def testCreateKey(self):
session = {
'user': User('admin'),
}
Body = urlencode(dict(username='******', description="A User", formUrl='/apikeyform'))
self.assertEquals(['admin'], self.pwd.listUsernames())
result = joco(self.apiKey.handleRequest(session=session, Body=Body, path='/action/create', Method='POST'))
headers, body = result.split(CRLF*2)
self.assertTrue(' 302 ' in headers, headers)
self.assertEquals('/apikeyform', parseHeaders(headers)['Location'])
self.assertEquals(['admin', 'user'], sorted(self.pwd.listUsernames()))
aList = self.apiKey.listApiKeysAndData()
self.assertEquals(1, len(aList))
apiKey, userdata = aList[0]
self.assertEquals('user', userdata['username'])
self.assertTrue(16, len(apiKey))
result = joco(self.apiKey.handleRequest(session=session, Body=Body, path='/action/create', Method='POST'))
headers, body = result.split(CRLF*2)
self.assertTrue(' 302 ' in headers, headers)
self.assertEquals('/apikeyform', parseHeaders(headers)['Location'])
self.assertEquals(['admin', 'user'], sorted(self.pwd.listUsernames()))
self.assertEquals({'message': {'class': 'error', 'text': 'User already exists.'}}, session['ApiKey.formValues'])
b = ApiKey(databaseFile=join(self.tempdir, 'db'))
self.assertEquals(aList, list(b.listApiKeysAndData()))
def testApiKeyAddition(self):
headers, body = postRequest(
self.portNumber, "/login.action", urlencode(dict(username="******", password="******"))
)
cookie = parseHeaders(headers)["Set-Cookie"]
headers, body = getRequest(self.portNumber, "/user_management", additionalHeaders={"Cookie": cookie})
self.assertEquals(["/apikey.action/create"], xpath(body, '//form[@name="create"]/@action'))
self.assertEquals(
["/user_management"], xpath(body, '//form[@name="create"]/input[@type="hidden" and @name="formUrl"]/@value')
)
headers, body = postRequest(
self.portNumber,
"/apikey.action/create",
urlencode(dict(formUrl="/user_management", username="******")),
additionalHeaders=dict(cookie=cookie),
)
self.assertTrue("302" in headers, headers)
self.assertEquals("/user_management", parseHeaders(headers)["Location"], headers)
headers, body = getRequest(self.portNumber, "/user_management", additionalHeaders={"Cookie": cookie})
self.assertEquals("", xpath(body, '//div[@id="apiKeys"]/table/tr/form/td/input[@name="description"]/@value')[0])
apiKey = xpath(body, '//div[@id="apiKeys"]/table/tr/form/td[@class="apiKey"]/text()')[0]
self.assertNotEqual("", apiKey)
headers, body = postRequest(
self.portNumber,
"/apikey.action/update",
urlencode(dict(formUrl="/user_management", apiKey=apiKey, description="Some description")),
additionalHeaders=dict(cookie=cookie),
)
self.assertTrue("302" in headers, headers)
self.assertEquals("/user_management", parseHeaders(headers)["Location"], headers)
headers, body = getRequest(self.portNumber, "/user_management", additionalHeaders={"Cookie": cookie})
self.assertEquals(
"Some description",
xpath(body, '//div[@id="apiKeys"]/table/tr/form/td/input[@name="description"]/@value')[0],
)
def testAdmin(self):
headers, body = getRequest(self.portNumber, "/login", parse='lxml')
cookie = parseHeaders(headers)['Set-Cookie']
headers, body = postRequest(self.portNumber, '/login.action', urlencode(dict(username="******", password="******", formUrl='/login')), parse='lxml', additionalHeaders={'Cookie': cookie})
self.assertTrue('302' in headers, headers)
self.assertEquals('/', parseHeaders(headers)['Location'])
headers, body = getRequest(self.portNumber, "/index", parse='lxml', additionalHeaders={'Cookie': cookie})
self.assertEquals(['Logged in as: admin | ', ' | ', ' | ', ' | '], xpath(body, '//div[@id="loginbar"]/p/text()'))
headers, body = getRequest(self.portNumber, "/changepassword", parse='lxml', additionalHeaders={'Cookie': cookie})
self.assertEquals(['admin'], xpath(body, '/html/body/div[@id="content"]/div[@id="login"]/form/input[@type="hidden" and @name="username"]/@value'), tostring(body))
self.assertEquals(['oldPassword', 'newPassword', 'retypedPassword'], xpath(body, '/html/body/div[@id="content"]/div[@id="login"]/form/dl/dd/input[@type="password"]/@name'), tostring(body))
self.assertEquals(['/login.action/changepassword'], xpath(body, '/html/body/div[@id="content"]/div[@id="login"]/form/@action'))
headers, body = postRequest(self.portNumber, '/login.action/changepassword', urlencode(dict(username="******", oldPassword="******", newPassword="******", retypedPassword="******", formUrl="/changepassword")), parse='lxml', additionalHeaders={'Cookie': cookie})
self.assertTrue('302' in headers, headers)
self.assertEquals('/', parseHeaders(headers)['Location'])
# Test new password
headers, body = getRequest(self.portNumber, "/login", parse='lxml')
newcookie = parseHeaders(headers)['Set-Cookie']
headers, body = postRequest(self.portNumber, '/login.action', urlencode(dict(username="******", password="******", formUrl='/login')), parse='lxml', additionalHeaders={'Cookie': newcookie})
self.assertTrue('302' in headers, headers)
self.assertEquals('/login', parseHeaders(headers)['Location'])
headers, body = postRequest(self.portNumber, '/login.action', urlencode(dict(username="******", password="******", formUrl='/login')), parse='lxml', additionalHeaders={'Cookie': newcookie})
self.assertTrue('302' in headers, headers)
self.assertEquals('/', parseHeaders(headers)['Location'])
def testWithoutAdminUserLoggedIn(self):
session = {
'user': User('nobody'),
}
Body = urlencode(dict(username='******', formUrl='/apikeyform'))
result = joco(self.apiKey.handleRequest(session=session, Body=Body, path='/action/create', Method='POST'))
headers, body = result.split(CRLF*2)
self.assertTrue(' 302 ' in headers, headers)
self.assertEquals('/apikeyform', parseHeaders(headers)['Location'])
self.assertEquals([], list(self.apiKey.listApiKeysAndData()))
self.assertEquals({'message': {'text': 'No admin privileges.', 'class': 'error'}}, session['ApiKey.formValues'])
def testLoginPage(self):
headers, body = getRequest(self.portNumber, "/login")
cookie = parseHeaders(headers)["Set-Cookie"]
self.assertTrue("200" in headers, headers)
self.assertEquals(
1, len(xpath(body, '/html/body/div[@id="content"]/div[@id="login"]/form/dl/dd/input[@name="username"]'))
)
self.assertEquals(
1,
len(
xpath(
body,
'/html/body/div[@id="content"]/div[@id="login"]/form/dl/dd/input[@type="password" and @name="password"]',
)
),
)
self.assertEquals(
1, len(xpath(body, '/html/body/div[@id="content"]/div[@id="login"]/form/dl/dd/input[@type="submit"]'))
)
self.assertEquals(["/login.action"], xpath(body, '/html/body/div[@id="content"]/div[@id="login"]/form/@action'))
headers, body = postRequest(
self.portNumber,
"/login.action",
urlencode(dict(username="******", password="******")),
additionalHeaders={"Cookie": cookie},
)
self.assertTrue("302" in headers, headers)
self.assertEquals("/login", parseHeaders(headers)["Location"], headers)
headers, body = getRequest(self.portNumber, "/login", additionalHeaders={"Cookie": cookie})
self.assertEquals(
["doesnotexist"],
xpath(body, '/html/body/div[@id="content"]/div[@id="login"]/form/dl/dd/input[@name="username"]/@value'),
)
self.assertEquals(
["Invalid username or password"],
xpath(body, '/html/body/div[@id="content"]/div[@id="login"]/p[@class="error"]/text()'),
)
def testAddSameUserTwice(self):
headers, body = postRequest(
self.portNumber, "/login.action", urlencode(dict(username="******", password="******"))
)
cookie = parseHeaders(headers)["Set-Cookie"]
headers, body = postRequest(
self.portNumber,
"/apikey.action/create",
urlencode(dict(formUrl="/user_management", username="******")),
additionalHeaders=dict(cookie=cookie),
)
self.assertTrue("302" in headers, headers)
self.assertEquals("/user_management", parseHeaders(headers)["Location"], headers)
headers, body = postRequest(
self.portNumber,
"/apikey.action/create",
urlencode(dict(formUrl="/user_management", username="******")),
additionalHeaders=dict(cookie=cookie),
)
self.assertTrue("302" in headers, headers)
self.assertEquals("/user_management", parseHeaders(headers)["Location"], headers)
def testAddByNewUser(self):
headers, body = postRequest(
self.portNumber, "/login.action", urlencode(dict(username="******", password="******"))
)
cookie = parseHeaders(headers)["Set-Cookie"]
headers, body = postRequest(
self.portNumber,
"/apikey.action/create",
urlencode(dict(formUrl="/user_management", username="******")),
additionalHeaders=dict(cookie=cookie),
)
headers, body = getRequest(self.portNumber, "/user_management", additionalHeaders={"Cookie": cookie})
apiKey = self.apiKeyForUser(body, "another")
self.assertTrue(len(apiKey) > 0, apiKey)
def _setupUsers(self):
headers, body = postRequest(self.portNumber, '/login.action', urlencode(dict(username="******", password="******")), parse=False)
cookie = parseHeaders(headers)['Set-Cookie']
headers, body = postRequest(self.portNumber, '/apikey.action/create', urlencode(dict(formUrl='/user_management', username='******')), parse=False, additionalHeaders=dict(cookie=cookie))
headers, body = postRequest(self.portNumber, '/apikey.action/create', urlencode(dict(formUrl='/user_management', username='******')), parse=False, additionalHeaders=dict(cookie=cookie))
headers, body = postRequest(self.portNumber, '/apikey.action/create', urlencode(dict(formUrl='/user_management', username='******')), parse=False, additionalHeaders=dict(cookie=cookie))
headers, body = getRequest(self.portNumber, '/user_management', additionalHeaders={'Cookie': cookie})
self.apiKeyForTestUser = xpath(body, '//div[@id="apiKeys"]/table/tr[form/td[text()="testUser"]]/form/td[@class="apiKey"]/text()')[0]
assert self.apiKeyForTestUser != None
self.apiKeyForAnotherTestUser = xpath(body, '//div[@id="apiKeys"]/table/tr[form/td[text()="anotherTestUser"]]/form/td[@class="apiKey"]/text()')[0]
assert self.apiKeyForAnotherTestUser != None
self.apiKeyForPostUser = xpath(body, '//div[@id="apiKeys"]/table/tr[form/td[text()="postUser"]]/form/td[@class="apiKey"]/text()')[0]
assert self.apiKeyForPostUser != None
def testChangePasswordFormNotAllowed(self):
headers, body = getRequest(self.portNumber, "/changepassword")
self.assertTrue("302" in headers, headers)
self.assertEquals("/", parseHeaders(headers)["Location"], headers)
def testAddInsertDelete(self):
headers, body = postRequest(
self.portNumber, "/login.action", urlencode(dict(username="******", password="******"))
)
cookie = parseHeaders(headers)["Set-Cookie"]
headers, body = postRequest(
self.portNumber,
"/apikey.action/create",
urlencode(dict(formUrl="/user_management", username="******")),
additionalHeaders=dict(cookie=cookie),
)
headers, body = getRequest(self.portNumber, "/user_management", additionalHeaders={"Cookie": cookie})
apiKey = self.apiKeyForUser(body, "addDelete")
annotationBody = (
"""<rdf:RDF
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:oac="http://www.w3.org/ns/openannotation/core/"
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:dcterms="http://purl.org/dc/terms/"
xmlns:foaf="http://xmlns.com/foaf/0.1/">
<rdf:Description rdf:about="urn:uuid:%s">
<rdf:type rdf:resource="http://www.w3.org/ns/openannotation/core/Annotation"/>
<dc:title>To be deleted</dc:title>
</rdf:Description>
</rdf:RDF>"""
% uuid4()
)
self.assertQuery('RDF.Annotation.title = "To be deleted"', 0)
header, body = postRequest(
self.portNumber, "/uploadform", urlencode(dict(annotation=annotationBody, apiKey=apiKey))
)
self.assertQuery('RDF.Annotation.title = "To be deleted"', 1)
headers, body = getRequest(
self.portNumber, "/oai", arguments=dict(verb="ListRecords", metadataPrefix="rdf", set="addDelete")
)
self.assertEquals(1, len(xpath(body, "/oai:OAI-PMH/oai:ListRecords/oai:record/oai:metadata")))
headers, body = postRequest(
self.portNumber,
"/login.action/remove",
urlencode(dict(formUrl="/user_management", username="******")),
additionalHeaders=dict(cookie=cookie),
)
headers, body = getRequest(self.portNumber, "/user_management", additionalHeaders={"Cookie": cookie})
apiKey = xpath(body, '//div[@id="apiKeys"]/table/form/tr[td[text()="addDelete"]]/td[@class="apiKey"]/text()')
self.assertEquals([], apiKey)
#### Delete user, then query again; number of results should be 0
self.assertEquals(["addDelete.delete"], listdir(join(self.integrationTempdir, "database", "userdelete")))
self.runUserDeleteService()
self.assertQuery('RDF.Annotation.title = "To be deleted"', 0)
headers, body = getRequest(
self.portNumber, "/oai", arguments=dict(verb="ListRecords", metadataPrefix="rdf", set="addDelete")
)
self.assertEquals(0, len(xpath(body, "/oai:OAI-PMH/oai:ListRecords/oai:record/oai:metadata")))
self.assertEquals("deleted", xpath(body, "/oai:OAI-PMH/oai:ListRecords/oai:record/oai:header/@status")[0])
self.assertEquals(["addDelete.delete"], listdir(join(self.integrationTempdir, "database", "userdelete")))
self.runUserDeleteService()
self.assertEquals([], listdir(join(self.integrationTempdir, "database", "userdelete")))
