def test_new_theme_version_with_69_properties(self): core.set_user(user_factory()) addon = addon_factory( type=amo.ADDON_STATICTHEME, version_kw={'version': '1.0'}) old_version = addon.current_version old_file_path = old_version.all_files[0].current_file_path amo.storage_utils.copy_stored_file(self.file_obj_dep, old_file_path) assert os.path.isfile(old_file_path) new_version = new_theme_version_with_69_properties(old_version) assert addon.versions.all().count() == 2 assert addon.current_version == new_version new_file_path = new_version.all_files[0].current_file_path with zipfile.ZipFile(self.file_obj_dep, 'r') as old_xpi: with zipfile.ZipFile(new_file_path, 'r') as new_xpi: assert len(old_xpi.infolist()) == len(new_xpi.infolist()) for entry in old_xpi.infolist(): file_ = entry.filename if file_ == 'manifest.json': old_manifest = json.loads(old_xpi.read(file_)) new_manifest = json.loads(new_xpi.read(file_)) assert old_manifest != new_manifest # need to pop the version as it's been bumped old_ver_num = old_manifest.pop('version') new_ver_num = new_manifest.pop('version') assert old_ver_num != new_ver_num assert new_manifest == ( new_69_theme_properties_from_old(old_manifest)) else: assert old_xpi.read(file_) == new_xpi.read(file_)
def setUp(self): super(TestActivityLog, self).setUp() self.user = UserProfile.objects.create( username='******', display_name='Yolo') self.request = Mock() self.request.user = self.user core.set_user(self.user)
def test_ban(self): ban_url = reverse('admin:users_userprofile_ban', args=(self.user.pk, )) wrong_ban_url = reverse( 'admin:users_userprofile_ban', args=(self.user.pk + 42, )) user = user_factory() self.grant_permission(user, 'Admin:Tools') self.client.login(email=user.email) core.set_user(user) response = self.client.post(ban_url, follow=True) assert response.status_code == 403 self.grant_permission(user, 'Users:Edit') response = self.client.get(ban_url, follow=True) assert response.status_code == 405 # Wrong http method. response = self.client.post(wrong_ban_url, follow=True) assert response.status_code == 404 # Wrong pk. self.user.reload() assert not self.user.deleted response = self.client.post(ban_url, follow=True) assert response.status_code == 200 assert response.redirect_chain[-1][0].endswith(self.detail_url) assert response.redirect_chain[-1][1] == 302 self.user.reload() assert self.user.deleted assert self.user.email alog = ActivityLog.objects.latest('pk') assert alog.action == amo.LOG.ADMIN_USER_BANNED.id assert alog.arguments == [self.user]
def setUp(self): super(TestActivityLogCount, self).setUp() now = datetime.now() bom = datetime(now.year, now.month, 1) self.lm = bom - timedelta(days=1) self.user = UserProfile.objects.get() core.set_user(self.user)
def test_last_known_activity_time(self): someone_else = user_factory(username='******') addon = addon_factory() model_admin = UserAdmin(UserProfile, admin.site) assert six.text_type( model_admin.last_known_activity_time(self.user)) == '' # Add various activities. They will be attached to whatever user is # set in the thread global at the time, so set that in advance. core.set_user(self.user) expected_date = self.days_ago(1) activity = ActivityLog.create(amo.LOG.CREATE_ADDON, addon) activity.update(created=self.days_ago(2)) activity.userlog_set.update(created=self.days_ago(2)) activity = ActivityLog.create(amo.LOG.EDIT_PROPERTIES, addon) activity.update(created=expected_date) activity.userlog_set.update(created=expected_date) assert activity.reload().created == expected_date # Create another activity, more recent, attached to a different user. core.set_user(someone_else) activity = ActivityLog.create(amo.LOG.EDIT_PROPERTIES, addon) expected_result = DateFormat(expected_date).format( settings.DATETIME_FORMAT) assert ( six.text_type(model_admin.last_known_activity_time(self.user)) == expected_result)
def test_delete_picture(self, delete_picture_mock): delete_picture_url = reverse( 'admin:users_userprofile_delete_picture', args=(self.user.pk, )) wrong_delete_picture_url = reverse( 'admin:users_userprofile_delete_picture', args=(self.user.pk + 42, )) user = user_factory() self.grant_permission(user, 'Admin:Tools') self.client.login(email=user.email) core.set_user(user) response = self.client.post(delete_picture_url, follow=True) assert response.status_code == 403 self.grant_permission(user, 'Users:Edit') response = self.client.get(delete_picture_url, follow=True) assert response.status_code == 405 # Wrong http method. response = self.client.post(wrong_delete_picture_url, follow=True) assert response.status_code == 404 # Wrong pk. assert delete_picture_mock.call_count == 0 response = self.client.post(delete_picture_url, follow=True) assert response.status_code == 200 assert response.redirect_chain[-1][0].endswith(self.detail_url) assert response.redirect_chain[-1][1] == 302 assert delete_picture_mock.call_count == 1 alog = ActivityLog.objects.latest('pk') assert alog.action == amo.LOG.ADMIN_USER_PICTURE_DELETED.id assert alog.arguments == [self.user]
def authenticate_credentials(self, payload): """ Return a non-deleted user that matches the payload's user id. Mimic what our UserAndAddrMiddleware and django's get_user() do when authenticating, because otherwise that behaviour would be missing in the API since API auth happens after the middleware process request phase. """ if 'user_id' not in payload: log.info('No user_id in token payload {}'.format(payload)) raise exceptions.AuthenticationFailed() try: user = UserProfile.objects.filter(deleted=False).get( pk=payload['user_id']) except UserProfile.DoesNotExist: log.info('User not found from token payload {}'.format(payload)) raise exceptions.AuthenticationFailed() # Check get_session_auth_hash like django's get_user() does. session_auth_hash = user.get_session_auth_hash() payload_auth_hash = payload.get('auth_hash', '') if not constant_time_compare(payload_auth_hash, session_auth_hash): log.info('User tried to authenticate with invalid auth hash in' 'payload {}'.format(payload)) raise exceptions.AuthenticationFailed() # Set user in thread like UserAndAddrMiddleware does. core.set_user(user) return user
def test_version_delete_logs(self): user = UserProfile.objects.get(pk=55021) core.set_user(user) # The transform don't know bout my users. version = Version.objects.get(pk=81551) assert ActivityLog.objects.count() == 0 version.delete() assert ActivityLog.objects.count() == 2
def wrapper(*args, **kw): old_user = core.get_user() core.set_user(get_task_user()) try: result = f(*args, **kw) finally: core.set_user(old_user) return result
def test_can_delete_with_related_objects_with_admin_advanced_permission( self): # Add related instances... addon = addon_factory() addon_with_other_authors = addon_factory() AddonUser.objects.create(addon=addon_with_other_authors, user=user_factory()) relations_that_should_be_deleted = [ AddonUser.objects.create(addon=addon_with_other_authors, user=self.user), Rating.objects.create(addon=addon_factory(), rating=5, user=self.user), addon, # Has no other author, should be deleted. collection_factory(author=self.user) ] relations_that_should_survive = [ AbuseReport.objects.create(reporter=self.user), AbuseReport.objects.create(user=self.user), ActivityLog.create(user=self.user, action=amo.LOG.USER_EDITED), ReviewerScore.objects.create(user=self.user, score=42), addon_with_other_authors, # Has other authors, should be kept. # Bit of a weird case, but because the user was the only author of # this add-on, the addonuser relation is kept, and both the add-on # and the user are soft-deleted. This is in contrast with the case # where the user is *not* the only author, in which case the # addonuser relation is deleted, but the add-on is left intact. AddonUser.objects.create(addon=addon, user=self.user), ] # Now test as normal. user = user_factory() assert not self.user.deleted self.grant_permission(user, 'Admin:Tools') self.grant_permission(user, 'Admin:Advanced') self.client.login(email=user.email) core.set_user(user) response = self.client.get(self.delete_url, follow=True) assert response.status_code == 200 assert b'Cannot delete user' not in response.content response = self.client.post(self.delete_url, {'post': 'yes'}, follow=True) assert response.status_code == 200 self.user.reload() assert self.user.deleted assert self.user.email is None alog = ActivityLog.objects.filter( action=amo.LOG.ADMIN_USER_ANONYMIZED.id).get() assert alog.arguments == [self.user] # Test the related instances we created earlier. for obj in relations_that_should_be_deleted: assert not obj.__class__.objects.filter(pk=obj.pk).exists() for obj in relations_that_should_survive: assert obj.__class__.objects.filter(pk=obj.pk).exists()
def test_set_task_user(self): @decorators.set_task_user def some_func(): return core.get_user() core.set_user(UserProfile.objects.get(username='******')) assert core.get_user().pk == 999 assert some_func().pk == int(settings.TASK_USER_ID) assert core.get_user().pk == 999
def test_can_delete_with_related_objects_with_admin_advanced_permission( self): # Add related instances... addon = addon_factory() addon_with_other_authors = addon_factory() AddonUser.objects.create( addon=addon_with_other_authors, user=user_factory()) relations_that_should_be_deleted = [ AddonUser.objects.create( addon=addon_with_other_authors, user=self.user), Rating.objects.create( addon=addon_factory(), rating=5, user=self.user), addon, # Has no other author, should be deleted. collection_factory(author=self.user) ] relations_that_should_survive = [ AbuseReport.objects.create(reporter=self.user), AbuseReport.objects.create(user=self.user), ActivityLog.create(user=self.user, action=amo.LOG.USER_EDITED), ReviewerScore.objects.create(user=self.user, score=42), addon_with_other_authors, # Has other authors, should be kept. # Bit of a weird case, but because the user was the only author of # this add-on, the addonuser relation is kept, and both the add-on # and the user are soft-deleted. This is in contrast with the case # where the user is *not* the only author, in which case the # addonuser relation is deleted, but the add-on is left intact. AddonUser.objects.create(addon=addon, user=self.user), ] # Now test as normal. user = user_factory() assert not self.user.deleted self.grant_permission(user, 'Admin:Tools') self.grant_permission(user, 'Admin:Advanced') self.client.login(email=user.email) core.set_user(user) response = self.client.get(self.delete_url, follow=True) assert response.status_code == 200 assert b'Cannot delete user' not in response.content response = self.client.post(self.delete_url, {'post': 'yes'}, follow=True) assert response.status_code == 200 self.user.reload() assert self.user.deleted assert self.user.email is None alog = ActivityLog.objects.filter( action=amo.LOG.ADMIN_USER_ANONYMIZED.id).get() assert alog.arguments == [self.user] # Test the related instances we created earlier. for obj in relations_that_should_be_deleted: assert not obj.__class__.objects.filter(pk=obj.pk).exists() for obj in relations_that_should_survive: assert obj.__class__.objects.filter(pk=obj.pk).exists()
def process_request(self, request): """Attach authentication/permission helpers to request, and persist user and remote addr in current thread.""" request.check_ownership = partial(acl.check_ownership, request) # Persist the user and remote addr in the thread to make it accessible # in log() statements etc. if request.user.is_authenticated(): core.set_user(request.user) core.set_remote_addr(request.META.get('REMOTE_ADDR'))
def test_unreviewed_addon(self): u = UserProfile.objects.get(email='*****@*****.**') addon = Addon.objects.all()[0] addon.status = amo.STATUS_NOMINATED c = u.favorites_collection() core.set_user(u) c.add_addon(addon) self.client.login(email='*****@*****.**') response = self.client.get(c.get_url_path()) assert list(response.context['addons'].object_list) == [addon]
def setUp(self): super(TestAdditionalDetailsForm, self).setUp() self.addon = Addon.objects.get(pk=3615) self.data = { 'default_locale': 'en-US', 'homepage': str(self.addon.homepage), } self.user = self.addon.authors.all()[0] core.set_user(self.user) self.request = req_factory_factory('/')
def setUp(self): super().setUp() self.addon = Addon.objects.get(pk=3615) self.data = { 'default_locale': 'en-US', 'homepage': str(self.addon.homepage), } self.user = self.addon.authors.all()[0] core.set_user(self.user) self.request = req_factory_factory('/')
def test_user_approve_reviews(self): self.add_approve_logs(3) other = UserProfile.objects.create(email='*****@*****.**', username='******') core.set_user(other) self.add_approve_logs(2) result = ActivityLog.objects.user_approve_reviews(self.user).count() assert result == 3 result = ActivityLog.objects.user_approve_reviews(other).count() assert result == 2 another = UserProfile.objects.create(email='*****@*****.**', username='******') result = ActivityLog.objects.user_approve_reviews(another).count() assert result == 0
def test_user_approve_reviews(self): self.add_approve_logs(3) other = UserProfile.objects.create(email="*****@*****.**", username="******") core.set_user(other) self.add_approve_logs(2) result = ActivityLog.objects.user_approve_reviews(self.user).count() assert result == 3 result = ActivityLog.objects.user_approve_reviews(other).count() assert result == 2 another = UserProfile.objects.create( email="*****@*****.**", username="******") result = ActivityLog.objects.user_approve_reviews(another).count() assert result == 0
def test_pre_setup(request, tmpdir, settings): from django.core.cache import caches from django.utils import translation from olympia import amo, core from olympia.translations.hold import clean_translations caches['default'].clear() translation.trans_real.deactivate() # Django fails to clear this cache. translation.trans_real._translations = {} translation.trans_real.activate(settings.LANGUAGE_CODE) def _path(*args): path = str(os.path.join(*args)) if not os.path.exists(path): os.makedirs(path) return path settings.STORAGE_ROOT = storage_root = _path(tmpdir.mkdir('storage')) settings.SHARED_STORAGE = shared_storage = _path( storage_root, 'shared_storage') settings.ADDONS_PATH = _path(storage_root, 'files') settings.GUARDED_ADDONS_PATH = _path(storage_root, 'guarded-addons') settings.GIT_FILE_STORAGE_PATH = _path(storage_root, 'git-storage') settings.MEDIA_ROOT = _path(shared_storage, 'uploads') settings.TMP_PATH = _path(shared_storage, 'tmp') # Reset the prefixer and urlconf after updating media root default_prefixer(settings) from django.urls import clear_url_caches, set_urlconf def _clear_urlconf(): clear_url_caches() set_urlconf(None) _clear_urlconf() request.addfinalizer(_clear_urlconf) yield core.set_user(None) clean_translations(None) # Make sure queued translations are removed. # Make sure we revert everything we might have changed to prefixers. amo.urlresolvers.clean_url_prefixes()
def update_maxversions(version_pks, job_pk, data, **kw): log.info('[%s@%s] Updating max version for job %s.' % (len(version_pks), update_maxversions.rate_limit, job_pk)) job = ValidationJob.objects.get(pk=job_pk) core.set_user(get_task_user()) dry_run = data['preview_only'] app_id = job.target_version.application stats = collections.defaultdict(int) stats['processed'] = 0 stats['is_dry_run'] = int(dry_run) for version in Version.objects.filter(pk__in=version_pks): stats['processed'] += 1 file_pks = version.files.values_list('pk', flat=True) errors = (ValidationResult.objects.filter(validation_job=job, file__pk__in=file_pks) .values_list('errors', flat=True)) if any(errors): stats['invalid'] += 1 log.info('Version %s for addon %s not updated, ' 'one of the files did not pass validation' % (version.pk, version.addon.pk)) continue for app in version.apps.filter( application=job.curr_max_version.application, max__version_int__gte=job.curr_max_version.version_int, max__version_int__lt=job.target_version.version_int): stats['bumped'] += 1 log.info('Updating version %s%s for addon %s from version %s ' 'to version %s' % (version.pk, ' [DRY RUN]' if dry_run else '', version.addon.pk, job.curr_max_version.version, job.target_version.version)) app.max = job.target_version if not dry_run: app.save() ActivityLog.create( amo.LOG.MAX_APPVERSION_UPDATED, version.addon, version, details={'version': version.version, 'target': job.target_version.version, 'application': app_id}) log.info('[%s@%s] bulk update stats for job %s: {%s}' % (len(version_pks), update_maxversions.rate_limit, job_pk, ', '.join('%s: %s' % (k, stats[k]) for k in sorted(stats.keys()))))
def test_pre_setup(request, tmpdir, settings): from django.core.cache import caches from django.utils import translation from olympia import amo, core from olympia.translations.hold import clean_translations caches['default'].clear() translation.trans_real.deactivate() # Django fails to clear this cache. translation.trans_real._translations = {} translation.trans_real.activate(settings.LANGUAGE_CODE) def _path(*args): path = str(os.path.join(*args)) if not os.path.exists(path): os.makedirs(path) return path settings.STORAGE_ROOT = storage_root = _path(tmpdir.mkdir('storage')) settings.SHARED_STORAGE = shared_storage = _path(storage_root, 'shared_storage') settings.ADDONS_PATH = _path(storage_root, 'files') settings.GUARDED_ADDONS_PATH = _path(storage_root, 'guarded-addons') settings.GIT_FILE_STORAGE_PATH = _path(storage_root, 'git-storage') settings.MEDIA_ROOT = _path(shared_storage, 'uploads') settings.TMP_PATH = _path(shared_storage, 'tmp') # Reset the prefixer and urlconf after updating media root default_prefixer(settings) from django.urls import clear_url_caches, set_urlconf def _clear_urlconf(): clear_url_caches() set_urlconf(None) _clear_urlconf() request.addfinalizer(_clear_urlconf) yield core.set_user(None) clean_translations(None) # Make sure queued translations are removed. # Make sure we revert everything we might have changed to prefixers. amo.urlresolvers.clean_url_prefixes()
def setUp(self): super(TestAdditionalDetailsForm, self).setUp() self.addon = Addon.objects.get(pk=3615) category = Category.objects.get(pk=22) category.db_name = 'test' category.save() self.data = { 'default_locale': 'en-US', 'homepage': str(self.addon.homepage), } self.user = self.addon.authors.all()[0] core.set_user(self.user) self.request = req_factory_factory('/')
def test_activity(self): addon = addon_factory() core.set_user(self.user) ActivityLog.create(amo.LOG.CREATE_ADDON, addon) ActivityLog.create(amo.LOG.EDIT_PROPERTIES, addon) # Create another activity attached to a different user. someone_else = user_factory() core.set_user(someone_else) ActivityLog.create(amo.LOG.EDIT_PROPERTIES, addon) url, text = self._call_related_content_method('activity') expected_url = (reverse('admin:activity_activitylog_changelist') + '?user=%d' % self.user.pk) assert url == expected_url assert text == '2'
def test_git_extract_action(self): addon1 = addon_factory() addon2 = addon_factory() addons = Addon.objects.filter(pk__in=(addon1.pk, addon2.pk)) addon_admin = AddonAdmin(Addon, admin.site) request = RequestFactory().get('/') request.user = user_factory() core.set_user(request.user) request._messages = default_messages_storage(request) addon_admin.git_extract_action(request, addons) assert len(GitExtractionEntry.objects.all()) == 2 assert GitExtractionEntry.objects.filter(addon=addon1).exists() assert GitExtractionEntry.objects.filter(addon=addon2).exists()
def setUp(self): super(TestTagsForm, self).setUp() self.addon = Addon.objects.get(pk=3615) category = Category.objects.get(pk=22) category.db_name = 'test' category.save() self.data = { 'summary': str(self.addon.summary), 'name': str(self.addon.name), 'slug': self.addon.slug, } self.user = self.addon.authors.all()[0] core.set_user(self.user) self.request = req_factory_factory('/')
def test_activity(self): addon = addon_factory() core.set_user(self.user) ActivityLog.create(amo.LOG.CREATE_ADDON, addon) ActivityLog.create(amo.LOG.EDIT_PROPERTIES, addon) # Create another activity attached to a different user. someone_else = user_factory() core.set_user(someone_else) ActivityLog.create(amo.LOG.EDIT_PROPERTIES, addon) url, text = self._call_related_content_method('activity') expected_url = ( reverse('admin:activity_activitylog_changelist') + '?user=%d' % self.user.pk) assert url == expected_url assert text == '2'
def test_can_edit_with_users_edit_permission(self): old_username = self.user.username user = user_factory(email='*****@*****.**') self.grant_permission(user, 'Users:Edit') self.client.login(email=user.email) core.set_user(user) response = self.client.get(self.detail_url, follow=True) assert response.status_code == 200 response = self.client.post( self.detail_url, {'username': '******', 'email': self.user.email}, follow=True) assert response.status_code == 200 assert self.user.reload().username == 'foo' alog = ActivityLog.objects.latest('pk') assert alog.action == amo.LOG.ADMIN_USER_EDITED.id assert alog.arguments == [self.user] assert alog.details == {'username': [old_username, 'foo']}
def test_can_edit_with_users_edit_permission(self): old_username = self.user.username user = user_factory() self.grant_permission(user, 'Admin:Tools') self.grant_permission(user, 'Users:Edit') self.client.login(email=user.email) core.set_user(user) response = self.client.get(self.detail_url, follow=True) assert response.status_code == 200 response = self.client.post( self.detail_url, {'username': '******', 'email': self.user.email}, follow=True) assert response.status_code == 200 assert self.user.reload().username == 'foo' alog = ActivityLog.objects.latest('pk') assert alog.action == amo.LOG.ADMIN_USER_EDITED.id assert alog.arguments == [self.user] assert alog.details == {'username': [old_username, 'foo']}
def test_mine(self): u = UserProfile.objects.get(email='*****@*****.**') addon = addon = Addon.objects.all()[0] c = u.favorites_collection() core.set_user(u) c.add_addon(addon) assert self.client.login(email='*****@*****.**') # My Collections. response = self.client.get('/en-US/firefox/collections/mine/') assert response.context['author'] == ( UserProfile.objects.get(email='*****@*****.**')) # My Favorites. response = self.client.get(reverse('collections.detail', args=['mine', 'favorites'])) assert response.status_code == 200 assert list(response.context['addons'].object_list) == [addon]
def test_can_delete_with_admin_advanced_permission( self, _delete_related_content_mock): user = user_factory(email='*****@*****.**') self.grant_permission(user, 'Admin:Advanced') assert not self.user.deleted self.client.login(email=user.email) core.set_user(user) response = self.client.get(self.delete_url, follow=True) assert response.status_code == 200 assert b'Cannot delete user' not in response.content response = self.client.post(self.delete_url, {'post': 'yes'}, follow=True) assert response.status_code == 200 self.user.reload() assert self.user.deleted assert self.user.email assert _delete_related_content_mock.call_count == 1 alog = ActivityLog.objects.latest('pk') assert alog.action == amo.LOG.ADMIN_USER_ANONYMIZED.id assert alog.arguments == [self.user]
def authenticate_credentials(self, request, token): # initialize session with the key from the token rather than the cookie like # SessionMiddleware does. del request.session._session_cache request.session._session_key = token # call get_user to validate the session information is good - it returns safely user = get_user(request) if not user or user.is_anonymous or user.deleted: log.info('User or session not found.') msg = { 'detail': gettext( 'Valid user session not found matching the provided session key.' ), 'code': 'ERROR_AUTHENTICATION_EXPIRED', } raise exceptions.AuthenticationFailed(msg) try: check_and_update_fxa_access_token(request) except IdentificationError: log.info( 'User access token refresh failed; user needs to login to FxA again' ) msg = { 'detail': gettext( 'Access token refresh failed; user needs to login to FxA again.' ), 'code': 'ERROR_AUTHENTICATION_EXPIRED', } raise exceptions.AuthenticationFailed(msg) # Set user in thread like UserAndAddrMiddleware does. core.set_user(user) return (user, token)
def test_pre_setup(request, tmpdir, settings): from django.core.cache import caches from django.utils import translation from olympia import amo, core from olympia.translations.hold import clean_translations caches['default'].clear() translation.trans_real.deactivate() # Django fails to clear this cache. translation.trans_real._translations = {} translation.trans_real.activate(settings.LANGUAGE_CODE) settings.MEDIA_ROOT = str(tmpdir.mkdir('media')) settings.TMP_PATH = str(tmpdir.mkdir('tmp')) settings.STATIC_ROOT = str(tmpdir.mkdir('site-static')) settings.NETAPP_STORAGE = settings.TMP_PATH settings.GIT_FILE_STORAGE_PATH = str(tmpdir.mkdir('git-storage')) # Reset the prefixer and urlconf after updating media root default_prefixer(settings) from django.urls import clear_url_caches, set_urlconf def _clear_urlconf(): clear_url_caches() set_urlconf(None) _clear_urlconf() request.addfinalizer(_clear_urlconf) yield core.set_user(None) clean_translations(None) # Make sure queued translations are removed. # Make sure we revert everything we might have changed to prefixers. amo.urlresolvers.clean_url_prefixes()
def test_reset_api_key_action(self): another_user = user_factory() a_third_user = user_factory() APIKey.objects.create(user=self.user, is_active=True, key='foo') APIKeyConfirmation.objects.create(user=self.user) APIKeyConfirmation.objects.create(user=another_user) APIKey.objects.create(user=a_third_user, is_active=True, key='bar') APIKeyConfirmation.objects.create(user=a_third_user) users = UserProfile.objects.filter(pk__in=(another_user.pk, self.user.pk)) user_admin = UserAdmin(UserProfile, admin.site) request = RequestFactory().get('/') request.user = user_factory() core.set_user(request.user) request._messages = default_messages_storage(request) user_admin.reset_api_key_action(request, users) # APIKeys should have been deactivated, APIKeyConfirmation deleted. assert self.user.api_keys.exists() assert not self.user.api_keys.filter(is_active=True).exists() assert not APIKeyConfirmation.objects.filter(user=self.user).exists() # This user didn't have api keys before, it shouldn't matter. assert not another_user.api_keys.exists() assert not another_user.api_keys.filter(is_active=True).exists() assert not APIKeyConfirmation.objects.filter( user=another_user).exists() # The 3rd user should be unaffected. assert a_third_user.api_keys.exists() assert a_third_user.api_keys.filter(is_active=True).exists() assert APIKeyConfirmation.objects.filter(user=a_third_user).exists() # We should see 2 activity logs. assert (ActivityLog.objects.filter( action=amo.LOG.ADMIN_API_KEY_RESET.id).count() == 2)
def test_pre_setup(request, tmpdir, settings): from django.core.cache import caches from django.utils import translation from olympia import amo, core from olympia.translations.hold import clean_translations caches['default'].clear() translation.trans_real.deactivate() # Django fails to clear this cache. translation.trans_real._translations = {} translation.trans_real.activate(settings.LANGUAGE_CODE) settings.MEDIA_ROOT = str(tmpdir.mkdir('media')) settings.TMP_PATH = str(tmpdir.mkdir('tmp')) settings.STATIC_ROOT = str(tmpdir.mkdir('site-static')) settings.NETAPP_STORAGE = settings.TMP_PATH # Reset the prefixer and urlconf after updating media root default_prefixer(settings) from django.core.urlresolvers import clear_url_caches, set_urlconf def _clear_urlconf(): clear_url_caches() set_urlconf(None) _clear_urlconf() request.addfinalizer(_clear_urlconf) yield core.set_user(None) clean_translations(None) # Make sure queued translations are removed. # Make sure we revert everything we might have changed to prefixers. amo.urlresolvers.clean_url_prefixes()
def test_can_delete_with_admin_advanced_permission( self, delete_or_disable_related_content_mock): user = user_factory() assert not self.user.deleted self.grant_permission(user, 'Admin:Tools') self.grant_permission(user, 'Admin:Advanced') self.client.login(email=user.email) core.set_user(user) response = self.client.get(self.delete_url, follow=True) assert response.status_code == 200 response = self.client.post(self.delete_url, {'post': 'yes'}, follow=True) assert response.status_code == 200 self.user.reload() assert self.user.deleted assert self.user.email is None assert delete_or_disable_related_content_mock.call_count == 1 assert (delete_or_disable_related_content_mock.call_args[1] == { 'delete': True }) alog = ActivityLog.objects.latest('pk') assert alog.action == amo.LOG.ADMIN_USER_ANONYMIZED.id assert alog.arguments == [self.user]
def test_reset_session_action(self): assert self.user.auth_id another_user = user_factory() assert another_user.auth_id a_third_user = user_factory() assert a_third_user.auth_id old_auth_id = a_third_user.auth_id users = UserProfile.objects.filter(pk__in=(another_user.pk, self.user.pk)) user_admin = UserAdmin(UserProfile, admin.site) request = RequestFactory().get('/') request.user = user_factory() core.set_user(request.user) request._messages = default_messages_storage(request) user_admin.reset_session_action(request, users) self.user.reload() assert self.user.auth_id is None another_user.reload() assert another_user.auth_id is None a_third_user.reload() assert a_third_user.auth_id == old_auth_id
def test_approve_for_addon(self, mock_sign_file): core.set_user(user_factory()) task_user = user_factory(id=settings.TASK_USER_ID) promo = PromotedAddon.objects.create( addon=addon_factory(version_kw={'version': '0.123a'}), group_id=promoted.SPOTLIGHT.id, ) file_ = promo.addon.current_version.all_files[0] file_.update(filename='webextension.xpi') with amo.tests.copy_file( 'src/olympia/files/fixtures/files/webextension.xpi', file_.file_path): # SPOTLIGHT doesnt have special signing states so won't be resigned promo.addon.reload() promo.addon.promoted_group() == promoted.NOT_PROMOTED promo.approve_for_addon() promo.addon.reload() promo.addon.promoted_group() == promoted.SPOTLIGHT assert promo.addon.current_version.version == '0.123a' mock_sign_file.assert_not_called() # VERIFIED does though. promo.update(group_id=promoted.VERIFIED.id) promo.addon.reload() promo.addon.promoted_group() == promoted.NOT_PROMOTED promo.approve_for_addon() promo.addon.reload() promo.addon.promoted_group() == promoted.VERIFIED assert promo.addon.current_version.version == '0.123a.1-signed' mock_sign_file.assert_called_with(file_) assert (ActivityLog.objects.for_addons((promo.addon, )).filter( action=amo.LOG.VERSION_RESIGNED.id).exists()) alog = ActivityLog.objects.filter( action=amo.LOG.VERSION_RESIGNED.id).get() assert alog.user == task_user assert '0.123a.1-signed</a> re-signed (previously 0.123a)' in ( str(alog))
def test_can_delete_with_admin_advanced_permission( self, delete_or_disable_related_content_mock): user = user_factory() assert not self.user.deleted self.grant_permission(user, 'Admin:Tools') self.grant_permission(user, 'Admin:Advanced') self.client.login(email=user.email) core.set_user(user) response = self.client.get(self.delete_url, follow=True) assert response.status_code == 200 assert b'Cannot delete user' not in response.content response = self.client.post(self.delete_url, {'post': 'yes'}, follow=True) assert response.status_code == 200 self.user.reload() assert self.user.deleted assert self.user.email is None assert delete_or_disable_related_content_mock.call_count == 1 assert ( delete_or_disable_related_content_mock.call_args[1] == {'delete': True}) alog = ActivityLog.objects.latest('pk') assert alog.action == amo.LOG.ADMIN_USER_ANONYMIZED.id assert alog.arguments == [self.user]
def test_ban_action(self): another_user = user_factory() a_third_user = user_factory() users = UserProfile.objects.filter( pk__in=(another_user.pk, self.user.pk)) user_admin = UserAdmin(UserProfile, admin.site) request = RequestFactory().get('/') request.user = user_factory() core.set_user(request.user) request._messages = default_messages_storage(request) user_admin.ban_action(request, users) # Both users should be banned. another_user.reload() self.user.reload() assert another_user.deleted assert another_user.email assert self.user.deleted assert self.user.email # The 3rd user should be unaffected. assert not a_third_user.reload().deleted # We should see 2 activity logs for banning. assert ActivityLog.objects.filter( action=amo.LOG.ADMIN_USER_BANNED.id).count() == 2
def test_reset_api_key(self): APIKey.objects.create(user=self.user, is_active=True, key='foo') APIKeyConfirmation.objects.create(user=self.user) reset_api_key_url = reverse( 'admin:users_userprofile_reset_api_key', args=(self.user.pk, )) wrong_reset_api_key_url = reverse( 'admin:users_userprofile_reset_api_key', args=(self.user.pk + 9, )) user = user_factory() self.grant_permission(user, 'Admin:Tools') self.client.login(email=user.email) core.set_user(user) response = self.client.post(reset_api_key_url, follow=True) assert response.status_code == 403 self.grant_permission(user, 'Users:Edit') response = self.client.get(reset_api_key_url, follow=True) assert response.status_code == 405 # Wrong http method. response = self.client.post(wrong_reset_api_key_url, follow=True) assert response.status_code == 404 # Wrong pk. assert self.user.api_keys.filter(is_active=True).exists() assert APIKeyConfirmation.objects.filter(user=self.user).exists() response = self.client.post(reset_api_key_url, follow=True) assert response.status_code == 200 assert response.redirect_chain[-1][0].endswith(self.detail_url) assert response.redirect_chain[-1][1] == 302 alog = ActivityLog.objects.latest('pk') assert alog.action == amo.LOG.ADMIN_API_KEY_RESET.id assert alog.arguments == [self.user] # APIKeys should have been deactivated, APIKeyConfirmation deleted. assert self.user.api_keys.exists() assert not self.user.api_keys.filter(is_active=True).exists() assert not APIKeyConfirmation.objects.filter(user=self.user).exists()
def authenticate_credentials(self, payload): """ Returns a verified AMO user who is active and allowed to make API requests. """ if 'orig_iat' in payload: msg = ("API key based tokens are not refreshable, don't include " "`orig_iat` in their payload.") raise exceptions.AuthenticationFailed(msg) try: api_key = APIKey.get_jwt_key(key=payload['iss']) except APIKey.DoesNotExist: msg = 'Invalid API Key.' raise exceptions.AuthenticationFailed(msg) if api_key.user.deleted: msg = 'User account is disabled.' raise exceptions.AuthenticationFailed(msg) if not api_key.user.read_dev_agreement: msg = 'User has not read developer agreement.' raise exceptions.AuthenticationFailed(msg) core.set_user(api_key.user) return api_key.user
def authenticate_credentials(self, payload): """ Returns a verified AMO user who is active and allowed to make API requests. """ if 'orig_iat' in payload: msg = ("API key based tokens are not refreshable, don't include " '`orig_iat` in their payload.') raise exceptions.AuthenticationFailed(msg) try: api_key = APIKey.get_jwt_key(key=payload['iss']) except APIKey.DoesNotExist: msg = 'Invalid API Key.' raise exceptions.AuthenticationFailed(msg) if api_key.user.deleted: msg = 'User account is disabled.' raise exceptions.AuthenticationFailed(msg) if not api_key.user.read_dev_agreement: msg = 'User has not read developer agreement.' raise exceptions.AuthenticationFailed(msg) core.set_user(api_key.user) return api_key.user
def test_ban_action(self): another_user = user_factory() a_third_user = user_factory() users = UserProfile.objects.filter(pk__in=(another_user.pk, self.user.pk)) user_admin = UserAdmin(UserProfile, admin.site) request = RequestFactory().get('/') request.user = user_factory() core.set_user(request.user) request._messages = default_messages_storage(request) user_admin.ban_action(request, users) # Both users should be banned. another_user.reload() self.user.reload() assert another_user.deleted assert another_user.email assert self.user.deleted assert self.user.email # The 3rd user should be unaffected. assert not a_third_user.reload().deleted # We should see 2 activity logs for banning. assert (ActivityLog.objects.filter( action=amo.LOG.ADMIN_USER_BANNED.id).count() == 2)
def test_pre_setup(request, tmpdir, settings): caches['default'].clear() caches['filesystem'].clear() # Override django-cache-machine caching.base.TIMEOUT because it's # computed too early, before settings_test.py is imported. caching.base.TIMEOUT = settings.CACHE_COUNT_TIMEOUT translation.trans_real.deactivate() # Django fails to clear this cache. translation.trans_real._translations = {} translation.trans_real.activate(settings.LANGUAGE_CODE) settings.MEDIA_ROOT = str(tmpdir.mkdir('media')) settings.TMP_PATH = str(tmpdir.mkdir('tmp')) settings.NETAPP_STORAGE = settings.TMP_PATH # Reset the prefixer and urlconf after updating media root default_prefixer(settings) from django.core.urlresolvers import clear_url_caches, set_urlconf def _clear_urlconf(): clear_url_caches() set_urlconf(None) _clear_urlconf() request.addfinalizer(_clear_urlconf) yield core.set_user(None) clean_translations(None) # Make sure queued translations are removed. # Make sure we revert everything we might have changed to prefixers. amo.urlresolvers.clean_url_prefixes()
def test_set_get_user_anonymous(): core.set_user(AnonymousUser()) assert core.get_user() is None user = UserProfile() core.set_user(user) assert core.get_user() == user core.set_user(None) assert core.get_user() is None
def setUp(self): super(TestActivityLog, self).setUp() u = UserProfile.objects.create(username='******') self.request = Mock() self.request.user = self.user = u core.set_user(u)
def test_no_user(self): core.set_user(None) count = ActivityLog.objects.count() ActivityLog.create(amo.LOG.CUSTOM_TEXT, 'hi') assert count == ActivityLog.objects.count()
def process_exception(self, request, exception): core.set_user(None) core.set_remote_addr(None)
def process_response(self, request, response): core.set_user(None) core.set_remote_addr(None) return response
def setUp(self): super(LogTest, self).setUp() u = UserProfile.objects.create(username='******') core.set_user(u)
def setUp(self): super(TestCollections, self).setUp() self.user = UserProfile.objects.create(username='******', email='uh@hh') self.other = UserProfile.objects.exclude(id=self.user.id)[0] core.set_user(self.user)
def tearDown(self): core.set_user(None) super(TestActivityLog, self).tearDown()
def setUp(self): """Start with one user, two add-ons.""" super(TestActivity, self).setUp() self.clone_addon(2) core.set_user(self.user_profile) self.addon, self.addon2 = list(self.user_profile.addons.all())