def testSessionAcquisition(self):
"""Users belonging to a group should be able to see all the sessions
belonging to the group and the group children
"""
session = Session()
group1 = model.Group(group_id="1")
session.add(group1)
group2 = model.Group(group_id="2")
session.add(group2)
account1 = model.Account(loginname="account1")
session.add(account1)
account1.group = group1
group2.parent = group1
account2 = model.Account(loginname="account2")
session.add(account2)
account2.group = group2
survey1 = model.SurveySession(
account=account1,
group=group1,
zodb_path="1",
)
session.add(survey1)
survey2 = model.SurveySession(
account=account2,
group=group2,
zodb_path="2",
)
session.add(survey2)
session.flush()
self.assertListEqual(account1.sessions, [survey1])
self.assertListEqual(account2.sessions, [survey2])
self.assertListEqual(account1.acquired_sessions, [survey1, survey2])
self.assertListEqual(account2.acquired_sessions, [survey2])
def testAccountGroupsRelationship(self):
session = Session()
group1 = model.Group(group_id="1")
session.add(group1)
session.flush()
account1 = model.Account(loginname="account1")
session.add(account1)
account2 = model.Account(loginname="account2")
session.add(account2)
session.flush()
self.assertEqual(account1.group, None)
account1.group = group1
account2.group = group1
self.assertListEqual(group1.accounts, [account1, account2])
def test_resume_enforce_same_account(self):
from AccessControl.SecurityManagement import getSecurityManager
from AccessControl.SecurityManagement import setSecurityManager
from AccessControl.SecurityManagement import newSecurityManager
from euphorie.client import model
sm = getSecurityManager()
mgr = self.SessionManagerFactory()
victim = model.Account(loginname="test", password=u"test")
attacker = model.Account(loginname="evil", password=u"layer")
session = model.SurveySession(account=victim)
try:
newSecurityManager(None, attacker)
self.assertRaises(ValueError, mgr.resume, session)
finally:
setSecurityManager(sm)
def create_session(self):
with api.env.adopt_user(SITE_OWNER_NAME):
api.content.create(container=self.portal.sectors,
type="euphorie.country",
id="eu")
client_country = api.content.create(container=self.portal.client,
type="euphorie.clientcountry",
id="eu")
client_sector = api.content.create(container=client_country,
type="euphorie.clientsector",
id="sector")
api.content.create(container=client_sector,
type="euphorie.survey",
id="survey")
sqlsession = Session()
account = model.Account(loginname="jane", password="******")
sqlsession.add(account)
session = model.SurveySession(title="Session",
zodb_path="eu/sector/survey",
account=account)
sqlsession.add(session)
sqlsession.flush()
return session
def test_authenticate_login_not_case_sensitive(self):
session = Session()
account = model.Account(loginname="john", password="******")
session.add(account)
plugin = EuphorieAccountPlugin("plugin")
credentials = {"login": "******", "password": "******"}
self.assertTrue(plugin._authenticate_login(credentials) is not None)
def createGuestAccount(self):
account = model.Account(
loginname="guest-%s" % datetime.datetime.now().isoformat(),
account_type=config.GUEST_ACCOUNT,
)
Session().add(account)
return account
def testEnumerateUsers_NoInexactMatch(self):
session = Session()
account = model.Account(loginname='john', password=u'jane')
session.add(account)
plugin = EuphorieAccountPlugin('plugin')
self.assertEqual(
plugin.enumerateUsers(login='******', exact_match=False), [])
def testUnpublishWithActiveSession(self):
"""When a survey gets unpublished, while it's still in an active
session, then WebHelpers.survey_url must return None, not fail.
"""
survey = self.createSurvey()
client_survey = getSite().client.nl.ict['software-development']
request = testRequest()
request.client = client_survey
utils.setRequest(request)
account = model.Account(loginname="jane", password=u"john")
mgr = session.SessionManagerFactory()
mgr.start(u"Test session", client_survey, account)
mgr.session.zodb_path = '/'.join(client_survey.getPhysicalPath())
helpers = utils.WebHelpers(survey, request)
self.assertEqual(
helpers.survey_url(),
client_survey.absolute_url())
self.handleSurveyUnpublish(survey, None)
helpers = utils.WebHelpers(survey, request)
self.assertEqual(
helpers.survey_url(),
None)
def test_authenticate_login_not_case_sensitive(self):
session = Session()
account = model.Account(loginname='john', password=u'jane')
session.add(account)
plugin = EuphorieAccountPlugin('plugin')
credentials = {'login': '******', 'password': u'jane'}
self.assertTrue(plugin._authenticate_login(credentials) is not None)
def createSurvey():
session = Session()
account = model.Account(loginname="jane", password="******")
session.add(account)
survey = model.SurveySession(title="Session", zodb_path="survey", account=account)
session.add(survey)
session.flush()
return (session, survey)
def testCreateUser_ValidAccount(self):
session = Session()
account = model.Account(loginname="john", password="******")
session.add(account)
request = MockRequest(ACTUAL_URL="http://www.example.com/client")
directlyProvides(request, IClientSkinLayer)
plugin = EuphorieAccountPlugin("plugin")
plugin.REQUEST = request
self.assertTrue(plugin.createUser("1", "john") is account)
def addAccount(login="******", password=u"Øle"):
from euphorie.client import CONDITIONS_VERSION
account = model.Account(loginname=login,
password=password,
tc_approved=CONDITIONS_VERSION)
session = Session()
session.add(account)
session.flush()
return account
def test_EnumerateUsers_search_by_id(self):
session = Session()
account = model.Account(loginname='john', password=u'jane')
session.add(account)
plugin = EuphorieAccountPlugin('plugin')
info = plugin.enumerateUsers(id='1', exact_match=True)
self.assertEqual(info, [{'id': '1', 'login': '******'}])
self.assertTrue(isinstance(info[0]['id'], str))
self.assertTrue(isinstance(info[0]['login'], str))
def test_archive_session_view(self):
country = self.portal.client.nl
traversed_session = country.ict["software-development"].restrictedTraverse(
"++session++1"
)
session = traversed_session.session
# Check that an unauthorized user cannot archive it
john = model.Account(loginname="*****@*****.**")
model.Session.add(john)
with api.env.adopt_user(user=john):
with self._get_view("archive-session", traversed_session) as view:
with self.assertRaises(Unauthorized):
view()
# By default, webhelpers.use_archive_feature is False, so the archive
# feature is disabled. Nobody can archive.
with api.env.adopt_user(user=self.account):
with self._get_view("archive-session", traversed_session) as view:
with self.assertRaises(Unauthorized):
view()
# Now, activate the archive feature.
# Check that an authorized user can archive it
with mock.patch(
"euphorie.client.browser.webhelpers.WebHelpers.use_archive_feature",
return_value=True,
):
with api.env.adopt_user(user=self.account):
with self._get_view("archive-session", traversed_session) as view:
traversed_session
self.assertIsNone(session.archived)
view()
# Now the archival date is set
self.assertIsNotNone(session.archived)
# Traversing to the view again,
# archiving the same session is now prevented
with self._get_view(
"archive-session", traversed_session
) as view_again:
with self.assertRaises(Unauthorized):
view_again()
# and we are redirected to the session view...
self.assertDictEqual(
view.request.response.headers,
{
"location": "http://nohost/plone/client/nl/ict/software-development/++session++1" # noqa: E501
},
)
# ... or the referer (if specified)
view.request.set("HTTP_REFERER", "http://example.com")
view.redirect()
self.assertDictEqual(
view.request.response.headers,
{"location": "http://example.com"},
)
def setUp(self):
super(BuildSurveyTreeTests, self).setUp()
self.session = Session()
account = model.Account(id=1, loginname="jane", password="******")
self.session.add(account)
self.survey = model.SurveySession(
title="Survey", zodb_path="survey", account=account
)
self.session.add(self.survey)
self.session.flush()
def addAccount(login="******", password="******"):
account = model.Account(
loginname=login,
password=password,
tc_approved=CONDITIONS_VERSION,
)
session = Session()
session.add(account)
session.flush()
return account
def test_EnumerateUsers_search_by_login(self):
session = Session()
account = model.Account(loginname='john', password=u'jane')
session.add(account)
plugin = EuphorieAccountPlugin('plugin')
self.assertEqual(plugin.enumerateUsers(login='******', exact_match=True),
[{
'id': '1',
'login': '******'
}])
def createSurveySession():
sqlsession = Session()
account = model.Account(loginname="jane", password="******")
sqlsession.add(account)
session = model.SurveySession(title="Session",
zodb_path="ict/software-development",
account=account)
sqlsession.add(session)
sqlsession.flush()
return session
def setUp(self):
super(completion_percentage_tests, self).setUp()
self.session = Session()
account = model.Account(loginname="jane", password="******")
self.session.add(account)
self.survey = model.SurveySession(title="Survey",
zodb_path="survey",
account=account)
self.session.add(self.survey)
self.session.flush()
def createSurveySession(self):
self.sqlsession = Session()
account = model.Account(loginname="jane", password="******")
self.sqlsession.add(account)
self.session = model.SurveySession(title="Session",
zodb_path="nl/dining/survey",
account=account)
self.sqlsession.add(self.session)
self.sqlsession.flush()
return self.session
def test_get_group_filter(self):
session = model.SurveySession()
group = model.Group(group_id="foo")
account = model.Account(id=1)
# Note assertFalse will not do what you want on Binary expression
self.assertEqual(str(session.get_group_filter()), "False")
self.assertEqual(str(session.get_group_filter(False)), "False")
self.assertEqual(str(session.get_group_filter(None)), "False")
self.assertEqual(str(session.get_group_filter("")), "False")
self.assertEqual(str(session.get_group_filter([])), "False")
self.assertEqual(str(session.get_group_filter([""])), "False")
self.assertEqual(
str(session.get_group_filter("1")), "session.group_id = :group_id_1"
)
self.assertEqual(
str(session.get_group_filter(1)), "session.group_id = :group_id_1"
)
self.assertEqual(
str(session.get_group_filter(group)),
"session.group_id = :group_id_1",
)
self.assertEqual(
str(session.get_group_filter(["1"])), "session.group_id = :group_id_1"
)
self.assertEqual(
str(session.get_group_filter([1])), "session.group_id = :group_id_1"
)
self.assertEqual(
str(session.get_group_filter([group])),
"session.group_id = :group_id_1",
)
self.assertEqual(
str(session.get_group_filter([group, "2"])),
"session.group_id IN (:group_id_1, :group_id_2)",
)
with mock.patch("euphorie.client.model.get_current_account", return_value=None):
self.assertEqual(str(session.get_group_filter(True)), "False")
# The account still does not have a group, so we should have False here
with mock.patch(
"euphorie.client.model.get_current_account", return_value=account
):
self.assertEqual(str(session.get_group_filter(True)), "False")
account.group_id = "foo"
with mock.patch(
"euphorie.client.model.get_current_account", return_value=account
):
self.assertEqual(
str(session.get_group_filter(True)),
"session.group_id = :group_id_1",
)
with self.assertRaises(TypeError):
session.get_group_filter(session)
def setUp(self):
from z3c.saconfig import Session
super(BuildSurveyTreeTests, self).setUp()
self.session = Session()
account = model.Account(loginname=u"jane", password=u"secret")
self.session.add(account)
self.survey = model.SurveySession(title=u"Survey",
zodb_path="survey",
account=account)
self.session.add(self.survey)
self.session.flush()
def test_keep_sessions_apart(self):
self.createSqlData()
account = model.Account(loginname="john", password="******")
self.session.add(account)
survey2 = model.SurveySession(title="Survey",
zodb_path="survey",
account=account)
self.session.add(survey2)
self.session.flush()
zodb_path = ["1"]
result = self.find_sql_context(survey2.id, zodb_path)
self.assertTrue(result is None)
def test_keep_sessions_apart(self):
self.createSqlData()
account = model.Account(loginname=u'john', password=u'jane')
self.session.add(account)
survey2 = model.SurveySession(title=u'Survey',
zodb_path='survey',
account=account)
self.session.add(survey2)
self.session.flush()
zodb_path = ['1']
result = self.find_sql_context(survey2.id, zodb_path)
self.failUnless(result is None)
def test_EnumerateUsers_search_by_login_and_id(self):
session = Session()
account = model.Account(loginname="john", password="******")
session.add(account)
request = MockRequest(ACTUAL_URL="http://www.example.com/client")
directlyProvides(request, IClientSkinLayer)
plugin = EuphorieAccountPlugin("plugin")
plugin.REQUEST = request
self.assertEqual(
plugin.enumerateUsers(id="1", login="******", exact_match=True),
[{"id": "1", "login": "******"}],
)
def setUp(self):
super(AddToTreeTests, self).setUp()
self.session = Session()
account = model.Account(id=1, loginname="jane", password="******")
self.session.add(account)
self.survey = model.SurveySession(
title="Survey", zodb_path="survey", account=account
)
self.session.add(self.survey)
self.session.flush()
self.root = self.survey.addChild(
model.Module(title="test session", module_id="1", zodb_path="1")
)
def _tryRegistration(self):
reply = self.request.form
loginname = reply.get("email")
if not loginname:
self.errors["email"] = _(
"error_missing_email",
default=u"Please enter your email address")
elif not EMAIL_RE.match(loginname):
self.errors["email"] = _(
"error_invalid_email",
default=u"Please enter a valid email address")
if not reply.get("password1"):
self.errors["password"] = _("error_missing_password",
default=u"Please enter a password")
elif reply.get("password1") != reply.get("password2"):
self.errors["password"] = _("error_password_mismatch",
default=u"Passwords do not match")
if self.errors:
return False
session = Session()
loginname = loginname.lower()
account = session.query(model.Account)\
.filter(model.Account.loginname == loginname).count()
if account:
self.errors["email"] = _(
"error_email_in_use",
default=u"An account with this email address already exists.")
return False
pm = getToolByName(self.context, "portal_membership")
if pm.getMemberById(loginname) is not None:
self.errors["email"] = _(
"error_email_in_use",
default=u"An account with this email address already exists.")
return False
guest_session_id = self.request.form.get('guest_session_id')
if guest_session_id:
account = getSecurityManager().getUser()
account.loginname = loginname
account.password = reply.get("password1")
account.account_type = config.CONVERTED_ACCOUNT
else:
account = model.Account(loginname=loginname,
password=reply.get("password1"))
Session().add(account)
log.info("Registered new account %s", loginname)
v_url = urlparse.urlsplit(self.url() + '/success').path
trigger_extra_pageview(self.request, v_url)
return account
def createSqlData(self):
self.session = Session()
account = model.Account(loginname="jane", password="******")
self.session.add(account)
self.survey = model.SurveySession(title="Survey",
zodb_path="survey",
account=account)
self.session.add(self.survey)
self.session.flush()
self.mod1 = self.survey.addChild(
model.Module(title="module 1", module_id="1", zodb_path="a"))
self.q1 = self.mod1.addChild(
model.Risk(title="question 1", risk_id="1", zodb_path="a/b"))
self.session.flush()
def testAccountGroupsHierarchy(self):
session = Session()
group1 = model.Group(group_id="1")
session.add(group1)
group2 = model.Group(group_id="2")
group2.parent = group1
session.add(group2)
group3 = model.Group(group_id="3")
session.add(group3)
group3.parent = group1
group4 = model.Group(group_id="4")
session.add(group4)
group4.parent = group2
session.flush()
account1 = model.Account(loginname="account1")
session.add(account1)
account1.group = group1
account2 = model.Account(loginname="account2")
session.add(account2)
account2.group = group2
account3 = model.Account(loginname="account3")
session.add(account3)
account3.group = group3
account4 = model.Account(loginname="account4")
session.add(account4)
session.flush()
self.assertListEqual(group1.descendants, [group2, group3, group4])
self.assertListEqual(group2.descendants, [group4])
self.assertListEqual(group3.descendants, [])
self.assertListEqual(account1.groups, [group1, group2, group3, group4])
self.assertListEqual(account2.groups, [group2, group4])
self.assertListEqual(account3.groups, [group3])
self.assertListEqual(account4.groups, [])
self.assertListEqual(group1.parents, [])
self.assertListEqual(group2.parents, [group1])
self.assertListEqual(group3.parents, [group1])
self.assertListEqual(group4.parents, [group2, group1])
def createSqlData(self):
from z3c.saconfig import Session
self.session = Session()
account = model.Account(loginname=u'jane', password=u'secret')
self.session.add(account)
self.survey = model.SurveySession(title=u'Survey',
zodb_path='survey',
account=account)
self.session.add(self.survey)
self.session.flush()
self.mod1 = self.survey.addChild(
model.Module(title=u'module 1', module_id='1', zodb_path='a'))
self.q1 = self.mod1.addChild(
model.Risk(title=u'question 1', risk_id='1', zodb_path='a/b'))
self.session.flush()