def testGetAdminByUsername(self):
"""Test if getting by email works as intended."""
# The email should not exist initially.
self.assertIsNone(models.AdminUser.get_by_email(self.FAKE_ADMIN_EMAIL))
admin_user = models.AdminUser()
admin_user.email = self.FAKE_ADMIN_EMAIL
admin_user.set_password(self.FAKE_ADMIN_PASSWORD)
admin_user.save()
self.assertIsNotNone(
models.AdminUser.get_by_email(self.FAKE_ADMIN_EMAIL))
self.assertEquals(models.AdminUser.get_by_email(self.FAKE_ADMIN_EMAIL),
admin_user)
admin_user_2 = models.AdminUser()
admin_user_2.email = self.FAKE_ADMIN_EMAIL_2
admin_user_2.set_password(self.FAKE_ADMIN_PASSWORD)
admin_user_2.save()
self.assertIsNotNone(
models.AdminUser.get_by_email(self.FAKE_ADMIN_EMAIL_2))
self.assertEquals(
models.AdminUser.get_by_email(self.FAKE_ADMIN_EMAIL_2),
admin_user_2)
admin_user.delete()
self.assertIsNone(models.AdminUser.get_by_email(self.FAKE_ADMIN_EMAIL))
def setup_admin():
"""Create the first admin in the system from the setup page.
Returns:
A json message indicating a redirect to login if successful.
"""
config = ufo.get_user_config()
if config.isConfigured:
flask.abort(403,
ufo.get_json_message('cantSetAdminAfterInitialSetupError'))
admin_email = flask.request.form.get('admin_email', None)
admin_password = flask.request.form.get('admin_password', None)
if admin_email is None or admin_password is None:
flask.abort(403, ufo.get_json_message('noAdministratorError'))
admin_user = models.AdminUser(email=admin_email)
admin_user.set_password(admin_password)
admin_user.save()
config.isConfigured = True
config.should_show_recaptcha = False
config.save()
response_json = json.dumps(({'shouldRedirect': True}))
return flask.Response(ufo.XSSI_PREFIX + response_json,
headers=ufo.JSON_HEADERS)
def setup_auth(self):
"""Sets up a user in the database and in the current session."""
user = models.AdminUser()
user.email = FAKE_ADMIN_EMAIL
user.set_password(FAKE_ADMIN_PASSWORD)
user.save()
with self.client as c:
with c.session_transaction() as sess:
sess['email'] = FAKE_ADMIN_EMAIL
def testAdminUserToDict(self):
"""Whether the necessary fields match in a dictionary representation."""
admin_user = models.AdminUser()
admin_user.email = self.FAKE_ADMIN_EMAIL
admin_user.set_password(self.FAKE_ADMIN_PASSWORD)
admin_user.save()
admin_dict = admin_user.to_dict()
self.assertEqual(admin_dict['id'], admin_user.id)
self.assertEqual(admin_dict['email'], admin_user.email)
self.assertNotIn('password', admin_dict)
def add_admin():
"""Stores new admin in the database on post.
Returns:
A redirect to the admin_list handler after inserting the specified admin.
"""
admin_email = flask.request.form.get('admin_email', None)
admin_password = flask.request.form.get('admin_password', None)
if admin_email is not None or admin_password is not None:
admin_user = models.AdminUser(email=json.loads(admin_email))
admin_user.set_password(json.loads(admin_password))
try:
admin_user.save()
except custom_exceptions.UnableToSaveToDB as e:
flask.abort(e.code, e.message)
return flask.redirect(flask.url_for('admin_list'))
def testAdminPassword(self):
"""Test that setting password and comparing works."""
other_password = '******'
self.assertNotEqual(other_password, self.FAKE_ADMIN_PASSWORD)
admin_user = models.AdminUser()
admin_user.email = self.FAKE_ADMIN_EMAIL
admin_user.set_password(self.FAKE_ADMIN_PASSWORD)
admin_user.save()
self.assertTrue(
admin_user.does_password_match(self.FAKE_ADMIN_PASSWORD))
self.assertFalse(admin_user.does_password_match(other_password))
admin_user.set_password(other_password)
admin_user.save()
self.assertTrue(admin_user.does_password_match(other_password))
self.assertFalse(
admin_user.does_password_match(self.FAKE_ADMIN_PASSWORD))
def setup():
"""Handle showing the user the setup page and processing the response.
Returns:
On get: a rendered setup page template with appropriate resources passed
in. On post: a rendered setup page template with the error set in event of
a known error, a 403 flask.abort in the event of a FlowExchangeError
during oauth, or a redirect back to get the setup page on success.
"""
config = ufo.get_user_config()
flow = oauth.getOauthFlow()
oauth_url = flow.step1_get_authorize_url()
oauth_resources_dict = _get_oauth_configration_resources_dict(
config, oauth_url)
if flask.request.method == 'GET':
return flask.render_template(
'setup.html',
oauth_url=oauth_url,
oauth_configuration_resources=json.dumps(oauth_resources_dict))
credentials = None
domain = flask.request.form.get('domain', None)
if flask.request.form.get('oauth_code', None):
try:
credentials = flow.step2_exchange(flask.request.form['oauth_code'])
except oauth2client.client.FlowExchangeError as e:
flask.abort(403) # TODO better error
apiClient = credentials.authorize(httplib2.Http())
plusApi = discovery.build(serviceName='plus',
version='v1',
http=apiClient)
adminApi = discovery.build(serviceName='admin',
version='directory_v1',
http=apiClient)
try:
profileResult = plusApi.people().get(userId='me').execute()
if domain is None or domain != profileResult.get('domain', None):
return flask.render_template(
'setup.html',
error=DOMAIN_INVALID_TEXT,
oauth_configuration_resources=json.dumps(
oauth_resources_dict))
user_id = profileResult['id']
userResult = adminApi.users().get(userKey=user_id).execute()
if not userResult.get('isAdmin', False):
return flask.render_template(
'setup.html',
error=NON_ADMIN_TEXT,
oauth_configuration_resources=json.dumps(
oauth_resources_dict))
except Exception as e:
ufo.app.logger.error(e, exc_info=True)
return flask.render_template(
'setup.html',
error=str(e),
oauth_configuration_resources=json.dumps(oauth_resources_dict))
if not config.isConfigured:
admin_email = flask.request.form.get('admin_email', None)
admin_password = flask.request.form.get('admin_password', None)
if admin_email is None or admin_password is None:
return flask.render_template(
'setup.html',
error=NO_ADMINISTRATOR,
oauth_configuration_resources=json.dumps(oauth_resources_dict))
admin_user = models.AdminUser(email=admin_email)
admin_user.set_password(admin_password)
admin_user.save()
# if credentials were set above, moved down here to give us a chance to error
# out of admin user and password, could be moved inline with proper form
# validation for that (we also don't want to create a user if another step
# is going to fail)
if credentials is not None:
config.credentials = credentials.to_json()
config.domain = domain
flask.session['domain'] = domain
config.isConfigured = True
config.should_show_recaptcha = False
config.save()
return flask.redirect(flask.url_for('setup'))