def test_get(self):
""" Test users/get.
"""
# Create a random user, and log in.
username = utils.random_username()
password = utils.random_password()
user = users.create(username=username, password=password)
session_token = users.login(username=username, password=password)
# Make sure we can get the details of the logged-in user.
user_2 = users.get(session=session_token)
self.assertEqual(user, user_2)
# Log out, and make sure we can't get the user's details any more.
users.logout(session_token)
with self.assertRaises(InvalidSessionException):
user_2 = users.get(session=session_token)
def is_logged_in(request):
""" Returns True if and only if the user is currently logged in.
'request' is the HttpRequest object passed to a view function. We
return True if and only if the request includes a cookie which matches
a current active session.
Note that an ad-hoc user is considered not to be logged in.
"""
if "mm_session" not in request.COOKIES:
return False
try:
session = request.COOKIES['mm_session']
user = users.get(session)
except InvalidSessionException:
return False
if user['ad_hoc']:
return False
else:
return True
def test_login(self):
""" Test users/login.
"""
# Try logging in without any parameters. This should create a new ad
# hoc user on-the-fly.
session_token = users.login()
self.assertTrue(users.get(session_token)['ad_hoc'])
# Create an ad-hoc user, and log in using the user ID.
user_id = users.create()['id']
session_token = users.login(user_id=user_id)
# Create a user with a username, password and phone number, for testing.
username = utils.random_username()
password = utils.random_password()
formatted_number = utils.format_phone_number(PHONE_NUMBER)
User.objects.filter(phone_number=formatted_number).delete()
user_id = users.create(username=username,
password=password,
phone_number=PHONE_NUMBER)['id']
# Create two random verification codes, making sure they're different.
while True:
code_1 = utils.random_letters(min_length=4, max_length=4)
code_2 = utils.random_letters(min_length=4, max_length=4)
if code_1 != code_2:
break
else:
continue
# Store the first verification code into the User object.
user = User.objects.get(id=user_id)
user.verification_code = code_1
user.verified = False
user.save()
# Attempt to log in using the supplied phone number and verification
# code, deliberately using the wrong code. This should fail.
with self.assertRaises(LoginRejectedException):
session_token = users.login(phone_number=PHONE_NUMBER,
verification_code=code_2)
# Attempt to log in using the username and an incorrect password. Once
# again, this should fail.
with self.assertRaises(LoginRejectedException):
session_token = users.login(username=username,
password=password+"X")
# Now try logging in with the correct username and password. This
# should succeed.
session_token = users.login(username=username,
password=password)
sessionHandler.validate(session_token)
# Finally, try logging in again using the phone number and verification
# code. This should not only log the user it, but also verify the
# phone number.
session_token = users.login(phone_number=PHONE_NUMBER,
verification_code=code_1)
sessionHandler.validate(session_token)
user = User.objects.get(id=user_id)
self.assertEqual(user.verified, True)
def home(request):
""" Respond to the "/web/home" URL.
We display the home page for a logged in user. If the current user is
not logged in, we redirect the user back to the welcome page.
"""
if not webHelpers.is_logged_in(request):
return redirect("/")
# Calculate the environment we're running in. We use this to load the
# appropriate version of the widget javascript for the environment.
if ("127.0.0.1" in request.get_host()) or ("local" in request.get_host()):
environment = "dev"
elif "stage" in request.get_host():
environment = "stage"
else:
environment = "prod"
# Get the name of the widget javascript to use for this environment.
if environment == "dev":
widget_script = "widget-dev.js"
elif environment == "stage":
widget_script = "widget-stage.js"
elif environment == "prod":
widget_script = "widget.js"
# Get the base URL to use to access this server.
if request.is_secure():
base_url = "https://" + request.get_host()
else:
base_url = "http://" + request.get_host()
# Get the details of the current user.
session = request.COOKIES['mm_session']
user = users.get(session)
# If the user doesn't have a username, something is wrong -- we can't
# proceed. In this case, delete the session cookie and redirect the user
# back to the "welcome" page.
if "username" not in user:
response = redirect("/")
response.delete_cookie("mm_session")
return response
# Ask the 3taps Identity API for the user's profile.
profile = profiles.get(session)
# Get a list of the user's topics.
topic_list = []
for topic in topics.list(session):
if not topic['active']: continue
topic_info = {}
topic_info['id'] = topic['id']
topic_info['hide_username'] = topic['hide_username']
if topic.get("name") in [None, ""]:
# Default topic.
topic_info['url'] = base_url + "/" + user['username']
topic_info['hidden_url'] = base_url + "/!" + topic['hidden_url']
topic_info['default'] = True
else:
# A named topic.
topic_info['url'] = base_url + "/" + user['username'] \
+ "/" + topic['name']
topic_info['hidden_url'] = base_url + "/!" + topic['hidden_url'] \
+ "/" + topic['name']
topic_info['default'] = False
topic_info['num_views'] = topic['num_views']
topic_info['num_conversations'] = topic['num_conversations']
topic_info['num_messages'] = topic['num_messages']
topic_info['num_via_sms'] = topic['num_via_sms']
topic_info['embed_code'] = linkGenerator.generate_link_html(
request, topic)
topic_list.append(topic_info)
# Get the user's account details.
phone_number = user['phone_number']
rate_limit = rateLimiter.get_phone_number_limit(phone_number)
period = settings.SMS_RATE_LIMIT_PERIOD_SIZE
num_sms_in_period = rateLimiter.get_phone_number_usage(phone_number)
account = {}
account['rate_limited'] = True # Hardwired for now.
account['rate_limit'] = rate_limit
account['period'] = period.lower()
account['num_sms_in_period'] = num_sms_in_period
# Finally, show the home page.
if "n=t" in request.get_full_path():
# We're showing the home page for the first time -> display the
# "welcome" message.
show_welcome = True
else:
show_welcome = False
return render(request, "home.html",
{'user' : user,
'profile' : profile,
'topics' : topic_list,
'account' : account,
'show_welcome' : show_welcome,
'base_url' : base_url})