def test_update_smsAddress(self):
'Make sure that updating smsAddresses works'
url = self.get_url('user_update')
db.query(SMSAddress).delete()
userSID, userSCode, userSEmail = db.query(User.id, User.code, User.email).filter_by(username=self.userS['username']).first()
userAID, userACode, userAEmail = db.query(User.id, User.code, User.email).filter_by(username=self.userA['username']).first()
userIID, userICode, userIEmail = db.query(User.id, User.code, User.email).filter_by(username=self.userI['username']).first()
imapServer = sms.connect(self.router.registry.settings)
# Register an invalid email address
imapServer.revive('inbox', imapIO.build_message(subject='%s-%s' % (userSID, userSCode), fromWhom=''))
# Register using an invalid userID or userCode
imapServer.revive('inbox', imapIO.build_message(subject='%s-%s' % (-1, userSCode), fromWhom='sms_' + userSEmail))
imapServer.revive('inbox', imapIO.build_message(subject='%s-%s' % (userSID, -1), fromWhom='sms_' + userSEmail))
# Register three email addresses
imapServer.revive('inbox', imapIO.build_message(subject='%s-%s' % (userSID, userSCode), fromWhom='sms_' + userSEmail))
imapServer.revive('inbox', imapIO.build_message(subject='%s-%s' % (userAID, userACode), fromWhom='sms_' + userAEmail))
imapServer.revive('inbox', imapIO.build_message(subject='%s-%s' % (userIID, userICode), fromWhom='sms_' + userIEmail))
# Register an address that already exists for the given user
imapServer.revive('inbox', imapIO.build_message(subject='%s-%s' % (userSID, userSCode), fromWhom='sms_' + userSEmail))
# Remove an email address
imapServer.revive('inbox', imapIO.build_message(subject='%s-%s' % (0, 'xxx'), fromWhom='sms_' + userSEmail))
# Process
sms.process(self.router.registry.settings)
# Make sure we only have two registered SMS address
self.assertEqual(2, db.query(SMSAddress).count())
smsAddressA = db.query(SMSAddress).filter_by(user_id=userAID).first()
smsAddressI = db.query(SMSAddress).filter_by(user_id=userIID).first()
# Get token
self.login(self.userI)
token = get_token(self.get(url).unicode_body)
params = ReplaceableDict(token=token, smsAddressAction='activate', smsAddressID=smsAddressI.id)
# Activate an smsAddress that doesn't belong to the user
self.assert_json(self.post(url, params.replace(smsAddressID=smsAddressA.id)), 0)
# Activate an smsAddress
self.assert_json(self.post(url, params), 1)
self.assertEqual(db.query(SMSAddress.is_active).filter_by(user_id=userIID).first()[0], True)
params = ReplaceableDict(token=token, smsAddressAction='deactivate', smsAddressID=smsAddressI.id)
# Deactivate an smsAddress that doesn't belong to the user
self.assert_json(self.post(url, params.replace(smsAddressID=smsAddressA.id)), 0)
# Deactivate an smsAddress
self.assert_json(self.post(url, params), 1)
self.assertEqual(db.query(SMSAddress.is_active).filter_by(user_id=userIID).first()[0], False)
params = ReplaceableDict(token=token, smsAddressAction='remove', smsAddressID=smsAddressI.id)
# Remove an smsAddress that doesn't belong to the user
self.assert_json(self.post(url, params.replace(smsAddressID=smsAddressA.id)), 0)
# Remove an smsAddress that does belong to the user
self.assert_json(self.post(url, params), 1)
self.assertEqual(db.query(SMSAddress).filter_by(id=smsAddressI.id).count(), 0)
params = ReplaceableDict(token=token)
# Send an invalid command
self.assert_json(self.post(url, params.replace(smsAddressAction='')), 0)
self.assert_json(self.post(url, params.replace(smsAddressAction='xxx')), 0)
def test_mutate(self):
'Make sure that mutating the user works'
url = self.get_url('user_mutate')
self.login(self.userI)
token = get_token(self.get(self.get_url('user_update')).body)
params = ReplaceableDict(token=token)
# Check that a bad token fails
self.assert_json(self.post(url, params.replace(token=token + 'x')), 0)
# Check that we can mutate the user code
userCode = db.query(User.code).filter_by(username=self.userI['username']).first()[0]
self.assert_json(self.post(url, params), 1)
self.assertNotEqual(userCode, db.query(User.code).filter_by(username=self.userI['username']).first()[0])
def test_mutate(self):
'Make sure that mutating the user works'
url = self.get_url('user_mutate')
self.login(self.userI)
token = get_token(self.get(self.get_url('user_update')).body)
params = ReplaceableDict(token=token)
# Check that a bad token fails
self.assert_json(self.post(url, params.replace(token=token + 'x')), 0)
# Check that we can mutate the user code
userCode = db.query(
User.code).filter_by(username=self.userI['username']).first()[0]
self.assert_json(self.post(url, params), 1)
self.assertNotEqual(
userCode,
db.query(User.code).filter_by(
username=self.userI['username']).first()[0])
def test_move(self):
'Make sure that only superusers can promote or demote other users'
url = self.get_url('user_move')
# Check that we only see the login page if the user is not logged in
self.assert_forbidden(url, method='POST')
# Check that only super users can promote or demote other users
for userD in self.userA, self.userI:
self.login(userD)
self.assert_forbidden(url, method='POST')
self.login(self.userS)
userID = db.query(
User.id).filter_by(username=self.userS['username']).first()[0]
token = get_token(self.get(self.get_url('user_index')).body)
get_targetUser = lambda: db.query(User).filter_by(username=self.userI[
'username']).first()
targetUser = get_targetUser()
params = ReplaceableDict(token=token,
targetUserID=targetUser.id,
is_super=1,
is_active=1)
# Check that a bad token fails
self.assert_json(self.post(url, params.replace(token=token + 'x')), 0)
# Check that a bad targetUserID fails
self.assert_json(self.post(url, params.replace(targetUserID=0)), 0)
# Check that a bad attribute fails
self.assert_json(self.post(url, params.replace(is_super='xxx')), 0)
self.assert_json(self.post(url, params.replace(is_active='xxx')), 0)
# Check that a super user cannot promote or demote self
self.assert_json(self.post(url, params.replace(targetUserID=userID)),
0)
# Check that a super user can promote or demote other users
self.assert_json(self.post(url, params.replace(is_super=1)), 1)
targetUser = get_targetUser()
self.assertEqual(targetUser.is_super, True)
self.assert_json(self.post(url, params.replace(is_super=0)), 1)
targetUser = get_targetUser()
self.assertEqual(targetUser.is_super, False)
self.assert_json(self.post(url, params.replace(is_active=1)), 1)
targetUser = get_targetUser()
self.assertEqual(targetUser.is_active, True)
self.assert_json(self.post(url, params.replace(is_active=0)), 1)
targetUser = get_targetUser()
self.assertEqual(targetUser.is_active, False)
def test_update(self):
'Make sure that updating credentials works'
url = self.get_url('user_update')
# Check that we only see the login page if the user is not logged in
self.assert_forbidden(url)
self.assert_forbidden(url, method='POST')
# Check that the update form is filled with the user's credentials
self.login(self.userI)
body = self.get(url).unicode_body
self.assert_(self.userI['username'] in body)
self.assert_(self.userI['nickname'] in body)
self.assert_(self.userI['email'].lower() in body)
token = get_token(body)
# Updating credentials requires a token
username, password, nickname, email = [
'0' + self.userI[x]
for x in 'username', 'password', 'nickname', 'email'
]
params = ReplaceableDict(token=token,
username=username,
password=password,
nickname=nickname,
email=email)
self.assert_json(self.post(url, params.replace(token='')), 0)
self.assert_json(self.post(url, params), 1)
# Make sure the credentials have not changed yet
self.assertEqual(
db.query(User).filter_by(username=username,
nickname=nickname,
email=email).count(), 0)
# Make sure the credentials have changed after confirmation
self.get(
self.get_url('user_confirm',
ticket=db.query(
User_.ticket).filter_by(email=email).order_by(
User_.when_expired.desc()).first()[0]))
self.assertEqual(
db.query(User).filter_by(username=username,
nickname=nickname,
email=email).first().check(password),
True)
def test_move(self):
'Make sure that only superusers can promote or demote other users'
url = self.get_url('user_move')
# Check that we only see the login page if the user is not logged in
self.assert_forbidden(url, method='POST')
# Check that only super users can promote or demote other users
for userD in self.userA, self.userI:
self.login(userD)
self.assert_forbidden(url, method='POST')
self.login(self.userS)
userID = db.query(User.id).filter_by(username=self.userS['username']).first()[0]
token = get_token(self.get(self.get_url('user_index')).body)
get_targetUser = lambda: db.query(User).filter_by(username=self.userI['username']).first()
targetUser = get_targetUser()
params = ReplaceableDict(token=token, targetUserID=targetUser.id, is_super=1, is_active=1)
# Check that a bad token fails
self.assert_json(self.post(url, params.replace(token=token + 'x')), 0)
# Check that a bad targetUserID fails
self.assert_json(self.post(url, params.replace(targetUserID=0)), 0)
# Check that a bad attribute fails
self.assert_json(self.post(url, params.replace(is_super='xxx')), 0)
self.assert_json(self.post(url, params.replace(is_active='xxx')), 0)
# Check that a super user cannot promote or demote self
self.assert_json(self.post(url, params.replace(targetUserID=userID)), 0)
# Check that a super user can promote or demote other users
self.assert_json(self.post(url, params.replace(is_super=1)), 1)
targetUser = get_targetUser()
self.assertEqual(targetUser.is_super, True)
self.assert_json(self.post(url, params.replace(is_super=0)), 1)
targetUser = get_targetUser()
self.assertEqual(targetUser.is_super, False)
self.assert_json(self.post(url, params.replace(is_active=1)), 1)
targetUser = get_targetUser()
self.assertEqual(targetUser.is_active, True)
self.assert_json(self.post(url, params.replace(is_active=0)), 1)
targetUser = get_targetUser()
self.assertEqual(targetUser.is_active, False)
def test_update(self):
'Make sure that updating credentials works'
url = self.get_url('user_update')
# Check that we only see the login page if the user is not logged in
self.assert_forbidden(url)
self.assert_forbidden(url, method='POST')
# Check that the update form is filled with the user's credentials
self.login(self.userI)
body = self.get(url).unicode_body
self.assert_(self.userI['username'] in body)
self.assert_(self.userI['nickname'] in body)
self.assert_(self.userI['email'].lower() in body)
token = get_token(body)
# Updating credentials requires a token
username, password, nickname, email = ['0' + self.userI[x] for x in 'username', 'password', 'nickname', 'email']
params = ReplaceableDict(token=token, username=username, password=password, nickname=nickname, email=email)
self.assert_json(self.post(url, params.replace(token='')), 0)
self.assert_json(self.post(url, params), 1)
# Make sure the credentials have not changed yet
self.assertEqual(db.query(User).filter_by(username=username, nickname=nickname, email=email).count(), 0)
# Make sure the credentials have changed after confirmation
self.get(self.get_url('user_confirm', ticket=db.query(User_.ticket).filter_by(email=email).order_by(User_.when_expired.desc()).first()[0]))
self.assertEqual(db.query(User).filter_by(username=username, nickname=nickname, email=email).first().check(password), True)
def run(settings):
'Upload data to dashboard'
countByKey = {}
sqlalchemyURL = settings['tc.sqlalchemy.url']
appURL = settings['tc.url']
appUsername = settings['tc.username']
appPassword = settings['tc.password']
opener = build_opener(HTTPCookieProcessor())
def post(relativeURL, valueByKey=None, expectJSON=True):
url = appURL + '/' + relativeURL
response = opener.open(url, urlencode(valueByKey or {}))
data = response.read()
response.close()
if expectJSON:
data = simplejson.loads(data)
if options.verbose and not data.get('isOk'):
raise Exception('Could not open %s' % url)
return data
# Login
showFeedback('Logging in...')
post('users/login', dict(username=appUsername, password=appPassword))
# Get token
showFeedback('Getting token...')
data = post('users', expectJSON=False)
token = get_token(data)
# Assemble
showFeedback('Assembling payload...')
payload, countByKey = assemble(sqlalchemyURL)
# Upload
showFeedback('Uploading...')
post('uploads', dict(token=token, payload=simplejson.dumps(payload, encoding='latin-1')))
# Logout
showFeedback('Logging out...')
post('users/logout', expectJSON=False)
# Return
return '\n'.join('%s: %s' % (key, count) for key, count in countByKey.iteritems())
def test_update_smsAddress(self):
'Make sure that updating smsAddresses works'
url = self.get_url('user_update')
db.query(SMSAddress).delete()
userSID, userSCode, userSEmail = db.query(
User.id, User.code,
User.email).filter_by(username=self.userS['username']).first()
userAID, userACode, userAEmail = db.query(
User.id, User.code,
User.email).filter_by(username=self.userA['username']).first()
userIID, userICode, userIEmail = db.query(
User.id, User.code,
User.email).filter_by(username=self.userI['username']).first()
imapServer = sms.connect(self.router.registry.settings)
# Register an invalid email address
imapServer.revive(
'inbox',
imapIO.build_message(subject='%s-%s' % (userSID, userSCode),
fromWhom=''))
# Register using an invalid userID or userCode
imapServer.revive(
'inbox',
imapIO.build_message(subject='%s-%s' % (-1, userSCode),
fromWhom='sms_' + userSEmail))
imapServer.revive(
'inbox',
imapIO.build_message(subject='%s-%s' % (userSID, -1),
fromWhom='sms_' + userSEmail))
# Register three email addresses
imapServer.revive(
'inbox',
imapIO.build_message(subject='%s-%s' % (userSID, userSCode),
fromWhom='sms_' + userSEmail))
imapServer.revive(
'inbox',
imapIO.build_message(subject='%s-%s' % (userAID, userACode),
fromWhom='sms_' + userAEmail))
imapServer.revive(
'inbox',
imapIO.build_message(subject='%s-%s' % (userIID, userICode),
fromWhom='sms_' + userIEmail))
# Register an address that already exists for the given user
imapServer.revive(
'inbox',
imapIO.build_message(subject='%s-%s' % (userSID, userSCode),
fromWhom='sms_' + userSEmail))
# Remove an email address
imapServer.revive(
'inbox',
imapIO.build_message(subject='%s-%s' % (0, 'xxx'),
fromWhom='sms_' + userSEmail))
# Process
sms.process(self.router.registry.settings)
# Make sure we only have two registered SMS address
self.assertEqual(2, db.query(SMSAddress).count())
smsAddressA = db.query(SMSAddress).filter_by(user_id=userAID).first()
smsAddressI = db.query(SMSAddress).filter_by(user_id=userIID).first()
# Get token
self.login(self.userI)
token = get_token(self.get(url).unicode_body)
params = ReplaceableDict(token=token,
smsAddressAction='activate',
smsAddressID=smsAddressI.id)
# Activate an smsAddress that doesn't belong to the user
self.assert_json(
self.post(url, params.replace(smsAddressID=smsAddressA.id)), 0)
# Activate an smsAddress
self.assert_json(self.post(url, params), 1)
self.assertEqual(
db.query(
SMSAddress.is_active).filter_by(user_id=userIID).first()[0],
True)
params = ReplaceableDict(token=token,
smsAddressAction='deactivate',
smsAddressID=smsAddressI.id)
# Deactivate an smsAddress that doesn't belong to the user
self.assert_json(
self.post(url, params.replace(smsAddressID=smsAddressA.id)), 0)
# Deactivate an smsAddress
self.assert_json(self.post(url, params), 1)
self.assertEqual(
db.query(
SMSAddress.is_active).filter_by(user_id=userIID).first()[0],
False)
params = ReplaceableDict(token=token,
smsAddressAction='remove',
smsAddressID=smsAddressI.id)
# Remove an smsAddress that doesn't belong to the user
self.assert_json(
self.post(url, params.replace(smsAddressID=smsAddressA.id)), 0)
# Remove an smsAddress that does belong to the user
self.assert_json(self.post(url, params), 1)
self.assertEqual(
db.query(SMSAddress).filter_by(id=smsAddressI.id).count(), 0)
params = ReplaceableDict(token=token)
# Send an invalid command
self.assert_json(self.post(url, params.replace(smsAddressAction='')),
0)
self.assert_json(
self.post(url, params.replace(smsAddressAction='xxx')), 0)
