def canview (request, userid, domain): '''This method ensures that current user is eligable to see the requested page. It first checks to see that the passed in userid and domain is a valid entry in the database. If so, the session user (accessed via the request object) is examined. Being an administrator of the system ensures that all valid requests are viewable. A standard user must match the the crendentials stored in the session against the requested page. If no conditions are met it returns false by default. This method should only be called in a view method as it requires the instance of the HttpRequest object.''' # Create model instance model = AuthModel() # The requested page owner request_user = model.getuser(userid, domain) # If there is no such user or the function # threw and error raise a page not found # exception if ((request_user and not request_user.userid) or (not request_user and model.error)): raise Http404 # Now that we have ensured the requested page # actually belongs to someone, see if the current # session viewer is allowed to see it. try: session_user = request.session['user'] except KeyError: # If there is no user then # we return False return False else: # if the user admin it will always be viewable if session_user.b_isadmin: return True # If the user is not an admin then check that the requested page # belongs to the session user. This will only be the case # if the domain and userid of the requested page match that # of the logged in user. elif (session_user.username == userid and session_user.domain == domain): return True else: return False return False
def setUp(self): # Get connection singleton connection = CLWConnection(test_db_host, test_db_name, test_db_user, test_db_pass) # Create a new cursor object. cursor = connection.cursor() params = {'mode': 1, 'domainname': 'example.co.uk', 'newdomainname': None, } self.adminmodel = AdminModel() self.authmodel = AuthModel() self.mailmodel = MailModel() self.eximmodel = EximModel() domainadded = self.adminmodel.managedomain(params) # Create a user params = {'mode': 1, 'userid': 'test.a', 'password': '******', 'home': '/home/mailstore/', 'domain': 'example.co.uk', 'uid': 1001, 'gid': 1001, 'status': 1, 'typer':'Person', 'role':"", 'fullname':'Test User', 'notes':None } # add the user useradded = self.adminmodel.manageuser(params) # Check user added self.assertNotEqual(useradded, False)
def login(request): ''' This method provides a mechanism for users to log into the system. If credentials are correctly supplied the user will be set as the session user. Othewise, the view is rendered anew with appropriate error messages''' # Create model instance model = AuthModel() # The object which will contain # the current session user, if one exists user = None # The error to be displayed if form validates # but credentials are incorrect error = None #Default data if no post new_data = None form = LoginForm() # If a user is already logged in, then redirect # to the appropirate holiday page. if request.session['user'].is_authenticated(): user = request.session['user'] if user.b_isadmin: return HttpResponseRedirect(urlrel + 'admin/user/manage/' ) else: return HttpResponseRedirect(urlrel + 'mailstore/user/%s/domain/%s/holiday/' % (user.username, user.domain)) # Otherwise go to login page else: # Check if we are validating post information if request.method == "POST" and "username" in request.POST: # Get post information new_data = request.POST.copy() # Bind form to post data form = LoginForm(new_data) if form.is_valid(): # Get cleaned data. This a standardized # output for a range of given input cleaned_data = form.clean() username = str(cleaned_data['username']) password = str(cleaned_data['password']) user = model.login(username,password) if not model.error and not user.userid: # If user doesnt exist, then supplied crendentials are incorrect error = "Your username and password combination was not found" else: # If the user was found check he/she is active try: string_status = status_mapper[user.status] except KeyError: # if the status is not found default to not active. error = "Your account is not active. Please contact Rory Campbell-Lange." else: # We have found a valid status. Check its active if status_mapper[user.status] == "Inactive": # If user status is inactive error = "Your account is not active. Please contact Rory Campbell-Lange." else: # If user does exist, then we assign them as current session user session_user = AuthUser(user.userid, user.domain, user.status, user.b_isadmin) request.session['user'] = session_user # Get the request url to redirect to # This is the url the user wanted to go to before logging in. redirect_url = request.session.get('pre_auth_url', None) if redirect_url: # Remove the request url as it is no longer needed. del request.session['pre_auth_url'] return HttpResponseRedirect(redirect_url) else: if session_user.b_isadmin: # redirect to management page return HttpResponseRedirect(urlrel + 'admin/user/manage/') else: # otherwise Redirect to user home page return HttpResponseRedirect(urlrel + 'mailstore/user/%s/domain/%s/holiday/' % (session_user.username, session_user.domain)) return render_to_response('auth/login.html', {'thistemplate':thistemplate, 'form':form, 'new_data':new_data, 'loginerror':error}, context_instance=RequestContext(request))
class MailTestCase(unittest.TestCase): def setUp(self): # Get connection singleton connection = CLWConnection(test_db_host, test_db_name, test_db_user, test_db_pass) # Create a new cursor object. cursor = connection.cursor() params = {'mode': 1, 'domainname': 'example.co.uk', 'newdomainname': None, } self.adminmodel = AdminModel() self.authmodel = AuthModel() self.mailmodel = MailModel() self.eximmodel = EximModel() domainadded = self.adminmodel.managedomain(params) # Create a user params = {'mode': 1, 'userid': 'test.a', 'password': '******', 'home': '/home/mailstore/', 'domain': 'example.co.uk', 'uid': 1001, 'gid': 1001, 'status': 1, 'typer':'Person', 'role':"", 'fullname':'Test User', 'notes':None } # add the user useradded = self.adminmodel.manageuser(params) # Check user added self.assertNotEqual(useradded, False) def test_auth(self): # Check login user = self.authmodel.login('*****@*****.**', 'password') # check user returned self.assertEqual(user.userid, 'test.a') # Check not working user = self.authmodel.login('*****@*****.**', 'password') self.assertEqual(user.userid, None) def test_usermanage(self): # Create a user params = {'mode': 1, 'userid': 'test.b', 'password': '******', 'home': '/home/mailstore/', 'domain': 'example.co.uk', 'uid': 1001, 'gid': 1001, 'status': 1, 'typer':'Person', 'role':"Architect", 'fullname':'Test User', 'notes':"here are some notes" } # add the user useradded = self.adminmodel.manageuser(params) # Check user added self.assertNotEqual(useradded, False) # add the user useradded = self.adminmodel.manageuser(params) user = self.adminmodel.getuser('test.b', 'example.co.uk') self.assertNotEqual(user, None) self.assertEqual(user.password,'password') self.assertEqual(user.userid,'test.b') self.assertEqual(user.domain,'example.co.uk') self.assertEqual(user.status,1) self.assertEqual(user.typer,'Person') self.assertEqual(user.uid,1001) self.assertEqual(user.gid,1001) self.assertEqual(user.role,'Architect') self.assertEqual(user.notes,'here are some notes') # Edit a user params = {'mode': 2, 'userid': 'test.b', 'password': '******', 'home': '/home/mailstore/', 'domain': 'example.co.uk', 'uid': 1001, 'gid': 1001, 'status': 1, 'typer':'Person', 'role':"Architect", 'fullname':'Test User edited', 'notes':"here are some notes" } # edit the user useredited = self.adminmodel.manageuser(params) # Check user edited self.assertNotEqual(useredited, False) user = self.adminmodel.getuser('test.b', 'example.co.uk') self.assertNotEqual(user, None) self.assertEqual(user.password,'changedpass') self.assertEqual(user.fullname,'Test User edited') #hide a user params = {'mode': 4, 'userid': 'test.b', 'password': None, 'home': None, 'domain':'example.co.uk', 'uid': None, 'gid': None, 'status': 9, 'typer':None, 'role':None, 'fullname':None, 'notes':None } # edit the user userhidden = self.adminmodel.manageuser(params) # Check user edited self.assertNotEqual(userhidden, False) user = self.adminmodel.getuser('test.b', 'example.co.uk') self.assertNotEqual(user, None) self.assertEqual(user.status,9) # delete a user params = {'mode': 3, 'userid': 'test.b', 'password': None, 'home': None, 'domain': 'example.co.uk', 'uid': None, 'gid': None, 'status': 9, 'typer':None, 'role':None, 'fullname':None, 'notes':None } # delete the user userdeleted = self.adminmodel.manageuser(params) self.assertNotEqual(userdeleted, False) user = self.adminmodel.getuser('test.b', 'example.co.uk') self.assertEqual(user.userid, None) def test_goupmanage(self): # Create a group params = {'mode': 1, 'alias': 'agroup', 'domain': 'example.co.uk', 'new_alias': None, 'notes':"test" } # try add the group groupadded = self.adminmodel.managealias(params) # Check group was added self.assertEqual(groupadded, True) params = {'mode':1, # add alias users 'alias':'agroup', 'userid':'test.a', 'domain':'example.co.uk' } # check added user to alias aliasuseradded = self.adminmodel.managealiasuser(params) self.assertEqual(aliasuseradded, True) # Retrieve info alias = self.adminmodel.getalias('agroup', 'example.co.uk') self.assertNotEqual(alias, None) self.assertEqual(alias.aliasname,'agroup') self.assertEqual(alias.notes,'test') users = self.adminmodel.getaliasusers('agroup','example.co.uk') self.assertNotEqual(users, None) users = list(users) self.assertEqual(len(users),1) user = users[0] self.assertEqual(user.username,'*****@*****.**') # create function parameter list params = {'mode': 2, 'alias': 'agroup', 'domain': 'example.co.uk', 'new_alias': 'bgroup', 'notes': None } # edit the group groupedited = self.adminmodel.managealias(params) # Check alias edited self.assertNotEqual(groupedited, False) alias = self.adminmodel.getalias('bgroup', 'example.co.uk') self.assertNotEqual(alias, None) self.assertEqual(alias.aliasname,'bgroup') self.assertEqual(alias.notes,None) users = self.adminmodel.getaliasusers('bgroup','example.co.uk') self.assertNotEqual(users, None) users = list(users) self.assertEqual(len(users),1) user = users[0] self.assertEqual(user.username,'*****@*****.**') # create function parameter list params = {'mode': 3, 'alias': 'bgroup', 'domain': 'example.co.uk', 'new_alias': None, 'notes':None } # delete the group groupdeleted = self.adminmodel.managealias(params) # Check user edited self.assertNotEqual(groupdeleted, False) # Ensure there was a cascding delete of alias users users = self.adminmodel.getaliasusers('bgroup','example.co.uk') self.assertEqual(users, None) def test_domainmanage(self): # Create a domain params = {'mode': 1, 'domainname': 'HOPKINS.CO.UK', 'newdomainname': None, } # try add the domain domainadded = self.adminmodel.managedomain(params) # Check domain was NOT added self.assertEqual(domainadded, False) self.assertEqual(self.adminmodel.error, "This domain already exists\n") # Create a domain params = {'mode': 1, 'domainname': 'otherdomain.com', 'newdomainname': None, } # try add the domain domainadded = self.adminmodel.managedomain(params) # Check domain was added self.assertEqual(domainadded, True) # Get the domain request_domain = self.adminmodel.getdomain('otherdomain.com') self.assertEqual(request_domain.domainname, 'otherdomain.com') params = {'mode': 2, 'domainname': 'example.co.uk', 'newdomainname': 'newexample.co.uk', } # check edited domain domainedited = self.adminmodel.managedomain(params) self.assertEqual(domainedited, True) # Get the domain request_domain = self.adminmodel.getdomain('newexample.co.uk') self.assertEqual(request_domain.domainname, 'newexample.co.uk') # Check changed reflected in users user = self.adminmodel.getuser('test.a', 'newexample.co.uk') self.assertNotEqual(user, None) self.assertEqual(user.domain, 'newexample.co.uk') self.assertEqual(user.userid, 'test.a') # Delete a domain params = {'mode': 3, 'domainname': 'otherdomain.com', 'newdomainname': None, } # try delete the domain domaindeleted = self.adminmodel.managedomain(params) # Check domain was deleted self.assertEqual(domaindeleted, True) # Get the domain request_domain = self.adminmodel.getdomain('otherdomain.com') self.assertEqual(request_domain.domainname, None) # try delete domain with reference to user params = {'mode': 3, 'domainname': 'newexample.co.uk', 'newdomainname': None, } # try delete the domain domaindeleted = self.adminmodel.managedomain(params) # Check domain was Not deleted self.assertEqual(domaindeleted, False) self.assertEqual(self.adminmodel.error, "This domain is referenced by users of the system and cannot be deleted.\n") # Get the domain request_domain = self.adminmodel.getdomain('newexample.co.uk') self.assertNotEqual(request_domain, None) def test_holidaymanage(self): #Add holiday param_dict = {'mode':1, 'username':'******', 'domain':'example.co.uk', 'hstart':'2008-01-01 09:00:00', 'hend':'2008-01-10 09:00:00', 'message':"The holiday message", 'id':-1, 'b_default':False} result = self.mailmodel.manageholiday(**param_dict) self.assertNotEqual(result, None) holidays = self.mailmodel.getuserholidays( 'test.a', 'example.co.uk') self.assertNotEqual(holidays, None) holidays = list(holidays) self.assertEqual(len(holidays), 1) holiday = holidays[0] self.assertEqual(holiday.holstart.year,2008) self.assertEqual(holiday.holstart.month,1) self.assertEqual(holiday.holstart.day,1) self.assertEqual(holiday.holstart.hour,9) self.assertEqual(holiday.holstart.minute,0) self.assertEqual(holiday.holend.year,2008) self.assertEqual(holiday.holend.month,1) self.assertEqual(holiday.holend.day,10) self.assertEqual(holiday.holend.hour,9) self.assertEqual(holiday.holend.minute,0) self.assertEqual(holiday.holmsg,'The holiday message') #Edit holiday param_dict = {'mode':2, 'username':'******', 'domain':'example.co.uk', 'hstart':'2008-01-01 10:00:00', 'hend':'2008-01-10 09:00:00', 'message':"The edit message", 'id':holiday.holid, 'b_default':False} result = self.mailmodel.manageholiday(**param_dict) self.assertNotEqual(result, None) holidays = self.mailmodel.getuserholidays( 'test.a', 'example.co.uk') self.assertNotEqual(holidays, None) holidays = list(holidays) self.assertEqual(len(holidays), 1) holiday = holidays[0] self.assertEqual(holiday.holstart.year,2008) self.assertEqual(holiday.holstart.month,1) self.assertEqual(holiday.holstart.day,1) self.assertEqual(holiday.holstart.hour,10) self.assertEqual(holiday.holstart.minute,0) self.assertEqual(holiday.holmsg,'The edit message') #Delete holiday param_dict = {'mode':3, 'username':'******', 'domain':'example.co.uk', 'hstart':None, 'hend':None, 'message':None, 'id':holiday.holid, 'b_default': None} result = self.mailmodel.manageholiday(**param_dict) self.assertNotEqual(result, None) holidays = self.mailmodel.getuserholidays( 'test.a', 'example.co.uk') self.assertEqual(holidays, None) # Check setting of holdiday to current now = datetime.now() tendays = now + timedelta (days =10) #Add holiday param_dict = {'mode':1, 'username':'******', 'domain':'example.co.uk', 'hstart':now, 'hend':tendays, 'message':"current message", 'id':-1, 'b_default':False} result = self.mailmodel.manageholiday(**param_dict) self.assertNotEqual(result, None) b_holset = self.eximmodel.setholidays() self.assertEqual(b_holset, 1) holmessage = self.mailmodel.getcurrentholiday('test.a','example.co.uk') self.assertNotEqual(holmessage, None) self.assertEqual(holmessage.message, 'current message') # Remove current holiday param_dict = {'mode':2, 'username':'******', 'domain':'example.co.uk', 'hstart':None, 'hend':None, 'message':None, 'id':None} result = self.mailmodel.removeleave(**param_dict) user = self.adminmodel.getuser('test.a', 'example.co.uk') self.assertNotEqual(user, None) self.assertEqual(user.status,1) # Test leaver # Create a user params = {'mode': 1, 'userid': 'leaver', 'password': '******', 'home': '/home/mailstore/', 'domain': 'example.co.uk', 'uid': 1001, 'gid': 1001, 'status': 1, 'typer':'Person', 'role':"", 'fullname':'Leaver', 'notes':None } # add the user useradded = self.adminmodel.manageuser(params) # Check user added self.assertNotEqual(useradded, False) # set user to leaver params = {'mode': 1, 'userid': 'leaver', 'domain': 'example.co.uk', 'leavedate': now, 'message': 'This person has left' } result = self.eximmodel.manageleaver(params) self.assertNotEqual(result, None) message = self.eximmodel.getleavermessage('leaver','example.co.uk') self.assertNotEqual(message,None) self.assertEqual(message,'This person has left') # unset user to leaver params = {'mode': 2, 'userid': 'leaver', 'domain': 'example.co.uk', 'leavedate':None, 'message':None } result = self.eximmodel.manageleaver(params) self.assertNotEqual(result, None) # Check changed reflected in users user = self.adminmodel.getuser('test.a', 'example.co.uk') self.assertNotEqual(result, None) self.assertEqual(user.status,1) def test_exim(self): ''' This test case ensures that the exim functions used are working properly''' active_user = self.eximmodel.getactiveuser('test.a','example.co.uk') self.assertNotEqual(active_user, None) self.assertEqual(active_user.userid,'test.a') holiday_user = self.eximmodel.getactiveuser('test.a','example.co.uk') self.assertNotEqual(holiday_user, None) self.assertEqual(holiday_user.userid,'test.a') now = datetime.now() tendays = now + timedelta (days =10) #Add holiday param_dict = {'mode':1, 'username':'******', 'domain':'example.co.uk', 'hstart':now, 'hend':tendays, 'message':"current message", 'id':-1, 'b_default':False} result = self.mailmodel.manageholiday(**param_dict) self.assertNotEqual(result, None) b_holset = self.eximmodel.setholidays() self.assertEqual(b_holset, 1) # unset user to leaver params = {'mode': 1, 'userid': 'test.a', 'domain': 'example.co.uk', 'leavedate':now, 'message':"leaving" } result = self.eximmodel.manageleaver(params) self.assertNotEqual(result, None) leave_user = self.eximmodel.getleaveruser('test.a','example.co.uk') self.assertNotEqual(leave_user, None) self.assertEqual(leave_user.userid,'test.a') params = {'userid': 'test.a', 'domain': 'example.co.uk'} result = self.eximmodel.manageactiveusers(params) self.assertNotEqual(result, None) active_user = self.adminmodel.getuser('test.a','example.co.uk') self.assertNotEqual(active_user, None) self.assertEqual(active_user.status,1) def tearDown(self): query = "DELETE FROM users;" self.adminmodel.executequery(query) query = "DELETE FROM domains;" self.adminmodel.executequery(query)