def setup_class(self): CreateTestData.create() model.repo.new_revision() model.Session.add(model.Package(name=u'testpkgag')) model.Session.add(model.Group(name=u'testgroupag')) model.Session.add(model.User(name=u'ag_member')) model.Session.add(model.User(name=u'ag_admin')) model.Session.add(model.User(name=u'ag_notmember')) model.Session.add(model.AuthorizationGroup(name=u'authz_group')) model.repo.commit_and_remove() pkg = model.Package.by_name(u'testpkgag') grp = model.Group.by_name(u'testgroupag') authzgrp = model.AuthorizationGroup.by_name(u'authz_group') member = model.User.by_name(u'ag_member') admin = model.User.by_name(u'ag_admin') model.setup_default_user_roles(authzgrp, [admin]) model.add_authorization_group_to_role(authzgrp, model.Role.ADMIN, pkg) model.add_authorization_group_to_role(authzgrp, model.Role.ADMIN, grp) model.add_user_to_authorization_group(member, authzgrp, model.Role.EDITOR) model.repo.commit_and_remove() self.authorizer = ckan.authz.Authorizer() self.pkg = model.Package.by_name(u'testpkgag') self.grp = model.Group.by_name(u'testgroupag') self.member = model.User.by_name(u'ag_member') self.admin = model.User.by_name(u'ag_admin') self.notmember = model.User.by_name(u'ag_notmember') self.authzgrp = model.AuthorizationGroup.by_name(u'authz_group')
def setup_class(self): # for the authorization editing tests we set up test data so: # three users, madeup-sysadmin , madeup-administrator, and madeup-another # one authzgroup # two packages test6 and test6a, m-a is admin on both model.repo.init_db() model.repo.new_revision() self.sysadmin = 'madeup-sysadmin' sysadmin_user = model.User(name=unicode(self.sysadmin)) self.admin = 'madeup-administrator' admin_user = model.User(name=unicode(self.admin)) self.another = u'madeup-another' another_user = model.User(name=unicode(self.another)) self.authzgroup = u'madeup-authzgroup' authzgroup = model.AuthorizationGroup(name=unicode(self.authzgroup)) for obj in sysadmin_user, admin_user, another_user, authzgroup: model.Session.add(obj) model.add_user_to_role(sysadmin_user, model.Role.ADMIN, model.System()) model.repo.new_revision() self.pkgname = u'test6' self.pkgname2 = u'test6a' pkg = model.Package(name=self.pkgname) pkg2 = model.Package(name=self.pkgname2) model.Session.add(pkg) model.Session.add(pkg2) admin_user = model.User.by_name(unicode(self.admin)) assert admin_user model.setup_default_user_roles(pkg, admins=[admin_user]) model.setup_default_user_roles(pkg2, admins=[admin_user]) model.repo.commit_and_remove()
def setup(self): # need to do this for every test since we mess with System rights CreateTestData.create() model.repo.new_revision() model.Session.add(model.User(name=u'testadmin')) model.Session.add(model.User(name=u'testsysadmin')) model.Session.add(model.User(name=u'notadmin')) model.repo.commit_and_remove() pkg = model.Package.by_name(u'annakarenina') admin = model.User.by_name(u'testadmin') sysadmin = model.User.by_name(u'testsysadmin') model.add_user_to_role(admin, model.Role.ADMIN, pkg) model.add_user_to_role(sysadmin, model.Role.ADMIN, model.System()) model.repo.commit_and_remove() self.pkg = model.Package.by_name(u'annakarenina') self.admin = model.User.by_name(u'testadmin') self.sysadmin = model.User.by_name(u'testsysadmin') self.notadmin = model.User.by_name(u'notadmin') self.package_fillers = { 'title': 'test title', 'notes': 'test notes', 'license_id': 'mit-license', }
def setup_class(self): model.repo.init_db() self.authorizer = authz.Authorizer() self.admin_role = model.Role.ADMIN self.editor_role = model.Role.EDITOR self.reader_role = model.Role.READER model.repo.new_revision() anna = model.Package(name=u'annakarenina') war = model.Package(name=u'warandpeace') mradmin = model.User(name=u'mradmin') mreditor = model.User(name=u'mreditor') mrreader = model.User(name=u'mrreader') tester = model.User(name=u'tester') anauthzgroup = model.AuthorizationGroup(name=u'anauthzgroup') for obj in [ anna, war, mradmin, mreditor, mrreader, tester, anauthzgroup ]: model.Session.add(obj) model.repo.commit_and_remove() anna = model.Package.by_name(u'annakarenina') tester = model.User.by_name(u'tester') model.add_user_to_role(tester, self.admin_role, anna) self.context = unicode(model.Package.__name__) ra1 = model.RoleAction( role=self.admin_role, context=self.context, action=model.Action.EDIT, ) ra2 = model.RoleAction( role=self.editor_role, context=self.context, action=model.Action.EDIT, ) ra3 = model.RoleAction( role=self.reader_role, context=self.context, action=model.Action.READ, ) for obj in [ra1, ra2, ra3]: model.Session.add(obj) model.repo.commit_and_remove() mradmin = model.User.by_name(u'mradmin') mreditor = model.User.by_name(u'mreditor') mrreader = model.User.by_name(u'mrreader') model.add_user_to_role(mradmin, self.admin_role, anna) model.add_user_to_role(mreditor, self.editor_role, anna) model.add_user_to_role(mrreader, self.reader_role, anna) model.repo.commit_and_remove() self.mradmin = model.User.by_name(u'mradmin') self.mreditor = model.User.by_name(u'mreditor') self.mrreader = model.User.by_name(u'mrreader') self.war = model.Package.by_name(u'warandpeace') self.anna = model.Package.by_name(u'annakarenina')
def _create_test_data(cls): CreateTestData.create() # Remove visitor and logged in roles roles = [] q = model.Session.query(model.UserObjectRole).\ filter(model.UserObjectRole.user==model.User.by_name(u"visitor")) roles.extend(q.all()) q = model.Session.query(model.UserObjectRole).\ filter(model.UserObjectRole.user==model.User.by_name(u"logged_in")) roles.extend(q.all()) for role in roles: model.Session.delete(role) rev = model.repo.new_revision() model.Session.add_all([ model.User(name=u'pkggroupadmin'), model.User(name=u'site_reader'), model.User(name=u'outcast'), model.Package(name=cls.ENTITY_NAME), model.Package(name=u'deleted'), model.Group(name=cls.ENTITY_NAME), model.Group(name=u'deleted'), model.Tag(name=cls.ENTITY_NAME), model.RoleAction(role=cls.TRUSTED_ROLE, context=u'', action=model.Action.SITE_READ), model.RoleAction(role=cls.TRUSTED_ROLE, context=u'', action=model.Action.READ), ]) model.repo.commit_and_remove() # testsysadmin is sysadmin # annafan is package admin for annakarenina rev = model.repo.new_revision() site_reader = model.User.by_name(u'site_reader') pkggroupadmin = model.User.by_name(u'pkggroupadmin') pkg = model.Package.by_name(cls.ENTITY_NAME) group = model.Group.by_name(cls.ENTITY_NAME) tag = model.Tag.by_name(cls.ENTITY_NAME) pkg.add_tag(tag) model.add_user_to_role(site_reader, cls.TRUSTED_ROLE, model.System()) model.add_user_to_role(site_reader, cls.TRUSTED_ROLE, pkg) model.add_user_to_role(site_reader, cls.TRUSTED_ROLE, group) model.add_user_to_role(pkggroupadmin, model.Role.ADMIN, pkg) model.add_user_to_role(pkggroupadmin, model.Role.ADMIN, group) model.Package.by_name(u'deleted').delete() model.Group.by_name(u'deleted').delete() model.repo.commit_and_remove() cls.testsysadmin = model.User.by_name(u'testsysadmin') cls.pkggroupadmin = model.User.by_name(u'pkggroupadmin') cls.site_reader = model.User.by_name(u'site_reader') cls.outcast = model.User.by_name(u'outcast')
def _get_user_profile_from_profilemanager(self, userkey, env): log.info('Creating user via profile manager, key %s', userkey) uid = env["HTTP_SHIB_IDP_UID"] inst = env["HTTP_SHIB_ORIGINAL_AUTHENTICATION_INSTANT"] idp = env["HTTP_SHIB_ORIGINAL_IDENTITY_PROVIDER"] headers = { 'Content-type': 'application/json', 'Shib-Authentication-Instant': inst, 'Shib-Original-Identity-Provider': idp, 'Shib-idp-uid': uid} r = requests.get(self.pm_url, auth=(self.pm_user, self.pm_pw), headers=headers) # type: Response if r.status_code != requests.codes.ok: log.warning('Error received from the profile manager %s', r.status_code) return None uj = r.json() owner = uj.get('owner') fullname = owner.get('firstname') + ' ' + owner.get('lastname') deleg = uj.get('delegations')[0] email = deleg.get('email') user = model.User(fullname=fullname, email=email, openid=userkey) return user
def test_user_edit_existing_user_name(self): # create user username = '******' about = u'Test About' user = model.User.by_name(unicode(username)) if not user: model.Session.add(model.User(name=unicode(username), about=about, email=u'*****@*****.**', password='******')) model.repo.commit_and_remove() user = model.User.by_name(unicode(username)) # edit offset = url_for(controller='user', action='edit', id=user.id) res = self.app.get(offset, status=200, extra_environ={'REMOTE_USER':username}) main_res = self.main_div(res) assert 'Edit User: '******'user-edit'] fv['name'] = 'annafan' # commit res = fv.submit('save', extra_environ={'REMOTE_USER':username}) assert res.status == 200 main_res = self.main_div(res) assert 'Name: That login name is not available' in main_res, main_res
def test_get_or_create_user(self): import re user_dict = { EPPN_FIELD: u'*****@*****.**', MAIL_FIELD: u'*****@*****.**', FULLNAME_FIELD: 'New Foo Bar', AUTH_FIELD: SHIBBOLETH } #username = re.sub('[.@]', '_', user_dict[MAIL_FIELD]) username = unicode(user_dict[FULLNAME_FIELD], errors='ignore').lower().replace(' ', '_') user = model.User(name=username, fullname=user_dict[FULLNAME_FIELD], email=user_dict[MAIL_FIELD], openid=user_dict[EPPN_FIELD]) model.Session.add(user) model.Session.commit() user_2 = self.plugin._get_or_create_user(user_dict) self.assertNotEqual(user_2, {}) self.assertEqual(user.id, user_2.id) self.assertEqual(user.openid, user_2.openid) self.assertEqual(user.fullname, user_2.fullname) self.assertEqual(user.email, user_2.email) self.assertEqual(user.name, user_2.name)
def _create_datasets(self): model.User(name="pidtest", sysadmin=True).save() organization = get_action('organization_create')({'user': '******'}, {'name': 'test-organization', 'title': "Test organization"}) data = copy.deepcopy(TEST_DATADICT) data['owner_org'] = organization['name'] data['private'] = False data['pids'] = [{'provider': u'http://helda.helsinki.fi/oai/request', 'id': u'some_primary_pid_1', 'type': u'primary'}, {'provider': u'http://helda.helsinki.fi/oai/request', 'id': u'some_metadata_pid_1', 'type': u'relation', 'relation': u'isMetadataFor'}] package_1 = get_action('package_create')({'user': '******'}, data) data['pids'] = [{'provider': u'http://helda.helsinki.fi/oai/request', 'id': u'some_data_pid_2', 'type': u'relation', 'relation': u'generalRelation'}, {'provider': u'http://helda.helsinki.fi/oai/request', 'id': u'some_part_pid_2', 'type': u'relation', 'relation': u'hasPart'}] package_2 = get_action('package_create')({'user': '******'}, data) return package_1['id'], package_2['id']
def _run_import(self, xml, job): if not model.User.get('harvest'): model.User(name='harvest', sysadmin=True).save() if not model.Group.get('test'): get_action('organization_create')({ 'user': '******' }, { 'name': 'test' }) record = _get_record(xml) metadata = CmdiReader()(record) metadata['unified']['owner_org'] = "test" harvest_object = HarvestObject() harvest_object.content = json.dumps(metadata.getMap()) harvest_object.id = xml harvest_object.guid = xml harvest_object.source = job.source harvest_object.harvest_source_id = None harvest_object.job = job harvest_object.save() self.harvester.import_stage(harvest_object) return harvest_object
def _create_sysadmin(): model.repo.new_revision() sysadmin_user = model.User(name='sysadmin') model.Session.add(sysadmin_user) model.add_user_to_role(sysadmin_user, model.Role.ADMIN, model.System()) model.repo.commit_and_remove() return 'sysadmin'
def add(self): from ckan import model if len(self.args) < 2: print 'Need name of the user.' return username = self.args[1] apikey = self.args[2] if len(self.args) > 2 else None password = self.password_prompt() user = model.User.by_name(unicode(username)) if user: print 'User "%s" already found' % username sys.exit(1) print('Creating user: %r' % username) user_params = {'name': unicode(username), 'password': password} if apikey: user_params['apikey'] = unicode(apikey) user = model.User(**user_params) model.Session.add(user) model.repo.commit_and_remove() user = model.User.by_name(unicode(username)) print user
def setup_class(self): print ("") self.oMetadataPlugin = metadataPlugin.MetadataPlugin() # Make the Paste TestApp that we'll use to simulate HTTP requests to CKAN. self.app = paste.fixture.TestApp(pylons.test.pylonsapp) # Access CKAN's model directly (bad) to create a sysadmin user and save # it against self for all test methods to access. self.sysadmin_user = model.User(name='test_sysadmin', sysadmin=True) model.Session.add(self.sysadmin_user) model.Session.commit() model.Session.remove() #Create organization organization = {'name': 'test_org', 'title': 'Africa - Maroc', 'description': 'Maroc in north Africa.'} self.organization = tests.call_action_api(self.app, 'organization_create', apikey=self.sysadmin_user.apikey, **organization) #Create Dataset and tied it to created org dataset = {'name': 'test_org_dataset_mapsearch', 'title': 'Africa - Maroc: Beautiful country for tourist', 'owner_org': organization['name'], 'md_package': ""} self.dataset = tests.call_action_api(self.app, 'package_create', apikey=self.sysadmin_user.apikey, **dataset) #Create Resource and tied it to created dataset resource = {'package_id': self.dataset['id'], 'url': 'http://teste.teste', 'md_resource': ""} self.resource = tests.call_action_api(self.app, 'resource_create', apikey=self.sysadmin_user.apikey, **resource)
def test_edit_spammer(self): # create user username = '******' about = u'Test About <a href="http://spamsite.net">spamsite</a>' user = model.User.by_name(unicode(username)) if not user: model.Session.add( model.User(name=unicode(username), about=about, password='******')) model.repo.commit_and_remove() user = model.User.by_name(unicode(username)) # edit offset = url_for(controller='user', action='edit', id=user.id) res = self.app.get(offset, status=200, extra_environ={'REMOTE_USER': username}) main_res = self.main_div(res) assert 'Edit User: '******'Test About <a href="http://spamsite.net">spamsite</a>' in main_res, main_res fv = res.forms['user-edit'] # commit res = fv.submit('save', extra_environ={'REMOTE_USER': username}) assert res.status == 200, res.status main_res = self.main_div(res) assert 'looks like spam' in main_res, main_res assert 'Edit User: ' in main_res, main_res
def _create_user(self, name, fullname): user = model.User(name=name, email="*****@*****.**", fullname=fullname) model.Session.add(user) model.Session.commit() return user
def setup_class(cls): search.clear_all() model.Session.add_all([ model.User(name=u'sysadmin', apikey=u'sysadmin', password=u'sysadmin', sysadmin=True), ]) model.Session.commit() data_dict = '%s=1' % json.dumps({ 'name': 'org', }) res = cls.app.post('/api/action/organization_create', extra_environ={'Authorization': 'sysadmin'}, params=data_dict) cls.org_id = json.loads(res.body)['result']['id'] cls.package_ids = [] for i in range(0,12): data_dict = '%s=1' % json.dumps({ 'name': 'name{i}'.format(i=i), 'owner_org': 'org', }) res = cls.app.post('/api/action/package_create', extra_environ={'Authorization': 'sysadmin'}, params=data_dict) cls.package_ids.append(json.loads(res.body)['result']['id'])
def user_json(self, user_data): email = user_data['user'][self.profile_api_mail_field] user_name = user_data['user'][self.profile_api_user_field] # In CKAN can exists more than one user associated with the same email # Some providers, like Google and FIWARE only allows one account per email user = None users = model.User.by_email(email) if len(users) == 1: user = users[0] # If the user does not exist, we have to create it... if user is None: user = model.User(email=email) # Now we update his/her user_name with the one provided by the OAuth2 service # In the future, users will be obtained based on this field user.name = user_name # Update fullname if self.profile_api_fullname_field != "" and self.profile_api_fullname_field in user_data: user.fullname = user_data[self.profile_api_fullname_field] # Update sysadmin status if self.profile_api_groupmembership_field != "" and self.profile_api_groupmembership_field in user_data: user.sysadmin = self.sysadmin_group_name in user_data[ self.profile_api_groupmembership_field] return user
def test_top_package_owners(self): cath = model.User(name=u'Cath') bob = model.User(name=u'Bob') jill = model.User(name=u'Jill') nate = model.User(name=u'Nate') model.Session.add_all((cath, bob, jill, nate)) model.repo.commit_and_remove() cath = model.User.by_name(u'Cath') bob = model.User.by_name(u'Bob') jill = model.User.by_name(u'Jill') nate = model.User.by_name(u'Nate') # add some package admins for pkg_name, user_names in { u'gils': (u'Cath', u'Bob', u'Jill'), u'us-gov-images': (u'Bob', u'Jill'), u'usa-courts-gov': [u'Jill'] }.items(): for user_name in user_names: user = model.User.by_name(user_name) package = model.Package.by_name(pkg_name) assert user, user_name assert package, pkg_name add_user_to_role(user, model.authz.Role.ADMIN, package) # add some decoy packages with editors user = model.User.by_name(u'Nate') for pkg_name in (u'usa-courts-gov', u'se-opengov'): package = model.Package.by_name(pkg_name) assert package add_user_to_role(user, model.authz.Role.EDITOR, package) # add some decoy groups with admins user = model.User.by_name(u'Nate') for group_name in (u'penguin', u'ukgov'): group = model.Group.by_name(group_name) assert group, group_name add_user_to_role(user, model.authz.Role.ADMIN, group) model.Session.commit() res = Stats().top_package_owners() assert len(res) == 3, res assert res[0] == (model.User.by_name(u'Jill'), 3), res[0] assert res[1] == (model.User.by_name(u'Bob'), 2), res[1] assert res[2] == (model.User.by_name(u'Cath'), 1), res[2]
def create_test_user(cls): tester = model.User.by_name(u'tester') if tester is None: tester = model.User(name=u'tester', password=u'tester') model.Session.add(tester) model.Session.commit() model.Session.remove() cls.user_refs.append(u'tester')
def test_get_dataset_permanent_address(self): data_dict = copy.deepcopy(TEST_DATADICT) model.User(name="pidtest", sysadmin=True).save() organization = get_action('organization_create')({'user': '******'}, {'name': 'test-organization', 'title': "Test organization"}) data_dict['owner_org'] = organization['name'] package = get_action('package_create')({'user': '******'}, data_dict) self.assertTrue(helpers.get_dataset_permanent_address(package).startswith('http://urn.fi/urn:nbn:fi:csc-kata'))
def test_get_package_id_by_primary_pid(self): model.User(name="pidtest", sysadmin=True).save() data_dict = copy.deepcopy(TEST_DATADICT) organization = get_action('organization_create')({'user': '******'}, {'name': 'test-organization', 'title': "Test organization"}) data_dict['owner_org'] = organization['name'] get_action('package_create')({'user': '******'}, data_dict) assert utils.get_package_id_by_primary_pid(data_dict)
def setup_class(cls): model.User(name="test_sysadmin", sysadmin=True).save() cls.organization = get_action('organization_create')( { 'user': '******' }, { 'name': 'test-organization', 'title': "Test organization" })
def test_2_already_signed_in(self): user = model.User.by_name(u'62') if not user: user = model.User( name=u'62', fullname=u'testname', about=u'Drupal auto-generated user', ) model.Session.add(user) model.repo.commit_and_remove() user = model.User.by_name(u'62') assert user cookie_string = 'Cookie: __utma=217959684.178461911.1286034407.1286034407.1286178542.2; __utmz=217959684.1286178542.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=coi%%20london; DRXtrArgs=James+Gardner; DRXtrArgs2=3e174e7f1e1d3fab5ca138c0a023e13a; SESSa5724d5ecd49e5f48a23fcc56d17ee0c=4160a72a4d6831abec1ac57d7b5a59eb; auth_tkt="ab48fe!4160a72a4d6831abec1ac57d7b5a59eb";"' assert DrupalAuthMiddleware._is_this_a_ckan_cookie(cookie_string) app = MockApp() app_conf = None self.middleware = DrupalAuthMiddleware(app, app_conf) # (the drupal client defaults to mock drupal instance) # make request with the Drupal auth_tkt cookie self.mock_auth_tkt = MockAuthTkt() environ = { 'HTTP_COOKIE': cookie_string, 'SERVER_NAME': 'testserver.org', 'repoze.who.plugins': { 'dgu_auth_tkt': self.mock_auth_tkt }, # inserted by auth_tkt on seeing the auth_tkt cookie: 'repoze.who.identity': { 'repoze.who.userid': 'user_d62', 'userdata': '4160a72a4d6831abec1ac57d7b5a59eb', 'timestamp': time.time(), } } start_response = mock_start_response self.res = self.middleware(environ, start_response) # environ doesn't have Drupal user info this time assert isinstance(self.res, MockApp) assert_equal(len(self.res.calls), 1) environ = self.res.calls[0][0] # check the ckan user was created user = model.User.by_name(u'62') assert user assert_equal(user.fullname, u'testname') # response has no need for Set-Cookie instructions as cookie already # there start_response = self.res.calls[0][1] status, headers, exc_info = (1, [], None) res = start_response(status, headers, exc_info) headers = res[1] assert_equal(headers, [('Existing_header', 'existing_header_value;')]) # no need for auth_tkt to be told to remember the Drupal user info assert_equal(len(self.mock_auth_tkt.remembered), 0)
def test_2_timestamp_new(self): user = model.User() openid = u'http://xyz.com' user.name = openid model.Session.add(user) model.repo.commit_and_remove() out = model.User.by_name(openid) assert len(str(out.created)) > 5, out.created
def test_2_timestamp_new(self): user = model.User() name = u'xyz' user.name = name model.Session.add(user) model.repo.commit_and_remove() out = model.User.by_name(name) assert len(str(out.created)) > 5, out.created
def setup_class(self): # for the authorization editing tests we set up test data so: # three users, sysadmin , administrator, and another # one authzgroup, one group, one package # and administrator is admin on all three # one extra authzgroup, authzgroup2, with no permissions to start with model.repo.init_db() model.repo.new_revision() self.sysadmin = 'sysadmin' sysadmin_user = model.User(name=unicode(self.sysadmin)) self.admin = 'administrator' admin_user = model.User(name=unicode(self.admin)) self.another = 'another' another_user = model.User(name=unicode(self.another)) self.authzgroup = 'authzgroup' authzgroup = model.AuthorizationGroup(name=unicode(self.authzgroup)) self.group = 'group' group = model.Group(name=unicode(self.group)) self.authzgroup2 = 'authzgroup2' authzgroup2 = model.AuthorizationGroup(name=unicode(self.authzgroup2)) for obj in sysadmin_user, admin_user, another_user, authzgroup, group, authzgroup2: model.Session.add(obj) model.add_user_to_role(sysadmin_user, model.Role.ADMIN, model.System()) model.repo.commit_and_remove() model.repo.new_revision() self.pkg = u'dataset' pkg = model.Package(name=self.pkg) model.Session.add(pkg) admin_user = model.User.by_name(unicode(self.admin)) assert admin_user # setup all three authorization objects to have logged in and visitor as editors, and the admin as admin model.setup_user_roles(pkg, ['editor'], ['editor'], [admin_user]) model.setup_user_roles(authzgroup, ['editor'], ['editor'], [admin_user]) model.setup_user_roles(group, ['editor'], ['editor'], [admin_user]) model.repo.commit_and_remove()
def setup_class(self): CreateTestData.create() model.repo.new_revision() model.Session.add(model.Package(name=u'testpkg')) model.Session.add(model.Package(name=u'testpkg2')) model.Session.add(model.Package(name=u'private_pkg')) model.Session.add(model.User(name=u'testadmin')) # Cannot setup testsysadmin user as it is alreade done in # the default test data. #model.Session.add(model.User(name=u'testsysadmin')) model.Session.add(model.User(name=u'notadmin')) model.Session.add(model.Group(name=u'testgroup')) model.Session.add(model.Group(name=u'testgroup2')) model.repo.commit_and_remove() model.repo.new_revision() pkg = model.Package.by_name(u'testpkg') pkg2 = model.Package.by_name(u'testpkg2') private_pkg = model.Package.by_name(u'private_pkg') pkg.add_relationship(u'depends_on', pkg2) pkg.add_relationship(u'depends_on', private_pkg) model.repo.commit_and_remove() pkg = model.Package.by_name(u'testpkg') grp = model.Group.by_name(u'testgroup') admin = model.User.by_name(u'testadmin') sysadmin = model.User.by_name(u'testsysadmin') notadmin = model.User.by_name(u'notadmin') model.add_user_to_role(admin, model.Role.ADMIN, pkg) model.add_user_to_role(admin, model.Role.ADMIN, grp) model.add_user_to_role(sysadmin, model.Role.ADMIN, model.System()) model.add_user_to_role(notadmin, model.Role.READER, pkg) model.add_user_to_role(notadmin, model.Role.READER, pkg2) model.repo.commit_and_remove() self.authorizer = ckan.authz.Authorizer() self.pkg = model.Package.by_name(u'testpkg') self.pkg2 = model.Package.by_name(u'testpkg2') self.private_pkg = model.Package.by_name(u'private_pkg') self.grp = model.Group.by_name(u'testgroup') self.grp2 = model.Group.by_name(u'testgroup2') self.admin = model.User.by_name(u'testadmin') self.sysadmin = model.User.by_name(u'testsysadmin') self.notadmin = model.User.by_name(u'notadmin')
def _get_or_create_user(self, env): #WSGI Variables #Shib-Application-ID 'default' #Shib-Authentication-Instant '2012-08-13T12:04:22.492Z' #Shib-Authentication-Method 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' #Shib-AuthnContext-Class 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' #Shib-Identity-Provider 'https://idp.example.com/idp/shibboleth' #Shib-Session-ID '_7ec5a681e6dbae627c1cefcc7cb4d56a' #Shib-Session-Index '39dafd8477850f5e0b968e3561570197f2109948c1d374a7a2b4c9a7adbf8628' #cn 'My Other Self' #givenName 'My Other Self' #mail '*****@*****.**' eppn = env.get(self.eppn, None) fullname = env.get(self.fullname, None) email = env.get(self.mail, None) if not eppn or not fullname: log.debug( 'Environ does not contain eppn or cn attributes, user not loaded.' ) return None user = model.Session.query(model.User).autoflush(False) \ .filter_by(openid=eppn).first() # Check if user information from shibboleth has changed if user: if (user.fullname != fullname or user.email != email): log.debug('User attributes modified, updating.') user.fullname = fullname user.email = email else: # user is None: log.debug('User does not exists, creating new one.') basename = unicode(fullname, errors='ignore').lower().replace(' ', '_') username = basename suffix = 0 while not model.User.check_name_available(username): suffix += 1 username = basename + str(suffix) user = model.User(name=username, fullname=fullname, email=email, openid=eppn) model.Session.add(user) model.Session.flush() log.info('Created new user {usr}'.format(usr=fullname)) model.Session.commit() model.Session.remove() return user
def setup_class(self): print ("") # get config options config = ConfigParser.RawConfigParser({ 'ckan_web_map_service_url': '', }) config.read(os.path.join(os.path.dirname(os.path.abspath(__file__)), 'tests_config.cfg')) self.serviceUrl = config.get('tests', 'ckan_web_map_service_url') if not self.serviceUrl: raise Exception('You must provide WebMapServer URL to the tests ' ' configuration file') self.actions = ngdsClientAction # Make the Paste TestApp that we'll use to simulate HTTP requests to CKAN. self.app = paste.fixture.TestApp(pylons.test.pylonsapp) # Access CKAN's model directly (bad) to create a sysadmin user and save # it against self for all test methods to access. self.sysadmin_user = model.User(name='test_sysadmin', sysadmin=True) model.Session.add(self.sysadmin_user) model.Session.commit() model.Session.remove() #Create organization organization = {'name': 'test_org', 'title': 'Maroc', 'description': 'Roger likes these books.'} resultOrg = tests.call_action_api(self.app, 'organization_create', apikey=self.sysadmin_user.apikey, **organization) self.orgID = resultOrg['id'] #Create Dataset and tied it to created org dataset = {'name': 'test_org_dataset', 'title': 'A Novel By Tolstoy', 'owner_org': organization['name']} resultDataset = tests.call_action_api(self.app, 'package_create', apikey=self.sysadmin_user.apikey, **dataset) self.datasetID = resultDataset['id'] #Create Resource and tied it to created dataset resource = {'package_id': resultDataset['id'], 'url': self.serviceUrl} resultResource = tests.call_action_api(self.app, 'resource_create', apikey=self.sysadmin_user.apikey, **resource) #save resource id self.resourceID = resultResource['id']
def identify(self, token): try: if self.legacy_idm: profile_response = requests.get(self.profile_api_url + '?access_token=%s' % token['access_token'], verify=self.verify_https) else: oauth = OAuth2Session(self.client_id, token=token) profile_response = oauth.get(self.profile_api_url, verify=self.verify_https) except requests.exceptions.SSLError as e: # TODO search a better way to detect invalid certificates if "verify failed" in six.text_type(e): raise InsecureTransportError() else: raise # Token can be invalid if not profile_response.ok: error = profile_response.json() if error.get('error', '') == 'invalid_token': raise ValueError(error.get('error_description')) else: profile_response.raise_for_status() else: user_data = profile_response.json() email = user_data[self.profile_api_mail_field] user_name = user_data[self.profile_api_user_field] # In CKAN can exists more than one user associated with the same email # Some providers, like Google and FIWARE only allows one account per email user = None users = model.User.by_email(email) if len(users) == 1: user = users[0] # If the user does not exist, we have to create it... if user is None: user = model.User(email=email) # Now we update his/her user_name with the one provided by the OAuth2 service # In the future, users will be obtained based on this field user.name = user_name # Update fullname if self.profile_api_fullname_field != "" and self.profile_api_fullname_field in user_data: user.fullname = user_data[self.profile_api_fullname_field] # Update sysadmin status if self.profile_api_groupmembership_field != "" and self.profile_api_groupmembership_field in user_data: user.sysadmin = self.sysadmin_group_name in user_data[self.profile_api_groupmembership_field] # Save the user in the database model.Session.add(user) model.Session.commit() model.Session.remove() return user.name