def test_login_post(self): kwargs = dict(email=u'*****@*****.**', password='******', can_login=True) u = User(**kwargs) self.session.add(u) self.session.commit() rv = self.client.post('/user/login', data=kwargs) self.assertEquals(rv.status_code, 302, "expected 302, got:" + rv.status) # wrong password d = dict(kwargs) d['password'] = '******' rv = self.client.post('/user/login', data=d) self.assertEquals(rv.status_code, 401, "expected 401, got:" + rv.status) # login disabled u.can_login = False self.session.commit() rv = self.client.post('/user/login', data=kwargs) self.assertEquals(rv.status_code, 401, "expected 401, got:" + rv.status)
def test_login_post(session: Session, client: FlaskClient) -> None: kwargs = { "email": "*****@*****.**", "password": "******", "can_login": True } user = User(**kwargs) session.add(user) session.flush() response = client.post("/user/login", data=kwargs) assert response.status_code == 302 # wrong password d = dict(kwargs) d["password"] = "******" response = client.post("/user/login", data=d) assert response.status_code == 401 # login disabled # pyre-fixme[8]: Attribute has type `Column`; used as `bool`. user.can_login = False session.flush() response = client.post("/user/login", data=kwargs) assert response.status_code == 401
def test_non_ascii_password(self): """Ensure we can store and test non ascii password without any UnicodeEncodeError """ user = User() try: user.set_password(u'Hé') except UnicodeEncodeError, e: self.fail(e)
def test_non_ascii_password(): """Ensure we can store and test non-ascii password without any UnicodeEncodeError.""" user = User() user.set_password("Hé") if not isinstance(user.password, str): # when actually retrieved from database, it should be Unicode user.password = str(user.password) assert user.authenticate("Hé")
def admin_user(db: SQLAlchemy) -> User: user = User( first_name="Jim", last_name="Admin", email="*****@*****.**", password="******", can_login=True, ) user.is_admin = True db.session.add(user) db.session.flush() return user
def init_user(): user = User(first_name="Joe", last_name="User", email=TEST_EMAIL, password=TEST_PASSWORD) db.session.add(user) db.session.flush()
def test_api_post(self): kwargs = dict( email='*****@*****.**', password='******', can_login=True, ) u = User(**kwargs) self.session.add(u) self.session.commit() rv = self.client.post( '/user/api/login', data=json.dumps(kwargs), content_type='application/json', ) assert rv.status_code == 200 assert rv.json == { 'email': '*****@*****.**', 'username': '******', 'fullname': 'Unknown', 'next_url': '', } rv = self.client.post('/user/api/logout') assert rv.status_code == 200
def setUp(self): super(TestNotificationViews, self).setUp() self.user = User(email=u'*****@*****.**', password='******', can_login=True) self.session.add(self.user) self.session.commit()
def test_grant_basic_roles(self): user = User(email="*****@*****.**", password="******") self.session.add(user) self.session.flush() # everybody always has role Anonymous assert security.has_role(user, Anonymous) security.grant_role(user, Admin) assert security.has_role(user, Admin) assert security.get_roles(user) == [Admin] assert security.get_roles(user) == ['admin'] assert security.get_principals(Admin) == [user] # clear roles cache for better coverage: has_permission uses # _fill_role_cache_batch(), get_roles uses _fill_role_cache() delattr(user, '__roles_cache__') assert security.has_permission(user, "read") assert security.has_permission(user, "write") assert security.has_permission(user, "manage") security.ungrant_role(user, "admin") assert not security.has_role(user, "admin") assert security.get_roles(user) == [] assert security.get_principals(Admin) == [] assert not security.has_permission(user, "read") assert not security.has_permission(user, "write") assert not security.has_permission(user, "manage")
def test_has_permission_custom_roles(self): user = User(email="*****@*****.**", password="******") self.session.add(user) self.session.flush() role = Role('custom_role') permission = Permission('custom permission') assert not security.has_permission(user, permission, roles=role) security.grant_role(user, role) assert not security.has_permission(user, permission) assert security.has_permission(user, permission, roles=role) # Permission always granted if Anonymous role assert security.has_permission(user, permission, roles=Anonymous) # test convert legacy permission & implicit mapping security.grant_role(user, 'reader') assert security.has_permission(user, 'read') assert not security.has_permission(user, 'write') assert not security.has_permission(user, 'manage') security.grant_role(user, 'writer') assert security.has_permission(user, 'read') assert security.has_permission(user, 'write') assert not security.has_permission(user, 'manage') security.grant_role(user, 'manager') assert security.has_permission(user, 'read') assert security.has_permission(user, 'write') assert security.has_permission(user, 'manage')
def test_has_role_authenticated(self): anon = self.app.login_manager.anonymous_user() user = User(email="*****@*****.**", password="******") self.session.add(user) self.session.flush() assert not security.has_role(anon, Authenticated) assert security.has_role(user, Authenticated)
def test_grant_basic_roles_on_groups(self): user = User(email="*****@*****.**", password="******") group = Group(name="Test Group") user.groups.add(group) self.session.add(user) self.session.flush() security.grant_role(group, "admin") assert security.has_role(group, "admin") assert security.get_roles(group) == ['admin'] assert security.get_principals(Admin) == [group] assert security.has_role(user, Admin) assert security.has_permission(user, "read") assert security.has_permission(user, "write") assert security.has_permission(user, "manage") security.ungrant_role(group, "admin") assert not security.has_role(group, "admin") assert security.get_roles(group) == [] assert security.get_principals(Admin) == [] assert not security.has_role(user, "admin") assert not security.has_permission(user, "read") assert not security.has_permission(user, "write") assert not security.has_permission(user, "manage")
def setUp(self): BaseTestCase.setUp(self) self.user = User( email=u'*****@*****.**', first_name=u'John', last_name=u'Doe', can_login=True) self.session.add(self.user) self.session.commit()
def test_has_permission_custom_roles(session: Session) -> None: user = User(email="*****@*****.**", password="******") session.add(user) session.flush() role = Role("custom_role") permission = Permission("custom permission") assert not security.has_permission(user, permission, roles=role) security.grant_role(user, role) assert not security.has_permission(user, permission) assert security.has_permission(user, permission, roles=role) # Permission always granted if Anonymous role assert security.has_permission(user, permission, roles=Anonymous) # test convert legacy permission & implicit mapping security.grant_role(user, "reader") assert security.has_permission(user, "read") assert not security.has_permission(user, "write") assert not security.has_permission(user, "manage") security.grant_role(user, "writer") assert security.has_permission(user, "read") assert security.has_permission(user, "write") assert not security.has_permission(user, "manage") security.grant_role(user, "manager") assert security.has_permission(user, "read") assert security.has_permission(user, "write") assert security.has_permission(user, "manage")
def test_has_role_authenticated(app: Application, session: Session) -> None: anon = app.login_manager.anonymous_user() user = User(email="*****@*****.**", password="******") session.add(user) session.flush() assert not security.has_role(anon, Authenticated) assert security.has_role(user, Authenticated)
def test_grant_basic_roles_on_groups(session: Session) -> None: user = User(email="*****@*****.**", password="******") group = Group(name="Test Group") # pyre-fixme[16]: `User` has no attribute `groups`. user.groups.add(group) session.add(user) session.flush() security.grant_role(group, "admin") assert security.has_role(group, "admin") assert security.get_roles(group) == ["admin"] assert security.get_principals(Admin) == [group] assert security.has_role(user, Admin) assert security.has_permission(user, "read") assert security.has_permission(user, "write") assert security.has_permission(user, "manage") security.ungrant_role(group, "admin") assert not security.has_role(group, "admin") assert security.get_roles(group) == [] assert security.get_principals(Admin) == [] assert not security.has_role(user, "admin") assert not security.has_permission(user, "read") assert not security.has_permission(user, "write") assert not security.has_permission(user, "manage")
def createuser(email, password, role=None, name=None, first_name=None): """Create new user.""" email = text_type(email) if User.query.filter(User.email == email).count() > 0: print("A user with email '{}' already exists, aborting.".format(email)) return if password is None: password = prompt_pass('Password') user = User( email=email, password=password, last_name=name, first_name=first_name, can_login=True, ) db.session.add(user) if role in ('admin',): # FIXME: add other valid roles security = get_service('security') security.grant_role(user, role) db.session.commit() print("User {} added".format(email))
def test(self): contact = DummyContact(first_name="John") assert contact.creator is None assert contact.owner is None user = User() contact.owner = user contact.creator = user
def setUp(self): super(NotificationTestCase, self).setUp() self.user = User(email=u'*****@*****.**', password='******', can_login=True) self.session.add(self.user) self.community.set_membership(self.user, WRITER) self.session.commit()
def finalize_validate(): config_file = os.path.join(current_app.instance_path, 'config.py') logging_file = os.path.join(current_app.instance_path, 'logging.yml') assert not os.path.exists(config_file) config = cmd_config.DefaultConfig(logging_file='logging.yml') config.SQLALCHEMY_DATABASE_URI = session_get('db')['uri'] redis_uri = session_get('redis')['uri'] config.REDIS_URI = redis_uri config.BROKER_URL = redis_uri config.CELERY_RESULT_BACKEND = redis_uri d = session_get('site_info') config.SITE_NAME = d['sitename'] config.MAIL_SENDER = d['mailsender'] is_production = d['server_mode'] == u'production' config.PRODUCTION = is_production config.DEBUG = not is_production config.DEBUG_TB_ENABLED = config.DEBUG config.CELERY_ALWAYS_EAGER = not is_production cmd_config.write_config(config_file, config) cmd_config.maybe_write_logging(logging_file) admin_account = session_get('admin_account') # create a new app that will be configured with new config, to create database # and admin_user setup_app = current_app._get_current_object() app = setup_app.__class__( setup_app.import_name, static_url_path=setup_app.static_url_path, static_folder=setup_app.static_folder, template_folder=setup_app.template_folder, instance_path=setup_app.instance_path, ) with app.test_request_context('/setup/finalize'): app.create_db() db_session = app.db.session() admin = User(email=admin_account['email'], password=admin_account['password'], last_name=admin_account['name'], first_name=admin_account['firstname'], can_login=True) db_session.add(admin) security = get_service('security') security.grant_role(admin, Admin) db_session.commit() session_clear() response = make_response( render_template('setupwizard/done.html', config_file=config_file, logging_file=logging_file), 200) return response
def finalize_validate(): config_file = Path(current_app.instance_path) / "config.py" logging_file = Path(current_app.instance_path) / "logging.yml" assert not config_file.exists() config = cmd_config.DefaultConfig(logging_file="logging.yml") config.SQLALCHEMY_DATABASE_URI = session_get("db")["uri"] redis_uri = session_get("redis")["uri"] config.REDIS_URI = redis_uri config.BROKER_URL = redis_uri config.CELERY_RESULT_BACKEND = redis_uri d = session_get("site_info") config.SITE_NAME = d["sitename"] config.MAIL_SENDER = d["mailsender"] is_production = d["server_mode"] == "production" config.PRODUCTION = is_production config.DEBUG = not is_production config.DEBUG_TB_ENABLED = config.DEBUG config.CELERY_ALWAYS_EAGER = not is_production cmd_config.write_config(config_file, config) cmd_config.maybe_write_logging(logging_file) admin_account = session_get("admin_account") # create a new app that will be configured with new config, # to create database and admin_user setup_app = unwrap(current_app) app = setup_app.__class__( setup_app.import_name, static_url_path=setup_app.static_url_path, static_folder=setup_app.static_folder, template_folder=setup_app.template_folder, instance_path=setup_app.instance_path, ) with app.test_request_context("/setup/finalize"): app.create_db() db_session = db.session() admin = User( email=admin_account["email"], password=admin_account["password"], last_name=admin_account["name"], first_name=admin_account["firstname"], can_login=True, ) db_session.add(admin) security = get_service("security") security.grant_role(admin, Admin) db_session.commit() session_clear() return render_template("setupwizard/done.html", config_file=config_file, logging_file=logging_file)
def clear_preferences(self, user: User = None) -> None: """Clear the user preferences.""" if user is None: user = current_user # don't delete UserPreference 1 by 1 with session.delete, else # user.preferences is not updated until commit() (not flush()). see # http://docs.sqlalchemy.org/en/rel_0_7/orm/session.html#deleting-from-collections user.preferences = []
def create_db(self): from abilian.core.models.subjects import User db.create_all() if User.query.get(0) is None: root = User(id=0, last_name=u'SYSTEM', email=u'*****@*****.**', can_login=False) db.session.add(root) db.session.commit()
def test_user(self): user = User(first_name=u"John", last_name=u"Test User", email=u"*****@*****.**", password="******") check_editable(user) assert u"John Test User" == user.name assert u"John Test User" == text_type(user)
def test_community_indexed(app, db, req_ctx): index_service = app.services["indexing"] index_service.start() security_service = app.services["security"] security_service.start() obj_types = (Community.entity_type,) user_no_community = User(email="*****@*****.**") db.session.add(user_no_community) community1 = Community(name="My Community") db.session.add(community1) community2 = Community(name="Other community") db.session.add(community2) user = User(email="*****@*****.**") db.session.add(user) community1.set_membership(user, READER) user_c2 = User(email="*****@*****.**") db.session.add(user_c2) community2.set_membership(user_c2, READER) db.session.commit() with login(user_no_community): res = index_service.search("community", object_types=obj_types) assert len(res) == 0 with login(user): res = index_service.search("community", object_types=obj_types) assert len(res) == 1 hit = res[0] assert hit["object_key"] == community1.object_key with login(user_c2): res = index_service.search("community", object_types=obj_types) assert len(res) == 1 hit = res[0] assert hit["object_key"] == community2.object_key
def test_status_update(self): user = User(first_name=u"John", last_name=u"Test User", email=u"*****@*****.**", password="******") #self.assertEquals(len(user.messages), 0) message = Message() message.author = user check_editable(message)
def test_login_post(session, client): kwargs = {"email": "*****@*****.**", "password": "******", "can_login": True} user = User(**kwargs) session.add(user) session.flush() response = client.post("/user/login", data=kwargs) assert response.status_code == 302 # wrong password d = dict(kwargs) d["password"] = "******" response = client.post("/user/login", data=d) assert response.status_code == 401 # login disabled user.can_login = False session.flush() response = client.post("/user/login", data=kwargs) assert response.status_code == 401
def setUp(self): super(CommunityIndexingTestCase, self).setUp() self.svc = self.app.services['indexing'] self.user = User( email=u'*****@*****.**', password='******', can_login=True) self.session.add(self.user) self.community.set_membership(self.user, READER) self.c2 = Community(name=u'Other community') self.session.add(self.c2) self.user_c2 = User( email=u'*****@*****.**', password='******', can_login=True) self.session.add(self.user_c2) self.c2.set_membership(self.user_c2, READER) self.user_no_community = User( email=u'*****@*****.**', password='******', can_login=True) self.session.add(self.user_no_community) self.session.commit()
def community2(db): community = Community(name="Another Community") db.session.add(community) user = User(email="*****@*****.**", password="******", can_login=True) db.session.add(user) community.set_membership(user, READER) community.test_user = user db.session.flush() return community
def user(db: SQLAlchemy) -> User: user = User( first_name="Joe", last_name="Test", email="*****@*****.**", password="******", can_login=True, ) db.session.add(user) db.session.flush() return user
def create_root_user(self): from abilian.core.models.subjects import User user = User.query.get(0) if user is None: user = User(id=0, last_name="SYSTEM", email="*****@*****.**", can_login=False) db.session.add(user) db.session.commit() return user
def test_has_permission_on_objects(self): has_permission = security.has_permission user = User(email="*****@*****.**", password="******") group = Group(name="Test Group") user.groups.add(group) obj = DummyModel(creator=user, owner=user) self.session.add_all([user, obj]) self.session.flush() # global role provides permissions on any object security.grant_role(user, Reader) assert has_permission(user, READ, obj=obj) assert not has_permission(user, WRITE, obj=obj) security.grant_role(user, Writer, obj=obj) assert has_permission(user, WRITE, obj=obj) # permission assignment security.ungrant_role(user, Reader) security.ungrant_role(user, Writer, object=obj) security.grant_role(user, Authenticated) assert not has_permission(user, READ, obj=obj) assert not has_permission(user, WRITE, obj=obj) pa = PermissionAssignment( role=Authenticated, permission=READ, object=obj, ) self.session.add(pa) self.session.flush() assert has_permission(user, READ, obj=obj) assert not has_permission(user, WRITE, obj=obj) self.session.delete(pa) self.session.flush() assert not has_permission(user, READ, obj=obj) # Owner / Creator for role in (Owner, Creator): pa = PermissionAssignment(role=role, permission=READ, object=obj) self.session.add(pa) self.session.flush() assert has_permission(user, READ, obj=obj) self.session.delete(pa) self.session.flush() assert not has_permission(user, READ, obj=obj) # test when object is *not* in session (newly created objects have id=None # for instance) obj = DummyModel() assert security.has_role(user, Reader, object=obj) is False
def test_folder_roles(community, db, app): user = User(email="*****@*****.**") folder = community.folder community.set_membership(user, "member") db.session.commit() security = app.services["security"] assert security.get_roles(user, folder) == ["reader"] # this tests a bug, where local roles whould disappear when setting # membership twice community.set_membership(user, "member") assert security.get_roles(user, folder) == ["reader"]
def search_users(): q = request.args.get("q") if not q: return make_json_response([]) users = list(User.search_query(q).all()) return make_json_response(users)