def DISABLED__test_cascading_delete(self):
        from webidentity.models import Persona
        from webidentity.models import User
        from webidentity.models import UserAttribute
        from webidentity.models import VisitedSite

        user = User(u'john.doe', u'secret', u'*****@*****.**')
        user.personas.append(
            Persona(u'Test persönä', attributes=[
                UserAttribute(type_uri, value)
                for type_uri, value
                in DUMMY_USER_ATTRIBUTES.iteritems()]))
        user.personas.append(
            Persona(u'Reversed persönä', attributes=[
                UserAttribute(type_uri, ''.join(reversed(value)))
                for type_uri, value
                in DUMMY_USER_ATTRIBUTES.iteritems()]))

        site1 = VisitedSite('http://www.rp.com', remember=False)
        site2 = VisitedSite('http://www.plone.org', remember=True)
        site2.persona = user.personas[0]

        user.visited_sites.append(site1)
        user.visited_sites.append(site2)

        session = DBSession()
        session.add(user)
        session.flush()

        self.assertEquals(2, len(session.query(User).get(1).personas))
        self.assertEquals(2, len(session.query(User).get(1).visited_sites))
        self.assertEquals(6, len(session.query(User).get(1).personas[0].attributes))

        session.query(User).filter_by(username=u'john.doe').delete()
        session.flush()

        self.assertEquals(0, session.query(User).count())
        self.assertEquals(0, session.query(Persona).count())
        self.assertEquals(0, session.query(UserAttribute).count())
        self.assertEquals(0, session.query(VisitedSite).count())
    def test_visited_sites__not_empty(self):
        from webidentity.views.user import visited_sites

        self.config.testing_securitypolicy(userid=u"dokai")

        session = DBSession()
        user = User("dokai", "secret", "*****@*****.**")

        user.personas.append(
            Persona(
                u"Test persönä",
                attributes=[UserAttribute(type_uri, value) for type_uri, value in DUMMY_USER_ATTRIBUTES.iteritems()],
            )
        )

        site1 = VisitedSite("http://www.rp.com", remember=False)
        site2 = VisitedSite("http://www.plone.org", remember=True)
        site2.persona = user.personas[0]

        user.visited_sites.append(site1)
        user.visited_sites.append(site2)

        user.activity.append(
            Activity(
                ipaddr="1.2.3.4",
                session="session1",
                action=Activity.AUTHORIZE_ONCE,
                url="http://www.rp.com",
                timestamp=datetime(2010, 1, 15, 12, 0),
            )
        )
        user.activity.append(
            Activity(
                ipaddr="2.3.4.5",
                session="session2",
                action=Activity.AUTHORIZE_ONCE,
                url="http://www.plone.org",
                timestamp=datetime(2010, 3, 24, 15, 23),
            )
        )
        user.activity.append(
            Activity(
                ipaddr="2.3.4.5",
                session="session3",
                action=Activity.AUTHORIZE,
                url="http://www.plone.org",
                timestamp=datetime(2010, 11, 15, 17, 9),
            )
        )

        session.add(user)

        request = testing.DummyRequest()
        self.assertEquals(
            visited_sites(request),
            {
                "action_url": "form_action",
                "sites": [
                    {
                        "url": u"http://www.plone.org",
                        "timestamp": "15.11.2010 17:09",
                        "persona": {"id": 1, "edit_url": "http://fo.bar/", "name": u"Test persönä"},
                        "id": 2,
                        "remember": "checked",
                    },
                    {
                        "url": u"http://www.rp.com",
                        "timestamp": "15.01.2010 12:00",
                        "persona": None,
                        "id": 1,
                        "remember": None,
                    },
                ],
            },
        )
Esempio n. 3
0
def confirm(request):
    """Confirmation for an OpenID authentication request."""
    user = authenticated_user(request)
    if user is not None and 'form.submitted' in request.params:
        if request.POST.get('csrf_token') != request.session.get_csrf_token():
            raise Forbidden

        session = DBSession()
        result = session.query(CheckIdRequest)\
                    .filter_by(key=request.environ.get('repoze.browserid', ''))\
                    .first()

        if result is not None:
            openid_request = result.request
            session.delete(result)
        else:
            # TODO: Return an error message
            return HTTPBadRequest('Invalid confirmation request')

        if 'accept' in request.params:
            ax_attributes = get_ax_attributes(request)

            visit = session.query(VisitedSite)\
                        .join(User)\
                        .filter(User.id == user.id)\
                        .filter(VisitedSite.trust_root == openid_request.trust_root)\
                        .first()
            if visit is None:
                # This is the first time the user is visiting this RP
                visit = VisitedSite(openid_request.trust_root)
                user.visited_sites.append(visit)

            visit.remember = 'remember' in request.params

            try:
                persona_id = int(request.params.get('persona'))
                # Make sure that the referenced persona actually belongs to the user
                persona = session.query(Persona)\
                            .join(User)\
                            .filter(User.id == user.id)\
                            .filter(Persona.id == persona_id)\
                            .first()
                if persona is not None:
                    visit.persona = persona
            except (TypeError, ValueError):
                pass

            session.add(visit)

            identity = identity_url(request, user.username)
            openid_response = openid_request.answer(True, identity=identity)
            add_ax_response(openid_request, openid_response, ax_attributes)
            add_sreg_response(openid_request, openid_response, ax_attributes)

            if visit.remember:
                log_activity(request, Activity.AUTHORIZE, openid_request.trust_root)
            else:
                log_activity(request, Activity.AUTHORIZE_ONCE, openid_request.trust_root)

        else:
            log_activity(request, Activity.DENY, openid_request.trust_root)
            openid_response = openid_request.answer(False)

        store = AlchemyStore(session)
        openid_server = server.Server(store, route_url('openid_endpoint', request))

        response = webob_response(openid_server.encodeResponse(openid_response), request)
        response.headerlist.extend(forget(request))

        return response

    return HTTPBadRequest('Invalid confirmation request')