def setup_app(command, conf, vars):
"""Place any commands to setup georegistry here"""
# If we are not in a testing environment,
if not pylons.test.pylonsapp:
load_environment(conf.global_conf, conf.local_conf)
# Create the tables if they don't already exist
Base.metadata.create_all(bind=Session.bind)
# If we are not in a testing environment and users do not exist,
if not pylons.test.pylonsapp and not Session.query(model.Person).all():
# Show feedback
print 'Please create an administrator account.'
# Prepare
passwordDefault = store.makeRandomString(parameter.PASSWORD_LENGTH_AVERAGE)
# Create
person = model.Person(raw_input('Username (administrator): ') or 'administrator', model.hashString(getpass.getpass('Password (%s): ' % passwordDefault) or passwordDefault), raw_input('Nickname (Administrator): ') or u'Administrator', raw_input('Email ([email protected]): ') or '*****@*****.**')
person.is_super = True
Session.add(person)
Session.commit()
def test_update(self):
"""
Make sure that updating credentials works
Make sure the update page only appears when the user is logged in
Make sure the update form is filled with the user's credentials
Make sure that update_ only works when the user is logged in
Make sure that update confirmation works
Make sure that update_ for SMS only works when the user is the owner
"""
# Initialize
urlName = "person_update"
# Assert that we are redirected to the login page if the person is not logged in
self.assert_(url("person_login", url=url(urlName)) in self.app.get(url(urlName)))
# Assert that we get rejected if we try to post without logging in
self.assertEqualJSON(self.app.post(url(urlName)), 0)
# Add people
Session.add(model.Person(username, model.hashString(password), nickname, email))
Session.add(model.Person(username + "x", model.hashString(password), nickname + "x", email + "x"))
Session.commit()
# Log in
self.app.post(url("person_login"), dict(username=username, password=password))
# Assert that the update form is filled with the user's credentials
responseBody = self.app.get(url(urlName)).body
self.assert_(username in responseBody)
self.assert_(nickname in responseBody)
self.assert_(email in responseBody)
# Update credentials
username_ = store.makeRandomString(parameter.USERNAME_LENGTH_MAXIMUM)
password_ = store.makeRandomAlphaNumericString(parameter.PASSWORD_LENGTH_AVERAGE)
nickname_ = unicode(store.makeRandomString(parameter.NICKNAME_LENGTH_MAXIMUM))
email_ = re.sub(r".*@", store.makeRandomString(16) + "@", email)
self.assertEqualJSON(
self.app.post(url(urlName), dict(username=username_, password=password_, nickname=nickname_, email=email_)),
1,
)
# Make sure the credentials have not changed yet
self.assertEqual(
Session.query(model.Person)
.filter_by(username=username_, password_hash=model.hashString(password_), nickname=nickname_, email=email_)
.count(),
0,
)
# Activate candidate
self.app.get(
url("person_confirm", ticket=Session.query(model.PersonCandidate.ticket).filter_by(email=email_).first()[0])
)
# Make sure the credentials have changed
self.assertEqual(
Session.query(model.Person)
.filter_by(username=username_, password_hash=model.hashString(password_), nickname=nickname_, email=email_)
.count(),
1,
)
# Load people
person1 = (
Session.query(model.Person)
.filter_by(username=username_, password_hash=model.hashString(password_), nickname=nickname_, email=email_)
.first()
)
person2 = Session.query(model.Person).filter_by(username=username + "x").first()
# Add SMSAddress
smsAddress = model.SMSAddress(emailSMS, person2.id)
Session.add(smsAddress)
Session.commit()
smsAddressID = smsAddress.id
# Make sure that only the owner can update SMS information
self.app.post(url("person_login"), dict(username=username, password=password))
self.assertEqualJSON(self.app.post(url(urlName), dict(smsAddressID=smsAddressID, action="activate")), 0)
self.assertEqualJSON(self.app.post(url(urlName), dict(smsAddressID=smsAddressID, action="deactivate")), 0)
self.assertEqualJSON(self.app.post(url(urlName), dict(smsAddressID=smsAddressID, action="remove")), 0)
self.app.post(url("person_login"), dict(username=username + "x", password=password))
self.assertEqualJSON(self.app.post(url(urlName), dict(smsAddressID=smsAddressID, action="activate")), 1)
self.assertEqualJSON(self.app.post(url(urlName), dict(smsAddressID=smsAddressID, action="deactivate")), 1)
self.assertEqualJSON(self.app.post(url(urlName), dict(smsAddressID=smsAddressID, action="remove")), 1)
def __init__(self, username, password_hash, nickname, email):
self.username = username
self.password_hash = password_hash
self.nickname = nickname
self.email = email
self.key = store.makeRandomString(parameter.KEY_LENGTH)
def test_update(self):
"""
Make sure that updating credentials works
Make sure the update page only appears when the user is logged in
Make sure the update form is filled with the user's credentials
Make sure that update_ only works when the user is logged in
Make sure that update confirmation works
Make sure that update_ for SMS only works when the user is the owner
"""
# Initialize
urlName = 'person_update'
# Assert that we are redirected to the login page if the person is not logged in
self.assert_(
url('person_login', url=url(urlName)) in self.app.get(url(
urlName)))
# Assert that we get rejected if we try to post without logging in
self.assertEqualJSON(self.app.post(url(urlName)), 0)
# Add people
Session.add(
model.Person(username, model.hashString(password), nickname,
email))
Session.add(
model.Person(username + 'x', model.hashString(password),
nickname + 'x', email + 'x'))
Session.commit()
# Log in
self.app.post(url('person_login'),
dict(username=username, password=password))
# Assert that the update form is filled with the user's credentials
responseBody = self.app.get(url(urlName)).body
self.assert_(username in responseBody)
self.assert_(nickname in responseBody)
self.assert_(email in responseBody)
# Update credentials
username_ = store.makeRandomString(parameter.USERNAME_LENGTH_MAXIMUM)
password_ = store.makeRandomAlphaNumericString(
parameter.PASSWORD_LENGTH_AVERAGE)
nickname_ = unicode(
store.makeRandomString(parameter.NICKNAME_LENGTH_MAXIMUM))
email_ = re.sub(r'.*@', store.makeRandomString(16) + '@', email)
self.assertEqualJSON(
self.app.post(
url(urlName),
dict(username=username_,
password=password_,
nickname=nickname_,
email=email_)), 1)
# Make sure the credentials have not changed yet
self.assertEqual(
Session.query(model.Person).filter_by(
username=username_,
password_hash=model.hashString(password_),
nickname=nickname_,
email=email_).count(), 0)
# Activate candidate
self.app.get(
url('person_confirm',
ticket=Session.query(model.PersonCandidate.ticket).filter_by(
email=email_).first()[0]))
# Make sure the credentials have changed
self.assertEqual(
Session.query(model.Person).filter_by(
username=username_,
password_hash=model.hashString(password_),
nickname=nickname_,
email=email_).count(), 1)
# Load people
person1 = Session.query(model.Person).filter_by(
username=username_,
password_hash=model.hashString(password_),
nickname=nickname_,
email=email_).first()
person2 = Session.query(model.Person).filter_by(username=username +
'x').first()
# Add SMSAddress
smsAddress = model.SMSAddress(emailSMS, person2.id)
Session.add(smsAddress)
Session.commit()
smsAddressID = smsAddress.id
# Make sure that only the owner can update SMS information
self.app.post(url('person_login'),
dict(username=username, password=password))
self.assertEqualJSON(
self.app.post(url(urlName),
dict(smsAddressID=smsAddressID, action='activate')),
0)
self.assertEqualJSON(
self.app.post(url(urlName),
dict(smsAddressID=smsAddressID,
action='deactivate')), 0)
self.assertEqualJSON(
self.app.post(url(urlName),
dict(smsAddressID=smsAddressID, action='remove')), 0)
self.app.post(url('person_login'),
dict(username=username + 'x', password=password))
self.assertEqualJSON(
self.app.post(url(urlName),
dict(smsAddressID=smsAddressID, action='activate')),
1)
self.assertEqualJSON(
self.app.post(url(urlName),
dict(smsAddressID=smsAddressID,
action='deactivate')), 1)
self.assertEqualJSON(
self.app.post(url(urlName),
dict(smsAddressID=smsAddressID, action='remove')), 1)