def testCreateKey(self): session = { 'user': User('admin'), } Body = urlencode(dict(username='******', description="A User", formUrl='/apikeyform')) self.assertEquals(['admin'], self.pwd.listUsernames()) result = joco(self.apiKey.handleRequest(session=session, Body=Body, path='/action/create', Method='POST')) headers, body = result.split(CRLF*2) self.assertTrue(' 302 ' in headers, headers) self.assertEquals('/apikeyform', parseHeaders(headers)['Location']) self.assertEquals(['admin', 'user'], sorted(self.pwd.listUsernames())) aList = self.apiKey.listApiKeysAndData() self.assertEquals(1, len(aList)) apiKey, userdata = aList[0] self.assertEquals('user', userdata['username']) self.assertTrue(16, len(apiKey)) result = joco(self.apiKey.handleRequest(session=session, Body=Body, path='/action/create', Method='POST')) headers, body = result.split(CRLF*2) self.assertTrue(' 302 ' in headers, headers) self.assertEquals('/apikeyform', parseHeaders(headers)['Location']) self.assertEquals(['admin', 'user'], sorted(self.pwd.listUsernames())) self.assertEquals({'message': {'class': 'error', 'text': 'User already exists.'}}, session['ApiKey.formValues']) b = ApiKey(databaseFile=join(self.tempdir, 'db')) self.assertEquals(aList, list(b.listApiKeysAndData()))
def testApiKeyAddition(self): headers, body = postRequest( self.portNumber, "/login.action", urlencode(dict(username="******", password="******")) ) cookie = parseHeaders(headers)["Set-Cookie"] headers, body = getRequest(self.portNumber, "/user_management", additionalHeaders={"Cookie": cookie}) self.assertEquals(["/apikey.action/create"], xpath(body, '//form[@name="create"]/@action')) self.assertEquals( ["/user_management"], xpath(body, '//form[@name="create"]/input[@type="hidden" and @name="formUrl"]/@value') ) headers, body = postRequest( self.portNumber, "/apikey.action/create", urlencode(dict(formUrl="/user_management", username="******")), additionalHeaders=dict(cookie=cookie), ) self.assertTrue("302" in headers, headers) self.assertEquals("/user_management", parseHeaders(headers)["Location"], headers) headers, body = getRequest(self.portNumber, "/user_management", additionalHeaders={"Cookie": cookie}) self.assertEquals("", xpath(body, '//div[@id="apiKeys"]/table/tr/form/td/input[@name="description"]/@value')[0]) apiKey = xpath(body, '//div[@id="apiKeys"]/table/tr/form/td[@class="apiKey"]/text()')[0] self.assertNotEqual("", apiKey) headers, body = postRequest( self.portNumber, "/apikey.action/update", urlencode(dict(formUrl="/user_management", apiKey=apiKey, description="Some description")), additionalHeaders=dict(cookie=cookie), ) self.assertTrue("302" in headers, headers) self.assertEquals("/user_management", parseHeaders(headers)["Location"], headers) headers, body = getRequest(self.portNumber, "/user_management", additionalHeaders={"Cookie": cookie}) self.assertEquals( "Some description", xpath(body, '//div[@id="apiKeys"]/table/tr/form/td/input[@name="description"]/@value')[0], )
def testAdmin(self): headers, body = getRequest(self.portNumber, "/login", parse='lxml') cookie = parseHeaders(headers)['Set-Cookie'] headers, body = postRequest(self.portNumber, '/login.action', urlencode(dict(username="******", password="******", formUrl='/login')), parse='lxml', additionalHeaders={'Cookie': cookie}) self.assertTrue('302' in headers, headers) self.assertEquals('/', parseHeaders(headers)['Location']) headers, body = getRequest(self.portNumber, "/index", parse='lxml', additionalHeaders={'Cookie': cookie}) self.assertEquals(['Logged in as: admin | ', ' | ', ' | ', ' | '], xpath(body, '//div[@id="loginbar"]/p/text()')) headers, body = getRequest(self.portNumber, "/changepassword", parse='lxml', additionalHeaders={'Cookie': cookie}) self.assertEquals(['admin'], xpath(body, '/html/body/div[@id="content"]/div[@id="login"]/form/input[@type="hidden" and @name="username"]/@value'), tostring(body)) self.assertEquals(['oldPassword', 'newPassword', 'retypedPassword'], xpath(body, '/html/body/div[@id="content"]/div[@id="login"]/form/dl/dd/input[@type="password"]/@name'), tostring(body)) self.assertEquals(['/login.action/changepassword'], xpath(body, '/html/body/div[@id="content"]/div[@id="login"]/form/@action')) headers, body = postRequest(self.portNumber, '/login.action/changepassword', urlencode(dict(username="******", oldPassword="******", newPassword="******", retypedPassword="******", formUrl="/changepassword")), parse='lxml', additionalHeaders={'Cookie': cookie}) self.assertTrue('302' in headers, headers) self.assertEquals('/', parseHeaders(headers)['Location']) # Test new password headers, body = getRequest(self.portNumber, "/login", parse='lxml') newcookie = parseHeaders(headers)['Set-Cookie'] headers, body = postRequest(self.portNumber, '/login.action', urlencode(dict(username="******", password="******", formUrl='/login')), parse='lxml', additionalHeaders={'Cookie': newcookie}) self.assertTrue('302' in headers, headers) self.assertEquals('/login', parseHeaders(headers)['Location']) headers, body = postRequest(self.portNumber, '/login.action', urlencode(dict(username="******", password="******", formUrl='/login')), parse='lxml', additionalHeaders={'Cookie': newcookie}) self.assertTrue('302' in headers, headers) self.assertEquals('/', parseHeaders(headers)['Location'])
def testWithoutAdminUserLoggedIn(self): session = { 'user': User('nobody'), } Body = urlencode(dict(username='******', formUrl='/apikeyform')) result = joco(self.apiKey.handleRequest(session=session, Body=Body, path='/action/create', Method='POST')) headers, body = result.split(CRLF*2) self.assertTrue(' 302 ' in headers, headers) self.assertEquals('/apikeyform', parseHeaders(headers)['Location']) self.assertEquals([], list(self.apiKey.listApiKeysAndData())) self.assertEquals({'message': {'text': 'No admin privileges.', 'class': 'error'}}, session['ApiKey.formValues'])
def testLoginPage(self): headers, body = getRequest(self.portNumber, "/login") cookie = parseHeaders(headers)["Set-Cookie"] self.assertTrue("200" in headers, headers) self.assertEquals( 1, len(xpath(body, '/html/body/div[@id="content"]/div[@id="login"]/form/dl/dd/input[@name="username"]')) ) self.assertEquals( 1, len( xpath( body, '/html/body/div[@id="content"]/div[@id="login"]/form/dl/dd/input[@type="password" and @name="password"]', ) ), ) self.assertEquals( 1, len(xpath(body, '/html/body/div[@id="content"]/div[@id="login"]/form/dl/dd/input[@type="submit"]')) ) self.assertEquals(["/login.action"], xpath(body, '/html/body/div[@id="content"]/div[@id="login"]/form/@action')) headers, body = postRequest( self.portNumber, "/login.action", urlencode(dict(username="******", password="******")), additionalHeaders={"Cookie": cookie}, ) self.assertTrue("302" in headers, headers) self.assertEquals("/login", parseHeaders(headers)["Location"], headers) headers, body = getRequest(self.portNumber, "/login", additionalHeaders={"Cookie": cookie}) self.assertEquals( ["doesnotexist"], xpath(body, '/html/body/div[@id="content"]/div[@id="login"]/form/dl/dd/input[@name="username"]/@value'), ) self.assertEquals( ["Invalid username or password"], xpath(body, '/html/body/div[@id="content"]/div[@id="login"]/p[@class="error"]/text()'), )
def testAddSameUserTwice(self): headers, body = postRequest( self.portNumber, "/login.action", urlencode(dict(username="******", password="******")) ) cookie = parseHeaders(headers)["Set-Cookie"] headers, body = postRequest( self.portNumber, "/apikey.action/create", urlencode(dict(formUrl="/user_management", username="******")), additionalHeaders=dict(cookie=cookie), ) self.assertTrue("302" in headers, headers) self.assertEquals("/user_management", parseHeaders(headers)["Location"], headers) headers, body = postRequest( self.portNumber, "/apikey.action/create", urlencode(dict(formUrl="/user_management", username="******")), additionalHeaders=dict(cookie=cookie), ) self.assertTrue("302" in headers, headers) self.assertEquals("/user_management", parseHeaders(headers)["Location"], headers)
def testAddByNewUser(self): headers, body = postRequest( self.portNumber, "/login.action", urlencode(dict(username="******", password="******")) ) cookie = parseHeaders(headers)["Set-Cookie"] headers, body = postRequest( self.portNumber, "/apikey.action/create", urlencode(dict(formUrl="/user_management", username="******")), additionalHeaders=dict(cookie=cookie), ) headers, body = getRequest(self.portNumber, "/user_management", additionalHeaders={"Cookie": cookie}) apiKey = self.apiKeyForUser(body, "another") self.assertTrue(len(apiKey) > 0, apiKey)
def _setupUsers(self): headers, body = postRequest(self.portNumber, '/login.action', urlencode(dict(username="******", password="******")), parse=False) cookie = parseHeaders(headers)['Set-Cookie'] headers, body = postRequest(self.portNumber, '/apikey.action/create', urlencode(dict(formUrl='/user_management', username='******')), parse=False, additionalHeaders=dict(cookie=cookie)) headers, body = postRequest(self.portNumber, '/apikey.action/create', urlencode(dict(formUrl='/user_management', username='******')), parse=False, additionalHeaders=dict(cookie=cookie)) headers, body = postRequest(self.portNumber, '/apikey.action/create', urlencode(dict(formUrl='/user_management', username='******')), parse=False, additionalHeaders=dict(cookie=cookie)) headers, body = getRequest(self.portNumber, '/user_management', additionalHeaders={'Cookie': cookie}) self.apiKeyForTestUser = xpath(body, '//div[@id="apiKeys"]/table/tr[form/td[text()="testUser"]]/form/td[@class="apiKey"]/text()')[0] assert self.apiKeyForTestUser != None self.apiKeyForAnotherTestUser = xpath(body, '//div[@id="apiKeys"]/table/tr[form/td[text()="anotherTestUser"]]/form/td[@class="apiKey"]/text()')[0] assert self.apiKeyForAnotherTestUser != None self.apiKeyForPostUser = xpath(body, '//div[@id="apiKeys"]/table/tr[form/td[text()="postUser"]]/form/td[@class="apiKey"]/text()')[0] assert self.apiKeyForPostUser != None
def testChangePasswordFormNotAllowed(self): headers, body = getRequest(self.portNumber, "/changepassword") self.assertTrue("302" in headers, headers) self.assertEquals("/", parseHeaders(headers)["Location"], headers)
def testAddInsertDelete(self): headers, body = postRequest( self.portNumber, "/login.action", urlencode(dict(username="******", password="******")) ) cookie = parseHeaders(headers)["Set-Cookie"] headers, body = postRequest( self.portNumber, "/apikey.action/create", urlencode(dict(formUrl="/user_management", username="******")), additionalHeaders=dict(cookie=cookie), ) headers, body = getRequest(self.portNumber, "/user_management", additionalHeaders={"Cookie": cookie}) apiKey = self.apiKeyForUser(body, "addDelete") annotationBody = ( """<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:oac="http://www.w3.org/ns/openannotation/core/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:dcterms="http://purl.org/dc/terms/" xmlns:foaf="http://xmlns.com/foaf/0.1/"> <rdf:Description rdf:about="urn:uuid:%s"> <rdf:type rdf:resource="http://www.w3.org/ns/openannotation/core/Annotation"/> <dc:title>To be deleted</dc:title> </rdf:Description> </rdf:RDF>""" % uuid4() ) self.assertQuery('RDF.Annotation.title = "To be deleted"', 0) header, body = postRequest( self.portNumber, "/uploadform", urlencode(dict(annotation=annotationBody, apiKey=apiKey)) ) self.assertQuery('RDF.Annotation.title = "To be deleted"', 1) headers, body = getRequest( self.portNumber, "/oai", arguments=dict(verb="ListRecords", metadataPrefix="rdf", set="addDelete") ) self.assertEquals(1, len(xpath(body, "/oai:OAI-PMH/oai:ListRecords/oai:record/oai:metadata"))) headers, body = postRequest( self.portNumber, "/login.action/remove", urlencode(dict(formUrl="/user_management", username="******")), additionalHeaders=dict(cookie=cookie), ) headers, body = getRequest(self.portNumber, "/user_management", additionalHeaders={"Cookie": cookie}) apiKey = xpath(body, '//div[@id="apiKeys"]/table/form/tr[td[text()="addDelete"]]/td[@class="apiKey"]/text()') self.assertEquals([], apiKey) #### Delete user, then query again; number of results should be 0 self.assertEquals(["addDelete.delete"], listdir(join(self.integrationTempdir, "database", "userdelete"))) self.runUserDeleteService() self.assertQuery('RDF.Annotation.title = "To be deleted"', 0) headers, body = getRequest( self.portNumber, "/oai", arguments=dict(verb="ListRecords", metadataPrefix="rdf", set="addDelete") ) self.assertEquals(0, len(xpath(body, "/oai:OAI-PMH/oai:ListRecords/oai:record/oai:metadata"))) self.assertEquals("deleted", xpath(body, "/oai:OAI-PMH/oai:ListRecords/oai:record/oai:header/@status")[0]) self.assertEquals(["addDelete.delete"], listdir(join(self.integrationTempdir, "database", "userdelete"))) self.runUserDeleteService() self.assertEquals([], listdir(join(self.integrationTempdir, "database", "userdelete")))