self.assertEquals(len(added), 0) self.assertEquals(len(changed), 0) self.assertEquals(len(removed), 0) item.enabled = True item.save() added, changed, removed = observer.evaluate(return_emitted=True) self.assertEquals(len(added), 1) self.assertEquals(added[0]['data'], {'id': item.pk, 'name': item.name, 'enabled': item.enabled}) self.assertEquals(len(changed), 0) self.assertEquals(len(removed), 0)
def test_get_credentials_anon_user(self): request = self.factory.get('oauth2/oauth2authorize', data={'return_url': '/return_endpoint'}) request.session = self.session request.user = django_models.AnonymousUser() oauth2 = googleoauth2django.UserOAuth2(request) self.assertIsNone(oauth2.credentials)
def get_user(request): try: user_id = request.session[auth.SESSION_KEY] backend_path = request.session[auth.BACKEND_SESSION_KEY] backend = auth.load_backend(backend_path) backend.request = request #LOG.info(" into try xxx before user = backend.get_user(user_id) or models.AnonymousUser()") user = backend.get_user(user_id) or models.AnonymousUser() #LOG.info(user) except KeyError: #LOG.info(" into except KeyError xxx before user = models.AnonymousUser()") user = models.AnonymousUser() #LOG.info(user) return user
def test_aggregations(self): item = models.ExampleItem() item.name = 'Example' item.enabled = False item.save() m2m_item = models.ExampleM2MItem() m2m_item.save() shortcuts.assign_perm( 'rest_framework_reactive.view_exampleitem', auth_models.AnonymousUser(), item, ) observer = QueryObserver( request(views.AggregationTestViewSet, items=[m2m_item.pk])) observer.subscribe( 'test-session', dependencies=[ models.ExampleItem, models.ExampleM2MItem.items.through ], ) # There should be a dependency on the intermediate table. observer_state = observer_models.Observer.objects.get(pk=observer.id) dependencies = observer_state.dependencies.all().values_list('table', flat=True) self.assertIn('drfr_test_app_examplem2mitem_items', dependencies)
def test_login_required_permission_denied(self): @decorators.login_required def wrapped(info): """Decorated function""" with self.assertRaises(exceptions.PermissionDenied): wrapped(info_mock(models.AnonymousUser()))
def test_edit_request__unauth(self): """Should refuse""" request = factory.patch('/80001') request.user = auth_models.AnonymousUser() view = DummyObjectView(Event.objects.get(pk=80001)) self.assertFalse(ObjectOwnership().has_permission(request, view))
def test_authorize_anonymous_user_redirects_login(self): request = self.factory.get('oauth2/oauth2authorize') request.session = self.session request.user = django_models.AnonymousUser() response = views.oauth2_authorize(request) self.assertIsInstance(response, http.HttpResponseRedirect) # redirects to Django login self.assertIn(django.conf.settings.LOGIN_URL, response.url)
def get(self, request, *args, **kwargs): """ get login page 如果当前用户已经登陆,则跳转到首页 """ if auth.get_user(request) != auth_models.AnonymousUser(): return redirect('index') form = forms.LoginForm() return render(request, 'login.html', {'form': form})
def get(self, request, *args, **kwargs): """ get register page 如果当前用户已经登陆,则直接跳转至首页 """ if auth.get_user(request) != auth_models.AnonymousUser(): return redirect('index') form = forms.RegisterForm() return render(request, 'register.html', {'form': form})
def test_item_serialization(self): item = models.ExampleItem.objects.create(name='Example', enabled=True) shortcuts.assign_perm( 'rest_framework_reactive.view_exampleitem', auth_models.AnonymousUser(), item, ) observer = QueryObserver(request(views.ExampleItemViewSet)) items = observer.subscribe('test-session')
def test_item_serialization(self): item = models.ExampleItem.objects.create(name='Example', enabled=True) shortcuts.assign_perm('rest_framework_reactive.view_exampleitem', auth_models.AnonymousUser(), item) observer = QueryObserver(self.request(views.ExampleItemViewSet)) items = observer.evaluate() add_subscriber('test-session', observer.id) # Ensure items can be serialized into JSON. json.dumps(items)
def test_joins(self): # Create some items so that we get a valid query (otherwise the query would be empty as django-guardian # would discover that the user doesn't have permissions to get any items). item = models.ExampleItem() item.name = 'Example' item.enabled = False item.save() subitem = models.ExampleSubItem(parent=item, enabled=True) subitem.save() shortcuts.assign_perm('rest_framework_reactive.view_exampleitem', auth_models.AnonymousUser(), item) shortcuts.assign_perm('rest_framework_reactive.view_examplesubitem', auth_models.AnonymousUser(), subitem) observer = pool.observe_viewset(self.request(views.ExampleSubItemViewSet, parent__enabled=True), 'test-subscriber') items = observer.evaluate() self.assertEquals(observer.id, '009955bdb64c21f679a7dfa2f747d6025ffef3185e5e01805662ebe8ca89c1d3') self.assertEquals(len(items), 0) self.assertIn(observer, pool._tables['rest_framework_reactive_exampleitem']) self.assertIn(observer, pool._tables['rest_framework_reactive_examplesubitem'])
def test_create_with_anonymous_user(self): """ Don't allow the creation of datasets by anonymouse users. """ with self.assertRaises(ValueError): upload_file = open( 'data/wgEncodeCaltechRnaSeqHuvecR1x75dTh1014IlnaPlusSignalRep2.hitile', 'r') tm.Tileset.objects.create(datafile=dcfu.SimpleUploadedFile( upload_file.name, upload_file.read()), filetype='hitile', owner=dcam.AnonymousUser())
def test_joins(self): # Create some items so that we get a valid query (otherwise the query would be empty as django-guardian # would discover that the user doesn't have permissions to get any items). item = models.ExampleItem() item.name = 'Example' item.enabled = False item.save() subitem = models.ExampleSubItem(parent=item, enabled=True) subitem.save() shortcuts.assign_perm( 'rest_framework_reactive.view_exampleitem', auth_models.AnonymousUser(), item, ) shortcuts.assign_perm( 'rest_framework_reactive.view_examplesubitem', auth_models.AnonymousUser(), subitem, ) observer = QueryObserver( request(views.ExampleSubItemViewSet, parent__enabled=True)) items = observer.subscribe( 'test-session', dependencies=[models.ExampleSubItem, models.ExampleItem]) self.assertEqual( observer.id, '92b1698976bf1e04d155f9c60ac74c054ef872f547a59d771fc3c046998bbba8', ) self.assertEqual(len(items), 0) observer_state = observer_models.Observer.objects.get(pk=observer.id) dependencies = observer_state.dependencies.all().values_list('table', flat=True) self.assertIn('drfr_test_app_exampleitem', dependencies) self.assertIn('drfr_test_app_examplesubitem', dependencies)
def test_redirects_anonymous_to_login(self): request = self.factory.get('/test') request.session = self.session request.user = django_models.AnonymousUser() @decorators.oauth_required def test_view(request): return http.HttpResponse("test") # pragma: NO COVER response = test_view(request) self.assertIsInstance(response, http.HttpResponseRedirect) self.assertEqual(parse.urlparse(response['Location']).path, django.conf.settings.LOGIN_URL)
def user(self, session): from django.contrib import auth from django.contrib.auth import models as auth_models content = session.get_decoded() if auth.SESSION_KEY not in content: return user_id = content[auth.SESSION_KEY] if auth.BACKEND_SESSION_KEY not in content: return backend_class = content[auth.BACKEND_SESSION_KEY] backend = auth.load_backend(backend_class) try: user = backend.get_user(user_id) or auth_models.AnonymousUser() except: user = _('deleted user %r') % user_id return user
def test_already_authenticated(self): @decorators.token_auth def wrapped(root, info, **kwargs): return {} headers = { jwt_settings.JWT_AUTH_HEADER: '{0} {1}'.format(jwt_settings.JWT_AUTH_HEADER_PREFIX, self.token), } info_mock = self.info(models.AnonymousUser(), **headers) result = wrapped(None, info_mock, password='******', username=self.user.get_username()) self.assertNotIn(jwt_settings.JWT_AUTH_HEADER, info_mock.context.get('request').META)
def test_conditions(self): observer = QueryObserver( request(views.ExampleItemViewSet, enabled=True)) items = observer.subscribe('test-session') self.assertEqual( observer.id, '5333b85599fd24ed4e2f7eeaefb599cbbd39894b437e9b9d3b80d5d21639b4bb', ) self.assertEqual(len(items), 0) item = models.ExampleItem() item.name = 'Example' item.enabled = False item.save() shortcuts.assign_perm( 'rest_framework_reactive.view_exampleitem', auth_models.AnonymousUser(), item, ) added, changed, removed = observer._evaluate() self.assertEqual(len(added), 0) self.assertEqual(len(changed), 0) self.assertEqual(len(removed), 0) item.enabled = True item.save() added, changed, removed = observer._evaluate() self.assertEqual(len(added), 1) self.assertEqual( added[0]['data'], { 'id': item.pk, 'name': item.name, 'enabled': item.enabled }, ) self.assertEqual(len(changed), 0) self.assertEqual(len(removed), 0)
def __call__(self, scope: dict): query_string: str = bytes(scope["query_string"]).decode("utf-8") parsed: Dict[str, List[str]] = parse.parse_qs(query_string) user = None if "Bearer" in parsed and len(parsed["Bearer"]) == 1: token: str = parsed["Bearer"][0] payload: dict = decode(token) if payload is not None: try: user = User.objects.get(pk=payload.get("id")) except User.DoesNotExist: pass finally: close_old_connections() user = user or models.AnonymousUser() return self.inner(dict(scope, user=user))
def test_authorize_anonymous_user(self): request = self.factory.get('oauth2/oauth2authorize') request.session = self.session request.user = django_models.AnonymousUser() response = views.oauth2_authorize(request) self.assertIsInstance(response, http.HttpResponseRedirect)
def post(self, request): auth.logout(request) user = auth_models.AnonymousUser() serializer = AuthUserSerializer(instance=user) return Response(serializer.data)
def setUp(self): factory = RequestFactory() self.url = reverse("add-member") self.request = factory.get(self.url) self.request.user = auth_models.AnonymousUser()
def test_observe_viewset(self): # Create a request and an observer for it. observer = QueryObserver(self.request(views.ExampleItemViewSet)) items = observer.evaluate() add_subscriber('test-session', observer.id) self.assertEquals(observer.id, 'fdd1312a8082540528908c32f4a94cac55365ef7acadc8e5ae8d4795cd7b5fa6') self.assertEquals(len(items), 0) # Add an item into the database. item = models.ExampleItem() item.name = 'Example' item.enabled = True item.save() shortcuts.assign_perm('rest_framework_reactive.view_exampleitem', auth_models.AnonymousUser(), item) # Evaluate the observer again (in reality this would be done automatically, triggered by signals # from Django ORM). added, changed, removed = observer.evaluate(return_emitted=True) self.assertEquals(len(added), 1) expected_serialized_item = {'id': item.pk, 'name': item.name, 'enabled': item.enabled} self.assertEquals(added[0]['data'], expected_serialized_item) self.assertEquals(len(changed), 0) self.assertEquals(len(removed), 0) # Change the existing item. item.enabled = False expected_serialized_item['enabled'] = False item.save() added, changed, removed = observer.evaluate(return_emitted=True) self.assertEquals(len(added), 0) self.assertEquals(len(changed), 1) self.assertEquals(changed[0]['data'], expected_serialized_item) self.assertEquals(len(removed), 0) # Remove the first item. item.delete() # Add another two items. item2 = models.ExampleItem() item2.name = 'Example 2' item2.enabled = True item2.save() item3 = models.ExampleItem() item3.name = 'Example 3' item3.enabled = True item3.save() shortcuts.assign_perm('rest_framework_reactive.view_exampleitem', auth_models.AnonymousUser(), item2) shortcuts.assign_perm('rest_framework_reactive.view_exampleitem', auth_models.AnonymousUser(), item3) added, changed, removed = observer.evaluate(return_emitted=True) self.assertEquals(len(added), 2) self.assertEquals(added[0]['data'], {'id': item2.pk, 'name': item2.name, 'enabled': item2.enabled}) self.assertEquals(added[1]['data'], {'id': item3.pk, 'name': item3.name, 'enabled': item3.enabled}) self.assertEquals(len(changed), 0) self.assertEquals(len(removed), 1) self.assertEquals(removed[0]['data'], expected_serialized_item)
def test_order(self): observer = QueryObserver(self.request(views.ExampleItemViewSet, ordering='name')) items = observer.evaluate() add_subscriber('test-session', observer.id) self.assertEquals(len(items), 0) item = models.ExampleItem() item.name = 'D' item.enabled = False item.save() shortcuts.assign_perm('rest_framework_reactive.view_exampleitem', auth_models.AnonymousUser(), item) added, changed, removed = observer.evaluate(return_emitted=True) self.assertEquals(len(added), 1) self.assertEquals(added[0]['data'], {'id': item.pk, 'name': item.name, 'enabled': item.enabled}) self.assertEquals(added[0]['order'], 0) self.assertEquals(len(changed), 0) self.assertEquals(len(removed), 0) item2 = models.ExampleItem() item2.name = 'A' item2.enabled = True item2.save() shortcuts.assign_perm('rest_framework_reactive.view_exampleitem', auth_models.AnonymousUser(), item2) added, changed, removed = observer.evaluate(return_emitted=True) self.assertEquals(len(added), 1) self.assertEquals(added[0]['data'], {'id': item2.pk, 'name': item2.name, 'enabled': item2.enabled}) self.assertEquals(added[0]['order'], 0) # Check that the first item has changed, because its order has changed. self.assertEquals(len(changed), 1) self.assertEquals(changed[0]['data'], {'id': item.pk, 'name': item.name, 'enabled': item.enabled}) self.assertEquals(changed[0]['order'], 1) self.assertEquals(len(removed), 0) item3 = models.ExampleItem() item3.name = 'C' item3.enabled = True item3.save() shortcuts.assign_perm('rest_framework_reactive.view_exampleitem', auth_models.AnonymousUser(), item3) added, changed, removed = observer.evaluate(return_emitted=True) self.assertEquals(len(added), 1) self.assertEquals(added[0]['data'], {'id': item3.pk, 'name': item3.name, 'enabled': item3.enabled}) self.assertEquals(added[0]['order'], 1) self.assertEquals(len(changed), 1) self.assertEquals(changed[0]['data'], {'id': item.pk, 'name': item.name, 'enabled': item.enabled}) self.assertEquals(changed[0]['order'], 2) self.assertEquals(len(removed), 0) # Check order change between two existing items. item.name = 'B' item.save() added, changed, removed = observer.evaluate(return_emitted=True) self.assertEquals(len(added), 0) self.assertEquals(len(changed), 2) self.assertEquals(changed[0]['data'], {'id': item3.pk, 'name': item3.name, 'enabled': item3.enabled}) self.assertEquals(changed[0]['order'], 2) self.assertEquals(changed[1]['data'], {'id': item.pk, 'name': item.name, 'enabled': item.enabled}) self.assertEquals(changed[1]['order'], 1) self.assertEquals(len(removed), 0)