def test_unit__get_known__user__distinct_workspaces_users_by_name__exclude_workspace_and_name(
self
):
admin = self.session.query(User).filter(User.email == "*****@*****.**").one()
api = UserApi(current_user=None, session=self.session, config=self.app_config)
u1 = api.create_user(email="email@email", name="name", do_notify=False, do_save=True)
u2 = api.create_user(email="email2@email2", name="name2", do_notify=False, do_save=True)
u3 = api.create_user(
email="notfound@notfound", name="notfound", do_notify=False, do_save=True
)
u4 = api.create_user(email="email3@email3", name="name3", do_notify=False, do_save=True)
wapi = WorkspaceApi(current_user=admin, session=self.session, config=self.app_config)
workspace = wapi.create_workspace("test workspace n°1", save_now=True)
wapi = WorkspaceApi(current_user=admin, session=self.session, config=self.app_config)
workspace_2 = wapi.create_workspace("test workspace n°2", save_now=True)
role_api = RoleApi(current_user=admin, session=self.session, config=self.app_config)
role_api.create_one(u1, workspace, UserRoleInWorkspace.READER, False)
role_api.create_one(u2, workspace_2, UserRoleInWorkspace.READER, False)
role_api.create_one(u4, workspace_2, UserRoleInWorkspace.READER, False)
role_api.create_one(u3, workspace, UserRoleInWorkspace.READER, False)
role_api.create_one(u3, workspace_2, UserRoleInWorkspace.READER, False)
api2 = UserApi(current_user=u3, session=self.session, config=self.app_config)
users = api2.get_known_user(
"name", exclude_workspace_ids=[workspace.workspace_id], exclude_user_ids=[u4.user_id]
)
assert len(users) == 1
assert users[0] == u2
def test_unit__disable_user___ok__nominal_case(self, session, app_config):
api = UserApi(current_user=None, session=session, config=app_config)
profile = Profile.USER
user = api.create_user(
email="*****@*****.**",
password="******",
name="bob",
profile=profile,
timezone="Europe/Paris",
do_save=True,
do_notify=False,
)
user2 = api.create_user(
email="*****@*****.**",
password="******",
name="bob2",
profile=profile,
timezone="Europe/Paris",
do_save=True,
do_notify=False,
)
api2 = UserApi(current_user=user, session=session, config=app_config)
api2.disable(user2)
updated_user2 = api.get_one(user2.user_id)
assert updated_user2.is_active is False
assert updated_user2.user_id == user2.user_id
assert updated_user2.email == user2.email
def test_unit__disable_user___ok__nominal_case(self):
api = UserApi(current_user=None, session=self.session, config=self.app_config)
gapi = GroupApi(current_user=None, session=self.session, config=self.app_config)
groups = [gapi.get_one_with_name("users")]
user = api.create_user(
email="*****@*****.**",
password="******",
name="bob",
groups=groups,
timezone="Europe/Paris",
do_save=True,
do_notify=False,
)
user2 = api.create_user(
email="*****@*****.**",
password="******",
name="bob2",
groups=groups,
timezone="Europe/Paris",
do_save=True,
do_notify=False,
)
api2 = UserApi(current_user=user, session=self.session, config=self.app_config)
api2.disable(user2)
updated_user2 = api.get_one(user2.user_id)
assert updated_user2.is_active is False
assert updated_user2.user_id == user2.user_id
assert updated_user2.email == user2.email
def test_unit__get_known__user__distinct_workspaces_users_by_name__exclude_workspace_and_name(
self, session, app_config, workspace_api_factory, role_api_factory, admin_user
):
api = UserApi(current_user=admin_user, session=session, config=app_config)
u1 = api.create_user(email="email@email", name="name", do_notify=False, do_save=True)
u2 = api.create_user(email="email2@email2", name="name2", do_notify=False, do_save=True)
u3 = api.create_user(
email="notfound@notfound", name="notfound", do_notify=False, do_save=True
)
u4 = api.create_user(email="email3@email3", name="name3", do_notify=False, do_save=True)
wapi = workspace_api_factory.get()
workspace = wapi.create_workspace("test workspace n°1", save_now=True)
wapi = workspace_api_factory.get()
workspace_2 = wapi.create_workspace("test workspace n°2", save_now=True)
role_api = role_api_factory.get()
role_api.create_one(u1, workspace, UserRoleInWorkspace.READER, False)
role_api.create_one(u2, workspace_2, UserRoleInWorkspace.READER, False)
role_api.create_one(u4, workspace_2, UserRoleInWorkspace.READER, False)
role_api.create_one(u3, workspace, UserRoleInWorkspace.READER, False)
role_api.create_one(u3, workspace_2, UserRoleInWorkspace.READER, False)
api2 = UserApi(current_user=u3, session=session, config=app_config)
users = api2.get_known_user(
"name", exclude_workspace_ids=[workspace.workspace_id], exclude_user_ids=[u4.user_id]
)
assert len(users) == 1
assert users[0] == u2
def test_unit__get_known__user__distinct_workspaces_users_by_name__exclude_workspace(self):
admin = self.session.query(models.User) \
.filter(models.User.email == '*****@*****.**') \
.one()
api = UserApi(
current_user=None,
session=self.session,
config=self.config,
)
u1 = api.create_user(
email='email@email',
name='name',
do_notify=False,
do_save=True,
)
u2 = api.create_user(
email='email2@email2',
name='name2',
do_notify=False,
do_save=True,
)
u3 = api.create_user(
email='notfound@notfound',
name='notfound',
do_notify=False,
do_save=True,
)
wapi = WorkspaceApi(
current_user=admin,
session=self.session,
config=self.app_config,
)
workspace = wapi.create_workspace(
'test workspace n°1',
save_now=True)
wapi = WorkspaceApi(
current_user=admin,
session=self.session,
config=self.app_config,
)
workspace_2 = wapi.create_workspace(
'test workspace n°2',
save_now=True)
role_api = RoleApi(
current_user=admin,
session=self.session,
config=self.app_config,
)
role_api.create_one(u1, workspace, UserRoleInWorkspace.READER, False)
role_api.create_one(u2, workspace_2, UserRoleInWorkspace.READER, False)
role_api.create_one(u3, workspace, UserRoleInWorkspace.READER, False)
role_api.create_one(u3, workspace_2, UserRoleInWorkspace.READER, False)
api2 = UserApi(
current_user=u3,
session=self.session,
config=self.config,
)
users = api2.get_known_user('name', exclude_workspace_ids=[workspace.workspace_id])
assert len(users) == 1
assert users[0] == u2
def test_unit__get_known__user__distinct_workspaces_users_by_name__exclude_workspace(self):
admin = self.session.query(User) \
.filter(User.email == '*****@*****.**') \
.one()
api = UserApi(
current_user=None,
session=self.session,
config=self.app_config,
)
u1 = api.create_user(
email='email@email',
name='name',
do_notify=False,
do_save=True,
)
u2 = api.create_user(
email='email2@email2',
name='name2',
do_notify=False,
do_save=True,
)
u3 = api.create_user(
email='notfound@notfound',
name='notfound',
do_notify=False,
do_save=True,
)
wapi = WorkspaceApi(
current_user=admin,
session=self.session,
config=self.app_config,
)
workspace = wapi.create_workspace(
'test workspace n°1',
save_now=True)
wapi = WorkspaceApi(
current_user=admin,
session=self.session,
config=self.app_config,
)
workspace_2 = wapi.create_workspace(
'test workspace n°2',
save_now=True)
role_api = RoleApi(
current_user=admin,
session=self.session,
config=self.app_config,
)
role_api.create_one(u1, workspace, UserRoleInWorkspace.READER, False)
role_api.create_one(u2, workspace_2, UserRoleInWorkspace.READER, False)
role_api.create_one(u3, workspace, UserRoleInWorkspace.READER, False)
role_api.create_one(u3, workspace_2, UserRoleInWorkspace.READER, False)
api2 = UserApi(
current_user=u3,
session=self.session,
config=self.app_config,
)
users = api2.get_known_user('name', exclude_workspace_ids=[workspace.workspace_id])
assert len(users) == 1
assert users[0] == u2
def test__unit__get_notifiable_roles__ok__nominal_case(self):
admin = self.session.query(User).filter(
User.email == "*****@*****.**").one()
wapi = WorkspaceApi(session=self.session,
config=self.app_config,
current_user=admin)
workspace = wapi.create_workspace(label="workspace w", save_now=True)
uapi = UserApi(session=self.session,
current_user=admin,
config=self.app_config)
user_1 = uapi.create_user(email="[email protected]",
auth_type=AuthType.INTERNAL,
do_save=True,
do_notify=False)
user_2 = uapi.create_user(email="[email protected]",
auth_type=AuthType.INTERNAL,
do_save=True,
do_notify=False)
assert wapi.get_notifiable_roles(workspace=workspace) == []
rapi = RoleApi(session=self.session,
current_user=admin,
config=self.app_config)
role_1 = rapi.create_one(user_1,
workspace,
UserRoleInWorkspace.READER,
with_notif=True)
role_2 = rapi.create_one(user_2,
workspace,
UserRoleInWorkspace.READER,
with_notif=False)
assert role_1 in wapi.get_notifiable_roles(workspace=workspace)
assert role_2 not in wapi.get_notifiable_roles(workspace=workspace)
def test_proxy_workspace_agenda__err__other_workspace_agenda(self) -> None:
dbsession = get_tm_session(self.session_factory, transaction.manager)
admin = dbsession.query(User).filter(
User.email == "*****@*****.**").one()
uapi = UserApi(current_user=admin,
session=dbsession,
config=self.app_config)
gapi = GroupApi(current_user=admin,
session=dbsession,
config=self.app_config)
groups = [gapi.get_one_with_name("users")]
uapi.create_user(
"*****@*****.**",
password="******",
do_save=True,
do_notify=False,
groups=groups,
)
workspace_api = WorkspaceApi(current_user=admin,
session=dbsession,
config=self.app_config,
show_deleted=True)
workspace = workspace_api.create_workspace("test", save_now=True)
transaction.commit()
self.testapp.authorization = ("Basic", ("*****@*****.**",
"*****@*****.**"))
result = self.testapp.get("/agenda/workspace/{}/".format(
workspace.workspace_id),
status=403)
assert result.json_body["code"] == 5001
def test__unit__get_notifiable_roles__ok__do_not_show_inactive(self):
admin = self.session.query(User) \
.filter(User.email == '*****@*****.**').one()
wapi = WorkspaceApi(
session=self.session,
config=self.app_config,
current_user=admin,
)
workspace = wapi.create_workspace(label='workspace w',
save_now=True)
uapi = UserApi(
session=self.session,
current_user=admin,
config=self.app_config
)
user_1 = uapi.create_user(
email='[email protected]',
auth_type=AuthType.INTERNAL,
do_save=True,
do_notify=False
)
user_2 = uapi.create_user(
email='[email protected]',
auth_type=AuthType.INTERNAL,
do_save=True,
do_notify = False
)
assert wapi.get_notifiable_roles(workspace=workspace) == []
rapi = RoleApi(
session=self.session,
current_user=admin,
config=self.app_config,
)
role_1 = rapi.create_one(
user_1,
workspace,
UserRoleInWorkspace.READER,
with_notif=True
)
role_2 = rapi.create_one(
user_2,
workspace,
UserRoleInWorkspace.READER,
with_notif=True
)
assert role_1 in wapi.get_notifiable_roles(workspace=workspace)
assert role_2 in wapi.get_notifiable_roles(workspace=workspace)
user_1.is_active = False
assert not role_1 in wapi.get_notifiable_roles(workspace=workspace)
assert role_2 in wapi.get_notifiable_roles(workspace=workspace)
def test__unit__create_user__err__external_auth_ldap_with_password(self):
api = UserApi(current_user=None, session=self.session, config=self.app_config)
with pytest.raises(ExternalAuthUserPasswordModificationDisallowed):
api.create_user(
email="bob@bob",
password="******",
name="bob",
auth_type=AuthType.LDAP,
timezone="+2",
lang="en",
do_save=True,
do_notify=False,
)
def test__unit__get_notifiable_roles__ok__do_not_show_unknown_auth(self):
admin = self.session.query(User) \
.filter(User.email == '*****@*****.**').one()
wapi = WorkspaceApi(
session=self.session,
config=self.app_config,
current_user=admin,
)
workspace = wapi.create_workspace(label='workspace w', save_now=True)
uapi = UserApi(session=self.session,
current_user=admin,
config=self.app_config)
user_1 = uapi.create_user(email='[email protected]',
auth_type=AuthType.INTERNAL,
do_save=True,
do_notify=False)
user_2 = uapi.create_user(email='[email protected]',
auth_type=AuthType.UNKNOWN,
do_save=True,
do_notify=False)
user_3 = uapi.create_user(email='[email protected]',
auth_type=AuthType.REMOTE,
do_save=True,
do_notify=False)
assert wapi.get_notifiable_roles(workspace=workspace) == []
rapi = RoleApi(
session=self.session,
current_user=admin,
config=self.app_config,
)
role_1 = rapi.create_one(user_1,
workspace,
UserRoleInWorkspace.READER,
with_notif=True)
role_2 = rapi.create_one(user_2,
workspace,
UserRoleInWorkspace.READER,
with_notif=True)
role_3 = rapi.create_one(user_3,
workspace,
UserRoleInWorkspace.READER,
with_notif=True)
assert role_1 in wapi.get_notifiable_roles(workspace=workspace)
assert not role_2 in wapi.get_notifiable_roles(workspace=workspace)
assert role_3 in wapi.get_notifiable_roles(workspace=workspace)
def test_func__create_user_with_mail_notification__ok__nominal_case(self):
api = UserApi(
current_user=None,
session=self.session,
config=self.app_config,
)
u = api.create_user(
email='bob@bob',
password='******',
name='bob',
timezone='+2',
do_save=True,
do_notify=True,
)
assert u is not None
assert u.email == "bob@bob"
assert u.validate_password('password')
assert u.display_name == 'bob'
assert u.timezone == '+2'
# Send mail async from redis queue with daemon
daemon = MailSenderDaemon(self.app_config, burst=True)
daemon.run()
# check mail received
response = self.get_mailhog_mails()
headers = response[0]['Content']['Headers']
assert headers['From'][0] == 'Tracim Notifications <test_user_from+0@localhost>' # nopep8
assert headers['To'][0] == 'bob <bob@bob>'
assert headers['Subject'][0] == '[TRACIM] Created account'
def test_api__try_whoami_enpoint__err_401__user_is_not_active(self):
dbsession = get_tm_session(self.session_factory, transaction.manager)
admin = dbsession.query(User).filter(User.email == "*****@*****.**").one()
uapi = UserApi(current_user=admin, session=dbsession, config=self.app_config)
gapi = GroupApi(current_user=admin, session=dbsession, config=self.app_config)
groups = [gapi.get_one_with_name("users")]
test_user = uapi.create_user(
email="*****@*****.**",
password="******",
name="bob",
groups=groups,
timezone="Europe/Paris",
lang="en",
do_save=True,
do_notify=False,
)
uapi.save(test_user)
uapi.disable(test_user)
transaction.commit()
self.testapp.authorization = ("Basic", ("*****@*****.**", "password"))
res = self.testapp.get("/api/v2/auth/whoami", status=401)
assert isinstance(res.json, dict)
assert "code" in res.json.keys()
# INFO - G.M - 2018-09-10 - Handled by marshmallow_schema
assert res.json_body["code"] is None
assert "message" in res.json.keys()
assert "details" in res.json.keys()
def test_func__create_user_with_mail_notification__ok__nominal_case(self):
api = UserApi(current_user=None,
session=self.session,
config=self.app_config)
u = api.create_user(
email="bob@bob",
password="******",
name="bob",
timezone="+2",
do_save=True,
do_notify=True,
)
assert u is not None
assert u.email == "bob@bob"
assert u.validate_password("password")
assert u.display_name == "bob"
assert u.timezone == "+2"
# Send mail async from redis queue with daemon
daemon = MailSenderDaemon(self.app_config, burst=True)
daemon.run()
# check mail received
response = self.get_mailhog_mails()
headers = response[0]["Content"]["Headers"]
assert headers["From"][
0] == "Tracim Notifications <test_user_from+0@localhost>"
assert headers["To"][0] == "bob <bob@bob>"
assert headers["Subject"][0] == "[TRACIM] Created account"
def test_func__create_user_with_mail_notification__ok__nominal_case(self):
api = UserApi(
current_user=None,
session=self.session,
config=self.app_config,
)
u = api.create_user(
email='bob@bob',
password='******',
name='bob',
timezone='+2',
lang='fr',
do_save=True,
do_notify=True,
)
assert u is not None
assert u.email == "bob@bob"
assert u.validate_password('password')
assert u.display_name == 'bob'
assert u.timezone == '+2'
# check mail received
response = self.get_mailhog_mails()
headers = response[0]['Content']['Headers']
assert headers['From'][
0] == 'Tracim Notifications <test_user_from+0@localhost>' # nopep8
assert headers['To'][0] == 'bob <bob@bob>'
assert headers['Subject'][0] == '[TRACIM] Created account'
def create_user(self, context, request: TracimRequest, hapic_data=None):
"""
Create new user. Note: One of username or email required.
"""
app_config = request.registry.settings["CFG"] # type: CFG
uapi = UserApi(
current_user=request.current_user, session=request.dbsession, config=app_config # User
)
if hapic_data.body.profile:
profile = Profile.get_profile_from_slug(hapic_data.body.profile)
else:
profile = None
password = hapic_data.body.password
if not password and hapic_data.body.email_notification:
password = password_generator()
user = uapi.create_user(
auth_type=AuthType.UNKNOWN,
email=hapic_data.body.email,
password=password,
timezone=hapic_data.body.timezone,
lang=hapic_data.body.lang,
name=hapic_data.body.public_name,
username=hapic_data.body.username,
do_notify=hapic_data.body.email_notification,
allowed_space=hapic_data.body.allowed_space,
profile=profile,
do_save=True,
)
uapi.execute_created_user_actions(user)
return uapi.get_user_with_context(user)
def test_functional__webdav_access_to_root__remote_auth(self) -> None:
dbsession = get_tm_session(self.session_factory, transaction.manager)
admin = dbsession.query(User) \
.filter(User.email == '*****@*****.**') \
.one()
uapi = UserApi(
current_user=admin,
session=dbsession,
config=self.app_config,
)
gapi = GroupApi(
current_user=admin,
session=dbsession,
config=self.app_config,
)
groups = [gapi.get_one_with_name('users')]
user = uapi.create_user(
'*****@*****.**',
password=None,
do_save=True,
do_notify=False,
groups=groups,
auth_type=AuthType.REMOTE
)
uapi.save(user)
transaction.commit()
extra_environ = {
'REMOTE_USER': '******',
}
res = self.testapp.get('/', status=200, extra_environ=extra_environ)
assert res
def test_unit_update__ok_external_auth_ldap(self):
api = UserApi(
current_user=None,
session=self.session,
config=self.app_config,
)
u = api.create_user(
email='bob@bob',
password=None,
name='bob',
auth_type=AuthType.LDAP,
timezone='+2',
lang='en',
do_save=True,
do_notify=False,
)
api.update(
email='bob@bob',
user = u,
name='bobi',
password=None,
auth_type=AuthType.LDAP,
timezone='-1',
lang='fr',
do_save=True,
)
assert u.display_name == 'bobi'
def test_unit__get_known__user__admin__by_name(self):
api = UserApi(current_user=None, session=self.session, config=self.app_config)
u1 = api.create_user(email="email@email", name="name", do_notify=False, do_save=True)
users = api.get_known_user("nam")
assert len(users) == 1
assert users[0] == u1
def test_func__create_user_with_mail_notification__ok__nominal_case(self):
api = UserApi(
current_user=None,
session=self.session,
config=self.app_config,
)
u = api.create_user(
email='bob@bob',
password='******',
name='bob',
timezone='+2',
do_save=True,
do_notify=True,
)
assert u is not None
assert u.email == "bob@bob"
assert u.validate_password('password')
assert u.display_name == 'bob'
assert u.timezone == '+2'
# Send mail async from redis queue
redis = get_redis_connection(self.app_config)
queue = get_rq_queue(
redis,
'mail_sender',
)
worker = SimpleWorker([queue], connection=queue.connection)
worker.work(burst=True)
# check mail received
response = self.get_mailhog_mails()
headers = response[0]['Content']['Headers']
assert headers['From'][
0] == 'Tracim Notifications <test_user_from+0@localhost>' # nopep8
assert headers['To'][0] == 'bob <bob@bob>'
assert headers['Subject'][0] == '[TRACIM] Created account'
def test_functional__webdav_access_to_root__nominal_case(self) -> None:
dbsession = get_tm_session(self.session_factory, transaction.manager)
admin = dbsession.query(User) \
.filter(User.email == '*****@*****.**') \
.one()
uapi = UserApi(
current_user=admin,
session=dbsession,
config=self.app_config,
)
gapi = GroupApi(
current_user=admin,
session=dbsession,
config=self.app_config,
)
groups = [gapi.get_one_with_name('users')]
user = uapi.create_user('*****@*****.**', password='******', do_save=True, do_notify=False, groups=groups) # nopep8
transaction.commit()
self.testapp.authorization = (
'Basic',
(
'*****@*****.**',
'*****@*****.**'
)
)
res = self.testapp.get('/', status=200)
assert res
def test_unit__get_known__user__user__no_workspace_empty_known_user(self):
admin = self.session.query(User).filter(User.email == "*****@*****.**").one()
api = UserApi(current_user=admin, session=self.session, config=self.app_config)
u1 = api.create_user(email="email@email", name="name", do_notify=False, do_save=True)
api2 = UserApi(current_user=u1, session=self.session, config=self.app_config)
users = api2.get_known_user("email")
assert len(users) == 0
def create_user(self, context, request: TracimRequest, hapic_data=None):
"""
Create new user
"""
app_config = request.registry.settings['CFG']
uapi = UserApi(
current_user=request.current_user, # User
session=request.dbsession,
config=app_config,
)
gapi = GroupApi(
current_user=request.current_user, # User
session=request.dbsession,
config=app_config,
)
groups = [gapi.get_one_with_name(hapic_data.body.profile)]
password = hapic_data.body.password
if not password and hapic_data.body.email_notification:
password = password_generator()
user = uapi.create_user(
auth_type=AuthType.UNKNOWN,
email=hapic_data.body.email,
password=password,
timezone=hapic_data.body.timezone,
lang=hapic_data.body.lang,
name=hapic_data.body.public_name,
do_notify=hapic_data.body.email_notification,
groups=groups,
do_save=True
)
return uapi.get_user_with_context(user)
def test_proxy_user_agenda__ok__nominal_case(self) -> None:
dbsession = get_tm_session(self.session_factory, transaction.manager)
admin = dbsession.query(User).filter(
User.email == "*****@*****.**").one()
uapi = UserApi(current_user=admin,
session=dbsession,
config=self.app_config)
gapi = GroupApi(current_user=admin,
session=dbsession,
config=self.app_config)
groups = [gapi.get_one_with_name("users")]
user = uapi.create_user(
"*****@*****.**",
password="******",
do_save=True,
do_notify=False,
groups=groups,
)
transaction.commit()
self.testapp.authorization = ("Basic", ("*****@*****.**",
"*****@*****.**"))
self.testapp.get("/agenda/user/{}/".format(user.user_id), status=404)
event = VALID_CALDAV_BODY_PUT_EVENT
self.testapp.put("/agenda/user/{}/".format(user.user_id),
event,
content_type="text/calendar",
status=201)
self.testapp.get("/agenda/user/{}/".format(user.user_id), status=200)
self.testapp.delete("/agenda/user/{}/".format(user.user_id),
status=200)
def test_unit_update__ok_external_auth_ldap(self):
api = UserApi(
current_user=None,
session=self.session,
config=self.app_config,
)
u = api.create_user(
email='bob@bob',
password=None,
name='bob',
auth_type=AuthType.LDAP,
timezone='+2',
lang='en',
do_save=True,
do_notify=False,
)
api.update(
email='bob@bob',
user=u,
name='bobi',
password=None,
auth_type=AuthType.LDAP,
timezone='-1',
lang='fr',
do_save=True,
)
assert u.display_name == 'bobi'
def test_unit_update__err__external_auth_ldap_set_email(self):
api = UserApi(
current_user=None,
session=self.session,
config=self.app_config,
)
u = api.create_user(
email='bob@bob',
password=None,
name='bob',
auth_type=AuthType.LDAP,
timezone='+2',
lang='en',
do_save=True,
do_notify=False,
)
with pytest.raises(ExternalAuthUserEmailModificationDisallowed):
api.update(
email='bob@bob1',
user=u,
name='bobi',
password=None,
auth_type=AuthType.LDAP,
timezone='-1',
lang='fr',
do_save=True,
)
def test_unit_update__err__external_auth_ldap_set_email(self):
api = UserApi(
current_user=None,
session=self.session,
config=self.app_config,
)
u = api.create_user(
email='bob@bob',
password=None,
name='bob',
auth_type=AuthType.LDAP,
timezone='+2',
lang='en',
do_save=True,
do_notify=False,
)
with pytest.raises(ExternalAuthUserEmailModificationDisallowed):
api.update(
email='bob@bob1',
user = u,
name='bobi',
password=None,
auth_type=AuthType.LDAP,
timezone='-1',
lang='fr',
do_save=True,
)
def test_api___simple_search_ok__no_search_string(self) -> None:
dbsession = get_tm_session(self.session_factory, transaction.manager)
admin = dbsession.query(User).filter(User.email == "*****@*****.**").one()
uapi = UserApi(current_user=admin, session=dbsession, config=self.app_config)
gapi = GroupApi(current_user=admin, session=dbsession, config=self.app_config)
groups = [gapi.get_one_with_name("trusted-users")]
user = uapi.create_user(
"*****@*****.**",
password="******",
do_save=True,
do_notify=False,
groups=groups,
)
workspace_api = WorkspaceApi(
current_user=admin, session=dbsession, config=self.app_config, show_deleted=True
)
workspace = workspace_api.create_workspace("test", save_now=True)
rapi = RoleApi(current_user=admin, session=dbsession, config=self.app_config)
rapi.create_one(user, workspace, UserRoleInWorkspace.WORKSPACE_MANAGER, False)
api = ContentApi(session=dbsession, current_user=user, config=self.app_config)
api.create(
content_type_slug="html-document", workspace=workspace, label="test", do_save=True
)
transaction.commit()
self.testapp.authorization = ("Basic", ("*****@*****.**", "*****@*****.**"))
res = self.testapp.get("/api/v2/search/content".format(), status=200)
search_result = res.json_body
assert search_result
assert search_result["total_hits"] == 0
assert search_result["is_total_hits_accurate"] is True
assert len(search_result["contents"]) == 0
def test_unit__disable_user___err__user_cant_disable_itself(self):
api = UserApi(
current_user=None,
session=self.session,
config=self.app_config,
)
gapi = GroupApi(
current_user=None,
session=self.session,
config=self.app_config,
)
groups = [gapi.get_one_with_name('users')]
user = api.create_user(
email='*****@*****.**',
password='******',
name='bob',
groups=groups,
timezone='Europe/Paris',
do_save=True,
do_notify=False,
)
api2 = UserApi(current_user=user,
session=self.session,
config=self.app_config)
from tracim_backend.exceptions import UserCantDisableHimself
with pytest.raises(UserCantDisableHimself):
api2.disable(user)
def create_user(self, context, request: TracimRequest, hapic_data=None):
"""
Create new user
"""
app_config = request.registry.settings['CFG']
uapi = UserApi(
current_user=request.current_user, # User
session=request.dbsession,
config=app_config,
)
gapi = GroupApi(
current_user=request.current_user, # User
session=request.dbsession,
config=app_config,
)
groups = [gapi.get_one_with_name(hapic_data.body.profile)]
user = uapi.create_user(email=hapic_data.body.email,
password=hapic_data.body.password,
timezone=hapic_data.body.timezone,
lang=hapic_data.body.lang,
name=hapic_data.body.public_name,
do_notify=hapic_data.body.email_notification,
groups=groups,
do_save=True)
return uapi.get_user_with_context(user)
def test_unit__disable_user___err__user_cant_disable_itself(self):
api = UserApi(
current_user=None,
session=self.session,
config=self.app_config,
)
gapi = GroupApi(
current_user=None,
session=self.session,
config=self.app_config,
)
groups = [gapi.get_one_with_name('users')]
user = api.create_user(
email='*****@*****.**',
password='******',
name='bob',
groups=groups,
timezone='Europe/Paris',
do_save=True,
do_notify=False,
)
api2 = UserApi(current_user=user,session=self.session, config=self.app_config)
from tracim_backend.exceptions import UserCantDisableHimself
with pytest.raises(UserCantDisableHimself):
api2.disable(user)
def test_func__create_user_with_mail_notification__ok__nominal_case(self):
api = UserApi(
current_user=None,
session=self.session,
config=self.app_config,
)
u = api.create_user(
email='bob@bob',
password='******',
name='bob',
timezone='+2',
do_save=True,
do_notify=True,
)
assert u is not None
assert u.email == "bob@bob"
assert u.validate_password('pass')
assert u.display_name == 'bob'
assert u.timezone == '+2'
# Send mail async from redis queue with daemon
daemon = MailSenderDaemon(self.app_config, burst=True)
daemon.run()
# check mail received
response = requests.get('http://127.0.0.1:8025/api/v1/messages')
response = response.json()
headers = response[0]['Content']['Headers']
assert headers['From'][
0] == 'Tracim Notifications <test_user_from+0@localhost>' # nopep8
assert headers['To'][0] == 'bob <bob@bob>'
assert headers['Subject'][0] == '[TRACIM] Created account'
def create_user(self, context, request: TracimRequest, hapic_data=None):
"""
Create new user
"""
app_config = request.registry.settings["CFG"] # type: CFG
uapi = UserApi(
current_user=request.current_user,
session=request.dbsession,
config=app_config # User
)
gapi = GroupApi(
current_user=request.current_user,
session=request.dbsession,
config=app_config # User
)
groups = [gapi.get_one_with_name(hapic_data.body.profile)]
password = hapic_data.body.password
if not password and hapic_data.body.email_notification:
password = password_generator()
user = uapi.create_user(
auth_type=AuthType.UNKNOWN,
email=hapic_data.body.email,
password=password,
timezone=hapic_data.body.timezone,
lang=hapic_data.body.lang,
name=hapic_data.body.public_name,
do_notify=hapic_data.body.email_notification,
groups=groups,
do_save=True,
)
uapi.execute_created_user_actions(user)
return uapi.get_user_with_context(user)
def test_api___simple_search_ok__by_comment_content(
self,
created_content_name,
search_string,
nb_content_result,
first_search_result_content_name,
first_created_comment_content,
second_created_comment_content,
) -> None:
dbsession = get_tm_session(self.session_factory, transaction.manager)
admin = dbsession.query(User).filter(User.email == "*****@*****.**").one()
uapi = UserApi(current_user=admin, session=dbsession, config=self.app_config)
gapi = GroupApi(current_user=admin, session=dbsession, config=self.app_config)
groups = [gapi.get_one_with_name("trusted-users")]
user = uapi.create_user(
"*****@*****.**",
password="******",
do_save=True,
do_notify=False,
groups=groups,
)
workspace_api = WorkspaceApi(
current_user=admin, session=dbsession, config=self.app_config, show_deleted=True
)
workspace = workspace_api.create_workspace("test", save_now=True)
rapi = RoleApi(current_user=admin, session=dbsession, config=self.app_config)
rapi.create_one(user, workspace, UserRoleInWorkspace.WORKSPACE_MANAGER, False)
api = ContentApi(session=dbsession, current_user=user, config=self.app_config)
content = api.create(
content_type_slug="html-document",
workspace=workspace,
label=created_content_name,
do_save=True,
)
api.create_comment(
workspace=workspace, parent=content, content=first_created_comment_content, do_save=True
)
api.create_comment(
workspace=workspace,
parent=content,
content=second_created_comment_content,
do_save=True,
)
api.create(
content_type_slug="html-document", workspace=workspace, label="report", do_save=True
)
api.create(
content_type_slug="thread", workspace=workspace, label="discussion", do_save=True
)
transaction.commit()
self.testapp.authorization = ("Basic", ("*****@*****.**", "*****@*****.**"))
params = {"search_string": search_string}
res = self.testapp.get("/api/v2/search/content".format(), status=200, params=params)
search_result = res.json_body
assert search_result
assert search_result["total_hits"] == nb_content_result
assert search_result["is_total_hits_accurate"] is False
assert search_result["contents"][0]["label"] == first_search_result_content_name
def test_proxy_user_agenda__ok__workspace_filter(self) -> None:
dbsession = get_tm_session(self.session_factory, transaction.manager)
admin = dbsession.query(User).filter(
User.email == "*****@*****.**").one()
uapi = UserApi(current_user=admin,
session=dbsession,
config=self.app_config)
gapi = GroupApi(current_user=admin,
session=dbsession,
config=self.app_config)
groups = [gapi.get_one_with_name("users")]
user = uapi.create_user(
"*****@*****.**",
password="******",
do_save=True,
do_notify=False,
groups=groups,
)
workspace_api = WorkspaceApi(current_user=admin,
session=dbsession,
config=self.app_config,
show_deleted=True)
workspace = workspace_api.create_workspace("wp1", save_now=True)
workspace.agenda_enabled = True
workspace2 = workspace_api.create_workspace("wp2", save_now=True)
workspace2.agenda_enabled = True
workspace3 = workspace_api.create_workspace("wp3", save_now=True)
workspace3.agenda_enabled = True
rapi = RoleApi(current_user=admin,
session=dbsession,
config=self.app_config)
rapi.create_one(user, workspace, UserRoleInWorkspace.CONTRIBUTOR,
False)
rapi.create_one(user, workspace2, UserRoleInWorkspace.READER, False)
rapi.create_one(user, workspace3, UserRoleInWorkspace.READER, False)
transaction.commit()
self.testapp.authorization = ("Basic", ("*****@*****.**",
"*****@*****.**"))
params = {
"workspace_ids":
"{},{}".format(workspace.workspace_id, workspace3.workspace_id),
"agenda_types":
"workspace",
}
result = self.testapp.get("/api/v2/users/{}/agenda".format(
user.user_id),
params=params,
status=200)
assert len(result.json_body) == 2
agenda = result.json_body[0]
assert agenda[
"agenda_url"] == "http://localhost:6543/agenda/workspace/{}/".format(
workspace.workspace_id)
assert agenda["with_credentials"] is True
agenda = result.json_body[1]
assert agenda[
"agenda_url"] == "http://localhost:6543/agenda/workspace/{}/".format(
workspace3.workspace_id)
assert agenda["with_credentials"] is True
def test_api__elasticsearch_search__ok__in_file_ingest_search(self):
dbsession = get_tm_session(self.session_factory, transaction.manager)
admin = dbsession.query(User).filter(
User.email == "*****@*****.**").one()
uapi = UserApi(current_user=admin,
session=dbsession,
config=self.app_config)
gapi = GroupApi(current_user=admin,
session=dbsession,
config=self.app_config)
groups = [gapi.get_one_with_name("trusted-users")]
user = uapi.create_user(
"*****@*****.**",
password="******",
do_save=True,
do_notify=False,
groups=groups,
)
workspace_api = WorkspaceApi(current_user=admin,
session=dbsession,
config=self.app_config,
show_deleted=True)
workspace = workspace_api.create_workspace("test", save_now=True)
rapi = RoleApi(current_user=admin,
session=dbsession,
config=self.app_config)
rapi.create_one(user, workspace, UserRoleInWorkspace.WORKSPACE_MANAGER,
False)
api = ContentApi(session=dbsession,
current_user=user,
config=self.app_config)
with self.session.no_autoflush:
text_file = api.create(
content_type_slug=content_type_list.File.slug,
workspace=workspace,
label="important",
do_save=False,
)
api.update_file_data(text_file, "test_file", "text/plain",
b"we need to find stringtosearch here !")
api.save(text_file)
api.execute_created_content_actions(text_file)
content_id = text_file.content_id
transaction.commit()
self.refresh_elasticsearch()
params = {"search_string": "stringtosearch"}
self.testapp.authorization = ("Basic", ("*****@*****.**",
"*****@*****.**"))
res = self.testapp.get("/api/v2/search/content".format(),
status=200,
params=params)
search_result = res.json_body
assert search_result
assert search_result["total_hits"] == 1
assert search_result["is_total_hits_accurate"] is True
assert len(search_result["contents"]) == 1
assert search_result["contents"][0]["content_id"] == content_id
def test_unit__get_known__user__user__no_workspace_empty_known_user(
self, session, app_config, admin_user
):
api = UserApi(current_user=admin_user, session=session, config=app_config)
u1 = api.create_user(email="email@email", name="name", do_notify=False, do_save=True)
api2 = UserApi(current_user=u1, session=session, config=app_config)
users = api2.get_known_user("email")
assert len(users) == 0
def test_unit__disable_user___ok__nominal_case(self):
api = UserApi(
current_user=None,
session=self.session,
config=self.app_config,
)
gapi = GroupApi(
current_user=None,
session=self.session,
config=self.app_config,
)
groups = [gapi.get_one_with_name('users')]
user = api.create_user(
email='*****@*****.**',
password='******',
name='bob',
groups=groups,
timezone='Europe/Paris',
do_save=True,
do_notify=False,
)
user2 = api.create_user(
email='*****@*****.**',
password='******',
name='bob2',
groups=groups,
timezone='Europe/Paris',
do_save=True,
do_notify=False,
)
api2 = UserApi(current_user=user,session=self.session, config=self.app_config)
from tracim_backend.exceptions import UserCantDisableHimself
api2.disable(user2)
updated_user2 = api.get_one(user2.user_id)
assert updated_user2.is_active == False
assert updated_user2.user_id == user2.user_id
assert updated_user2.email == user2.email
def test_unit__get_known__user__admin__too_short_acp_str(self):
api = UserApi(
current_user=None,
session=self.session,
config=self.app_config,
)
u1 = api.create_user(
email='email@email',
name='name',
do_notify=False,
do_save=True,
)
with pytest.raises(TooShortAutocompleteString):
api.get_known_user('e')
def test_unit__get_known__user__admin__by_name(self):
api = UserApi(
current_user=None,
session=self.session,
config=self.app_config,
)
u1 = api.create_user(
email='email@email',
name='name',
do_notify=False,
do_save=True,
)
users = api.get_known_user('nam')
assert len(users) == 1
assert users[0] == u1
def test__unit__create_user__err__external_auth_ldap_with_password(self):
api = UserApi(
current_user=None,
session=self.session,
config=self.app_config,
)
with pytest.raises(ExternalAuthUserPasswordModificationDisallowed):
u = api.create_user(
email='bob@bob',
password='******',
name='bob',
auth_type=AuthType.LDAP,
timezone='+2',
lang='en',
do_save=True,
do_notify=False,
)
def test_api__try_whoami_enpoint__err_401__user_is_not_active(self):
dbsession = get_tm_session(self.session_factory, transaction.manager)
admin = dbsession.query(User) \
.filter(User.email == '*****@*****.**') \
.one()
uapi = UserApi(
current_user=admin,
session=dbsession,
config=self.app_config,
)
gapi = GroupApi(
current_user=admin,
session=dbsession,
config=self.app_config,
)
groups = [gapi.get_one_with_name('users')]
test_user = uapi.create_user(
email='*****@*****.**',
password='******',
name='bob',
groups=groups,
timezone='Europe/Paris',
lang='en',
do_save=True,
do_notify=False,
)
uapi.save(test_user)
uapi.disable(test_user)
transaction.commit()
self.testapp.authorization = (
'Basic',
(
'*****@*****.**',
'password'
)
)
res = self.testapp.get('/api/v2/auth/whoami', status=401)
assert isinstance(res.json, dict)
assert 'code' in res.json.keys()
# INFO - G.M - 2018-09-10 - Handled by marshmallow_schema
assert res.json_body['code'] is None
assert 'message' in res.json.keys()
assert 'details' in res.json.keys()
def test_api__try_login_enpoint__err_401__user_not_activated(self):
dbsession = get_tm_session(self.session_factory, transaction.manager)
admin = dbsession.query(User) \
.filter(User.email == '*****@*****.**') \
.one()
uapi = UserApi(
current_user=admin,
session=dbsession,
config=self.app_config,
)
gapi = GroupApi(
current_user=admin,
session=dbsession,
config=self.app_config,
)
groups = [gapi.get_one_with_name('users')]
test_user = uapi.create_user(
email='*****@*****.**',
password='******',
name='bob',
groups=groups,
timezone='Europe/Paris',
do_save=True,
do_notify=False,
)
uapi.save(test_user)
uapi.disable(test_user)
transaction.commit()
params = {
'email': '*****@*****.**',
'password': '******',
}
res = self.testapp.post_json(
'/api/v2/auth/login',
params=params,
status=403,
)
assert res.json_body
assert 'code' in res.json_body
assert res.json_body['code'] == error.AUTHENTICATION_FAILED
def test__unit__create__user__ok_nominal_case(self):
api = UserApi(
current_user=None,
session=self.session,
config=self.app_config,
)
u = api.create_user(
email='bob@bob',
password='******',
name='bob',
timezone='+2',
lang='en',
do_save=True,
do_notify=False,
)
assert u is not None
assert u.email == "bob@bob"
assert u.validate_password('password')
assert u.display_name == 'bob'
assert u.timezone == '+2'
assert u.lang == 'en'
def test_api__try_whoami_enpoint__err_401__user_is_not_active(self):
dbsession = get_tm_session(self.session_factory, transaction.manager)
admin = dbsession.query(User) \
.filter(User.email == '*****@*****.**') \
.one()
uapi = UserApi(
current_user=admin,
session=dbsession,
config=self.app_config,
)
gapi = GroupApi(
current_user=admin,
session=dbsession,
config=self.app_config,
)
groups = [gapi.get_one_with_name('users')]
test_user = uapi.create_user(
email='*****@*****.**',
password='******',
name='bob',
groups=groups,
timezone='Europe/Paris',
do_save=True,
do_notify=False,
)
uapi.save(test_user)
uapi.disable(test_user)
transaction.commit()
headers_auth = {
'Tracim-Api-Key': 'mysuperapikey',
'Tracim-Api-Login': '******',
}
res = self.testapp.get(
'/api/v2/auth/whoami',
status=401,
headers=headers_auth
)
assert isinstance(res.json, dict)
assert 'code' in res.json.keys()
assert res.json_body['code'] is None
def test__unit__create__user__ok__external_auth_ldap(self):
api = UserApi(
current_user=None,
session=self.session,
config=self.app_config,
)
u = api.create_user(
email='bob@bob',
password=None,
name='bob',
auth_type=AuthType.LDAP,
timezone='+2',
lang='en',
do_save=True,
do_notify=False,
)
assert u is not None
assert u.email == "bob@bob"
assert u.validate_password(None) is False
assert u.display_name == 'bob'
assert u.timezone == '+2'
assert u.lang == 'en'
def test_unit__get_known__user__user__no_workspace_empty_known_user(self):
admin = self.session.query(User) \
.filter(User.email == '*****@*****.**') \
.one()
api = UserApi(
current_user=admin,
session=self.session,
config=self.app_config,
)
u1 = api.create_user(
email='email@email',
name='name',
do_notify=False,
do_save=True,
)
api2 = UserApi(
current_user=u1,
session=self.session,
config=self.app_config,
)
users = api2.get_known_user('email')
assert len(users) == 0
def test_unit__authenticate_user___err__user_not_active(self):
api = UserApi(
current_user=None,
session=self.session,
config=self.app_config,
)
gapi = GroupApi(
current_user=None,
session=self.session,
config=self.app_config,
)
groups = [gapi.get_one_with_name('users')]
user = api.create_user(
email='*****@*****.**',
password='******',
name='bob',
groups=groups,
timezone='Europe/Paris',
do_save=True,
do_notify=False,
)
api.disable(user)
with pytest.raises(AuthenticationFailed):
api.authenticate('*****@*****.**', '*****@*****.**')
def create_workspaces_members_role(
self,
context,
request: TracimRequest,
hapic_data=None
) -> UserRoleWorkspaceInContext:
"""
Add a member to this workspace.
This feature is for workspace managers and administrators.
"""
newly_created = False
email_sent = False
app_config = request.registry.settings['CFG'] # type: CFG
rapi = RoleApi(
current_user=request.current_user,
session=request.dbsession,
config=app_config,
)
uapi = UserApi(
current_user=request.current_user,
session=request.dbsession,
config=app_config,
show_deactivated=True,
show_deleted=True,
)
try:
_, user = uapi.find(
user_id=hapic_data.body.user_id,
email=hapic_data.body.user_email,
public_name=hapic_data.body.user_public_name
)
if user.is_deleted:
raise UserIsDeleted('This user has been deleted. Unable to invite him.') # nopep8
if not user.is_active:
raise UserIsNotActive('This user is not activated. Unable to invite him') # nopep8
except UserDoesNotExist as exc:
if not uapi.allowed_to_invite_new_user(hapic_data.body.user_email):
raise exc
if app_config.NEW_USER_INVITATION_DO_NOTIFY:
user = uapi.create_user(
auth_type=AuthType.UNKNOWN,
email=hapic_data.body.user_email,
password=password_generator(),
do_notify=True
)
if app_config.EMAIL_NOTIFICATION_ACTIVATED and \
app_config.NEW_USER_INVITATION_DO_NOTIFY and \
app_config.EMAIL_NOTIFICATION_PROCESSING_MODE.lower() == 'sync':
email_sent = True
else:
user = uapi.create_user(
auth_type=AuthType.UNKNOWN,
email=hapic_data.body.user_email,
password=None,
do_notify=False
)
newly_created = True
role = rapi.create_one(
user=user,
workspace=request.current_workspace,
role_level=WorkspaceRoles.get_role_from_slug(hapic_data.body.role).level, # nopep8
with_notif=app_config.EMAIl_NOTIFICATION_ENABLED_ON_INVITATION,
flush=True,
)
return rapi.get_user_role_workspace_with_context(
role,
newly_created=newly_created,
email_sent=email_sent,
)
