def test_returns_200_for_admin_changing_other_user(self):
admin = user_factory.create(groups=['admin', 'default'])
user = user_factory.create()
with app.test_client() as c, authenticated_user(c, user=admin):
rv = json_request(c.post, "/api/users/{}".format(user.id), data={"name": "New Name"})
self.assertEqual(rv.status_code, 200)
def authenticated_user(c, user=None):
if not user:
user = user_factory.create()
db.session.commit()
authenticate_request(c, user)
yield user
def test_user_api_key(self):
user = user_factory.create(api_key="user_key")
path = '/api/queries/'
with app.test_client() as c:
signature = sign(user.api_key, path, self.expires)
rv = c.get(path, query_string={'signature': signature, 'expires': self.expires, 'user_id': user.id})
self.assertEqual(user.id, hmac_load_user_from_request(request).id)
def test_returns_400_when_configuration_invalid(self):
admin = user_factory.create(groups=['admin', 'default'])
with app.test_client() as c, authenticated_user(c, user=admin):
rv = json_request(c.post, '/api/data_sources',
data={'name': 'DS 1', 'type': 'pg', 'options': '{}'})
self.assertEqual(rv.status_code, 400)
def test_submit_incorrect_password(self):
user = user_factory.create()
with app.test_client() as c, patch('redash.controllers.login_user') as login_user_mock:
rv = c.post('/login', data={'username': user.email, 'password': ''})
self.assertEquals(rv.status_code, 200)
self.assertFalse(login_user_mock.called)
def test_submit_incorrect_password(self):
user = user_factory.create()
with app.test_client() as c, patch('redash.controllers.login_user') as login_user_mock:
rv = c.post('/login', data={'username': user.email, 'password': ''})
self.assertEquals(rv.status_code, 200)
self.assertFalse(login_user_mock.called)
def test_creates_data_source(self):
admin = user_factory.create(groups=['admin', 'default'])
with app.test_client() as c, authenticated_user(c, user=admin):
rv = json_request(c.post, '/api/data_sources',
data={'name': 'DS 1', 'type': 'pg', 'options': '{"dbname": "redash"}'})
self.assertEqual(rv.status_code, 200)
def test_submit_incorrect_password(self):
user = user_factory.create()
with app.test_client() as c, patch("redash.controllers.login_user") as login_user_mock:
rv = c.post("/login", data={"email": user.email, "password": ""})
self.assertEquals(rv.status_code, 200)
self.assertFalse(login_user_mock.called)
def authenticated_user(c, user=None):
if not user:
user = user_factory.create()
authenticate_request(c, user)
yield user
def test_creates_data_source(self):
admin = user_factory.create(groups=["admin", "default"])
with app.test_client() as c, authenticated_user(c, user=admin):
rv = json_request(
c.post, "/api/data_sources", data={"name": "DS 1", "type": "pg", "options": {"dbname": "redash"}}
)
self.assertEqual(rv.status_code, 200)
def authenticated_user(c, user=None):
if not user:
user = user_factory.create()
with c.session_transaction() as sess:
sess['user_id'] = user.id
yield
def test_logins_valid_user(self):
user = user_factory.create(email='*****@*****.**')
with patch.object(
settings, 'GOOGLE_APPS_DOMAIN', 'example.com'), patch(
'redash.authentication.login_user') as login_user_mock:
create_and_login_user(None, user)
login_user_mock.assert_called_once_with(user, remember=True)
def authenticated_user(c, user=None):
if not user:
user = user_factory.create()
with c.session_transaction() as sess:
sess['user_id'] = user.id
yield
def test_submit_correct_user_and_password_and_remember_me(self):
user = user_factory.create()
user.hash_password("password")
user.save()
with app.test_client() as c, patch("redash.controllers.login_user") as login_user_mock:
rv = c.post("/login", data={"email": user.email, "password": "******", "remember": True})
self.assertEquals(rv.status_code, 302)
login_user_mock.assert_called_with(user, remember=True)
def test_create_new_dashboard(self):
user = user_factory.create()
with app.test_client() as c, authenticated_user(c, user=user):
dashboard_name = "Test Dashboard"
rv = json_request(c.post, "/api/dashboards", data={"name": dashboard_name})
self.assertEquals(rv.status_code, 200)
self.assertEquals(rv.json["name"], "Test Dashboard")
self.assertEquals(rv.json["user_id"], user.id)
self.assertEquals(rv.json["layout"], [])
def test_submit_incorrect_password(self):
user = user_factory.create()
user.hash_password('password')
user.save()
with app.test_client() as c, patch('redash.handlers.authentication.login_user') as login_user_mock:
rv = c.post('/login', data={'email': user.email, 'password': '******'})
self.assertEquals(rv.status_code, 200)
self.assertFalse(login_user_mock.called)
def test_create_new_dashboard(self):
user = user_factory.create()
with app.test_client() as c, authenticated_user(c, user=user):
dashboard_name = 'Test Dashboard'
rv = json_request(c.post, '/api/dashboards', data={'name': dashboard_name})
self.assertEquals(rv.status_code, 200)
self.assertEquals(rv.json['name'], 'Test Dashboard')
self.assertEquals(rv.json['user_id'], user.id)
self.assertEquals(rv.json['layout'], [])
def test_create_new_dashboard(self):
user = user_factory.create()
with app.test_client() as c, authenticated_user(c, user=user):
dashboard_name = 'Test Dashboard'
rv = json_request(c.post, '/api/dashboards', data={'name': dashboard_name})
self.assertEquals(rv.status_code, 200)
self.assertEquals(rv.json['name'], 'Test Dashboard')
self.assertEquals(rv.json['user_id'], user.id)
self.assertEquals(rv.json['layout'], [])
def test_submit_correct_user_and_password_and_remember_me(self):
user = user_factory.create()
user.hash_password('password')
user.save()
with app.test_client() as c, patch('redash.controllers.login_user') as login_user_mock:
rv = c.post('/login', data={'username': user.email, 'password': '******', 'remember': True})
self.assertEquals(rv.status_code, 302)
login_user_mock.assert_called_with(user, remember=True)
def test_submit_correct_user_and_password_and_remember_me(self):
user = user_factory.create()
user.hash_password('password')
user.save()
with app.test_client() as c, patch('redash.controllers.login_user') as login_user_mock:
rv = c.post('/login', data={'username': user.email, 'password': '******', 'remember': True})
self.assertEquals(rv.status_code, 302)
login_user_mock.assert_called_with(user, remember=True)
def test_returns_400_when_missing_fields(self):
admin = user_factory.create(groups=['admin', 'default'])
with app.test_client() as c, authenticated_user(c, user=admin):
rv = c.post("/api/data_sources")
self.assertEqual(rv.status_code, 400)
rv = json_request(c.post, '/api/data_sources', data={'name': 'DS 1'})
self.assertEqual(rv.status_code, 400)
def test_returns_400_when_missing_fields(self):
admin = user_factory.create(groups=["admin", "default"])
with app.test_client() as c, authenticated_user(c, user=admin):
rv = c.post("/api/data_sources")
self.assertEqual(rv.status_code, 400)
rv = json_request(c.post, "/api/data_sources", data={"name": "DS 1"})
self.assertEqual(rv.status_code, 400)
def test_update_query(self):
query = query_factory.create()
other_user = user_factory.create()
with app.test_client() as c, authenticated_user(c, user=other_user):
rv = json_request(c.post, "/api/queries/{0}".format(query.id), data={"name": "Testing"})
self.assertEqual(rv.status_code, 200)
self.assertEqual(rv.json["name"], "Testing")
self.assertEqual(rv.json["last_modified_by"]["id"], other_user.id)
def test_returns_400_when_missing_fields(self):
admin = user_factory.create(groups=['admin', 'default'])
with app.test_client() as c, authenticated_user(c, user=admin):
rv = c.post("/api/users")
self.assertEqual(rv.status_code, 400)
rv = json_request(c.post, '/api/users', data={'name': 'User'})
self.assertEqual(rv.status_code, 400)
def test_creates_user(self):
admin = user_factory.create(groups=['admin', 'default'])
with app.test_client() as c, authenticated_user(c, user=admin):
test_user = {'name': 'User', 'email': '*****@*****.**', 'password': '******'}
rv = json_request(c.post, '/api/users', data=test_user)
self.assertEqual(rv.status_code, 200)
self.assertEqual(rv.json['name'], test_user['name'])
self.assertEqual(rv.json['email'], test_user['email'])
def test_submit_correct_user_and_password_with_next(self):
user = user_factory.create()
user.hash_password("password")
user.save()
with app.test_client() as c, patch("redash.controllers.login_user") as login_user_mock:
rv = c.post("/login?next=/test", data={"email": user.email, "password": "******"})
self.assertEquals(rv.status_code, 302)
self.assertEquals(rv.location, "http://localhost/test")
login_user_mock.assert_called_with(user, remember=False)
def test_submit_correct_user_and_password(self):
user = user_factory.create()
user.hash_password('password')
user.save()
with app.test_client() as c, patch('redash.handlers.authentication.login_user') as login_user_mock:
rv = c.post('/login', data={'email': user.email, 'password': '******'})
self.assertEquals(rv.status_code, 302)
login_user_mock.assert_called_with(user, remember=False)
def test_update_query(self):
query = query_factory.create()
other_user = user_factory.create()
with app.test_client() as c, authenticated_user(c, user=other_user):
rv = json_request(c.post, '/api/queries/{0}'.format(query.id), data={'name': 'Testing'})
self.assertEqual(rv.status_code, 200)
self.assertEqual(rv.json['name'], 'Testing')
self.assertEqual(rv.json['last_modified_by']['id'], other_user.id)
def test_submit_correct_user_and_password_with_next(self):
user = user_factory.create()
user.hash_password('password')
user.save()
with app.test_client() as c, patch('redash.controllers.login_user') as login_user_mock:
rv = c.post('/login?next=/test',
data={'username': user.email, 'password': '******'})
self.assertEquals(rv.status_code, 302)
self.assertEquals(rv.location, 'http://localhost/test')
login_user_mock.assert_called_with(user, remember=False)
def test_submit_correct_user_and_password_with_next(self):
user = user_factory.create()
user.hash_password('password')
user.save()
with app.test_client() as c, patch('redash.controllers.login_user') as login_user_mock:
rv = c.post('/login?next=/test',
data={'username': user.email, 'password': '******'})
self.assertEquals(rv.status_code, 302)
self.assertEquals(rv.location, 'http://localhost/test')
login_user_mock.assert_called_with(user, remember=False)
def test_returns_400_when_configuration_invalid(self):
admin = user_factory.create(groups=['admin', 'default'])
with app.test_client() as c, authenticated_user(c, user=admin):
rv = json_request(c.post,
'/api/data_sources',
data={
'name': 'DS 1',
'type': 'pg',
'options': '{}'
})
self.assertEqual(rv.status_code, 400)
def test_update_query(self):
query = query_factory.create()
other_user = user_factory.create()
with app.test_client() as c, authenticated_user(c, user=other_user):
rv = json_request(c.post,
'/api/queries/{0}'.format(query.id),
data={'name': 'Testing'})
self.assertEqual(rv.status_code, 200)
self.assertEqual(rv.json['name'], 'Testing')
self.assertEqual(rv.json['last_modified_by']['id'], other_user.id)
def test_creates_data_source(self):
admin = user_factory.create(groups=['admin', 'default'])
with app.test_client() as c, authenticated_user(c, user=admin):
rv = json_request(c.post,
'/api/data_sources',
data={
'name': 'DS 1',
'type': 'pg',
'options': '{"dbname": "redash"}'
})
self.assertEqual(rv.status_code, 200)
def test_submit_incorrect_password(self):
user = user_factory.create()
user.hash_password('password')
user.save()
with app.test_client() as c, patch(
'redash.handlers.authentication.login_user'
) as login_user_mock:
rv = c.post('/login',
data={
'email': user.email,
'password': '******'
})
self.assertEquals(rv.status_code, 200)
self.assertFalse(login_user_mock.called)
def test_create_query(self):
user = user_factory.create()
data_source = data_source_factory.create()
query_data = {"name": "Testing", "query": "SELECT 1", "schedule": "3600", "data_source_id": data_source.id}
with app.test_client() as c, authenticated_user(c, user=user):
rv = json_request(c.post, "/api/queries", data=query_data)
self.assertEquals(rv.status_code, 200)
self.assertDictContainsSubset(query_data, rv.json)
self.assertEquals(rv.json["user"]["id"], user.id)
self.assertIsNotNone(rv.json["api_key"])
self.assertIsNotNone(rv.json["query_hash"])
query = models.Query.get_by_id(rv.json["id"])
self.assertEquals(len(list(query.visualizations)), 1)
def test_submit_correct_user_and_password(self):
user = user_factory.create()
user.hash_password('password')
user.save()
with app.test_client() as c, patch(
'redash.handlers.authentication.login_user'
) as login_user_mock:
rv = c.post('/login',
data={
'email': user.email,
'password': '******'
})
self.assertEquals(rv.status_code, 302)
login_user_mock.assert_called_with(user, remember=False)
def test_create_query(self):
user = user_factory.create()
data_source = data_source_factory.create()
query_data = {
'name': 'Testing',
'query': 'SELECT 1',
'schedule': "3600",
'data_source_id': data_source.id
}
with app.test_client() as c, authenticated_user(c, user=user):
rv = json_request(c.post, '/api/queries', data=query_data)
self.assertEquals(rv.status_code, 200)
self.assertDictContainsSubset(query_data, rv.json)
self.assertEquals(rv.json['user']['id'], user.id)
self.assertIsNotNone(rv.json['api_key'])
self.assertIsNotNone(rv.json['query_hash'])
query = models.Query.get_by_id(rv.json['id'])
self.assertEquals(len(list(query.visualizations)), 1)
def test_create_query(self):
user = user_factory.create()
data_source = data_source_factory.create()
query_data = {
'name': 'Testing',
'query': 'SELECT 1',
'schedule': "3600",
'data_source_id': data_source.id
}
with app.test_client() as c, authenticated_user(c, user=user):
rv = json_request(c.post, '/api/queries', data=query_data)
self.assertEquals(rv.status_code, 200)
self.assertDictContainsSubset(query_data, rv.json)
self.assertEquals(rv.json['user']['id'], user.id)
self.assertIsNotNone(rv.json['api_key'])
self.assertIsNotNone(rv.json['query_hash'])
query = models.Query.get_by_id(rv.json['id'])
self.assertEquals(len(list(query.visualizations)), 1)
def test_returns_data_for_admin(self):
admin = user_factory.create(groups=['admin', 'default'])
with app.test_client() as c, authenticated_user(c, user=admin):
rv = c.get('/status.json')
self.assertEqual(rv.status_code, 200)
def test_returns_403_for_non_admin_changing_not_his_own(self):
other_user = user_factory.create()
with app.test_client() as c, authenticated_user(c):
rv = c.post("/api/users/{}".format(other_user.id), data={"name": "New Name"})
self.assertEqual(rv.status_code, 403)
def test_returns_400_when_configuration_invalid(self):
admin = user_factory.create(groups=["admin", "default"])
with app.test_client() as c, authenticated_user(c, user=admin):
rv = json_request(c.post, "/api/data_sources", data={"name": "DS 1", "type": "pg", "options": "{}"})
self.assertEqual(rv.status_code, 400)
def test_user_api_key(self):
user = user_factory.create(api_key="user_key")
with app.test_client() as c:
rv = c.get('/api/queries/', query_string={'api_key': user.api_key})
self.assertEqual(user.id, api_key_load_user_from_request(request).id)
def test_returns_data_for_admin(self):
admin = user_factory.create(groups=['admin', 'default'])
with app.test_client() as c, authenticated_user(c, user=admin):
rv = c.get('/status.json')
self.assertEqual(rv.status_code, 200)
def test_logins_valid_user(self):
user = user_factory.create(email='*****@*****.**')
with patch('redash.google_oauth.login_user') as login_user_mock:
create_and_login_user(user.name, user.email)
login_user_mock.assert_called_once_with(user, remember=True)
def test_doesnt_return_api_key_for_other_user(self):
other_user = user_factory.create()
with app.test_client() as c, authenticated_user(c):
rv = json_request(c.get, "/api/users/{}".format(other_user.id))
self.assertNotIn('api_key', rv.json)
def test_logins_valid_user(self):
user = user_factory.create(email='*****@*****.**')
with patch.object(settings, 'GOOGLE_APPS_DOMAIN', 'example.com'), patch('redash.authentication.login_user') as login_user_mock:
create_and_login_user(None, user)
login_user_mock.assert_called_once_with(user, remember=True)
def test_returns_api_key_for_other_user_when_admin(self):
other_user = user_factory.create()
admin = user_factory.create(groups=['admin', 'default'])
with app.test_client() as c, authenticated_user(c, user=admin):
rv = json_request(c.get, "/api/users/{}".format(other_user.id))
self.assertIn('api_key', rv.json)
