def DISABLED__test_cascading_delete(self): from webidentity.models import Persona from webidentity.models import User from webidentity.models import UserAttribute from webidentity.models import VisitedSite user = User(u'john.doe', u'secret', u'*****@*****.**') user.personas.append( Persona(u'Test persönä', attributes=[ UserAttribute(type_uri, value) for type_uri, value in DUMMY_USER_ATTRIBUTES.iteritems()])) user.personas.append( Persona(u'Reversed persönä', attributes=[ UserAttribute(type_uri, ''.join(reversed(value))) for type_uri, value in DUMMY_USER_ATTRIBUTES.iteritems()])) site1 = VisitedSite('http://www.rp.com', remember=False) site2 = VisitedSite('http://www.plone.org', remember=True) site2.persona = user.personas[0] user.visited_sites.append(site1) user.visited_sites.append(site2) session = DBSession() session.add(user) session.flush() self.assertEquals(2, len(session.query(User).get(1).personas)) self.assertEquals(2, len(session.query(User).get(1).visited_sites)) self.assertEquals(6, len(session.query(User).get(1).personas[0].attributes)) session.query(User).filter_by(username=u'john.doe').delete() session.flush() self.assertEquals(0, session.query(User).count()) self.assertEquals(0, session.query(Persona).count()) self.assertEquals(0, session.query(UserAttribute).count()) self.assertEquals(0, session.query(VisitedSite).count())
def test_visited_sites__not_empty(self): from webidentity.views.user import visited_sites self.config.testing_securitypolicy(userid=u"dokai") session = DBSession() user = User("dokai", "secret", "*****@*****.**") user.personas.append( Persona( u"Test persönä", attributes=[UserAttribute(type_uri, value) for type_uri, value in DUMMY_USER_ATTRIBUTES.iteritems()], ) ) site1 = VisitedSite("http://www.rp.com", remember=False) site2 = VisitedSite("http://www.plone.org", remember=True) site2.persona = user.personas[0] user.visited_sites.append(site1) user.visited_sites.append(site2) user.activity.append( Activity( ipaddr="1.2.3.4", session="session1", action=Activity.AUTHORIZE_ONCE, url="http://www.rp.com", timestamp=datetime(2010, 1, 15, 12, 0), ) ) user.activity.append( Activity( ipaddr="2.3.4.5", session="session2", action=Activity.AUTHORIZE_ONCE, url="http://www.plone.org", timestamp=datetime(2010, 3, 24, 15, 23), ) ) user.activity.append( Activity( ipaddr="2.3.4.5", session="session3", action=Activity.AUTHORIZE, url="http://www.plone.org", timestamp=datetime(2010, 11, 15, 17, 9), ) ) session.add(user) request = testing.DummyRequest() self.assertEquals( visited_sites(request), { "action_url": "form_action", "sites": [ { "url": u"http://www.plone.org", "timestamp": "15.11.2010 17:09", "persona": {"id": 1, "edit_url": "http://fo.bar/", "name": u"Test persönä"}, "id": 2, "remember": "checked", }, { "url": u"http://www.rp.com", "timestamp": "15.01.2010 12:00", "persona": None, "id": 1, "remember": None, }, ], }, )
def confirm(request): """Confirmation for an OpenID authentication request.""" user = authenticated_user(request) if user is not None and 'form.submitted' in request.params: if request.POST.get('csrf_token') != request.session.get_csrf_token(): raise Forbidden session = DBSession() result = session.query(CheckIdRequest)\ .filter_by(key=request.environ.get('repoze.browserid', ''))\ .first() if result is not None: openid_request = result.request session.delete(result) else: # TODO: Return an error message return HTTPBadRequest('Invalid confirmation request') if 'accept' in request.params: ax_attributes = get_ax_attributes(request) visit = session.query(VisitedSite)\ .join(User)\ .filter(User.id == user.id)\ .filter(VisitedSite.trust_root == openid_request.trust_root)\ .first() if visit is None: # This is the first time the user is visiting this RP visit = VisitedSite(openid_request.trust_root) user.visited_sites.append(visit) visit.remember = 'remember' in request.params try: persona_id = int(request.params.get('persona')) # Make sure that the referenced persona actually belongs to the user persona = session.query(Persona)\ .join(User)\ .filter(User.id == user.id)\ .filter(Persona.id == persona_id)\ .first() if persona is not None: visit.persona = persona except (TypeError, ValueError): pass session.add(visit) identity = identity_url(request, user.username) openid_response = openid_request.answer(True, identity=identity) add_ax_response(openid_request, openid_response, ax_attributes) add_sreg_response(openid_request, openid_response, ax_attributes) if visit.remember: log_activity(request, Activity.AUTHORIZE, openid_request.trust_root) else: log_activity(request, Activity.AUTHORIZE_ONCE, openid_request.trust_root) else: log_activity(request, Activity.DENY, openid_request.trust_root) openid_response = openid_request.answer(False) store = AlchemyStore(session) openid_server = server.Server(store, route_url('openid_endpoint', request)) response = webob_response(openid_server.encodeResponse(openid_response), request) response.headerlist.extend(forget(request)) return response return HTTPBadRequest('Invalid confirmation request')