def test_user_matches(app, db, es, test_users): with db.session.begin_nested(): actor = RecordUserActor(name='test', originator=test_users.u1, path='/creator-id') db.session.add(actor) # does not match anyone without a record assert not actor.user_matches(test_users.u1, {'system_roles': [authenticated_user]}) assert not actor.user_matches(test_users.u2, {'system_roles': [authenticated_user]}) assert not actor.user_matches(test_users.u3, {'system_roles': [authenticated_user]}) assert not actor.user_matches(AnonymousUser(), {'system_roles': [any_user]}) # with a record, the correct user should match assert not actor.user_matches(test_users.u1, {'system_roles': [authenticated_user]}, record={'creator-id': [test_users.u2.id]}) assert actor.user_matches(test_users.u2, {'system_roles': [authenticated_user]}, record={'creator-id': [test_users.u2.id]}) assert not actor.user_matches(test_users.u3, {'system_roles': [authenticated_user]}, record={'creator-id': [test_users.u2.id]}) assert not actor.user_matches(AnonymousUser(), {'system_roles': [any_user]}, record={'creator-id': [test_users.u2.id]})
def test_get_elasticsearch_query(app, db, es, test_users): with db.session.begin_nested(): actor = RecordUserActor(name='test', originator=test_users.u1, path='/creator-id') db.session.add(actor) assert Term(_invenio_explicit_acls__user=test_users.u3.id) == \ actor.get_elasticsearch_query(test_users.u3, {'system_roles': [authenticated_user]}) assert actor.get_elasticsearch_query(AnonymousUser(), {'system_roles': [any_user]}) is None
def test_user_matches(app, db, es, test_users): with db.session.begin_nested(): actor = RecordRoleActor(name='test', originator=test_users.u1, path='/roles') db.session.add(actor) assert not actor.user_matches(test_users.u1, {'system_roles': [authenticated_user]}) assert not actor.user_matches(test_users.u2, {'system_roles': [authenticated_user]}) assert not actor.user_matches(test_users.u3, {'system_roles': [authenticated_user]}) assert not actor.user_matches(AnonymousUser(), {'system_roles': [any_user]}) assert actor.user_matches(test_users.u1, {'system_roles': [authenticated_user]}, record={ 'roles': test_users.r1.id }) assert actor.user_matches(test_users.u2, {'system_roles': [authenticated_user]}, record={ 'roles': test_users.r1.id }) assert not actor.user_matches(test_users.u3, {'system_roles': [authenticated_user]}, record={ 'roles': test_users.r1.id }) assert not actor.user_matches(AnonymousUser(), {'system_roles': [any_user]}, record={ 'roles': test_users.r1.id })
def test_user_matches(app, db, es, test_users): with db.session.begin_nested(): actor = UserActor(name='test', originator=test_users.u1, users=[test_users.u2]) db.session.add(actor) assert not actor.user_matches(test_users.u1, {'system_roles': [authenticated_user]}) assert actor.user_matches(test_users.u2, {'system_roles': [authenticated_user]}) assert not actor.user_matches(test_users.u3, {'system_roles': [authenticated_user]}) assert not actor.user_matches(AnonymousUser(), {'system_roles': [any_user]})
def test_get_elasticsearch_query(app, db, es, test_users): with db.session.begin_nested(): actor = RoleActor(name='test', originator=test_users.u1, roles=[test_users.r1]) db.session.add(actor) assert Terms(_invenio_explicit_acls__role=[test_users.r1.id]) == \ actor.get_elasticsearch_query(test_users.u1, {'system_roles': [authenticated_user]}) assert Terms(_invenio_explicit_acls__role=[test_users.r1.id, test_users.r2.id]) == \ actor.get_elasticsearch_query(test_users.u2, {'system_roles': [authenticated_user]}) assert Terms(_invenio_explicit_acls__role=[test_users.r2.id]) == \ actor.get_elasticsearch_query(test_users.u3, {'system_roles': [authenticated_user]}) assert actor.get_elasticsearch_query(AnonymousUser(), {'system_roles': [any_user]}) is None
def test_search_meta(app, db, community): # check that cached property work assert NRRecordsSearch.Meta is NRRecordsSearch.Meta # check that Meta is correstly inherited assert issubclass(NRRecordsSearch.Meta, NRRecordsSearch.ActualMeta) # check that the owner class is set assert NRRecordsSearch.Meta.outer_class is NRRecordsSearch # get default_filter_factory with app.app_context(): with app.test_request_context('/'): request.view_args = {'community_id': 'nr'} login_user(AnonymousUser()) set_identity(AnonymousIdentity()) q = NRRecordsSearch.Meta.default_filter_factory() assert q.to_dict() == { "bool": { "must": [ { "term": { "_administration.state": "published" } }, { "bool": { "should": [ { "term": { "_primary_community": "nr" } }, { "terms": { "_communities.keyword": [ "nr" ] } } ], "minimum_should_match": 1 } } ] } }
def louwi(app, manager): """ Create a test user. Louwi has no account, but is an active anonymous user. """ @app.login_manager.request_loader def load_user_from_request(request): utl.init_session() session["current_schedule"] = schd.Schedule( manager.get_default_project_id(), label="LOUWI'S SCHEDULE") return None yield AnonymousUser() @app.login_manager.request_loader def load_user_from_request(request): return None
def test_get_elasticsearch_query(app, db, es, test_users): with current_app.test_request_context(): assert Term(_invenio_explicit_acls__system_role='any_user' ) == SystemRoleActor.get_elasticsearch_query( AnonymousUser(), {}) set_identity(test_users.u1) assert Terms(_invenio_explicit_acls__system_role=['any_user', 'authenticated_user']) == \ SystemRoleActor.get_elasticsearch_query(test_users.u1, {}) # faked user - different identity in flask.g than user with pytest.raises( AttributeError, message='user whose id does not match Identity in flask.g'): SystemRoleActor.get_elasticsearch_query(test_users.u2, {}) set_identity(test_users.u2) assert Terms(_invenio_explicit_acls__system_role=['any_user', 'authenticated_user']) == \ SystemRoleActor.get_elasticsearch_query(test_users.u2, {})
def test_user_matches(app, db, es, test_users): with db.session.begin_nested(): actor = SystemRoleActor(name='test', originator=test_users.u1, system_role='authenticated_user') db.session.add(actor) with current_app.test_request_context(): assert not actor.user_matches(AnonymousUser(), {'system_roles': [any_user]}) set_identity(test_users.u1) assert actor.user_matches(test_users.u1, {}) # faked user - different identity in flask.g than user set_identity(test_users.u1) with pytest.raises(AttributeError): actor.user_matches(test_users.u2, {}) set_identity(test_users.u2) assert actor.user_matches(test_users.u2, {}) set_identity(test_users.u3) assert actor.user_matches(test_users.u3, {})
def __init__(self): AnonymousUser.__init__(self)
def test_anonymous_user_has_no_roles(): user = AnonymousUser() assert not user.has_role('admin')
def test_anonymous_user_has_no_roles(self): au = AnonymousUser() self.assertEqual(0, len(au.roles)) self.assertFalse(au.has_role('admin'))
from flask_security.forms import ( ConfirmRegisterForm, RegisterFormMixin, ForgotPasswordForm, password_length, Required, email_validator, unique_user_email, ) from art17.auth.common import get_ldap_user_info from art17.auth.common import check_dates from art17.auth.forms import Art17RegisterFormBase, CustomEmailStringField from art17 import models current_user = LocalProxy(lambda: AnonymousUser() if not hasattr(c_user, "id") else c_user) flask_security.core.current_user = current_user flask_security.forms.current_user = current_user flask_security.decorators.current_user = current_user flask_security.views.current_user = current_user flask_security.views.logout_user = lambda: None flask_security.views.login_user = lambda new_user: None flask_security.views.register = check_dates(flask_security.views.register) password_length.min = 1 # ldap uses ldap-style SSHA passwords # flask_security.core._allowed_password_hash_schemes = ['ldap_salted_sha1'] def encrypt_password(password):