Esempio n. 1
0
def create_user(db, email):
    u = User()
    u.email = email
    u.active = True
    db.session.add(u)
    db.session.commit()
    return u
Esempio n. 2
0
def users():
    """Create users needed in this test module."""
    curator = User(
        email='*****@*****.**',
        password=hash_password('curator'),
        active=True,
    )
    scientist = User(
        email='*****@*****.**',
        password=hash_password('scientist'),
        active=True,
    )
    db.session.add_all([curator, scientist])
    db.session.commit()

    curator_action = ActionUsers(
        action='editor_manage_tickets',
        argument=None,
        user_id=curator.id,
    )
    db.session.add(curator_action)
    db.session.commit()

    yield

    ActionUsers.query.filter_by(action='editor_manage_tickets').delete()
    User.query.filter_by(email='*****@*****.**').delete()
    User.query.filter_by(email='*****@*****.**').delete()
    db.session.commit()
Esempio n. 3
0
    def create(cls, data, **kwargs):
        """User record creation.

        :param cls - class object
        :param data - dictionary representing a user record
        """
        with db.session.begin_nested():
            email = data.pop('email', None)
            roles = data.pop('roles', None)
            cls._validate(data=data)
            password = data.pop('password', data.get('birth_date', '123456'))
            user = BaseUser(password=hash_password(password),
                            profile=data,
                            active=True)
            db.session.add(user)
            profile = user.profile
            for field in cls.profile_fields:
                value = data.get(field)
                if value is not None:
                    if field == 'birth_date':
                        value = datetime.strptime(value, '%Y-%m-%d')
                    setattr(profile, field, value)
            # send the reset password notification for new users
            if email:
                user.email = email
            db.session.merge(user)
        db.session.commit()
        if user.email:
            send_reset_password_instructions(user)
        confirm_user(user)
        return cls(user)
Esempio n. 4
0
def test_invenio_access_permission_for_users(app):
    """User can access to an action allowed/denied to the user"""
    InvenioAccess(app)
    with app.test_request_context():
        db.session.begin(nested=True)
        user_can_all = User(email='*****@*****.**')
        user_can_read = User(email='*****@*****.**')
        user_can_open = User(email='*****@*****.**')

        db.session.add(user_can_all)
        db.session.add(user_can_read)
        db.session.add(user_can_open)

        db.session.add(ActionUsers(action='open', user=user_can_all))
        db.session.add(ActionUsers(action='open', user=user_can_open))

        db.session.add(ActionUsers(action='read', user=user_can_all))
        db.session.add(ActionUsers(action='read', user=user_can_read))
        db.session.commit()

        permission_open = DynamicPermission(ActionNeed('open'))
        permission_read = DynamicPermission(ActionNeed('read'))

        identity_all = FakeIdentity(UserNeed(user_can_all.id))
        identity_read = FakeIdentity(UserNeed(user_can_read.id))
        identity_open = FakeIdentity(UserNeed(user_can_open.id))

        assert permission_open.allows(identity_all)
        assert permission_read.allows(identity_all)

        assert permission_open.allows(identity_open)
        assert not permission_read.allows(identity_open)

        assert not permission_open.allows(identity_read)
        assert permission_read.allows(identity_read)
Esempio n. 5
0
def oauth_register(account_info, form_data=None):
    """Register user if possible."""
    from invenio_accounts.models import User

    email = account_info.get("email")
    if form_data and form_data.get("email"):
        email = form_data.get("email")

    if email:
        note = '1'
        if cfg['CFG_ACCESS_CONTROL_NOTIFY_USER_ABOUT_NEW_ACCOUNT']:
            note = '2'

        if not User.query.filter_by(email=email).first():
            # Email does not already exists. so we can proceed to register
            # user.
            u = User(nickname=account_info.get('nickname', ''),
                     email=email,
                     password=None,
                     note=note)

            try:
                db.session.add(u)
                db.session.commit()
            except Exception:
                current_app.logger.exception("Cannot create user")
                return None

            # verify the email
            if note == '2':
                u.verify_email()

            return UserInfo(u.id)

    return None
Esempio n. 6
0
def test_audit(app):
    user_id = None
    workflow_id = None
    with app.app_context():
        user = User(email="*****@*****.**", active=True)
        user.password = "******"
        db.session.add(user)

        workflows_object = WorkflowObject.create_object()
        workflows_object.save()

        db.session.commit()
        user_id = user.id
        workflow_id = workflows_object.id

    with app.app_context():
        logging_info = {
            'object_id': workflow_id,
            'user_id': user_id,
            'score': 0.222113,
            'user_action': "Non-CORE",
            'decision': "Rejected",
            'source': "test",
            'action': "accept"
        }
        audit = WorkflowsAudit(**logging_info)
        audit.save()
        db.session.commit()

        assert WorkflowsAudit.query.count() == 1

        audit_entry = WorkflowsAudit.query.filter(
            WorkflowsAudit.object_id == workflow_id
        ).one()
        assert audit_entry
        assert audit_entry.action == "accept"
        assert audit_entry.score == 0.222113

    prediction_results = dict(
        max_score=0.222113, decision="Rejected"
    )
    with app.app_context():
        log_workflows_action(
            action="accept_core",
            prediction_results=prediction_results,
            object_id=workflow_id,
            user_id=None,
            source="test",
            user_action="accept"
        )
        db.session.commit()

        assert WorkflowsAudit.query.count() == 2

        audit_entry = WorkflowsAudit.query.filter(
            WorkflowsAudit.action == "accept_core"
        ).one()
        assert audit_entry
        assert audit_entry.action == "accept_core"
        assert audit_entry.score == 0.222113
Esempio n. 7
0
def test_invite_by_emails(app):
    """
    Test invite by emails.

    :param app: The flask application.
    """
    with app.app_context():
        u1 = User(email='*****@*****.**', password='******')
        u2 = User(email='*****@*****.**', password='******')
        g = Group.create(name='test_group')

        db.session.add(u1)
        db.session.add(u2)
        db.session.commit()

        result = g.invite_by_emails(
            [u1.email, u2.email, '*****@*****.**'])

        assert result[0].state.code is MembershipState.PENDING_USER
        assert result[1].state.code is MembershipState.PENDING_USER
        assert result[2] is None

        assert g.is_member(u1, with_pending=True)
        assert g.is_member(u2, with_pending=True)
        assert not g.is_member('*****@*****.**', with_pending=True)
Esempio n. 8
0
def test_get_job_recipient_internal_uid(base_app, db, es_clear):
    expected_email = "*****@*****.**"

    user = User()
    user.email = expected_email
    user.active = True
    user.id = 23
    db.session.add(user)

    test_user = UserIdentity(id="user", method="test", id_user=user.id)
    db.session.add(test_user)

    job = {
        "acquisition_source": {
            "datetime": "2019-07-04T11:21:22.611086",
            "email": "*****@*****.**",
            "internal_uid": user.id,
            "method": "submitter",
            "orcid": "0000-0002-8672-7088",
            "source": "submitter",
            "submission_number": "None",
        }
    }
    email = get_job_recipient(job)
    # The email is not the one in acquisition_source but in the user account
    assert email == expected_email
Esempio n. 9
0
def test_group_is_member(app):
    """
    Test if group is member.

    :param app: The flask application.
    """
    with app.app_context():
        from weko_groups.models import Group
        from invenio_accounts.models import User

        g = Group.create(name='test_group')
        u = User(email='*****@*****.**', password='******')
        u2 = User(email='*****@*****.**', password='******')
        u3 = User(email='*****@*****.**', password='******')
        db.session.add(u)
        db.session.add(u2)
        db.session.add(u3)
        db.session.commit()

        g.add_member(u)
        g.add_member(u2, state=MembershipState.PENDING_USER)
        g.add_member(u3, state=MembershipState.PENDING_ADMIN)

        assert g.is_member(u)
        assert not g.is_member(u2)
        assert g.is_member(u2, with_pending=True)
        assert not g.is_member(u3)
        assert g.is_member(u3, with_pending=True)
Esempio n. 10
0
def test_membership_query_invitations(app):
    """
    Test membership query invitations.

    :param app: The flask application.
    """
    with app.app_context():
        from weko_groups.models import Group, Membership, \
            MembershipState
        from invenio_accounts.models import User
        from flask_sqlalchemy import BaseQuery

        g = Group.create(name="test")
        u1 = User(email="*****@*****.**", password="******")
        u2 = User(email="[email protected]", password="******")
        u3 = User(email="[email protected]", password="******")
        db.session.add_all([u1, u2, u3])
        db.session.commit()
        Membership.create(g, u1, MembershipState.ACTIVE)
        Membership.create(g, u2, MembershipState.PENDING_USER)
        Membership.create(g, u3, MembershipState.PENDING_ADMIN)

        assert isinstance(Membership.query_by_user(u1), BaseQuery)
        assert Membership.query_invitations(u1).count() == 0
        assert Membership.query_invitations(u2).count() == 1
        assert Membership.query_invitations(u3).count() == 0
Esempio n. 11
0
def users(app):
    # Create test users
    encrypted_password = encrypt_password('123456')
    user = User(
        email='*****@*****.**',
        password=encrypted_password,
        active=True
    )
    user_partially_allowed = User(
        email='*****@*****.**',
        password=encrypted_password,
        active=True,
    )
    user_allowed = User(
        email='*****@*****.**',
        password=encrypted_password,
        active=True,
    )

    db.session.add_all(
        [user, user_partially_allowed, user_allowed]
    )
    db.session.commit()

    # Create actions for the allowed user
    restricted_collection_action = ActionUsers(
        action='view-restricted-collection',
        argument='Restricted Collection',
        user_id=user_allowed.id
    )
    another_restricted_collection_action = ActionUsers(
        action='view-restricted-collection',
        argument='Another Restricted Collection',
        user_id=user_allowed.id
    )

    # Create actions for the partially allowed user
    partial_restricted_collection_action = ActionUsers(
        action='view-restricted-collection',
        argument='Restricted Collection',
        user_id=user_partially_allowed.id
    )

    db.session.add_all(
        [
            restricted_collection_action,
            another_restricted_collection_action,
            partial_restricted_collection_action
        ]
    )
    db.session.commit()

    yield

    SessionActivity.query.delete()
    ActionUsers.query.filter_by(action='view-restricted-collection').delete()
    User.query.filter_by(email='*****@*****.**').delete()
    User.query.filter_by(email='*****@*****.**').delete()
    User.query.filter_by(email='*****@*****.**').delete()
    db.session.commit()
Esempio n. 12
0
    def login_callback(user_info):
        """Login user base on SSO context (create one if necessary).

        Function should not raise an exception if `user_info` is not valid
        or `User` was not found in database.
        """
        from invenio_accounts.models import User
        from invenio.ext.login import (authenticate, login_redirect,
                                       current_user)
        from invenio.ext.sqlalchemy import db

        user_info['group'] = fetch_groups(user_info['group']).values()
        user_info['external'] = fetch_external(user_info.get('external'))
        try:
            auth = authenticate(user_info['email'], login_method='SSO')
            if auth is None:
                user = User()
                user.nickname = user_info['nickname']
                user.email = user_info['email']
                user.password = ''
                user.settings = {'login_method': 'SSO'}
                db.session.add(user)
                db.session.commit()
                auth = authenticate(user_info['email'], login_method='SSO')
                if auth is None:
                    return redirect('/')

            current_user.info['group'] = current_user.get('group', []) + \
                user_info['group']
            current_user.save()
        except:
            flash('Problem with login (%s)' % (str(user_info)), 'error')
            return redirect('/')

        return login_redirect()
Esempio n. 13
0
def oauth_register(account_info, form_data=None):
    """Register user if possible."""
    from invenio_accounts.models import User

    email = account_info.get("email")
    if form_data and form_data.get("email"):
        email = form_data.get("email")

    if email:
        if not User.query.filter_by(email=email).first():
            # Email does not already exists. so we can proceed to register
            # user.
            u = User(
                nickname=account_info.get('nickname', ''),
                email=email,
                password=None,
                # email has to be validated
                note='2',
            )

            try:
                db.session.add(u)
                db.session.commit()
            except Exception:
                current_app.logger.exception("Cannot create user")
                return None

            # verify the email
            if cfg['CFG_ACCESS_CONTROL_NOTIFY_USER_ABOUT_NEW_ACCOUNT']:
                u.verify_email()

            return UserInfo(u.id)

    return None
Esempio n. 14
0
def test_file_permissions(app, db, record_with_files_creation, user,
                          access_right, expected):
    """Test file permissions."""
    pid, record, record_url = record_with_files_creation

    # Create test users
    admin = User(email='*****@*****.**', password='******')
    owner = User(email='*****@*****.**', password='******')
    auth = User(email='*****@*****.**', password='******')
    db.session.add_all([admin, owner, auth])
    db.session.add(ActionUsers.allow(ActionNeed('admin-access'), user=admin))
    db.session.commit()

    # Create test record
    record['access_right'] = access_right
    record['owners'] = [owner.id]
    record.commit()
    db.session.commit()

    file_url = url_for(
        'invenio_records_ui.recid_files',
        pid_value=pid.pid_value,
        filename='Test.pdf',
    )
    with app.test_client() as client:
        if user:
            # Login as user
            with client.session_transaction() as sess:
                sess['user_id'] = User.query.filter_by(
                    email='{}@zenodo.org'.format(user)).one().id
                sess['_fresh'] = True

        res = client.get(file_url)
        assert res.status_code == expected
Esempio n. 15
0
def test_dynamic_permission_needs_cache_invalidation(app):
    """Testing DynamicPermission refreshes needs.

    This is important when protecting a view with
    @permission.require(http_exception=403)
    If cache does not get invalidated, the needs will only be refreshed when
    the Python process restarts.
    """
    cache = SimpleCache()
    InvenioAccess(app, cache=cache)
    with app.test_request_context():
        user_can_all = User(email='*****@*****.**')
        user_can_open = User(email='*****@*****.**')
        db.session.add(user_can_all)
        db.session.add(user_can_open)

        db.session.add(ActionUsers(action='open', user=user_can_all))
        db.session.flush()

        permission_open = DynamicPermission(ActionNeed('open'))

        assert permission_open.needs == set([Need(method='id', value=1)])

        db.session.add(ActionUsers(action='open', user=user_can_open))
        db.session.flush()

        assert permission_open.needs == set(
            [Need(method='id', value=1), Need(method='id', value=2)]
            )
def users(app):
    """Create user fixtures."""
    hashed_password = hash_password('123456')
    user = User(email='*****@*****.**',
                password=hashed_password,
                active=True)
    user_allowed = User(email='*****@*****.**',
                        password=hashed_password,
                        active=True)

    db.session.add_all([user, user_allowed])
    db.session.commit()

    author_admin = ActionUsers(action='admin-holdingpen-authors',
                               user_id=user_allowed.id)

    db.session.add(author_admin)
    db.session.commit()

    yield

    ActionUsers.query.filter_by(action='admin-holdingpen-authors').delete()
    User.query.filter_by(email='*****@*****.**').delete()
    User.query.filter_by(email='*****@*****.**').delete()
    db.session.commit()
Esempio n. 17
0
def test_permission_factory(app, db, action, permission_factory):
    """Test revisions."""
    InvenioAccess(app)

    rec_uuid = uuid.uuid4()

    with db.session.begin_nested():
        user_all = User(email='*****@*****.**')
        user_one = User(email='*****@*****.**')
        user_none = User(email='*****@*****.**')
        db.session.add(user_all)
        db.session.add(user_one)
        db.session.add(user_none)

        db.session.add(ActionUsers(action=action, user=user_all,
                                   argument=None))
        db.session.add(
            ActionUsers(action=action, user=user_one, argument=str(rec_uuid)))

        record = Record.create({'title': 'permission test'}, id_=rec_uuid)

    # Create a record and assign permissions.
    permission = permission_factory(record)

    # Assert which permissions has access.
    assert permission.allows(FakeIdentity(UserNeed(user_all.id)))
    assert permission.allows(FakeIdentity(UserNeed(user_one.id)))
    assert not permission.allows(FakeIdentity(UserNeed(user_none.id)))
Esempio n. 18
0
def test_create_profile(app):
    """Test that userprofile can be patched using UserAccount constructor."""
    with app.app_context():
        user = User(
            email='*****@*****.**',
        )
        db.session.add(user)
        db.session.commit()

        user_id = user.id
        patch_user = User(
            id=user_id,
            email='*****@*****.**',
            profile={'full_name': 'updated_full_name'}
        )
        db.session.merge(patch_user)
        db.session.commit()

        patch_user = User(
            id=user_id,
            profile={'username': '******'}
        )
        db.session.merge(patch_user)
        db.session.commit()

        user = User.query.filter(User.id == user_id).one()
        assert user.profile.full_name == 'updated_full_name'
        assert user.email == '*****@*****.**'
        assert user.profile.username == 'test_username'
Esempio n. 19
0
def test_group_invite(app):
    """
    Test group invite.

    :param app: The flask application.
    """
    with app.app_context():
        from weko_groups.models import Group, Membership, \
            MembershipState
        from invenio_accounts.models import User

        g = Group.create(name="test")
        u = User(email="*****@*****.**", password="******")
        u2 = User(email="*****@*****.**", password="******")
        db.session.add(u)
        db.session.add(u2)
        db.session.commit()

        m = g.invite(u)
        assert Membership.query.count() == 1
        assert m.state == MembershipState.PENDING_USER

        a = Group.create(name="admin")
        g2 = Group.create(name="test2", admins=[a])
        assert g2.invite(u2, admin=g) is None
        m = g2.invite(u2, admin=a)
        assert Membership.query.count() == 2
        assert m.state == MembershipState.PENDING_USER
def test_invenio_access_permission_cache_redis(app):
    """Caching the user using redis."""
    cache = RedisCache()
    InvenioAccess(app, cache=cache)
    with app.test_request_context():
        user_can_all = User(email='*****@*****.**')
        user_can_open = User(email='*****@*****.**')

        db.session.add(user_can_all)
        db.session.add(user_can_open)

        db.session.add(ActionUsers(action='open', user=user_can_all))

        db.session.flush()

        identity_open = FakeIdentity(UserNeed(user_can_open.id))

        permission_open = DynamicPermission(ActionNeed('open'))
        assert not permission_open.allows(identity_open)
        assert current_access.get_action_cache('open') == (set(
            [Need(method='id', value=1)]), set([]))

        db.session.add(ActionUsers(action='open', user=user_can_open))
        db.session.flush()

        permission_open = DynamicPermission(ActionNeed('open'))
        assert permission_open.allows(identity_open)
        assert current_access.get_action_cache('open') == (set(
            [Need(method='id', value=1),
             Need(method='id', value=2)]), set([]))
Esempio n. 21
0
def example_group(app):
    """
    Create example groups.

    :param app: An instance of :class:`~flask.Flask`.
    :return: App object.
    """
    with app.app_context():
        admin = User(email='*****@*****.**', password='******')
        member = User(email='*****@*****.**', password='******')
        non_member = User(email='*****@*****.**', password='******')
        db.session.add(admin)
        db.session.add(member)
        db.session.add(non_member)
        group = Group.create(name='test_group', admins=[admin])
        membership = group.invite(member)
        membership.accept()

        admin_id = admin.id
        member_id = member.id
        non_member_id = non_member.id
        group_id = group.id
        db.session.commit()

    app.get_admin = lambda: User.query.get(admin_id)
    app.get_member = lambda: User.query.get(member_id)
    app.get_non_member = lambda: User.query.get(non_member_id)
    app.get_group = lambda: Group.query.get(group_id)

    return app
Esempio n. 22
0
def test_audit(small_app):
    user_id = None
    workflow_id = None
    with small_app.app_context():
        user = User(email="*****@*****.**", active=True)
        user.password = "******"
        db.session.add(user)

        workflows_object = workflow_object_class.create({}, data_type="hep")
        db.session.commit()

        user_id = user.id
        workflow_id = workflows_object.id

    with small_app.app_context():
        logging_info = {
            'object_id': workflow_id,
            'user_id': user_id,
            'score': 0.222113,
            'user_action': "Non-CORE",
            'decision': "Rejected",
            'source': "test",
            'action': "accept"
        }
        audit = WorkflowsAudit(**logging_info)
        audit.save()
        db.session.commit()

        assert WorkflowsAudit.query.count() == 1

        audit_entry = WorkflowsAudit.query.filter(
            WorkflowsAudit.object_id == workflow_id
        ).one()
        assert audit_entry
        assert audit_entry.action == "accept"
        assert audit_entry.score == 0.222113

    prediction_results = dict(
        max_score=0.222113, decision="Rejected"
    )
    with small_app.app_context():
        log_workflows_action(
            action="accept_core",
            prediction_results=prediction_results,
            object_id=workflow_id,
            user_id=None,
            source="test",
            user_action="accept"
        )
        db.session.commit()

        assert WorkflowsAudit.query.count() == 2

        audit_entry = WorkflowsAudit.query.filter(
            WorkflowsAudit.action == "accept_core"
        ).one()
        assert audit_entry
        assert audit_entry.action == "accept_core"
        assert audit_entry.score == 0.222113
Esempio n. 23
0
def test_invenio_access_permission_cache(app):
    """Caching the user using memory caching."""
    cache = SimpleCache()
    InvenioAccess(app, cache=cache)
    with app.test_request_context():
        user_can_all = User(email='*****@*****.**')
        user_can_open = User(email='*****@*****.**')
        user_can_open_1 = User(email='*****@*****.**')

        db.session.add(user_can_all)
        db.session.add(user_can_open)
        db.session.add(user_can_open_1)

        db.session.add(ActionUsers(action='open', user=user_can_all))

        db.session.flush()

        permission_open = DynamicPermission(ActionNeed('open'))

        identity_open = FakeIdentity(UserNeed(user_can_open.id))

        assert not permission_open.allows(identity_open)
        assert current_access.get_action_cache('open') == (
            set([Need(method='id', value=1)]),
            set([])
        )

        db.session.add(ActionUsers(action='open', user=user_can_open))
        db.session.flush()

        permission_open = DynamicPermission(ActionNeed('open'))
        assert permission_open.allows(identity_open)
        assert current_access.get_action_cache('open') == (
            set([Need(method='id', value=1),
                 Need(method='id', value=2)]),
            set([])
        )

        db.session.add(ActionUsers(action='open', argument=1,
                                   user=user_can_open_1))
        db.session.flush()

        identity_open_1 = FakeIdentity(UserNeed(user_can_open_1.id))
        permission_open_1 = DynamicPermission(
            ParameterizedActionNeed('open', '1'))
        assert not permission_open.allows(identity_open_1)
        assert permission_open_1.allows(identity_open_1)
        assert current_access.get_action_cache('open::1') == (
            set([Need(method='id', value=1),
                 Need(method='id', value=2),
                 Need(method='id', value=3)]),
            set([])
        )
        assert current_access.get_action_cache('open') == (
            set([Need(method='id', value=1),
                 Need(method='id', value=2)]),
            set([])
        )
Esempio n. 24
0
def test_template_filter(app):
    with app.app_context():
        user = User(email='*****@*****.**', password='******')
        db.session.add(user)
        db.session.commit()
        user.profile = UserProfile(username='******', full_name='name')
        db.session.commit()

        assert userprofile(user.profile.user_id) == user.profile
Esempio n. 25
0
def test_template_filter(app):
    """Test template filter."""
    with app.app_context():
        user = User(email='*****@*****.**', password='******')
        db.session.add(user)
        db.session.commit()
        user.profile = UserProfile(username='******', full_name='name')
        db.session.commit()

        assert userprofile(user.profile.user_id) == user.profile
Esempio n. 26
0
def test_invenio_access_permission_for_users(app):
    """User can access to an action allowed/denied to the user"""
    InvenioAccess(app)
    with app.test_request_context():
        db.session.begin(nested=True)
        superuser = User(email='*****@*****.**')
        user_can_all = User(email='*****@*****.**')
        user_can_read = User(email='*****@*****.**')
        user_can_open = User(email='*****@*****.**')

        db.session.add(superuser)
        db.session.add(user_can_all)
        db.session.add(user_can_read)
        db.session.add(user_can_open)

        db.session.add(ActionUsers(action='superuser-access', user=superuser))

        db.session.add(ActionUsers(action='open', user=user_can_all))
        db.session.add(ActionUsers(action='open', user=user_can_open))

        db.session.add(ActionUsers(action='read', user=user_can_all))
        db.session.add(ActionUsers(action='read', user=user_can_read))

        db.session.add(ActionUsers(action='not_logged', user=user_can_all))

        db.session.commit()

        permission_open = DynamicPermission(ActionNeed('open'))
        permission_read = DynamicPermission(ActionNeed('read'))
        permission_not_logged = DynamicPermission(ActionNeed('not_logged'))

        identity_superuser = FakeIdentity(UserNeed(superuser.id))
        identity_all = FakeIdentity(UserNeed(user_can_all.id))
        identity_read = FakeIdentity(UserNeed(user_can_read.id))
        identity_open = FakeIdentity(UserNeed(user_can_open.id))
        identity_unknown = AnonymousIdentity()

        # global permissions
        assert permission_open.allows(identity_superuser)
        assert permission_read.allows(identity_superuser)

        assert permission_open.allows(identity_all)
        assert permission_read.allows(identity_all)
        assert permission_not_logged.allows(identity_all)

        assert permission_open.allows(identity_open)
        assert not permission_read.allows(identity_open)
        assert not permission_not_logged.allows(identity_open)

        assert not permission_open.allows(identity_read)
        assert permission_read.allows(identity_read)
        assert not permission_not_logged.allows(identity_read)

        assert not permission_open.allows(identity_unknown)
        assert not permission_read.allows(identity_unknown)
Esempio n. 27
0
def test_case_insensitive_username(app):
    """Test case-insensitive uniqueness."""
    with app.app_context():
        with db.session.begin_nested():
            u1 = User(email='*****@*****.**')
            u2 = User(email='*****@*****.**')
            db.session.add(u1, u2)
        profile1 = UserProfile(user=u1, username="******")
        profile2 = UserProfile(user=u2, username="******")
        db.session.add(profile1)
        db.session.add(profile2)
        pytest.raises(IntegrityError, db.session.commit)
    def setUp(self):
        super(RemoteTokenTestCase, self).setUp()
        from invenio_accounts.models import User
        u1 = User(nickname='RemoteTokenTestCaseUser1', password='')
        u2 = User(nickname='RemoteTokenTestCaseUser2', password='')
        u3 = User(nickname='RemoteTokenTestCaseUser3', password='')
        db.session.add(u1)
        db.session.add(u2)
        db.session.add(u3)
        db.session.commit()

        self.u1 = u1.id
        self.u2 = u2.id
        self.u3 = u3.id
        db.session.expunge_all()
Esempio n. 29
0
    def _import_users(users, users_identities, users_profiles,
                      remote_accounts):
        """Import users in db."""
        click.secho('Migrating {0} users'.format(len(users)), fg='green')
        for user in users:
            user = User(**user)
            db.session.add(user)

        click.secho('Migrating {0} user identities'.format(
            len(users_identities)),
                    fg='green')

        for identity in users_identities:
            user_identity = UserIdentity(**identity)
            db.session.add(user_identity)

        click.secho('Migrating {0} user profiles'.format(len(users_profiles)),
                    fg='green')
        for profile in users_profiles:
            user_profile = UserProfile(**profile)
            db.session.add(user_profile)

        click.secho('Migrating {0} remote accoutns'.format(
            len(remote_accounts)),
                    fg='green')
        client_id = current_app.config['CERN_APP_CREDENTIALS']['consumer_key']
        for account in remote_accounts:
            remote_account = RemoteAccount(client_id=client_id, **account)
            db.session.add(remote_account)

        db.session.commit()
Esempio n. 30
0
    def sync_user_and_profile(cls, data):
        """Create or update the rero user with the patron data.

        :param data - dict representing the patron data
        """
        # start a session to be able to rollback if the data are not valid
        with db.session.begin_nested():
            user = cls._get_user_by_data(data)
            # need to create the user
            if not user:
                birth_date = data.get('birth_date')
                # sanity check
                if not birth_date:
                    raise RecordValidationError('birth_date field is required')
                # the default password is the birth date
                user = User(email=data.get('email'),
                            password=hash_password(birth_date),
                            profile=dict(),
                            active=True)
                db.session.add(user)
            # update all common fields
            for field in cls.profile_fields:
                # date field need conversion
                if field == 'birth_date':
                    setattr(user.profile, field,
                            datetime.strptime(data.get(field), '%Y-%m-%d'))
                else:
                    setattr(user.profile, field, data.get(field, ''))
            db.session.merge(user)
            if not data.get('user_id'):
                # the fresh created user
                return user
Esempio n. 31
0
def setup_app(app):
    with app.app_context():
        db.drop_all()
        db.create_all()
        reindex_all(recreate=True)

        ctx = app.test_request_context()
        ctx.push()

        user_count = User.query.filter_by(email='*****@*****.**').count()
        if user_count == 0:
            user = User(email=TEST_EMAIL, password='******', active=True)
            admin_role = Role(name='admin')
            coordinator_role = Role(name='coordinator')

            user.roles.append(admin_role)
            user.roles.append(coordinator_role)

            db.session.add(admin_role)
            db.session.add(coordinator_role)
            db.session.add(user)
            db.session.commit()

        yield app
        ctx.pop()
Esempio n. 32
0
def patron1(app, db):
    """Create a patron user."""
    user = User(**dict(email="*****@*****.**", active=True))
    db.session.add(user)
    db.session.commit()

    user_id = user.id

    identity = UserIdentity(**dict(id="1", method="cern", id_user=user_id))
    db.session.add(identity)

    profile = UserProfile(
        **dict(
            user_id=user_id,
            _displayname="id_" + str(user_id),
            full_name="System User",
        )
    )
    db.session.add(profile)

    client_id = app.config["CERN_APP_OPENID_CREDENTIALS"]["consumer_key"]
    remote_account = RemoteAccount(
        client_id=client_id,
        **dict(
            user_id=user_id,
            extra_data=dict(person_id="1", department="Department"),
        )
    )
    db.session.add(remote_account)
    db.session.commit()
    return user
Esempio n. 33
0
def system_user(app, db):
    """Create a regular system user."""
    user = User(**dict(email="*****@*****.**", active=True))
    db.session.add(user)
    db.session.commit()

    user_id = user.id

    identity = UserIdentity(**dict(id="1", method="cern", id_user=user_id))
    db.session.add(identity)

    profile = UserProfile(
        **dict(
            user_id=user_id,
            _displayname="id_" + str(user_id),
            full_name="System User",
        )
    )
    db.session.add(profile)

    remote_account = RemoteAccount(
        client_id="CLIENT_ID",
        **dict(
            user_id=user_id,
            extra_data=dict(person_id="1", department="Department"),
        )
    )
    db.session.add(remote_account)
    db.session.commit()
    return user
Esempio n. 34
0
def mock_user(app, request):
    def teardown(app):
        with app.app_context():
            user = User.query.filter_by(id=2).first()
            token = RemoteToken.query.filter_by(access_token='123').first()
            user_identity = UserIdentity.query.filter_by(
                id='0000-0001-9412-8627', method='orcid').first()
            remote_account = RemoteAccount.query.filter_by(user_id=2).first()
            with db.session.begin_nested():
                db.session.delete(token)
                db.session.delete(user_identity)
                db.session.delete(remote_account)
                db.session.delete(user)
            db.session.commit()

    request.addfinalizer(lambda: teardown(app))

    user = User(id=2, )
    token = RemoteToken(id_remote_account=1, access_token='123')
    user_identity = UserIdentity(id='0000-0001-9412-8627',
                                 id_user='******',
                                 method='orcid')
    remote_account = RemoteAccount(id=1,
                                   user_id=2,
                                   extra_data={},
                                   client_id=1,
                                   user=user)
    with app.app_context():
        with db.session.begin_nested():
            db.session.add(user)
            db.session.add(user_identity)
            db.session.add(remote_account)
            db.session.add(token)
        db.session.commit()
    return MockUser(app)
def test_profile_updating(base_app):
    base_app.config.update(USERPROFILES_EXTEND_SECURITY_FORMS=True)
    InvenioUserProfiles(base_app)
    app = base_app

    with app.app_context():
        user = User(email='lollorosso', password='******')
        db.session.add(user)
        db.session.commit()

        assert user.profile is None

        profile = UserProfile(
            username='******',
            full_name='Test T. User'
        )
        user.profile = profile
        user.profile.username = '******'
        assert user.profile.username == 'Different_Name'
        assert profile.username == 'Different_Name'
def pre_upgrade():
    """Run pre-upgrade checks (optional)."""
    not_valid_nicknames = []
    for user in db.engine.execute(db.select([User.nickname])):
        if not User.check_nickname(user[0]):
            not_valid_nicknames.append(user[0])

    if len(not_valid_nicknames) > 0:
        list_users = ', '.join(not_valid_nicknames)
        raise RuntimeError(
            "These nicknames are not valid: {list_users}. "
            "Please fix them before continuing.".format(
                list_users=list_users)
        )
    def test_verify_email_works_with_numbers_and_strings(self):
        from invenio_accounts.models import User
        u = User(email="*****@*****.**", password="")
        u.note = 2
        self.assertTrue(u.verify_email())

        u2 = User(email="*****@*****.**", password="")
        u2.note = "2"
        self.assertTrue(u2.verify_email())
def pre_upgrade():
    """Run pre-upgrade checks (optional)."""
    users = User.query.all()

    not_valid_nicknames = []
    for user in users:
        if not User.check_nickname(user.nickname):
            not_valid_nicknames.append(user)

    if len(not_valid_nicknames) > 0:
        list_users = ', '.join([u.nickname for u in not_valid_nicknames])
        raise RuntimeError(
            "These nicknames are not valid: {list_users}. "
            "Please fix them before continuing.".format(
                list_users=list_users)
        )
    def setUp(self):
        super(ProviderTestCase, self).setUp()
        # Set environment variable DEBUG to true, to allow testing without
        # SSL in oauthlib.
        if self.app.config.get('CFG_SITE_SECURE_URL').startswith('http://'):
            self.os_debug = os.environ.get('OAUTHLIB_INSECURE_TRANSPORT', '')
            os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = 'true'

        from ..models import Client, Scope
        from invenio_accounts.models import User
        from ..registry import scopes as scopes_registry

        # Register a test scope
        scopes_registry.register(Scope('test:scope'))

        self.base_url = self.app.config.get('CFG_SITE_SECURE_URL')

        # Create needed objects
        u = User(
            email='*****@*****.**', nickname='tester'
        )
        u.password = "******"

        u2 = User(
            email='*****@*****.**', nickname='tester2'
        )
        u2.password = "******"

        db.session.add(u)
        db.session.add(u2)

        c1 = Client(
            client_id='dev',
            client_secret='dev',
            name='dev',
            description='',
            is_confidential=False,
            user=u,
            _redirect_uris='%s/oauth2test/authorized' % self.base_url,
            _default_scopes="test:scope"
        )

        c2 = Client(
            client_id='confidential',
            client_secret='confidential',
            name='confidential',
            description='',
            is_confidential=True,
            user=u,
            _redirect_uris='%s/oauth2test/authorized' % self.base_url,
            _default_scopes="test:scope"
        )

        db.session.add(c1)
        db.session.add(c2)

        db.session.commit()

        self.objects = [u, u2, c1, c2]

        # Create a personal access token as well.
        from ..models import Token
        self.personal_token = Token.create_personal(
            'test-personal', 1, scopes=[], is_internal=True
        )
Esempio n. 40
0
def registerUser(req, email, passw, nickname, register_without_nickname=False,
        login_method=None, ln=CFG_SITE_LANG):
    """Register user with the desired values of NICKNAME, EMAIL and
       PASSW.

       If REGISTER_WITHOUT_NICKNAME is set to True, then ignore
       desired NICKNAME and do not set any.  This is suitable for
       external authentications so that people can login without
       having to register an internal account first.

       Return 0 if the registration is successful, 1 if email is not
       valid, 2 if nickname is not valid, 3 if email is already in the
       database, 4 if nickname is already in the database, 5 when
       users cannot register themselves because of the site policy, 6 when the
       site is having problem contacting the user.

       If login_method is None or is equal to the key corresponding to local
       authentication, then CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS is taken
       in account for deciding the behaviour about registering.
       """

    # is email valid?
    email = email.lower()
    if not email_valid_p(email):
        return 1

    _ = gettext_set_language(ln)

    # is email already taken?
    res = run_sql("""SELECT email FROM "user" WHERE email=%s""", (email,))
    if len(res) > 0:
        return 3

    if register_without_nickname:
        # ignore desired nick and use default empty string one:
        nickname = ""
    else:
        # is nickname valid?
        if not nickname_valid_p(nickname):
            return 2
        # is nickname already taken?
        res = run_sql("""SELECT nickname FROM "user" WHERE nickname=%s""", (nickname,))
        if len(res) > 0:
            return 4

    activated = 1 # By default activated

    if not login_method or not CFG_EXTERNAL_AUTHENTICATION[login_method]: # local login
        if CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS >= 2:
            return 5
        elif CFG_ACCESS_CONTROL_NOTIFY_USER_ABOUT_NEW_ACCOUNT:
            activated = 2 # Email confirmation required
        elif CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS >= 1:
            activated = 0 # Administrator confirmation required


    # okay, go on and register the user: FIXME
    user = User(nickname=nickname,
                email=email,
                password=passw,
                note=activated,
                last_login=datetime.datetime.now())

    if CFG_ACCESS_CONTROL_NOTIFY_USER_ABOUT_NEW_ACCOUNT:
        user.verify_email()

    try:
        db.session.add(user)
        db.session.commit()
    except Exception:
        current_app.logger.exception("Could not store user.")
        db.session.rollback()
        return 7
    if activated == 1: # Ok we consider the user as logged in :-)
        setUid(req, uid)
    return 0
Esempio n. 41
0
    def setUp(self):
        from invenio_oauth2server.models import Scope
        from invenio_accounts.models import User
        from invenio_oauth2server.models import Client, Token

        from invenio_oauth2server.registry import scopes as scopes_registry

        # Register a test scope
        scopes_registry.register(Scope('test:scope1'))
        scopes_registry.register(Scope('test:scope2', internal=True))

        self.base_url = self.app.config.get('CFG_SITE_SECURE_URL')

        # Create needed objects
        u = User(
            email='*****@*****.**', nickname='tester'
        )
        u.password = "******"

        self.create_objects([u])

        # environment
        #
        # resource_owner -- client1 -- token_1
        #                     |
        #                     -------- token_2
        #                               |
        #       consumer ----------------

        # create resource_owner and consumer
        self.resource_owner = User(
            email='*****@*****.**',
            nickname='resource_owner', password='******')
        self.consumer = User(
            email='*****@*****.**', nickname='consumer',
            password='******')

        self.create_objects([self.resource_owner, self.consumer])

        # create resource_owner -> client_1
        self.u1c1 = Client(
            client_id='client_test_u1c1',
            client_secret='client_test_u1c1',
            name='client_test_u1c1',
            description='',
            is_confidential=False,
            user=self.resource_owner,
            _redirect_uris='',
            _default_scopes=""
        )

        self.create_objects([self.u1c1])

        # create resource_owner -> client_1 / resource_owner -> token_1
        self.u1c1u1t1 = Token(
            client=self.u1c1,
            user=self.resource_owner,
            token_type='u',
            access_token='dev_access_1',
            refresh_token='dev_refresh_1',
            expires=None,
            is_personal=False,
            is_internal=False,
            _scopes='',
        )
        # create consumer -> client_1 / resource_owner -> token_2
        self.u1c1u2t2 = Token(
            client=self.u1c1,
            user=self.consumer,
            token_type='u',
            access_token='dev_access_2',
            refresh_token='dev_refresh_2',
            expires=None,
            is_personal=False,
            is_internal=False,
            _scopes='',
        )

        # create objects
        self.create_objects([self.u1c1u1t1, self.u1c1u2t2])

        self.objects = [u,
                        self.resource_owner, self.consumer,
                        self.u1c1u1t1, self.u1c1u2t2]
 def test_note_is_converted_to_string(self):
     from invenio_accounts.models import User
     u = User(email="*****@*****.**", password="")
     u.note = 2
     self.assertTrue(isinstance(u.note, str))