def test_can_redirect_to_domains_on_same_domain_after_login(self, came_from): user = User.example() quoted_came_from = urllib.quote_plus(came_from) request = self.init_fake_request(server_name='server.example', request_uri='/login/post_login?came_from='+quoted_came_from) response = self.call_post_login(user, request=request) assert_equals(came_from, response.location)
def test_handles_bad_came_from_parameter_gracefully(self): user = User.example() quoted_came_from = urllib.quote_plus('invalid junk') request = self.init_fake_request(server_name='server.example', request_uri='/login/post_login?came_from='+quoted_came_from) response = self.call_post_login(user, request=request) assert_equals('http://server.example:80/', response.location)
def test_uses_correct_redirect_url_if_mediadrop_is_mounted_in_subdirectory(self): user = User.example() request = self.init_fake_request(server_name="server.example", request_uri="/login/post_login") request.environ["SCRIPT_NAME"] = "my_media" response = self.call_post_login(user, request=request) assert_equals("http://server.example:80/my_media/", response.location)
def test_non_editors_are_redirect_to_home_page_after_login(self): user = User.example() perm = MediaDropPermissionSystem.permissions_for_user(user, config) assert_false(perm.contains_permission(u'edit')) assert_false(perm.contains_permission(u'admin')) response = self.call_post_login(user) assert_equals('http://server.example:80/', response.location)
def test_prevent_parameter_base_redirection(self): user = User.example() came_from = urllib.quote_plus('http://evil.site/malware/') request = self.init_fake_request(server_name='server.example', request_uri='/login/post_login?came_from='+came_from) response = self.call_post_login(user, request=request) assert_equals('http://server.example:80/', response.location, message='should only redirect to urls on the same domain')
def test_uses_correct_redirect_url_if_mediadrop_is_mounted_in_subdirectory(self): user = User.example() request = self.init_fake_request(server_name='server.example', request_uri='/login/post_login') request.environ['SCRIPT_NAME'] = 'my_media' response = self.call_post_login(user, request=request) assert_equals('http://server.example:80/my_media/', response.location)
def test_can_create_example_user(self): user = User.example() assert_not_none(user.id) assert_equals(u'joe', user.user_name) assert_equals(u'Joe Smith', user.display_name) assert_equals(u'*****@*****.**', user.email_address) assert_almost_equals(datetime.now(), user.created, max_delta=timedelta(seconds=1))
def _create_user_with_admin_permission_only(self): admin_perm = DBSession.query(Permission).filter(Permission.permission_name == u'admin').one() second_admin_group = Group.example(name=u'Second admin group') admin_perm.groups.append(second_admin_group) admin = User.example(groups=[second_admin_group]) DBSession.commit() perm = MediaDropPermissionSystem.permissions_for_user(admin, config) assert_true(perm.contains_permission(u'admin')) assert_false(perm.contains_permission(u'edit')) return admin
def test_permits_access_if_user_is_logged_in(self): request = self.init_fake_request() self.set_authenticated_user(User.example()) assert_true(is_logged_in().has_required_permission(request))
def _create_user_with_edit_permission_only(self): editor = User.example(groups=[self.editor_group()]) perm = MediaDropPermissionSystem.permissions_for_user(editor, config) assert_true(perm.contains_permission(u'edit')) assert_false(perm.contains_permission(u'admin')) return editor
def test_can_override_example_data(self): user = User.example(display_name=u'Bar Foo') assert_equals(u'Bar Foo', user.display_name)