def test_query_post_favorites_auth(self):
"""Test API POST Favorites works for user."""
user = UserFactory.create()
user2 = UserFactory.create()
task = TaskFactory.create()
url = self.url + '?api_key=%s' % user.api_key
res = self.app.post(url, data=json.dumps(dict(task_id=task.id)))
data = json.loads(res.data)
assert res.status_code == 200, res.status_code
assert data['fav_user_ids'] == [user.id], data
url = self.url + '?api_key=%s' % user2.api_key
res = self.app.post(url, data=json.dumps(dict(task_id=task.id)))
data = json.loads(res.data)
assert res.status_code == 200, res.status_code
assert user.id in data['fav_user_ids'], data
assert user2.id in data['fav_user_ids'], data
url = self.url + '?api_key=%s' % user2.api_key
res = self.app.post(url, data=json.dumps(dict(task_id=4000000000)))
data = json.loads(res.data)
assert res.status_code == 404, res.status_code
assert data['status_code'] == 404, data
url = self.url + '?api_key=%s' % user2.api_key
res = self.app.post(url, data=json.dumps(dict(task_id=task.id)))
data = json.loads(res.data)
assert res.status_code == 200, res.status_code
assert user.id in data['fav_user_ids'], data
assert user2.id in data['fav_user_ids'], data
def test_user_not_allowed_actions_admin (self):
"""Test POST, PUT and DELETE for ADMIN actions are not allowed for user
in the API"""
admin = UserFactory.create()
auth = UserFactory.create()
user = UserFactory.create()
url = 'api/user'
res = self.app.post(url + '?api_key=%s' % admin.api_key,
data=json.dumps(user.to_public_json()))
data = json.loads(res.data)
assert res.status_code == 405, res.status_code
assert data['status_code'] == 405, data
# Update another user
url += '/%s' % user.id
new_info = user.info
new_info['foo'] = 'bar'
res = self.app.put(url + '?api_key=%s' % admin.api_key,
data=json.dumps(dict(name='new', info=new_info)))
data = json.loads(res.data)
assert res.status_code == 200, res.data
assert data['name'] == 'new', data
assert data['info']['foo'] == 'bar', data
res = self.app.delete(url + '?apikey=%s' % auth.api_key)
assert res.status_code == 405, res.status_code
# Update the same user
url = 'api/user/%s' % admin.id
res = self.app.put(url + '?api_key=%s' % admin.api_key,
data=json.dumps(dict(name='newadmin')))
data = json.loads(res.data)
assert res.status_code == 200, res.data
assert data['name'] == 'newadmin', data
def test_delete_blogpost(self, mock_delete):
"""Test API Blogpost delete post (DEL)."""
mock_delete.return_value = True
admin = UserFactory.create()
owner = UserFactory.create()
user = UserFactory.create()
project = ProjectFactory.create(owner=owner)
blogpost = BlogpostFactory.create(project=project)
blogpost2 = BlogpostFactory.create(project=project)
# As anon
url = '/api/blogpost/%s' % blogpost.id
res = self.app.delete(url)
data = json.loads(res.data)
assert res.status_code == 401, res.status_code
# As user
url = '/api/blogpost/%s?api_key=%s' % (blogpost.id, user.api_key)
res = self.app.delete(url)
assert res.status_code == 403, res.status_code
# As owner
url = '/api/blogpost/%s?api_key=%s' % (blogpost.id, owner.api_key)
res = self.app.delete(url)
assert res.status_code == 204, res.status_code
assert mock_delete.called_with(blogpost.info['file_name'],
blogpost.info['container'])
# As admin
url = '/api/blogpost/%s?api_key=%s' % (blogpost2.id, admin.api_key)
res = self.app.delete(url)
assert res.status_code == 204, res.status_code
def test_user_03_respects_limit_tasks(self):
""" Test SCHED newtask respects the limit of 30 TaskRuns per Task"""
project = ProjectFactory.create(info=dict(sched='depth_first_all'),
owner=UserFactory.create(id=500))
orig_tasks = TaskFactory.create_batch(1, project=project, n_answers=10)
user = UserFactory.create()
tasks = get_depth_first_all_task(project.id, user.id)
assert len(tasks) == 1, len(tasks)
assert tasks[0].id == orig_tasks[0].id, tasks
assert tasks[0].state == 'ongoing', tasks
for i in range(10):
tr = TaskRun(project_id=project.id,
task_id=orig_tasks[0].id,
user_ip='127.0.0.%s' % i)
db.session.add(tr)
db.session.commit()
tasks = get_depth_first_all_task(project.id, user.id)
assert len(tasks) == 1, len(tasks)
assert tasks[0].id == orig_tasks[0].id, tasks
assert tasks[0].state == 'completed', tasks
assert len(tasks[0].task_runs) == 10, tasks
tr = TaskRun(project_id=project.id,
task_id=orig_tasks[0].id,
user_id=user.id)
db.session.add(tr)
db.session.commit()
tasks = get_depth_first_all_task(project.id, user.id)
assert len(tasks) == 0, tasks
def test_parse_post(self):
response = '''{"comments": {"can_post": 0, "count": 4},
"date": 1298365200,
"from_id": 55555,
"geo": {"coordinates": "55.6745689498 37.8724562529",
"place": {"city": "Moskovskaya oblast",
"country": "Russian Federation",
"title": "Shosseynaya ulitsa, Moskovskaya oblast"},
"type": "point"},
"id": 465,
"likes": {"can_like": 1, "can_publish": 1, "count": 10, "user_likes": 0},
"online": 1,
"post_source": {"type": "api"},
"reply_count": 0,
"reposts": {"count": 3, "user_reposted": 0},
"text": "qwerty",
"to_id": 201164356}
'''
instance = Post()
owner = UserFactory.create(remote_id=201164356) # Travis Djangov
author = UserFactory.create(remote_id=55555)
instance.parse(json.loads(response))
instance.save()
self.assertTrue(instance.remote_id.startswith('201164356_'))
self.assertEqual(instance.wall_owner, owner)
self.assertEqual(instance.author, author)
self.assertEqual(instance.reply_count, 0)
self.assertEqual(instance.likes, 10)
self.assertEqual(instance.reposts, 3)
self.assertEqual(instance.comments, 4)
self.assertEqual(instance.text, 'qwerty')
self.assertTrue(isinstance(instance.date, datetime))
def test_org_decline_invitation(self):
user_a = UserFactory.create(email="*****@*****.**")
user_b = UserFactory.create(email="*****@*****.**")
org = create_sample_organization(user_a, org_kwargs={
'name': u"My first org",
})
project = create_sample_project(user_a, project_kwargs={
'org': org
})
auth = AuthorizationAssociation.objects.create(
org=org,
user=user_b,
is_active=False,
is_admin=True
)
auth_p = AuthorizationAssociation.objects.create(
project=project,
user=user_b,
is_active=False,
is_admin=True
)
url = reverse("my_notifications")
response = self.app.get(url, user=user_b)
self.assertContains(response, org.name)
form = response.forms['form_decline_{0}'.format(auth.pk)]
response = form.submit().follow()
self.assertContains(response, "Invitation has been declined")
auth_filter = AuthorizationAssociation.objects.filter(pk=auth.pk)
self.assertFalse(auth_filter.exists())
auth_filter = AuthorizationAssociation.objects.filter(pk=auth_p.pk)
self.assertFalse(auth_filter.exists())
def test_taskrun_cannot_be_deleted_associated_result_variation_2(self):
"""Test API taskrun cannot be deleted when a result is associated
variation."""
root = UserFactory.create(admin=True)
results = self.create_result(filter_by=True)
project = project_repo.get(results[0].project_id)
task = task_repo.get_task(results[0].task_id)
task.n_answers = 30
task_repo.update(task)
volunteer = UserFactory.create()
tr_delete = TaskRunFactory.create(task=task, user=volunteer)
results = result_repo.filter_by(project_id=project.id, task_id=task.id)
assert len(results) == 1, len(results)
# Owner
for result in results:
for tr in result.task_run_ids:
url = '/api/taskrun/%s?api_key=%s' % (tr, root.api_key)
res = self.app.delete(url)
assert_equal(res.status, '403 FORBIDDEN', res.status)
url = '/api/taskrun/%s?api_key=%s' % (tr_delete.id,
volunteer.api_key)
res = self.app.delete(url)
assert_equal(res.status, '204 NO CONTENT', res.status)
def test_project_revoke_invitation(self):
user_a = UserFactory.create(email="*****@*****.**")
user_b = UserFactory.create(email="*****@*****.**")
project = create_sample_project(user_a, project_kwargs={
'name': u"My first project",
})
project.add_user(user_b)
url = reverse("dashboard")
response = self.app.get(url, user=user_b)
self.assertContains(response, u"My first project")
auth = AuthorizationAssociation.objects.get(
project=project,
user=user_b
)
url = reverse("project_auth_delete", args=(project.pk, auth.pk))
self.app.get(url, user=user_b, status=403)
response = self.app.get(url, user=user_a)
form = response.forms['delete_form']
response = form.submit().follow()
self.assertContains(
response,
'User {0} has been revoked.'.format(user_b.email),
)
url = reverse("dashboard")
response = self.app.get(url, user=user_b)
self.assertNotContains(response, u"My first project")
def test_org_accept_invitation(self):
user_a = UserFactory.create(email="*****@*****.**")
user_b = UserFactory.create(email="*****@*****.**")
org = create_sample_organization(user_a, org_kwargs={
'name': u"My first org",
})
project = create_sample_project(user_a, project_kwargs={
'org': org
})
auth = AuthorizationAssociation.objects.create(
org=org,
user=user_b,
is_active=False,
is_admin=True
)
project.add_user(user_b, is_active=False)
project = Project.objects.get(pk=project.pk)
self.assertFalse(project.can_read(user_b))
url = reverse("my_notifications")
response = self.app.get(url, user=user_b)
self.assertContains(response, org.name)
form = response.forms['form_accept_{0}'.format(auth.pk)]
response = form.submit().follow()
self.assertContains(response, "You are now a member of this "
"organization")
auth = AuthorizationAssociation.objects.get(pk=auth.pk)
self.assertTrue(auth.is_active)
project = Project.objects.get(pk=project.pk)
self.assertTrue(project.can_read(user_b))
def test_total_users_count(self):
"""Test total_users return 1 if there is one user"""
UserFactory.create()
count = self.user_repo.total_users()
assert count == 1, count
def test_order_allocations(app):
org = OrganizationFactory.create()
u1 = UserFactory.create(organization=org)
u2 = UserFactory.create(organization=org)
u3 = UserFactory.create(organization=org)
vendor = VendorFactory.create()
order = Order(
ordered_by=u1, vendor=vendor,
for_date=date.today(), placed_at=datetime.now(),
)
db.session.add(order)
db.session.commit()
assert order.total_amount == Decimal("0.00")
oc1 = OrderContribution(order=order, user=u1, amount=Decimal("10.80"))
db.session.add(oc1)
db.session.commit()
assert order.total_amount == Decimal("10.80")
oc2 = OrderContribution(order=order, user=u2, amount=Decimal("2.50"))
db.session.add(oc2)
db.session.commit()
assert order.total_amount == Decimal("13.30")
oc3 = OrderContribution(order=order, user=u3, amount=Decimal("4.75"))
db.session.add(oc3)
db.session.commit()
assert order.total_amount == Decimal("18.05")
def test_user_not_allowed_actions_user(self, caching_mock):
"""Test POST, PUT and DELETE for USER actions are not allowed for user
in the API"""
clean_user_mock = MagicMock()
caching_mock.get.return_value = dict(refresh=clean_user_mock)
admin = UserFactory.create()
auth = UserFactory.create()
user = UserFactory.create()
url = 'api/user'
res = self.app.post(url + '?api_key=%s' % auth.api_key,
data=json.dumps(user.to_public_json()))
data = json.loads(res.data)
assert res.status_code == 405, res.status_code
assert data['status_code'] == 405, data
# Update another user
url += '/%s' % user.id
res = self.app.put(url + '?api_key=%s' % auth.api_key,
data=json.dumps(dict(name='new')))
assert res.status_code == 403, res.data
res = self.app.delete(url + '?apikey=%s' % auth.api_key)
assert res.status_code == 405, res.status_code
# Update the same user
url = 'api/user/%s' % auth.id
res = self.app.put(url + '?api_key=%s' % auth.api_key,
data=json.dumps(dict(name='new')))
data = json.loads(res.data)
assert res.status_code == 200, res.data
assert data['name'] == 'new', data
clean_user_mock.assert_called_with(data['id'])
def test_result_post(self):
"""Test API Result creation"""
admin = UserFactory.create()
user = UserFactory.create()
non_owner = UserFactory.create()
project = ProjectFactory.create(owner=user)
data = dict(info='final result')
# anonymous user
# no api-key
res = self.app.post('/api/result', data=json.dumps(data))
error_msg = 'Should not be allowed to create'
assert_equal(res.status, '401 UNAUTHORIZED', error_msg)
### real user but not allowed as not owner!
res = self.app.post('/api/result?api_key=' + non_owner.api_key,
data=json.dumps(data))
error_msg = 'Should not be able to post tasks for projects of others'
assert_equal(res.status, '403 FORBIDDEN', error_msg)
# now a real user
res = self.app.post('/api/result?api_key=' + user.api_key,
data=json.dumps(data))
assert_equal(res.status, '403 FORBIDDEN', error_msg)
# now the root user
res = self.app.post('/api/result?api_key=' + admin.api_key,
data=json.dumps(data))
assert_equal(res.status, '403 FORBIDDEN', error_msg)
# POST with not JSON data
url = '/api/result?api_key=%s' % user.api_key
res = self.app.post(url, data=data)
err = json.loads(res.data)
assert res.status_code == 415, err
assert err['status'] == 'failed', err
assert err['target'] == 'result', err
assert err['action'] == 'POST', err
assert err['exception_cls'] == 'ValueError', err
# POST with not allowed args
res = self.app.post(url + '&foo=bar', data=json.dumps(data))
err = json.loads(res.data)
assert res.status_code == 415, err
assert err['status'] == 'failed', err
assert err['target'] == 'result', err
assert err['action'] == 'POST', err
assert err['exception_cls'] == 'AttributeError', err
# POST with fake data
data['wrongfield'] = 13
res = self.app.post(url, data=json.dumps(data))
err = json.loads(res.data)
assert res.status_code == 415, err
assert err['status'] == 'failed', err
assert err['target'] == 'result', err
assert err['action'] == 'POST', err
assert err['exception_cls'] == 'TypeError', err
def test_admins_can_delete_any_user(self):
"""Test admins users can delete any given user"""
himself = UserFactory.create()
other_user = UserFactory.create()
assert himself.id == self.mock_admin.id
assert other_user.id != self.mock_admin.id
assert_not_raises(Exception, ensure_authorized_to, 'delete', other_user)
def test_user_check_duplicated_username(self):
# create a user
UserFactory.create(username='******')
# try to create another user with the same username
self.data.update({'username': '******'})
response = self.client.post(reverse('accounts_registration'), self.data)
self.assertContains(response, u'Erro ao processar formulário')
def test_notify_news_admins(self):
user = UserFactory.create(admin=False)
user2 = UserFactory.create(admin=False)
notify_news_admins()
key = "notify:admin:%s" % user2.id
value = sentinel.slave.get(key)
err_msg = "Key should not exist"
assert value is None, err_msg
def test_get_by_returns_none_if_no_user(self):
"""Test get_by returns None if no user matches the query"""
UserFactory.create(name='Tyrion Lannister')
user = self.user_repo.get_by(name='no_name')
assert user is None, user
def test_get_users(self):
tyrion = UserFactory.create(name='Tyrion Lannister')
theon = UserFactory.create(name='reek', fullname='Theon Greyjoy')
retrieved_users = self.user_repo.get_users([tyrion.id, theon.id])
assert any(user == tyrion for user in retrieved_users)
assert any(user == theon for user in retrieved_users)
def test_admins_can_delete_any_user(self):
"""Test admins users can delete any given user"""
himself = UserFactory.create()
other_user = UserFactory.create()
assert himself.id == self.mock_admin.id
assert other_user.id != self.mock_admin.id
assert_not_raises(Exception, getattr(require, 'user').delete, other_user)
def test_result_update(self):
"""Test API result update"""
admin = UserFactory.create()
user = UserFactory.create()
non_owner = UserFactory.create()
data = dict(info=dict(foo='bar'))
datajson = json.dumps(data)
result = self.create_result(owner=user)
## anonymous
res = self.app.put('/api/result/%s' % result.id, data=datajson)
assert_equal(res.status, '401 UNAUTHORIZED', res.status)
### real user but not allowed as not owner!
url = '/api/result/%s?api_key=%s' % (result.id, non_owner.api_key)
res = self.app.put(url, data=datajson)
assert_equal(res.status, '403 FORBIDDEN', res.status)
### real user
url = '/api/result/%s?api_key=%s' % (result.id, user.api_key)
res = self.app.put(url, data=datajson)
out = json.loads(res.data)
assert_equal(res.status, '200 OK', res.data)
assert_equal(result.info['foo'], data['info']['foo'])
assert result.id == out['id'], out
### root
res = self.app.put('/api/result/%s?api_key=%s' % (result.id, admin.api_key),
data=datajson)
assert_equal(res.status, '403 FORBIDDEN', res.status)
# PUT with not JSON data
res = self.app.put(url, data=None)
err = json.loads(res.data)
assert res.status_code == 415, err
assert err['status'] == 'failed', err
assert err['target'] == 'result', err
assert err['action'] == 'PUT', err
assert err['exception_cls'] == 'ValueError', err
# PUT with not allowed args
res = self.app.put(url + "&foo=bar", data=json.dumps(data))
err = json.loads(res.data)
assert res.status_code == 415, err
assert err['status'] == 'failed', err
assert err['target'] == 'result', err
assert err['action'] == 'PUT', err
assert err['exception_cls'] == 'AttributeError', err
# PUT with fake data
data['wrongfield'] = 13
res = self.app.put(url, data=json.dumps(data))
err = json.loads(res.data)
assert res.status_code == 415, err
assert err['status'] == 'failed', err
assert err['target'] == 'result', err
assert err['action'] == 'PUT', err
assert err['exception_cls'] == 'TypeError', err
def test_filter_by_no_matches(self):
"""Test filter_by returns an empty list if no users match the query"""
UserFactory.create(name='reek', fullname='Theon Greyjoy')
retrieved_users = self.user_repo.filter_by(name='asha')
assert isinstance(retrieved_users, list)
assert len(retrieved_users) == 0, retrieved_users
def test_result_post(self):
"""Test API Result creation"""
admin = UserFactory.create()
user = UserFactory.create()
non_owner = UserFactory.create()
project = ProjectFactory.create(owner=user)
data = dict(info="final result")
# anonymous user
# no api-key
res = self.app.post("/api/result", data=json.dumps(data))
error_msg = "Should not be allowed to create"
assert_equal(res.status, "401 UNAUTHORIZED", error_msg)
### real user but not allowed as not owner!
res = self.app.post("/api/result?api_key=" + non_owner.api_key, data=json.dumps(data))
error_msg = "Should not be able to post tasks for projects of others"
assert_equal(res.status, "403 FORBIDDEN", error_msg)
# now a real user
res = self.app.post("/api/result?api_key=" + user.api_key, data=json.dumps(data))
assert_equal(res.status, "403 FORBIDDEN", error_msg)
# now the root user
res = self.app.post("/api/result?api_key=" + admin.api_key, data=json.dumps(data))
assert_equal(res.status, "403 FORBIDDEN", error_msg)
# POST with not JSON data
url = "/api/result?api_key=%s" % user.api_key
res = self.app.post(url, data=data)
err = json.loads(res.data)
assert res.status_code == 415, err
assert err["status"] == "failed", err
assert err["target"] == "result", err
assert err["action"] == "POST", err
assert err["exception_cls"] == "ValueError", err
# POST with not allowed args
res = self.app.post(url + "&foo=bar", data=json.dumps(data))
err = json.loads(res.data)
assert res.status_code == 415, err
assert err["status"] == "failed", err
assert err["target"] == "result", err
assert err["action"] == "POST", err
assert err["exception_cls"] == "AttributeError", err
# POST with fake data
data["wrongfield"] = 13
res = self.app.post(url, data=json.dumps(data))
err = json.loads(res.data)
assert res.status_code == 415, err
assert err["status"] == "failed", err
assert err["target"] == "result", err
assert err["action"] == "POST", err
assert err["exception_cls"] == "TypeError", err
def test_result_update(self):
"""Test API result update"""
admin = UserFactory.create()
user = UserFactory.create()
non_owner = UserFactory.create()
data = dict(info=dict(foo="bar"))
datajson = json.dumps(data)
result = self.create_result(owner=user)
## anonymous
res = self.app.put("/api/result/%s" % result.id, data=datajson)
assert_equal(res.status, "401 UNAUTHORIZED", res.status)
### real user but not allowed as not owner!
url = "/api/result/%s?api_key=%s" % (result.id, non_owner.api_key)
res = self.app.put(url, data=datajson)
assert_equal(res.status, "403 FORBIDDEN", res.status)
### real user
url = "/api/result/%s?api_key=%s" % (result.id, user.api_key)
res = self.app.put(url, data=datajson)
out = json.loads(res.data)
assert_equal(res.status, "200 OK", res.data)
assert_equal(result.info["foo"], data["info"]["foo"])
assert result.id == out["id"], out
### root
res = self.app.put("/api/result/%s?api_key=%s" % (result.id, admin.api_key), data=datajson)
assert_equal(res.status, "403 FORBIDDEN", res.status)
# PUT with not JSON data
res = self.app.put(url, data=None)
err = json.loads(res.data)
assert res.status_code == 415, err
assert err["status"] == "failed", err
assert err["target"] == "result", err
assert err["action"] == "PUT", err
assert err["exception_cls"] == "ValueError", err
# PUT with not allowed args
res = self.app.put(url + "&foo=bar", data=json.dumps(data))
err = json.loads(res.data)
assert res.status_code == 415, err
assert err["status"] == "failed", err
assert err["target"] == "result", err
assert err["action"] == "PUT", err
assert err["exception_cls"] == "AttributeError", err
# PUT with fake data
data["wrongfield"] = 13
res = self.app.put(url, data=json.dumps(data))
err = json.loads(res.data)
assert res.status_code == 415, err
assert err["status"] == "failed", err
assert err["target"] == "result", err
assert err["action"] == "PUT", err
assert err["exception_cls"] == "TypeError", err
def test_get_user_summary_user_exists(self):
"""Test CACHE USERS get_user_summary returns a dict with the user data
if the user exists"""
UserFactory.create(name='zidane')
UserFactory.create(name='figo')
zizou = cached_users.get_user_summary('zidane')
assert type(zizou) is dict, type(zizou)
assert zizou != None, zizou
def test_get_user_summary_returns_fields(self):
"""Test CACHE USERS get_user_summary all the fields in the dict"""
UserFactory.create(name='user')
fields = ('id', 'name', 'fullname', 'created', 'api_key',
'twitter_user_id', 'google_user_id', 'facebook_user_id',
'info', 'email_addr', 'n_answers', 'rank', 'score', 'total')
user = cached_users.get_user_summary('user')
for field in fields:
assert field in user.keys(), field
def test_notify_blog_users(self, mock):
"""Test Notify Blog users without pro or featured works."""
owner = UserFactory.create(pro=False)
user = UserFactory.create(subscribed=False)
project = ProjectFactory.create(owner=owner, featured=False)
TaskRunFactory.create(project=project)
TaskRunFactory.create(project=project, user=user)
blog = BlogpostFactory.create(project=project)
res = notify_blog_users(blog.id, blog.project.id)
msg = "0 users notified by email"
assert res == msg, res
def test_project_registration_cycle(self):
user_a = UserFactory.create(email="*****@*****.**")
user_b = UserFactory.create(email="*****@*****.**")
user_c = UserFactory.create(email="*****@*****.**")
project = create_sample_project(user_a, project_kwargs={
'name': u"My first project",
})
url = reverse('project_invite_user', args=(project.pk,))
# require login
self.app.get(url, status=302)
# not part of the project yet
self.app.get(url, user=user_b, status=404)
response = self.app.get(url, user=user_a)
self.assertContains(response, 'Invite')
form = response.forms['register_form']
# should handle uppercase email
for key, value in {
'email': '*****@*****.**',
}.iteritems():
form[key] = value
response = form.submit().follow()
self.assertContains(response, "Invitation has been sent")
message = mail.outbox[-1]
self.assertIn("*****@*****.**", message.to)
self.assertTrue(
message.body.find(
"You have been invited to join the project") != -1
)
answer_url = line_starting(message.body, u"http://localhost:80/")
response = self.app.get(answer_url, user=user_a, status=200)
self.assertContains(
response,
u"You already accepted this invitation."
)
response = self.app.get(answer_url, user=user_c, status=200)
self.assertContains(
response,
u"This invitation does not match your current user"
)
response = self.app.get(answer_url, user=user_b)
self.assertContains(
response,
u"Invitation to project '{0}' has been".format(project.name)
)
url = reverse("dashboard")
response = self.app.get(url, user=user_b)
self.assertContains(response, escape(project.name))
event = Event.objects.get(
project=project
)
self.assertEqual(event.text, "joined the project as team member")
self.assertEqual(event.user, user_b)
def test_search_by_name_capital_lower_letters(self):
"""Test search_by_name works the same with capital or lower letters"""
user_capitals = UserFactory.create(name='JOJEN')
user_lowers = UserFactory.create(name='meera')
search_lower = self.user_repo.search_by_name('jojen')
search_capital = self.user_repo.search_by_name('MEERA')
assert user_capitals in search_lower, search_lower
assert user_lowers in search_capital, search_capital
def test_notify_blog_users_pro_owner_feature_only_for_pros(self, mock):
"""Test Notify Blog users with pro owner project works."""
owner = UserFactory.create(pro=True)
user = UserFactory.create(subscribed=False)
project = ProjectFactory.create(owner=owner)
TaskRunFactory.create(project=project)
TaskRunFactory.create(project=project, user=user)
blog = BlogpostFactory.create(project=project)
res = notify_blog_users(blog.id, blog.project.id)
msg = "1 users notified by email"
assert res == msg, res
def test_admin_can_crud(self):
"""Test admin user can crud tasks"""
user = UserFactory.create()
user2 = UserFactory.create()
app = AppFactory.create(owner=user2)
task = TaskFactory.create(app=app)
with patch('pybossa.auth.task.current_user', new=user):
assert_not_raises(Forbidden, getattr(require, 'task').create, task)
assert_not_raises(Forbidden, getattr(require, 'task').read, task)
assert_not_raises(Forbidden, getattr(require, 'task').update, task)
assert_not_raises(Forbidden, getattr(require, 'task').delete, task)
def test_task_update_state(self):
"""Test API task n_answers updates state properly."""
user = UserFactory.create()
project = ProjectFactory.create(owner=user)
task = TaskFactory.create(project=project,
n_answers=1,
state='ongoing')
data = {'n_answers': 2}
datajson = json.dumps(data)
url = '/api/task/%s?api_key=%s' % (task.id, user.api_key)
res = self.app.put(url, data=datajson)
out = json.loads(res.data)
assert_equal(res.status, '200 OK', res.data)
assert_equal(task.n_answers, data['n_answers'])
assert_equal(task.state, 'ongoing')
assert task.id == out['id'], out
task.state = 'completed'
task_repo.update(task)
data = {'n_answers': 1}
datajson = json.dumps(data)
res = self.app.put(url, data=datajson)
out = json.loads(res.data)
assert_equal(res.status, '200 OK', res.data)
assert_equal(task.n_answers, data['n_answers'])
assert_equal(task.state, 'completed')
assert task.id == out['id'], out
data = {'n_answers': 5}
datajson = json.dumps(data)
res = self.app.put(url, data=datajson)
out = json.loads(res.data)
assert_equal(res.status, '200 OK', res.data)
assert_equal(task.n_answers, data['n_answers'])
assert_equal(task.state, 'ongoing')
assert task.id == out['id'], out
def test_reserve_task_category_lock_exclude_user(self):
# with exclude_user = True, exclude user category key for user id = ``
reserve_task_config = ["field_1", "field_2"]
user = UserFactory.create()
project = ProjectFactory.create(
owner=user,
info=dict(sched="task_queue_scheduler",
reserve_tasks=dict(category=reserve_task_config)))
tasks = TaskFactory.create_batch(2,
project=project,
n_answers=1,
info=dict(field_1="abc", field_2=123))
non_excluded_user_id = 2
acquire_reserve_task_lock(project.id, tasks[0].id, user.id, 1)
acquire_reserve_task_lock(project.id, tasks[1].id,
non_excluded_user_id, 1)
expected_category_keys = [
"reserve_task:project:{}:category:field_1:abc:field_2:123:user:{}:task:{}"
.format(project.id, non_excluded_user_id, tasks[1].id)
]
_, category_keys = get_reserve_task_category_info(reserve_task_config,
1,
1,
user.id,
exclude_user=True)
assert category_keys == expected_category_keys, "reserve task category keys should exclude user {} reserve category key".format(
user.id)
# cleanup; release reserve task lock
expiry = 1
release_reserve_task_lock_by_id(project.id,
tasks[0].id,
user.id,
1,
expiry=expiry)
release_reserve_task_lock_by_id(project.id,
tasks[1].id,
non_excluded_user_id,
1,
expiry=expiry)
def test_taskrun_updates_task_state(self, guard, mock_request):
"""Test API TaskRun POST updates task state"""
guard.return_value = mock_contributions_guard(True)
project = ProjectFactory.create()
task = TaskFactory.create(project=project, n_answers=2)
url = '/api/taskrun?api_key=%s' % project.owner.api_key
# Post first taskrun
data = dict(
project_id=task.project_id,
task_id=task.id,
user_id=project.owner.id,
info='my task result')
datajson = json.dumps(data)
mock_request.data = datajson
tmp = self.app.post(url, data=datajson)
r_taskrun = json.loads(tmp.data)
assert tmp.status_code == 200, r_taskrun
err_msg = "Task state should be different from completed"
assert task.state == 'ongoing', err_msg
# Post second taskrun
mock_request.remote_addr = '127.0.0.0'
admin = UserFactory.create()
url = '/api/taskrun?api_key=%s' % admin.api_key
data = dict(
project_id=task.project_id,
task_id=task.id,
info='my task result anon')
datajson = json.dumps(data)
tmp = self.app.post(url, data=datajson)
r_taskrun = json.loads(tmp.data)
assert tmp.status_code == 200, r_taskrun
assert r_taskrun['user_ip'] != '127.0.0.0', r_taskrun
err_msg = "Task state should be equal to completed"
assert task.state == 'completed', err_msg
def test_task_query_list_project_ids(self):
"""Get a list of tasks using a list of project_ids."""
projects = ProjectFactory.create_batch(3)
tasks = []
for project in projects:
tmp = TaskFactory.create_batch(2, project=project)
for t in tmp:
tasks.append(t)
project_ids = [project.id for project in projects]
url = '/api/task?project_id=%s&limit=100' % project_ids
res = self.app.get(url)
data = json.loads(res.data)
assert len(data) == 3 * 2, len(data)
for task in data:
assert task['project_id'] in project_ids
task_project_ids = list(set([task['project_id'] for task in data]))
assert sorted(project_ids) == sorted(task_project_ids)
# more filters
res = self.app.get(url + '&orderby=created&desc=true')
data = json.loads(res.data)
assert data[0]['id'] == tasks[-1].id
user = UserFactory.create()
task_orig = tasks[0]
task_run = TaskRunFactory.create(task=task_orig, user=user)
project_ids = [project.id for project in projects]
url = '/api/task?project_id=%s&limit=100&participated=true&api_key=%s' % (project_ids, user.api_key)
res = self.app.get(url)
data = json.loads(res.data)
assert len(data) == (3 * 2) - 1, len(data)
for task in data:
assert task['project_id'] in project_ids
task_project_ids = list(set([task['project_id'] for task in data]))
assert sorted(project_ids) == sorted(task_project_ids)
task_ids = [task['id'] for task in data]
err_msg = 'This task should not be in the list as the user participated.'
assert task_orig.id not in task_ids, err_msg
def test_create(client):
user = UserFactory.create()
vendor = VendorFactory.create()
db.session.commit()
response = client.post('/api/orders',
data={
"contributed_by": user.id,
"contributed_amount": "8.50",
"ordered_by_id": user.id,
"vendor_id": vendor.id,
})
assert response.status_code == 201
assert response.headers["Access-Control-Allow-Origin"] == "*"
assert "Location" in response.headers
obj = json.loads(response.get_data(as_text=True))
assert "id" in obj
url = response.headers["Location"]
path = urlparse(url).path
resp2 = client.get(path)
assert resp2.status_code == 200
created = json.loads(resp2.get_data(as_text=True))
assert created["contributions"][0]["amount"] == "8.50"
def create_project_with_contributors(self,
anonymous,
registered,
two_tasks=False,
name='my_app',
info={}):
project = ProjectFactory.create(name=name, info=info)
task = TaskFactory(project=project)
if two_tasks:
task2 = TaskFactory(project=project)
for i in range(anonymous):
task_run = AnonymousTaskRunFactory(task=task,
user_ip='127.0.0.%s' % i)
if two_tasks:
task_run2 = AnonymousTaskRunFactory(task=task2,
user_ip='127.0.0.%s' % i)
for i in range(registered):
user = UserFactory.create()
task_run = TaskRunFactory(task=task, user=user)
if two_tasks:
task_run2 = TaskRunFactory(task=task2, user=user)
return project
def test_subscribe_user_update_existing(self, mailchimp):
"""Test subscribe user update existing works."""
with patch.dict(self.flask_app.config, {'MAILCHIMP_API_KEY': 'k-3',
'MAILCHIMP_LIST_ID': 1}):
user = UserFactory.create()
nw = Newsletter()
nw.init_app(self.flask_app)
nw.subscribe_user(user, update=True)
email = {'email': user.email_addr}
merge_vars = {'FNAME': user.fullname}
url = "%s/lists/1/members/%s" % (nw.root,
nw.get_email_hash(user.email_addr))
data = dict(email_address=user.email_addr,
status='pending',
status_if_new='pending',
merge_fields=dict(FNAME=user.fullname))
mailchimp.assert_called_with(url, data=json.dumps(data),
headers={'content-type':
'application/json'},
auth=nw.auth)
def test_list_user_employment_endpoint(self):
role1 = RoleFactory.create(name="admin")
BaseTestCase.user_id()
PermissionFactory.create(keyword="view_user_employment_history",
role=role1)
user = UserFactory.create()
user.save()
UserRoleFactory.create(user=user, role=role1)
UserEmploymentFactory.create_batch(3, user=user)
response = self.client().get(
self.make_url(f"/user_employment_history/user/{user.id}"),
headers=self.headers(),
)
response_json = self.decode_from_json_string(
response.data.decode("utf-8"))
payload = response_json["payload"]
self.assert200(response)
self.assertEqual(len(payload["user_employments"]), 3)
self.assertJSONKeysPresent(payload["user_employments"][0],
"institution_name", "job_title")
def test_disqus_sso_payload_auth_user(self, mock_b64encode, mock_hmac):
"""Test Disqus SSO payload auth works."""
user = UserFactory.create()
DISQUS_PUBLIC_KEY = 'public'
DISQUS_SECRET_KEY = 'secret'
patch_dict = {'DISQUS_PUBLIC_KEY': DISQUS_PUBLIC_KEY,
'DISQUS_SECRET_KEY': DISQUS_SECRET_KEY}
data = json.dumps({'id': user.id,
'username': user.name,
'email': user.email_addr})
mock_b64encode.return_value = data
with patch.dict(self.flask_app.config, patch_dict):
message, timestamp, sig, pub_key = util.get_disqus_sso_payload(user)
mock_b64encode.assert_called_with(data)
mock_hmac.assert_called_with(DISQUS_SECRET_KEY, '%s %s' % (data, timestamp),
hashlib.sha1)
assert timestamp
assert sig
assert pub_key == DISQUS_PUBLIC_KEY
def test_sync_L3_without_target(self, mock_cat):
project_syncer = ProjectSyncer(self.target_url, self.target_key)
user = UserFactory.create(admin=True, email_addr=u'*****@*****.**')
project_syncer.syncer = user
project = ProjectFactory.create()
project.info['data_classification'] = dict(
input_data="L3 - community", output_data="L3 - community")
project_repo.save(project)
# no sync info by default
assert not project.info.get("sync")
payload = project_syncer._build_payload(project)
# sync existing does put request
headers = [('Authorization', user.api_key)]
res = self.app.put("/api/project/{}".format(project.id),
headers=headers,
data=json.dumps(payload))
assert res.status_code == 200, 'build_payload output should result in valid api query'
assert res.json["info"]["sync"] == payload["info"]["sync"]
def test_query_project(self):
"""Test API query for project endpoint works"""
ProjectFactory.create(short_name='test-app', name='My New Project')
user = UserFactory.create()
# Test for real field
res = self.app.get('/api/projectbyname/test-app?api_key=' + user.api_key, follow_redirects=True)
data = json.loads(res.data)
# Should return one result
# Correct result
assert data['short_name'] == 'test-app', data
# Valid field but wrong value
res = self.app.get('/api/projectbyname/wrongvalue?api_key=' + user.api_key)
data = json.loads(res.data)
assert data['status_code'] == 404, data
# Multiple fields
res = self.app.get('/api/projectbyname/test-app?name=My New Project&api_key=' + user.api_key)
data = json.loads(res.data)
# Correct result
assert data['short_name'] == 'test-app', data
assert data['name'] == 'My New Project', data
def test_newtask(self):
"""Test API project new_task method and authentication"""
project = ProjectFactory.create()
project.set_password('the_password')
project_repo.save(project)
TaskFactory.create_batch(2,
project=project,
info={'question': 'answer'})
user = UserFactory.create()
# anonymous
# test getting a new task
res = self.app.get('/api/project/%s/newtask' % project.id)
assert res, res
task = json.loads(res.data)
assert 'error' in task['info'], 'No anonymous contributors'
# as a real user, no password
url = '/api/project/%s/newtask?api_key=%s' % (project.id, user.api_key)
res = self.app.get(url)
assert res.status_code == 403, res
task = json.loads(res.data)
assert task['exception_msg'] == 'No project password provided'
url = '/project/%s/password?api_key=%s' % (project.short_name,
user.api_key)
data = dict(password='******')
res = self.app.post(url, data=data)
c, v, e = get_pwd_cookie(project.short_name, res)
assert c
self.app.set_cookie('/', c, v)
url = '/api/project/%s/newtask?api_key=%s' % (project.id, user.api_key)
res = self.app.get(url)
assert res.status_code == 200, res
task = json.loads(res.data)
assert task['info'].get('question') == 'answer'
def create_app_with_contributors(self,
anonymous,
registered,
two_tasks=False,
name='my_app',
hidden=0):
app = AppFactory.create(name=name, hidden=hidden)
task = TaskFactory(app=app)
if two_tasks:
task2 = TaskFactory(app=app)
for i in range(anonymous):
task_run = AnonymousTaskRunFactory(task=task,
user_ip='127.0.0.%s' % i)
if two_tasks:
task_run2 = AnonymousTaskRunFactory(task=task2,
user_ip='127.0.0.%s' % i)
for i in range(registered):
user = UserFactory.create()
task_run = TaskRunFactory(task=task, user=user)
if two_tasks:
task_run2 = TaskRunFactory(task=task2, user=user)
return app
def test_get_inactive_users_returns_jobs(self):
"""Test JOB get inactive users returns a list of jobs."""
today = datetime.datetime.today()
old_date = today - datetime.timedelta(days=120)
date_str = old_date.strftime('%Y-%m-%dT%H:%M:%S.%f')
if calendar.isleap(today.year):
n_days_year = 366
else:
n_days_year = 365
one_year = today - datetime.timedelta(days=n_days_year)
one_year_str = one_year.strftime('%Y-%m-%dT%H:%M:%S.%f')
user = UserFactory.create()
# 3 months old contribution
tr = TaskRunFactory.create(finish_time=date_str)
# 1 year old contribution
TaskRunFactory.create(finish_time=one_year_str)
# User with a contribution from a long time ago
TaskRunFactory.create(finish_time="2010-08-08T18:23:45.714110",
user=user)
# User with a recent contribution
TaskRunFactory.create(user=user)
user = user_repo.get(tr.user_id)
jobs_generator = get_inactive_users_jobs()
jobs = []
for job in jobs_generator:
jobs.append(job)
msg = "There should be one job."
print jobs
assert len(jobs) == 1, msg
job = jobs[0]
args = job['args'][0]
assert job['queue'] == 'quaterly', job['queue']
assert len(args['recipients']) == 1
assert args['recipients'][0] == user.email_addr, args['recipients'][0]
assert "UNSUBSCRIBE" in args['body']
assert "Update" in args['html']
def test_completedtask_completedtaskrun_with_params(self):
"""Test API query for completedtask and completedtaskrun with params works"""
project = ProjectFactory.create()
task = TaskFactory.create(project=project,
n_answers=2,
state='ongoing',
exported=False)
admin = UserFactory.create()
# Test no completedtask yet
url = '/api/completedtask?project_id=1&api_key=api-key1'
res = self.app.get(url)
data = json.loads(res.data)
assert len(data) == 0, data
# mark task as completed
task_runs = TaskRunFactory.create_batch(2, task=task)
task.state = 'completed'
task_repo.update(task)
# test task is completed
url = '/api/completedtask?project_id=1&api_key=api-key1'
res = self.app.get(url)
data = json.loads(res.data)
# correct result
assert data[0]['project_id'] == 1, data
assert data[0]['state'] == u'completed', data
# call completedtask but with wrong project_id
url = '/api/completedtask?project_id=99999999&api_key=api-key1'
res = self.app.get(url)
data = json.loads(res.data)
assert len(data) == 0, data
# get completed task runs
url = '/api/completedtaskrun?project_id=1&api_key=api-key1'
res = self.app.get(url)
data = json.loads(res.data)
assert len(data) == 2, data
def test_create_dict_job(self):
"""Test JOB create dict job works."""
user = UserFactory.create(pro=True)
project = ProjectFactory.create(owner=user)
from sqlalchemy.sql import text
from pybossa.core import db
sql = text(
'''SELECT project.id, project.short_name FROM project, "user"
WHERE project.owner_id="user".id AND "user".pro=True;''')
results = db.slave_session.execute(sql)
jobs_generator = create_dict_jobs(results, get_project_stats,
(10 * 60))
jobs = []
for job in jobs_generator:
jobs.append(job)
err_msg = "There should be only one job"
assert len(jobs) == 1, err_msg
job = jobs[0]
assert 'get_project_stats' in job['name'].__name__
assert job['args'] == [project.id, project.short_name]
def test_csv_returns_all_users(self):
restricted = UserFactory.create(restrict=True, id=5000016)
self.register(fullname="Manolita")
self.signout()
self.register(fullname="Juan Jose",
name="juan",
email="*****@*****.**",
password="******")
self.signout()
self.register(fullname="Juan Jose2",
name="juan2",
email="*****@*****.**",
password="******")
self.signin()
res = self.app.get('/admin/users/export?format=csv',
follow_redirects=True)
data = res.data
assert restricted.name not in str(data.decode('utf-8'))
import pandas as pd
df = pd.read_csv(io.StringIO(data.decode('utf-8')))
assert df.shape[0] == 3, df.shape[0]
def test_email_notif(self, get_contrib_emails):
"""
if the project is configured, email notifications will be sent
"""
owner = UserFactory.create(id=500, user_pref={'languages': ['en']})
project = ProjectFactory.create(owner=owner, email_notif=True)
project.info['sched'] = Schedulers.user_pref
project_repo.save(project)
tasks = TaskFactory.create_batch(1,
project=project,
n_answers=1,
user_pref={'languages': ['en']})
TaskRunFactory.create(task=tasks[0], user=owner)
TaskFactory.create_batch(1,
project=project,
n_answers=1,
user_pref={'languages': ['en']})
send_email_notifications()
get_contrib_emails.assert_called()
def test_csv_returns_all_users(self, password_needed):
password_needed.return_value = False
restricted = UserFactory.create(restrict=True, id=5000016)
self.register(fullname="Manolita")
project = self.create_project_and_tasks()
self.signin()
self.contribute(project)
self.signout()
self.register(fullname="Juan Jose",
name="juan",
email="*****@*****.**",
password="******")
self.signin(email="*****@*****.**", password="******")
self.contribute(project)
self.signout()
self.register(fullname="Juan Jose2",
name="juan2",
email="*****@*****.**",
password="******")
self.signin(email="*****@*****.**", password="******")
self.contribute(project)
self.signout()
self.signin()
res = self.app.get('/admin/users/export?format=csv',
follow_redirects=True)
data = res.data
assert restricted.name not in data
csv_content = StringIO.StringIO(data)
csvreader = unicode_csv_reader(csv_content)
# number of users is -1 because the first row in csv are the headers
number_of_users = -1
for row in csvreader:
number_of_users += 1
assert number_of_users == 4, number_of_users # user report returning all users also returns [email protected]
def test_newtask_expired_cookie(self):
"""Test API project new_task expired cookie"""
project = ProjectFactory.create(info={'timeout': 60})
project.set_password('the_password')
project_repo.save(project)
TaskFactory.create_batch(2,
project=project,
info={'question': 'answer'})
user = UserFactory.create()
# simulate sending expired cookies
with patch.dict(self.flask_app.config, {'PASSWD_COOKIE_TIMEOUT': -1}):
url = '/project/%s/password?api_key=%s' % (project.short_name,
user.api_key)
data = dict(password='******')
res = self.app.post(url, data=data)
c, v, e = get_pwd_cookie(project.short_name, res)
assert c
self.app.set_cookie('/', c, v)
res = self.app.post(url, data=data)
c, v, e = get_pwd_cookie(project.short_name, res)
assert c
url = '/project/%s/newtask?api_key=%s' % (project.short_name,
user.api_key)
res = self.app.get(url)
assert res.status_code == 302
headers = {'Content-Type': 'application/json'}
res = self.app.get(url, headers=headers)
next_url = json.loads(res.data)['next']
print next_url
headers = {'Authorization': user.api_key}
res = self.app.get(next_url, headers=headers)
assert 'Enter the password to contribute to this project' in res.data, res.data
def test_project_contact_no_disabled_owner(self, enqueue):
"""Test Project Contact not emailing a disabled co-owner."""
message = u'hello'
admin, owner, user = UserFactory.create_batch(3)
# Create a disabled user as a co-owner.
coowner = UserFactory.create(name='My Disabled Co-Owner User',
enabled=False,
subadmin=True)
# Create a project with a disabled co-owner.
project = ProjectFactory.create(owner=owner,
short_name='test-app',
name='My New Project',
owners_ids=[coowner.id])
# Obtain a CSRF key.
csrf = self.get_csrf('/account/signin')
# Make a request to the api.
url = '/project/' + project.short_name + '/contact?api_key=' + user.api_key
data = dict(message=message)
res = self.app.post(url,
headers={'X-CSRFToken': csrf},
content_type='application/json',
data=json.dumps(data))
# Get contents of email.
str_message = str(enqueue.call_args_list[0])
# Verify recipient for project owner.
recipients_index = str_message.find('recipients')
assert recipients_index > -1
assert str_message.find(owner.email_addr) > recipients_index
# Verify no recipient for disabled co-owner.
assert str_message.find(coowner.email_addr) == -1
def test_get_locked_task(self):
owner = UserFactory.create(id=500)
project = ProjectFactory.create(owner=owner)
project.info['sched'] = Schedulers.locked
project_repo.save(project)
task1 = TaskFactory.create(project=project, info='task 1', n_answers=2)
task2 = TaskFactory.create(project=project, info='task 2', n_answers=2)
t1 = get_locked_task(project.id, 11)
t2 = get_locked_task(project.id, 1)
assert t1[0].id == task1.id
assert t2[0].id == task1.id
t3 = get_locked_task(project.id, 2)
t4 = get_locked_task(project.id, 3)
assert t3[0].id == task2.id
assert t4[0].id == task2.id
t5 = get_locked_task(project.id, 11)
assert t5[0].id == task1.id
t6 = get_locked_task(project.id, 4)
assert not t6
def test_get_active_users_lock(self):
""" Test number of locked tasks"""
user = UserFactory.create(id=500)
project = ProjectFactory.create(owner=user, info={'sched': 'default'})
TaskFactory.create_batch(2, project=project, n_answers=2)
# Register the active user as a locked task.
register_active_user(project.id, user.id, sentinel.master)
# Verify the count of locked tasks for this project equals 1.
count = get_active_user_count(project.id, sentinel.master)
assert count == 1
# Unregister the active user as a locked task.
unregister_active_user(project.id, user.id, sentinel.master)
# Verify the count of locked tasks for this project equals 1.
# There is a delay before the lock is released.
count = get_active_user_count(project.id, sentinel.master)
assert count == 1
# Confirm lock released after a delay.
time.sleep(EXPIRE_LOCK_DELAY + 1)
count = get_active_user_count(project.id, sentinel.master)
assert not count
def test_query_sql_injection(self):
"""Test API SQL Injection is not allowed works"""
user = UserFactory.create()
q = '1%3D1;SELECT%20*%20FROM%20task%20WHERE%201=1'
res = self.app.get('/api/task?%s&api_key=%s' % (q, user.api_key))
error = json.loads(res.data)
assert res.status_code == 415, error
assert error['action'] == 'GET', error
assert error['status'] == 'failed', error
assert error['target'] == 'task', error
q = 'project_id=1%3D1;SELECT%20*%20FROM%20task%20WHERE%201'
res = self.app.get('/api/apappp?' + q)
assert res.status_code == 404, res.data
q = 'project_id=1%3D1;SELECT%20*%20FROM%20task%20WHERE%201'
res = self.app.get('/api/' + q)
assert res.status_code == 404, res.data
q = 'project_id=1%3D1;SELECT%20*%20FROM%20task%20WHERE%201'
res = self.app.get('/api' + q)
assert res.status_code == 404, res.data
def test_task_routing_2(self):
'''
task[0]: needs finance skill at least 0.8, should not be able to assign to the user
task[1]: needs geography skill at least 0.5, should not be able to assign to the user
task[3]: doesnt have filters, should be able to assign to the user
'''
user_info = dict(
metadata={
"profile": json.dumps({
"finance": 0.6,
"marketing": 0.4
})
})
owner = UserFactory.create(id=500, info=user_info)
user_repo.save(owner)
project = ProjectFactory.create(owner=owner)
project.info['sched'] = Schedulers.user_pref
tasks = TaskFactory.create_batch(3, project=project, n_answers=10)
tasks[0].worker_filter = {'finance': [0.8, '>=']}
task_repo.save(tasks[0])
tasks[1].worker_filter = {'geography': [0.5, '>=']}
task_repo.save(tasks[1])
assert n_available_tasks_for_user(project, 500) == 1
def test_query_projectstats_filter_project(self):
owner = UserFactory.create()
project1, project2 = ProjectFactory.create_batch(2, owner=owner)
stats = PerformanceStatsFactory.create(user_id=owner.id,
project_id=project1.id,
info={'project': project1.id})
stats = PerformanceStatsFactory.create(user_id=owner.id,
project_id=project2.id,
info={'project': project2.id})
url = '/api/performancestats'
res = self.app.get('{}?api_key={}&project_id={}'.format(
url, owner.api_key, project1.id))
data = json.loads(res.data)
assert len(data) == 1
assert data[0]['info']['project'] == project1.id
res = self.app.get('{}?api_key={}&project_id={}'.format(
url, owner.api_key, project2.id))
data = json.loads(res.data)
assert len(data) == 1
assert data[0]['info']['project'] == project2.id
def test_subscribe_user_update_existing(self, mailchimp):
"""Test subscribe user update existing works."""
with patch.dict(self.flask_app.config, {
'MAILCHIMP_API_KEY': 'k-3',
'MAILCHIMP_LIST_ID': 1
}):
user = UserFactory.create()
nw = Newsletter()
nw.init_app(self.flask_app)
old_email = '*****@*****.**'
tmp = {'data': [{'email': old_email}], 'success_count': 1}
nw.client.lists.member_info.return_value = tmp
nw.subscribe_user(user, old_email=old_email)
email = {'email': old_email}
merge_vars = {'FNAME': user.fullname, 'new-email': user.email_addr}
nw.client.lists.subscribe.assert_called_with(1,
email,
merge_vars,
update_existing=True)
def test_task_priority_limit(self):
"""Test SCHED respects priority_0 field with limit"""
project = ProjectFactory.create(info=dict(sched='depth_first_all'),
owner=UserFactory.create(id=500))
TaskFactory.create_batch(10, project=project)
# Register
self.register()
self.signin()
# By default, tasks without priority should be ordered by task.id (FIFO)
tasks = db.session.query(Task).filter_by(
project_id=project.id).order_by('id').all()
url = 'api/project/%s/newtask?limit=2' % project.id
self.set_proj_passwd_cookie(project, username='******')
res = self.app.get(url)
tasks1 = json.loads(res.data)
# Check that we received a Task
err_msg = "Task.id should be the same"
assert tasks1[0].get('id') == tasks[0].id, err_msg
# Now let's change the priority to a random task
import random
t = random.choice(tasks)
# Increase priority to maximum
t.priority_0 = 1
db.session.add(t)
db.session.commit()
# Request again a new task
res = self.app.get(url + '&orderby=priority_0&desc=true')
tasks1 = json.loads(res.data)
# Check that we received a Task
err_msg = "Task.id should be the same"
assert tasks1[0].get('id') == t.id, (err_msg, tasks1[0])
err_msg = "Task.priority_0 should be the 1"
assert tasks1[0].get('priority_0') == 1, err_msg
def test_newtask(self):
"""Test API project new_task method and authentication"""
project = ProjectFactory.create()
TaskFactory.create_batch(2, project=project)
user = UserFactory.create()
# anonymous
# test getting a new task
res = self.app.get('/api/project/%s/newtask' % project.id)
assert res, res
task = json.loads(res.data)
assert_equal(task['project_id'], project.id)
# The output should have a mime-type: application/json
assert res.mimetype == 'application/json', res
# as a real user
url = '/api/project/%s/newtask?api_key=%s' % (project.id, user.api_key)
res = self.app.get(url)
assert res, res
task = json.loads(res.data)
assert_equal(task['project_id'], project.id)
# Get NotFound for an non-existing project
url = '/api/project/5000/newtask'
res = self.app.get(url)
err = json.loads(res.data)
err_msg = "The project does not exist"
assert err['status'] == 'failed', err_msg
assert err['status_code'] == 404, err
assert err['exception_cls'] == 'NotFound', err_msg
assert err['target'] == 'project', err_msg
# Get an empty task
url = '/api/project/%s/newtask?offset=1000' % project.id
res = self.app.get(url)
assert res.data == '{}', res.data
def test_project_create(self):
"""Test Auditlog API project create works."""
CategoryFactory.create()
user = UserFactory.create()
data = {
'name':
'New Name',
'short_name':
'new_short_name',
'description':
'new_description',
'long_description':
'new_long_description',
'allow_anonymous_contributors':
False,
'info':
dict(passwd_hash="hello",
data_classification=dict(input_data="L4 - public",
output_data="L4 - public")),
'zip_download':
True
}
url = '/api/project?api_key=%s' % (user.api_key)
self.app.post(url, data=json.dumps(data))
logs = auditlog_repo.filter_by(project_short_name='new_short_name')
assert len(logs) == 1, logs
for log in logs:
assert log.user_id == user.id, log.user_id
assert log.user_name == user.name, log.user_name
assert log.project_short_name == 'new_short_name', log.project_short_name
assert log.caller == 'api', log.caller
assert log.action == 'create', log.action
assert log.attribute == 'project', log.attribute
assert log.old_value == 'Nothing', log.old_value
assert log.new_value == 'New project', log.new_value
