def test_acc_get_uid_from_request(self):
"""webapikey - Login user from request using REST key"""
path = '/search'
params = 'ln=es&sc=1&c=Articles & Preprints&action_search=Buscar&p=ellis'
self.assertEqual(0, len(web_api_key.show_web_api_keys(uid=self.id_admin)))
web_api_key.create_new_web_api_key(self.id_admin, "Test key I")
key_info = run_sql("SELECT id FROM webapikey WHERE id_user=%s", (self.id_admin,))
url = web_api_key.build_web_request(path, params, api_key=key_info[0][0])
url = string.split(url, '?')
uid = web_api_key.acc_get_uid_from_request(url[0], url[1])
self.assertEqual(uid, self.id_admin)
url = web_api_key.build_web_request(path, params, api_key=key_info[0][0])
url += "123" # corrupt the key
url = string.split(url, '?')
uid = web_api_key.acc_get_uid_from_request(url[0], url[1])
self.assertEqual(uid, -1)
path = '/bad'
uid = web_api_key.acc_get_uid_from_request(path, "")
self.assertEqual(uid, -1)
params = { 'nocache': 'yes', 'limit': 123 }
url = web_api_key.build_web_request(path, params, api_key=key_info[0][0])
url = string.split(url, '?')
uid = web_api_key.acc_get_uid_from_request(url[0], url[1])
self.assertEqual(uid, -1)
run_sql("DELETE FROM webapikey")
def test_create_remove_show_key(self):
"""apikey - create/list/delete REST key"""
self.assertEqual(0,
len(web_api_key.show_web_api_keys(uid=self.id_admin)))
web_api_key.create_new_web_api_key(self.id_admin, "Test key I")
web_api_key.create_new_web_api_key(self.id_admin, "Test key II")
web_api_key.create_new_web_api_key(self.id_admin, "Test key III")
web_api_key.create_new_web_api_key(self.id_admin, "Test key IV")
web_api_key.create_new_web_api_key(self.id_admin, "Test key V")
self.assertEqual(5,
len(web_api_key.show_web_api_keys(uid=self.id_admin)))
self.assertEqual(
5,
len(
web_api_key.show_web_api_keys(uid=self.id_admin,
diff_status='')))
keys_info = web_api_key.show_web_api_keys(uid=self.id_admin)
web_api_key.mark_web_api_key_as_removed(keys_info[0][0])
self.assertEqual(4,
len(web_api_key.show_web_api_keys(uid=self.id_admin)))
self.assertEqual(
5,
len(
web_api_key.show_web_api_keys(uid=self.id_admin,
diff_status='')))
run_sql("UPDATE webapikey SET status='WARNING' WHERE id=%s",
(keys_info[1][0], ))
run_sql("UPDATE webapikey SET status='REVOKED' WHERE id=%s",
(keys_info[2][0], ))
self.assertEqual(4,
len(web_api_key.show_web_api_keys(uid=self.id_admin)))
self.assertEqual(
5,
len(
web_api_key.show_web_api_keys(uid=self.id_admin,
diff_status='')))
run_sql("DELETE FROM webapikey")
def test_create_remove_show_key(self):
"""apikey - create/list/delete REST key"""
self.assertEqual(0, len(web_api_key.show_web_api_keys(uid=self.id_admin)))
web_api_key.create_new_web_api_key(self.id_admin, "Test key I")
web_api_key.create_new_web_api_key(self.id_admin, "Test key II")
web_api_key.create_new_web_api_key(self.id_admin, "Test key III")
web_api_key.create_new_web_api_key(self.id_admin, "Test key IV")
web_api_key.create_new_web_api_key(self.id_admin, "Test key V")
self.assertEqual(5, len(web_api_key.show_web_api_keys(uid=self.id_admin)))
self.assertEqual(5, len(web_api_key.show_web_api_keys(uid=self.id_admin, diff_status='')))
keys_info = web_api_key.show_web_api_keys(uid=self.id_admin)
web_api_key.mark_web_api_key_as_removed(keys_info[0][0])
self.assertEqual(4, len(web_api_key.show_web_api_keys(uid=self.id_admin)))
self.assertEqual(5, len(web_api_key.show_web_api_keys(uid=self.id_admin,diff_status='')))
run_sql("UPDATE webapikey SET status='WARNING' WHERE id=%s", (keys_info[1][0],))
run_sql("UPDATE webapikey SET status='REVOKED' WHERE id=%s", (keys_info[2][0],))
self.assertEqual(4, len(web_api_key.show_web_api_keys(uid=self.id_admin)))
self.assertEqual(5, len(web_api_key.show_web_api_keys(uid=self.id_admin, diff_status='')))
run_sql("DELETE FROM webapikey")
def test_acc_get_uid_from_request(self):
"""webapikey - Login user from request using REST key"""
path = '/search'
params = 'ln=es&sc=1&c=Articles & Preprints&action_search=Buscar&p=ellis'
self.assertEqual(0,
len(web_api_key.show_web_api_keys(uid=self.id_admin)))
web_api_key.create_new_web_api_key(self.id_admin, "Test key I")
key_info = run_sql("SELECT id FROM webapikey WHERE id_user=%s",
(self.id_admin, ))
url = web_api_key.build_web_request(path,
params,
api_key=key_info[0][0])
url = string.split(url, '?')
uid = web_api_key.acc_get_uid_from_request(url[0], url[1])
self.assertEqual(uid, self.id_admin)
url = web_api_key.build_web_request(path,
params,
api_key=key_info[0][0])
url += "123" # corrupt the key
url = string.split(url, '?')
uid = web_api_key.acc_get_uid_from_request(url[0], url[1])
self.assertEqual(uid, -1)
path = '/bad'
uid = web_api_key.acc_get_uid_from_request(path, "")
self.assertEqual(uid, -1)
params = {'nocache': 'yes', 'limit': 123}
url = web_api_key.build_web_request(path,
params,
api_key=key_info[0][0])
url = string.split(url, '?')
uid = web_api_key.acc_get_uid_from_request(url[0], url[1])
self.assertEqual(uid, -1)
run_sql("DELETE FROM webapikey")
def perform_set(email, ln, can_config_bibcatalog=False,
can_config_profiling=False, verbose=0, csrf_token=''):
"""Perform_set(email,password): edit your account parameters, email and
password.
If can_config_bibcatalog is True, show the bibcatalog dialog (if configured).
"""
try:
res = run_sql("SELECT id, nickname FROM user WHERE email=%s", (email,))
uid = res[0][0]
nickname = res[0][1]
except IndexError:
uid = 0
nickname = ""
CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS_LOCAL = CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS
prefs = get_user_preferences(uid)
if prefs['login_method'] in CFG_EXTERNAL_AUTHENTICATION and CFG_EXTERNAL_AUTHENTICATION[prefs['login_method']] is not None:
CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS_LOCAL = 3
out = websession_templates.tmpl_user_preferences(
ln = ln,
email = email,
email_disabled = (CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS_LOCAL >= 2),
password_disabled = (CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS_LOCAL >= 3),
nickname = nickname,
csrf_token = csrf_token
)
if len(CFG_EXTERNAL_AUTHENTICATION) > 1:
try:
uid = run_sql("SELECT id FROM user where email=%s", (email,))
uid = uid[0][0]
except IndexError:
uid = 0
current_login_method = prefs['login_method']
methods = CFG_EXTERNAL_AUTHENTICATION.keys()
# Filtering out methods that don't provide user_exists to check if
# a user exists in the external auth method before letting him/her
# to switch.
for method in methods:
if CFG_EXTERNAL_AUTHENTICATION[method] is not None:
try:
if not CFG_EXTERNAL_AUTHENTICATION[method].user_exists(email):
methods.remove(method)
except (AttributeError, InvenioWebAccessExternalAuthError, NotImplementedError):
methods.remove(method)
methods.sort()
if len(methods) > 1:
out += websession_templates.tmpl_user_external_auth(
ln = ln,
methods = methods,
current = current_login_method,
method_disabled = (CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS >= 4),
csrf_token = csrf_token,
)
current_group_records = prefs.get('websearch_group_records', 10)
show_latestbox = prefs.get('websearch_latestbox', True)
show_helpbox = prefs.get('websearch_helpbox', True)
out += websession_templates.tmpl_user_websearch_edit(
ln = ln,
current = current_group_records,
show_latestbox = show_latestbox,
show_helpbox = show_helpbox,
csrf_token = csrf_token,
)
preferred_lang = prefs.get('language', ln)
out += websession_templates.tmpl_user_lang_edit(
ln = ln,
preferred_lang = preferred_lang,
csrf_token = csrf_token,
)
keys_info = web_api_key.show_web_api_keys(uid=uid)
out+=websession_templates.tmpl_user_api_key(
ln = ln,
keys_info = keys_info,
csrf_token = csrf_token,
)
#show this dialog only if the system has been configured to use a ticket system
from invenio.config import CFG_BIBCATALOG_SYSTEM
if CFG_BIBCATALOG_SYSTEM and can_config_bibcatalog:
bibcatalog_username = prefs.get('bibcatalog_username', "")
bibcatalog_password = prefs.get('bibcatalog_password', "")
out += websession_templates.tmpl_user_bibcatalog_auth(bibcatalog_username,
bibcatalog_password, ln=ln,
csrf_token=csrf_token)
if can_config_profiling:
out += websession_templates.tmpl_user_profiling_settings(ln=ln,
enable_profiling=prefs.get('enable_profiling'),
csrf_token=csrf_token)
if verbose >= 9:
for key, value in prefs.items():
out += "<b>%s</b>:%s<br />" % (key, value)
out += perform_display_external_user_settings(prefs, ln)
return out
def perform_set(email,
ln,
can_config_bibcatalog=False,
can_config_profiling=False,
verbose=0):
"""Perform_set(email,password): edit your account parameters, email and
password.
If can_config_bibcatalog is True, show the bibcatalog dialog (if configured).
"""
try:
res = run_sql("SELECT id, nickname FROM user WHERE email=%s",
(email, ))
uid = res[0][0]
nickname = res[0][1]
except IndexError:
uid = 0
nickname = ""
CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS_LOCAL = CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS
prefs = get_user_preferences(uid)
if prefs[
'login_method'] in CFG_EXTERNAL_AUTHENTICATION and CFG_EXTERNAL_AUTHENTICATION[
prefs['login_method']] is not None:
CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS_LOCAL = 3
out = websession_templates.tmpl_user_preferences(
ln=ln,
email=email,
email_disabled=(CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS_LOCAL >= 2),
password_disabled=(CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS_LOCAL >= 3),
nickname=nickname,
)
if len(CFG_EXTERNAL_AUTHENTICATION) > 1:
try:
uid = run_sql("SELECT id FROM user where email=%s", (email, ))
uid = uid[0][0]
except IndexError:
uid = 0
current_login_method = prefs['login_method']
methods = CFG_EXTERNAL_AUTHENTICATION.keys()
# Filtering out methods that don't provide user_exists to check if
# a user exists in the external auth method before letting him/her
# to switch.
for method in methods:
if CFG_EXTERNAL_AUTHENTICATION[method] is not None:
try:
if not CFG_EXTERNAL_AUTHENTICATION[method].user_exists(
email):
methods.remove(method)
except (AttributeError, InvenioWebAccessExternalAuthError,
NotImplementedError):
methods.remove(method)
methods.sort()
if len(methods) > 1:
out += websession_templates.tmpl_user_external_auth(
ln=ln,
methods=methods,
current=current_login_method,
method_disabled=(CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS >= 4))
current_group_records = prefs.get('websearch_group_records', 10)
show_latestbox = prefs.get('websearch_latestbox', True)
show_helpbox = prefs.get('websearch_helpbox', True)
out += websession_templates.tmpl_user_websearch_edit(
ln=ln,
current=current_group_records,
show_latestbox=show_latestbox,
show_helpbox=show_helpbox,
)
preferred_lang = prefs.get('language', ln)
out += websession_templates.tmpl_user_lang_edit(
ln=ln, preferred_lang=preferred_lang)
keys_info = web_api_key.show_web_api_keys(uid=uid)
out += websession_templates.tmpl_user_api_key(ln=ln, keys_info=keys_info)
#show this dialog only if the system has been configured to use a ticket system
from invenio.config import CFG_BIBCATALOG_SYSTEM
if CFG_BIBCATALOG_SYSTEM and can_config_bibcatalog:
bibcatalog_username = prefs.get('bibcatalog_username', "")
bibcatalog_password = prefs.get('bibcatalog_password', "")
out += websession_templates.tmpl_user_bibcatalog_auth(
bibcatalog_username, bibcatalog_password, ln=ln)
if can_config_profiling:
out += websession_templates.tmpl_user_profiling_settings(
ln=ln, enable_profiling=prefs.get('enable_profiling'))
if verbose >= 9:
for key, value in prefs.items():
out += "<b>%s</b>:%s<br />" % (key, value)
out += perform_display_external_user_settings(prefs, ln)
return out