def new_rad_by_name():
if not g.user:
return error_response('login required')
try:
parse(request.form['rad'])
except ParseError as e:
return error_response('parse error: {0}'.format(e.message))
session = Client().session()
lib_name = request.form['lib']
association_id = request.form['association_id']
try:
find_association(association_id)
except NoResultFound:
return error_response('no such association')
try:
lib = session.query(Lib).\
filter(Lib.name == lib_name).\
filter(Lib.association_id == association_id).\
one()
except NoResultFound:
return error_response("no such lib '{0}'".format(lib_name))
rad = Rad(created_by=g.user.user_id,
lib_id=lib.lib_id,
rad=request.form['rad'])
session.add(rad)
radlibs.lib.decache_lib(lib.name, lib.association_id)
return {
'status': 'ok',
'rad_id': rad.rad_id,
}
def test_invite_new_user_to_association(self, user, send_invitation_mail):
user.email = "*****@*****.**"
session = Client().session()
association = Association(name='prancing ponies')
session.add(association)
session.flush()
session.add(UserAssociation(user_id=user.user_id,
association_id=association.association_id))
session.flush()
response = self.app.post(
'/association/{0}/invite_user'.format(association.association_id),
data={'email': '*****@*****.**'})
eq_(response.status_code, 200, response.data)
body = json.loads(response.data)
eq_(body, {'status': 'ok', 'action': 'invited'})
invite = session.query(AssociationInvite).one()
eq_(invite.email, '*****@*****.**')
eq_(invite.association_id, association.association_id)
send_invitation_mail.assert_called_once_with(
'*****@*****.**',
'*****@*****.**',
'prancing ponies',
'http://localhost/accept_invitation/{0}/'.format(invite.token))
def edit_rad(rad_id):
if rad_id == 0:
abort(404)
if not g.user:
return error_response('login required')
try:
parse(request.form['rad'])
except ParseError as e:
return error_response('parse error: {0}'.format(e.message))
session = Client().session()
try:
(rad, lib) = session.query(Rad, Lib).\
join(Lib).\
join(Association).\
join(UserAssociation).\
filter(UserAssociation.user_id == g.user.user_id).\
filter(Rad.rad_id == rad_id).\
one()
except NoResultFound:
return error_response('no such rad')
rad.rad = request.form['rad']
session.add(rad)
radlibs.lib.decache_lib(lib.name, lib.association_id)
return {'status': 'ok'}
def test_no_such_lib_raises_keyerror(self, g):
session = Client().session()
association = Association(name="prancing ponies")
session.add(association)
session.flush()
g.association_id = association.association_id
radlibs.lib.load_lib('Loot')
def find_association(association_id):
session = Client().session()
return session.query(Association).\
join(UserAssociation,
UserAssociation.association_id == Association.association_id).\
filter(Association.association_id == association_id).\
filter(UserAssociation.user_id == g.user.user_id).\
one()
def test_generate(self):
session = Client().session()
association = Association(name='crazy train')
session.add(association)
session.flush()
invite = AssociationInvite.generate(association.association_id,
'*****@*****.**')
def test_generate_token(self):
session = Client().session()
user = User()
session.add(user)
session.flush()
token = EmailVerificationToken.generate(user)
eq_(len(token.token), 32)
def test_breadcrumb_for_an_association(self):
session = Client().session()
association = Association(name="Harpy")
session.add(association)
session.flush()
with app.app_context():
crumb = breadcrumb_for(association)
eq_(crumb, ('Harpy', 'http://localhost/association/{0}'.format(
association.association_id)))
def register():
db_session = Client().session()
user = User(
email=request.form['email'],
identifier=session['partial_user']['identifier'])
db_session.add(user)
db_session.flush()
token = EmailVerificationToken.generate(user)
send_verification_mail(
user, url_for('verify_email', token=token.token, _external=True))
session['user'] = {'email': user.email, 'identifier': user.identifier}
return redirect(request.form['redirect_uri'])
def test_create_new_association(self, user):
session = Client().session()
response = self.app.post('/association/new',
data={'name': 'codescouts'})
association = session.query(Association).one()
user_association = session.query(UserAssociation).one()
eq_(user_association.association_id, association.association_id)
eq_(user_association.user_id, user.user_id)
eq_(association.name, 'codescouts')
eq_(response.status_code, 302, response.data)
eq_(response.headers['Location'],
'http://localhost/association/{0}'.format(
association.association_id))
def test_test_radlib_requires_login(self):
session = Client().session()
association = Association(name="somebody's private stuff")
session.add(association)
session.flush()
response = self.app.post(
'/association/{0}/test_radlib'.format(association.association_id),
data={'rad': 'I ate some <Food>'})
eq_(response.status_code, 200)
body = json.loads(response.data)
eq_(body, {
'status': 'error',
'error': 'login required'})
def test_bypass_login__new_user(self):
session = Client().session()
response = self.app.post('/login_bypass', data={
'email': '*****@*****.**',
'identifier': 'http://www.facebook.com/itsme',
})
eq_(response.status_code, 302)
eq_(response.headers['Location'], 'http://localhost/')
user = session.query(User).one()
eq_(user.email, '*****@*****.**')
eq_(user.identifier, 'http://www.facebook.com/itsme')
def test_bypass_login__existing_user(self):
session = Client().session()
user = User(identifier='http://www.facebook.com/itsme',
email='*****@*****.**')
session.add(user)
session.flush()
response = self.app.post('/login_bypass', data={
'email': '*****@*****.**',
'identifier': 'http://www.facebook.com/itsme',
})
eq_(response.status_code, 302)
eq_(response.headers['Location'], 'http://localhost/')
def test_hmac_auth__invalid_datetime_format(self):
session = Client().session()
user = User(api_key='hurfdurf')
session.add(user)
session.flush()
response = self.app.post(
'/test_authorization', data={'user_id': user.user_id,
'signature': 'johnhancock',
'time': 'beer:30',
'other_param': 'frabjous'})
eq_(response.status_code, 200, response.data)
body = json.loads(response.data)
eq_(body, {'status': 'error', 'error': 'not logged in'})
def test_add_new_rad__requires_correct_user(self, user):
session = Client().session()
other_user = User()
association_id = self.create_association(other_user)
lib = Lib(name="Song", association_id=association_id)
session.add(lib)
session.flush()
response = self.app.post('/lib/{0}/rad/new'.format(lib.lib_id),
data={'rad': '<Song_which_never_ends>'})
eq_(response.status_code, 200)
body = json.loads(response.data)
eq_(body, {
'status': 'error',
'error': 'no such lib'})
def test_hmac_auth__user_has_no_api_key(self):
session = Client().session()
user = User()
session.add(user)
session.flush()
time = datetime.datetime.utcnow().strftime('%Y%m%dT%H:%M:%S')
signature = "mloop droop"
response = self.app.post(
'/test_authorization', data={'user_id': user.user_id,
'signature': signature,
'time': time,
'other_param': 'frabjous'})
eq_(response.status_code, 200, response.data)
body = json.loads(response.data)
eq_(body, {'status': 'error', 'error': 'not logged in'})
def token_url():
token = request.form['token']
api_params = {
'token': token,
'apiKey': os.environ['ENGAGE_API_KEY'],
'format': 'json',
}
response = requests.get('https://rpxnow.com/api/v2/auth_info',
params=api_params)
auth_info = json.loads(response.text)
if 'profile' not in auth_info:
return make_response('An error occurred interacting with your '
'identity provider. Since that does not '
'usually happen unless you are a radlibs '
'developer, here is the error in all its '
'terrible beauty: ' + response.text)
identifier = auth_info['profile']['identifier']
email = auth_info['profile'].get('email')
redirect_uri = request.form.get('redirect_uri', '/')
db_session = Client().session()
try:
user = db_session.query(User).\
filter(User.identifier == identifier).\
one()
except NoResultFound:
if email:
existing_users = db_session.query(User).\
filter(User.email == email).\
all()
if existing_users:
provider = provider_for_identifier(
existing_users[0].identifier)
return render_template(
'identifier_mismatch.html.jinja',
existing_provider=provider)
user = User(email=email,
identifier=identifier,
email_verified_at=utcnow())
db_session.add(user)
else:
session['partial_user'] = {'identifier': identifier}
return redirect(url_for('show_registration',
redirect_uri=redirect_uri))
session['user'] = {'identifier': identifier, 'email': email}
return redirect(redirect_uri)
def load_lib(lib_name):
lib_key = '{0}:{1}'.format(g.association_id, lib_name)
lib = app.cache.get(lib_key)
if not lib:
session = Client().session()
lib = session.query(Rad.rad).\
join(Lib, Lib.lib_id == Rad.lib_id).\
filter(Lib.name == lib_name).\
filter(Lib.association_id == g.association_id).\
all()
if not lib:
raise KeyError(lib_name)
lib = [rad[0] for rad in lib]
app.cache.set(lib_key, lib, timeout=60*60)
return lib
def test_add_user_to_association_requires_correct_login(self, user):
session = Client().session()
association = Association(name='prancing ponies')
session.add(association)
session.flush()
response = self.app.post(
'/association/{0}/invite_user'.format(association.association_id),
data={'email': '*****@*****.**'})
eq_(response.status_code, 200)
body = json.loads(response.data)
eq_(body, {
'status': 'error',
'error': 'no such association'})
def test_create_new_lib(self, user):
session = Client().session()
association_id = self.create_association(user)
response = self.app.post(
'/association/{0}/lib/new'.format(association_id),
data={"name": "Rant"})
lib = session.query(Lib).one()
eq_(lib.name, 'Rant')
eq_(response.status_code, 200, response.data)
body = json.loads(response.data)
eq_(body, {
'status': 'ok',
'lib_id': lib.lib_id,
})
def bypass_login():
if not app.config['DEBUG']:
abort(404)
db_session = Client().session()
email = request.form['email']
identifier = request.form['identifier']
try:
user = db_session.query(User).\
filter(User.identifier == identifier).\
one()
except NoResultFound:
user = User()
user.email = email
user.identifier = identifier
db_session.add(user)
session['user'] = {'identifier': identifier, 'email': email}
return redirect('/')
def test_create_new_lib__lib_already_exists(self, user):
session = Client().session()
association_id = self.create_association(user)
lib = Lib(name="Rant", association_id=association_id)
session.add(lib)
session.flush()
response = self.app.post(
'/association/{0}/lib/new'.format(association_id),
data={"name": "Rant"})
eq_(response.status_code, 200, response.data)
body = json.loads(response.data)
eq_(body, {
'status': 'error',
'error': 'lib already exists'
})
def test_new_rad_by_name__missing_params(self, user):
session = Client().session()
association_id = self.create_association(user)
lib = Lib(name="Song", association_id=association_id)
session.add(lib)
session.flush()
response = self.app.post('/lib/rad/new', data={
'lib': 'Song',
'rad': 'Stairway to <Location>',
})
eq_(response.status_code, 200)
body = json.loads(response.data)
eq_(body, {
'status': 'error',
'error': "missing param 'association_id'"
})
def test_add_new_rad_by_name__syntax_error(self, user):
session = Client().session()
association_id = self.create_association(user)
lib = Lib(name="Song", association_id=association_id)
session.add(lib)
session.flush()
response = self.app.post('/lib/rad/new', data={
'association_id': association_id,
'lib': 'Song',
'rad': 'All you need is <Emotion',
})
eq_(response.status_code, 200)
body = json.loads(response.data)
eq_(body, {'status': 'error',
'error': "parse error: Unexpected token '<' at line 1 "
"character 17 of 'All you need is <Emotion'"})
def test_authenticate_with_hmac_signature(self):
session = Client().session()
user = User(api_key='hurfdurf')
session.add(user)
session.flush()
time = datetime.datetime.utcnow().strftime('%Y%m%dT%H:%M:%S')
endpoint = '/test_authorization'
plaintext = "{0}\nother_param: frabjous\n{1}\n{2}".format(
time, endpoint, 'hurfdurf')
signature = sha.sha(plaintext).hexdigest()
response = self.app.post(
endpoint, data={'user_id': user.user_id,
'signature': signature,
'time': time,
'other_param': 'frabjous'})
eq_(response.status_code, 200, response.data)
body = json.loads(response.data)
eq_(body, {'status': 'ok'})
def test_hmac_auth__time_must_be_within_five_minutes_of_server(self):
session = Client().session()
user = User(api_key='hurfdurf')
session.add(user)
session.flush()
time = '20010101T01:01:01'
endpoint = '/test_authorization'
plaintext = "{0}\nother_param: frabjous\n{1}\n{2}".format(
time, endpoint, 'hurfdurf')
signature = sha.sha(plaintext).hexdigest()
response = self.app.post(
endpoint, data={'user_id': user.user_id,
'signature': signature,
'time': time,
'other_param': 'frabjous'})
eq_(response.status_code, 200, response.data)
body = json.loads(response.data)
eq_(body, {'status': 'error', 'error': 'not logged in'})
def create_lib(association_id):
if not g.user:
return error_response('login required')
name = request.form['name']
if not re.search('^[A-Z][a-z_]*$', name):
return error_response("'{0}' is not a valid lib name".format(name))
session = Client().session()
try:
find_association(association_id)
except NoResultFound:
return error_response('no such association')
lib = Lib(association_id=association_id,
name=name)
session.add(lib)
try:
session.flush()
except IntegrityError:
return error_response('lib already exists')
return {'status': 'ok', 'lib_id': lib.lib_id}
def test_new_rad_by_name__requires_correct_login(self, user):
session = Client().session()
other_user = User()
association_id = self.create_association(other_user)
lib = Lib(name="Song", association_id=association_id)
session.add(lib)
session.flush()
response = self.app.post('/lib/rad/new', data={
'association_id': association_id,
'lib': 'Song',
'rad': 'The sound of <Sound>',
})
eq_(response.status_code, 200)
body = json.loads(response.data)
eq_(body, {
"status": 'error',
'error': "no such association",
})
def test_add_new_rad__requires_user(self):
session = Client().session()
association = Association(name='Partytown')
session.add(association)
session.flush()
lib = Lib(name="Animal", association_id=association.association_id)
session.add(lib)
session.flush()
response = self.app.post('/lib/{0}/rad/new'.format(lib.lib_id),
data={'rad': 'what is happening'})
eq_(response.status_code, 200)
body = json.loads(response.data)
eq_(body, {
'status': 'error',
'error': 'login required'})
def test_edit_rad(self, user):
session = Client().session()
association_id = self.create_association(user)
lib = Lib(name="Band", association_id=association_id)
session.add(lib)
session.flush()
rad = Rad(lib_id=lib.lib_id,
created_by=user.user_id,
rad='Huey Lewis and the Nws')
session.add(rad)
session.flush()
response = self.app.post('/lib/rad/{0}/edit'.format(rad.rad_id),
data={'rad': 'Huey Lewis and the News'})
eq_(response.status_code, 200, response.data)
body = json.loads(response.data)
eq_(body, {'status': 'ok'})