def setUp(self):
from pyramid_bimt.views import DatatablesDataView
from pyramid_bimt.models import AuditLogEntry
from pyramid_bimt.models import User
self.config = testing.setUp()
initTestingDB(auditlog_types=True, users=True, groups=True)
self.request = testing.DummyRequest(user=User.by_email('*****@*****.**'))
self.view = DatatablesDataView(self.request)
self.view.model = mock.Mock()
self.view.columns = OrderedDict()
self.view.columns['foo'] = None
self.view.columns['bar'] = None
Session.add(
AuditLogEntry(user=User.by_email('*****@*****.**'), comment=u'föo'))
Session.add(
AuditLogEntry(user=User.by_email('*****@*****.**'), comment=u'bar'))
Session.flush()
class DummyDatatablesAJAXView(DatatablesDataView):
model = AuditLogEntry
columns = OrderedDict()
columns['id'] = None
columns['comment'] = None
def populate_columns(self, entry):
self.columns['id'] = entry.id
self.columns['comment'] = entry.comment
self.columns['DT_RowClass'] = 'info'
self.datatable_view = DummyDatatablesAJAXView
def test_addon_group(self):
User.by_email('*****@*****.**').groups = [
_make_group(name='foo', product_id='foo'),
_make_group(name='bar', product_id='bar', addon=True),
]
self.assertEqual(
User.by_email('*****@*****.**').product_group.name, 'foo')
def test_multiple_product_groups(self):
product_group_foo = _make_group(name='foo', product_id='foo')
product_group_bar = _make_group(name='bar', product_id='bar')
product_group_foo.users.append(User.by_email('*****@*****.**'))
product_group_bar.users.append(User.by_email('*****@*****.**'))
from sqlalchemy.orm.exc import MultipleResultsFound
with self.assertRaises(MultipleResultsFound):
User.by_email('*****@*****.**').product_group
def setUp(self):
self.config = testing.setUp()
add_routes_user(self.config)
initTestingDB(users=True, groups=True, auditlog_types=True)
from pyramid_bimt.views.user import UserView
self.context = User.by_email('*****@*****.**')
self.request = testing.DummyRequest(
layout_manager=mock.Mock(), user=User.by_email('*****@*****.**'))
self.view = UserView(self.context, self.request)
def test_admin_mark_only_own_entries_as_unread(self):
self.request.user = User.by_email('*****@*****.**')
AuditLogEntry.by_id(2).user = User.by_email('*****@*****.**')
AuditLogEntry.by_id(2).read = False
self._make_view()
self.assertEqual(AuditLogEntry.by_id(2).read, True)
AuditLogEntry.by_id(2).user = User.by_email('*****@*****.**')
AuditLogEntry.by_id(2).read = False
self._make_view()
self.assertEqual(AuditLogEntry.by_id(2).read, False)
def test_union(self):
add_groups()
add_users()
mailing = _make_mailing(
name='foo',
groups=[Group.by_name('admins'),
Group.by_name('staff')],
)
self.request.context = mailing
self.assertItemsEqual(
self.view.recipients,
[User.by_email('*****@*****.**'),
User.by_email('*****@*****.**')],
)
def test_loginas_view_submit_disabled_user(self):
from pyramid_bimt.models import User
from pyramid_bimt.views.auth import LoginAs
context = User.by_email('*****@*****.**')
request = testing.DummyRequest(
layout_manager=mock.Mock(),
session=mock.Mock(),
)
form_values = {'email': '*****@*****.**'}
request.user = context
view = LoginAs(request)
User.by_email('*****@*****.**').disable()
self.assertIsNone(view.login_as_success(form_values))
request.session.flash.assert_called_once_with(
u'User "*****@*****.**" is disabled.', 'error')
def login_as_success(self, appstruct):
email = appstruct['email'].lower()
user = User.by_email(email)
if user is None:
self.request.session.flash(u'User with that email does not exist.',
'error')
elif not user.enabled:
self.request.session.flash(
u'User "{}" is disabled.'.format(user.email), 'error')
elif user.admin and not self.request.user.admin:
self.request.session.flash(
u'You do not have permission to login as admin user.', 'error')
elif user.staff and not self.request.user.staff:
self.request.session.flash(
u'You do not have permission to login as staff user.', 'error')
else:
headers = remember(self.request, user.email)
self.request.session.flash(
u'You have successfully logged in as user "{}".'.format(
user.email))
self.request.registry.notify(
UserLoggedInAs(self.request,
self.request.user,
comment=u'Logged in as "{}".'.format(
user.email)))
return HTTPFound(location=self.request.host_url, headers=headers)
def test_groups_choices_non_admin(self):
self.request.user = User.by_email('*****@*****.**')
self.view = UserAdd(self.request)
choices = [
group for id_, group in self.view.schema['groups'].widget.values
]
self.assertFalse('enabled' in choices)
self.assertFalse('admins' in choices)
def setUp(self):
from pyramid_bimt.testing import initTestingDB
from pyramid_bimt.models import User
self.config = testing.setUp()
initTestingDB(groups=True, users=True)
self.request = testing.DummyRequest(user=User.by_email('*****@*****.**'))
def add_demo_auditlog_entries():
"""Add a dummy audit-log entry."""
with transaction.manager:
read = AuditLogEntry(
user=User.by_email('*****@*****.**'),
event_type_id=AuditLogEventType.by_name(u'UserChangedPassword').id,
comment=u'read entry',
read=True,
)
Session.add(read)
unread = AuditLogEntry(
user=User.by_email('*****@*****.**'),
event_type_id=AuditLogEventType.by_name(u'UserChangedPassword').id,
comment=u'unread entry',
read=False,
)
Session.add(unread)
def test_loginas_view(self):
from pyramid_bimt.models import User
from pyramid_bimt.views.auth import LoginAs
context = User.by_email('*****@*****.**')
request = testing.DummyRequest(layout_manager=mock.Mock())
request.user = context
resp = LoginAs(request)()
self.assertEqual(resp['title'], 'Login as user')
self.assertIn('Login as user', resp['form'])
def ipn(self):
"""The main IPN handler, called by the IPN service."""
# skip over to-be-ignored products
if self.params.product_id in self.request.registry.settings.get(
'bimt.products_to_ignore', '').split(','):
logger.info('The product is listed on the ignore list: {}'.format(
self.params.product_id))
return 'Done.'
# try to find an existing user with given email
user = User.by_email(self.params.email)
if not user:
user = User.by_billing_email(self.params.email)
# create a new user if no existing user found
if not user:
password = generate()
user = User(
email=self.params.email,
billing_email=self.params.email,
password=encrypt(password),
fullname=u'{}'.format(self.params.fullname),
affiliate=u'{}'.format(self.params.get('affiliate', '')),
)
Session.add(user)
comment = COMMENT.format(
u'Created',
self.provider,
self.params.trans_id,
self.params.trans_type,
'',
)
logger.info(comment)
self.request.registry.notify(
UserCreated(self.request, user, password, comment))
# find a group that is used for given product
group = Group.by_product_id(self.params.product_id)
if not group:
raise ValueError('Cannot find group with product_id "{}"'.format(
self.params.product_id))
# perform IPN transaction actions
self.ipn_transaction(user, group)
# send request with same parameters to the URL specified on group
if group.forward_ipn_to_url:
requests.post(
group.forward_ipn_to_url,
params=self.request.POST,
)
logger.info('IPN re-posted to {}.'.format(
group.forward_ipn_to_url))
logger.info('IPN done.')
return 'Done.'
def test_disable_expired_member(self, mocked_date):
mocked_date.today.return_value = date(2013, 12, 30)
user = User.by_email('*****@*****.**')
user.valid_to = date(2013, 12, 29)
transaction.commit()
expire_subscriptions()
user = User.by_email('*****@*****.**')
self.assertFalse(user.enabled)
self.assertEqual(len(user.audit_log_entries), 1)
self.assertEqual(user.audit_log_entries[0].event_type.name,
u'UserDisabled')
self.assertEqual(
user.audit_log_entries[0].comment,
u'Disabled user [email protected] (1) because its '
u'valid_to (2013-12-29) has expired.',
)
def setUp(self):
self.config = testing.setUp()
add_routes_user(self.config)
initTestingDB(groups=True, auditlog_types=True, users=True)
self.request = testing.DummyRequest(
user=User.by_email('*****@*****.**'), registry=mock.Mock())
self.request.registry.notify = mock.Mock()
self.view = UserAdd(self.request)
def test_logout_view(self):
from pyramid_bimt.models import User
from pyramid_bimt.views.auth import logout
context = User.by_email('*****@*****.**')
request = testing.DummyRequest(layout_manager=mock.Mock())
request.user = context
self.assertEqual(
logout(context, request).location,
request.params.get('came_from', request.application_url))
def test_view_csrf_token(self):
from pyramid_bimt.models import User
from pyramid_bimt.views.auth import LoginAs
context = User.by_email('*****@*****.**')
request = testing.DummyRequest(layout_manager=mock.Mock())
request.user = context
view = LoginAs(request)
csrf_token_field = view.schema.get('csrf_token')
self.assertIsNotNone(csrf_token_field)
self.assertEqual(csrf_token_field.title, 'Csrf Token')
def test_context_billing_email_allowed_for_billing_email(self):
from pyramid_bimt.views.user import deferred_user_billing_email_validator # noqa
schema = SQLAlchemySchemaNode(User)
self.request.context = User.by_email('*****@*****.**')
self.request.POST['email'] = '*****@*****.**'
validator = deferred_user_billing_email_validator(
None, {'request': self.request})
self.assertFalse(validator(schema.get('email'), '*****@*****.**'))
def test_disable_expired_addon(self, mocked_date):
mocked_date.today.return_value = date(2013, 12, 30)
user = User.by_email('*****@*****.**')
user.valid_to = date(2013, 12, 31)
user.set_property('addon_1_valid_to', date(2013, 12, 29))
user.groups.append(Group(name='foo', product_id=1))
transaction.commit()
expire_subscriptions()
user = User.by_email('*****@*****.**')
self.assertTrue(user.enabled)
self.assertEqual([g.name for g in user.groups], ['admins', 'enabled'])
self.assertEqual(len(user.audit_log_entries), 1)
self.assertEqual(user.audit_log_entries[0].event_type.name,
u'UserDisabled')
self.assertEqual(
user.audit_log_entries[0].comment,
u'Addon "foo" disabled for user [email protected] (1) because its '
u'valid_to (2013-12-29) has expired.',
)
def test_loginas_view_submit_success(self):
from pyramid_bimt.models import User
from pyramid_bimt.views.auth import LoginAs
context = User.by_email('*****@*****.**')
request = testing.DummyRequest(
layout_manager=mock.Mock(),
session=mock.Mock(),
)
form_values = {'email': '*****@*****.**'}
request.user = context
view = LoginAs(request)
resp = view.login_as_success(form_values)
self.assertEqual(resp.location, 'http://example.com')
request.session.flash.assert_called_once_with(
u'You have successfully logged in as user "*****@*****.**".')
def test_loginas_view_submit_user_as_staff_member(self):
from pyramid_bimt.models import User
from pyramid_bimt.views.auth import LoginAs
context = User.by_email('*****@*****.**')
self.config.testing_securitypolicy(userid='*****@*****.**',
permissive=False)
request = testing.DummyRequest(
layout_manager=mock.Mock(),
session=mock.Mock(),
)
form_values = {'email': '*****@*****.**'}
request.user = context
view = LoginAs(request)
self.assertIsNone(view.login_as_success(form_values))
request.session.flash.assert_called_once_with(
u'You do not have permission to login as staff user.', 'error')
def login_success(self, appstruct):
came_from = self.request.params.get('came_from',
self.request.application_url)
email = appstruct.get('email', '').lower()
password = appstruct.get('password')
user = User.by_email(email)
if (password is not None and user is not None
and verify(password, user.password)):
headers = remember(self.request, user.email)
self.request.registry.notify(
UserLoggedIn(self.request,
user,
comment=self.user_agent_info()) # noqa
)
return HTTPFound(location=came_from, headers=headers)
self.request.session.flash(u'Login failed.', 'error')
def reset_password_success(self, appstruct):
email = appstruct['email'].lower()
user = User.by_email(email)
if user is not None:
# change user's password and fire event
password = generate()
user.password = encrypt(password)
self.request.registry.notify(
UserChangedPassword(self.request, user, password))
self.request.session.flash(
u'A new password was sent to your email.')
return HTTPFound(location=self.request.route_path('login'))
self.request.session.flash(
u'Password reset failed. Make sure you '
'have correctly entered your email address.', 'error')
def test_create_new_user(self):
post = {
'ccustname': 'John Smith',
'ccustemail': '*****@*****.**',
'ctransaction': 'SALE',
'ctransaffiliate': '*****@*****.**',
'ctransreceipt': 123,
'cproditem': 1,
'cverify': 'F718EC5F',
}
resp = self.testapp.post('/jvzoo/', params=post, status=200)
self.assertEqual('Done.', resp.text)
user = User.by_email('*****@*****.**')
self.assertEqual(user.fullname, 'John Smith')
self.assertEqual(user.affiliate, '*****@*****.**')
self.assertEqual(user.trial, True)
self.assertEqual(user.valid_to, date.today() + timedelta(days=7))
self.assertEqual(user.last_payment, date.today())
self.assertTrue(user.enabled)
self.assertEqual(len(user.audit_log_entries), 2)
self.assertEqual(
user.audit_log_entries[0].event_type.name, u'UserCreated')
self.assertEqual(
user.audit_log_entries[0].comment,
u'Created by jvzoo, transaction id: 123, type: SALE, note: ',
)
self.assertEqual(
user.audit_log_entries[1].event_type.name, u'UserEnabled')
self.assertEqual(
user.audit_log_entries[1].comment,
u'Enabled by jvzoo, transaction id: 123, type: SALE, note: trial until {}'.format( # noqa
date.today() + timedelta(days=7)),
)
self.assertEqual(len(self.mailer.outbox), 1)
self.assertEqual(self.mailer.outbox[0].subject, u'Welcome to BIMT!')
self.assertIn(u'Hello John Smith', self.mailer.outbox[0].html) # noqa
self.assertIn(u'here are your login details for the membership area', self.mailer.outbox[0].html) # noqa
self.assertIn(u'u: [email protected]', self.mailer.outbox[0].html) # noqa
self.assertIn(u'p: ', self.mailer.outbox[0].html) # noqa
self.assertIn(u'Best wishes', self.mailer.outbox[0].html) # noqa
self.assertIn(u'<a href="http://blog.bigimtoolbox.com/">visit our blog</a>', self.mailer.outbox[0].html) # noqa
def test_test_success_non_unicode(self):
add_users()
self.request.user = User.by_email('*****@*****.**')
self.request.context = _make_mailing(
id=1,
name='foo',
groups=None,
exclude_groups=None,
trigger=MailingTriggers.never.name,
days=0,
subject='Subject',
body='Body',
)
with self.assertRaises(AssertionError) as cm:
self.view.test_success(self.APPSTRUCT)
self.assertEqual(
cm.exception.message,
'Mail body type must be unicode, not <type \'str\'>!')
def test_test_success(self):
add_users()
self.request.user = User.by_email('*****@*****.**')
self.request.context = Mailing.by_name('welcome_email')
result = self.view.test_success(self.APPSTRUCT)
self.assertIsInstance(result, HTTPFound)
self.assertEqual(result.location, '/mailing/4/edit/')
self.assertEqual(
self.request.session.pop_flash(),
[u'Mailing "welcome_email" sent to "*****@*****.**".'],
)
mailer = get_mailer(self.request)
self.assertEqual(len(mailer.outbox), 1)
self.assertEqual(mailer.outbox[0].subject,
u'[Mailing Test] Über Welcome!')
self.assertIn('This mailing would be sent to:', mailer.outbox[0].html)
self.assertIn('*****@*****.**', mailer.outbox[0].html)
def test_not_in_unsubscribed(self, get_current_request):
get_current_request.return_value = self.request
add_routes_user(self.config)
self.request.user = User.by_email('*****@*****.**')
self.request.context = _make_mailing(
id=123,
name='excluded',
groups=[Group.by_name('admins'),
Group.by_name('enabled')],
exclude_groups=[],
body=u'Body',
subject=u'Subject')
mailer = get_mailer(self.request)
self.request.context.send(self.request.user)
self.assertEqual(len(mailer.outbox), 1)
self.assertEqual(mailer.outbox[0].subject, u'Subject')
self.assertNotIn('Unsubscribe from our Newsletter',
mailer.outbox[0].html) # noqa
def test_new_user_no_trial(self, mocked_date):
Group.by_name('monthly').trial_validity = None
mocked_date.today.return_value = date(2013, 12, 30)
view = IPNView(testing.DummyRequest())
view.provider = 'clickbank'
view.params = AttrDict({
'email': '*****@*****.**',
'fullname': u'Föo Bar',
'trans_type': 'SALE',
'trans_id': 123,
'product_id': 1,
'affiliate': '*****@*****.**',
})
resp = view.ipn()
self.assertEqual(resp, 'Done.')
user = User.by_email('*****@*****.**')
self.assertEqual(user.enabled, True)
self.assertEqual(user.trial, False)
self.assertEqual(user.affiliate, '*****@*****.**')
self.assertEqual(user.valid_to, date(2014, 1, 30))
self.assertEqual(user.last_payment, date(2013, 12, 30))
self.assertEqual(len(user.audit_log_entries), 2)
self.assertEqual(
user.audit_log_entries[0].event_type.name, u'UserCreated')
self.assertEqual(
user.audit_log_entries[0].comment,
u'Created by clickbank, transaction id: 123, type: SALE, note: ',
)
self.assertEqual(
user.audit_log_entries[1].event_type.name, u'UserEnabled')
self.assertEqual(
user.audit_log_entries[1].comment,
u'Enabled by clickbank, transaction id: 123, type: SALE, note: '
u'regular until 2014-01-30',
)
def test_loginas_view_submit_success_as_user(self):
from pyramid_bimt.models import User
from pyramid_bimt.models import Group
from pyramid_bimt.views.auth import LoginAs
Session.add(
User(email='*****@*****.**', groups=[
Group.by_name('enabled'),
]))
context = User.by_email('*****@*****.**')
context.groups.append(Group.by_name('impersonators'))
request = testing.DummyRequest(
layout_manager=mock.Mock(),
session=mock.Mock(),
)
form_values = {'email': '*****@*****.**'}
request.user = context
view = LoginAs(request)
resp = view.login_as_success(form_values)
self.assertEqual(resp.location, 'http://example.com')
request.session.flash.assert_called_once_with(
u'You have successfully logged in as user "*****@*****.**".')
def test_appstruct_full_context(self):
from pyramid_bimt.tests.test_group_model import _make_group
self.request.context = _make_group(
name='foo',
product_id=13,
validity=31,
trial_validity=7,
addon=True,
forward_ipn_to_url='http://example.com')
self.request.context.set_property('foo', u'bar')
self.request.context.users = [
User.by_email('*****@*****.**'),
]
self.request.context.upgrade_groups = [
_make_group(name='group2'),
]
self.assertEqual(
self.view(self.request).appstruct(), {
'name': 'foo',
'product_id': 13,
'validity': 31,
'trial_validity': 7,
'addon': True,
'forward_ipn_to_url': 'http://example.com',
'users': [
'3',
],
'upgrade_groups': [
'8',
],
'properties': [
{
'key': u'foo',
'value': u'bar'
},
],
})
