def test_set_user_by_instance(session_scope_function): add_user(session_scope_function, name='test_user', password='******', lastname='lastname', firstname='firstname', email='*****@*****.**', access_level='asked') add_user(session_scope_function, name='test_user_2', password='******', lastname='lastname', firstname='firstname', email='*****@*****.**', access_level='asked') user = get_user_by_name(session_scope_function, 'test_user') set_user_by_instance(session_scope_function, user, lastname='a', firstname='b', email='c', linkedin_url='d', twitter_url='e', facebook_url='f', google_url='g', github_url='h', website_url='i', bio='j', is_want_news=False) user = get_user_by_name(session_scope_function, 'test_user') assert user.lastname == 'a' assert user.firstname == 'b' assert user.email == 'c' assert user.linkedin_url == 'd' assert user.twitter_url == 'e' assert user.facebook_url == 'f' assert user.google_url == 'g' assert user.github_url == 'h' assert user.website_url == 'i' assert user.bio == 'j' assert user.is_want_news is False
def test_user_event_status(client_session): client, session = client_session add_user(session, 'new_user', 'new_user', 'new_user', 'new_user', 'new_user', access_level='user') add_event(session, 'iris', 'iris_new_event', 'new_event', 'starting_kit', '/tmp/databoard_test/submissions', is_public=True) # user signed up, not approved for the event ask_sign_up_team(session, 'iris_new_event', 'new_user') with login_scope(client, 'new_user', 'new_user') as client: rv = client.get('/problems') assert rv.status_code == 200 assert b'user-waiting' in rv.data assert b'user-signed' not in rv.data # user signed up and approved for the event sign_up_team(session, 'iris_new_event', 'new_user') with login_scope(client, 'new_user', 'new_user') as client: rv = client.get('/problems') assert rv.status_code == 200 assert b'user-signed' in rv.data assert b'user-waiting' not in rv.data
def test_add_user(session_scope_function): name = 'test_user' password = '******' lastname = 'Test' firstname = 'User' email = '*****@*****.**' access_level = 'asked' add_user(session_scope_function, name=name, password=password, lastname=lastname, firstname=firstname, email=email, access_level=access_level) user = get_user_by_name(session_scope_function, name) assert user.name == name assert check_password(password, user.hashed_password) assert user.lastname == lastname assert user.firstname == firstname assert user.email == email assert user.access_level == access_level # check that a team was automatically added with the new user team = get_team_by_name(session_scope_function, name) assert team.name == name assert team.admin_id == user.id
def test_approve_single_user(client_session): client, session = client_session add_user(session, 'aa', 'aa', 'aa', 'aa', 'aa', access_level='asked') with login_scope(client, 'test_iris_admin', 'test') as client: rv = client.get('/sign_up/aa') assert rv.status_code == 302 assert rv.location == 'http://localhost/problems' with client.session_transaction() as cs: flash_message = dict(cs['_flashes']) assert re.match("User(.*aa.*) is signed up", flash_message['Successful sign-up']) # ensure that the previous change have been committed within our # session session.commit() user = get_user_by_name(session, 'aa') assert user.access_level == 'user' rv = client.get("/sign_up/unknown_user") session.commit() assert rv.status_code == 302 assert rv.location == "http://localhost/problems" with client.session_transaction() as cs: flash_message = dict(cs['_flashes']) assert flash_message['message'] == 'No user unknown_user'
def test_approve_sign_up_for_event(client_session): client, session = client_session with login_scope(client, 'test_iris_admin', 'test') as client: # check the redirection if the user or the event does not exist rv = client.get("/events/xxx/sign_up/test_user") session.commit() assert rv.status_code == 302 assert rv.location == "http://localhost/problems" with client.session_transaction() as cs: flash_message = dict(cs['_flashes']) assert flash_message['message'] == 'No event xxx or no user test_user' rv = client.get("/events/iris_test/sign_up/xxxx") session.commit() assert rv.status_code == 302 assert rv.location == "http://localhost/problems" with client.session_transaction() as cs: flash_message = dict(cs['_flashes']) assert flash_message['message'] == 'No event iris_test or no user xxxx' add_user(session, 'zz', 'zz', 'zz', 'zz', 'zz', access_level='user') _, _, event_team = ask_sign_up_team(session, 'iris_test', 'zz') assert not event_team.approved rv = client.get('/events/iris_test/sign_up/zz') assert rv.status_code == 302 assert rv.location == "http://localhost/problems" session.commit() event_team = get_event_team_by_name(session, 'iris_test', 'zz') assert event_team.approved with client.session_transaction() as cs: flash_message = dict(cs['_flashes']) assert "is signed up for Event" in flash_message['Successful sign-up']
def test_user_event(client_session): client, session = client_session # behavior when a user is not approved yet add_user(session, 'xx', 'xx', 'xx', 'xx', 'xx', access_level='asked') with login_scope(client, 'xx', 'xx') as client: rv = client.get('/events/iris_test') assert rv.status_code == 302 assert rv.location == 'http://localhost/problems' with client.session_transaction() as cs: flash_message = dict(cs['_flashes']) assert (flash_message['message'] == "Your account has not been approved yet by the administrator") # trigger that the event does not exist with login_scope(client, 'test_user', 'test') as client: rv = client.get('/events/xxx') assert rv.status_code == 302 assert rv.location == 'http://localhost/problems' with client.session_transaction() as cs: flash_message = dict(cs['_flashes']) assert "no event named" in flash_message['message'] # GET with login_scope(client, 'test_user', 'test') as client: rv = client.get('events/iris_test') assert rv.status_code == 200 assert b'Iris classification' in rv.data assert b'Rules' in rv.data
def test_check_user_interactions(session_scope_function, output_format, expected_format): add_user(session_scope_function, name='test_user', password='******', lastname='lastname', firstname='firstname', email='*****@*****.**', access_level='asked') params = {'interaction': 'landing'} add_user_interaction(session_scope_function, **params) params = { 'interaction': 'landing', 'user': get_user_by_name(session_scope_function, 'test_user') } add_user_interaction(session_scope_function, **params) user_interaction = get_user_interactions_by_name( session_scope_function, output_format=output_format) if isinstance(user_interaction, pd.DataFrame): assert user_interaction.shape[0] == 2 assert isinstance(user_interaction, expected_format) user_interaction = get_user_interactions_by_name( session_scope_function, name='test_user', output_format=output_format) if isinstance(user_interaction, pd.DataFrame): assert user_interaction.shape[0] == 1
def test_get_user_by_name(session_scope_function, name, query_type): add_user(session_scope_function, name='test_user', password='******', lastname='lastname', firstname='firstname', email='*****@*****.**', access_level='asked') add_user(session_scope_function, name='test_user_2', password='******', lastname='lastname', firstname='firstname', email='*****@*****.**', access_level='asked') user = get_user_by_name(session_scope_function, name) assert isinstance(user, query_type)
def test_approve_user(session_scope_function): add_user(session_scope_function, name='test_user', password='******', lastname='Test', firstname='User', email='*****@*****.**', access_level='asked') user = get_user_by_name(session_scope_function, 'test_user') assert user.access_level == 'asked' assert user.is_authenticated is False approve_user(session_scope_function, 'test_user') user = get_user_by_name(session_scope_function, 'test_user') assert user.access_level == 'user' assert user.is_authenticated is True
def sign_up(): """Sign-up request.""" if flask_login.current_user.is_authenticated: session['logged_in'] = True return redirect(url_for('ramp.problems')) form = UserCreateProfileForm() if form.validate_on_submit(): user = add_user(session=db.session, name=form.user_name.data, password=form.password.data, lastname=form.lastname.data, firstname=form.firstname.data, email=form.email.data, linkedin_url=form.linkedin_url.data, twitter_url=form.twitter_url.data, facebook_url=form.facebook_url.data, google_url=form.google_url.data, github_url=form.github_url.data, website_url=form.website_url.data, bio=form.bio.data, is_want_news=form.is_want_news.data, access_level='asked') admin_users = User.query.filter_by(access_level='admin') for admin in admin_users: subject = 'Approve registration of {}'.format( encode_string(user.name)) body = body_formatter_user(user) url_approve = ('http://www.ramp.studio/sign_up/{}'.format( encode_string(user.name))) body += 'Click on the link to approve the registration ' body += 'of this user: {}'.format(url_approve) send_mail(admin.email, subject, body) return redirect(url_for('auth.login')) return render_template('sign_up.html', form=form)
def test_delete_user(session_scope_function): username = '******' add_user(session_scope_function, name=username, password='******', lastname='lastname', firstname='firstname', email='*****@*****.**', access_level='asked') user = (session_scope_function.query(User).filter( User.name == username).all()) assert len(user) == 1 delete_user(session_scope_function, username) user = (session_scope_function.query(User).filter( User.name == username).one_or_none()) assert user is None
def test_sign_up_for_event(client_session): client, session = client_session # trigger that the event does not exist with login_scope(client, 'test_user', 'test') as client: rv = client.get('/events/xxx/sign_up') assert rv.status_code == 302 assert rv.location == 'http://localhost/problems' with client.session_transaction() as cs: flash_message = dict(cs['_flashes']) assert "no event named" in flash_message['message'] # GET: sign-up to a new controlled event add_user(session, 'yy', 'yy', 'yy', 'yy', 'yy', access_level='user') with login_scope(client, 'yy', 'yy') as client: rv = client.get('/events/iris_test/sign_up') assert rv.status_code == 302 assert rv.location == 'http://localhost/problems' with client.session_transaction() as cs: flash_message = dict(cs['_flashes']) assert "Sign-up request is sent" in flash_message['Request sent'] # make sure that the database has been updated for our session session.commit() event_team = get_event_team_by_name(session, 'iris_test', 'yy') assert not event_team.approved # check that we are informing the user that he has to wait for approval rv = client.get('/events/iris_test') assert rv.status_code == 200 assert b'Waiting approval...' in rv.data # GET: sign-up to a new uncontrolled event event = get_event(session, 'boston_housing_test') event.is_controled_signup = False session.commit() with login_scope(client, 'yy', 'yy') as client: rv = client.get('/events/boston_housing_test/sign_up') assert rv.status_code == 302 assert (rv.location == 'http://localhost/events/boston_housing_test/sandbox') with client.session_transaction() as cs: flash_message = dict(cs['_flashes']) assert "is signed up for" in flash_message['Successful sign-up'] # make sure that the database has been updated for our session session.commit() event_team = get_event_team_by_name(session, 'boston_housing_test', 'yy') assert event_team.approved
def test_add_user(session_scope_function): name = 'test_user' password = '******' lastname = 'Test' firstname = 'User' email = '*****@*****.**' access_level = 'asked' add_user(session_scope_function, name=name, password=password, lastname=lastname, firstname=firstname, email=email, access_level=access_level) user = get_user_by_name(session_scope_function, name) assert user.name == name assert check_password(password, user.hashed_password) assert user.lastname == lastname assert user.firstname == firstname assert user.email == email assert user.access_level == access_level # check that a team was automatically added with the new user team = get_team_by_name(session_scope_function, name) assert team.name == name assert team.admin_id == user.id # check that we get an error if we try to add the same user with pytest.raises(NameClashError, match='email is already in use'): add_user(session_scope_function, name=name, password=password, lastname=lastname, firstname=firstname, email=email, access_level=access_level) # check that the checking is case insensitive with pytest.raises(NameClashError, match='email is already in use'): add_user(session_scope_function, name=name, password=password, lastname=lastname, firstname=firstname, email=email.capitalize(), access_level=access_level) # add a user email with some capital letters and check that only lower case # are stored in the database name = 'new_user_name' email = '*****@*****.**' add_user(session_scope_function, name=name, password=password, lastname=lastname, firstname=firstname, email=email, access_level=access_level) user = get_user_by_name(session_scope_function, name) assert user.email == '*****@*****.**'
def test_approve_users_remove(client_session): client, session = client_session # create 2 new users add_user(session, 'xx', 'xx', 'xx', 'xx', 'xx', access_level='user') add_user(session, 'yy', 'yy', 'yy', 'yy', 'yy', access_level='asked') # ask for sign up for an event for the first user _, _, event_team = ask_sign_up_team(session, 'iris_test', 'xx') with login_scope(client, 'test_iris_admin', 'test') as client: # GET check that we get all new user to be approved rv = client.get('/approve_users') assert rv.status_code == 200 # line for user approval assert b'yy: yy yy - yy' in rv.data # line for the event approval assert b'iris_test - xx' # POST check that we are able to approve a user and event data = ImmutableMultiDict([('submit_button', 'Remove!'), ('approve_users', 'yy'), ('approve_event_teams', str(event_team.id)) ]) rv = client.post('/approve_users', data=data) assert rv.status_code == 302 assert rv.location == 'http://localhost/problems' # ensure that the previous change have been committed within our # session session.commit() user = get_user_by_name(session, 'yy') assert user is None event_team = get_event_team_by_name(session, 'iris_test', 'xx') assert event_team is None with client.session_transaction() as cs: flash_message = dict(cs['_flashes']) print(flash_message) assert re.match( r"Removed users:\nyy\nRemoved event_team:\n" r"Event\(iris_test\)/Team\(.*xx.*\)\n", flash_message['Removed users'])
def test_sign_up_for_event_mail(client_session): client, session = client_session # GET: sign-up to a new controlled event with client.application.app_context(): with mail.record_messages() as outbox: add_user(session, 'zz', 'zz', 'zz', 'zz', 'zz@gmail', access_level='user') with login_scope(client, 'zz', 'zz') as client: rv = client.get('/events/iris_test/sign_up') assert rv.status_code == 302 session.commit() # check that the email has been sent assert len(outbox) == 1 assert ('Click on this link to approve the sign-up request' in outbox[0].body)
def test_set_user_access_level(session_scope_function, access_level): username = '******' user = add_user(session_scope_function, name=username, password='******', lastname='lastname', firstname='firstname', email='*****@*****.**', access_level='asked') assert user.access_level == 'asked' assert user.is_authenticated is False set_user_access_level(session_scope_function, username, access_level) user = get_user_by_name(session_scope_function, username) assert user.access_level == access_level assert user.is_authenticated is True
def sign_up(): """Sign-up request.""" if flask_login.current_user.is_authenticated: session['logged_in'] = True return redirect(url_for('ramp.problems')) form = UserCreateProfileForm() if form.validate_on_submit(): try: user = add_user(session=db.session, name=form.user_name.data, password=form.password.data, lastname=form.lastname.data, firstname=form.firstname.data, email=form.email.data, linkedin_url=form.linkedin_url.data, twitter_url=form.twitter_url.data, facebook_url=form.facebook_url.data, google_url=form.google_url.data, github_url=form.github_url.data, website_url=form.website_url.data, bio=form.bio.data, is_want_news=form.is_want_news.data, access_level='not_confirmed') except NameClashError as e: flash(str(e)) logger.info(str(e)) return render_template('index.html') # send an email to the participant such that he can confirm his email token = ts.dumps(user.email) recover_url = url_for('auth.user_confirm_email', token=token, _external=True) subject = "Confirm your email for signing-up to RAMP" body = ('Hi {}, \n\n click on the following link to confirm your email' 'address and finalize your sign-up to RAMP.\n\n Note that' 'your account still needs to be approved by a RAMP ' 'administrator.\n\n'.format(user.firstname)) body += recover_url body += '\n\nSee you on the RAMP website!' send_mail(user.email, subject, body) logger.info('{} has signed-up to RAMP'.format(user.name)) flash("We sent a confirmation email. Go read your email and click on " "the confirmation link") return render_template('index.html') return render_template('sign_up.html', form=form)
def test_is_accessible_code(session_toy_db): event_name = 'iris_test' # simulate a user which is not authenticated user = get_user_by_name(session_toy_db, 'test_user_2') user.is_authenticated = False assert not is_accessible_code(session_toy_db, event_name, user.name) # simulate a user which authenticated and author of the submission to a # public event user.is_authenticated = True assert is_accessible_code(session_toy_db, event_name, user.name) # simulate an admin user user = get_user_by_name(session_toy_db, 'test_iris_admin') user.is_authenticated = True assert is_accessible_code(session_toy_db, event_name, 'test_iris_admin') # simulate a user which is not signed up to the event user = add_user(session_toy_db, 'xx', 'xx', 'xx', 'xx', 'xx', 'user') user.is_authenticated = True assert not is_accessible_code(session_toy_db, event_name, user.name)
def test_is_accessible_code(session_toy_db): # create a third user add_user( session_toy_db, name='test_user_3', password='******', lastname='Test_3', firstname='User_3', email='*****@*****.**', access_level='user') approve_user(session_toy_db, 'test_user_3') event_name = 'iris_test' sign_up_team(session_toy_db, event_name, 'test_user_3') # simulate a user which is not authenticated user = get_user_by_name(session_toy_db, 'test_user_2') user.is_authenticated = False assert not is_accessible_code(session_toy_db, event_name, user.name) # simulate a user which authenticated and author of the submission to a # public event user.is_authenticated = True assert is_accessible_code(session_toy_db, event_name, user.name) # simulate an admin user user = get_user_by_name(session_toy_db, 'test_iris_admin') user.is_authenticated = True assert is_accessible_code(session_toy_db, event_name, 'test_iris_admin') # simulate a user which is not signed up to the event user = add_user(session_toy_db, 'xx', 'xx', 'xx', 'xx', 'xx', 'user') user.is_authenticated = True assert not is_accessible_code(session_toy_db, event_name, user.name) # simulate that the event is not publicly opened event = get_event(session_toy_db, event_name) past_public_opening = event.public_opening_timestamp tomorrow = datetime.datetime.utcnow() + datetime.timedelta(days=1) event.public_opening_timestamp = tomorrow session_toy_db.commit() assert is_accessible_code(session_toy_db, event_name, 'test_user_3') # Make a submission submission_name = 'random_forest_10_10' ramp_config = generate_ramp_config(read_config(ramp_config_template())) path_submission = os.path.join( os.path.dirname(ramp_config['ramp_sandbox_dir']), submission_name ) sub = add_submission( session_toy_db, event_name, 'test_user_3', submission_name, path_submission ) # check that the user submitting the submission could access it assert is_accessible_code( session_toy_db, event_name, 'test_user_3', sub.id ) # change the admin of the team from ramp_database.model import Team, User team = (session_toy_db.query(Team) .filter(Team.name == 'test_user_3') .first()) user = (session_toy_db.query(User) .filter(User.name == 'test_user_2') .first()) team.admin_id = user.id team.admin = user session_toy_db.commit() # check that the admin can access the submission assert is_accessible_code( session_toy_db, event_name, 'test_user_2', sub.id ) # but others cannot assert not is_accessible_code( session_toy_db, event_name, 'test_user_3', sub.id ) event.public_opening_timestamp = past_public_opening session_toy_db.commit()