def test_homepage_dashboard_flagged(user: User, user2: User, package: Package):
pkgbase = package.PackageBase
now = time.utcnow()
with db.begin():
db.create(PackageComaintainer,
User=user2,
PackageBase=pkgbase,
Priority=1)
pkgbase.OutOfDateTS = now - 5
pkgbase.Flagger = user
# Test that a comaintainer viewing the dashboard shows them their
# flagged co-maintained packages.
comaint_cookies = {"AURSID": user2.login(Request(), "testPassword")}
with client as request:
resp = request.get("/", cookies=comaint_cookies)
assert resp.status_code == int(HTTPStatus.OK)
root = parse_root(resp.text)
flagged = root.xpath('//table[@id="flagged-packages"]//tr/td/a')[0]
assert flagged.text.strip() == package.Name
# Test that a maintainer viewing the dashboard shows them their
# flagged maintained packages.
cookies = {"AURSID": user.login(Request(), "testPassword")}
with client as request:
resp = request.get("/", cookies=cookies)
assert resp.status_code == int(HTTPStatus.OK)
root = parse_root(resp.text)
flagged = root.xpath('//table[@id="flagged-packages"]//tr/td/a')[0]
assert flagged.text.strip() == package.Name
def test_user_is_developer(user: User):
with db.begin():
user.AccountTypeID = at.DEVELOPER_ID
assert user.is_developer() is True
# Do it again with the combined role.
with db.begin():
user.AccountTypeID = at.TRUSTED_USER_AND_DEV_ID
assert user.is_developer() is True
def test_user_login_with_outdated_sid(user: User):
# Make a session with a LastUpdateTS 5 seconds ago, causing
# user.login to update it with a new sid.
with db.begin():
db.create(Session,
UsersID=user.ID,
SessionID="stub",
LastUpdateTS=datetime.utcnow().timestamp() - 5)
sid = user.login(Request(), "testPassword")
assert sid and user.is_authenticated()
assert sid != "stub"
def test_legacy_user_authentication(user: User):
with db.begin():
user.Salt = bcrypt.gensalt().decode()
user.Passwd = hashlib.md5(
f"{user.Salt}testPassword".encode()).hexdigest()
assert not user.valid_password("badPassword")
assert user.valid_password("testPassword")
# Test by passing a password of None value in.
assert not user.valid_password(None)
def test_tu_addvote_post_invalid_agenda(client: TestClient, tu_user: User,
user: User):
cookies = {"AURSID": tu_user.login(Request(), "testPassword")}
data = {"user": user.Username, "type": "add_tu"}
with client as request:
response = request.post("/addvote", cookies=cookies, data=data)
assert response.status_code == int(HTTPStatus.BAD_REQUEST)
def test_tu_index_unauthorized(client: TestClient, user: User):
cookies = {"AURSID": user.login(Request(), "testPassword")}
with client as request:
# Login as a normal user, not a TU.
response = request.get("/tu", cookies=cookies, allow_redirects=False)
assert response.status_code == int(HTTPStatus.SEE_OTHER)
assert response.headers.get("location") == "/"
def test_user_json(user: User):
data = json.loads(user.json())
assert data.get("ID") == user.ID
assert data.get("Username") == user.Username
assert data.get("Email") == user.Email
# .json() converts datetime values to integer timestamps.
assert isinstance(data.get("RegistrationTS"), int)
def test_user_as_dict(user: User):
data = user.as_dict()
assert data.get("ID") == user.ID
assert data.get("Username") == user.Username
assert data.get("Email") == user.Email
# .as_dict() does not convert values to json-capable types.
assert isinstance(data.get("RegistrationTS"), datetime)
def test_tu_addvote_post_bylaws(client: TestClient, tu_user: User):
# Bylaws votes do not need a user specified.
cookies = {"AURSID": tu_user.login(Request(), "testPassword")}
data = {"type": "bylaws", "agenda": "Blah blah!"}
with client as request:
response = request.post("/addvote", cookies=cookies, data=data)
assert response.status_code == int(HTTPStatus.SEE_OTHER)
def test_login_suspended(client: TestClient, user: User):
with db.begin():
user.Suspended = 1
data = {"user": user.Username, "passwd": "testPassword", "next": "/"}
with client as request:
resp = request.post("/login", data=data)
errors = get_errors(resp.text)
assert errors[0].text.strip() == "Account Suspended"
def test_user_login_banned(user: User):
# Add ban for the next 30 seconds.
banned_timestamp = datetime.utcnow() + timedelta(seconds=30)
with db.begin():
db.create(Ban, IPAddress="127.0.0.1", BanTS=banned_timestamp)
request = Request()
request.client.host = "127.0.0.1"
assert not user.login(request, "testPassword")
def test_archdev_navbar_authenticated(client: TestClient, user: User):
expected = ["Dashboard", "Packages", "Requests", "My Account", "Logout"]
cookies = {"AURSID": user.login(Request(), "testPassword")}
with client as request:
resp = request.get("/", cookies=cookies)
assert resp.status_code == int(HTTPStatus.OK)
root = parse_root(resp.text)
items = root.xpath('//div[@id="archdev-navbar"]/ul/li/a')
for i, item in enumerate(items):
assert item.text.strip() == expected[i]
def test_tu_addvote_invalid_type(client: TestClient, tu_user: User):
cookies = {"AURSID": tu_user.login(Request(), "testPassword")}
with client as request:
response = request.get("/addvote",
params={"type": "faketype"},
cookies=cookies)
assert response.status_code == int(HTTPStatus.OK)
root = parse_root(response.text)
error = root.xpath('//*[contains(@class, "error")]/text()')[0]
assert error.strip() == "Invalid type."
def test_tu_addvote_post(client: TestClient, tu_user: User, user: User):
cookies = {"AURSID": tu_user.login(Request(), "testPassword")}
data = {"user": user.Username, "type": "add_tu", "agenda": "Blah"}
with client as request:
response = request.post("/addvote", cookies=cookies, data=data)
assert response.status_code == int(HTTPStatus.SEE_OTHER)
voteinfo = db.query(TUVoteInfo, TUVoteInfo.Agenda == "Blah").first()
assert voteinfo is not None
def test_user_login_logout(user: User):
""" Test creating a user and reading its columns. """
# Assert that make_user created a valid user.
assert bool(user.ID)
# Test authentication.
assert user.valid_password("testPassword")
assert not user.valid_password("badPassword")
# Make a raw request.
request = Request()
assert not user.login(request, "badPassword")
assert not user.is_authenticated()
sid = user.login(request, "testPassword")
assert sid is not None
assert user.is_authenticated()
# Expect that User session relationships work right.
user_session = db.query(Session, Session.UsersID == user.ID).first()
assert user_session == user.session
assert user.session.SessionID == sid
assert user.session.User == user
# Search for the user via query API.
result = db.query(User, User.ID == user.ID).first()
# Compare the result and our original user.
assert result == user
assert result.ID == user.ID
assert result.AccountType.ID == user.AccountType.ID
assert result.Username == user.Username
assert result.Email == user.Email
# Test result authenticate methods to ensure they work the same.
assert not result.valid_password("badPassword")
assert result.valid_password("testPassword")
assert result.is_authenticated()
# Test out user string functions.
assert repr(user) == f"<User(ID='{user.ID}', " + \
"AccountType='User', Username='******')>"
# Test logout.
user.logout(request)
assert not user.is_authenticated()
def test_user_credential_types(user: User):
assert user.AccountTypeID in creds.user_developer_or_trusted_user
assert user.AccountTypeID not in creds.trusted_user
assert user.AccountTypeID not in creds.developer
assert user.AccountTypeID not in creds.trusted_user_or_dev
with db.begin():
user.AccountTypeID = at.TRUSTED_USER_ID
assert user.AccountTypeID in creds.trusted_user
assert user.AccountTypeID in creds.trusted_user_or_dev
with db.begin():
user.AccountTypeID = at.DEVELOPER_ID
assert user.AccountTypeID in creds.developer
assert user.AccountTypeID in creds.trusted_user_or_dev
with db.begin():
user.AccountTypeID = at.TRUSTED_USER_AND_DEV_ID
assert user.AccountTypeID in creds.trusted_user
assert user.AccountTypeID in creds.developer
assert user.AccountTypeID in creds.trusted_user_or_dev
# Some model authorization checks.
assert user.is_elevated()
assert user.is_trusted_user()
assert user.is_developer()
def test_tu_stats(client: TestClient, tu_user: User):
cookies = {"AURSID": tu_user.login(Request(), "testPassword")}
with client as request:
response = request.get("/tu", cookies=cookies, allow_redirects=False)
assert response.status_code == HTTPStatus.OK
root = parse_root(response.text)
stats = root.xpath('//table[@class="no-width"]')[0]
rows = stats.xpath("./tbody/tr")
# We have one trusted user.
total = rows[0]
label, count = total.xpath("./td")
assert int(count.text.strip()) == 1
# And we have one active TU.
active = rows[1]
label, count = active.xpath("./td")
assert int(count.text.strip()) == 1
with db.begin():
tu_user.InactivityTS = time.utcnow()
with client as request:
response = request.get("/tu", cookies=cookies, allow_redirects=False)
assert response.status_code == HTTPStatus.OK
root = parse_root(response.text)
stats = root.xpath('//table[@class="no-width"]')[0]
rows = stats.xpath("./tbody/tr")
# We have one trusted user.
total = rows[0]
label, count = total.xpath("./td")
assert int(count.text.strip()) == 1
# But we have no more active TUs.
active = rows[1]
label, count = active.xpath("./td")
assert int(count.text.strip()) == 0
def test_user_language(client: TestClient, user: User):
""" Test the language post route as an authenticated user. """
post_data = {
"set_lang": "de",
"next": "/"
}
sid = user.login(Request(), "testPassword")
assert sid is not None
with client as req:
response = req.post("/language", data=post_data,
cookies={"AURSID": sid})
assert response.status_code == int(HTTPStatus.SEE_OTHER)
assert user.LangPreference == "de"
def test_tu_addvote_unauthorized(client: TestClient, user: User,
proposal: Tuple[User, User, TUVoteInfo]):
cookies = {"AURSID": user.login(Request(), "testPassword")}
with client as request:
response = request.get("/addvote",
cookies=cookies,
allow_redirects=False)
assert response.status_code == int(HTTPStatus.SEE_OTHER)
assert response.headers.get("location") == "/tu"
with client as request:
response = request.post("/addvote",
cookies=cookies,
allow_redirects=False)
assert response.status_code == int(HTTPStatus.SEE_OTHER)
assert response.headers.get("location") == "/tu"
def test_tu_proposal_unauthorized(client: TestClient, user: User,
proposal: Tuple[User, User, TUVoteInfo]):
cookies = {"AURSID": user.login(Request(), "testPassword")}
endpoint = f"/tu/{proposal[2].ID}"
with client as request:
response = request.get(endpoint,
cookies=cookies,
allow_redirects=False)
assert response.status_code == int(HTTPStatus.SEE_OTHER)
assert response.headers.get("location") == "/tu"
with client as request:
response = request.post(endpoint,
cookies=cookies,
data={"decision": False},
allow_redirects=False)
assert response.status_code == int(HTTPStatus.SEE_OTHER)
assert response.headers.get("location") == "/tu"
def test_tu_index_last_votes(client: TestClient, tu_user: User, tu_user2: User,
user: User):
ts = time.utcnow()
with db.begin():
# Create a proposal which has ended.
voteinfo = db.create(TUVoteInfo,
Agenda="Test agenda",
User=user.Username,
Submitted=(ts - 1000),
End=(ts - 5),
Yes=1,
No=1,
ActiveTUs=1,
Quorum=0.0,
Submitter=tu_user)
# Create a vote on it from tu_user.
db.create(TUVote, VoteInfo=voteinfo, User=tu_user)
db.create(TUVote, VoteInfo=voteinfo, User=tu_user2)
# Now, check that tu_user got populated in the .last-votes table.
cookies = {"AURSID": tu_user.login(Request(), "testPassword")}
with client as request:
response = request.get("/tu", cookies=cookies)
assert response.status_code == int(HTTPStatus.OK)
root = parse_root(response.text)
table = get_table(root, "last-votes")
rows = get_table_rows(table)
assert len(rows) == 2
last_vote = rows[0]
user, vote_id = last_vote.xpath("./td/a")
assert user.text.strip() == tu_user.Username
assert int(vote_id.text.strip()) == voteinfo.ID
last_vote = rows[1]
user, vote_id = last_vote.xpath("./td/a")
assert int(vote_id.text.strip()) == voteinfo.ID
assert user.text.strip() == tu_user2.Username
def test_user_login_twice(user: User):
request = Request()
assert user.login(request, "testPassword")
assert user.login(request, "testPassword")
def test_can_edit_user(user: User, tu_user: User, dev_user: User,
tu_and_dev_user: User):
# User can edit.
assert user.can_edit_user(user)
# User cannot edit.
assert not user.can_edit_user(tu_user)
assert not user.can_edit_user(dev_user)
assert not user.can_edit_user(tu_and_dev_user)
# Trusted User can edit.
assert tu_user.can_edit_user(user)
assert tu_user.can_edit_user(tu_user)
# Trusted User cannot edit.
assert not tu_user.can_edit_user(dev_user)
assert not tu_user.can_edit_user(tu_and_dev_user)
# Developer can edit.
assert dev_user.can_edit_user(user)
assert dev_user.can_edit_user(tu_user)
assert dev_user.can_edit_user(dev_user)
# Developer cannot edit.
assert not dev_user.can_edit_user(tu_and_dev_user)
# Trusted User & Developer can edit.
assert tu_and_dev_user.can_edit_user(user)
assert tu_and_dev_user.can_edit_user(tu_user)
assert tu_and_dev_user.can_edit_user(dev_user)
assert tu_and_dev_user.can_edit_user(tu_and_dev_user)
def test_user_packages(user: User, package: Package):
assert package in user.packages()
def test_user_notified(user: User, package: Package):
pkgbase = package.PackageBase
with db.begin():
db.create(PackageNotification, PackageBase=pkgbase, User=user)
assert user.notified(package)
def test_user_voted_for(user: User, package: Package):
pkgbase = package.PackageBase
now = int(datetime.utcnow().timestamp())
with db.begin():
db.create(PackageVote, PackageBase=pkgbase, User=user, VoteTS=now)
assert user.voted_for(package)
def test_user_login_suspended(user: User):
with db.begin():
user.Suspended = True
assert not user.login(Request(), "testPassword")
def test_user_has_credential(user: User):
assert not user.has_credential(creds.ACCOUNT_CHANGE_TYPE)
def test_user_minimum_passwd_length():
passwd_min_len = aurweb.config.getint("options", "passwd_min_len")
assert User.minimum_passwd_length() == passwd_min_len
def test_user_update_password(user: User):
user.update_password("secondPassword")
assert not user.valid_password("testPassword")
assert user.valid_password("secondPassword")