def test_touch(self): with self.app.test_request_context('/'): db.initialize() user = WBUserModel(username='******', password='******') db.session.add(user) db.session.commit() WBSessionModel.session_max_idle_time = 3 session = WBSessionModel(user.id) db.session.add(session) db.session.commit() sleep(1) self.assertTrue(session.touch()) read_session = WBSessionModel.query.get(session.id) self.assertTrue(read_session) self.assertNotEqual(read_session.created, read_session.accessed) self.assertNotAlmostEqual(read_session.created, arrow.utcnow(), delta=timedelta(seconds=1)) self.assertAlmostEqual(read_session.accessed, arrow.utcnow(), delta=timedelta(seconds=2)) sleep(1) self.assertTrue(session.touch()) read_session = WBSessionModel.query.get(session.id) self.assertTrue(read_session) self.assertNotEqual(read_session.created, read_session.accessed) self.assertNotAlmostEqual(read_session.created, arrow.utcnow(), delta=timedelta(seconds=1)) self.assertAlmostEqual(read_session.accessed, arrow.utcnow(), delta=timedelta(seconds=2)) sleep(4) self.assertFalse(session.touch()) read_session = WBSessionModel.query.get(session.id) self.assertFalse(read_session)
def test_field_limits(self): """Test that length limit on username is enforced.""" with self.app.test_request_context('/'): db.initialize() long_username = self.str_n(51) self.assertEqual(len(long_username), 51) user = WBUserModel(username=long_username, password='******') db.session.add(user) if db.engine.name == 'mysql': self.assertRaises(Warning, db.session.commit) db.session.rollback() elif db.engine.name == 'postgresql': # FIXME: Should be # self.assertRaises(psycopg2.DataError, # db.session.commit), but does not work. self.assertRaises(Exception, db.session.commit) db.session.rollback() else: db.session.commit() user = WBUserModel.query.order_by(WBUserModel.id).first() if db.engine.name == 'sqlite': # sqlite ignore field length. self.assertEqual(user.username, long_username) else: self.assertIsNone(user)
def test_roles(self): """Test user role assignment.""" with self.app.test_request_context('/'): db.initialize() user = WBUserModel(username='******', password='******') db.session.add(user) role_names = ['a', 'b', 'c', 'd'] roles = [] for r in role_names: role = WBRoleModel(rolename=r) db.session.add(role) user.roles.append(role) roles.append(role) db.session.commit() read_user = WBUserModel.query.get(user.id) self.assertEqual(read_user.roles, roles) read_user.roles.remove(roles[2]) db.session.add(user) db.session.commit() read_user = WBUserModel.query.get(user.id) self.assertNotIn(roles[2], read_user.roles) self.assertIn(roles[3], read_user.roles) role = WBRoleModel(rolename='e') user.roles.append(role) db.session.add(user) db.session.commit() read_user = WBUserModel.query.get(user.id) self.assertIn(role, read_user.roles)
def setUp(self): self.resource_name = 'TestResource' super(ApiAccessTestCase, self).setUp() with self.app.test_request_context('/'): db.initialize() # Create some roles self.r1 = WBRoleModel(rolename='admin') db.session.add(self.r1) self.r2 = WBRoleModel(rolename='manager') db.session.add(self.r2) self.r3 = WBRoleModel(rolename='user') db.session.add(self.r3) db.session.commit() # Create some users self.u1 = WBUserModel(username='******', password='******', roles=[self.r1]) db.session.add(self.u1) self.u2 = WBUserModel(username='******', password='******', roles=[self.r2]) db.session.add(self.u2) self.u3 = WBUserModel(username='******', password='******', roles=[self.r3]) db.session.add(self.u3) db.session.commit() self.u1 = self.u1.id self.u2 = self.u2.id self.u3 = self.u3.id self.r1 = self.r1.id self.r2 = self.r2.id self.r3 = self.r3.id
def test_anonymous_role(self): """Verify that the anonymous role is created.""" with self.app.test_request_context('/'): db.initialize() role = WBRoleModel.query.filter_by( rolename=WBRoleModel.anonymous_role_name).first() self.assertIsNotNone(role)
def setUp(self): super(RecordAPITestCase, self).setUp() self.api = Api(self.app) with self.app.test_request_context('/'): db.initialize() # Create some roles self.r1 = WBRoleModel(rolename='admin') db.session.add(self.r1) self.r2 = WBRoleModel(rolename='manager') db.session.add(self.r2) self.r3 = WBRoleModel(rolename='user') db.session.add(self.r3) db.session.commit() # Create some users self.u1 = WBUserModel(username='******', password='******', roles=[self.r1]) db.session.add(self.u1) self.u2 = WBUserModel(username='******', password='******', roles=[self.r2]) db.session.add(self.u2) self.u3 = WBUserModel(username='******', password='******', roles=[self.r3]) db.session.add(self.u3) db.session.commit() self.u1 = self.u1.id self.u2 = self.u2.id self.u3 = self.u3.id # Create some data self.d1 = MyTestModel(title='Alice in Wonderland', author='Lewis Caroll', owner_id=self.u1) db.session.add(self.d1) self.d2 = MyTestModel(title='SpongeBob', author='Stephen Hillenburg', owner_id=self.u2) db.session.add(self.d2) self.d3 = MyTestModel(title='Où est Charlie?', author='Martin Handford', owner_id=self.u3) db.session.add(self.d3) db.session.commit() self.d1 = self.d1.id self.d2 = self.d2.id self.d3 = self.d3.id
def test_duplicate(self): with self.app.test_request_context("/"): db.initialize() role1 = WBRoleModel(rolename="a") db.session.add(role1) db.session.commit() ace1 = RecordACLModel(record_type="TestRecordType1", record_id=1, user_role_id=role1.id, permission="read") ace2 = RecordACLModel(record_type="TestRecordType1", record_id=1, user_role_id=role1.id, permission="read") db.session.add_all([ace1, ace2]) self.assertRaises(IntegrityError, db.session.commit) db.session.rollback()
def setUp(self): super(SessionTestCase, self).setUp() add_session_management_urls(self.app) with self.app.test_request_context('/'): db.initialize() # Create a user self.u1 = WBUserModel(username='******', password='******', roles=[]) db.session.add(self.u1) db.session.commit() self.u1 = self.u1.id
def test_creation(self): with self.app.test_request_context('/'): db.initialize() role1 = WBRoleModel(rolename='a') role2 = WBRoleModel(rolename='b') db.session.add_all([role1, role2]) db.session.commit() ace1 = RecordACLModel(record_type='TestRecordType1', record_id=1, user_role_id=role1.id, permission='read') ace2 = RecordACLModel(record_type='TestRecordType1', record_id=1, user_role_id=role1.id, permission='update') ace3 = RecordACLModel(record_type='TestRecordType1', record_id=1, user_role_id=role1.id, permission='delete') ace4 = RecordACLModel(record_type='TestRecordType1', record_id=1, user_role_id=role2.id, permission='read') ace5 = RecordACLModel(record_type='TestRecordType1', record_id=1, user_role_id=role2.id, permission='update') ace6 = RecordACLModel(record_type='TestRecordType1', record_id=1, user_role_id=role2.id, permission='delete') db.session.add_all([ace1, ace2, ace3, ace4, ace5, ace6]) db.session.commit() ace7 = RecordACLModel(record_type='TestRecordType1', record_id=1, user_role_id=role2.id, permission='transmogrify') db.session.add(ace7) if db.engine.name == 'sqlite': self.assertRaises(IntegrityError, db.session.commit) db.session.rollback() elif db.engine.name == 'mysql': self.assertRaises(Warning, db.session.commit) db.session.rollback() else: db.session.commit
def setUp(self): super(AuthenticatorTestCase, self).setUp() add_session_management_urls(self.app) self.app.add_url_rule('/test', 'test', needs_authenticated_user_function, methods=['GET']) with self.app.test_request_context('/'): db.initialize() # Create a user self.u1 = WBUserModel(username='******', password='******', roles=[]) db.session.add(self.u1) db.session.commit() self.u1 = self.u1.id
def test_unique_name(self): """Test that we cannot add two users with the same username.""" with self.app.test_request_context('/'): db.initialize() db.session.add(WBUserModel(username='******', password='******')) db.session.commit() db.session.add(WBUserModel(username='******', password='******')) self.assertRaises(IntegrityError, db.session.commit) db.session.rollback() # Check that duplicate password do not raise an exception. db.session.add(WBUserModel(username='******', password='******')) db.session.commit()
def test_store_hashed_password(self): """Test that the password is stored as a hash.""" with self.app.test_request_context('/'): password = self.str_n(1024) self.assertEqual(len(password), 1024) hashed_password = WBUserModel.hash_password(password) self.assertEqual(len(hashed_password), 64) db.initialize() user = WBUserModel(username='******', password=password) db.session.add(user) db.session.commit() read_user = WBUserModel.query.get(user.id) self.assertEqual(read_user.id, user.id) self.assertEqual(read_user.hashed_password, hashed_password)
def test_creation(self): with self.app.test_request_context('/'): db.initialize() user = WBUserModel(username='******', password='******') db.session.add(user) db.session.commit() session = WBSessionModel(user.id) db.session.add(session) db.session.commit() read_session = WBSessionModel.query.get(session.id) self.assertEqual(read_session.user_id, user.id) self.assertEqual(len(read_session.session_id), 2*WBSessionModel.session_id_byte_length) self.assertEqual(len(read_session.secret), 2*WBSessionModel.secret_byte_length) self.assertEqual(read_session.created, read_session.accessed) self.assertAlmostEqual(read_session.created, arrow.utcnow(), delta=timedelta(seconds=1))
def test_duplicate(self): with self.app.test_request_context('/'): db.initialize() role1 = WBRoleModel(rolename='a') db.session.add(role1) db.session.commit() ace1 = RecordACLModel(record_type='TestRecordType1', record_id=1, user_role_id=role1.id, permission='read') ace2 = RecordACLModel(record_type='TestRecordType1', record_id=1, user_role_id=role1.id, permission='read') db.session.add_all([ace1, ace2]) self.assertRaises(IntegrityError, db.session.commit) db.session.rollback()
def test_creation(self): with self.app.test_request_context('/'): db.initialize() user = WBUserModel(username='******', password='******') db.session.add(user) db.session.commit() session = WBSessionModel(user.id) db.session.add(session) db.session.commit() read_session = WBSessionModel.query.get(session.id) self.assertEqual(read_session.user_id, user.id) self.assertEqual(len(read_session.session_id), 2 * WBSessionModel.session_id_byte_length) self.assertEqual(len(read_session.secret), 2 * WBSessionModel.secret_byte_length) self.assertEqual(read_session.created, read_session.accessed) self.assertAlmostEqual(read_session.created, arrow.utcnow(), delta=timedelta(seconds=1))
def setUp(self): super(RecordAPITestCase, self).setUp() self.api = Api(self.app) with self.app.test_request_context("/"): db.initialize() # Create some roles self.r1 = WBRoleModel(rolename="admin") db.session.add(self.r1) self.r2 = WBRoleModel(rolename="manager") db.session.add(self.r2) self.r3 = WBRoleModel(rolename="user") db.session.add(self.r3) db.session.commit() # Create some users self.u1 = WBUserModel(username="******", password="******", roles=[self.r1]) db.session.add(self.u1) self.u2 = WBUserModel(username="******", password="******", roles=[self.r2]) db.session.add(self.u2) self.u3 = WBUserModel(username="******", password="******", roles=[self.r3]) db.session.add(self.u3) db.session.commit() self.u1 = self.u1.id self.u2 = self.u2.id self.u3 = self.u3.id # Create some data self.d1 = MyTestModel(title="Alice in Wonderland", author="Lewis Caroll", owner_id=self.u1) db.session.add(self.d1) self.d2 = MyTestModel(title="SpongeBob", author="Stephen Hillenburg", owner_id=self.u2) db.session.add(self.d2) self.d3 = MyTestModel(title="Où est Charlie?", author="Martin Handford", owner_id=self.u3) db.session.add(self.d3) db.session.commit() self.d1 = self.d1.id self.d2 = self.d2.id self.d3 = self.d3.id
def test_creation(self): with self.app.test_request_context("/"): db.initialize() role1 = WBRoleModel(rolename="a") role2 = WBRoleModel(rolename="b") db.session.add_all([role1, role2]) db.session.commit() ace1 = RecordACLModel(record_type="TestRecordType1", record_id=1, user_role_id=role1.id, permission="read") ace2 = RecordACLModel( record_type="TestRecordType1", record_id=1, user_role_id=role1.id, permission="update" ) ace3 = RecordACLModel( record_type="TestRecordType1", record_id=1, user_role_id=role1.id, permission="delete" ) ace4 = RecordACLModel(record_type="TestRecordType1", record_id=1, user_role_id=role2.id, permission="read") ace5 = RecordACLModel( record_type="TestRecordType1", record_id=1, user_role_id=role2.id, permission="update" ) ace6 = RecordACLModel( record_type="TestRecordType1", record_id=1, user_role_id=role2.id, permission="delete" ) db.session.add_all([ace1, ace2, ace3, ace4, ace5, ace6]) db.session.commit() ace7 = RecordACLModel( record_type="TestRecordType1", record_id=1, user_role_id=role2.id, permission="transmogrify" ) db.session.add(ace7) if db.engine.name == "sqlite": self.assertRaises(IntegrityError, db.session.commit) db.session.rollback() elif db.engine.name == "mysql": self.assertRaises(Warning, db.session.commit) db.session.rollback() else: db.session.commit
def test_creation_invalid_user_id(self): with self.app.test_request_context('/'): db.initialize() self.assertRaises(ArgumentError, WBSessionModel, 42) db.session.rollback()
def test_anonymous_role(self): """Verify that the anonymous role is created.""" with self.app.test_request_context('/'): db.initialize() role = WBRoleModel.query.filter_by(rolename=WBRoleModel.anonymous_role_name).first() self.assertIsNotNone(role)
def populate_db(): db.initialize() anonymous_role_id = WBRoleModel.get_anonymous_role_id() admin_role_id = UserModel.get_admin_role_id() admin_role = WBRoleModel.query.get(admin_role_id); user_role_id = UserModel.get_user_role_id() user_role = WBRoleModel.query.get(user_role_id); data = {'username': "******", 'password': '******', 'name': "Alice Allard", 'roles': [user_role]} user = UserModel(**data) db.session.add(user) db.session.commit() alice_id = user.id data = {'username': "******", 'password': '******', 'name': "Bob Binette", 'roles': [user_role]} user = UserModel(**data) db.session.add(user) db.session.commit() bob_id = user.id data = {'username': "******", 'password': '******', 'name': "Charles Charette", 'roles': [admin_role]} user = UserModel(**data) db.session.add(user) db.session.commit() charles_id = user.id root_id = FolderNodeModel.get_root_id() data = {'title': 'usr', 'parent_node_id': root_id, 'owner_id': alice_id} vs = FolderNodeModel(**data) db.session.add(vs) data = {'title': 'var', 'parent_node_id': root_id, 'owner_id': alice_id} vs = FolderNodeModel(**data) db.session.add(vs) db.session.commit() var_id = vs.id data = {'title': 'home', 'parent_node_id': root_id, 'owner_id': bob_id} vs = FolderNodeModel(**data) db.session.add(vs) db.session.commit() home_id = vs.id data = [ {'record_type': 'ContentNode', 'record_id': home_id, 'user_role_id': anonymous_role_id, 'permission': 'read'}, ] for d in data: acl = RecordACLModel(**d) db.session.add(acl) db.session.commit() data = {'title': 'Lorem', 'body': 'Lorem ipsum dolor'} vs = DocumentModel(**data) db.session.add(vs) db.session.commit() data = {'document_id': vs.id, 'parent_node_id': home_id, 'owner_id': alice_id} doc = DocumentNodeModel(**data) db.session.add(doc) db.session.commit() data = {'title': 'Sit amet', 'body': 'Consectetur adipiscing elit'} vs = DocumentModel(**data) db.session.add(vs) db.session.commit() data = {'document_id': vs.id, 'parent_node_id': var_id, 'owner_id': alice_id} doc = DocumentNodeModel(**data) db.session.add(doc) db.session.commit() return 'DB Initialization Done'
def setUp(self): super(RecordAccessTestCase, self).setUp() with self.app.test_request_context('/'): db.initialize() # Create some roles self.r1 = WBRoleModel(rolename='admin') db.session.add(self.r1) self.r2 = WBRoleModel(rolename='manager') db.session.add(self.r2) self.r3 = WBRoleModel(rolename='user') db.session.add(self.r3) db.session.commit() # Create some users self.u1 = WBUserModel(username='******', password='******', roles=[self.r1]) db.session.add(self.u1) self.u2 = WBUserModel(username='******', password='******', roles=[self.r2]) db.session.add(self.u2) self.u3 = WBUserModel(username='******', password='******', roles=[self.r3]) db.session.add(self.u3) db.session.commit() self.u1 = self.u1.id self.u2 = self.u2.id self.u3 = self.u3.id self.r1 = self.r1.id self.r2 = self.r2.id self.r3 = self.r3.id # Create some data self.d1 = MyModel(title='a', owner_id=self.u1) db.session.add(self.d1) self.d2 = MyModel(title='a', owner_id=self.u1) db.session.add(self.d2) self.d3 = MyModel(title='a', owner_id=self.u2) db.session.add(self.d3) self.d4 = MyModel(title='a', owner_id=self.u3) db.session.add(self.d4) db.session.commit() self.d1 = self.d1.id self.d2 = self.d2.id self.d3 = self.d3.id self.d4 = self.d4.id # Add some access control records anon = WBRoleModel.get_anonymous_role_id() db.session.add_all( make_record_acl( record_types=['My'], record_ids=[self.d1, self.d2, self.d3, self.d4], user_role_ids=[self.r1], permissions=['read', 'update', 'delete'])) db.session.add_all( make_record_acl( record_types=['My'], record_ids=[self.d1, self.d2, self.d3, self.d4], user_role_ids=[self.r2], permissions=['read'])) db.session.add_all( make_record_acl(record_types=['My'], record_ids=[self.d3, self.d4], user_role_ids=[self.r2], permissions=['update', 'delete'])) db.session.add_all( make_record_acl( record_types=['My'], record_ids=[self.d1, self.d2, self.d3, self.d4], user_role_ids=[self.r3], permissions=['read'])) db.session.add_all( make_record_acl(record_types=['My'], record_ids=[self.d3, self.d4], user_role_ids=[anon], permissions=['read'])) db.session.commit()
def setUp(self): super(RecordAccessTestCase, self).setUp() with self.app.test_request_context('/'): db.initialize() # Create some roles self.r1 = WBRoleModel(rolename='admin') db.session.add(self.r1) self.r2 = WBRoleModel(rolename='manager') db.session.add(self.r2) self.r3 = WBRoleModel(rolename='user') db.session.add(self.r3) db.session.commit() # Create some users self.u1 = WBUserModel(username='******', password='******', roles=[self.r1]) db.session.add(self.u1) self.u2 = WBUserModel(username='******', password='******', roles=[self.r2]) db.session.add(self.u2) self.u3 = WBUserModel(username='******', password='******', roles=[self.r3]) db.session.add(self.u3) db.session.commit() self.u1 = self.u1.id self.u2 = self.u2.id self.u3 = self.u3.id self.r1 = self.r1.id self.r2 = self.r2.id self.r3 = self.r3.id # Create some data self.d1 = MyModel(title='a', owner_id=self.u1) db.session.add(self.d1) self.d2 = MyModel(title='a', owner_id=self.u1) db.session.add(self.d2) self.d3 = MyModel(title='a', owner_id=self.u2) db.session.add(self.d3) self.d4 = MyModel(title='a', owner_id=self.u3) db.session.add(self.d4) db.session.commit() self.d1 = self.d1.id self.d2 = self.d2.id self.d3 = self.d3.id self.d4 = self.d4.id # Add some access control records anon = WBRoleModel.get_anonymous_role_id() db.session.add_all(make_record_acl(record_types=['My'], record_ids=[self.d1, self.d2, self.d3, self.d4], user_role_ids=[self.r1], permissions=['read', 'update', 'delete'])) db.session.add_all(make_record_acl(record_types=['My'], record_ids=[self.d1, self.d2, self.d3, self.d4], user_role_ids=[self.r2], permissions=['read'])) db.session.add_all(make_record_acl(record_types=['My'], record_ids=[self.d3, self.d4], user_role_ids=[self.r2], permissions=['update', 'delete'])) db.session.add_all(make_record_acl(record_types=['My'], record_ids=[self.d1, self.d2, self.d3, self.d4], user_role_ids=[self.r3], permissions=['read'])) db.session.add_all(make_record_acl(record_types=['My'], record_ids=[self.d3, self.d4], user_role_ids=[anon], permissions=['read'])) db.session.commit()