class FunctionalTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(__file__)
self.app = loadapp('config:tests.ini', relative_to=conf_dir)
self.reset_database(self.app)
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
# BEGIN TESTS
def test_follow_user(self):
"""
"""
username = '******'
username2 = 'xavi'
self.create_user(username)
self.create_user(username2)
res = self.testapp.post('/people/%s/follows/%s' % (username, username2), '', oauth2Header(username), status=201)
self.assertEqual(res.json['verb'], 'follow')
res = self.testapp.get('/people/%s' % (username), '', oauth2Header(username), status=200)
self.assertEqual(username2, res.json['following'][0]['username'])
def test_user_sees_followed_activity(self):
"""
"""
from .mockers import user_status
username = '******'
username2 = 'xavi'
self.create_user(username)
self.create_user(username2)
self.create_activity(username, user_status)
self.create_activity(username2, user_status)
res = self.testapp.post('/people/%s/follows/%s' % (username, username2), '', oauth2Header(username), status=201)
self.assertEqual(res.json['verb'], 'follow')
res = self.testapp.get('/people/%s/timeline' % (username), '', oauth2Header(username), status=200)
self.assertEqual(len(res.json), 2)
class SecurityACLTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(os.path.dirname(__file__))
self.app = loadapp('config:tests.ini', relative_to=conf_dir)
self.app.registry.max_store.drop_collection('users')
self.app.registry.max_store.drop_collection('activity')
self.app.registry.max_store.drop_collection('contexts')
self.app.registry.max_store.drop_collection('security')
self.app.registry.max_store.drop_collection('conversations')
self.app.registry.max_store.drop_collection('messages')
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
def test_forbidden_access_to_security_settings(self):
"""
Given i'm a regular user
When i try to interact with security endpoints
Then i get a Forbidden Exception
"""
username = '******'
self.testapp.get('/admin/security', headers=oauth2Header(username), status=403)
self.testapp.get('/admin/security/users', headers=oauth2Header(username), status=403)
self.testapp.get('/admin/security/roles/Manager/users/test_manager', headers=oauth2Header(username), status=403)
self.testapp.post('/admin/security/roles/Manager/users/test_manager', headers=oauth2Header(username), status=403)
self.testapp.delete('/admin/security/roles/Manager/users/test_manager', headers=oauth2Header(username), status=403)
def test_access_to_security_settings(self):
"""
Given i'm a Manager user
When i try to interact with security endpoints
Then i suceed
"""
self.testapp.get('/admin/security', headers=oauth2Header(test_manager), status=200)
self.testapp.get('/admin/security/users', headers=oauth2Header(test_manager), status=200)
self.testapp.get('/admin/security/roles/Manager/users/test_manager', headers=oauth2Header(test_manager), status=200)
self.testapp.post('/admin/security/roles/Manager/users/test_manager', headers=oauth2Header(test_manager), status=200)
self.testapp.delete('/admin/security/roles/Manager/users/test_manager', headers=oauth2Header(test_manager), status=204)
class ActivitiesACLTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(os.path.dirname(__file__))
self.app = loadapp('config:tests.ini', relative_to=conf_dir)
self.app.registry.max_store.drop_collection('users')
self.app.registry.max_store.drop_collection('activity')
self.app.registry.max_store.drop_collection('contexts')
self.app.registry.max_store.drop_collection('security')
self.app.registry.max_store.drop_collection('conversations')
self.app.registry.max_store.drop_collection('messages')
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
# Favorite activities tests
def test_favorite(self):
"""
Given i'm a regular user
When i try to favorite an activity
I succeed
"""
from max.tests.mockers import user_status
username = '******'
username_not_me = 'xavi'
self.create_user(username)
self.create_user(username_not_me)
res = self.create_activity(username, user_status)
activity_id = res.json['id']
self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username_not_me), status=201)
def test_favorite_impersonate(self):
"""
Given i'm a regular user
When i try to favorite an activity impersonated as another user
I get a Forbidden Exception
"""
from max.tests.mockers import user_status
username = '******'
username_not_me = 'xavi'
self.create_user(username)
self.create_user(username_not_me)
res = self.create_activity(username, user_status)
activity_id = res.json['id']
impersonated_actor = {'actor': {'objectType': 'person', 'username': username}}
self.testapp.post('/activities/%s/favorites' % activity_id, json.dumps(impersonated_actor), oauth2Header(username_not_me), status=403)
def test_favorite_impersonate_as_manager(self):
"""
Given i'm a Manager user
When i try to favorite an activity impersonated as another user
I get a Forbidden Exception
"""
from max.tests.mockers import user_status
username = '******'
username_not_me = 'xavi'
self.create_user(username)
self.create_user(username_not_me)
res = self.create_activity(username, user_status)
activity_id = res.json['id']
impersonated_actor = {'actor': {'objectType': 'person', 'username': username}}
self.testapp.post('/activities/%s/favorites' % activity_id, json.dumps(impersonated_actor), oauth2Header(test_manager), status=201)
# Unfavorite activities tests
def test_unfavorite(self):
"""
Given i'm a regular user
When i try to unfavorite an activity
I succeed
"""
from max.tests.mockers import user_status
username = '******'
username_not_me = 'xavi'
self.create_user(username)
self.create_user(username_not_me)
res = self.create_activity(username, user_status)
activity_id = res.json['id']
self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username_not_me), status=201)
self.testapp.delete('/activities/%s/favorites/%s' % (activity_id, username_not_me), '', oauth2Header(username_not_me), status=200)
def test_unfavorite_impersonate(self):
"""
Given i'm a regular user
When i try to unfavorite an activity imperonsated as another user
I get a Forbidden Exception
"""
from max.tests.mockers import user_status
username = '******'
username_not_me = 'xavi'
self.create_user(username)
self.create_user(username_not_me)
res = self.create_activity(username, user_status)
activity_id = res.json['id']
self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username_not_me), status=201)
self.testapp.delete('/activities/%s/favorites/%s' % (activity_id, username_not_me), '', oauth2Header(username), status=403)
def test_unfavorite_impersonate_as_manager(self):
"""
Given i'm a Manager user
When i try to un unfavorite an activity impersonated as another user
I succeed
"""
from max.tests.mockers import user_status
username = '******'
username_not_me = 'xavi'
self.create_user(username)
self.create_user(username_not_me)
res = self.create_activity(username, user_status)
activity_id = res.json['id']
self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username_not_me), status=201)
self.testapp.delete('/activities/%s/favorites/%s' % (activity_id, username_not_me), '', oauth2Header(test_manager), status=200)
def test_unfavorite_not_favorited(self):
"""
Given i'm a regular user
When i try to unfavorite an activity
And the activity is not favorited yet
I get a Forbidden Exception
"""
from max.tests.mockers import user_status
username = '******'
username_not_me = 'xavi'
self.create_user(username)
self.create_user(username_not_me)
res = self.create_activity(username, user_status)
activity_id = res.json['id']
self.testapp.delete('/activities/%s/favorites/%s' % (activity_id, username_not_me), '', oauth2Header(username_not_me), status=403)
class FunctionalTests(unittest.TestCase, MaxTestBase, MaxAvatarsTestBase):
def setUp(self):
self.conf_dir = os.path.dirname(__file__)
self.app = loadapp('config:tests.ini', relative_to=self.conf_dir)
self.reset_database(self.app)
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
def tearDown(self):
shutil.rmtree('{}/exceptions'.format(self.conf_dir))
# BEGIN TESTS
def test_root(self):
"""
Test site root is accessible and returns html
"""
res = self.testapp.get('/', status=200)
self.assertEqual(res.content_type, 'text/html')
def test_bad_test_call_warning(self):
"""
Test calling a service with missing body parameter, and the authorization as body.
As this will only probably happen in tests, The error message is targeted so.
"""
username = '******'
self.create_user(username)
res = self.testapp.post('/people/%s/activities' % username, oauth2Header(test_manager), status=401)
self.assertEqual(res.json['error_description'], u'Authorization found in url params, not in request. Check your tests, you may be passing the authentication headers as the request body...')
@patch('max.models.user.User.insert', fucked_up_insert)
def test_generic_exception_catching(self):
"""
Test calling a webservice mocked to force an exception, to test the scavenger
that formats beautiful json error messages for uncatched exceptions
"""
username = '******'
res = self.create_user(username, expect=500)
self.assertEqual(res.json['error'], 'ServerError')
self.assertIn('BEGIN EXCEPTION REPORT', res.json['error_description'])
self.assertIn('END EXCEPTION REPORT', res.json['error_description'])
def test_bad_body_content_parsing(self):
"""
Test calling a service with a list on post body, that expects a json object.
It should fail
"""
username = '******'
self.testapp.post('/people/%s' % username, '[]', oauth2Header(username), status=400)
def test_post_tunneling_on_delete(self):
"""
Test that calling a endpoint with DELETE indirectly within a POST
actually calls the real delete method
"""
from .mockers import user_status
username = '******'
self.create_user(username)
res = self.create_activity(username, user_status)
activity_id = res.json['id']
headers = oauth2Header(test_manager)
headers['X-HTTP-Method-Override'] = 'DELETE'
self.testapp.post('/activities/{}'.format(activity_id), '', headers, status=204)
def test_compat_id_match(self):
"""
"""
username = '******'
self.create_user(username)
headers = oauth2Header(username)
headers['X-Max-Compat-ID'] = 'test'
self.testapp.get('/people', headers=headers, status=200)
def test_compat_id_mismatch(self):
"""
"""
username = '******'
self.create_user(username)
headers = oauth2Header(username)
headers['X-Max-Compat-ID'] = 'test2'
self.testapp.get('/people', headers=headers, status=412)
def test_post_tunneling_on_put(self):
"""
Test that calling a endpoint with PUT indirectly within a POST
actually calls the real PUT method
"""
username = '******'
self.create_user(username)
headers = oauth2Header(username)
headers['X-HTTP-Method-Override'] = 'PUT'
res = self.testapp.post('/people/{}'.format(username), json.dumps({"displayName": "Lionel Messi"}), headers, status=200)
self.assertEqual(res.request.method, 'PUT')
self.assertEqual(res.json['displayName'], 'Lionel Messi')
def test_post_tunneling_on_get(self):
"""
Test that calling a endpoint with GET indirectly within a POST
with the headers as post data
actually calls the real GET method with the "post data headers" injected on real headers
"""
username = '******'
self.create_user(username)
params = oauth2Header(username)
params['X-HTTP-Method-Override'] = 'GET'
res = self.testapp.post('/people', params, status=200)
self.assertEqual(res.request.method, 'GET')
self.assertEqual(res.request.headers['X-Oauth-Username'], params['X-Oauth-Username'])
self.assertEqual(res.request.headers['X-Oauth-Scope'], params['X-Oauth-Scope'])
self.assertEqual(res.request.headers['X-Oauth-Token'], params['X-Oauth-Token'])
def test_image_rotation_180(self):
from max.utils.image import rotate_image_by_EXIF
from PIL import Image
image = Image.open('{}/truita2.jpg'.format(self.conf_dir))
rotated = rotate_image_by_EXIF(image)
self.assertNotEqual(image, rotated)
def test_image_rotation_no_rotation(self):
from max.utils.image import rotate_image_by_EXIF
from PIL import Image
image = Image.open('{}/avatar.png'.format(self.conf_dir))
rotated = rotate_image_by_EXIF(image)
self.assertEqual(image, rotated)
# __del__ is patched to avoid "ignored exceptions", just to avoid visual noise on test output.
@patch('pymongo.cursor.Cursor.__del__', noop)
@patch('pymongo.cursor.Cursor.__init__', mocked_cursor_init)
def test_mongodb_autoreconnect(self):
"""
Test that if mongodb disconnects once was connected, a autoreconect loop
will start waiting for mongodb to recover
"""
from max.tests.base import FAILURES
FAILURES.set(3)
username = '******'
self.create_user(username)
self.testapp.get('/people/{}'.format(username), '', headers=oauth2Header(test_manager), status=200)
# __del__ is patched to avoid "ignored exceptions", just to avoid visual noise on test output.
@patch('pymongo.cursor.Cursor.__del__', noop)
@patch('pymongo.cursor.Cursor.__init__', partial(mocked_cursor_init, raise_at_end=True))
def test_mongodb_autoreconnect_and_crash(self):
"""
Test that if mongodb disconnects once was connected, a autoreconect loop
will start waiting for mongodb to recover, And if a different exception raises
in between, loop will exit and raise the exception
"""
from max.tests.base import FAILURES
FAILURES.set(3)
username = '******'
res = self.create_user(username, expect=500)
self.assertEqual(res.json['error'], 'ServerError')
def test_request_dumper(self):
"""
Test request dumper logs requests when activated on
assigned signal USER1 handler
"""
import io
import logging
import signal
from max.tweens import request_logger
# Intercept logger to a variable
request_logger.setLevel(logging.DEBUG)
log_capture_string = io.StringIO()
log_handler = logging.StreamHandler(log_capture_string)
log_handler.setLevel(logging.DEBUG)
formatter = logging.Formatter('%(message)s')
log_handler.setFormatter(formatter)
request_logger.addHandler(log_handler)
# Retrieve the assigned handler
handler = signal.getsignal(signal.SIGUSR1)
handler() # Enable request dumper
self.create_user('messi')
handler() # Disable request dumper
# Read lines from captured log
log_capture_string.seek(0)
lines = log_capture_string.readlines()
log_capture_string.close()
self.assertGreater(len(lines), 2)
self.assertEqual(lines[0].strip(), 'Enabling request dumper')
self.assertEqual(lines[-1].strip(), 'Disabling request dumper')
def test_api_info(self):
"""
Test that api info endpoint reports all non-info routes
Test (single route) that expected keys are present on route and method levels
"""
from max.routes import RESOURCES
defined_routes = [route_name for route_name in RESOURCES.keys() if not route_name.startswith('info')]
res = self.testapp.get('/info/api', status=200)
api_route_names = res.json.keys()
self.assertIsInstance(res.json, dict)
self.assertItemsEqual(api_route_names, defined_routes)
self.assertItemsEqual(res.json['user'].keys(), [u'category', u'name', u'url', u'route', u'filesystem', u'id', u'methods'])
self.assertItemsEqual(res.json['user']['methods']['GET'].keys(), [u'rest_params', u'query_params', u'documentation', u'description', u'permission', u'modifiers', u'payload'])
def test_api_info_by_category(self):
"""
"""
from max.routes import RESOURCES
defined_categories = list(set([route.get('category') for name, route in RESOURCES.items() if route.get('category')]))
res = self.testapp.get('/info/api?by_category=1', status=200)
listed_categories = [category['name'] for category in res.json]
self.assertIsInstance(res.json, list)
self.assertItemsEqual(defined_categories, listed_categories)
self.assertItemsEqual(res.json[0].keys(), [u'name', u'resources', u'id'])
def test_raw_request_parsing(self):
"""
"""
from max.exceptions.scavenger import format_raw_request
from .mockers import mock_request
res = format_raw_request(mock_request)
replaced_image = "Content-type: image/png\r\n\r\n<Image data 20496 bytes>\r\n"
self.assertIn(replaced_image, res)
def test_raw_request_parsing_error(self):
"""
"""
from max.exceptions.scavenger import format_raw_request
from .mockers import mock_request_bad_request
res = format_raw_request(mock_request_bad_request)
self.assertIn('*** Error parsing request ***', res)
self.assertIn('*** End traceback ***', res)
def test_raw_request_parsing_bad_encoding_error(self):
"""
"""
from max.exceptions.scavenger import format_raw_request
from .mockers import mock_request_bad_encoding
res = format_raw_request(mock_request_bad_encoding)
self.assertIn('*** Unicode Decode Error parsing request, request trunked at byte 569 ***', res)
def test_raw_response_parsing(self):
MaxAvatarsTestBase.setUp(self)
from max.exceptions.scavenger import format_raw_response
res = self.testapp.get('/people/test_manager/avatar')
parsed = format_raw_response(res)
self.assertIn('<Image data 3909 bytes>', parsed)
MaxAvatarsTestBase.tearDown(self)
class PeopleACLTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(os.path.dirname(__file__))
self.app = loadapp('config:tests.ini', relative_to=conf_dir)
self.app.registry.max_store.drop_collection('users')
self.app.registry.max_store.drop_collection('activity')
self.app.registry.max_store.drop_collection('contexts')
self.app.registry.max_store.drop_collection('security')
self.app.registry.max_store.drop_collection('conversations')
self.app.registry.max_store.drop_collection('messages')
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
# Add people tests
def test_create_person_as_manager(self):
"""
Given i'm a user that has the Manager role
When i try to create a person
I succeed
"""
username = '******'
self.testapp.post('/people', json.dumps({"username": username}), headers=oauth2Header(test_manager), status=201)
def test_create_person_as_non_manager(self):
"""
Given i'm user that doesn't have the Manager role
When i try to create a person
I get a Forbidden exception
"""
username = '******'
other = 'penny'
self.testapp.post('/people', json.dumps({"username": other}), headers=oauth2Header(username), status=403)
def test_create_person_as_oneself(self):
"""
Given i'm user that doesn't have the Manager role
When i try to create a person
I succeed
"""
username = '******'
self.testapp.post('/people', json.dumps({"username": username}), headers=oauth2Header(username), status=201)
# View profile tests
def test_get_person_as_manager(self):
"""
Given i'm a user that has the Manager role
When i try to view a user profile
I succeed
"""
username = '******'
self.create_user(test_manager)
self.create_user(username)
self.testapp.get('/people/{}'.format(username), "", headers=oauth2Header(test_manager), status=200)
def test_get_person_as_non_manager(self):
"""
Given i'm a user that doesn't have the Manager role
When i try to view a user profile
I succeed
"""
username = '******'
self.create_user(test_manager)
self.create_user(username)
self.testapp.get('/people/{}'.format(test_manager), "", headers=oauth2Header(username), status=200)
# Get all people
def test_get_all_people_as_manager(self):
"""
Given i'm a user that has the Manager role
When i try to get all people
I succeed
"""
self.create_user(test_manager)
self.testapp.get('/people', "", headers=oauth2Header(test_manager), status=200)
def test_get_all_people_as_non_manager(self):
"""
Given i'm a user that doesn't have the Manager role
When i try to get a visible people listing
I suceed
"""
username = '******'
self.create_user(test_manager)
self.create_user(username)
self.testapp.get('/people', "", headers=oauth2Header(username), status=200)
# Modify user tests
def test_modify_person_as_manager(self):
"""
Given i'm a user that has the Manager role
When i try to modify a user profile
I succeed
"""
username = '******'
self.create_user(test_manager)
self.create_user(username)
self.testapp.put('/people/{}'.format(username), "", headers=oauth2Header(test_manager), status=200)
def test_modify_person_as_non_manager_neither_owner(self):
"""
Given i'm a user that doesn't have the Manager role
When i try to modify a user profile
And that person is not me
I get a Forbidden Exception
"""
username = '******'
other = 'penny'
self.create_user(test_manager)
self.create_user(username)
self.create_user(other)
self.testapp.put('/people/{}'.format(other), "", headers=oauth2Header(username), status=403)
def test_modify_person_as_owner(self):
"""
Given i'm a user that doesn't have the Manager role
When i try to modify my own profile
I succeed
"""
username = '******'
self.create_user(test_manager)
self.create_user(username)
self.testapp.put('/people/{}'.format(username), "", headers=oauth2Header(username), status=200)
# Delete user tests
def test_delete_person_as_manager(self):
"""
Given i'm a user that has the Manager role
When i try to delete a user
I succeed
"""
username = '******'
self.create_user(test_manager)
self.create_user(username)
self.testapp.delete('/people/{}'.format(username), headers=oauth2Header(test_manager), status=204)
def test_delete_person_as_non_manager_neither_owner(self):
"""
Given i'm a user that doesn't have the Manager role
When i try to delete a user
I get a Forbidden Exception
"""
username = '******'
other = 'penny'
self.create_user(test_manager)
self.create_user(username)
self.create_user(other)
self.testapp.delete('/people/{}'.format(other), headers=oauth2Header(username), status=403)
def test_delete_person_as_owner(self):
"""
Given i'm a user that doesn't have the Manager role
When i try to delete myself
I get a Forbidden Exception
"""
username = '******'
self.create_user(test_manager)
self.create_user(username)
self.testapp.delete('/people/{}'.format(username), headers=oauth2Header(username), status=403)
class FunctionalTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(__file__)
self.app = loadapp('config:tests.ini', relative_to=conf_dir)
self.reset_database(self.app)
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
# BEGIN TESTS
def test_create_context(self):
""" doctests .. http:post:: /contexts"""
from .mockers import create_context
new_context = dict(create_context)
self.testapp.post('/contexts', json.dumps(new_context), oauth2Header(test_manager), status=201)
def test_create_context_creator_is_admin(self):
"""
Given a admin user
When I create a context
Then the creator of the context is the admin user
"""
from .mockers import create_context
res = self.testapp.post('/contexts', json.dumps(create_context), oauth2Header(test_manager), status=201)
self.assertEqual(res.json['creator'], test_manager)
def test_create_context_default_fields(self):
"""
Given an admin user
When I create a context
Then non-required fields with defaults are set
"""
from .mockers import create_context
res = self.testapp.post('/contexts', json.dumps(create_context), oauth2Header(test_manager), status=201)
self.assertIn('permissions', res.json)
self.assertIn('tags', res.json)
self.assertIn('objectType', res.json)
self.assertEqual(res.json['objectType'], 'context')
def test_post_activity_with_public_context(self):
""" Post an activity to a context which allows everyone to read and write
"""
from .mockers import subscribe_context, create_context
from .mockers import user_status_context
username = '******'
self.create_user(username)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
res = self.create_activity(username, user_status_context)
result = json.loads(res.text)
self.assertEqual(result.get('actor', None).get('username', None), 'messi')
self.assertEqual(result.get('object', None).get('objectType', None), 'note')
self.assertEqual(result.get('contexts', None)[0]['url'], subscribe_context['object']['url'])
def test_post_activity_with_private_read_write_context(self):
""" Post an activity to a context which needs the user to be subscribed to read and write
and we have previously subscribed the user.
"""
from .mockers import subscribe_context, create_context
from .mockers import user_status_context
from hashlib import sha1
username = '******'
self.create_user(username)
url_hash = sha1(create_context['url']).hexdigest()
context_permissions = dict(read='subscribed', write='subscribed', subscribe='restricted', invite='restricted')
self.create_context(create_context, permissions=context_permissions)
self.admin_subscribe_user_to_context(username, subscribe_context)
res = self.create_activity(username, user_status_context)
result = json.loads(res.text)
self.assertEqual(result.get('actor', None).get('username', None), 'messi')
self.assertEqual(result.get('object', None).get('objectType', None), 'note')
self.assertEqual(result.get('contexts', None)[0]['url'], subscribe_context['object']['url'])
return url_hash, username, user_status_context
def test_post_activity_with_private_read_context(self):
""" Try to post an activity to a context which needs the user to be subscribed to read
but needs to explicitly give write permission on the user to post and we have previously
subscribed the user but not given write permission.
"""
from .mockers import subscribe_context, create_context
from .mockers import user_status_context
username = '******'
self.create_user(username)
context_permissions = dict(read='subscribed', write='restricted', subscribe='restricted', invite='restricted')
self.create_context(create_context, permissions=context_permissions)
self.admin_subscribe_user_to_context(username, subscribe_context)
self.create_activity(username, user_status_context, expect=403)
def test_add_public_context(self):
from hashlib import sha1
from .mockers import create_context
res = self.testapp.post('/contexts', json.dumps(create_context), oauth2Header(test_manager), status=201)
result = json.loads(res.text)
url_hash = sha1(create_context['url']).hexdigest()
self.assertEqual(result.get('hash', None), url_hash)
def test_add_invalid_context(self):
from .mockers import create_invalid_context
self.create_context(create_invalid_context, expect=400)
def test_add_uri_context_without_displayName(self):
"""
Add a Uri context without a displayName and check that the default displayName is set
with the url from the uri object
"""
from .mockers import create_context_without_displayname
res = self.create_context(create_context_without_displayname, expect=201)
result = json.loads(res.text)
self.assertEqual(result.get('displayName', None), create_context_without_displayname['url'])
def test_add_public_context_with_all_params(self):
from hashlib import sha1
from .mockers import create_context_full
res = self.testapp.post('/contexts', json.dumps(create_context_full), oauth2Header(test_manager), status=201)
result = json.loads(res.text)
url_hash = sha1(create_context_full['url']).hexdigest()
self.assertEqual(result.get('hash', None), url_hash)
self.assertEqual(result.get('displayName', None), create_context_full['displayName'])
self.assertEqual(result.get('twitterHashtag', None), create_context_full['twitterHashtag'])
self.assertEqual(result.get('twitterUsername', None), create_context_full['twitterUsername'])
def test_context_exists(self):
""" doctest .. http:get:: /contexts/{hash} """
from hashlib import sha1
from .mockers import create_context
url_hash = sha1(create_context['url']).hexdigest()
self.create_context(create_context)
res = self.testapp.get('/contexts/%s' % url_hash, "", oauth2Header(test_manager), status=200)
result = json.loads(res.text)
self.assertEqual(result.get('hash', None), url_hash)
def test_context_informs_all_permissions(self):
""" doctest .. http:get:: /contexts/{hash} """
from hashlib import sha1
from .mockers import create_context
from max import DEFAULT_CONTEXT_PERMISSIONS
url_hash = sha1(create_context['url']).hexdigest()
self.create_context(create_context)
res = self.testapp.get('/contexts/%s' % url_hash, "", oauth2Header(test_manager), status=200)
result = json.loads(res.text)
self.assertEqual(result.get('hash', None), url_hash)
self.assertItemsEqual(result['permissions'].keys(), DEFAULT_CONTEXT_PERMISSIONS.keys())
def test_create_context_that_already_exists(self):
""" doctest .. http:get:: /contexts/{hash} """
from hashlib import sha1
from .mockers import create_context
url_hash = sha1(create_context['url']).hexdigest()
self.testapp.post('/contexts', json.dumps(create_context), oauth2Header(test_manager), status=201)
res = self.testapp.post('/contexts', json.dumps(create_context), oauth2Header(test_manager), status=200)
self.assertEqual(res.json.get('hash', None), url_hash)
def test_modify_context(self):
""" doctest .. http:put:: /contexts/{hash} """
from hashlib import sha1
from .mockers import create_context
self.create_context(create_context)
url_hash = sha1(create_context['url']).hexdigest()
res = self.testapp.put('/contexts/%s' % url_hash, json.dumps({"twitterHashtag": "assignatura1"}), oauth2Header(test_manager), status=200)
result = json.loads(res.text)
self.assertEqual(result.get('hash', None), url_hash)
self.assertEqual(result.get('twitterHashtag', None), 'assignatura1')
def test_modify_context_with_owner(self):
""" doctest .. http:put:: /contexts/{hash} """
from hashlib import sha1
from .mockers import create_context
mindundi = 'messi'
self.create_user(mindundi)
self.create_context(create_context, owner=mindundi)
url_hash = sha1(create_context['url']).hexdigest()
res = self.testapp.put('/contexts/%s' % url_hash, json.dumps({"twitterHashtag": "assignatura1"}), oauth2Header(mindundi), status=200)
result = json.loads(res.text)
self.assertEqual(result.get('hash', None), url_hash)
self.assertEqual(result.get('twitterHashtag', None), 'assignatura1')
def test_modify_context_forbidden(self):
""" doctest .. http:put:: /contexts/{hash} """
from hashlib import sha1
from .mockers import create_context
mindundi = 'messi'
self.create_user(mindundi)
self.create_context(create_context)
url_hash = sha1(create_context['url']).hexdigest()
self.testapp.put('/contexts/%s' % url_hash, json.dumps({"twitterHashtag": "assignatura1"}), oauth2Header(mindundi), status=403)
def test_modify_inexistent_context(self):
""" doctest .. http:put:: /contexts/{hash} """
url_hash = '0000000000000'
self.testapp.put('/contexts/%s' % url_hash, json.dumps({"twitterHashtag": "assignatura1"}), oauth2Header(test_manager), status=404)
@httpretty.activate
@patch('tweepy.API', MockTweepyAPI)
def test_modify_context_with_twitter_username(self):
from hashlib import sha1
from .mockers import create_context
self.create_context(create_context)
url_hash = sha1(create_context['url']).hexdigest()
res = self.testapp.put('/contexts/%s' % url_hash, json.dumps({"twitterHashtag": "assignatura1", "twitterUsername": "******"}), oauth2Header(test_manager), status=200)
result = json.loads(res.text)
self.assertEqual(result.get('hash', None), url_hash)
self.assertEqual(result.get('twitterHashtag', None), 'assignatura1')
self.assertEqual(result.get('twitterUsername', None), 'maxupcnet')
self.assertEqual(result.get('twitterUsernameId', None), '526326641')
def test_get_context_tags(self):
from hashlib import sha1
from .mockers import create_context
self.create_context(create_context)
url_hash = sha1(create_context['url']).hexdigest()
res = self.testapp.get('/contexts/%s/tags' % url_hash, "", oauth2Header(test_manager), status=200)
self.assertEqual(res.json, ['Assignatura'])
def test_update_context_tags_updates_existing_tags(self):
from hashlib import sha1
from .mockers import create_context
self.create_context(create_context)
url_hash = sha1(create_context['url']).hexdigest()
res = self.testapp.put('/contexts/%s/tags' % url_hash, json.dumps(['prova']), oauth2Header(test_manager), status=200)
self.assertEqual(res.json, ['Assignatura', 'prova'])
def test_update_context_tags_updates_existing_activites_tags(self):
from hashlib import sha1
from .mockers import create_context, subscribe_context, user_status_context
username = '******'
self.create_user(username)
self.create_context(create_context)
url_hash = sha1(create_context['url']).hexdigest()
self.admin_subscribe_user_to_context(username, subscribe_context)
self.create_activity(username, user_status_context)
self.testapp.put('/contexts/%s/tags' % url_hash, json.dumps(['prova']), oauth2Header(test_manager), status=200)
res = self.testapp.get('/contexts/%s/activities' % url_hash, "", oauth2Header(username), status=200)
self.assertEqual(res.json[0]['contexts'][0]['tags'], ['Assignatura', 'prova'])
def test_update_context_tags_updates_existing_subscription_tags(self):
from hashlib import sha1
from .mockers import create_context, subscribe_context, user_status_context
username = '******'
self.create_user(username)
self.create_context(create_context)
url_hash = sha1(create_context['url']).hexdigest()
self.admin_subscribe_user_to_context(username, subscribe_context)
self.create_activity(username, user_status_context)
self.testapp.put('/contexts/%s/tags' % url_hash, json.dumps(['prova']), oauth2Header(test_manager), status=200)
res = self.testapp.get('/people/%s' % username, "", oauth2Header(username), status=200)
self.assertEqual(res.json['subscribedTo'][0]['tags'], ['Assignatura', 'prova'])
def test_clear_context_tags(self):
from hashlib import sha1
from .mockers import create_context
self.create_context(create_context)
url_hash = sha1(create_context['url']).hexdigest()
res = self.testapp.delete('/contexts/%s/tags' % url_hash, "", oauth2Header(test_manager), status=200)
self.assertEqual(res.json, [])
def test_remove_context_tag(self):
from hashlib import sha1
from .mockers import create_context
self.create_context(create_context)
url_hash = sha1(create_context['url']).hexdigest()
self.testapp.put('/contexts/%s/tags' % url_hash, json.dumps(['prova']), oauth2Header(test_manager), status=200)
self.testapp.delete('/contexts/%s/tags/%s' % (url_hash, 'Assignatura'), "", oauth2Header(test_manager), status=204)
def test_modify_context_displayName_updates_subscription(self):
from hashlib import sha1
from .mockers import create_context, subscribe_context
username = '******'
self.create_user(username)
self.create_context(create_context, permissions=dict(read='subscribed', write='restricted', subscribe='restricted', invite='restricted'))
self.admin_subscribe_user_to_context(username, subscribe_context, expect=201)
url_hash = sha1(create_context['url']).hexdigest()
res = self.testapp.put('/contexts/%s' % url_hash, json.dumps({"displayName": "New Name"}), oauth2Header(test_manager), status=200)
res = self.testapp.get('/people/%s/subscriptions' % username, '', oauth2Header(username), status=200)
self.assertEqual(res.json[0]['displayName'], 'New Name')
def test_modify_context_unsetting_property(self):
from hashlib import sha1
from .mockers import create_context
self.create_context(create_context)
url_hash = sha1(create_context['url']).hexdigest()
self.modify_context(create_context['url'], {"twitterHashtag": "assignatura1", "twitterUsername": "******"})
res = self.testapp.put('/contexts/%s' % url_hash, json.dumps({"twitterHashtag": "", "twitterUsername": ""}), oauth2Header(test_manager), status=200)
result = json.loads(res.text)
self.assertEqual(result.get('hash', None), url_hash)
self.assertEqual(result.get('twitterHashtag', None), None)
self.assertEqual(result.get('twitterUsername', None), None)
self.assertEqual(result.get('twitterUsernameId', None), None)
def test_delete_context(self):
""" doctest .. http:delete:: /contexts/{hash} """
from hashlib import sha1
from .mockers import create_context
url_hash = sha1(create_context['url']).hexdigest()
self.create_context(create_context)
self.testapp.delete('/contexts/%s' % url_hash, "", oauth2Header(test_manager), status=204)
def test_deleted_context_is_really_deleted(self):
from hashlib import sha1
from .mockers import create_context
url_hash = sha1(create_context['url']).hexdigest()
self.create_context(create_context)
self.testapp.delete('/contexts/%s' % url_hash, "", oauth2Header(test_manager), status=204)
res = self.testapp.get('/contexts/%s' % url_hash, "", oauth2Header(test_manager), status=404)
result = json.loads(res.text)
self.assertEqual(result.get('error', None), 'ObjectNotFound')
def test_delete_inexistent_context(self):
""" doctest .. http:delete:: /contexts/{hash} """
url_hash = '00000000000000'
self.testapp.delete('/contexts/%s' % url_hash, "", oauth2Header(test_manager), status=404)
def test_delete_only_deleted_specified_context(self):
from hashlib import sha1
from .mockers import create_context, create_contextA
self.create_context(create_context)
self.create_context(create_contextA)
url_hash = sha1(create_context['url']).hexdigest()
url_hashA = sha1(create_contextA['url']).hexdigest()
self.testapp.delete('/contexts/%s' % url_hash, "", oauth2Header(test_manager), status=204)
res = self.testapp.get('/contexts/%s' % url_hashA, "", oauth2Header(test_manager), status=200)
result = json.loads(res.text)
self.assertEqual(result.get('hash', None), url_hashA)
def test_delete_context_removes_subscription_from_user(self):
"""
"""
from hashlib import sha1
from .mockers import subscribe_context, subscribe_contextA
from .mockers import create_context, create_contextA
from .mockers import user_status_context, user_status_contextA
username = '******'
self.create_user(username)
self.create_context(create_context)
self.create_context(create_contextA)
self.admin_subscribe_user_to_context(username, subscribe_context)
self.admin_subscribe_user_to_context(username, subscribe_contextA)
self.create_activity(username, user_status_context)
self.create_activity(username, user_status_contextA)
url_hash = sha1(create_context['url']).hexdigest()
self.testapp.delete('/contexts/%s' % url_hash, "", oauth2Header(test_manager), status=204)
res = self.testapp.get('/people/%s' % username, "", oauth2Header(username))
result = json.loads(res.text)
self.assertEqual(result.get('username', None), 'messi')
self.assertEqual(len(result.get('subscribedTo', [])), 1)
self.assertEqual(result.get('subscribedTo', [])[0]['url'], subscribe_contextA['object']['url'])
def test_user_cannot_see_activity_from_deleted_context(self):
"""
"""
from hashlib import sha1
from .mockers import subscribe_context
from .mockers import create_context
from .mockers import user_status_context
from .mockers import context_query
username = '******'
self.create_user(username)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
self.create_activity(username, user_status_context)
url_hash = sha1(create_context['url']).hexdigest()
self.testapp.delete('/contexts/%s' % url_hash, "", oauth2Header(test_manager), status=204)
self.testapp.get('/contexts/%s/activities' % (context_query['context']), '', oauth2Header(username), status=404)
def test_user_cannot_see_own_activity_from_deleted_context_in_timeline(self):
"""
"""
from hashlib import sha1
from .mockers import subscribe_context
from .mockers import create_context
from .mockers import user_status_context
username = '******'
self.create_user(username)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
self.create_activity(username, user_status_context)
url_hash = sha1(create_context['url']).hexdigest()
self.testapp.delete('/contexts/%s' % url_hash, "", oauth2Header(test_manager), status=204)
res = self.testapp.get('/people/%s/timeline' % username, {}, oauth2Header(username), status=200)
result = json.loads(res.text)
self.assertEqual(len(result), 0)
def test_add_private_rw_context(self):
from hashlib import sha1
from .mockers import create_context_private_rw
res = self.testapp.post('/contexts', json.dumps(create_context_private_rw), oauth2Header(test_manager), status=201)
result = json.loads(res.text)
url_hash = sha1(create_context_private_rw['url']).hexdigest()
self.assertEqual(result.get('hash', None), url_hash)
self.assertEqual(result.get('permissions', None), create_context_private_rw['permissions'])
def test_add_private_r_context(self):
from hashlib import sha1
from .mockers import create_context_private_r
res = self.testapp.post('/contexts', json.dumps(create_context_private_r), oauth2Header(test_manager), status=201)
result = json.loads(res.text)
url_hash = sha1(create_context_private_r['url']).hexdigest()
self.assertEqual(result.get('hash', None), url_hash)
self.assertEqual(result.get('permissions', None), create_context_private_r['permissions'])
def test_check_permissions_on_subscribed_rw_context(self):
from .mockers import create_context_private_rw, subscribe_context
username = '******'
self.create_user(username)
self.create_context(create_context_private_rw)
self.admin_subscribe_user_to_context(username, subscribe_context)
res = self.testapp.get('/people/%s' % username, "", oauth2Header(username))
result = json.loads(res.text)
self.assertEqual(len(result.get('subscribedTo', [])), 1)
self.assertEqual(result.get('subscribedTo', {})[0]['url'], subscribe_context['object']['url'])
self.assertEqual('read' in result.get('subscribedTo', {})[0]['permissions'], True)
self.assertEqual('write' in result.get('subscribedTo', {})[0]['permissions'], True)
def test_check_permissions_on_subscribed_write_restricted_context(self):
from .mockers import create_context_private_r, subscribe_context
username = '******'
self.create_user(username)
self.create_context(create_context_private_r)
self.admin_subscribe_user_to_context(username, subscribe_context)
res = self.testapp.get('/people/%s' % username, "", oauth2Header(username))
result = json.loads(res.text)
self.assertEqual(len(result.get('subscribedTo', [])), 1)
self.assertEqual(result.get('subscribedTo', {})[0]['url'], subscribe_context['object']['url'])
self.assertEqual('read' in result.get('subscribedTo', {})[0]['permissions'], True)
self.assertEqual('write' not in result.get('subscribedTo', {})[0]['permissions'], True)
def test_post_on_subscribed_write_restricted_context_without_write_permission(self):
from .mockers import create_context_private_r, subscribe_context, user_status_context
username = '******'
self.create_user(username)
self.create_context(create_context_private_r)
self.admin_subscribe_user_to_context(username, subscribe_context)
res = self.create_activity(username, user_status_context, expect=403)
def test_post_on_subscribed_rw_context(self):
from .mockers import create_context_private_rw, subscribe_context, user_status_context
username = '******'
self.create_user(username)
self.create_context(create_context_private_rw)
self.admin_subscribe_user_to_context(username, subscribe_context)
res = self.create_activity(username, user_status_context)
result = json.loads(res.text)
self.assertEqual(result.get('actor', None).get('username', None), 'messi')
self.assertEqual(result.get('object', None).get('objectType', None), 'note')
self.assertEqual(result.get('contexts', None)[0]['url'], user_status_context['contexts'][0]['url'])
def test_grant_write_permission_on_write_restricted_context(self):
""" doctest .. http:put:: /contexts/{hash}/permissions/{username}/{permission} """
from .mockers import create_context_private_r, subscribe_context
from hashlib import sha1
username = '******'
self.create_user(username)
self.create_context(create_context_private_r)
self.admin_subscribe_user_to_context(username, subscribe_context)
chash = sha1(create_context_private_r['url']).hexdigest()
permission = 'write'
res = self.testapp.put('/contexts/%s/permissions/%s/%s' % (chash, username, permission), "", oauth2Header(test_manager), status=201)
result = json.loads(res.text)
self.assertEqual('read' in result['permissions'], True)
self.assertEqual('write' in result['permissions'], True)
def test_revoke_write_permission_on_write_restricted_context(self):
""" doctest .. http:delete:: /contexts/{hash}/permissions/{username}/{permission} """
from .mockers import create_context_private_r, subscribe_context
from hashlib import sha1
username = '******'
self.create_user(username)
self.create_context(create_context_private_r)
self.admin_subscribe_user_to_context(username, subscribe_context)
chash = sha1(create_context_private_r['url']).hexdigest()
permission = 'write'
res = self.testapp.put('/contexts/%s/permissions/%s/%s' % (chash, username, permission), "", oauth2Header(test_manager), status=201)
res = self.testapp.delete('/contexts/%s/permissions/%s/%s' % (chash, username, permission), "", oauth2Header(test_manager), status=201)
result = json.loads(res.text)
self.assertEqual('read' in result['permissions'], True)
self.assertEqual('write' not in result['permissions'], True)
def test_grant_write_permission_on_non_subscribed_context(self):
from .mockers import create_context_private_r
from hashlib import sha1
username = '******'
self.create_user(username)
self.create_context(create_context_private_r)
chash = sha1(create_context_private_r['url']).hexdigest()
permission = 'write'
self.testapp.put('/contexts/%s/permissions/%s/%s' % (chash, username, permission), "", oauth2Header(test_manager), status=404)
def test_grant_invalid_permission_on_subscribed_context(self):
from .mockers import create_context_private_r, subscribe_context
from hashlib import sha1
username = '******'
self.create_user(username)
self.create_context(create_context_private_r)
self.admin_subscribe_user_to_context(username, subscribe_context)
chash = sha1(create_context_private_r['url']).hexdigest()
permission = 'badpermission'
res = self.testapp.put('/contexts/%s/permissions/%s/%s' % (chash, username, permission), "", oauth2Header(test_manager), status=400)
result = json.loads(res.text)
self.assertEqual(result.get('error', None), 'InvalidPermission')
def test_reset_user_subscription_to_default_permissions(self):
from .mockers import create_context_private_r, subscribe_context
from hashlib import sha1
username = '******'
self.create_user(username)
self.create_context(create_context_private_r)
self.admin_subscribe_user_to_context(username, subscribe_context)
chash = sha1(create_context_private_r['url']).hexdigest()
permission = 'write'
self.testapp.put('/contexts/%s/permissions/%s/%s' % (chash, username, permission), "", oauth2Header(test_manager), status=201)
res = self.testapp.post('/contexts/%s/permissions/%s/defaults' % (chash, username), "", oauth2Header(test_manager), status=200)
result = json.loads(res.text)
self.assertEqual('read' in result['permissions'], True)
self.assertEqual('write' in result['permissions'], False)
def test_get_context_subscriptions(self):
from .mockers import create_contextA, subscribe_contextA
from .mockers import create_context_private_r, subscribe_context
from hashlib import sha1
username = '******'
self.create_user(username)
self.create_context(create_contextA)
self.create_context(create_context_private_r)
self.admin_subscribe_user_to_context(username, subscribe_context)
self.admin_subscribe_user_to_context(username, subscribe_contextA)
chash = sha1(create_context_private_r['url']).hexdigest()
res = self.testapp.get('/contexts/%s/subscriptions' % (chash), "", oauth2Header(test_manager), status=200)
result = json.loads(res.text)
self.assertEqual(result[0].get('username', ''), 'messi')
self.assertEqual(result[0].get('hash', ''), chash)
def test_create_context_with_upload_url(self):
""" """
from .mockers import create_context_with_uploadurl
new_context = dict(create_context_with_uploadurl)
res = self.testapp.post('/contexts', json.dumps(new_context), oauth2Header(test_manager), status=201)
self.assertTrue(res.json.get('uploadURL'))
class FunctionalTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(__file__)
self.app = loadapp('config:tests_restricted_user_visibility.ini', relative_to=conf_dir)
self.reset_database(self.app)
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
def tearDown(self):
import pyramid.testing
pyramid.testing.tearDown()
# ############################################################################################################################
#
# !!! IMPORTANT INFO !!! All this tests are run with the max.restricted_user_visibility_mode=True set in the .ini
# Tests for NonVisible users without restricted_user_visibility live in test_nonvisible.py, wich uses a different .ini
#
##############################################################################################################################
# Tests for listing people without sharing contexts (2 tests)
def test_get_people_as_a_nonvisible_user_without_subscriptions(self):
"""
Given i'm a nonvisible user
When I search users
And we don't share any context subscription
Then I cannot see any of them
"""
username_visible1 = 'user1'
username_visible2 = 'user2'
username_nonvisible1 = 'usernonvisible1'
username_nonvisible2 = 'usernonvisible2'
self.create_user(username_visible1)
self.create_user(username_visible2)
self.create_user(username_nonvisible1)
self.create_user(username_nonvisible2)
self.testapp.post('/admin/security/roles/%s/users/%s' % ('NonVisible', username_nonvisible1), "", oauth2Header(test_manager), status=201)
self.testapp.post('/admin/security/roles/%s/users/%s' % ('NonVisible', username_nonvisible2), "", oauth2Header(test_manager), status=201)
res = self.testapp.get('/people', "", oauth2Header(username_nonvisible1), status=200)
self.assertEqual(len(res.json), 0)
def test_get_people_as_visible_user_without_subscriptions(self):
"""
Given i'm a visible user
When I search users
And we don't share any context subscription
Then I cannot see any of them
"""
username_visible1 = 'user1'
username_visible2 = 'user2'
username_nonvisible1 = 'usernonvisible1'
username_nonvisible2 = 'usernonvisible2'
self.create_user(username_visible1)
self.create_user(username_visible2)
self.create_user(username_nonvisible1)
self.create_user(username_nonvisible2)
self.testapp.post('/admin/security/roles/%s/users/%s' % ('NonVisible', username_nonvisible1), "", oauth2Header(test_manager), status=201)
self.testapp.post('/admin/security/roles/%s/users/%s' % ('NonVisible', username_nonvisible2), "", oauth2Header(test_manager), status=201)
res = self.testapp.get('/people', "", oauth2Header(username_visible1), status=200)
self.assertEqual(len(res.json), 0)
# Tests for listing people sharing contexts (2 tests)
def test_get_people_as_nonvisible_user(self):
"""
Given i'm a nonvisible person
When I search users
Then I can see all people on the same contexts as I, including other nonvisible users
"""
from .mockers import subscribe_context, create_context
username_visible1 = 'user1'
username_visible2 = 'user2'
username_nonvisible1 = 'usernonvisible1'
username_nonvisible2 = 'usernonvisible2'
self.create_user(username_visible1)
self.create_user(username_visible2)
self.create_user(username_nonvisible1)
self.create_user(username_nonvisible2)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username_visible1, subscribe_context)
self.admin_subscribe_user_to_context(username_nonvisible1, subscribe_context)
self.admin_subscribe_user_to_context(username_nonvisible2, subscribe_context)
self.testapp.post('/admin/security/roles/%s/users/%s' % ('NonVisible', username_nonvisible1), "", oauth2Header(test_manager), status=201)
self.testapp.post('/admin/security/roles/%s/users/%s' % ('NonVisible', username_nonvisible2), "", oauth2Header(test_manager), status=201)
res = self.testapp.get('/people', "", oauth2Header(username_nonvisible1), status=200)
self.assertEqual(len(res.json), 3)
self.assertEqual(res.json[0]['username'], username_nonvisible2)
self.assertEqual(res.json[1]['username'], username_nonvisible1)
self.assertEqual(res.json[2]['username'], username_visible1)
def test_get_people_as_visible_user(self):
"""
Given i'm a visible user
When I search users
Then I can see only the visible people on the same contexts as I
"""
from .mockers import subscribe_context, create_context
username_visible1 = 'user1'
username_visible2 = 'user2'
username_visible3 = 'user3'
username_nonvisible = 'usernonvisible'
self.create_user(username_visible1)
self.create_user(username_visible2)
self.create_user(username_visible3)
self.create_user(username_nonvisible)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username_visible1, subscribe_context)
self.admin_subscribe_user_to_context(username_visible2, subscribe_context)
self.testapp.post('/admin/security/roles/%s/users/%s' % ('NonVisible', username_nonvisible), "", oauth2Header(test_manager), status=201)
res = self.testapp.get('/people', "", oauth2Header(username_visible1), status=200)
self.assertEqual(len(res.json), 2)
self.assertEqual(res.json[0]['username'], username_visible2)
self.assertEqual(res.json[1]['username'], username_visible1)
# Tests for start Conversations without sharing contexts (4 tests)
def test_start_conversation_with_visible_as_nonvisible_without_sharing_contexts(self):
from .mockers import message
"""
Given i'm a nonvisible person
When I try to start a conversation with a visible
And we don't share any contexts
Then I cannot start the conversation
"""
username_visible1 = 'user1'
username_nonvisible1 = 'usernonvisible1'
self.create_user(username_visible1)
self.create_user(username_nonvisible1)
message = deepcopy(message)
message['contexts'][0]['participants'] = [username_nonvisible1, username_visible1]
self.testapp.post('/admin/security/roles/%s/users/%s' % ('NonVisible', username_nonvisible1), "", oauth2Header(test_manager), status=201)
self.testapp.post('/conversations', json.dumps(message), oauth2Header(username_nonvisible1), status=403)
def test_start_conversation_with_nonvisible_as_nonvisible_without_sharing_contexts(self):
from .mockers import message
"""
Given i'm a nonvisible person
When I try to start a conversation with a nonvisible
And we don't share any contexts
Then I cannot start the conversation
"""
username_nonvisible1 = 'usernonvisible1'
username_nonvisible2 = 'usernonvisible2'
self.create_user(username_nonvisible1)
self.create_user(username_nonvisible2)
message = deepcopy(message)
message['contexts'][0]['participants'] = [username_nonvisible1, username_nonvisible2]
self.testapp.post('/admin/security/roles/%s/users/%s' % ('NonVisible', username_nonvisible1), "", oauth2Header(test_manager), status=201)
self.testapp.post('/admin/security/roles/%s/users/%s' % ('NonVisible', username_nonvisible2), "", oauth2Header(test_manager), status=201)
self.testapp.post('/conversations', json.dumps(message), oauth2Header(username_nonvisible1), status=403)
def test_start_conversation_with_visible_as_visible_without_sharing_contexts(self):
from .mockers import message
"""
Given i'm a visible person
When I try to start a conversation with a visible
And we don't share any contexts
Then I cannot start the conversation
"""
username_visible1 = 'user1'
username_visible2 = 'user2'
self.create_user(username_visible1)
self.create_user(username_visible2)
message = deepcopy(message)
message['contexts'][0]['participants'] = [username_visible2, username_visible1]
self.testapp.post('/conversations', json.dumps(message), oauth2Header(username_visible1), status=403)
def test_start_conversation_with_nonvisible_as_visible_without_sharing_contexts(self):
from .mockers import message
"""
Given i'm a visible person
When I try to start a conversation with a nonvisible
And we don't share any contexts
Then I cannot start the conversation
"""
username_visible1 = 'user1'
username_nonvisible1 = 'usernonvisible1'
self.create_user(username_visible1)
self.create_user(username_nonvisible1)
message = deepcopy(message)
message['contexts'][0]['participants'] = [username_nonvisible1, username_visible1]
self.testapp.post('/admin/security/roles/%s/users/%s' % ('NonVisible', username_nonvisible1), "", oauth2Header(test_manager), status=201)
self.testapp.post('/conversations', json.dumps(message), oauth2Header(username_visible1), status=403)
# Tests for start Conversations sharing contexts (4 tests)
def test_start_conversation_with_visible_as_nonvisible__sharing_contexts(self):
from .mockers import message
from .mockers import subscribe_context, create_context
"""
Given i'm a nonvisible person
When I try to start a conversation with a visible
And we share a context
Then I can start the conversation
"""
username_visible1 = 'user1'
username_nonvisible1 = 'usernonvisible1'
self.create_user(username_visible1)
self.create_user(username_nonvisible1)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username_visible1, subscribe_context)
self.admin_subscribe_user_to_context(username_nonvisible1, subscribe_context)
message = deepcopy(message)
message['contexts'][0]['participants'] = [username_nonvisible1, username_visible1]
self.testapp.post('/admin/security/roles/%s/users/%s' % ('NonVisible', username_nonvisible1), "", oauth2Header(test_manager), status=201)
self.testapp.post('/conversations', json.dumps(message), oauth2Header(username_nonvisible1), status=201)
def test_start_conversation_with_nonvisible_as_nonvisible_sharing_contexts(self):
from .mockers import message
from .mockers import subscribe_context, create_context
"""
Given i'm a nonvisible person
When I try to start a conversation with a nonvisible
And we share a context
Then I can start the conversation
"""
username_nonvisible1 = 'usernonvisible1'
username_nonvisible2 = 'usernonvisible2'
self.create_user(username_nonvisible1)
self.create_user(username_nonvisible2)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username_nonvisible1, subscribe_context)
self.admin_subscribe_user_to_context(username_nonvisible2, subscribe_context)
message = deepcopy(message)
message['contexts'][0]['participants'] = [username_nonvisible1, username_nonvisible2]
self.testapp.post('/admin/security/roles/%s/users/%s' % ('NonVisible', username_nonvisible1), "", oauth2Header(test_manager), status=201)
self.testapp.post('/admin/security/roles/%s/users/%s' % ('NonVisible', username_nonvisible2), "", oauth2Header(test_manager), status=201)
self.testapp.post('/conversations', json.dumps(message), oauth2Header(username_nonvisible1), status=201)
def test_start_conversation_with_visible_as_visible_sharing_contexts(self):
from .mockers import message
from .mockers import subscribe_context, create_context
"""
Given i'm a visible person
When I try to start a conversation with a visible
And we share a context
Then I can start the conversation
"""
username_visible1 = 'user1'
username_visible2 = 'user2'
self.create_user(username_visible1)
self.create_user(username_visible2)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username_visible1, subscribe_context)
self.admin_subscribe_user_to_context(username_visible2, subscribe_context)
message = deepcopy(message)
message['contexts'][0]['participants'] = [username_visible2, username_visible1]
self.testapp.post('/conversations', json.dumps(message), oauth2Header(username_visible1), status=201)
def test_start_conversation_with_nonvisible_as_visible_sharing_contexts(self):
from .mockers import message
from .mockers import subscribe_context, create_context
"""
Given i'm a visible person
When I try to start a conversation with a nonvisible
And we share a context
Then I cannot start the conversation
"""
username_visible1 = 'user1'
username_nonvisible1 = 'usernonvisible1'
self.create_user(username_visible1)
self.create_user(username_nonvisible1)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username_visible1, subscribe_context)
self.admin_subscribe_user_to_context(username_nonvisible1, subscribe_context)
message = deepcopy(message)
message['contexts'][0]['participants'] = [username_nonvisible1, username_visible1]
self.testapp.post('/admin/security/roles/%s/users/%s' % ('NonVisible', username_nonvisible1), "", oauth2Header(test_manager), status=201)
self.testapp.post('/conversations', json.dumps(message), oauth2Header(username_visible1), status=403)
class DeprecationTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(__file__)
self.app = loadapp('config:tests.ini', relative_to=conf_dir)
self.reset_database(self.app)
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
# Test deprecated Add people
def test_deprecated_request_create_user(self):
"""
Given a request to the deprecated POST /people/{username}
When the request is processed
Then the request is rewrited as POST /people
And the username is now in the body
And the displayName is preserved in the body
"""
res = self.testapp.post('/people/sheldon', json.dumps({"displayName": 'Sheldon'}), headers=oauth2Header(test_manager), status=201)
rewrited_request = res.request
rewrited_request_url = urlparse.urlparse(rewrited_request.url).path
self.assertEqual(rewrited_request_url, '/people')
self.assertEqual(res.json['username'], 'sheldon')
self.assertEqual(res.json['displayName'], 'Sheldon')
# Test deprecated subscribe user
def test_deprecated_subscribe_user(self):
"""
Given a request to the deprecated POST /people/{username}/subscriptions
When the request is processed
Then the request is rewrited as POST /contexts/{hash}/subscriptions
And the actor now is in the body
"""
from max.tests.mockers import create_context, subscribe_context
username = '******'
self.create_user(username)
res = self.create_context(create_context)
context_hash = res.json['hash']
res = self.testapp.post('/people/%s/subscriptions' % username, json.dumps(subscribe_context), oauth2Header(test_manager), status=201)
rewrited_request = res.request
rewrited_request_url = urlparse.urlparse(rewrited_request.url).path
self.assertEqual(rewrited_request_url, '/contexts/{}/subscriptions'.format(context_hash))
self.assertEqual(res.json['actor']['username'], 'sheldon')
self.assertEqual(res.json['actor']['objectType'], 'person')
# Test deprecated unsubscribe user
def test_deprecated_unsubscribe_user(self):
"""
Given a request to the deprecated DELETE /people/{username}/subscriptions
When the request is processed
Then the request is rewrited as DELETE /contexts/{hash}/subscriptions
And the actor now is in the body
"""
from max.tests.mockers import create_context, subscribe_context
username = '******'
self.create_user(username)
res = self.create_context(create_context)
context_hash = res.json['hash']
self.admin_subscribe_user_to_context(username, subscribe_context)
res = self.testapp.delete('/people/%s/subscriptions/%s' % (username, context_hash), "", oauth2Header(test_manager), status=204)
rewrited_request = res.request
rewrited_request_url = urlparse.urlparse(rewrited_request.url).path
self.assertEqual(rewrited_request_url, '/contexts/{}/subscriptions/{}'.format(context_hash, username))
# Test deprecated create context activity
def test_deprecated_user_post_activity_to_context(self):
"""
Given a request to the deprecated POST /people/{username}/activities
And the request has a "contexts" parameter
When the request is processed
Then the request is rewrited as POST /contexts/{hash}/activities
And the actor is in the body
and object is preserved in the body
"""
from max.tests.mockers import create_context, subscribe_context
from max.tests.mockers import user_status_context as activity
username = '******'
self.create_user(username)
res = self.create_context(create_context)
context_hash = res.json['hash']
self.admin_subscribe_user_to_context(username, subscribe_context)
res = self.testapp.post('/people/%s/activities' % username, json.dumps(activity), oauth2Header(username), status=201)
rewrited_request = res.request
rewrited_request_url = urlparse.urlparse(rewrited_request.url).path
self.assertEqual(rewrited_request_url, '/contexts/{}/activities'.format(context_hash))
self.assertEqual(res.json['actor']['username'], 'sheldon')
self.assertEqual(res.json['actor']['objectType'], 'person')
self.assertIn('object', res.json)
def test_deprecated_user_post_activity_to_context_without_context(self):
"""
Given a request to the deprecated POST /people/{username}/activities
And the request doesn't have a "contexts" parameter
When the request is processed
Then the request remains untouched
"""
from max.tests.mockers import create_context, subscribe_context
from max.tests.mockers import user_status as activity
username = '******'
self.create_user(username)
res = self.create_context(create_context)
context_hash = res.json['hash']
self.admin_subscribe_user_to_context(username, subscribe_context)
res = self.testapp.post('/people/sheldon/activities', json.dumps(activity), oauth2Header(username), status=201)
rewrited_request = res.request
rewrited_request_url = urlparse.urlparse(rewrited_request.url).path
self.assertEqual(rewrited_request_url, '/people/sheldon/activities'.format(context_hash))
self.assertNotIn('contexts', res.json)
# Test depreacted join conversation
def test_deprecated_join_conversation(self):
"""
Given a request to the deprecated POST /people/{user}/conversations/{id}
When the request is processed
Then the request is rewrited as DELETE /conversations/{id}/participants
And the actor is in the body
"""
from max.tests.mockers import group_message as message
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
recipient3 = 'melendi'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
self.create_user(recipient3)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
res = self.testapp.post('/people/{}/conversations/{}'.format(recipient3, cid), '', oauth2Header(test_manager), status=201)
rewrited_request = res.request
rewrited_request_url = urlparse.urlparse(rewrited_request.url).path
self.assertEqual(rewrited_request_url, '/conversations/{}/participants'.format(cid))
self.assertEqual(res.json['actor']['username'], recipient3)
self.assertEqual(res.json['actor']['objectType'], 'person')
def test_deprecated_leave_conversation(self):
"""
Given a request to the deprecated DELETE /people/{user}/conversations/{id}
When the request is processed
Then the request is rewrited as DELETE /conversations/{id}/participants/{username}
And the url parameters are remapped
"""
from max.tests.mockers import group_message as message
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
res = self.testapp.delete('/people/{}/conversations/{}'.format(recipient2, cid), '', oauth2Header(test_manager), status=204)
rewrited_request = res.request
rewrited_request_url = urlparse.urlparse(rewrited_request.url).path
self.assertEqual(rewrited_request_url, '/conversations/{}/participants/{}'.format(cid, recipient2))
def test_deprecated_add_token(self):
"""
Given a request to the deprecated POST /people/{user}/device/{platform}/{token}
When the request is processed
Then the request is rewrited as POST /tokens
And the token is injected in the request body
And the platform is injected in the reqeust body
And the response contains a Person instead of a Token
"""
username = '******'
self.create_user(username)
token = '000000000000000000'
platform = 'ios'
res = self.testapp.post('/people/{}/device/{}/{}'.format(username, platform, token), '', headers=oauth2Header(username), status=201)
rewrited_request = res.request
rewrited_request_url = urlparse.urlparse(rewrited_request.url).path
self.assertEqual(rewrited_request_url, '/tokens')
self.assertEqual(res.json['username'], username)
self.assertEqual(res.json['objectType'], 'person')
def test_deprecated_delete_token(self):
"""
Given a request to the deprecated DELETE /people/{user}/device/{platform}/{token}
When the request is processed
Then the request is rewrited as DELETE /tokens/{token}
And the token is injected in the body
And the platform is injected in the body
"""
username = '******'
self.create_user(username)
token = '000000000000000000'
platform = 'ios'
self.testapp.post('/people/{}/device/{}/{}'.format(username, platform, token), '', headers=oauth2Header(username), status=201)
res = self.testapp.delete('/people/{}/device/{}/{}'.format(username, platform, token), '', headers=oauth2Header(username), status=204)
rewrited_request = res.request
rewrited_request_url = urlparse.urlparse(rewrited_request.url).path
self.assertEqual(rewrited_request_url, '/tokens/{}'.format(token))
def test_deprecated_sortBy_parameter(self):
"""
Given a plain user
When I query ativities using old sortBy parameter
I get the expected result
THIS TEST IS A DUPLICATE OF max.tests.test_timeline_order_sorted_by_last_comment_publish_date
ONLY TO TEST THE TRANSLATION OF THE SORTBY PARAMETER
"""
from .mockers import user_status, user_comment
username = '******'
self.create_user(username)
activity_ids = []
# Create 7 activities to overpass limit of 5
for i in range(7):
activity_ids.append(self.create_activity(username, user_status, note=str(i)).json['id'])
res = self.testapp.post('/activities/%s/comments' % str(activity_ids[0]), json.dumps(user_comment), oauth2Header(username), status=201)
# Get first 5 results
res = self.testapp.get('/people/%s/timeline?sortBy=comments&limit=5' % username, "", oauth2Header(username), status=200)
self.assertEqual(len(res.json), 5)
self.assertEqual(res.json[0].get('id', None), activity_ids[0])
self.assertEqual(res.json[1].get('id', None), activity_ids[6])
self.assertEqual(res.json[2].get('id', None), activity_ids[5])
self.assertEqual(res.json[3].get('id', None), activity_ids[4])
self.assertEqual(res.json[4].get('id', None), activity_ids[3])
# get next 2 results
res = self.testapp.get('/people/%s/timeline?sortBy=comments&limit=5&before=%s' % (username, activity_ids[3]), "", oauth2Header(username), status=200)
self.assertEqual(len(res.json), 2)
self.assertEqual(res.json[0].get('id', None), activity_ids[2])
self.assertEqual(res.json[1].get('id', None), activity_ids[1])
class FunctionalTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(__file__)
self.app = loadapp('config:tests.ini', relative_to=conf_dir)
self.reset_database(self.app)
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
def tearDown(self):
import pyramid.testing
pyramid.testing.tearDown()
def test_add_nonvisible_role(self):
username = '******'
self.create_user(username)
self.testapp.post('/admin/security/roles/%s/users/%s' % ('NonVisible', username), "", oauth2Header(test_manager), status=201)
# ############################################################################################################################
#
# !!! IMPORTANT INFO !!! All this tests are run with the max.restricted_user_visibility_mode=False in set the .ini
# Tests for NonVisible users WITH restricted_user_visibility live in test_restricted_user_visibility.py, wich uses a different .ini
#
# The tests on this file are the same tests on test_restricted_user_visibility.py but WITHOUT excluding the ones that test
# Users with shared contexts, And with different asserts, as here we have the restricted_user_visibility disabled,
# and shared subscriptions doesn't affect us
#
##############################################################################################################################
# Tests for listing people without sharing contexts (2 tests)
def test_get_people_as_a_nonvisible_user_without_subscriptions(self):
"""
Given i'm a nonvisible user
When I search users
Then I see everyone
"""
username_visible1 = 'user1'
username_visible2 = 'user2'
username_nonvisible1 = 'usernonvisible1'
username_nonvisible2 = 'usernonvisible2'
self.create_user(username_visible1)
self.create_user(username_visible2)
self.create_user(username_nonvisible1)
self.create_user(username_nonvisible2)
self.testapp.post('/admin/security/roles/%s/users/%s' % ('NonVisible', username_nonvisible1), "", oauth2Header(test_manager), status=201)
self.testapp.post('/admin/security/roles/%s/users/%s' % ('NonVisible', username_nonvisible2), "", oauth2Header(test_manager), status=201)
res = self.testapp.get('/people', "", oauth2Header(username_nonvisible1), status=200)
self.assertEqual(len(res.json), 4)
self.assertEqual(res.json[0]['username'], username_nonvisible2)
self.assertEqual(res.json[1]['username'], username_nonvisible1)
self.assertEqual(res.json[2]['username'], username_visible2)
self.assertEqual(res.json[3]['username'], username_visible1)
def test_get_people_as_visible_user_without_subscriptions(self):
"""
Given i'm a visible user
When I search users
Then I only see the visible ones
"""
username_visible1 = 'user1'
username_visible2 = 'user2'
username_nonvisible1 = 'usernonvisible1'
username_nonvisible2 = 'usernonvisible2'
self.create_user(username_visible1)
self.create_user(username_visible2)
self.create_user(username_nonvisible1)
self.create_user(username_nonvisible2)
self.testapp.post('/admin/security/roles/%s/users/%s' % ('NonVisible', username_nonvisible1), "", oauth2Header(test_manager), status=201)
self.testapp.post('/admin/security/roles/%s/users/%s' % ('NonVisible', username_nonvisible2), "", oauth2Header(test_manager), status=201)
res = self.testapp.get('/people', "", oauth2Header(username_visible1), status=200)
self.assertEqual(len(res.json), 2)
self.assertEqual(res.json[0]['username'], username_visible2)
self.assertEqual(res.json[1]['username'], username_visible1)
# Tests for start Conversations without sharing contexts (4 tests)
def test_start_conversation_with_visible_as_nonvisible_without_sharing_contexts(self):
from .mockers import message
"""
Given i'm a nonvisible person
When I try to start a conversation with a visible
Then I can start the conversation
"""
username_visible1 = 'user1'
username_nonvisible1 = 'usernonvisible1'
self.create_user(username_visible1)
self.create_user(username_nonvisible1)
message = deepcopy(message)
message['contexts'][0]['participants'] = [username_nonvisible1, username_visible1]
self.testapp.post('/admin/security/roles/%s/users/%s' % ('NonVisible', username_nonvisible1), "", oauth2Header(test_manager), status=201)
self.testapp.post('/conversations', json.dumps(message), oauth2Header(username_nonvisible1), status=201)
def test_start_conversation_with_nonvisible_as_nonvisible_without_sharing_contexts(self):
from .mockers import message
"""
Given i'm a nonvisible person
When I try to start a conversation with a nonvisible
Then I can start the conversation
"""
username_nonvisible1 = 'usernonvisible1'
username_nonvisible2 = 'usernonvisible2'
self.create_user(username_nonvisible1)
self.create_user(username_nonvisible2)
message = deepcopy(message)
message['contexts'][0]['participants'] = [username_nonvisible1, username_nonvisible2]
self.testapp.post('/admin/security/roles/%s/users/%s' % ('NonVisible', username_nonvisible1), "", oauth2Header(test_manager), status=201)
self.testapp.post('/admin/security/roles/%s/users/%s' % ('NonVisible', username_nonvisible2), "", oauth2Header(test_manager), status=201)
self.testapp.post('/conversations', json.dumps(message), oauth2Header(username_nonvisible1), status=201)
# In fact, this test is really a duplicate of some test in test_conversations, as
# all users implied in conversation are regular users. Leaving it here for coherence
def test_start_conversation_with_visible_as_visible_without_sharing_contexts(self):
from .mockers import message
"""
Given i'm a visible person
When I try to start a conversation with a visible
Then I can start the conversation
"""
username_visible1 = 'user1'
username_visible2 = 'user2'
self.create_user(username_visible1)
self.create_user(username_visible2)
message = deepcopy(message)
message['contexts'][0]['participants'] = [username_visible2, username_visible1]
self.testapp.post('/conversations', json.dumps(message), oauth2Header(username_visible1), status=201)
def test_start_conversation_with_nonvisible_as_visible_without_sharing_contexts(self):
from .mockers import message
"""
Given i'm a visible person
When I try to start a conversation with a nonvisible
Then I cannot start the conversation
"""
username_visible1 = 'user1'
username_nonvisible1 = 'usernonvisible1'
self.create_user(username_visible1)
self.create_user(username_nonvisible1)
message = deepcopy(message)
message['contexts'][0]['participants'] = [username_nonvisible1, username_visible1]
self.testapp.post('/admin/security/roles/%s/users/%s' % ('NonVisible', username_nonvisible1), "", oauth2Header(test_manager), status=201)
self.testapp.post('/conversations', json.dumps(message), oauth2Header(username_visible1), status=403)
class FunctionalTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(__file__)
self.app = loadapp("config:tests.ini", relative_to=conf_dir)
self.reset_database(self.app)
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch("requests.post", new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
def tearDown(self):
import pyramid.testing
pyramid.testing.tearDown()
# BEGIN TESTS
def test_create_user(self):
username = "******"
self.testapp.post("/people/%s" % username, "", oauth2Header(test_manager), status=201)
return username
def test_create_user_missing_username(self):
self.testapp.post("/people", json.dumps({}), oauth2Header(test_manager), status=400)
def test_create_user_creator_is_admin(self):
"""
Given an admin user
When I create a user
Then the creator must be the admin user
"""
username = "******"
res = self.testapp.post("/people/%s" % username, "", oauth2Header(test_manager), status=201)
self.assertEqual(res.json["creator"], test_manager)
def test_create_user_default_fields(self):
"""
Given an admin user
When I create a user
Then non-required fields with defaults are set
"""
username = "******"
res = self.testapp.post("/people/%s" % username, "", oauth2Header(test_manager), status=201)
self.assertIn("objectType", res.json)
self.assertIn("following", res.json)
self.assertIn("subscribedTo", res.json)
self.assertEqual(res.json["objectType"], "person")
def test_create_user_not_manager(self):
username = "******"
self.testapp.post("/people/%s" % username, "", oauth2Header("imnotallowed"), status=403)
def test_user_exist(self):
username = "******"
self.create_user(username)
res = self.testapp.post("/people/%s" % username, "", oauth2Header(test_manager), status=200)
result = json.loads(res.text)
self.assertEqual(result.get("username", None), "messi")
def test_create_same_user_case_insensitive(self):
username = "******"
username_case = "Messi"
self.create_user(username)
res = self.testapp.post("/people/%s" % username_case, "", oauth2Header(test_manager), status=200)
result = json.loads(res.text)
self.assertEqual(result.get("username", None), "messi")
def test_get_user(self):
""" Doctest .. http:get:: /people/{username} """
username = "******"
self.create_user(username)
res = self.testapp.get("/people/%s" % username, "", oauth2Header(username), status=200)
result = json.loads(res.text)
self.assertEqual(result.get("username", None), "messi")
self.assertIn("username", result)
self.assertIn("displayName", result)
self.assertIn("objectType", result)
self.assertGreater(len(result.keys()), 3)
def test_get_user_as_someone_else(self):
""" Doctest .. http:get:: /people/{username} """
username = "******"
usernamenotme = "xavi"
self.create_user(username)
self.create_user(usernamenotme)
res = self.testapp.get("/people/%s" % username, "", oauth2Header(usernamenotme), status=200)
result = json.loads(res.text)
self.assertEqual(result.get("username", None), "messi")
self.assertIn("username", result)
self.assertIn("displayName", result)
self.assertIn("objectType", result)
self.assertIn("published", result)
self.assertEqual(len(result.keys()), 4)
def test_get_user_case_insensitive(self):
""" Doctest .. http:get:: /people/{username} """
username = "******"
self.create_user(username)
res = self.testapp.get("/people/%s" % "MESSI", "", oauth2Header(username))
result = json.loads(res.text)
self.assertEqual(result.get("username", None), "messi")
def test_get_users_by_query_on_username(self):
""" Doctest .. http:get:: /people """
username = "******"
self.create_user(username)
res = self.testapp.get("/people", json.dumps({"username": username}), oauth2Header(username), status=200)
result = json.loads(res.text)
self.assertEqual(len(result), 1)
self.assertEqual(result[0].get("username", ""), username)
self.assertEqual(len(result[0].keys()), 4) # Check how many fields each result has
def test_get_users_by_query_on_displayName(self):
""" Doctest .. http:get:: /people """
username = "******"
self.create_user(username, displayName="Lionel Messi")
res = self.testapp.get("/people", json.dumps({"username": "******"}), oauth2Header(username), status=200)
result = json.loads(res.text)
self.assertEqual(len(result), 1)
self.assertEqual(result[0].get("username", ""), username)
self.assertEqual(len(result[0].keys()), 4) # Check how many fields each result has
def test_get_non_existent_user(self):
username = "******"
res = self.testapp.get("/people/%s" % username, "", oauth2Header(username), status=400)
result = json.loads(res.text)
self.assertEqual(result.get("error", None), "UnknownUserError")
def test_modify_user_one_parameter(self):
username = "******"
self.create_user(username)
res = self.testapp.put(
"/people/%s" % username, json.dumps({"displayName": "Lionel Messi"}), oauth2Header(username)
)
result = json.loads(res.text)
self.assertEqual(result.get("displayName", None), "Lionel Messi")
def test_modify_user_several_parameters(self):
""" Doctest .. http:put:: /people/{username} """
username = "******"
self.create_user(username)
res = self.testapp.put(
"/people/%s" % username,
json.dumps({"displayName": "Lionel Messi", "twitterUsername": "******"}),
oauth2Header(username),
)
result = json.loads(res.text)
self.assertEqual(result.get("displayName", None), "Lionel Messi")
self.assertEqual(result.get("twitterUsername", None), "leomessi")
def test_modify_user_several_parameters_twice(self):
username = "******"
self.create_user(username)
self.modify_user(username, {"displayName": "Lionel Messi"})
res = self.testapp.put(
"/people/%s" % username, json.dumps({"twitterUsername": "******"}), oauth2Header(username)
)
result = json.loads(res.text)
self.assertEqual(result.get("displayName", None), "Lionel Messi")
self.assertEqual(result.get("twitterUsername", None), "leomessi")
def test_modify_non_existent_user(self):
username = "******"
res = self.testapp.put(
"/people/%s" % username, json.dumps({"displayName": "Lionel Messi"}), oauth2Header(username), status=400
)
result = json.loads(res.text)
self.assertEqual(result.get("error", None), "UnknownUserError")
def test_get_all_users_with_regex(self):
username = "******"
self.create_user(username)
query = {"username": "******"}
res = self.testapp.get("/people", query, oauth2Header(username), status=200)
result = json.loads(res.text)
self.assertEqual(result[0].get("username", ""), username)
query = {"username": "******"}
res = self.testapp.get("/people", query, oauth2Header(username), status=200)
result = json.loads(res.text)
self.assertEqual(result[0].get("username", ""), username)
def test_search_users_filter_username_full(self):
username = "******"
self.create_user(username, displayName="Sheldon Cooper Coupé")
query = {"username": "******"}
res = self.testapp.get("/people", query, oauth2Header(username), status=200)
result = json.loads(res.text)
self.assertEqual(result[0].get("username", ""), username)
def test_search_users_filter_username_starting(self):
username = "******"
self.create_user(username, displayName="Sheldon Cooper Coupé")
query = {"username": "******"}
res = self.testapp.get("/people", query, oauth2Header(username), status=200)
result = json.loads(res.text)
self.assertEqual(result[0].get("username", ""), username)
def test_search_users_filter_username_ending(self):
username = "******"
self.create_user(username, displayName="Sheldon Cooper Coupé")
query = {"username": "******"}
res = self.testapp.get("/people", query, oauth2Header(username), status=200)
result = json.loads(res.text)
self.assertEqual(result[0].get("username", ""), username)
def test_search_users_filter_username_partial(self):
username = "******"
self.create_user(username, displayName="Sheldon Cooper Coupé")
query = {"username": "******"}
res = self.testapp.get("/people", query, oauth2Header(username), status=200)
result = json.loads(res.text)
self.assertEqual(result[0].get("username", ""), username)
def test_search_users_filter_displayName_with_case(self):
username = "******"
self.create_user(username, displayName="Sheldon Cooper Coupé")
query = {"username": "******"}
res = self.testapp.get("/people", query, oauth2Header(username), status=200)
result = json.loads(res.text)
self.assertEqual(result[0].get("username", ""), username)
def test_search_users_filter_displayName_accented(self):
username = "******"
self.create_user(username, displayName="Sheldon Cooper Coupé")
query = {"username": "******"}
res = self.testapp.get("/people", query, oauth2Header(username), status=200)
result = json.loads(res.text)
self.assertEqual(result[0].get("username", ""), username)
def test_search_users_filter_displayName_non_accented(self):
"""
Accented username or displayname parts can only be searched with the accent provided.
"""
username = "******"
self.create_user(username, displayName="Sheldon Cooper Coupé")
query = {"username": "******"}
res = self.testapp.get("/people", query, oauth2Header(username), status=200)
result = json.loads(res.text)
self.assertEqual(len(result), 0)
def test_get_all_users_with_regex_weird(self):
username1 = "victor.fernandez"
self.create_user(username1)
username2 = "victor.fernandez.altable"
self.create_user(username2)
query = {"username": username1}
res = self.testapp.get("/people", query, oauth2Header(username1), status=200)
result = json.loads(res.text)
self.assertEqual(len(result), 2)
query = {"username": username2}
res = self.testapp.get("/people", query, oauth2Header(username2), status=200)
result = json.loads(res.text)
self.assertEqual(len(result), 1)
def test_create_own_user(self):
username = "******"
self.testapp.post("/people/%s" % username, "", oauth2Header(username), status=201)
class AvatarsACLTests(unittest.TestCase, MaxTestBase, MaxAvatarsTestBase):
def setUp(self):
self.conf_dir = os.path.dirname(os.path.dirname(__file__))
self.app = loadapp('config:tests.ini', relative_to=self.conf_dir)
self.app.registry.max_store.drop_collection('users')
self.app.registry.max_store.drop_collection('activity')
self.app.registry.max_store.drop_collection('contexts')
self.app.registry.max_store.drop_collection('security')
self.app.registry.max_store.drop_collection('conversations')
self.app.registry.max_store.drop_collection('messages')
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
MaxAvatarsTestBase.setUp(self)
def tearDown(self):
"""
Deletes test avatar folder with all test images
"""
self.patched_post.stop()
MaxAvatarsTestBase.tearDown(self)
# Add person avatar tests
def test_add_user_avatar(self):
"""
Given i'm a regular user
When i try to update my avatar
I succeed
"""
username = '******'
self.create_user(username)
avatar_file = open(os.path.join(self.conf_dir, "avatar.png"), "rb")
files = [('image', 'avatar.png', avatar_file.read(), 'image/png')]
self.testapp.post('/people/{}/avatar'.format(username), '', headers=oauth2Header(username), upload_files=files, status=201)
def test_add_user_avatar_as_manager(self):
"""
Given i'm a regular user
When i try to update my avatar
I succeed
"""
username = '******'
self.create_user(username)
avatar_file = open(os.path.join(self.conf_dir, "avatar.png"), "rb")
files = [('image', 'avatar.png', avatar_file.read(), 'image/png')]
self.testapp.post('/people/{}/avatar'.format(username), '', headers=oauth2Header(test_manager), upload_files=files, status=201)
def test_add_other_user_avatar(self):
"""
Given i'm a regular user
When i try to update another user's avatar
I get a Forbidden Exception
"""
username = '******'
self.create_user(username)
other = 'penny'
self.create_user(other)
avatar_file = open(os.path.join(self.conf_dir, "avatar.png"), "rb")
files = [('image', 'avatar.png', avatar_file.read(), 'image/png')]
self.testapp.post('/people/{}/avatar'.format(username), '', headers=oauth2Header(other), upload_files=files, status=403)
# Get person avatar tests, Large avatars acl's are not tested as is the same endpoint
def test_get_user_avatar_unauthenticated(self):
"""
Given i'm a unauthenticated user
When I try to get a user avatar
I succeed
"""
username = '******'
self.create_user(username)
self.upload_user_avatar(username, "avatar.png")
self.testapp.get('/people/%s/avatar' % username, '', {}, status=200)
# Get twitter avatar tests
def test_get_twitter_avatar_unauthenticated(self):
"""
Given i'm a unauthenticated user
When I try to get a context avatar coming from twitter
I succeed
"""
from hashlib import sha1
from max.tests.mockers import create_context_full
avatar_image = os.path.join(self.conf_dir, "avatar.png")
http_mock_twitter_user_image(avatar_image)
self.testapp.post('/contexts', json.dumps(create_context_full), oauth2Header(test_manager), status=201)
url_hash = sha1(create_context_full['url']).hexdigest()
self.testapp.get('/contexts/%s/avatar' % url_hash, '', {}, status=200)
# Get conversation avatar tests
def test_get_conversation_avatar_unauthenticated(self):
"""
Given i'm a unauthenticated user
When I try to get a user avatar
I succeed
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.upload_user_avatar(sender, "avatar.png")
self.testapp.get('/conversations/%s/avatar' % cid, '', {}, status=200)
class AvatarTests(unittest.TestCase, MaxTestBase, MaxAvatarsTestBase):
"""
Tests to check the uploading, downlading and retrieving of all
avatar types used in max, included the ones coming from twitter.
"""
def setUp(self):
self.conf_dir = os.path.dirname(__file__)
self.app = loadapp('config:tests.ini', relative_to=self.conf_dir)
self.reset_database(self.app)
self.app.registry.max_store.security.insert(test_default_security)
self.app.registry.max_store.cloudapis.insert(test_cloudapis)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.patched_get = patch('requests.get', new=partial(mock_get, self))
self.patched_get.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
MaxAvatarsTestBase.setUp(self)
def tearDown(self):
"""
Deletes test avatar folder with all test images
"""
self.patched_post.stop()
self.patched_get.stop()
MaxAvatarsTestBase.tearDown(self)
# BEGIN TESTS
def test_upload_user_avatar(self):
"""
Given a user without avatar
When I upload an image for that user
Then a normal 48x48 image is stored in the correct avatar folder
And a large 250x250 image is stored in the correct avatar folder
"""
username = '******'
self.create_user(username)
avatar_file = open(os.path.join(self.conf_dir, "avatar.png"), "rb")
files = [('image', 'avatar.png', avatar_file.read(), 'image/png')]
self.testapp.post('/people/{}/avatar'.format(username), '', headers=oauth2Header(username), upload_files=files, status=201)
self.assertEqual(self.get_user_avatar_dimensions(username), (48, 48))
self.assertEqual(self.get_user_avatar_dimensions(username, 'large'), (250, 250))
def test_invalid_upload_user_avatar(self):
"""
Given a user without avatar
When I upload an image for that user on the json body
I get an error
"""
username = '******'
self.create_user(username)
self.testapp.post('/people/{}/avatar'.format(username), '', headers=oauth2Header(username), status=400)
def test_get_user_avatar(self):
"""
Given a user with avatar
When I retrieve the avatar
Then I get the 48x48 version of that avatar
"""
username = '******'
self.create_user(username)
self.upload_user_avatar(username, "avatar.png")
response = self.testapp.get('/people/%s/avatar' % username, '', {}, status=200)
self.assertIn('image', response.content_type)
self.assertEqual(self.get_image_dimensions_from(response), (48, 48))
def test_get_user_avatar_large(self):
"""
Given a user without avatar
When I retrieve the large avatar
Then I get the 250x250 version of that avatar
"""
username = '******'
self.create_user(username)
self.upload_user_avatar(username, "avatar.png")
response = self.testapp.get('/people/%s/avatar/%s' % (username, 'large'), '', {}, status=200)
self.assertIn('image', response.content_type)
self.assertIn('image', response.content_type)
self.assertEqual(self.get_image_dimensions_from(response), (250, 250))
def test_get_user_avatar_large_missing_named_size(self):
"""
Given a user without avatar
When I retrieve the large avatar
And the large avatars has disappeared
Then I get the 48x48 version of that avatar
"""
username = '******'
self.create_user(username)
self.upload_user_avatar(username, "avatar.png")
avatar_folder = get_avatar_folder(self.avatar_folder, 'people', username, size='large')
os.remove('{}/{}'.format(avatar_folder, username))
response = self.testapp.get('/people/%s/avatar/%s' % (username, 'large'), '', {}, status=200)
self.assertIn('image', response.content_type)
self.assertIn('image', response.content_type)
self.assertEqual(self.get_image_dimensions_from(response), (48, 48))
def test_get_user_avatar_large_missing_all(self):
"""
Given a user without avatar
When I retrieve the large avatar
And the large avatars has disappeared
Then I get the 48x48 version of that avatar
"""
username = '******'
self.create_user(username)
self.upload_user_avatar(username, "avatar.png")
avatar_folder = get_avatar_folder(self.avatar_folder, 'people', username, size='large')
os.remove('{}/{}'.format(avatar_folder, username))
avatar_folder = get_avatar_folder(self.avatar_folder, 'people', username)
os.remove('{}/{}'.format(avatar_folder, username))
response = self.testapp.get('/people/%s/avatar/%s' % (username, 'large'), '', {}, status=200)
self.assertIn('image', response.content_type)
self.assertIn('image', response.content_type)
self.assertEqual(self.get_image_dimensions_from(response), (48, 48))
@httpretty.activate
@patch('tweepy.API', MockTweepyAPI)
def test_get_context_twitter_download_avatar(self):
"""
Given a context with twitter username
When i retrieve the context's avatar
Then the twitter's user avatar is downloaded and stored
"""
from hashlib import sha1
from .mockers import create_context_full
avatar_image = os.path.join(self.conf_dir, "avatar.png")
http_mock_twitter_user_image(avatar_image)
self.testapp.post('/contexts', json.dumps(create_context_full), oauth2Header(test_manager), status=201)
url_hash = sha1(create_context_full['url']).hexdigest()
response = self.testapp.get('/contexts/%s/avatar' % url_hash, '', {}, status=200)
self.assertEqual(self.get_image_dimensions_from(response), (98, 98))
avatar_folder = get_avatar_folder(self.avatar_folder, 'contexts', url_hash)
self.assertFileExists(os.path.join(avatar_folder, url_hash))
@httpretty.activate
@patch('tweepy.API', new=partial(MockTweepyAPI, fail=True))
def test_get_context_twitter_download_error_from_twitter_avatar(self):
"""
Given a context with twitter username
When i retrieve the context's avatar
And some error happens when talking to twitter
Then the twitter's user avatar is not downloaded nor stored
And the default image is retrieved
"""
from hashlib import sha1
from .mockers import create_context_full
avatar_image = os.path.join(self.conf_dir, "avatar.png")
http_mock_twitter_user_image(avatar_image)
self.testapp.post('/contexts', json.dumps(create_context_full), oauth2Header(test_manager), status=201)
url_hash = sha1(create_context_full['url']).hexdigest()
response = self.testapp.get('/contexts/%s/avatar' % url_hash, '', {}, status=200)
self.assertEqual(self.get_image_dimensions_from(response), (48, 48))
self.assertFileNotExists(os.path.join(self.avatar_folder, '{}.png'.format(url_hash)))
def test_get_context_twitter_avatar_inexistent_context(self):
"""
Given an unexisting context
When i retrieve the context's avatar
Then i get a NotFound error
And no image is retrieved
"""
self.testapp.get('/contexts/%s/avatar' % '000000000000000000', '', {}, status=404)
@httpretty.activate
@patch('tweepy.API', MockTweepyAPI)
def test_get_context_twitter_avatar_already_downloaded(self):
"""
Given a context with twitter username
When i retrieve the context's avatar
And the image has just been retrieved
Then the twitter's user avatar is not downloaded again
And the existing image is returned
"""
from hashlib import sha1
from .mockers import create_context_full
avatar_image = os.path.join(self.conf_dir, "avatar.png")
http_mock_twitter_user_image(avatar_image)
self.testapp.post('/contexts', json.dumps(create_context_full), oauth2Header(test_manager), status=201)
url_hash = sha1(create_context_full['url']).hexdigest()
self.testapp.get('/contexts/%s/avatar' % url_hash, '', {}, status=200)
old_mod_date = self.get_context_avatar_modification_time(url_hash)
self.testapp.get('/contexts/%s/avatar' % url_hash, '', {}, status=200)
new_mod_date = self.get_context_avatar_modification_time(url_hash)
self.assertEqual(old_mod_date, new_mod_date)
@httpretty.activate
@patch('tweepy.API', MockTweepyAPI)
def test_get_context_twitter_avatar_redownload_previous(self):
"""
Given a context with twitter username
When i retrieve the context's avatar
And the image has not been retrieved for at least 4 hours
Then the twitter's user avatar is redownloaded
And the new image is returned
"""
from hashlib import sha1
from .mockers import create_context_full
avatar_image = os.path.join(self.conf_dir, "avatar.png")
http_mock_twitter_user_image(avatar_image)
self.testapp.post('/contexts', json.dumps(create_context_full), oauth2Header(test_manager), status=201)
url_hash = sha1(create_context_full['url']).hexdigest()
self.testapp.get('/contexts/%s/avatar' % url_hash, '', {}, status=200)
self.rewind_context_avatar_mod_time(url_hash, hours=4)
rewinded_mod_date = self.get_context_avatar_modification_time(url_hash)
self.testapp.get('/contexts/%s/avatar' % url_hash, '', {}, status=200)
new_mod_date = self.get_context_avatar_modification_time(url_hash)
self.assertNotEqual(rewinded_mod_date, new_mod_date)
class FunctionalTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(__file__)
self.app = loadapp('config:tests.ini', relative_to=conf_dir)
self.reset_database(self.app)
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
# BEGIN TESTS
def test_create_context_with_notifications(self):
""" doctests .. http:post:: /contexts"""
from .mockers import create_context_post_notifications as create_context
new_context = dict(create_context)
res = self.testapp.post('/contexts', json.dumps(new_context), oauth2Header(test_manager), status=201)
self.assertEqual(res.json['notifications'], 'posts')
def test_delete_context_with_notifications_removes_subscriptions(self):
"""
"""
from .mockers import subscribe_context
from .mockers import create_context_post_notifications as create_context
from .mockers import user_status_context
from hashlib import sha1
username = '******'
self.create_user(username)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
self.create_activity(username, user_status_context)
url_hash = sha1(create_context['url']).hexdigest()
self.testapp.delete('/contexts/%s' % url_hash, "", oauth2Header(test_manager), status=204)
res = self.testapp.get('/people/%s' % username, "", oauth2Header(username))
result = json.loads(res.text)
self.assertEqual(result.get('username', None), 'messi')
self.assertEqual(len(result.get('subscribedTo', [])), 0)
return url_hash
def test_subscribe_user_to_context_with_notifications(self):
"""
"""
from .mockers import create_context_post_notifications as create_context
from .mockers import subscribe_context
from hashlib import sha1
username = '******'
url_hash = sha1(create_context['url']).hexdigest()
self.create_user(username)
self.create_context(create_context, permissions=dict(read='public', write='restricted', subscribe='restricted', invite='restricted'))
self.testapp.post('/people/%s/subscriptions' % username, json.dumps(subscribe_context), oauth2Header(test_manager), status=201)
res = self.testapp.get('/people/%s/subscriptions' % username, json.dumps(subscribe_context), oauth2Header(username), status=200)
self.assertEqual(res.json[0]['notifications'], 'posts')
return url_hash, username
def test_unsubscribe_user_from_context_with_notifications(self):
"""
"""
from .mockers import create_context_post_notifications as create_context
from .mockers import subscribe_context
from hashlib import sha1
username = '******'
url_hash = sha1(create_context['url']).hexdigest()
self.create_user(username)
self.create_context(create_context, permissions=dict(read='public', write='restricted', subscribe='restricted', invite='restricted'))
self.testapp.post('/people/%s/subscriptions' % username, json.dumps(subscribe_context), oauth2Header(test_manager), status=201)
res = self.testapp.delete('/people/%s/subscriptions/%s' % (username, url_hash), {}, oauth2Header(test_manager), status=204)
res = self.testapp.get('/people/%s/subscriptions' % username, json.dumps(subscribe_context), oauth2Header(username), status=200)
self.assertEqual(len(res.json), 0)
return url_hash, username
def test_post_activity_on_context_with_notifications(self):
""" Post an activity to a context which needs the user to be subscribed to read and write
and we have previously subscribed the user.
"""
from .mockers import subscribe_context
from .mockers import create_context_post_notifications as create_context
from .mockers import user_status_context
from hashlib import sha1
username = '******'
url_hash = sha1(create_context['url']).hexdigest()
self.create_user(username)
context_permissions = dict(read='subscribed', write='subscribed', subscribe='restricted', invite='restricted')
self.create_context(create_context, permissions=context_permissions)
self.admin_subscribe_user_to_context(username, subscribe_context)
res = self.create_activity(username, user_status_context)
result = json.loads(res.text)
self.assertEqual(result.get('actor', None).get('username', None), 'messi')
self.assertEqual(result.get('object', None).get('objectType', None), 'note')
self.assertEqual(result.get('contexts', None)[0]['url'], subscribe_context['object']['url'])
self.assertEqual(result.get('contexts', None)[0]['notifications'], 'posts')
return url_hash, username, user_status_context
def test_post_comment_with_comments_notification(self):
""" doctest .. http:post:: /activities/{activity}/comments """
from .mockers import user_status_context, user_comment
from .mockers import subscribe_context
from .mockers import create_context_comments_notifications as create_context
from hashlib import sha1
username = '******'
url_hash = sha1(create_context['url']).hexdigest()
self.create_user(username)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
activity = self.create_activity(username, user_status_context)
activity = activity.json
res = self.testapp.post('/activities/%s/comments' % str(activity.get('id')), json.dumps(user_comment), oauth2Header(username), status=201)
result = res.json
self.assertEqual(result.get('actor', None).get('username', None), 'messi')
self.assertEqual(result.get('object', None).get('objectType', None), 'comment')
self.assertEqual(result.get('object', None).get('inReplyTo', None)[0].get('id'), str(activity.get('id')))
# add information needed by rabbit tests
return url_hash, username, activity, result
class FunctionalTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(__file__)
self.app = loadapp('config:tests.ini', relative_to=conf_dir)
self.reset_database(self.app)
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
# BEGIN TESTS
def test_like_activity(self):
"""
Given a plain user
and a regular context
When i post an activity in a context
Then someone else can like this activity
"""
from .mockers import user_status_context
from .mockers import subscribe_context, create_context
username = '******'
username_not_me = 'xavi'
self.create_user(username)
self.create_user(username_not_me)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
self.admin_subscribe_user_to_context(username_not_me, subscribe_context)
res = self.create_activity(username, user_status_context)
activity_id = res.json['id']
res = self.testapp.post('/activities/%s/likes' % activity_id, '', oauth2Header(username_not_me), status=201)
activity = self.testapp.get('/activities/%s' % activity_id, '', oauth2Header(username), status=200)
self.assertEqual(res.json['object']['likes'][0]['username'], username_not_me)
self.assertEqual(res.json['object']['liked'], True)
self.assertEqual(res.json['object']['likesCount'], 1)
self.assertEqual(activity.json['likes'][0]['username'], username_not_me)
self.assertEqual(activity.json['liked'], False)
self.assertEqual(activity.json['likesCount'], 1)
def test_like_already_liked_activity(self):
"""
Given a plain user
and a regular context
When i post an activity in a context
And someone likes this activity
Then this someone else can't like twice this activity
"""
from .mockers import user_status_context
from .mockers import subscribe_context, create_context
username = '******'
username_not_me = 'xavi'
self.create_user(username)
self.create_user(username_not_me)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
self.admin_subscribe_user_to_context(username_not_me, subscribe_context)
res = self.create_activity(username, user_status_context)
activity_id = res.json['id']
res = self.testapp.post('/activities/%s/likes' % activity_id, '', oauth2Header(username_not_me), status=201)
res = self.testapp.post('/activities/%s/likes' % activity_id, '', oauth2Header(username_not_me), status=200)
self.assertEqual(res.json['object']['likes'][0]['username'], username_not_me)
self.assertEqual(res.json['object']['liked'], True)
self.assertEqual(res.json['object']['likesCount'], 1)
def test_unlike_activity(self):
"""
Given a plain user
and a regular context
When i post an activity in a context
Then i can remove previously like mark from this activity
"""
from .mockers import user_status_context
from .mockers import subscribe_context, create_context
username = '******'
username_not_me = 'xavi'
self.create_user(username)
self.create_user(username_not_me)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
self.admin_subscribe_user_to_context(username_not_me, subscribe_context)
res = self.create_activity(username, user_status_context)
activity_id = res.json['id']
self.testapp.post('/activities/%s/likes' % activity_id, '', oauth2Header(username_not_me), status=201)
self.testapp.delete('/activities/%s/likes/%s' % (activity_id, username_not_me), '', oauth2Header(username_not_me), status=204)
activity = self.testapp.get('/activities/%s' % activity_id, '', oauth2Header(username), status=200)
self.assertEqual(activity.json['likes'], [])
self.assertEqual(activity.json['liked'], False)
self.assertEqual(activity.json['likesCount'], 0)
def test_like_activity_by_various(self):
"""
Given a plain user
and a regular context
When i post an activity in a context
Then someone else can like this activity
and i also can like it
"""
from .mockers import user_status_context
from .mockers import subscribe_context, create_context
username = '******'
username_not_me = 'xavi'
self.create_user(username)
self.create_user(username_not_me)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
self.admin_subscribe_user_to_context(username_not_me, subscribe_context)
res = self.create_activity(username, user_status_context)
activity_id = res.json['id']
res = self.testapp.post('/activities/%s/likes' % activity_id, '', oauth2Header(username_not_me), status=201)
res = self.testapp.post('/activities/%s/likes' % activity_id, '', oauth2Header(username), status=201)
self.assertEqual(res.json['object']['likes'][0]['username'], username_not_me)
self.assertEqual(res.json['object']['likes'][1]['username'], username)
self.assertEqual(res.json['object']['liked'], True)
self.assertEqual(res.json['object']['likesCount'], 2)
def test_unlike_activity_get_other_likes(self):
"""
Given a plain user
and a regular context
When i post an activity in a context
And varius users like it
And someone unlike it
Then someone who unlike this activity
and the rest of likes remains
"""
from .mockers import user_status_context
from .mockers import subscribe_context, create_context
username = '******'
username_not_me = 'xavi'
self.create_user(username)
self.create_user(username_not_me)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
self.admin_subscribe_user_to_context(username_not_me, subscribe_context)
res = self.create_activity(username, user_status_context)
activity_id = res.json['id']
res = self.testapp.post('/activities/%s/likes' % activity_id, '', oauth2Header(username_not_me), status=201)
res = self.testapp.post('/activities/%s/likes' % activity_id, '', oauth2Header(username), status=201)
res = self.testapp.delete('/activities/%s/likes/%s' % (activity_id, username_not_me), '', oauth2Header(username_not_me), status=204)
activity = self.testapp.get('/activities/%s' % activity_id, '', oauth2Header(username), status=200)
self.assertEqual(activity.json['likes'][0]['username'], username)
self.assertEqual(activity.json['liked'], True)
self.assertEqual(activity.json['likesCount'], 1)
def test_likes_sorting_1(self):
"""
Test without liked objects, sort order must be by descending
published date of the activities
"""
from .mockers import user_status_context
from .mockers import subscribe_context, create_context
page_size = 3
# Store the ids of all created activities. First is the oldest
activities = []
self.create_context(create_context)
for i in range(1, 7):
username = '******'.format(i)
self.create_user(username)
self.admin_subscribe_user_to_context(username, subscribe_context)
res = self.create_activity(username, user_status_context)
activities.append(res.json['id'])
firstpage = self.testapp.get('/people/%s/timeline?limit=%d&sort=likes' % ("user1", page_size), "", oauth2Header("user1"), status=200)
self.assertEqual(len(firstpage.json), 3)
self.assertEqual(firstpage.json[0]['likesCount'], 0)
self.assertEqual(firstpage.json[0]['id'], activities[5])
self.assertEqual(firstpage.json[1]['likesCount'], 0)
self.assertEqual(firstpage.json[1]['id'], activities[4])
self.assertEqual(firstpage.json[2]['likesCount'], 0)
self.assertEqual(firstpage.json[2]['id'], activities[3])
secondpage = self.testapp.get('/people/%s/timeline?sort=likes&limit=%d&before=%s' % ("user1", page_size, activities[3]), "", oauth2Header("user1"), status=200)
self.assertEqual(len(secondpage.json), 3)
self.assertEqual(secondpage.json[0]['likesCount'], 0)
self.assertEqual(secondpage.json[0]['id'], activities[2])
self.assertEqual(secondpage.json[1]['likesCount'], 0)
self.assertEqual(secondpage.json[1]['id'], activities[1])
self.assertEqual(secondpage.json[2]['likesCount'], 0)
self.assertEqual(secondpage.json[2]['id'], activities[0])
def test_likes_sorting_2(self):
"""
Test with all activities liked once, sort order must be by descending
date of the last time that the activity was liked.
"""
from .mockers import user_status_context
from .mockers import subscribe_context, create_context
page_size = 3
# Store the ids of all created activities. First is the oldest
activities = []
self.create_context(create_context)
# Create 6 users, post an activity with each one and self-like it
for i in range(1, 7):
username = '******'.format(i)
self.create_user(username)
self.admin_subscribe_user_to_context(username, subscribe_context)
res = self.create_activity(username, user_status_context)
activities.append(res.json['id'])
self.like_activity(username, activities[0])
self.like_activity(username, activities[3])
self.like_activity(username, activities[1])
self.like_activity(username, activities[5])
self.like_activity(username, activities[4])
self.like_activity(username, activities[2])
firstpage = self.testapp.get('/people/%s/timeline?limit=%d&sort=likes' % ("user1", page_size), "", oauth2Header("user1"), status=200)
self.assertEqual(len(firstpage.json), 3)
self.assertEqual(firstpage.json[0]['likesCount'], 1)
self.assertEqual(firstpage.json[0]['id'], activities[2])
self.assertEqual(firstpage.json[1]['likesCount'], 1)
self.assertEqual(firstpage.json[1]['id'], activities[4])
self.assertEqual(firstpage.json[2]['likesCount'], 1)
self.assertEqual(firstpage.json[2]['id'], activities[5])
secondpage = self.testapp.get('/people/%s/timeline?sort=likes&limit=%d&before=%s' % ("user1", page_size, activities[5]), "", oauth2Header("user1"), status=200)
self.assertEqual(len(secondpage.json), 3)
self.assertEqual(secondpage.json[0]['likesCount'], 1)
self.assertEqual(secondpage.json[0]['id'], activities[1])
self.assertEqual(secondpage.json[1]['likesCount'], 1)
self.assertEqual(secondpage.json[1]['id'], activities[3])
self.assertEqual(secondpage.json[2]['likesCount'], 1)
self.assertEqual(secondpage.json[2]['id'], activities[0])
def test_timeline_by_likes_paginated_same_likes_span(self):
"""
Test likes sorting when activities with the same likes span trough
more than one page, having pages with activities with targeted likeCount
in the bottom of page, and other on top
"""
from .mockers import user_status_context
from .mockers import subscribe_context, create_context
# Store the ids of all created activities. First is the oldest
activities = []
self.create_context(create_context)
# Create 10 users, subscribe to a context and write a post for each one
for i in range(1, 11):
username = '******'.format(i)
self.create_user(username)
self.admin_subscribe_user_to_context(username, subscribe_context)
res = self.create_activity(username, user_status_context)
activities.append(res.json['id'])
# Like activities so activities with 3 likes spans trough pages 1,2 and 3
self.like_activity('user1', activities[0])
self.like_activity('user2', activities[0])
self.like_activity('user3', activities[0])
self.like_activity('user4', activities[0])
self.like_activity('user5', activities[0])
self.like_activity('user1', activities[1])
self.like_activity('user2', activities[1])
self.like_activity('user3', activities[1])
self.like_activity('user4', activities[1])
time.sleep(1)
self.like_activity('user1', activities[2])
self.like_activity('user2', activities[2])
self.like_activity('user3', activities[2])
time.sleep(1)
self.like_activity('user1', activities[3])
self.like_activity('user2', activities[3])
self.like_activity('user3', activities[3])
time.sleep(1)
self.like_activity('user1', activities[4])
self.like_activity('user2', activities[4])
self.like_activity('user3', activities[4])
time.sleep(1)
self.like_activity('user1', activities[5])
self.like_activity('user2', activities[5])
self.like_activity('user3', activities[5])
time.sleep(1)
self.like_activity('user1', activities[6])
self.like_activity('user2', activities[6])
self.like_activity('user3', activities[6])
self.like_activity('user1', activities[7])
self.like_activity('user2', activities[7])
self.like_activity('user1', activities[8])
firstpage = self.testapp.get('/people/%s/timeline?sort=likes&limit=3' % "user1", "", oauth2Header("user1"), status=200)
self.assertEqual(len(firstpage.json), 3)
self.assertEqual(firstpage.json[0]['likesCount'], 5)
self.assertEqual(firstpage.json[0]['id'], activities[0])
self.assertEqual(firstpage.json[1]['likesCount'], 4)
self.assertEqual(firstpage.json[1]['id'], activities[1])
self.assertEqual(firstpage.json[2]['likesCount'], 3)
self.assertEqual(firstpage.json[2]['id'], activities[6])
secondpage = self.testapp.get('/people/%s/timeline?sort=likes&limit=3&before=%s' % ("user1", activities[6]), "", oauth2Header("user1"), status=200)
self.assertEqual(len(secondpage.json), 3)
self.assertEqual(secondpage.json[0]['likesCount'], 3)
self.assertEqual(secondpage.json[0]['id'], activities[5])
self.assertEqual(secondpage.json[1]['likesCount'], 3)
self.assertEqual(secondpage.json[1]['id'], activities[4])
self.assertEqual(secondpage.json[2]['likesCount'], 3)
self.assertEqual(secondpage.json[2]['id'], activities[3])
thirdpage = self.testapp.get('/people/%s/timeline?sort=likes&limit=3&before=%s' % ("user1", activities[3]), "", oauth2Header("user1"), status=200)
self.assertEqual(len(thirdpage.json), 3)
self.assertEqual(thirdpage.json[0]['likesCount'], 3)
self.assertEqual(thirdpage.json[0]['id'], activities[2])
self.assertEqual(thirdpage.json[1]['likesCount'], 2)
self.assertEqual(thirdpage.json[1]['id'], activities[7])
self.assertEqual(thirdpage.json[2]['likesCount'], 1)
self.assertEqual(thirdpage.json[2]['id'], activities[8])
fourthpage = self.testapp.get('/people/%s/timeline?sort=likes&limit=3&before=%s' % ("user1", activities[8]), "", oauth2Header("user1"), status=200)
self.assertEqual(len(fourthpage.json), 1)
self.assertEqual(fourthpage.json[0]['likesCount'], 0)
self.assertEqual(fourthpage.json[0]['id'], activities[9])
class FunctionalTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(__file__)
self.app = loadapp('config:tests.ini', relative_to=conf_dir)
self.reset_database(self.app)
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
# BEGIN TESTS
def test_add_public_context_with_valid_parameters_that_needs_formating(self):
"""
Test formatters acting correctly by testing the extraction of the "@" and "#"
on receiving a twitter @username and #hashtag containing extra chars (@,# and trailing/leading whitespace)
"""
from .mockers import create_context_full
new_context = dict(create_context_full)
new_context['twitterUsername'] = '******' % create_context_full['twitterUsername']
new_context['twitterHashtag'] = ' #%s' % create_context_full['twitterHashtag']
res = self.testapp.post('/contexts', json.dumps(new_context), oauth2Header(test_manager), status=201)
result = json.loads(res.text)
self.assertEqual(result.get('twitterUsername', None), create_context_full['twitterUsername'])
self.assertEqual(result.get('twitterHashtag', None), create_context_full['twitterHashtag'])
def test_modify_public_context_with_valid_parameters_that_need_formating(self):
"""
Test validation failure on receiving a invalid twitter username
"""
from .mockers import create_context_full
from hashlib import sha1
res = self.testapp.post('/contexts', json.dumps(create_context_full), oauth2Header(test_manager), status=201)
url_hash = sha1(create_context_full['url']).hexdigest()
res = self.testapp.put('/contexts/%s' % url_hash, json.dumps({"twitterUsername": "******", "twitterHashtag": "#atenea"}), oauth2Header(test_manager), status=200)
result = json.loads(res.text)
self.assertEqual(result.get('twitterUsername', None), 'maxupcnet')
self.assertEqual(result.get('twitterHashtag', None), 'atenea')
def test_add_public_context_with_bad_twitter_username(self):
"""
Test validation failure on receiving a invalid twitter username
"""
from .mockers import create_context_full
bad_context = dict(create_context_full)
bad_context['twitterUsername'] = '******'
res = self.testapp.post('/contexts', json.dumps(bad_context), oauth2Header(test_manager), status=400)
result = json.loads(res.text)
self.assertEqual(result.get('error', None), 'ValidationError')
def test_add_public_context_with_bad_hashtag(self):
"""
Test validation failure on receiving a invalid twitter hashtag
"""
from .mockers import create_context_full
bad_context = dict(create_context_full)
bad_context['twitterHashtag'] = '##badhashtag'
res = self.testapp.post('/contexts', json.dumps(bad_context), oauth2Header(test_manager), status=400)
result = json.loads(res.text)
self.assertEqual(result.get('error', None), 'ValidationError')
class SubscriptionsACLTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(os.path.dirname(__file__))
self.app = loadapp('config:tests.ini', relative_to=conf_dir)
self.app.registry.max_store.drop_collection('users')
self.app.registry.max_store.drop_collection('activity')
self.app.registry.max_store.drop_collection('contexts')
self.app.registry.max_store.drop_collection('security')
self.app.registry.max_store.drop_collection('conversations')
self.app.registry.max_store.drop_collection('messages')
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
# Create subscription tests
def test_subscribe_user_to_context_as_manager(self):
"""
Given i'm a user that has the Manager role
When i try to get subscribe another user to a context
I succeed
"""
from max.tests.mockers import create_context, subscribe_context
username = '******'
self.create_user(username)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context, expect=201)
def test_subscribe_user_to_context_as_context_owner(self):
"""
Given i'm a user that doesn't have the Manager role
And i'm the owner of the context
When i try to subscribe another user to a context
I succeed
"""
from max.tests.mockers import create_context, subscribe_context
username = '******'
other = 'penny'
self.create_user(username)
self.create_user(other)
self.create_context(create_context, owner=username)
self.user_subscribe_user_to_context(other, subscribe_context, auth_user=username, expect=201)
def test_self_subscribe_to_public_context_as_non_manager(self):
"""
Given i'm a user that doesn't have the Manager role
When i try to subscribe myself to a public subscription context
I succeed
"""
from max.tests.mockers import create_context, subscribe_context
username = '******'
self.create_user(username)
self.create_context(create_context, permissions={'subscribe': 'public'})
self.user_subscribe_user_to_context(username, subscribe_context, expect=201)
def test_self_subscribe_to_restricted_context_as_non_manager(self):
"""
Given i'm a user that doesn't have the Manager role
When i try to subscribe myself to a restricted subscription context
I succeed
"""
from max.tests.mockers import create_context, subscribe_context
username = '******'
self.create_user(username)
self.create_context(create_context, permissions={'subscribe': 'restricted'})
self.user_subscribe_user_to_context(username, subscribe_context, expect=403)
def test_subscribe_user_to_restricted_context_as_non_manager(self):
"""
Given i'm a user that doesn't have the Manager role
When i try to subscribe another user to a restricted subscription context
I get a Forbidden exception
"""
from max.tests.mockers import create_context, subscribe_context
username = '******'
other = 'penny'
self.create_user(username)
self.create_user(other)
self.create_context(create_context, permissions={'subscribe': 'restricted'})
self.user_subscribe_user_to_context(username, subscribe_context, expect=403)
def test_subscribe_user_to_public_context_as_non_manager(self):
"""
Given i'm a user that doesn't have the Manager role
When i try to subscribe another user to a public subscription context
I get a Forbidden exception
"""
from max.tests.mockers import create_context, subscribe_context
username = '******'
other = 'penny'
self.create_user(username)
self.create_user(other)
self.create_context(create_context, permissions={'subscribe': 'public'})
self.user_subscribe_user_to_context(other, subscribe_context, auth_user=username, expect=403)
# Unsubscribe tests
def test_unsubscribe_user_from_context_as_manager(self):
"""
Given i'm a user that has the Manager role
When i try to unsubscribe another user from to a context
I succeed
"""
from max.tests.mockers import create_context, subscribe_context
username = '******'
self.create_user(username)
self.create_context(create_context, permissions={'unsubscribe': 'restricted'})
chash = sha1(subscribe_context['object']['url']).hexdigest()
self.admin_subscribe_user_to_context(username, subscribe_context, expect=201)
self.admin_unsubscribe_user_from_context(username, chash, expect=204)
def test_unsubscribe_user_from_context_as_context_owner(self):
"""
Given i'm a user that doesn't have the Manager role
And i'm the owner of the context
When i try to unsubscribe another user from to a context
I succeed
"""
from max.tests.mockers import create_context, subscribe_context
username = '******'
other = 'penny'
self.create_user(username)
self.create_user(other)
self.create_context(create_context, permissions={'unsubscribe': 'restricted'}, owner=username)
chash = sha1(subscribe_context['object']['url']).hexdigest()
self.admin_subscribe_user_to_context(username, subscribe_context, expect=201)
self.admin_subscribe_user_to_context(other, subscribe_context, expect=201)
self.user_unsubscribe_user_from_context(other, chash, auth_user=username, expect=204)
def test_self_unsubscribe_user_from_context_as_non_manager(self):
"""
Given i'm a user that doesn't have the Manager role
When i try to unsubscribe another user from to a context
I get a Forbidden Exception
"""
from max.tests.mockers import create_context, subscribe_context
username = '******'
other = 'penny'
self.create_user(username)
self.create_user(other)
self.create_context(create_context, permissions={'unsubscribe': 'restricted'})
chash = sha1(subscribe_context['object']['url']).hexdigest()
self.admin_subscribe_user_to_context(username, subscribe_context, expect=201)
self.user_unsubscribe_user_from_context(username, chash, auth_user=other, expect=403)
def test_unsubscribe_user_from_context_allowed_unsubscribe_as_non_manager(self):
"""
Given i'm a user that doesn't have the Manager role
And i have permission to unsubscribe myself
When i try to unsubscribe myself from the context
I succeed
"""
from max.tests.mockers import create_context, subscribe_context
username = '******'
self.create_user(username)
self.create_context(create_context, permissions={'unsubscribe': 'subscribed'})
chash = sha1(subscribe_context['object']['url']).hexdigest()
self.admin_subscribe_user_to_context(username, subscribe_context, expect=201)
self.admin_unsubscribe_user_from_context(username, chash, expect=204)
def test_unsubscribe_another_user_from_context_allowed_unsubscribe_as_non_manager(self):
"""
Given i'm a user that doesn't have the Manager role
And i have permission to unsubscribe myself
When i try to unsubscribe other person from the context
I get a Forbidden Exception
"""
from max.tests.mockers import create_context, subscribe_context
username = '******'
other = 'penny'
self.create_user(username)
self.create_user(other)
self.create_context(create_context, permissions={'unsubscribe': 'subscribed'})
chash = sha1(subscribe_context['object']['url']).hexdigest()
self.admin_subscribe_user_to_context(username, subscribe_context, expect=201)
self.admin_subscribe_user_to_context(other, subscribe_context, expect=201)
self.user_unsubscribe_user_from_context(username, chash, auth_user=other, expect=403)
# Get context subscriptions
def test_get_context_subscriptions_as_manager(self):
"""
Given i'm a user that has the Manager role
When i try to get all subscriptions from a context
I succeed
"""
from max.tests.mockers import create_context, subscribe_context
username = '******'
self.create_user(username)
self.create_context(create_context, permissions={'unsubscribe': 'restricted'})
chash = sha1(subscribe_context['object']['url']).hexdigest()
self.admin_subscribe_user_to_context(username, subscribe_context, expect=201)
self.testapp.get('/contexts/{}/subscriptions'.format(chash), "", headers=oauth2Header(test_manager), status=200)
def test_get_context_subscriptions_as_owner(self):
"""
Given i'm a user that doesn't have the Manager role
And i'm the owner of the context
When i try to get all subscriptions from a context
I succeed
"""
from max.tests.mockers import create_context, subscribe_context
username = '******'
other = 'penny'
self.create_user(username)
self.create_user(other)
self.create_context(create_context, permissions={'unsubscribe': 'restricted'}, owner=username)
chash = sha1(subscribe_context['object']['url']).hexdigest()
self.admin_subscribe_user_to_context(username, subscribe_context, expect=201)
self.admin_subscribe_user_to_context(other, subscribe_context, expect=201)
self.testapp.get('/contexts/{}/subscriptions'.format(chash), "", headers=oauth2Header(username), status=200)
def test_get_context_subscriptions_as_non_manager_neither_owner(self):
"""
Given i'm a user that doesn't have the Manager role
And i'm not the owner of the context
When i try to get all subscriptions from a context
I get a Forbidden Exception
"""
from max.tests.mockers import create_context, subscribe_context
username = '******'
other = 'penny'
self.create_user(username)
self.create_user(other)
self.create_context(create_context, permissions={'unsubscribe': 'restricted'}, owner=username)
chash = sha1(subscribe_context['object']['url']).hexdigest()
self.admin_subscribe_user_to_context(username, subscribe_context, expect=201)
self.admin_subscribe_user_to_context(other, subscribe_context, expect=201)
self.testapp.get('/contexts/{}/subscriptions'.format(chash), "", headers=oauth2Header(other), status=403)
def test_get_user_subscriptions_as_manager(self):
"""
Given i'm a user that has the Manager role
When i try to get all subscriptions from a user
I succeed
"""
from max.tests.mockers import create_context, subscribe_context
username = '******'
self.create_user(username)
self.create_context(create_context, permissions={'unsubscribe': 'restricted'})
self.admin_subscribe_user_to_context(username, subscribe_context, expect=201)
self.testapp.get('/people/{}/subscriptions'.format(username), "", headers=oauth2Header(test_manager), status=200)
def test_get_own_user_subscriptions(self):
"""
Given i'm a user that doesn't have the Manager role
When i try to get all my subscriptions
I succeed
"""
from max.tests.mockers import create_context, subscribe_context
username = '******'
self.create_user(username)
self.create_context(create_context, permissions={'unsubscribe': 'restricted'}, owner=username)
self.admin_subscribe_user_to_context(username, subscribe_context, expect=201)
self.testapp.get('/people/{}/subscriptions'.format(username), "", headers=oauth2Header(username), status=200)
def test_get_user_subscriptions_as_non_manager_neither_own(self):
"""
Given i'm a user that doesn't have the Manager role
When i try to get all subscriptions from another user
I get a Forbidden Exception
"""
from max.tests.mockers import create_context, subscribe_context
username = '******'
other = 'penny'
self.create_user(username)
self.create_user(other)
self.create_context(create_context, permissions={'unsubscribe': 'restricted'}, owner=username)
self.admin_subscribe_user_to_context(username, subscribe_context, expect=201)
self.testapp.get('/people/{}/subscriptions'.format(username), "", headers=oauth2Header(other), status=403)
# Test Grant subscription permissions
def test_grant_permission_on_subscription_as_manager(self):
"""
Given i'm a user that has the Manager role
When i try to grant a permission on a user's suscription
I succeed
"""
from max.tests.mockers import create_context, subscribe_context
url_hash = sha1(create_context['url']).hexdigest()
username = '******'
self.create_user(username)
self.create_context(create_context, permissions={'read': 'subscribed'})
self.admin_subscribe_user_to_context(username, subscribe_context, expect=201)
permission = 'write'
self.testapp.put('/contexts/%s/permissions/%s/%s?permanent=1' % (url_hash, username, permission), "", oauth2Header(test_manager), status=201)
def test_grant_permission_on_subscription_as_context_owner(self):
"""
Given i'm a user that don't have the Manager role
And i'm the owner of the context
When i try to grant a permission on a user's suscription
I succeed
"""
from max.tests.mockers import create_context, subscribe_context
url_hash = sha1(create_context['url']).hexdigest()
username = '******'
other = 'penny'
self.create_user(username)
self.create_user(other)
self.create_context(create_context, permissions={'read': 'subscribed'}, owner=username)
self.admin_subscribe_user_to_context(other, subscribe_context, expect=201)
permission = 'write'
self.testapp.put('/contexts/%s/permissions/%s/%s?permanent=1' % (url_hash, other, permission), "", oauth2Header(username), status=201)
def test_grant_permission_on_subscription_as_non_manager_nor_owner(self):
"""
Given i'm a user that don't have the Manager role
And i'm not the owner of the context
When i try to grant a permission on a user's suscription
I get a Forbidden Exception
"""
from max.tests.mockers import create_context, subscribe_context
url_hash = sha1(create_context['url']).hexdigest()
username = '******'
other = 'penny'
self.create_user(username)
self.create_user(other)
self.create_context(create_context, permissions={'read': 'subscribed'}, owner=username)
self.admin_subscribe_user_to_context(other, subscribe_context, expect=201)
permission = 'write'
self.testapp.put('/contexts/%s/permissions/%s/%s?permanent=1' % (url_hash, other, permission), "", oauth2Header(other), status=403)
# Test revoke subscription permissions
def test_revoke_permission_on_subscription_as_manager(self):
"""
Given i'm a user that has the Manager role
When i try to revoke a permission on a user's suscription
I succeed
"""
from max.tests.mockers import create_context, subscribe_context
url_hash = sha1(create_context['url']).hexdigest()
username = '******'
self.create_user(username)
self.create_context(create_context, permissions={'read': 'subscribed'})
self.admin_subscribe_user_to_context(username, subscribe_context, expect=201)
permission = 'write'
self.testapp.delete('/contexts/%s/permissions/%s/%s?permanent=1' % (url_hash, username, permission), "", oauth2Header(test_manager), status=201)
def test_revoke_permission_on_subscription_as_context_owner(self):
"""
Given i'm a user that don't have the Manager role
And i'm the owner of the context
When i try to revoke a permission on a user's suscription
I succeed
"""
from max.tests.mockers import create_context, subscribe_context
url_hash = sha1(create_context['url']).hexdigest()
username = '******'
other = 'penny'
self.create_user(username)
self.create_user(other)
self.create_context(create_context, permissions={'read': 'subscribed'}, owner=username)
self.admin_subscribe_user_to_context(other, subscribe_context, expect=201)
permission = 'write'
self.testapp.delete('/contexts/%s/permissions/%s/%s?permanent=1' % (url_hash, other, permission), "", oauth2Header(username), status=201)
def test_revoke_permission_on_subscription_as_non_manager_nor_owner(self):
"""
Given i'm a user that don't have the Manager role
And i'm not the owner of the context
When i try to revoke a permission on a user's suscription
I get a Forbidden Exception
"""
from max.tests.mockers import create_context, subscribe_context
url_hash = sha1(create_context['url']).hexdigest()
username = '******'
other = 'penny'
self.create_user(username)
self.create_user(other)
self.create_context(create_context, permissions={'read': 'subscribed'}, owner=username)
self.admin_subscribe_user_to_context(other, subscribe_context, expect=201)
permission = 'write'
self.testapp.delete('/contexts/%s/permissions/%s/%s?permanent=1' % (url_hash, other, permission), "", oauth2Header(other), status=403)
# Test revoke subscription permissions
def test_reset_permission_defaults_on_subscription_as_manager(self):
"""
Given i'm a user that has the Manager role
When i try to reset all permission on a user's suscription to defaults
I succeed
"""
from max.tests.mockers import create_context, subscribe_context
url_hash = sha1(create_context['url']).hexdigest()
username = '******'
self.create_user(username)
self.create_context(create_context, permissions={'read': 'subscribed'})
self.admin_subscribe_user_to_context(username, subscribe_context, expect=201)
self.testapp.post('/contexts/%s/permissions/%s/defaults' % (url_hash, username), "", oauth2Header(test_manager), status=200)
def test_reset_permission_defaults_on_subscription_as_context_owner(self):
"""
Given i'm a user that don't have the Manager role
And i'm the owner of the context
When i try to reset all permission on a user's suscription to defaults
I succeed
"""
from max.tests.mockers import create_context, subscribe_context
url_hash = sha1(create_context['url']).hexdigest()
username = '******'
other = 'penny'
self.create_user(username)
self.create_user(other)
self.create_context(create_context, permissions={'read': 'subscribed'}, owner=username)
self.admin_subscribe_user_to_context(other, subscribe_context, expect=201)
self.testapp.post('/contexts/%s/permissions/%s/defaults' % (url_hash, other), "", oauth2Header(username), status=200)
def test_reset_permission_defaults_on_subscription_as_non_manager_nor_owner(self):
"""
Given i'm a user that don't have the Manager role
And i'm not the owner of the context
When i try to reset all permission on a user's suscription to defaults
I get a Forbidden Exception
"""
from max.tests.mockers import create_context, subscribe_context
url_hash = sha1(create_context['url']).hexdigest()
username = '******'
other = 'penny'
self.create_user(username)
self.create_user(other)
self.create_context(create_context, permissions={'read': 'subscribed'}, owner=username)
self.admin_subscribe_user_to_context(other, subscribe_context, expect=201)
self.testapp.post('/contexts/%s/permissions/%s/defaults' % (url_hash, other), "", oauth2Header(other), status=403)
class FunctionalTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(__file__)
self.app = loadapp('config:tests.ini', relative_to=conf_dir)
self.reset_database(self.app)
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
# BEGIN TESTS
def test_get_activities_order_sorted_by_last_comment_publish_date(self):
"""
Given a plain user
When I post activities on a context
and I comment on an old activity
Then in the comment-sorted activities, the commented activity becomes the first
"""
from .mockers import user_comment
from .mockers import user_status_context
from .mockers import subscribe_context, create_context
from .mockers import context_query
username = '******'
self.create_user(username)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
activity_0_id = self.create_activity(username, user_status_context).json['id']
activity_1_id = self.create_activity(username, user_status_context, note='Second').json['id']
activity_2_id = self.create_activity(username, user_status_context, note='Third').json['id']
res = self.testapp.post('/activities/%s/comments' % str(activity_1_id), json.dumps(user_comment), oauth2Header(username), status=201)
res = self.testapp.get('/contexts/%s/activities?sort=published' % (context_query['context']), '', oauth2Header(username), status=200)
self.assertEqual(len(res.json), 3)
self.assertEqual(res.json[0].get('id', None), activity_2_id)
self.assertEqual(res.json[1].get('id', None), activity_1_id)
self.assertEqual(res.json[2].get('id', None), activity_0_id)
def test_timeline_order_sorted_by_last_comment_publish_date(self):
"""
Given a plain user
When I post activities
and I comment on an old activity
Then in the comment-sorted timeline, the commented activity becomes the first
"""
from .mockers import user_status, user_comment
username = '******'
self.create_user(username)
activity_ids = []
# Create 7 activities to overpass limit of 5
for i in range(7):
activity_ids.append(self.create_activity(username, user_status, note=str(i)).json['id'])
res = self.testapp.post('/activities/%s/comments' % str(activity_ids[0]), json.dumps(user_comment), oauth2Header(username), status=201)
# Get first 5 results
res = self.testapp.get('/people/%s/timeline?sort=published&priority=comments&limit=5' % username, "", oauth2Header(username), status=200)
self.assertEqual(len(res.json), 5)
self.assertEqual(res.json[0].get('id', None), activity_ids[0])
self.assertEqual(res.json[1].get('id', None), activity_ids[6])
self.assertEqual(res.json[2].get('id', None), activity_ids[5])
self.assertEqual(res.json[3].get('id', None), activity_ids[4])
self.assertEqual(res.json[4].get('id', None), activity_ids[3])
# get next 2 results
res = self.testapp.get('/people/%s/timeline?sort=published&priority=comments&limit=5&before=%s' % (username, activity_ids[3]), "", oauth2Header(username), status=200)
self.assertEqual(len(res.json), 2)
self.assertEqual(res.json[0].get('id', None), activity_ids[2])
self.assertEqual(res.json[1].get('id', None), activity_ids[1])
def test_timeline_order_sorted_by_last_comment_publish_date_when_delete_comment(self):
"""
Given a plain user
When I post activities
and I comment on an old activity
and I delete comment on an old activity
Then in the comment-sorted timeline
"""
from .mockers import user_status, user_comment
username = '******'
self.create_user(username)
activity_ids = []
# Create 7 activities to overpass limit of 5
for i in range(7):
activity_ids.append(self.create_activity(username, user_status, note=str(i)).json['id'])
res = self.testapp.post('/activities/%s/comments' % str(activity_ids[0]), json.dumps(user_comment), oauth2Header(username), status=201)
comment_id = res.json['id']
# Delete comment
res = self.testapp.delete('/activities/%s/comments/%s' % (str(activity_ids[0]), comment_id), '', oauth2Header(username), status=204)
# Get first 5 results
res = self.testapp.get('/people/%s/timeline?sort=published&priority=comments&limit=5' % username, "", oauth2Header(username), status=200)
self.assertEqual(len(res.json), 5)
self.assertEqual(res.json[0].get('id', None), activity_ids[6])
self.assertEqual(res.json[1].get('id', None), activity_ids[5])
self.assertEqual(res.json[2].get('id', None), activity_ids[4])
self.assertEqual(res.json[3].get('id', None), activity_ids[3])
self.assertEqual(res.json[4].get('id', None), activity_ids[2])
# get next 2 results
res = self.testapp.get('/people/%s/timeline?sort=published&priority=comments&limit=5&before=%s' % (username, activity_ids[3]), "", oauth2Header(username), status=200)
self.assertEqual(len(res.json), 3)
self.assertEqual(res.json[0].get('id', None), activity_ids[2])
self.assertEqual(res.json[1].get('id', None), activity_ids[1])
self.assertEqual(res.json[2].get('id', None), activity_ids[0])
def test_timeline_order_sorted_by_last_comment_publish_date_when_delete_one_comment(self):
"""
Given a plain user
When I post activities
and I comment on an old activity
and I delete comment on an old activity
Then in the comment-sorted timeline
"""
from .mockers import user_status, user_comment
username = '******'
self.create_user(username)
activity_ids = []
# Create 7 activities to overpass limit of 5
for i in range(7):
activity_ids.append(self.create_activity(username, user_status, note=str(i)).json['id'])
res = self.testapp.post('/activities/%s/comments' % str(activity_ids[0]), json.dumps(user_comment), oauth2Header(username), status=201)
comment_id = res.json['id']
self.testapp.post('/activities/%s/comments' % str(activity_ids[0]), json.dumps(user_comment), oauth2Header(username), status=201)
self.testapp.post('/activities/%s/comments' % str(activity_ids[0]), json.dumps(user_comment), oauth2Header(username), status=201)
# Delete comment
res = self.testapp.delete('/activities/%s/comments/%s' % (str(activity_ids[0]), comment_id), '', oauth2Header(username), status=204)
# Get first 5 results
res = self.testapp.get('/people/%s/timeline?sort=published&priority=comments&limit=5' % username, "", oauth2Header(username), status=200)
self.assertEqual(len(res.json), 5)
self.assertEqual(res.json[0].get('id', None), activity_ids[0])
self.assertEqual(res.json[1].get('id', None), activity_ids[6])
self.assertEqual(res.json[2].get('id', None), activity_ids[5])
self.assertEqual(res.json[3].get('id', None), activity_ids[4])
self.assertEqual(res.json[4].get('id', None), activity_ids[3])
# get next 2 results
res = self.testapp.get('/people/%s/timeline?sort=published&priority=comments&limit=5&before=%s' % (username, activity_ids[3]), "", oauth2Header(username), status=200)
self.assertEqual(len(res.json), 2)
self.assertEqual(res.json[0].get('id', None), activity_ids[2])
self.assertEqual(res.json[1].get('id', None), activity_ids[1])
def test_timeline_order_sorted_by_activity_publish_date(self):
"""
Given a plain user
When I post activities
and I comment on an old activity
Then in the activities-sorted timeline, the order equals the activity order
"""
from .mockers import user_status, user_comment
username = '******'
self.create_user(username)
activity_0_id = self.create_activity(username, user_status).json['id']
activity_1_id = self.create_activity(username, user_status, note="second").json['id']
activity_2_id = self.create_activity(username, user_status, note="third").json['id']
res = self.testapp.post('/activities/%s/comments' % str(activity_1_id), json.dumps(user_comment), oauth2Header(username), status=201)
res = self.testapp.get('/people/%s/timeline?sort=published' % username, "", oauth2Header(username), status=200)
self.assertEqual(len(res.json), 3)
self.assertEqual(res.json[0].get('id', None), activity_2_id)
self.assertEqual(res.json[1].get('id', None), activity_1_id)
self.assertEqual(res.json[2].get('id', None), activity_0_id)
class FunctionalTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(__file__)
self.app = loadapp('config:tests.ini', relative_to=conf_dir)
self.reset_database(self.app)
self.app.registry.max_store.security.insert(test_default_security_single)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
def test_get_security(self):
res = self.testapp.get('/admin/security', "", oauth2Header(test_manager), status=200)
result = json.loads(res.text)
self.assertEqual(result.get('roles', None).get('Manager')[0], 'test_manager')
def test_security_add_user_to_role(self):
username = '******'
self.create_user(username)
res = self.testapp.post('/admin/security/roles/%s/users/%s' % ('Manager', username), "", oauth2Header(test_manager), status=201)
self.assertItemsEqual(['messi', 'test_manager'], res.json)
def test_security_add_user_to_non_allowed_role(self):
username = '******'
self.create_user(username)
self.testapp.post('/admin/security/roles/%s/users/%s' % ('WrongRole', username), "", oauth2Header(test_manager), status=400)
def test_security_remove_user_from_non_allowed_role(self):
username = '******'
self.create_user(username)
self.testapp.delete('/admin/security/roles/%s/users/%s' % ('WrongRole', username), "", oauth2Header(test_manager), status=400)
def test_security_add_user_to_role_already_has_role(self):
res = self.testapp.post('/admin/security/roles/%s/users/%s' % ('Manager', 'test_manager'), "", oauth2Header(test_manager), status=200)
self.assertListEqual(['test_manager'], res.json)
def test_security_remove_user_from_role(self):
username = '******'
self.create_user(username)
self.testapp.post('/admin/security/roles/%s/users/%s' % ('Manager', username), "", oauth2Header(test_manager), status=201)
self.testapp.delete('/admin/security/roles/%s/users/%s' % ('Manager', username), "", oauth2Header(test_manager), status=204)
def test_security_remove_user_from_role_user_not_in_role(self):
username = '******'
self.create_user(username)
self.testapp.delete('/admin/security/roles/%s/users/%s' % ('Manager', username), "", oauth2Header(test_manager), status=404)
def test_security_add_user_to_role_check_security_reloaded(self):
test_manager2 = 'messi'
self.create_user(test_manager2)
self.testapp.get('/activities', "", oauth2Header(test_manager2), status=403)
self.testapp.post('/admin/security/roles/%s/users/%s' % ('Manager', test_manager2), "", oauth2Header(test_manager), status=201)
self.testapp.get('/activities', "", oauth2Header(test_manager2), status=200)
def test_security_remove_user_from_role_check_security_reloaded(self):
test_manager2 = 'messi'
self.create_user(test_manager2)
self.testapp.post('/admin/security/roles/%s/users/%s' % ('Manager', test_manager2), "", oauth2Header(test_manager), status=201)
self.testapp.get('/activities', "", oauth2Header(test_manager2), status=200)
self.testapp.delete('/admin/security/roles/%s/users/%s' % ('Manager', test_manager2), "", oauth2Header(test_manager), status=204)
self.testapp.get('/activities', "", oauth2Header(test_manager2), status=403)
class TokenACLTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(os.path.dirname(__file__))
self.app = loadapp('config:tests.ini', relative_to=conf_dir)
self.app.registry.max_store.drop_collection('users')
self.app.registry.max_store.drop_collection('activity')
self.app.registry.max_store.drop_collection('contexts')
self.app.registry.max_store.drop_collection('security')
self.app.registry.max_store.drop_collection('conversations')
self.app.registry.max_store.drop_collection('messages')
self.app.registry.max_store.drop_collection('tokens')
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
# Add new token test
def test_add_token(self):
"""
Given i'm a regular user
When i try to add a device token
I succeed
"""
from max.tests.mockers import token
username = '******'
self.create_user(username)
self.testapp.post('/tokens', json.dumps(token), headers=oauth2Header(username), status=201)
def test_add_token_impersonated(self):
"""
Given i'm a Manager user
When i try to add a device token to someone else
I succeed
"""
from max.tests.mockers import token
username = '******'
self.create_user(username)
self.testapp.post('/tokens', json.dumps(impersonate_payload(token, username)), headers=oauth2Header(test_manager), status=201)
def test_add_token_impersonated_no_privileges(self):
"""
Given i'm a regular user
When i try to add a device token to someone else
And i'm impersonated as the other user
I get a Forbidden Exception
"""
from max.tests.mockers import token
username = '******'
username2 = 'penny'
self.create_user(username)
self.create_user(username2)
self.testapp.post('/tokens', json.dumps(impersonate_payload(token, username)), headers=oauth2Header(username2), status=403)
# Get all tokens tests
def test_get_user_tokens(self):
"""
Given i'm a regular user
When i try to get al my tokens
I succeed
"""
username = '******'
self.create_user(username)
self.testapp.get('/people/{}/tokens'.format(username), '', headers=oauth2Header(username), status=200)
def test_get_user_tokens_as_manager(self):
"""
Given i'm a regular user
When i try to get al my tokens
I succeed
"""
username = '******'
self.create_user(username)
self.testapp.get('/people/{}/tokens'.format(username), '', headers=oauth2Header(test_manager), status=200)
def test_get_user_tokens_as_other(self):
"""
Given i'm a regular user
When i try to get al my tokens
I get a Forbidden Exception
"""
username = '******'
other = 'penny'
self.create_user(username)
self.create_user(other)
self.testapp.get('/people/{}/tokens'.format(username), '', headers=oauth2Header(other), status=403)
# Get all tokens by platform tests
def test_get_user_platform_tokens(self):
"""
Given i'm a regular user
When i try to get al my tokens
I succeed
"""
username = '******'
self.create_user(username)
self.testapp.get('/people/{}/tokens/platforms/{}'.format(username, 'ios'), '', headers=oauth2Header(username), status=200)
def test_get_user_platform_tokens_as_manager(self):
"""
Given i'm a regular user
When i try to get al my tokens
I succeed
"""
username = '******'
self.create_user(username)
self.testapp.get('/people/{}/tokens/platforms/{}'.format(username, 'ios'), '', headers=oauth2Header(test_manager), status=200)
def test_get_user_platform_tokens_as_other(self):
"""
Given i'm a regular user
When i try to get al my tokens
I get a Forbidden Exception
"""
username = '******'
other = 'penny'
self.create_user(username)
self.create_user(other)
self.testapp.get('/people/{}/tokens/platforms/{}'.format(username, 'ios'), '', headers=oauth2Header(other), status=403)
# Delete token test
def test_delete_token(self):
"""
Given i'm a regular user
When i try to add delete a device token
I succeed
"""
from max.tests.mockers import token
username = '******'
self.create_user(username)
self.testapp.post('/tokens', json.dumps(token), headers=oauth2Header(username), status=201)
self.testapp.delete('/tokens/{}'.format(token['token']), '', headers=oauth2Header(username), status=204)
def test_delete_ohers_token(self):
"""
Given i'm a regular user
When i try to delete someone else's device token
I get a Forbidden Exception
"""
from max.tests.mockers import token
username = '******'
username2 = 'penny'
self.create_user(username)
self.create_user(username2)
self.testapp.post('/tokens', json.dumps(token), headers=oauth2Header(username), status=201)
self.testapp.delete('/tokens/{}'.format(token['token']), '', headers=oauth2Header(username2), status=403)
def test_delete_token_impersonated(self):
"""
Given i'm a Manager user
When i try to delete someone else's device token
I succeed
"""
from max.tests.mockers import token
username = '******'
self.create_user(username)
self.testapp.post('/tokens', json.dumps(token), headers=oauth2Header(username), status=201)
self.testapp.delete('/tokens/{}'.format(token['token']), json.dumps(impersonate_payload({}, test_manager)), headers=oauth2Header(username), status=204)
def test_delete_token_impersonated_no_privileges(self):
"""
Given i'm a regular user
When i try to delete someone else's device token
And i'm impersonating as the other user
I get a Forbidden Exception
"""
from max.tests.mockers import token
username = '******'
username2 = 'penny'
self.create_user(username)
self.create_user(username2)
self.testapp.post('/tokens', json.dumps(token), headers=oauth2Header(username), status=201)
self.testapp.delete('/tokens/{}'.format(token['token']), json.dumps(impersonate_payload({}, username2)), headers=oauth2Header(username), status=204)
# Delete all user tokens tests
def test_delete_user_tokens(self):
"""
Given i'm a regular user
When i try to delete all my tokens
I succeed
"""
username = '******'
self.create_user(username)
self.testapp.delete('/people/{}/tokens'.format(username), '', headers=oauth2Header(username), status=204)
def test_delete_user_tokens_impersonated(self):
"""
Given i'm a Manager user
When i try to delete another user tokens
I succeed
"""
username = '******'
self.create_user(username)
self.testapp.delete('/people/{}/tokens'.format(username), '', headers=oauth2Header(test_manager), status=204)
def test_delete_user_tokens_impersonated_no_privileges(self):
"""
Given i'm a regular user
When i try to delete another user tokens
I succeed
"""
username = '******'
username2 = 'penny'
self.create_user(username)
self.create_user(username2)
self.testapp.delete('/people/{}/tokens'.format(username), '', headers=oauth2Header(username2), status=403)
# Delete all user tokens by platform tests
def test_delete_user_tokens_by_platform(self):
"""
Given i'm a regular user
When i try to delete all my tokens by platform
I succeed
"""
username = '******'
self.create_user(username)
self.testapp.delete('/people/{}/tokens/platforms/{}'.format(username, 'ios'), '', headers=oauth2Header(username), status=204)
def test_delete_user_tokens_by_platform_impersonated(self):
"""
Given i'm a Manager user
When i try to delete another user tokens by platform
I succeed
"""
username = '******'
self.create_user(username)
self.testapp.delete('/people/{}/tokens/platforms/{}'.format(username, 'ios'), '', headers=oauth2Header(test_manager), status=204)
def test_delete_user_tokens_by_platform_impersonated_no_privileges(self):
"""
Given i'm a regular user
When i try to delete another user tokens by platform
I succeed
"""
username = '******'
username2 = 'penny'
self.create_user(username)
self.create_user(username2)
self.testapp.delete('/people/{}/tokens/platforms/{}'.format(username, 'ios'), '', headers=oauth2Header(username2), status=403)
# Get conversation user's tokens tests
def test_get_conversation_tokens_as_manager(self):
"""
Given i'm a Manager user
When i try to list all tokens of users of a conversation
I succeed
"""
from max.tests.mockers import message
username = '******'
username2 = 'xavi'
self.create_user(username)
self.create_user(username2)
chash = self.testapp.post('/conversations', json.dumps(message), oauth2Header(username), status=201).json['id']
self.testapp.get('/conversations/{}/tokens'.format(chash), '', headers=oauth2Header(test_manager), status=200)
def test_get_conversation_tokens_as_anyone_else(self):
"""
Given i'm a regular user
When i try to list all tokens of users of a conversation
I get a Forbidden Exception
"""
from max.tests.mockers import message
username = '******'
username2 = 'xavi'
self.create_user(username)
self.create_user(username2)
chash = self.testapp.post('/conversations', json.dumps(message), oauth2Header(username), status=201).json['id']
self.testapp.get('/conversations/{}/tokens'.format(chash), '', headers=oauth2Header(username), status=403)
# Get context user's tokens tests
def test_get_context_tokens_as_manager(self):
"""
Given i'm a Manager user
When i try to list all tokens of users subscribed to a context
I succeed
"""
from max.tests.mockers import create_context
chash = self.create_context(create_context).json['hash']
self.testapp.get('/contexts/{}/tokens'.format(chash), '', headers=oauth2Header(test_manager), status=200)
def test_get_context_tokens_as_anyone_else(self):
"""
Given i'm a regular user
When i try to list all tokens of users subscribed to a context
I get a Forbidden Exception
"""
from max.tests.mockers import create_context
username = '******'
self.create_user(username)
chash = self.create_context(create_context).json['hash']
self.testapp.get('/contexts/{}/tokens'.format(chash), '', headers=oauth2Header(username), status=403)
class FunctionalTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(__file__)
self.app = loadapp('config:tests.ini', relative_to=conf_dir)
self.reset_database(self.app)
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
def test_maintenance_keywords(self):
from .mockers import user_status
username = '******'
self.create_user(username, displayName='Lionel messi')
self.create_activity(username, user_status)
# Hard modify keywords directly on mongodb to simulate bad keywords
activities = self.exec_mongo_query('activity', 'find', {})
activity = activities[0]
del activity['_keywords']
activity['object']['_keywords'] = []
self.exec_mongo_query('activity', 'update', {'_id': activities[0]['_id']}, activity)
self.testapp.post('/admin/maintenance/keywords', "", oauth2Header(test_manager), status=200)
res = self.testapp.get('/activities/%s' % activity['_id'], "", oauth2Header(username), status=200)
expected_keywords = [u'canvi', u'creaci\xf3', u'estatus', u'lionel', u'messi', u'testejant']
response_keywords = res.json['keywords']
response_keywords.sort()
self.assertListEqual(expected_keywords, response_keywords)
def test_maintenance_dates(self):
from .mockers import user_status, user_comment
username = '******'
self.create_user(username, displayName='Lionel messi')
res = self.create_activity(username, user_status)
self.testapp.post('/activities/%s/comments' % str(res.json['id']), json.dumps(user_comment), oauth2Header(username), status=201)
res = self.testapp.post('/activities/%s/comments' % str(res.json['id']), json.dumps(user_comment), oauth2Header(username), status=201)
# Hard modify keywords directly on mongodb to simulate bad keywords
activities = self.exec_mongo_query('activity', 'find', {'verb': 'post'})
activity = activities[0]
# simulate ancient commented field with wrong date
activity['commented'] = activity['published']
del activity['lastComment']
self.exec_mongo_query('activity', 'update', {'_id': activities[0]['_id']}, activity)
self.testapp.post('/admin/maintenance/dates', "", oauth2Header(test_manager), status=200)
res = self.testapp.get('/activities/%s' % activity['_id'], "", oauth2Header(username), status=200)
self.assertEqual(res.json['lastComment'], res.json['replies'][-1]['id'])
def test_maintenance_subscriptions(self):
from .mockers import create_context
from .mockers import subscribe_context, user_status_context
from hashlib import sha1
username = '******'
self.create_user(username)
self.create_context(create_context, permissions=dict(read='subscribed', write='subscribed', subscribe='restricted', invite='restricted'))
chash = sha1(create_context['url']).hexdigest()
self.admin_subscribe_user_to_context(username, subscribe_context)
self.create_activity(username, user_status_context)
# Hard modify context directly on mongo to simulate changed permissions, displayName and tags
contexts = self.exec_mongo_query('contexts', 'find', {'hash': chash})
context = contexts[0]
context['permissions']['write'] = 'restricted'
context['displayName'] = 'Changed Name'
context['tags'].append('new tag')
self.exec_mongo_query('contexts', 'update', {'_id': context['_id']}, context)
self.testapp.post('/admin/maintenance/subscriptions', "", oauth2Header(test_manager), status=200)
# Check user subscription is updated
res = self.testapp.get('/people/{}'.format(username), "", oauth2Header(username), status=200)
self.assertEqual(res.json['subscribedTo'][0]['displayName'], 'Changed Name')
self.assertListEqual(res.json['subscribedTo'][0]['tags'], ['Assignatura', 'new tag'])
self.assertListEqual(res.json['subscribedTo'][0]['permissions'], ['read'])
# Check user activity is updated
res = self.testapp.get('/people/{}/timeline'.format(username), "", oauth2Header(username), status=200)
self.assertEqual(res.json[0]['contexts'][0]['displayName'], 'Changed Name')
self.assertListEqual(res.json[0]['contexts'][0]['tags'], ['Assignatura', 'new tag'])
def test_maintenance_conversations(self):
from .mockers import group_message as message
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
# Hard modify group conversation directly on mongo to simulate changed permissions, displayName and tags
conversations = self.exec_mongo_query('conversations', 'find', {})
conversation = conversations[0]
conversation['permissions']['write'] = 'restricted'
conversation['displayName'] = 'Changed Name'
conversation['tags'] = []
conversation['participants'] = ['messi', 'xavi', 'shakira'] # Simulate ol'times structure
self.exec_mongo_query('conversations', 'update', {'_id': conversation['_id']}, conversation)
# Hard Put a displayName on a user
users = self.exec_mongo_query('users', 'find', {'username': '******'})
user = users[0]
user['displayName'] = 'Lionel Messi'
self.exec_mongo_query('users', 'update', {'_id': user['_id']}, user)
self.testapp.post('/admin/maintenance/conversations', "", oauth2Header(test_manager), status=200)
# Check user subscription is updated
res = self.testapp.get('/people/{}'.format(sender), "", oauth2Header(sender), status=200)
self.assertEqual(res.json['talkingIn'][0]['displayName'], 'Changed Name')
self.assertEqual(res.json['talkingIn'][0]['participants'][0]['username'], 'messi')
self.assertEqual(res.json['talkingIn'][0]['participants'][1]['username'], 'xavi')
self.assertEqual(res.json['talkingIn'][0]['participants'][2]['username'], 'shakira')
self.assertListEqual(res.json['talkingIn'][0]['permissions'], ['read', 'unsubscribe'])
self.assertListEqual(res.json['talkingIn'][0]['tags'], ['group'])
conversation_id = res.json['talkingIn'][0]['id']
# Check context participants are updated
res = self.testapp.get('/conversations/{}'.format(conversation_id), "", oauth2Header(sender), status=200)
self.assertEqual(res.json['participants'][0]['displayName'], 'Lionel Messi')
# Check user activity is updated
res = self.testapp.get('/conversations/{}/messages'.format(conversation_id), "", oauth2Header(sender), status=200)
self.assertEqual(res.json[0]['contexts'][0]['displayName'], 'Changed Name')
def test_maintenance_conversations_group_one_participant(self):
from .mockers import group_message as message
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
conversation_id = str(res.json['contexts'][0]['id'])
self.testapp.delete('/people/{}/conversations/{}'.format(recipient, conversation_id), '', oauth2Header(recipient), status=204)
self.testapp.delete('/people/{}/conversations/{}'.format(recipient2, conversation_id), '', oauth2Header(recipient2), status=204)
self.testapp.post('/admin/maintenance/conversations', "", oauth2Header(test_manager), status=200)
res = self.testapp.get('/conversations/{}'.format(conversation_id), '', oauth2Header(sender), status=200)
self.assertEqual(len(res.json['participants']), 1)
self.assertIn('archive', res.json['tags'])
def test_maintenance_two_people_conversations(self):
from .mockers import message as creation_message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(creation_message), oauth2Header(sender), status=201)
conversation_id = str(res.json['contexts'][0]['id'])
self.testapp.post('/admin/maintenance/conversations', "", oauth2Header(test_manager), status=200)
res = self.testapp.get('/conversations/{}'.format(conversation_id), '', oauth2Header(sender), status=200)
self.assertEqual(len(res.json['participants']), 2)
self.assertNotIn('single', res.json['tags'])
def test_maintenance_two_people_conversations_one_leave_conversation(self):
from .mockers import message as creation_message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(creation_message), oauth2Header(sender), status=201)
conversation_id = str(res.json['contexts'][0]['id'])
self.testapp.delete('/people/{}/conversations/{}'.format(recipient, conversation_id), '', oauth2Header(recipient), status=204)
self.testapp.post('/admin/maintenance/conversations', "", oauth2Header(test_manager), status=200)
res = self.testapp.get('/conversations/{}'.format(conversation_id), '', oauth2Header(sender), status=200)
self.assertEqual(len(res.json['participants']), 2)
self.assertIn('single', res.json['tags'])
def test_maintenance_two_people_conversations_one_user_deleted(self):
from .mockers import message as creation_message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(creation_message), oauth2Header(sender), status=201)
conversation_id = str(res.json['contexts'][0]['id'])
self.testapp.delete('/people/{}'.format(recipient), headers=oauth2Header(test_manager), status=204)
self.testapp.post('/admin/maintenance/conversations', "", oauth2Header(test_manager), status=200)
res = self.testapp.get('/conversations/{}'.format(conversation_id), '', oauth2Header(sender), status=200)
self.assertEqual(len(res.json['participants']), 2)
self.assertIn('archive', res.json['tags'])
def test_maintenance_two_people_conversations_tagged_archived(self):
from .mockers import message as creation_message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(creation_message), oauth2Header(sender), status=201)
conversation_id = str(res.json['contexts'][0]['id'])
# Hard modify two people conversation directly on mongo to simulate archive in tags
conversations = self.exec_mongo_query('conversations', 'find', {})
conversation = conversations[0]
conversation['tags'] = ['archive']
self.exec_mongo_query('conversations', 'update', {'_id': conversation['_id']}, conversation)
self.testapp.post('/admin/maintenance/conversations', "", oauth2Header(test_manager), status=200)
res = self.testapp.get('/conversations/{}'.format(conversation_id), '', oauth2Header(sender), status=200)
self.assertEqual(len(res.json['participants']), 2)
self.assertNotIn('single', res.json['tags'])
def test_maintenance_users(self):
username = '******'
self.create_user(username)
# Hard modify user directly on mongo to simulate wrong owner and check is wrong
self.exec_mongo_query('users', 'update', {'username': username}, {'$set': {'_owner': 'test_manager'}})
res = self.testapp.get('/people/{}'.format(username), "", oauth2Header(test_manager), status=200)
self.assertEqual(res.json['owner'], 'test_manager')
self.testapp.post('/admin/maintenance/users', "", oauth2Header(test_manager), status=200)
res = self.testapp.get('/people/{}'.format(username), "", oauth2Header(test_manager), status=200)
self.assertEqual(res.json['owner'], username)
def test_maintenance_tokens(self):
username = '******'
self.create_user(username)
# Hard modify user directly on mongo to simulate old style tokens
self.exec_mongo_query('users', 'update', {'username': username}, {'$set': {'iosDevices': ['token1', 'token2'], 'androidDevices': ['token3', 'token4']}})
user = self.exec_mongo_query('users', 'find', {'username': username})[0]
ios = self.testapp.get('/people/{}/tokens/platforms/{}'.format(username, 'ios'), "", oauth2Header(username), status=200)
android = self.testapp.get('/people/{}/tokens/platforms/{}'.format(username, 'android'), "", oauth2Header(username), status=200)
self.assertEqual(ios.json, [])
self.assertEqual(android.json, [])
self.assertIn('iosDevices', user)
self.assertIn('androidDevices', user)
self.testapp.post('/admin/maintenance/tokens', "", oauth2Header(test_manager), status=200)
user = self.exec_mongo_query('users', 'find', {'username': username})[0]
ios = self.testapp.get('/people/{}/tokens/platforms/{}'.format(username, 'ios'), "", oauth2Header(username), status=200)
android = self.testapp.get('/people/{}/tokens/platforms/{}'.format(username, 'android'), "", oauth2Header(username), status=200)
migrated_ios_tokens = [a['token'] for a in ios.json]
migrated_android_tokens = [a['token'] for a in android.json]
self.assertItemsEqual(migrated_ios_tokens, ['token1', 'token2'])
self.assertItemsEqual(migrated_android_tokens, ['token3', 'token4'])
self.assertNotIn('iosDevices', user)
self.assertNotIn('androidDevices', user)
class ContextACLTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(os.path.dirname(__file__))
self.app = loadapp('config:tests.ini', relative_to=conf_dir)
self.app.registry.max_store.drop_collection('users')
self.app.registry.max_store.drop_collection('activity')
self.app.registry.max_store.drop_collection('contexts')
self.app.registry.max_store.drop_collection('security')
self.app.registry.max_store.drop_collection('conversations')
self.app.registry.max_store.drop_collection('messages')
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
# Add context tests
def test_add_context_as_manager(self):
"""
Given a user that has the Manager role
When i try to get create a context
I succeed
"""
from max.tests.mockers import create_context
self.create_user(test_manager)
self.testapp.post('/contexts', json.dumps(create_context), oauth2Header(test_manager), status=201)
def test_add_context_as_non_manager(self):
"""
Given a user that doesn't have the Manager role
When i try to create a context
I get a Forbidden exception
"""
from max.tests.mockers import create_context
username = '******'
self.create_user(username)
self.testapp.post('/contexts', json.dumps(create_context), oauth2Header(username), status=403)
# View context tests
def test_view_context_as_manager_with_acls(self):
"""
Given i'm a user that has the Manager role
When i try to update any context
I succeed
And I get the acls for that context
"""
from max.tests.mockers import create_context
self.create_user(test_manager)
res = self.create_context(create_context)
chash = res.json['hash']
res = self.testapp.get('/contexts/%s?show_acls=1' % chash, "", oauth2Header(test_manager), status=200)
self.assertGreater(len(res.json['acls']), 0)
def test_view_context_as_manager(self):
"""
Given i'm a user that has the Manager role
When i try to update any context
I succeed
"""
from max.tests.mockers import create_context
self.create_user(test_manager)
res = self.create_context(create_context)
chash = res.json['hash']
self.testapp.get('/contexts/%s' % chash, "", oauth2Header(test_manager), status=200)
def test_view_context_as_non_manager(self):
"""
Given i'm a user that has the Manager role
When i try to update any context
I succeed
"""
from max.tests.mockers import create_context
username = '******'
self.create_user(test_manager)
self.create_user(username)
res = self.create_context(create_context)
chash = res.json['hash']
self.testapp.get('/contexts/%s' % chash, "", oauth2Header(username), status=200)
# Get all contexts tests
def test_get_all_contexts_as_manager(self):
"""
Given a user that has the Manager role
When i try to get all contexts
I succeed
"""
from max.tests.mockers import create_context
self.create_user(test_manager)
self.create_context(create_context)
self.testapp.get('/contexts', "", oauth2Header(test_manager), status=200)
def test_get_all_contexts_as_non_manager(self):
"""
Given a user that doesn't have the Manager role
When i try to get all contexts
I get a Forbidden exception
"""
from max.tests.mockers import create_context
username = '******'
self.create_user(test_manager)
self.create_user(username)
self.create_context(create_context)
self.testapp.get('/contexts', "", oauth2Header(username), status=403)
# Modify context tests
def test_modify_context_as_manager(self):
"""
Given i'm a user that has the Manager role
When i try to update any context
I succeed
"""
from max.tests.mockers import create_context
self.create_user(test_manager)
res = self.create_context(create_context)
chash = res.json['hash']
self.testapp.put('/contexts/%s' % chash, json.dumps({"twitterHashtag": "testhashtag"}), oauth2Header(test_manager), status=200)
def test_modify_context_as_manager_non_owner(self):
"""
Given i'm a user that has the Manager role
And i'm not the owner of the context
When i try to update any context
I succeed
"""
from max.tests.mockers import create_context
self.create_user(test_manager)
self.create_user(test_manager2)
res = self.create_context(create_context)
chash = res.json['hash']
self.testapp.put('/contexts/%s' % chash, json.dumps({"twitterHashtag": "testhashtag"}), oauth2Header(test_manager2), status=200)
def test_modify_context_as_owner(self):
"""
Given i'm a user that don't jave the Manager role
And is the owner of the context
When i try to update the context
I succeed
"""
from max.tests.mockers import create_context
username = '******'
self.create_user(test_manager)
self.create_user(username)
res = self.create_context(create_context, owner=username)
chash = res.json['hash']
self.testapp.put('/contexts/%s' % chash, json.dumps({"twitterHashtag": "testhashtag"}), oauth2Header(username), status=200)
def test_modify_context_as_non_owner_non_manager(self):
"""
Given i'm a user that don't jave the Manager role
And is the owner of the context
When i try to update the context
I succeed
"""
from max.tests.mockers import create_context
username = '******'
self.create_user(test_manager)
self.create_user(username)
res = self.create_context(create_context)
chash = res.json['hash']
self.testapp.put('/contexts/%s' % chash, json.dumps({"twitterHashtag": "testhashtag"}), oauth2Header(username), status=403)
# Delete context tests
def test_delete_context_as_manager(self):
"""
Given a user that has the Manager role
When i try to remove a context
I succeed
"""
from max.tests.mockers import create_context
self.create_user(test_manager)
res = self.create_context(create_context)
chash = res.json['hash']
self.testapp.delete('/contexts/%s' % (chash,), "", oauth2Header(test_manager), status=204)
def test_delete_context_as_manager_non_owner(self):
"""
Given a user that has the Manager role
And is not the owner of the context
When i try to remove a context
I succeed
"""
from max.tests.mockers import create_context
self.create_user(test_manager)
self.create_user(test_manager2)
res = self.create_context(create_context)
chash = res.json['hash']
self.testapp.delete('/contexts/%s' % (chash,), "", oauth2Header(test_manager2), status=204)
def test_delete_context_as_owner(self):
"""
Given a user that has doesn't have the Manager role
And is the owner of the context
When i try to remove a context
I succeed
"""
from max.tests.mockers import create_context
username = '******'
self.create_user(test_manager)
self.create_user(username)
res = self.create_context(create_context, owner=username)
chash = res.json['hash']
self.testapp.delete('/contexts/%s' % (chash,), "", oauth2Header(username), status=204)
def test_delete_context_as_non_manager_neither_owner(self):
"""
Given a user that has doesn't have the Manager role
And is not the owner of the context
When i try to remove a context
I get a Forbidden
"""
from max.tests.mockers import create_context
username = '******'
self.create_user(test_manager)
self.create_user(username)
res = self.create_context(create_context)
chash = res.json['hash']
self.testapp.delete('/contexts/%s' % (chash,), "", oauth2Header(username), status=403)
# Test context authors
def test_get_context_authors_as_manager(self):
"""
Given a user that is Manager
When i try to list context activity authors
I succeed
"""
from max.tests.mockers import create_context
self.create_user(test_manager)
res = self.create_context(create_context)
chash = res.json['hash']
self.testapp.get('/contexts/%s/activities/authors' % (chash,), "", oauth2Header(test_manager), status=200)
def test_get_context_authors_as_non_manager(self):
"""
Given a user that is not Manager
When i try to list context activity authors
I get a Forbidden
"""
from max.tests.mockers import create_context
username = '******'
self.create_user(test_manager)
self.create_user(username)
res = self.create_context(create_context, permissions={'read': 'subscribed'})
chash = res.json['hash']
self.testapp.get('/contexts/%s/activities/authors' % (chash,), "", oauth2Header(username), status=403)
def test_get_context_authors_as_non_manager_public_context(self):
"""
Given a user that is not Manager
When i try to list context activity authors
I get a Forbidden
"""
from max.tests.mockers import create_context
username = '******'
self.create_user(test_manager)
self.create_user(username)
res = self.create_context(create_context, permissions={'read': 'public'})
chash = res.json['hash']
self.testapp.get('/contexts/%s/activities/authors' % (chash,), "", oauth2Header(username), status=200)
def test_get_count_context_authors_as_non_manager(self):
"""
Given a user that is not Manager
When i try to list the count of context activity authors
I succeed
"""
from max.tests.mockers import create_context, subscribe_context
username = '******'
self.create_user(test_manager)
self.create_user(username)
res = self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
chash = res.json['hash']
self.testapp.head('/contexts/%s/activities/authors' % (chash,), oauth2Header(username), status=200)
class MessagesACLTests(unittest.TestCase, MaxTestBase):
def setUp(self):
self.conf_dir = os.path.dirname(os.path.dirname(__file__))
self.repository = os.path.join(self.conf_dir, 'repository')
self.app = loadapp('config:tests.ini', relative_to=self.conf_dir)
self.app.registry.max_store.drop_collection('users')
self.app.registry.max_store.drop_collection('activity')
self.app.registry.max_store.drop_collection('contexts')
self.app.registry.max_store.drop_collection('security')
self.app.registry.max_store.drop_collection('conversations')
self.app.registry.max_store.drop_collection('messages')
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
def tearDown(self):
shutil.rmtree(self.repository, ignore_errors=True)
def test_add_message_to_conversation(self):
"""
Given i'm a regular user
And I'm a participant in the conversation
When i try to add a message to a conversation
Then i succeed
"""
from max.tests.mockers import group_message as creation_message
from max.tests.mockers import message2
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
res = self.testapp.post('/conversations', json.dumps(creation_message), oauth2Header(sender), status=201)
conversation_id = res.json['contexts'][0]['id']
self.testapp.post('/conversations/{}/messages'.format(conversation_id), json.dumps(message2), oauth2Header(recipient2), status=201)
def test_add_message_to_conversation_not_participant(self):
"""
Given i'm a regular user
And i'm not a participant in the conversation
When i try to add a message to a conversation
Then i get a Forbidden Exception
"""
from max.tests.mockers import message
from max.tests.mockers import message2
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
conversation_id = res.json['contexts'][0]['id']
self.testapp.post('/conversations/{}/messages'.format(conversation_id), json.dumps(message2), oauth2Header(recipient2), status=403)
def test_add_message_to_conversation_impersonating(self):
"""
Given i'm a regular user
When i try to add a message to a conversation
And i'm impersonating as another user
Then i get a Forbidden Exception
"""
from max.tests.mockers import group_message as creation_message
from max.tests.mockers import message4
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
res = self.testapp.post('/conversations', json.dumps(creation_message), oauth2Header(sender), status=201)
conversation_id = res.json['contexts'][0]['id']
self.testapp.post('/conversations/{}/messages'.format(conversation_id), json.dumps(message4), oauth2Header(recipient2), status=403)
def test_add_message_to_conversation_as_owner_impersonating(self):
"""
Given i'm a regular user
And i'm the owner of a conversation
When i try to add a message to a conversation
And i'm impersonating as another user
Then i get a Forbidden Exception
"""
from max.tests.mockers import message
from max.tests.mockers import message4
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
conversation_id = res.json['contexts'][0]['id']
self.testapp.post('/conversations/{}/messages'.format(conversation_id), json.dumps(message4), oauth2Header(sender), status=403)
def test_add_message_to_conversation_as_manager_impersonating(self):
"""
Given i'm a Manager
When i try to add a message to a conversation
And i'm impersonating as another user
Then i succeed
"""
from max.tests.mockers import message
from max.tests.mockers import message4
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
conversation_id = res.json['contexts'][0]['id']
self.testapp.post('/conversations/{}/messages'.format(conversation_id), json.dumps(message4), oauth2Header(test_manager), status=201)
# Get conversation messages list tests
def test_get_messages_as_manager(self):
"""
Given i'm a Manager
When i try to list a conversation's messages
Then i succeed
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = res.json['contexts'][0]['id']
self.testapp.get('/conversations/{}/messages'.format(cid), '', oauth2Header(test_manager), status=200)
def test_get_messages_as_participant(self):
"""
Given i'm a regular user
And i'm a conversation participant
When i try to list a conversation's messages
Then i succeed
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = res.json['contexts'][0]['id']
self.testapp.get('/conversations/{}/messages'.format(cid), '', oauth2Header(recipient), status=200)
def test_get_messages_as_non_participant(self):
"""
Given i'm a regular user
And i'm not a conversation participant
When i try to list a conversation's messages
Then i get a Forbidden Exception
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = res.json['contexts'][0]['id']
self.testapp.get('/conversations/{}/messages'.format(cid), '', oauth2Header(recipient2), status=403)
# Get message attachment tests
def test_get_message_image_as_manager(self):
"""
Given i'm a Manager
When i try to view a message image attachment
Then i succeed
"""
from max.tests.mockers import message
from max.tests.mockers import message_with_image
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = res.json['contexts'][0]['id']
thefile = open(os.path.join(self.conf_dir, "avatar.png"), "rb")
files = [('file', 'avatar.png', thefile.read(), 'image/png')]
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
message_id = self.testapp.post('/conversations/%s/messages' % cid, dict(json_data=json.dumps(message_with_image)), oauth2Header(sender), upload_files=files, status=201).json['id']
self.testapp.get('/messages/%s/image' % (message_id), headers=oauth2Header(test_manager), status=200)
def test_get_message_image_as_participant(self):
"""
Given i'm a regular user
And i'm a conversation participant
When i try to view a message image attachment
Then i succeed
"""
from max.tests.mockers import message
from max.tests.mockers import message_with_image
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = res.json['contexts'][0]['id']
thefile = open(os.path.join(self.conf_dir, "avatar.png"), "rb")
files = [('file', 'avatar.png', thefile.read(), 'image/png')]
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
message_id = self.testapp.post('/conversations/%s/messages' % cid, dict(json_data=json.dumps(message_with_image)), oauth2Header(sender), upload_files=files, status=201).json['id']
self.testapp.get('/messages/%s/image' % (message_id), headers=oauth2Header(recipient), status=200)
def test_get_message_image_as_non_participant(self):
"""
Given i'm a regular user
And i'm not a conversation participant
When i try to view a message image attachment
Then i get a Forbidden Exception
"""
from max.tests.mockers import message
from max.tests.mockers import message_with_image
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = res.json['contexts'][0]['id']
thefile = open(os.path.join(self.conf_dir, "avatar.png"), "rb")
files = [('file', 'avatar.png', thefile.read(), 'image/png')]
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
message_id = self.testapp.post('/conversations/%s/messages' % cid, dict(json_data=json.dumps(message_with_image)), oauth2Header(sender), upload_files=files, status=201).json['id']
self.testapp.get('/messages/%s/image' % (message_id), headers=oauth2Header(recipient2), status=403)
def test_get_message_file_as_manager(self):
"""
Given i'm a Manager
When i try to view a file attachment
Then i succeed
"""
from max.tests.mockers import message
from max.tests.mockers import message_with_file
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = res.json['contexts'][0]['id']
thefile = open(os.path.join(self.conf_dir, "map.pdf"), "rb")
files = [('file', 'map.pdf', thefile.read(), 'application/pdf')]
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
message_id = self.testapp.post('/conversations/%s/messages' % cid, dict(json_data=json.dumps(message_with_file)), oauth2Header(sender), upload_files=files, status=201).json['id']
self.testapp.get('/messages/%s/file/download' % (message_id), headers=oauth2Header(test_manager), status=200)
def test_get_message_file_as_participant(self):
"""
Given i'm a regular user
And i'm a conversation participant
When i try to view a file attachment
Then i succeed
"""
from max.tests.mockers import message
from max.tests.mockers import message_with_file
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = res.json['contexts'][0]['id']
thefile = open(os.path.join(self.conf_dir, "map.pdf"), "rb")
files = [('file', 'map.pdf', thefile.read(), 'application/pdf')]
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
message_id = self.testapp.post('/conversations/%s/messages' % cid, dict(json_data=json.dumps(message_with_file)), oauth2Header(sender), upload_files=files, status=201).json['id']
self.testapp.get('/messages/%s/file/download' % (message_id), headers=oauth2Header(recipient), status=200)
def test_get_message_file_as_non_participant(self):
"""
Given i'm nota regular user
And i'm not a conversation participant
When i try to view a file attachment
Then i get a Forbidden Exception
"""
from max.tests.mockers import message
from max.tests.mockers import message_with_file
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = res.json['contexts'][0]['id']
thefile = open(os.path.join(self.conf_dir, "map.pdf"), "rb")
files = [('file', 'map.pdf', thefile.read(), 'application/pdf')]
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
message_id = self.testapp.post('/conversations/%s/messages' % cid, dict(json_data=json.dumps(message_with_file)), oauth2Header(sender), upload_files=files, status=201).json['id']
self.testapp.get('/messages/%s/file/download' % (message_id), headers=oauth2Header(recipient2), status=403)
class FunctionalTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(__file__)
self.app = loadapp('config:tests.ini', relative_to=conf_dir)
self.reset_database(self.app)
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
def tearDown(self):
import pyramid.testing
pyramid.testing.tearDown()
# BEGIN TESTS
def test_add_device_token_ios(self):
username = '******'
token = {'platform': 'ios', 'token': '12345678901234567890123456789012'}
self.create_user(username)
res = self.testapp.post('/tokens', json.dumps(token), oauth2Header(username), status=201)
result = json.loads(res.text)
self.assertEqual(result.get('token', ''), token['token'])
self.assertEqual(result.get('platform', ''), token['platform'])
def test_add_device_token_android(self):
username = '******'
self.create_user(username)
token = {'platform': 'android', 'token': '12345678901234567890123456789012klhsdflajshdfkjashdfoq'}
res = self.testapp.post('/tokens', json.dumps(token), oauth2Header(username), status=201)
result = json.loads(res.text)
self.assertEqual(result.get('token', ''), token['token'])
self.assertEqual(result.get('platform', ''), token['platform'])
def test_add_device_invalid_platform(self):
username = '******'
token = {'platform': 'blackberry', 'token': '12345678901234567890123456789012klhsdflajshdfkjashdfoq'}
self.create_user(username)
self.testapp.post('/tokens', json.dumps(token), oauth2Header(username), status=400)
def test_delete_device_token(self):
username = '******'
token = {'platform': 'ios', 'token': '12345678901234567890123456789012'}
self.create_user(username)
self.testapp.post('/tokens', json.dumps(token), oauth2Header(username), status=201)
self.testapp.delete('/tokens/%s' % (token['token']), "", oauth2Header(username), status=204)
def test_add_duplicated_token(self):
"""
Given i'm a regular user
"""
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
token = {'platform': 'ios', 'token': '12345678901234567890123456789012'}
self.testapp.post('/tokens', json.dumps(token), oauth2Header(sender), status=201)
sender_tokens = self.testapp.get('/people/{}/tokens/platforms/{}'.format(sender, token['platform']), "", headers=oauth2Header(sender), status=200).json
self.assertEqual(len(sender_tokens), 1)
self.testapp.post('/tokens', json.dumps(token), oauth2Header(recipient), status=201)
sender_tokens = self.testapp.get('/people/{}/tokens/platforms/{}'.format(sender, token['platform']), "", headers=oauth2Header(sender), status=200).json
recipient_tokens = self.testapp.get('/people/{}/tokens/platforms/{}'.format(recipient, token['platform']), "", headers=oauth2Header(recipient), status=200).json
self.assertEqual(len(sender_tokens), 0)
self.assertEqual(len(recipient_tokens), 1)
def test_get_pushtokens_for_given_conversations(self):
""" doctest .. http:get:: /conversations/{id}/tokens """
from .mockers import message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
platform = 'ios'
token_sender = '12345678901234567890123456789012'
token_recipient = '12345678901234567890123456789013'
self.testapp.post('/people/%s/device/%s/%s' % (sender, platform, token_sender), "", oauth2Header(sender), status=201)
self.testapp.post('/people/%s/device/%s/%s' % (recipient, platform, token_recipient), "", oauth2Header(recipient), status=201)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
conversation_id = res.json['contexts'][0]['id']
res = self.testapp.get('/conversations/%s/tokens' % (conversation_id), '', oauth2Header(test_manager), status=200)
self.assertEqual(res.json[0]['platform'], u'ios')
self.assertEqual(res.json[0]['token'], u'12345678901234567890123456789013')
self.assertEqual(res.json[0]['username'], u'xavi')
self.assertEqual(res.json[1]['platform'], u'ios')
self.assertEqual(res.json[1]['token'], u'12345678901234567890123456789012')
self.assertEqual(res.json[1]['username'], u'messi')
self.assertEqual(len(res.json), 2)
def test_get_pushtokens_for_given_context(self):
"""
"""
from .mockers import create_context, subscribe_context
username = '******'
username2 = 'xavi'
self.create_user(username)
self.create_user(username2)
platform = 'ios'
token_1 = '12345678901234567890123456789012'
token_2 = '12345678901234567890123456789013'
self.testapp.post('/people/%s/device/%s/%s' % (username, platform, token_1), "", oauth2Header(username), status=201)
self.testapp.post('/people/%s/device/%s/%s' % (username2, platform, token_2), "", oauth2Header(username2), status=201)
url_hash = self.create_context(create_context).json['hash']
self.admin_subscribe_user_to_context(username, subscribe_context)
res = self.testapp.get('/contexts/%s/tokens' % (url_hash), '', oauth2Header(test_manager), status=200)
self.assertEqual(res.json[0]['platform'], u'ios')
self.assertEqual(res.json[0]['token'], u'12345678901234567890123456789012')
self.assertEqual(res.json[0]['username'], u'messi')
self.assertEqual(len(res.json), 1)
class FunctionalTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(__file__)
self.app = loadapp('config:tests.ini', relative_to=conf_dir)
self.reset_database(self.app)
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
# BEGIN TESTS
def test_favorite_activity(self):
"""
Given a plain user
and a regular context
When i post an activity in a context
Then someone else can favorite this activity
"""
from .mockers import user_status_context
from .mockers import subscribe_context, create_context
username = '******'
username_not_me = 'xavi'
self.create_user(username)
self.create_user(username_not_me)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
self.admin_subscribe_user_to_context(username_not_me, subscribe_context)
res = self.create_activity(username, user_status_context)
activity_id = res.json['id']
res = self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username_not_me), status=201)
activity = self.testapp.get('/activities/%s' % activity_id, '', oauth2Header(username), status=200)
self.assertEqual(res.json['object']['favorites'][0]['username'], username_not_me)
self.assertEqual(res.json['object']['favorited'], True)
self.assertEqual(res.json['object']['favoritesCount'], 1)
self.assertEqual(activity.json['favorites'][0]['username'], username_not_me)
self.assertEqual(activity.json['favorited'], False)
self.assertEqual(activity.json['favoritesCount'], 1)
def test_favorite_already_favorited_activity(self):
"""
Given a plain user
and a regular context
When i post an activity in a context
And someone favorites this activity
Then this someone else can't favorite twice this activity
"""
from .mockers import user_status_context
from .mockers import subscribe_context, create_context
username = '******'
username_not_me = 'xavi'
self.create_user(username)
self.create_user(username_not_me)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
self.admin_subscribe_user_to_context(username_not_me, subscribe_context)
res = self.create_activity(username, user_status_context)
activity_id = res.json['id']
res = self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username_not_me), status=201)
res = self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username_not_me), status=200)
self.assertEqual(res.json['object']['favorites'][0]['username'], username_not_me)
self.assertEqual(res.json['object']['favorited'], True)
self.assertEqual(res.json['object']['favoritesCount'], 1)
def test_unfavorite_activity(self):
"""
Given a plain user
and a regular context
When i post an activity in a context
Then someone else can remove previously favorite mark from this activity
"""
from .mockers import user_status_context
from .mockers import subscribe_context, create_context
username = '******'
username_not_me = 'xavi'
self.create_user(username)
self.create_user(username_not_me)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
self.admin_subscribe_user_to_context(username_not_me, subscribe_context)
res = self.create_activity(username, user_status_context)
activity_id = res.json['id']
res = self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username_not_me), status=201)
res = self.testapp.delete('/activities/%s/favorites/%s' % (activity_id, username_not_me), '', oauth2Header(username_not_me), status=200)
activity = self.testapp.get('/activities/%s' % activity_id, '', oauth2Header(username), status=200)
self.assertEqual(res.json['object']['favorites'], [])
self.assertEqual(res.json['object']['favorited'], False)
self.assertEqual(res.json['object']['favoritesCount'], 0)
self.assertEqual(activity.json['favorites'], [])
self.assertEqual(activity.json['favorited'], False)
self.assertEqual(activity.json['favoritesCount'], 0)
def test_favorite_activity_by_various(self):
"""
Given a plain user
and a regular context
When i post an activity in a context
Then someone else can favorite this activity
and i also can favorite it
"""
from .mockers import user_status_context
from .mockers import subscribe_context, create_context
username = '******'
username_not_me = 'xavi'
self.create_user(username)
self.create_user(username_not_me)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
self.admin_subscribe_user_to_context(username_not_me, subscribe_context)
res = self.create_activity(username, user_status_context)
activity_id = res.json['id']
res = self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username_not_me), status=201)
res = self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username), status=201)
self.assertEqual(res.json['object']['favorites'][0]['username'], username_not_me)
self.assertEqual(res.json['object']['favorites'][1]['username'], username)
self.assertEqual(res.json['object']['favorited'], True)
self.assertEqual(res.json['object']['favoritesCount'], 2)
def test_unfavorite_activity_get_other_favorites(self):
"""
Given a plain user
and a regular context
When i post an activity in a context
And varius users favorite it
And someone unfavorite it
Then someone who unfavorite this activity
and the rest of favorites remains
"""
from .mockers import user_status_context
from .mockers import subscribe_context, create_context
username = '******'
username_not_me = 'xavi'
self.create_user(username)
self.create_user(username_not_me)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
self.admin_subscribe_user_to_context(username_not_me, subscribe_context)
res = self.create_activity(username, user_status_context)
activity_id = res.json['id']
res = self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username_not_me), status=201)
res = self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username), status=201)
res = self.testapp.delete('/activities/%s/favorites/%s' % (activity_id, username_not_me), '', oauth2Header(username_not_me), status=200)
self.assertEqual(res.json['object']['favorites'][0]['username'], username)
self.assertEqual(res.json['object']['favorited'], False)
self.assertEqual(res.json['object']['favoritesCount'], 1)
class FunctionalTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(__file__)
self.app = loadapp('config:tests.ini', relative_to=conf_dir)
self.reset_database(self.app)
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
# BEGIN TESTS
def test_invalid_token(self):
username = '******'
res = self.testapp.post('/people/%s' % username, json.dumps({}), oauth2Header(test_manager, token='bad token'), status=401)
self.assertEqual(res.json['error_description'], 'Invalid token.')
def test_invalid_token_TEMPORARY(self):
from hashlib import sha1
from .mockers import create_context
mindundi = 'messi'
self.create_user(mindundi)
self.create_context(create_context, owner=mindundi)
url_hash = sha1(create_context['url']).hexdigest()
res = self.testapp.put('/contexts/%s' % url_hash, json.dumps({"twitterHashtag": "assignatura1"}), oauth2Header(mindundi, token='bad token'), status=401)
self.assertEqual(res.json['error_description'], 'Invalid token.')
def test_invalid_scope(self):
username = '******'
headers = oauth2Header(test_manager)
headers['X-Oauth-Scope'] = 'Invalid scope'
res = self.testapp.post('/people/%s' % username, "", headers, status=401)
self.assertEqual(res.json['error_description'], 'The specified scope is not allowed for this resource.')
def test_invalid_scope_TEMPORARY(self):
from hashlib import sha1
from .mockers import create_context
mindundi = 'messi'
headers = oauth2Header(test_manager)
headers['X-Oauth-Scope'] = 'Invalid scope'
self.create_user(mindundi)
self.create_context(create_context, owner=mindundi)
url_hash = sha1(create_context['url']).hexdigest()
res = self.testapp.put('/contexts/%s' % url_hash, json.dumps({"twitterHashtag": "assignatura1"}), headers, status=401)
self.assertEqual(res.json['error_description'], 'The specified scope is not allowed for this resource.')
def test_required_user_not_found(self):
from hashlib import sha1
from .mockers import create_context
mindundi = 'messi'
self.create_context(create_context, owner=mindundi)
url_hash = sha1(create_context['url']).hexdigest()
res = self.testapp.put('/contexts/%s' % url_hash, json.dumps({"twitterHashtag": "assignatura1"}), oauth2Header(mindundi), status=400)
self.assertEqual(res.json['error_description'], 'Unknown actor identified by: messi')
def test_post_activity_no_auth_headers(self):
from .mockers import user_status
username = '******'
self.create_user(username)
res = self.testapp.post('/people/%s/activities' % username, json.dumps(user_status), status=401)
result = json.loads(res.text)
self.assertEqual(result.get('error', None), 'Unauthorized')
class FunctionalTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(__file__)
self.app = loadapp('config:tests.ini', relative_to=conf_dir)
self.reset_database(self.app)
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
# BEGIN TESTS
def test_has_remaining_items(self):
"""
Given there are more than 10 users
When i query 10 users
I get a X-Has-Remaining-Items header
"""
# Create 9 users + 1 already existing (test_manager)
for i in range(10):
self.create_user('user-{}'.format(i))
res = self.testapp.get('/people', headers=oauth2Header(test_manager), status=200)
self.assertEqual(len(res.json), 10)
self.assertEqual(res.headers['X-Has-Remaining-Items'], '1')
def test_not_has_remaining_items_wihout_limit(self):
"""
Given there are more than 10 users
When i query unlimited users
I don't get a X-Has-Remaining-Items header
"""
# Create 9 users + 1 already existing (test_manager)
for i in range(10):
self.create_user('user-{}'.format(i))
res = self.testapp.get('/people?limit=0', headers=oauth2Header(test_manager), status=200)
self.assertEqual(len(res.json), 11)
self.assertNotIn('X-Has-Remaining-Items', res.headers)
def test_not_has_remaining_items(self):
"""
Given there are exactly 10 users
When i query 10 users
I don't get a X-Has-Remaining-Items header
"""
# Create 9 users + 1 already existing (test_manager)
for i in range(9):
self.create_user('user-{}'.format(i))
res = self.testapp.get('/people', headers=oauth2Header(test_manager), status=200)
self.assertEqual(len(res.json), 10)
self.assertNotIn('X-Has-Remaining-Items', res.headers)
def test_activities_keyword_generation(self):
"""
Tests that all words passing regex are included in keywords
Tests that username that creates the activity is included in keywords
Tests that displayName of user that creates the activity is included in keywords
Tests that username that creates the comment is included in keywords
Tests that displayName of user that creates the comment is included in keywords
Tests that a keyword of a comment is included in keywords
"""
from .mockers import create_context
from .mockers import subscribe_context, user_status_context, user_comment
username = '******'
username2 = 'xavi'
self.create_user(username, displayName="Lionel Messi")
self.create_user(username2, displayName="Xavi Hernandez")
self.create_context(create_context, permissions=dict(read='public', write='subscribed', subscribe='restricted', invite='restricted'))
self.admin_subscribe_user_to_context(username, subscribe_context)
self.admin_subscribe_user_to_context(username2, subscribe_context)
activity = self.create_activity(username, user_status_context).json
res = self.testapp.post('/activities/%s/comments' % str(activity['id']), json.dumps(user_comment), oauth2Header(username2), status=201)
res = self.testapp.get('/activities/%s' % str(activity['id']), json.dumps({}), oauth2Header(username), status=200)
expected_keywords = [u'activitat', u'canvi', u'comentari', u'creaci\xf3', u'estatus', u'hernandez', u'lionel', u'messi', u'nou', u'testejant', u'una', u'xavi']
response_keywords = res.json['keywords']
response_keywords.sort()
self.assertListEqual(response_keywords, expected_keywords)
def test_activities_keyword_generation_after_comment_delete(self):
"""
test that the keywords supplied by a comment disappers from activity when deleting the comment
"""
from .mockers import create_context
from .mockers import subscribe_context, user_status_context, user_comment
username = '******'
username2 = 'xavi'
self.create_user(username, displayName="Lionel Messi")
self.create_user(username2, displayName="Xavi Hernandez")
self.create_context(create_context, permissions=dict(read='public', write='subscribed', subscribe='restricted', invite='restricted'))
self.admin_subscribe_user_to_context(username, subscribe_context)
self.admin_subscribe_user_to_context(username2, subscribe_context)
activity = self.create_activity(username, user_status_context).json
res = self.testapp.post('/activities/%s/comments' % str(activity['id']), json.dumps(user_comment), oauth2Header(username2), status=201)
comment_id = res.json['id']
res = self.testapp.delete('/activities/%s/comments/%s' % (str(activity['id']), comment_id), "", oauth2Header(username2), status=204)
res = self.testapp.get('/activities/%s' % str(activity['id']), json.dumps({}), oauth2Header(username), status=200)
expected_keywords = [u'canvi', u'creaci\xf3', u'estatus', u'lionel', u'messi', u'testejant']
response_keywords = res.json['keywords']
response_keywords.sort()
self.assertListEqual(response_keywords, expected_keywords)
def test_activities_hashtag_generation(self):
"""
Tests that all hashtags passing regex are included in _hashtags
Tests that a hashtag of a comment is included in hashtags
"""
from .mockers import create_context
from .mockers import subscribe_context, user_status_context_with_hashtag, user_comment_with_hashtag
username = '******'
self.create_user(username)
self.create_context(create_context, permissions=dict(read='public', write='subscribed', subscribe='restricted', invite='restricted'))
self.admin_subscribe_user_to_context(username, subscribe_context)
res = self.create_activity(username, user_status_context_with_hashtag)
activity = json.loads(res.text)
res = self.testapp.post('/activities/%s/comments' % str(activity.get('id')), json.dumps(user_comment_with_hashtag), oauth2Header(username), status=201)
res = self.testapp.get('/activities/%s' % str(activity.get('id')), json.dumps({}), oauth2Header(username), status=200)
result = json.loads(res.text)
expected_hashtags = [u'canvi', u'comentari', u'nou']
self.assertListEqual(result['object']['hashtags'], expected_hashtags)
def test_context_activities_hashtag_search(self):
"""
"""
from .mockers import context_query
from .mockers import create_context
from .mockers import subscribe_context, user_status_context
username = '******'
self.create_user(username)
self.create_context(create_context, permissions=dict(read='public', write='subscribed', subscribe='restricted', invite='restricted'))
self.admin_subscribe_user_to_context(username, subscribe_context)
self.create_activity(username, user_status_context)
self.create_activity(username, user_status_context, note='text with hashtag #test')
res = self.testapp.get('/contexts/%s/activities?hashtag=test' % (context_query['context']), '', oauth2Header(username), status=200)
result = json.loads(res.text)
self.assertEqual(len(result), 1)
def test_context_activities_keyword_search(self):
"""
"""
from .mockers import context_query
from .mockers import context_query_kw_search
from .mockers import create_context
from .mockers import subscribe_context, user_status_context
username = '******'
self.create_user(username)
self.create_context(create_context, permissions=dict(read='public', write='subscribed', subscribe='restricted', invite='restricted'))
self.admin_subscribe_user_to_context(username, subscribe_context)
self.create_activity(username, user_status_context)
res = self.testapp.get('/contexts/%s/activities' % (context_query['context']), context_query_kw_search, oauth2Header(username), status=200)
result = json.loads(res.text)
self.assertEqual(len(result), 1)
def test_context_comments_keyword_search(self):
"""
"""
from .mockers import create_context
from .mockers import subscribe_context, user_status_context
from .mockers import user_comment
username = '******'
self.create_user(username)
self.create_context(create_context, permissions=dict(read='public', write='subscribed', subscribe='restricted', invite='restricted'))
self.admin_subscribe_user_to_context(username, subscribe_context)
self.create_activity(username, user_status_context)
activity_1_id = self.create_activity(username, user_status_context, note='Second activity').json['id']
res = self.testapp.post('/activities/%s/comments' % activity_1_id, json.dumps(user_comment), oauth2Header(username), status=201)
res = self.testapp.get('/activities/comments', {'keyword': ['comentari']}, oauth2Header(test_manager), status=200)
result = json.loads(res.text)
self.assertEqual(len(result), 1)
self.assertEqual(result[0]['object']['inReplyTo'][0]['id'], activity_1_id)
def test_context_activities_actor_search(self):
"""
"""
from .mockers import context_query
from .mockers import create_context
from .mockers import subscribe_context, user_status_context
username = '******'
self.create_user(username)
username2 = 'xavi'
self.create_user(username2)
self.create_context(create_context, permissions=dict(read='public', write='subscribed', subscribe='restricted', invite='restricted'))
self.admin_subscribe_user_to_context(username, subscribe_context)
self.admin_subscribe_user_to_context(username2, subscribe_context)
self.create_activity(username, user_status_context)
self.create_activity(username, user_status_context, note="second")
self.create_activity(username2, user_status_context)
res = self.testapp.get('/contexts/%s/activities?actor=%s' % (context_query['context'], username), '', oauth2Header(username), status=200)
result = json.loads(res.text)
self.assertEqual(len(result), 2)
self.assertEqual(result[0].get('actor', None).get('username'), 'messi')
self.assertEqual(result[1].get('actor', None).get('username'), 'messi')
def test_timeline_activities_actor_search(self):
"""
"""
from .mockers import create_context
from .mockers import subscribe_context, user_status_context
username = '******'
self.create_user(username)
username2 = 'xavi'
self.create_user(username2)
self.create_context(create_context, permissions=dict(read='public', write='subscribed', subscribe='restricted', invite='restricted'))
self.admin_subscribe_user_to_context(username, subscribe_context)
self.admin_subscribe_user_to_context(username2, subscribe_context)
self.create_activity(username, user_status_context)
self.create_activity(username, user_status_context, note="second")
self.create_activity(username2, user_status_context)
self.create_activity(username2, user_status_context, note="second")
res = self.testapp.get('/people/%s/timeline?actor=%s' % (username, username), '', oauth2Header(username), status=200)
result = json.loads(res.text)
self.assertEqual(len(result), 2)
self.assertEqual(result[0].get('actor', None).get('username'), 'messi')
self.assertEqual(result[1].get('actor', None).get('username'), 'messi')
def test_timeline_user_filter_activities_by_other_actor_and_not_permission_in_community(self):
"""
"""
from .mockers import create_context, create_contextA
from .mockers import subscribe_context, user_status_context
username = '******'
self.create_user(username)
username2 = 'xavi'
self.create_user(username2)
self.create_context(create_context, permissions=dict(read='public', write='subscribed', subscribe='restricted', invite='restricted'))
self.admin_subscribe_user_to_context(username, subscribe_context)
self.create_activity(username, user_status_context)
self.create_activity(username, user_status_context, note="second")
res = self.testapp.get('/people/%s/timeline?actor=%s' % (username2, username), '', oauth2Header(username2), status=200)
result = json.loads(res.text)
self.assertEqual(len(result), 0)
def test_timeline_user_filter_activities_by_other_actor_and_have_permission_community(self):
"""
"""
from .mockers import create_context, create_contextA
from .mockers import subscribe_context, user_status_context
username = '******'
self.create_user(username)
username2 = 'xavi'
self.create_user(username2)
self.create_context(create_context, permissions=dict(read='public', write='subscribed', subscribe='restricted', invite='restricted'))
self.admin_subscribe_user_to_context(username, subscribe_context)
self.admin_subscribe_user_to_context(username2, subscribe_context)
self.create_activity(username, user_status_context)
self.create_activity(username, user_status_context, note="second")
res = self.testapp.get('/people/%s/timeline?actor=%s' % (username2, username), '', oauth2Header(username2), status=200)
result = json.loads(res.text)
self.assertEqual(len(result), 2)
self.assertEqual(result[0].get('actor', None).get('username'), 'messi')
self.assertEqual(result[1].get('actor', None).get('username'), 'messi')
def test_contexts_search(self):
"""
Given an admin user
When I search for all contexts
Then I get them all
"""
from .mockers import create_context, create_contextA, create_contextB
self.create_context(create_context)
self.create_context(create_contextA)
self.create_context(create_contextB)
res = self.testapp.get('/contexts', '', oauth2Header(test_manager), status=200)
self.assertEqual(len(res.json), 3)
def test_contexts_search_with_tags(self):
"""
Given an admin user
When I search for contexts with a tag
Then I get tthe ones with that tag
"""
from .mockers import create_context, create_contextA, create_contextB
from .mockers import context_search_by_tags
self.create_context(create_context) # Tagged "Assignatura"
self.create_context(create_contextA) # Tagged "Assignatura"
self.create_context(create_contextB) # Not tagged
res = self.testapp.get('/contexts?tags', context_search_by_tags, oauth2Header(test_manager), status=200)
self.assertEqual(len(res.json), 2)
def test_public_contexts_search_with_tags(self):
"""
Given a plain user
When I search for public contexts with a tag
Then I get the ones with that tag
"""
from .mockers import create_context, create_contextA, create_contextB
from .mockers import context_search_by_tags
username = '******'
self.create_user(username)
self.create_context(create_context)
self.create_context(create_contextA, permissions=dict(read='subscribed', write='subscribed', subscribe='restricted', invite='subscribed'))
self.create_context(create_contextB)
res = self.testapp.get('/contexts/public?tags', context_search_by_tags, oauth2Header(username), status=200)
self.assertEqual(len(res.json), 1)
def test_search_with_invalid_parameters(self):
"""
Given a plain user
When I do a search with invalid parameters
Then I get a Bad Request Error
"""
username = '******'
self.create_user(username)
fake_id = '519200000000000000000000'
self.testapp.get('/people?limit=a', '', oauth2Header(username), status=400)
self.testapp.get('/people?after=0', '', oauth2Header(username), status=400)
self.testapp.get('/people?before=0', '', oauth2Header(username), status=400)
self.testapp.get('/people?before={0}&after={0}'.format(fake_id), '', oauth2Header(username), status=400)
def test_context_timeline_favorites_search(self):
"""
"""
from .mockers import create_context
from .mockers import subscribe_context, user_status_context
username = '******'
self.create_user(username)
username2 = 'xavi'
self.create_user(username2)
self.create_context(create_context, permissions=dict(read='public', write='subscribed', subscribe='restricted', invite='restricted'))
self.admin_subscribe_user_to_context(username, subscribe_context)
self.admin_subscribe_user_to_context(username2, subscribe_context)
res = self.create_activity(username, user_status_context)
activity1_id = res.json['id']
self.create_activity(username, user_status_context, note="second")
res = self.create_activity(username2, user_status_context)
activity3_id = res.json['id']
self.create_activity(username2, user_status_context, note="second")
self.favorite_activity(username, activity1_id)
self.favorite_activity(username, activity3_id)
res = self.testapp.get('/people/%s/timeline?favorites=true' % (username), '', oauth2Header(username), status=200)
self.assertEqual(len(res.json), 2)
self.assertEqual(res.json[0]['id'], activity3_id)
self.assertEqual(res.json[1]['id'], activity1_id)
class FunctionalTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(__file__)
self.app = loadapp('config:tests.ini', relative_to=conf_dir)
self.reset_database(self.app)
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
# BEGIN TESTS
def test_get_all_users_admin(self):
username = '******'
self.create_user(username)
res = self.testapp.get('/people', "", oauth2Header(test_manager))
self.assertEqual(len(res.json), 2)
self.assertEqual(res.json[0].get('username'), 'test_manager')
self.assertEqual(res.json[1].get('username'), 'messi')
def test_admin_post_activity_without_context(self):
from .mockers import user_status
username = '******'
self.create_user(username)
res = self.testapp.post('/people/%s/activities' % username, json.dumps(user_status), oauth2Header(test_manager))
result = json.loads(res.text)
self.assertEqual(result.get('actor', None).get('username', None), 'messi')
self.assertEqual(result.get('object', None).get('objectType', None), 'note')
self.assertEqual(result.get('contexts', None), None)
def test_admin_post_activity_with_context(self):
""" doctest .. http:post:: /people/{username}/activities """
from .mockers import subscribe_context
from .mockers import user_status_context
from .mockers import create_context
username = '******'
self.create_user(username)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
res = self.testapp.post('/people/%s/activities' % username, json.dumps(user_status_context), oauth2Header(test_manager))
result = json.loads(res.text)
self.assertEqual(result.get('actor', None).get('username', None), 'messi')
self.assertEqual(result.get('object', None).get('objectType', None), 'note')
self.assertEqual(result.get('contexts', None)[0]['url'], subscribe_context['object']['url'])
def test_admin_post_activity_with_context_as_actor(self):
""" doctest .. http:post:: /contexts/{hash}/activities """
from .mockers import subscribe_context
from .mockers import user_status_as_context
from .mockers import create_context
from hashlib import sha1
self.create_context(create_context)
url_hash = sha1(create_context['url']).hexdigest()
res = self.testapp.post('/contexts/%s/activities' % url_hash, json.dumps(user_status_as_context), oauth2Header(test_manager), status=201)
result = json.loads(res.text)
self.assertEqual(result.get('actor', None).get('hash', None), url_hash)
self.assertEqual(result.get('object', None).get('objectType', None), 'note')
self.assertEqual(result.get('contexts', None)[0]['url'], subscribe_context['object']['url'])
def test_get_other_activities(self):
from .mockers import user_status_context
from .mockers import subscribe_context, create_context
username = '******'
self.create_user(username)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
self.create_activity(username, user_status_context)
self.testapp.get('/people/%s/activities' % (username), '', oauth2Header(test_manager), status=200)
def test_delete_user(self):
username = '******'
self.create_user(username)
self.testapp.delete('/people/%s' % username, '', oauth2Header(test_manager), status=204)
def test_delete_all_conversations(self):
from .mockers import group_message as message
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
self.testapp.delete('/conversations', '', oauth2Header(test_manager), status=204)
conversations = self.testapp.get('/conversations', '', oauth2Header(sender), status=200)
self.assertEqual(len(conversations.json), 0)
user_data = self.testapp.get('/people/{}'.format(sender), '', oauth2Header(sender), status=200)
self.assertEqual(len(user_data.json['talkingIn']), 0)
def test_delete_inexistent_user(self):
username = '******'
username2 = 'xavi'
self.create_user(username)
self.testapp.delete('/people/%s' % username2, '', oauth2Header(test_manager), status=400)
def test_admin_delete_inexistent_activity(self):
fake_id = '519200000000000000000000'
self.testapp.delete('/activities/%s' % (fake_id), '', oauth2Header(test_manager), status=404)
def test_admin_get_people_activities_by_context(self):
"""
"""
from .mockers import user_status
from .mockers import context_query
from .mockers import create_context
from .mockers import subscribe_context, user_status_context
username = '******'
self.create_user(username)
self.create_context(create_context, permissions=dict(read='subscribed', write='subscribed', subscribe='restricted', invite='restricted'))
self.admin_subscribe_user_to_context(username, subscribe_context)
self.create_activity(username, user_status_context)
self.create_activity(username, user_status)
res = self.testapp.get('/people/%s/activities' % username, context_query, oauth2Header(test_manager), status=200)
result = json.loads(res.text)
self.assertEqual(len(result), 1)
def test_admin_get_all_activities_by_context(self):
"""
XXX This test was here to test the Manager endpoint that didn't search for recursive activities
now this is unified so this feature will have to be refactored to a preset or parameter to
disable recursivity.
The test now is fixed to pass with correct acitivity count asserts
"""
from .mockers import user_status
from .mockers import subscribe_context, subscribe_contextA
from .mockers import create_context, create_contextA
from .mockers import user_status_context, user_status_contextA
from hashlib import sha1
username = '******'
self.create_user(username)
self.create_context(create_context, permissions=dict(read='subscribed', write='subscribed', subscribe='restricted', invite='restricted'))
self.admin_subscribe_user_to_context(username, subscribe_context)
url_hash = sha1(create_context['url']).hexdigest()
self.create_context(create_contextA, permissions=dict(read='subscribed', write='subscribed', subscribe='restricted', invite='restricted'))
self.admin_subscribe_user_to_context(username, subscribe_contextA)
url_hashA = sha1(create_contextA['url']).hexdigest()
self.create_activity(username, user_status_context)
self.create_activity(username, user_status_contextA)
self.create_activity(username, user_status)
res = self.testapp.get('/contexts/%s/activities' % url_hash, {}, oauth2Header(test_manager), status=200)
result = json.loads(res.text)
self.assertEqual(len(result), 2)
res = self.testapp.get('/contexts/%s/activities' % url_hashA, {}, oauth2Header(test_manager), status=200)
result = json.loads(res.text)
self.assertEqual(len(result), 1)
# def test_admin_post_activity_with_unauthorized_context_type_as_actor(self):
# from .mockers import create_unauthorized_context
# from hashlib import sha1
# result = self.create_context(create_invalid_context, expect=201)
# url_hash = sha1(create_invalid_context['object']['url']).hexdigest()
# res = self.testapp.post('/contexts/%s/activities' % url_hash, json.dumps(user_status_context), oauth2Header(test_manager))
# result = json.loads(res.text)
# self.assertEqual(result.get('actor', None).get('hash', None), url_hash)
# self.assertEqual(result.get('object', None).get('objectType', None), 'note')
# self.assertEqual(result.get('contexts', None)[0], subscribe_context['object'])
def test_get_users_twitter_enabled(self):
""" Doctest .. http:get:: /people """
username = '******'
username2 = 'xavi'
self.create_user(username)
self.create_user(username2)
self.modify_user(username, {"twitterUsername": "******"})
res = self.testapp.get('/people', {"twitter_enabled": True}, oauth2Header(test_manager), status=200)
self.assertEqual(len(res.json), 1)
self.assertIn('twitterUsername', res.json[0])
def test_get_context_twitter_enabled(self):
from .mockers import create_context, create_contextA
self.create_context(create_context)
self.create_context(create_contextA)
self.modify_context(create_context['url'], {"twitterHashtag": "assignatura1", "twitterUsername": "******"})
res = self.testapp.get('/contexts', {"twitter_enabled": True}, oauth2Header(test_manager), status=200)
self.assertEqual(len(res.json), 1)
def test_rename_context_url(self):
from .mockers import create_context
from .mockers import subscribe_context, user_status_context
from hashlib import sha1
username = '******'
self.create_user(username)
self.create_context(create_context, permissions=dict(read='subscribed', write='subscribed', subscribe='restricted', invite='restricted'))
self.admin_subscribe_user_to_context(username, subscribe_context)
activity = self.create_activity(username, user_status_context)
url_hash = sha1(create_context['url']).hexdigest()
res = self.testapp.put('/contexts/%s' % url_hash, json.dumps({"url": "http://new.url"}), oauth2Header(test_manager), status=200)
# Test context is updated
new_url_hash = sha1('http://new.url').hexdigest()
res = self.testapp.get('/contexts/%s' % new_url_hash, "", oauth2Header(test_manager), status=200)
self.assertEqual(res.json['url'], 'http://new.url')
self.assertEqual(res.json['hash'], new_url_hash)
# Test user subscription is updated
res = self.testapp.get('/people/%s' % username, "", oauth2Header(test_manager), status=200)
self.assertEqual(res.json['subscribedTo'][0]['url'], 'http://new.url')
self.assertEqual(res.json['subscribedTo'][0]['hash'], new_url_hash)
# Test user original subscription activity is updated
subscription_activity = self.exec_mongo_query('activity', 'find', {'object.hash': new_url_hash, 'object.url': "http://new.url", 'actor.username': username})
self.assertNotEqual(subscription_activity, [])
self.assertEqual(subscription_activity[0]['object']['hash'], new_url_hash)
self.assertEqual(subscription_activity[0]['object']['url'], 'http://new.url')
# Test user activity is updated
res = self.testapp.get('/activities/%s' % activity.json['id'], "", oauth2Header(test_manager), status=200)
self.assertEqual(res.json['contexts'][0]['url'], 'http://new.url')
self.assertEqual(res.json['contexts'][0]['hash'], new_url_hash)
class FunctionalTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(__file__)
self.app = loadapp('config:tests.ini', relative_to=conf_dir)
self.reset_database(self.app)
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
def tearDown(self):
self.patched_post.stop()
# BEGIN TESTS
def test_create_activity_strip_tags(self):
""" doctest .. http:post:: /people/{username}/activities """
from .mockers import user_status
username = '******'
self.create_user(username)
res = self.testapp.post('/people/%s/activities' % username, json.dumps(user_status), oauth2Header(username), status=201)
self.assertEqual(res.json['object']['content'], u"[A] Testejant la creació d'un canvi d'estatus")
def test_post_comment_strip_tags(self):
""" doctest .. http:post:: /activities/{activity}/comments """
from .mockers import user_status, user_comment
from .mockers import subscribe_context, create_context
username = '******'
self.create_user(username)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
activity = self.create_activity(username, user_status)
activity = activity.json
res = self.testapp.post('/activities/%s/comments' % str(activity.get('id')), json.dumps(user_comment), oauth2Header(username), status=201)
self.assertEqual(res.json['object']['content'], u"[C] Testejant un comentari nou a una activitat")
def test_post_message_to_conversation_strip_tags(self):
""" doctest .. http:post:: /conversations """
from .mockers import message_with_tags
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(message_with_tags), oauth2Header(sender), status=201)
self.assertEqual(res.json['object']['content'], u'A <strong>text</strong> A')
def test_post_activity_shortens_url(self):
""" """
from .mockers import user_status_with_url
username = '******'
self.create_user(username)
res = self.create_activity(username, user_status_with_url)
self.assertIn('bit.ly', res.json['object']['content'],)
@httpretty.activate
def test_url_shortened_bitly_failure(self):
from max.utils.formatting import shortenURL
http_mock_bitly(status=500)
url = 'http://example.com'
bitly_username = '******'
bitly_api_key = 'R_1123ce7d9aea4d699f65af02912c048e'
newurl = shortenURL(url, bitly_username, bitly_api_key)
self.assertEqual(url, newurl)
@httpretty.activate
def test_url_shortened_parsing_failure(self):
from max.utils.formatting import shortenURL
http_mock_bitly(status=500, body="invalid json")
url = 'http://example.com'
bitly_username = '******'
bitly_api_key = 'R_1123ce7d9aea4d699f65af02912c048e'
newurl = shortenURL(url, bitly_username, bitly_api_key)
self.assertEqual(url, newurl)
@httpretty.activate
def test_url_shortened(self):
from max.utils.formatting import shortenURL
http_mock_bitly()
url = 'http://example.com'
bitly_username = '******'
bitly_api_key = 'R_1123ce7d9aea4d699f65af02912c048e'
newurl = shortenURL(url, bitly_username, bitly_api_key)
self.assertEqual(newurl, "http://shortened.url")
@httpretty.activate
def test_url_secure_shortened(self):
from max.utils.formatting import shortenURL
http_mock_bitly()
url = 'http://example.com'
bitly_username = '******'
bitly_api_key = 'R_1123ce7d9aea4d699f65af02912c048e'
newurl = shortenURL(url, bitly_username, bitly_api_key, secure=True)
self.assertEqual(newurl, "https://shortened.url")
class FunctionalTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(__file__)
self.app = loadapp('config:tests.ini', relative_to=conf_dir)
self.reset_database(self.app)
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
def tearDown(self):
import pyramid.testing
shutil.rmtree(self.app.registry.settings['file_repository'], ignore_errors=True)
pyramid.testing.tearDown()
# BEGIN TESTS
def test_create_image_activity(self):
"""
Given a plain user
When I post an image activity
And I am authenticated as myself
Then the image activity is created correctly
"""
from .mockers import user_image_activity as activity
username = '******'
self.create_user(username)
thefile = open(os.path.join(os.path.dirname(__file__), "avatar.png"), "rb")
files = [('file', 'avatar.png', thefile.read(), 'image/png')]
res = self.testapp.post('/people/{}/activities'.format(username), dict(json_data=json.dumps(activity)), oauth2Header(username), upload_files=files, status=201)
res = self.testapp.get('/people/{}/activities'.format(username), '', oauth2Header(username), status=200)
response = res.json
self.assertEqual(response[0]['object'].get('fullURL'), u'/activities/{}/image/full'.format(response[0]['id']))
self.assertEqual(response[0]['object'].get('thumbURL'), u'/activities/{}/image/thumb'.format(response[0]['id']))
def test_create_file_activity(self):
"""
Given a plain user
When I post a file activity
And I am authenticated as myself
Then the file activity is created correctly
"""
from .mockers import user_file_activity as activity
username = '******'
self.create_user(username)
thefile = open(os.path.join(os.path.dirname(__file__), "map.pdf"), "rb")
files = [('file', 'map.pdf', thefile.read(), 'application/pdf')]
res = self.testapp.post('/people/{}/activities'.format(username), dict(json_data=json.dumps(activity)), oauth2Header(username), upload_files=files, status=201)
res = self.testapp.get('/people/{}/activities'.format(username), '', oauth2Header(username), status=200)
response = res.json
self.assertEqual(response[0]['object'].get('fullURL'), u'/activities/{}/file/download'.format(response[0]['id']))
def test_create_image_activity_with_context(self):
"""
Given a plain user
When I post an image activity to a context with no uploadURL
And I am authenticated as myself
Then the image activity is created correctly
"""
from .mockers import user_image_activity_with_context as activity
from .mockers import subscribe_context, create_context
username = '******'
self.create_user(username)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
thefile = open(os.path.join(os.path.dirname(__file__), "avatar.png"), "rb")
files = [('file', 'avatar.png', thefile.read(), 'image/png')]
res = self.testapp.post('/people/{}/activities'.format(username), dict(json_data=json.dumps(activity)), oauth2Header(username), upload_files=files, status=201)
res = self.testapp.get('/people/{}/activities'.format(username), '', oauth2Header(username), status=200)
response = res.json
self.assertEqual(response[0]['object'].get('fullURL'), u'/activities/{}/image/full'.format(response[0]['id']))
self.assertEqual(response[0]['object'].get('thumbURL'), u'/activities/{}/image/thumb'.format(response[0]['id']))
def test_create_file_activity_with_context(self):
"""
Given a plain user
When I post an file activity to a context with no uploadURL
And I am authenticated as myself
Then the file activity is created correctly
"""
from .mockers import user_file_activity_with_context as activity
from .mockers import subscribe_context, create_context
username = '******'
self.create_user(username)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
thefile = open(os.path.join(os.path.dirname(__file__), "avatar.png"), "rb")
files = [('file', 'avatar.png', thefile.read(), 'application/pdf')]
res = self.testapp.post('/people/{}/activities'.format(username), dict(json_data=json.dumps(activity)), oauth2Header(username), upload_files=files, status=201)
res = self.testapp.get('/people/{}/activities'.format(username), '', oauth2Header(username), status=200)
response = res.json
self.assertEqual(response[0]['object'].get('fullURL'), u'/activities/{}/file/download'.format(response[0]['id']))
def test_create_image_activity_with_context_with_uploadurl(self):
"""
Given a plain user
When I post an image activity to a context with uploadURL
And I am authenticated as myself
Then the image activity is created correctly
"""
from .mockers import user_image_activity_with_context_with_uploadurl as activity
from .mockers import subscribe_context_with_uploadurl, create_context_with_uploadurl
username = '******'
self.create_user(username)
self.create_context(create_context_with_uploadurl)
self.admin_subscribe_user_to_context(username, subscribe_context_with_uploadurl)
thefile = open(os.path.join(os.path.dirname(__file__), "avatar.png"), "rb")
files = [('file', 'avatar.png', thefile.read(), 'image/png')]
res = self.testapp.post('/people/{}/activities'.format(username), dict(json_data=json.dumps(activity)), oauth2Header(username), upload_files=files, status=201)
res = self.testapp.get('/people/{}/activities'.format(username), '', oauth2Header(username), status=200)
response = res.json
self.assertEqual(response[0]['object'].get('fullURL'), u'http://localhost:8181/theimage')
self.assertEqual(response[0]['object'].get('thumbURL'), u'http://localhost:8181/theimage/thumb')
def test_create_file_activity_with_context_with_uploadurl(self):
"""
Given a plain user
When I post an file activity to a context with uploadURL
And I am authenticated as myself
Then the file activity is created correctly
"""
from .mockers import user_file_activity_with_context_with_uploadurl as activity
from .mockers import subscribe_context_with_uploadurl, create_context_with_uploadurl
username = '******'
self.create_user(username)
self.create_context(create_context_with_uploadurl)
self.admin_subscribe_user_to_context(username, subscribe_context_with_uploadurl)
thefile = open(os.path.join(os.path.dirname(__file__), "map.pdf"), "rb")
files = [('file', 'map.pdf', thefile.read(), 'application/pdf')]
res = self.testapp.post('/people/{}/activities'.format(username), dict(json_data=json.dumps(activity)), oauth2Header(username), upload_files=files, status=201)
res = self.testapp.get('/people/{}/activities'.format(username), '', oauth2Header(username), status=200)
response = res.json
self.assertEqual(response[0]['object'].get('fullURL'), u'http://localhost:8181/theimage')
def test_post_message_with_image_to_an_already_existing_conversation(self):
from .mockers import message, message_with_image
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
thefile = open(os.path.join(os.path.dirname(__file__), "avatar.png"), "rb")
files = [('file', 'avatar.png', thefile.read(), 'image/png')]
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.post('/conversations/%s/messages' % cid, dict(json_data=json.dumps(message_with_image)), oauth2Header(sender), upload_files=files, status=201)
res = self.testapp.get('/conversations/%s/messages' % cid, "", oauth2Header(sender), status=200)
result = json.loads(res.text)
self.assertEqual(len(result), 2)
self.assertEqual(result[0].get("contexts", None)[0].get("id", None), cid)
self.assertEqual(result[0].get("contexts", None)[0].get("objectType", None), "conversation")
self.assertEqual(result[0].get("objectType", None), "message")
self.assertEqual(result[1]['object'].get('fullURL'), u'/messages/{}/image/full'.format(result[1]['id']))
self.assertEqual(result[1]['object'].get('thumbURL'), u'/messages/{}/image/thumb'.format(result[1]['id']))
full_url = result[1]['object'].get('fullURL')
res = self.testapp.get(full_url, '', oauth2Header(sender), status=200)
def test_post_message_with_file_to_an_already_existing_conversation(self):
from .mockers import message, message_with_file
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
thefile = open(os.path.join(os.path.dirname(__file__), "map.pdf"), "rb")
files = [('file', 'map.pdf', thefile.read(), 'application/pdf')]
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.post('/conversations/%s/messages' % cid, dict(json_data=json.dumps(message_with_file)), oauth2Header(sender), upload_files=files, status=201)
res = self.testapp.get('/conversations/%s/messages' % cid, "", oauth2Header(sender), status=200)
result = json.loads(res.text)
self.assertEqual(len(result), 2)
self.assertEqual(result[0].get("contexts", None)[0].get("id", None), cid)
self.assertEqual(result[0].get("contexts", None)[0].get("objectType", None), "conversation")
self.assertEqual(result[0].get("objectType", None), "message")
self.assertEqual(result[1]['object'].get('fullURL'), u'/messages/{}/file/download'.format(result[1]['id']))
def test_get_image_activity_file_with_context(self):
"""
Given a plain user
When I post an image activity to a context with no uploadURL
And I am authenticated as myself
Then the image activity is created correctly
"""
from .mockers import user_image_activity_with_context as activity
from .mockers import subscribe_context, create_context
username = '******'
self.create_user(username)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
thefile = open(os.path.join(os.path.dirname(__file__), "avatar.png"), "rb")
files = [('file', 'avatar.png', thefile.read(), 'image/png')]
res = self.testapp.post('/people/{}/activities'.format(username), dict(json_data=json.dumps(activity)), oauth2Header(username), upload_files=files, status=201)
res = self.testapp.get('/people/{}/activities'.format(username), '', oauth2Header(username), status=200)
response = res.json
res = self.testapp.get('/activities/{}/image/full'.format(response[0]['id']), '', oauth2Header(username), status=200)
self.assertEqual(len(res.body), 20492)
self.assertEqual(res.content_type, u'image/png')
def test_get_file_activity_file_with_context(self):
"""
Given a plain user
When I post an file activity to a context with no uploadURL
And I am authenticated as myself
Then the file activity is created correctly
And I can retrieve it with the endpoint
"""
from .mockers import user_file_activity_with_context as activity
from .mockers import subscribe_context, create_context
username = '******'
self.create_user(username)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
thefile = open(os.path.join(os.path.dirname(__file__), "map.pdf"), "rb")
files = [('file', 'map.pdf', thefile.read(), 'application/pdf')]
res = self.testapp.post('/people/{}/activities'.format(username), dict(json_data=json.dumps(activity)), oauth2Header(username), upload_files=files, status=201)
res = self.testapp.get('/people/{}/activities'.format(username), '', oauth2Header(username), status=200)
response = res.json
res = self.testapp.get('/activities/{}/file/download'.format(response[0]['id']), '', oauth2Header(username), status=200)
self.assertEqual(len(res.body), 34981)
self.assertEqual(res.content_type, u'application/pdf')
def test_get_file_activity_file_with_context_not_allowed_user(self):
"""
Given a file activity created by me in a context
When an user non subscribed to this context tries to retrieve it
Then the user cannot acces the file activity
"""
from .mockers import user_file_activity_with_context as activity
from .mockers import subscribe_context, create_context
username = '******'
username2 = 'thor'
self.create_user(username)
self.create_user(username2)
self.create_context(create_context, permissions={'read': 'subscribed'})
self.admin_subscribe_user_to_context(username, subscribe_context)
thefile = open(os.path.join(os.path.dirname(__file__), "map.pdf"), "rb")
files = [('file', 'map.pdf', thefile.read(), 'application/pdf')]
res = self.testapp.post('/people/{}/activities'.format(username), dict(json_data=json.dumps(activity)), oauth2Header(username), upload_files=files, status=201)
activity_id = self.testapp.get('/people/{}/activities'.format(username), '', oauth2Header(username), status=200).json[0]['id']
self.testapp.get('/activities/{}/file/download'.format(activity_id), '', oauth2Header(username2), status=403)
def test_get_thumb_image_activity_file_with_context(self):
"""
Given a plain user
When I post an image activity to a context with no uploadURL
And I am authenticated as myself
Then the image activity is created correctly
"""
from .mockers import user_image_activity_with_context as activity
from .mockers import subscribe_context, create_context
username = '******'
self.create_user(username)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
thefile = open(os.path.join(os.path.dirname(__file__), "avatar.png"), "rb")
files = [('file', 'avatar.png', thefile.read(), 'image/png')]
res = self.testapp.post('/people/{}/activities'.format(username), dict(json_data=json.dumps(activity)), oauth2Header(username), upload_files=files, status=201)
res = self.testapp.get('/people/{}/activities'.format(username), '', oauth2Header(username), status=200)
response = res.json
res = self.testapp.get('/activities/{}/image/thumb'.format(response[0]['id']), '', oauth2Header(username), status=200)
# Give a margin of size of 10 bytes, sometimes readed image
# size differs by two bytes, who knows why ...
self.assertLessEqual(abs(len(res.body) - 2966), 10)
self.assertEqual(res.content_type, u'image/jpeg')
class ConversationsACLTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(os.path.dirname(__file__))
self.app = loadapp('config:tests.ini', relative_to=conf_dir)
self.app.registry.max_store.drop_collection('users')
self.app.registry.max_store.drop_collection('activity')
self.app.registry.max_store.drop_collection('contexts')
self.app.registry.max_store.drop_collection('security')
self.app.registry.max_store.drop_collection('conversations')
self.app.registry.max_store.drop_collection('messages')
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
# Add conversations tests
def test_create_new_conversation(self):
"""
Given i'm a regular user
When I try to create a new conversation
Then I succeed
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
def test_create_new_conversation_as_manager(self):
"""
Given i'm a Manager
When I try to create a new conversation
And i'm not in the participants list
Then I succeed
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
self.testapp.post('/conversations', json.dumps(message), oauth2Header(test_manager), status=201)
# View conversation tests
def test_view_conversation_as_manager(self):
"""
Given i'm a Manager
When I try to view an existing conversation
Then I succeed
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.get('/conversations/{}'.format(cid), '', oauth2Header(test_manager), status=200)
def test_view_conversation_as_owner(self):
"""
Given i'm a regular user
And i'm the owner of the conversation
When I try to view an existing conversation
Then I succeed
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.get('/conversations/{}'.format(cid), '', oauth2Header(sender), status=200)
def test_view_conversation_as_participant(self):
"""
Given i'm a regular user
And i'm a regular conversation participant
When I try to view an existing conversation
Then I succeed
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.get('/conversations/{}'.format(cid), '', oauth2Header(recipient), status=200)
def test_view_conversation_as_anyone_else(self):
"""
Given i'm a regular user
And i'm not in the conversation
When I try to view an existing conversation
Then I get a Forbidden Exception
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.get('/conversations/{}'.format(cid), '', oauth2Header(recipient2), status=403)
# View conversation subscription tests
def test_view_conversation_subscription_as_manager(self):
"""
Given i'm a Manager
When I try to view an existing conversation subscription
Then I succeed
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.get('/people/{}/conversations/{}'.format(sender, cid), '', oauth2Header(test_manager), status=200)
def test_view_conversation_subscription_as_owner(self):
"""
Given i'm a regular user
And i'm the owner of the conversation
When I try to view an existing conversation subscription
Then I succeed
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.get('/people/{}/conversations/{}'.format(sender, cid), '', oauth2Header(sender), status=200)
def test_view_conversation_subscription_as_participant(self):
"""
Given i'm a regular user
And i'm a regular conversation participant
When I try to view my conversation subscription
Then I succeed
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.get('/people/{}/conversations/{}'.format(recipient, cid), '', oauth2Header(recipient), status=200)
def test_view_conversation_subscription_as_other_participant(self):
"""
Given i'm a regular user
And i'm a regular conversation participant
When I try to view other's conversation subscription
Then I get a Forbidden Exception
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.get('/people/{}/conversations/{}'.format(sender, cid), '', oauth2Header(recipient), status=403)
def test_view_conversation_subscription_as_anyone_else(self):
"""
Given i'm a regular user
And i'm not in the conversation
When I try to view an existing conversation subscription
Then I get a Forbidden Exception
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.get('/people/{}/conversations/{}'.format(recipient, cid), '', oauth2Header(recipient2), status=403)
# Get all conversations tests
def test_list_all_conversations(self):
"""
Given i'm a regular user
And i'm a regular conversation participant
When I try to list all conversations
Then I succeed
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
self.testapp.get('/conversations', '', oauth2Header(sender), status=200)
# Modify conversation tests
def test_modify_conversation_as_manager(self):
"""
Given i'm a Manager
When I try to modify a conversation
Then I succeed
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.put('/conversations/{}'.format(cid), '{"displayName": "Nou nom"}', oauth2Header(test_manager), status=200)
def test_modify_conversation_as_owner(self):
"""
Given i'm a regular user
And i'm the owner of the conversation
When I try to modify a conversation
Then I succeed
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.put('/conversations/{}'.format(cid), '{"displayName": "Nou nom"}', oauth2Header(sender), status=200)
def test_modify_conversation_as_participant(self):
"""
Given i'm a regular user
And i'm a regular conversation participant
When I try to modify a conversation
Then I get a Forbidden Exception
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.put('/conversations/{}'.format(cid), '{"displayName": "Nou nom"}', oauth2Header(recipient), status=403)
def test_modify_conversation_as_anyone_else(self):
"""
Given i'm a regular user
And i'm not in the conversation
When I try to modify a conversation
Then I get a Forbidden Exception
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.put('/conversations/{}'.format(cid), '{"displayName": "Nou nom"}', oauth2Header(recipient2), status=403)
# Delete conversation tests
def test_delete_conversation_as_manager(self):
"""
Given i'm a Manager
When I try to delete a conversation
Then I succeed
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.delete('/conversations/{}'.format(cid), '', oauth2Header(test_manager), status=204)
def test_delete_conversation_as_owner(self):
"""
Given i'm a regular user
And i'm the owner of the conversation
When I try to delete a conversation
Then I succeed
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.delete('/conversations/{}'.format(cid), '', oauth2Header(sender), status=204)
def test_delete_conversation_as_participant(self):
"""
Given i'm a regular user
And i'm a regular conversation participant
When I try to delete a conversation
Then I get a Forbidden Exception
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.delete('/conversations/{}'.format(cid), '', oauth2Header(recipient), status=403)
def test_delete_conversation_as_anyone_else(self):
"""
Given i'm a regular user
And i'm not in the conversation
When I try to delete a conversation
Then I get a Forbidden Exception
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.delete('/conversations/{}'.format(cid), '', oauth2Header(recipient2), status=403)
# Purge conversations tests
def test_delete_all_conversations_as_manager(self):
"""
Given i'm a Manager
When I try to purge all existing conversations
Then I succeed
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
self.testapp.delete('/conversations', '', oauth2Header(test_manager), status=204)
def test_delete_all_conversations_as_anyone_else(self):
"""
Given i'm a regular user
When I try to purge all existing conversations
Then I get a Forbidden Exception
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
self.testapp.delete('/conversations', '', oauth2Header(sender), status=403)
# Add participant to conversation tests
def test_add_participant_as_manager(self):
"""
Given i'm a Manager
When I try to add a new participant to an existing conversation
Then I succeed
"""
from max.tests.mockers import group_message as message
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
recipient3 = 'melendi'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
self.create_user(recipient3)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.post('/people/{}/conversations/{}'.format(recipient3, cid), '', oauth2Header(test_manager), status=201)
def test_add_participant_as_owner(self):
"""
Given i'm a regular user
And i'm the owner of the conversation
When I try to add a new participant to an existing conversation
Then I succeed
"""
from max.tests.mockers import group_message as message
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
recipient3 = 'melendi'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
self.create_user(recipient3)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.post('/people/{}/conversations/{}'.format(recipient3, cid), '', oauth2Header(sender), status=201)
def test_add_participant_as_participant(self):
"""
Given i'm a regular user
And i'm a regular conversation participant
When I try to add a new participant to an existing conversation
Then I get a Forbidden Exception
"""
from max.tests.mockers import group_message as message
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
recipient3 = 'melendi'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
self.create_user(recipient3)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.post('/people/{}/conversations/{}'.format(recipient3, cid), '', oauth2Header(recipient), status=403)
def test_auto_join(self):
"""
Given i'm a regular user
When I try to add myself as a new participant to an existing conversation
Then I get a Forbidden Exception
"""
from max.tests.mockers import group_message as message
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
recipient3 = 'melendi'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
self.create_user(recipient3)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.post('/people/{}/conversations/{}'.format(recipient3, cid), '', oauth2Header(recipient2), status=403)
# Delete participant to group conversation tests
def test_delete_participant_as_manager(self):
"""
Given i'm a Manager
When I try to delete a new participant from an existing conversation
Then I succeed
"""
from max.tests.mockers import group_message as message
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.delete('/people/{}/conversations/{}'.format(recipient, cid), '', oauth2Header(test_manager), status=204)
def test_delete_participant_as_owner(self):
"""
Given i'm a regular user
And i'm the owner of the conversation
When I try to delete a participant from an existing conversation
Then I succeed
"""
from max.tests.mockers import group_message as message
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.delete('/people/{}/conversations/{}'.format(recipient2, cid), '', oauth2Header(sender), status=204)
def test_delete_participant_as_participant(self):
"""
Given i'm a regular user
And i'm a regular conversation participant
When I try to delete a participant from an existing conversation
Then I get a Forbidden Exception
"""
from max.tests.mockers import group_message as message
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.delete('/people/{}/conversations/{}'.format(sender, cid), '', oauth2Header(recipient), status=403)
def test_leave_as_owner(self):
"""
Given i'm the owner of the conversation
When I try to leave an existing conversation
Then I get a Forbidden Exception
"""
from max.tests.mockers import group_message as message
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.delete('/people/{}/conversations/{}'.format(sender, cid), '', oauth2Header(sender), status=403)
def test_leave(self):
"""
Given i'm a regular user
When I try to leave an existing conversation
Then I succeed
"""
from max.tests.mockers import group_message as message
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.delete('/people/{}/conversations/{}'.format(recipient, cid), '', oauth2Header(recipient), status=204)
# Delete participant to two people conversation tests
def test_delete_participant_as_manager_in_two_people_conversation(self):
"""
Given i'm a Manager
When I try to delete a new participant from an existing conversation
Then I succeed
"""
from max.tests.mockers import message as creation_message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(creation_message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.delete('/people/{}/conversations/{}'.format(recipient, cid), '', oauth2Header(test_manager), status=204)
def test_delete_participant_as_owner_in_two_people_conversation(self):
"""
Given i'm a regular user
And i'm the owner of the conversation
When I try to delete a participant from an existing conversation
Then I get a Forbidden Exception
"""
from max.tests.mockers import message as creation_message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(creation_message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.delete('/people/{}/conversations/{}'.format(recipient, cid), '', oauth2Header(sender), status=403)
def test_delete_participant_as_participant_in_two_people_conversation(self):
"""
Given i'm a regular user
And i'm a regular conversation participant
When I try to delete a participant from an existing conversation
Then I get a Forbidden Exception
"""
from max.tests.mockers import message as creation_message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(creation_message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.delete('/people/{}/conversations/{}'.format(sender, cid), '', oauth2Header(recipient), status=403)
def test_leave_as_owner_in_two_people_conversation(self):
"""
Given i'm the owner of the conversation
When I try to leave an existing conversation
Then I get a Forbidden Exception
"""
from max.tests.mockers import message as creation_message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(creation_message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.delete('/people/{}/conversations/{}'.format(sender, cid), '', oauth2Header(sender), status=204)
def test_leave_in_two_people_conversation(self):
"""
Given i'm a regular user
When I try to leave an existing conversation
Then I succeed
"""
from max.tests.mockers import message as creation_message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(creation_message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.delete('/people/{}/conversations/{}'.format(recipient, cid), '', oauth2Header(recipient), status=204)
# Transfer ownership tests
def test_transfer_ownership_as_manager(self):
"""
Given i'm a Manager
When I try to transfer a conversation to another user
Then I succeed
"""
from max.tests.mockers import group_message as message
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.put('/conversations/{}/owner'.format(cid), json.dumps({'actor': {'username': recipient}}), oauth2Header(test_manager), status=200)
def test_transfer_ownership_as_owner(self):
"""
Given i'm a regular user
And i'm the owner of the conversation
When I try to transfer a conversation to another user
Then I succeed
"""
from max.tests.mockers import group_message as message
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.put('/conversations/{}/owner'.format(cid), json.dumps({'actor': {'username': recipient}}), oauth2Header(sender), status=200)
def test_transfer_ownership_as_participant(self):
"""
Given i'm a regular user
And i'm the owner of the conversation
When I try to transfer a conversation to another user
Then I succeed
"""
from max.tests.mockers import group_message as message
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.put('/conversations/{}/owner'.format(cid), json.dumps({'actor': {'username': recipient}}), oauth2Header(recipient), status=403)
def test_transfer_ownership_as_anyone_else(self):
"""
Given i'm a regular user
And i'm not in the conversation
When I try to transfer a conversation to another user
Then I get a Forbidden Exception
"""
from max.tests.mockers import group_message as message
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.put('/conversations/{}/owner'.format(cid), json.dumps({'actor': {'username': recipient}}), oauth2Header(recipient2), status=403)
