def test_user_can_be_loaded_from_session_token(self): self.make_participant('alice') user = User.from_username('alice') user.sign_in() token = user.participant.session_token actual = User.from_session_token(token).participant.username assert actual == 'alice'
def test_user_from_expired_session_is_anonymous(self): self.make_participant('alice') user = User.from_username('alice') user.sign_in(SimpleCookie()) token = user.participant.session_token user.participant.set_session_expires(utcnow()) user = User.from_session_token(token) assert user.ANON
def test_session_cookie_is_secure_if_it_should_be(self): canonical_scheme = gittip.canonical_scheme gittip.canonical_scheme = 'https' try: cookies = SimpleCookie() self.make_participant('alice') user = User.from_username('alice') user.sign_in(cookies) assert '; secure' in cookies[SESSION].output() finally: gittip.canonical_scheme = canonical_scheme
def serve_request(path, user=None): """Given an URL path, return response. """ request = StubRequest(path) request.website = test_website if user is not None: user = User.from_username(user) # Note that Cookie needs a bytestring. request.headers.cookie[str('session')] = user.session_token response = test_website.handle_safely(request) return response
def test_session_is_regularly_refreshed(self): self.make_participant('alice') user = User.from_username('alice') user.sign_in(SimpleCookie()) cookies = SimpleCookie() user.keep_signed_in(cookies) assert SESSION not in cookies cookies = SimpleCookie() expires = user.participant.session_expires user.participant.set_session_expires(expires - SESSION_REFRESH) user.keep_signed_in(cookies) assert SESSION in cookies
def perform_request(self, request, user): request.website = test_website if user is not None: user = User.from_username(user) user.sign_in() # Note that Cookie needs a bytestring. request.headers.cookie[str('session')] = \ user.participant.session_token response = test_website.handle_safely(request) if response.headers.cookie: self.cookies.update(response.headers.cookie) return response
def opt_in(self, desired_username): """Given a desired username, return a User object. """ self.set_is_locked(False) user = User.from_username(self.participant) user.sign_in() assert not user.ANON, self.participant # sanity check if self.is_claimed: newly_claimed = False else: newly_claimed = True user.participant.set_as_claimed() try: user.participant.change_username(desired_username) except ProblemChangingUsername: pass return user, newly_claimed
def build_wsgi_environ(self, *a, **kw): """Extend base class to support authenticating as a certain user. """ # csrf - for both anon and authenticated self.cookie[b'csrf_token'] = b'sotokeny' kw[b'HTTP_X-CSRF-TOKEN'] = b'sotokeny' # user authentication auth_as = kw.pop('auth_as', None) if auth_as is None: if SESSION in self.cookie: del self.cookie[SESSION] else: user = User.from_username(auth_as) user.sign_in(self.cookie) return Client.build_wsgi_environ(self, *a, **kw)
def opt_in(self, desired_username): """Given a desired username, return a User object. """ from gittip.security.user import User self.set_is_locked(False) user = User.from_username(self.participant.username) assert not user.ANON, self.participant # sanity check if self.participant.is_claimed: newly_claimed = False else: newly_claimed = True user.participant.set_as_claimed() try: user.participant.change_username(desired_username) except ProblemChangingUsername: pass if user.participant.is_closed: user.participant.update_is_closed(False) return user, newly_claimed
def test_dont_show_plural_no_members_as_team_to_auth(self): group = self.make_participant("Group", number="plural") self.make_participant("alice") assert not group.show_as_team(User.from_username("alice"))
def test_blacklisted_user_is_ANON(self): self.make_participant('alice', is_suspicious=True) alice = User.from_username('alice') assert alice.ANON is True
def test_whitelisted_user_is_not_ANON(self): self.make_participant('alice', is_suspicious=False) alice = User.from_username('alice') assert alice.ANON is False
def test_unreviewed_user_is_not_ANON(self): self.make_participant('alice', is_suspicious=None) alice = User.from_username('alice') assert alice.ANON is False
def test_admin_user_is_admin(self): self.make_participant('alice', is_admin=True) alice = User.from_username('alice') assert alice.ADMIN
def test_show_as_team_to_admin(self): self.make_participant('alice', is_admin=True) user = User.from_username('alice') assert self.team.show_as_team(user)
def test_show_as_team_to_team_member(self): self.make_participant("alice") self.team.add_member(self.make_participant("bob")) user = User.from_username("bob") assert self.team.show_as_team(user)
def test_signed_out_user_is_anonymous(self): self.make_participant('alice') alice = User.from_username('alice') assert not alice.ANON alice.sign_out() assert alice.ANON
def test_show_plural_no_members_as_team_to_self(self): group = self.make_participant("Group", number="plural") assert group.show_as_team(User.from_username("Group"))
def test_show_plural_no_members_as_team_to_admin(self): group = self.make_participant('Group', number='plural') self.make_participant('Admin', is_admin=True) assert group.show_as_team(User.from_username('Admin'))
def test_show_plural_no_members_as_team_to_self(self): group = self.make_participant('Group', number='plural') assert group.show_as_team(User.from_username('Group'))
def test_show_as_team_to_non_team_member(self): self.make_participant('alice') self.team.add_member(self.make_participant('bob')) user = User.from_username('alice') assert self.team.show_as_team(user)
def test_user_from_bad_id_is_anonymous(self): user = User.from_username('deadbeef') assert user.ANON
def test_username_is_case_insensitive(self): self.make_participant('AlIcE') actual = User.from_username('aLiCe').participant.username_lower assert actual == 'alice'
def test_suspicious_user_from_username_is_anonymous(self): self.make_participant('alice', is_suspicious=True) user = User.from_username('alice') assert user.ANON
def test_known_user_is_not_admin(self): self.make_participant('alice') alice = User.from_username('alice') assert not alice.ADMIN
def test_dont_show_plural_no_members_as_team_to_auth(self): group = self.make_participant('Group', number='plural') self.make_participant('alice') assert not group.show_as_team(User.from_username('alice'))
def test_show_plural_no_members_as_team_to_admin(self): group = self.make_participant("Group", number="plural") self.make_participant("Admin", is_admin=True) assert group.show_as_team(User.from_username("Admin"))