class TestViews(OsfTestCase): def setUp(self): super(TestViews, self).setUp() self.user = AuthUserFactory() self.user_addon = self.user.get_or_add_addon('twofactor') self.user_settings = self.user.get_addon('twofactor') def test_confirm_code(self): # Send a valid code to the API endpoint for the user settings. url = api_url_for('twofactor_settings_put') res = self.app.put_json( url, {'code': _valid_code(self.user_settings.totp_secret)}, auth=self.user.auth) # reload the user settings object from the DB self.user_settings.reload() assert_true(self.user_settings.is_confirmed) assert_equal(res.status_code, 200) def test_confirm_code_failure(self): url = api_url_for('twofactor_settings_put') res = self.app.put_json(url, {'code': '0000000'}, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 403) json = res.json assert_in('verification code', json['message_long']) # reload the user settings object from the DB self.user_settings.reload() assert_false(self.user_settings.is_confirmed)
class TestUtils(OsfTestCase): @mock.patch('website.addons.twofactor.models.push_status_message') def setUp(self, mocked): super(TestUtils, self).setUp() self.user = AuthUserFactory() self.user_addon = self.user.get_or_add_addon('twofactor') self.user_settings = self.user.get_addon('twofactor') def test_serialize_urls_enabled(self): urls = serialize_urls(self.user_addon) for key in ['enable', 'disable', 'settings', 'otpauth']: assert_in(key, urls) assert_equal(urls['otpauth'], self.user_addon.otpauth_url) def test_serialize_urls_disabled(self): urls = serialize_urls(None) for key in ['enable', 'disable', 'settings', 'otpauth']: assert_in(key, urls) assert_equal(urls['otpauth'], '') def test_serialize_settings_enabled_and_unconfirmed(self): settings = serialize_settings(Auth(self.user)) assert_true(settings['is_enabled']) assert_false(settings['is_confirmed']) assert_equal(settings['secret'], self.user_addon.totp_secret_b32) assert_equal(settings['drift'], self.user_addon.totp_drift) def test_serialize_settings_enabled_and_confirmed(self): self.user_addon.is_confirmed = True self.user_addon.save() settings = serialize_settings(Auth(self.user)) assert_true(settings['is_enabled']) assert_true(settings['is_confirmed']) assert_equal(settings['secret'], self.user_addon.totp_secret_b32) assert_equal(settings['drift'], self.user_addon.totp_drift) def test_serialize_settings_disabled(self): user = AuthUserFactory() settings = serialize_settings(Auth(user)) assert_false(settings['is_enabled']) assert_false(settings['is_confirmed']) assert_equal(settings['secret'], None) assert_equal(settings['drift'], None)
class TestGoogleDriveHgridViews(OsfTestCase): def setUp(self): super(TestGoogleDriveHgridViews, self).setUp() self.account = GoogleDriveAccountFactory() self.user = AuthUserFactory(external_accounts=[self.account]) self.user_settings = self.user.get_or_add_addon('googledrive') self.project = ProjectFactory(creator=self.user) self.project.add_addon('googledrive', Auth(self.user)) self.node_settings = self.project.get_addon('googledrive') self.node_settings.user_settings = self.user_settings self.user_settings.save() self.node_settings.save() # Log user in self.app.authenticate(*self.user.auth) @mock.patch.object(GoogleDriveClient, 'folders') def test_googledrive_folders(self, mock_drive_client_folders): folderId = '12345' self.node_settings.set_auth(external_account=self.account, user=self.user) self.node_settings.save() mock_drive_client_folders.return_value = sample_folder_data['items'] url = self.project.api_url_for('googledrive_folders', folderId=folderId) res = self.app.get(url) assert_equal(res.status_code, 200) assert_equal(len(res.json), len(sample_folder_data['items'])) @mock.patch( 'website.addons.googledrive.views.hgrid.GoogleDriveClient.about') def test_googledrive_folders_returns_only_root(self, mock_about): mock_about.return_value = {'rootFolderId': '24601'} self.node_settings.set_auth(external_account=self.account, user=self.user) self.node_settings.save() url = self.project.api_url_for('googledrive_folders') res = self.app.get(url, auth=self.user.auth) assert_equal(len(res.json), 1) assert_equal(res.status_code, 200) assert_equal(res.json[0]['id'], '24601')
class TestViews(OsfTestCase): @mock.patch('website.addons.twofactor.models.push_status_message') def setUp(self, mocked): super(TestViews, self).setUp() self.user = AuthUserFactory() self.user_addon = self.user.get_or_add_addon('twofactor') self.user_settings = self.user.get_addon('twofactor') def test_confirm_code(self): # Send a valid code to the API endpoint for the user settings. url = api_url_for('twofactor_settings_put') res = self.app.put_json( url, {'code': _valid_code(self.user_settings.totp_secret)}, auth=self.user.auth ) # reload the user settings object from the DB self.user_settings.reload() assert_true(self.user_settings.is_confirmed) assert_equal(res.status_code, 200) def test_confirm_code_failure(self): url = api_url_for('twofactor_settings_put') res = self.app.put_json( url, {'code': '0000000'}, auth=self.user.auth, expect_errors=True ) assert_equal(res.status_code, 403) json = res.json assert_in('verification code', json['message_long']) # reload the user settings object from the DB self.user_settings.reload() assert_false(self.user_settings.is_confirmed)
class TestRemove2Factor(AdminTestCase): def setUp(self): super(TestRemove2Factor, self).setUp() self.user = AuthUserFactory() @mock.patch('admin.users.views.User.delete_addon') def test_remove_two_factor_get(self, mock_delete_addon): guid = self.user._id request = RequestFactory().get('/fake_path') remove_2_factor(request, guid) mock_delete_addon.assert_called_with('twofactor') def test_integration_delete_two_factor(self): guid = self.user._id user_addon = self.user.get_or_add_addon('twofactor') assert_not_equal(user_addon, None) user_settings = self.user.get_addon('twofactor') assert_not_equal(user_settings, None) request = RequestFactory().post('/fake_path') remove_2_factor(request, guid) post_addon = self.user.get_addon('twofactor') assert_equal(post_addon, None)
class TestGoogleDriveHgridViews(OsfTestCase): def setUp(self): super(TestGoogleDriveHgridViews, self).setUp() self.account = GoogleDriveAccountFactory() self.user = AuthUserFactory(external_accounts=[self.account]) self.user_settings = self.user.get_or_add_addon('googledrive') self.project = ProjectFactory(creator=self.user) self.project.add_addon('googledrive', Auth(self.user)) self.node_settings = self.project.get_addon('googledrive') self.node_settings.user_settings = self.user_settings self.user_settings.save() self.node_settings.save() # Log user in self.app.authenticate(*self.user.auth) @mock.patch.object(GoogleDriveClient, 'folders') def test_googledrive_folders(self, mock_drive_client_folders): folderId = '12345' self.node_settings.set_auth(external_account=self.account, user=self.user) self.node_settings.save() mock_drive_client_folders.return_value = sample_folder_data['items'] url = self.project.api_url_for('googledrive_folders', folderId=folderId) res = self.app.get(url) assert_equal(res.status_code, 200) assert_equal(len(res.json), len(sample_folder_data['items'])) @mock.patch('website.addons.googledrive.views.hgrid.GoogleDriveClient.about') def test_googledrive_folders_returns_only_root(self, mock_about): mock_about.return_value = {'rootFolderId': '24601'} self.node_settings.set_auth(external_account=self.account, user=self.user) self.node_settings.save() url = self.project.api_url_for('googledrive_folders') res = self.app.get(url, auth=self.user.auth) assert_equal(len(res.json), 1) assert_equal(res.status_code, 200) assert_equal(res.json[0]['id'], '24601')
class TestRemove2Factor(AdminTestCase): def setUp(self): super(TestRemove2Factor, self).setUp() self.user = AuthUserFactory() self.request = RequestFactory().post('/fake_path') self.view = User2FactorDeleteView() self.view = setup_log_view(self.view, self.request, guid=self.user._id) @mock.patch('admin.users.views.User.delete_addon') def test_remove_two_factor_get(self, mock_delete_addon): self.view.delete(self.request) mock_delete_addon.assert_called_with('twofactor') def test_integration_delete_two_factor(self): user_addon = self.user.get_or_add_addon('twofactor') nt.assert_not_equal(user_addon, None) user_settings = self.user.get_addon('twofactor') nt.assert_not_equal(user_settings, None) count = OSFLogEntry.objects.count() self.view.delete(self.request) post_addon = self.user.get_addon('twofactor') nt.assert_equal(post_addon, None) nt.assert_equal(OSFLogEntry.objects.count(), count + 1)
class TestUserSettings(OsfTestCase): ADDONS_UNDER_TEST = { MockOAuth2Provider.short_name: { 'user_settings': MockUserSettings, 'node_settings': MockNodeSettings, } } @classmethod def setUpClass(cls): super(TestUserSettings, cls).setUpClass() @classmethod def tearDownClass(cls): super(TestUserSettings, cls).tearDownClass() def setUp(self): super(TestUserSettings, self).setUp() self.user = AuthUserFactory() self.user_settings = self.user.get_or_add_addon( MockUserSettings.oauth_provider.short_name ) self.external_account = ExternalAccountFactory() self.user.external_accounts.append(self.external_account) self.user.save() self.project = ProjectFactory(creator=self.user) def tearDown(self): super(TestUserSettings, self).tearDown() def test_connected_accounts_empty(self): self.user.external_accounts = [] assert_equal( self.user_settings.external_accounts, [] ) def test_connected_accounts(self): assert_equal( self.user_settings.external_accounts, [self.external_account] ) def test_verify_false_no_grants(self): assert_false( self.user_settings.verify_oauth_access( external_account=self.external_account, node=self.project ) ) def test_verify_false_with_grants(self): self.user_settings.grant_oauth_access( external_account=self.external_account, node=ProjectFactory() ) assert_false( self.user_settings.verify_oauth_access( external_account=self.external_account, node=self.project ) ) def test_verify_false_metadata(self): self.user_settings.grant_oauth_access( external_account=self.external_account, node=self.project, metadata={'foo': 'bar'} ) assert_false( self.user_settings.verify_oauth_access( external_account=self.external_account, node=self.project, metadata={'baz': 'qiz'} ) ) def test_verify_true(self): self.user_settings.grant_oauth_access( external_account=self.external_account, node=self.project ) assert_true( self.user_settings.verify_oauth_access( external_account=self.external_account, node=self.project ) ) def test_verify_true_with_metadata(self): self.user_settings.grant_oauth_access( external_account=self.external_account, node=self.project, metadata={'foo': 'bar'} ) assert_true( self.user_settings.verify_oauth_access( external_account=self.external_account, node=self.project, metadata={'foo': 'bar'} ) ) def test_grant(self): self.user_settings.grant_oauth_access( external_account=self.external_account, node=self.project ) assert_equal( self.user_settings.oauth_grants, { self.project._id: { self.external_account._id: {} } } ) def test_grant_not_owned(self): self.user.external_accounts = [] with assert_raises(PermissionsError): self.user_settings.grant_oauth_access( external_account=self.external_account, node=self.project ) assert_equal( self.user_settings.oauth_grants, {} ) def test_grant_metadata(self): self.user_settings.grant_oauth_access( external_account=self.external_account, node=self.project, metadata={'foo': 'bar'} ) assert_equal( self.user_settings.oauth_grants, { self.project._id: { self.external_account._id: {'foo': 'bar'} } } ) def test_on_delete(self): node_settings = self.project.get_or_add_addon( MockUserSettings.oauth_provider.short_name, auth=Auth(user=self.user) ) node_settings.set_auth( external_account=self.external_account, user=self.user ) self.user.delete_addon( MockUserSettings.oauth_provider.short_name ) node_settings.reload() assert_is_none(node_settings.external_account) assert_is_none(node_settings.user_settings)
class TestUserSettings(OsfTestCase): ADDONS_UNDER_TEST = { MockOAuth2Provider.short_name: { 'user_settings': MockUserSettings, 'node_settings': MockNodeSettings, } } @classmethod def setUpClass(cls): super(TestUserSettings, cls).setUpClass() @classmethod def tearDownClass(cls): super(TestUserSettings, cls).tearDownClass() def setUp(self): super(TestUserSettings, self).setUp() self.user = AuthUserFactory() self.user_settings = self.user.get_or_add_addon( MockUserSettings.oauth_provider.short_name) self.external_account = ExternalAccountFactory() self.user.external_accounts.append(self.external_account) self.user.save() self.project = ProjectFactory(creator=self.user) def tearDown(self): super(TestUserSettings, self).tearDown() def test_connected_accounts_empty(self): self.user.external_accounts = [] assert_equal(self.user_settings.external_accounts, []) def test_connected_accounts(self): assert_equal(self.user_settings.external_accounts, [self.external_account]) def test_verify_false_no_grants(self): assert_false( self.user_settings.verify_oauth_access( external_account=self.external_account, node=self.project)) def test_verify_false_with_grants(self): self.user_settings.grant_oauth_access( external_account=self.external_account, node=ProjectFactory()) assert_false( self.user_settings.verify_oauth_access( external_account=self.external_account, node=self.project)) def test_verify_false_metadata(self): self.user_settings.grant_oauth_access( external_account=self.external_account, node=self.project, metadata={'foo': 'bar'}) assert_false( self.user_settings.verify_oauth_access( external_account=self.external_account, node=self.project, metadata={'baz': 'qiz'})) def test_verify_true(self): self.user_settings.grant_oauth_access( external_account=self.external_account, node=self.project) assert_true( self.user_settings.verify_oauth_access( external_account=self.external_account, node=self.project)) def test_verify_true_with_metadata(self): self.user_settings.grant_oauth_access( external_account=self.external_account, node=self.project, metadata={'foo': 'bar'}) assert_true( self.user_settings.verify_oauth_access( external_account=self.external_account, node=self.project, metadata={'foo': 'bar'})) def test_grant(self): self.user_settings.grant_oauth_access( external_account=self.external_account, node=self.project) assert_equal(self.user_settings.oauth_grants, {self.project._id: { self.external_account._id: {} }}) def test_grant_not_owned(self): self.user.external_accounts = [] with assert_raises(PermissionsError): self.user_settings.grant_oauth_access( external_account=self.external_account, node=self.project) assert_equal(self.user_settings.oauth_grants, {}) def test_grant_metadata(self): self.user_settings.grant_oauth_access( external_account=self.external_account, node=self.project, metadata={'foo': 'bar'}) assert_equal( self.user_settings.oauth_grants, {self.project._id: { self.external_account._id: { 'foo': 'bar' } }}) @mock.patch( 'tests.test_addons_oauth.MockUserSettings.revoke_remote_oauth_access') @mock.patch('framework.auth.core._get_current_user') def test_revoke_remote_access_called(self, mock_decorator, mock_revoke): mock_decorator.return_value = self.user self.user_settings.delete() assert_equal(mock_revoke.call_count, 1) @mock.patch( 'tests.test_addons_oauth.MockUserSettings.revoke_remote_oauth_access') @mock.patch('framework.auth.core._get_current_user') def test_revoke_remote_access_not_called(self, mock_decorator, mock_revoke): mock_decorator.return_value = self.user user2 = AuthUserFactory() user2.external_accounts.append(self.external_account) user2.save() self.user_settings.delete() assert_equal(mock_revoke.call_count, 0) def test_on_delete(self): node_settings = self.project.get_or_add_addon( MockUserSettings.oauth_provider.short_name, auth=Auth(user=self.user)) node_settings.set_auth(external_account=self.external_account, user=self.user) self.user.delete_addon(MockUserSettings.oauth_provider.short_name) node_settings.reload() assert_is_none(node_settings.external_account) assert_is_none(node_settings.user_settings)
class TestAddonCount(OsfTestCase): def setUp(self): super(TestAddonCount, self).setUp() self.user = AuthUserFactory() self.node = ProjectFactory(creator=self.user) self.user.add_addon("github") self.user_addon = self.user.get_addon("github") self.external_account = GitHubAccountFactory(display_name="hmoco1") self.user_settings = self.user.get_or_add_addon("github") self.user_settings.save() self.user.external_accounts.append(self.external_account) self.user.save() self.node.add_addon("github", Auth(self.user)) self.node_addon = self.node.get_addon("github") self.node_addon.user = self.user.fullname self.node_addon.repo = "29 #Strafford APTS" self.node_addon.user_settings = self.user_addon self.node_addon.external_account = self.external_account self.node_addon.save() self.user_settings.grant_oauth_access(node=self.node, external_account=self.external_account) def tearDown(self): GitHubNodeSettings.remove() GitHubUserSettings.remove() GoogleDriveNodeSettings.remove() GoogleDriveUserSettings.remove() def test_run_for_all_addon(self): results = AddonSnapshot().get_events() names = [res["provider"]["name"] for res in results] for addon in ADDONS_AVAILABLE: assert_in(addon.short_name, names) def test_one_user_one_node_one_addon(self): results = AddonSnapshot().get_events() github_res = [res for res in results if res["provider"]["name"] == "github"][0] assert_equal(github_res["users"]["enabled"], 1) assert_equal(github_res["nodes"]["total"], 1) def test_one_user_one_node_one_addon_one_node_linked(self): results = AddonSnapshot().get_events() github_res = [res for res in results if res["provider"]["name"] == "github"][0] assert_equal(github_res["users"]["enabled"], 1) assert_equal(github_res["nodes"]["total"], 1) def test_one_user_with_multiple_githubs(self): oauth_settings2 = GitHubAccountFactory(display_name="hmoco2") oauth_settings2.save() self.user.external_accounts.append(oauth_settings2) self.user.save() results = AddonSnapshot().get_events() github_res = [res for res in results if res["provider"]["name"] == "github"][0] assert_equal(github_res["users"]["enabled"], 1) def test_one_user_with_multiple_addons(self): results = AddonSnapshot().get_events() github_res = [res for res in results if res["provider"]["name"] == "github"][0] googledrive_res = [res for res in results if res["provider"]["name"] == "googledrive"][0] assert_equal(github_res["users"]["enabled"], 1) assert_equal(googledrive_res["users"]["enabled"], 0) self.user.add_addon("googledrive") oauth_settings = GoogleDriveAccountFactory() oauth_settings.save() self.user.external_accounts.append(oauth_settings) self.user.save() results = AddonSnapshot().get_events() github_res = [res for res in results if res["provider"]["name"] == "github"][0] googledrive_res = [res for res in results if res["provider"]["name"] == "googledrive"][0] assert_equal(github_res["users"]["enabled"], 1) assert_equal(googledrive_res["users"]["enabled"], 1) def test_many_users_each_with_a_different_github(self): user = AuthUserFactory() user.add_addon("github") oauth_settings2 = GitHubAccountFactory(display_name="hmoco2") oauth_settings2.save() user.external_accounts.append(oauth_settings2) user.save() results = AddonSnapshot().get_events() github_res = [res for res in results if res["provider"]["name"] == "github"][0] assert_equal(github_res["users"]["enabled"], 2) assert_equal(github_res["users"]["authorized"], 1) assert_equal(github_res["users"]["linked"], 1) def test_many_users_each_with_the_same_github_enabled(self): user = AuthUserFactory() user.add_addon("github") user.external_accounts.append(self.external_account) user.save() results = AddonSnapshot().get_events() github_res = [res for res in results if res["provider"]["name"] == "github"][0] assert_equal(github_res["users"]["enabled"], 2) def test_github_enabled_not_linked_or_authorized(self): user = AuthUserFactory() user.add_addon("github") user.external_accounts.append(self.external_account) user.save() results = AddonSnapshot().get_events() github_res = [res for res in results if res["provider"]["name"] == "github"][0] assert_equal(github_res["users"]["enabled"], 2) assert_equal(github_res["users"]["authorized"], 1) assert_equal(github_res["users"]["linked"], 1) def test_one_node_with_multiple_addons(self): results = AddonSnapshot().get_events() github_res = [res for res in results if res["provider"]["name"] == "github"][0] googledrive_res = [res for res in results if res["provider"]["name"] == "googledrive"][0] assert_equal(github_res["nodes"]["total"], 1) assert_equal(googledrive_res["nodes"]["total"], 0) self.user.add_addon("googledrive") user_addon = self.user.get_addon("googledrive") oauth_settings = GoogleDriveAccountFactory() oauth_settings.save() self.user.external_accounts.append(oauth_settings) self.user.save() self.node.add_addon("googledrive", Auth(self.user)) node_addon = self.node.get_addon("googledrive") node_addon.user = self.user.fullname node_addon.user_settings = user_addon node_addon.external_account = oauth_settings node_addon.save() results = AddonSnapshot().get_events() github_res = [res for res in results if res["provider"]["name"] == "github"][0] googledrive_res = [res for res in results if res["provider"]["name"] == "googledrive"][0] assert_equal(github_res["nodes"]["total"], 1) assert_equal(googledrive_res["nodes"]["total"], 1) def test_many_nodes_with_one_addon(self): results = AddonSnapshot().get_events() github_res = [res for res in results if res["provider"]["name"] == "github"][0] assert_equal(github_res["nodes"]["total"], 1) node = ProjectFactory(creator=self.user) node.add_addon("github", Auth(self.user)) node_addon = node.get_addon("github") node_addon.user = self.user.fullname node_addon.repo = "8 (circle)" node_addon.user_settings = self.user_addon node_addon.external_account = self.external_account node_addon.save() node.save() results = AddonSnapshot().get_events() github_res = [res for res in results if res["provider"]["name"] == "github"][0] assert_equal(github_res["nodes"]["total"], 2) def test_node_count_deleted_addon(self): results = AddonSnapshot().get_events() github_res = [res for res in results if res["provider"]["name"] == "github"][0] assert_equal(github_res["nodes"]["deleted"], 0) node = ProjectFactory(creator=self.user) node.add_addon("github", Auth(self.user)) node_addon = node.get_addon("github") node_addon.delete() results = AddonSnapshot().get_events() github_res = [res for res in results if res["provider"]["name"] == "github"][0] assert_equal(github_res["nodes"]["deleted"], 1) def test_node_count_disconected_addon(self): results = AddonSnapshot().get_events() github_res = [res for res in results if res["provider"]["name"] == "github"][0] assert_equal(github_res["nodes"]["disconnected"], 0) node = ProjectFactory(creator=self.user) node.add_addon("github", Auth(self.user)) node_addon = node.get_addon("github") node_addon.external_account = None node_addon.save() results = AddonSnapshot().get_events() github_res = [res for res in results if res["provider"]["name"] == "github"][0] assert_equal(github_res["nodes"]["disconnected"], 1) def test_all_users_have_wiki_osfstorage_enabled(self): all_user_count = User.find().count() results = AddonSnapshot().get_events() osfstorage_res = [res for res in results if res["provider"]["name"] == "osfstorage"][0] wiki_res = [res for res in results if res["provider"]["name"] == "osfstorage"][0] assert_equal(osfstorage_res["users"]["enabled"], all_user_count) assert_equal(wiki_res["users"]["enabled"], all_user_count) def test_wiki_deleted_shows_as_deleted(self): node = ProjectFactory(creator=self.user) node.delete_addon("wiki", auth=Auth(self.user)) results = AddonSnapshot().get_events() wiki_res = [res for res in results if res["provider"]["name"] == "wiki"][0] assert_equal(wiki_res["nodes"]["deleted"], 1) def test_node_settings_has_no_owner_not_connected(self): self.node_addon.owner = None self.node_addon.save() results = AddonSnapshot().get_events() storage_res = [res for res in results if res["provider"]["name"] == "github"][0] assert_equal(storage_res["nodes"]["connected"], 0) def test_bookmark_collection_not_counted(self): BookmarkCollectionFactory(creator=self.user) all_node_count = Node.find().count() results = AddonSnapshot().get_events() storage_res = [res for res in results if res["provider"]["name"] == "osfstorage"][0] assert_equal(storage_res["nodes"]["connected"], all_node_count - 1)
class ApiAddonTestCase(ApiTestCase): """Base `TestCase` for tests that require interaction with addons. """ @abc.abstractproperty def short_name(self): pass @abc.abstractproperty def addon_type(self): pass @abc.abstractmethod def _apply_auth_configuration(self): pass @abc.abstractmethod def _set_urls(self): pass def _settings_kwargs(self, node, user_settings): return {"user_settings": self.user_settings, "folder_id": "1234567890", "owner": self.node} def setUp(self): super(ApiAddonTestCase, self).setUp() from tests.factories import ProjectFactory, AuthUserFactory from website.addons.base import ( AddonOAuthNodeSettingsBase, AddonNodeSettingsBase, AddonOAuthUserSettingsBase, AddonUserSettingsBase, ) assert self.addon_type in ("CONFIGURABLE", "OAUTH", "UNMANAGEABLE", "INVALID") self.account = None self.node_settings = None self.user_settings = None self.user = AuthUserFactory() self.auth = Auth(self.user) self.node = ProjectFactory(creator=self.user) if self.addon_type not in ("UNMANAGEABLE", "INVALID"): if self.addon_type in ("OAUTH", "CONFIGURABLE"): self.account = self.AccountFactory() self.user.external_accounts.append(self.account) self.user.save() self.user_settings = self.user.get_or_add_addon(self.short_name) self.node_settings = self.node.get_or_add_addon(self.short_name, auth=self.auth) if self.addon_type in ("OAUTH", "CONFIGURABLE"): self.node_settings.set_auth(self.account, self.user) self._apply_auth_configuration() if self.addon_type in ("OAUTH", "CONFIGURABLE"): assert isinstance(self.node_settings, AddonOAuthNodeSettingsBase) assert isinstance(self.user_settings, AddonOAuthUserSettingsBase) self.account_id = self.account._id if self.account else None self.set_urls() def tearDown(self): super(ApiAddonTestCase, self).tearDown() self.user.remove() self.node.remove() if self.node_settings: self.node_settings.remove() if self.user_settings: self.user_settings.remove() if self.account: self.account.remove()
class TestGoogleDriveConfigViews(OsfTestCase): def setUp(self): super(TestGoogleDriveConfigViews, self).setUp() self.account = GoogleDriveAccountFactory() self.user = AuthUserFactory(external_accounts=[self.account]) self.user_settings = self.user.get_or_add_addon('googledrive') self.project = ProjectFactory(creator=self.user) self.project.add_addon('googledrive', Auth(self.user)) self.node_settings = self.project.get_addon('googledrive') self.node_settings.user_settings = self.user_settings self.node_settings.save() self.user_settings.save() # Log user in self.app.authenticate(*self.user.auth) def test_list_googledrive_accounts_returns_accounts_single(self): url = api_url_for('list_googledrive_user_accounts') res = self.app.get(url) assert_equal(res.status_code, 200) assert_equal(len(res.json['accounts']), 1) assert_equal(res.json['accounts'][0]['provider_id'], self.account.provider_id) assert_equal(res.json['accounts'][0]['provider_name'], self.account.provider_name) def test_list_googledrive_accounts_returns_accounts_multiple(self): external_account = GoogleDriveAccountFactory() self.user.external_accounts.append(external_account) # self.account is already present self.user.save() url = api_url_for('list_googledrive_user_accounts') res = self.app.get(url) assert_equal(res.status_code, 200) assert_equal(len(res.json['accounts']), 2) def test_googledrive_config_get_return_correct_urls(self): url = self.project.api_url_for('googledrive_config_get') res = self.app.get(url) result = res.json['result'] assert_equal(result['urls']['accounts'], self.project.api_url_for('list_googledrive_user_accounts')) assert_equal(result['urls']['auth'], api_url_for('oauth_connect', service_name='googledrive')) assert_equal(result['urls']['config'], self.project.api_url_for('googledrive_config_put')) assert_equal(result['urls']['deauthorize'], self.project.api_url_for('googledrive_remove_user_auth')) assert_equal(result['urls']['files'], self.project.web_url_for('collect_file_trees')) assert_equal(result['urls']['folders'], self.project.api_url_for('googledrive_folders')) assert_equal(result['urls']['importAuth'], self.project.api_url_for('googledrive_import_user_auth')) assert_equal(result['urls']['settings'], web_url_for('user_addons')) def test_googledrive_config_get_has_auth(self): self.node_settings.set_auth(external_account=self.account, user=self.user) self.node_settings.save() url = self.project.api_url_for('googledrive_config_get') res = self.app.get(url) assert_equal(res.status_code, 200) result = res.json['result'] assert_true(result['nodeHasAuth']) def test_googledrive_config_get_does_not_has_auth(self): url = self.project.api_url_for('googledrive_config_get') res = self.app.get(url) result = res.json['result'] assert_false(result['nodeHasAuth']) def test_googledrive_config_put(self): self.node_settings.set_auth(external_account=self.account, user=self.user) self.node_settings.save() url = self.project.api_url_for('googledrive_config_put') selected = { 'path': 'Google Drive/ My Folder', 'name': 'Google Drive/ My Folder', 'id': '12345' } # Can set folder through API call res = self.app.put_json(url, {'selected': selected}, auth=self.user.auth) assert_equal(res.status_code, 200) self.node_settings.reload() self.project.reload() # Folder was set assert_equal(self.node_settings.folder_path, 'Google Drive/ My Folder') # A log event was created last_log = self.project.logs[-1] assert_equal(last_log.action, 'googledrive_folder_selected') params = last_log.params assert_equal(params['folder'], ' My Folder') def test_googledrive_import_user_auth(self): url = self.project.api_url_for('googledrive_import_user_auth', auth=self.user.auth) self.app.put_json(url, {'external_account_id': self.account._id}) self.node_settings.reload() assert_equal(self.node_settings.external_account, self.account) def test_googledrive_remove_user_auth(self): self.node_settings.set_auth(external_account=self.account, user=self.user) self.node_settings.save() assert_equal(self.node_settings.external_account, self.account) url = self.project.api_url_for('googledrive_remove_user_auth', auth=self.user.auth) self.app.delete(url) self.node_settings.reload() assert_equal(self.node_settings.external_account, None)
class TestBasicAuthenticationValidation(ApiTestCase): """Test that APIv2 requests can validate and respond to Basic Authentication""" TOTP_SECRET = "b8f85986068f8079aa9d" def setUp(self): super(TestBasicAuthenticationValidation, self).setUp() self.user1 = AuthUserFactory() self.user2 = AuthUserFactory() # Test projects for which a given user DOES and DOES NOT have appropriate permissions self.reachable_project = ProjectFactory(title="Private Project User 1", is_public=False, creator=self.user1) self.unreachable_project = ProjectFactory(title="Private Project User 2", is_public=False, creator=self.user2) self.reachable_url = "/{}nodes/{}/".format(API_BASE, self.reachable_project._id) self.unreachable_url = "/{}nodes/{}/".format(API_BASE, self.unreachable_project._id) # User1 can't access this def test_missing_credential_fails(self): res = self.app.get(self.unreachable_url, auth=None, expect_errors=True) assert_equal(res.status_code, 401) assert_equal(res.json.get("errors")[0]["detail"], "Authentication credentials were not provided.") def test_invalid_credential_fails(self): res = self.app.get(self.unreachable_url, auth=(self.user1.username, "invalid password"), expect_errors=True) assert_equal(res.status_code, 401) assert_equal(res.json.get("errors")[0]["detail"], "Invalid username/password.") def test_valid_credential_authenticates_and_has_permissions(self): res = self.app.get(self.reachable_url, auth=self.user1.auth) assert_equal(res.status_code, 200, msg=res.json) def test_valid_credential_authenticates_but_user_lacks_object_permissions(self): res = self.app.get(self.unreachable_url, auth=self.user1.auth, expect_errors=True) assert_equal(res.status_code, 403, msg=res.json) @mock.patch("website.addons.twofactor.models.push_status_message") def test_valid_credential_but_twofactor_required(self, mock_push_status_message): user1_addon = self.user1.get_or_add_addon("twofactor") user1_addon.totp_drift = 1 user1_addon.totp_secret = self.TOTP_SECRET user1_addon.is_confirmed = True user1_addon.save() res = self.app.get(self.reachable_url, auth=self.user1.auth, expect_errors=True) assert_equal(res.status_code, 401) assert_equal(res.headers["X-OSF-OTP"], "required; app") assert_equal(res.json.get("errors")[0]["detail"], "Must specify two-factor authentication OTP code.") @mock.patch("website.addons.twofactor.models.push_status_message") def test_valid_credential_twofactor_invalid_otp(self, mock_push_status_message): user1_addon = self.user1.get_or_add_addon("twofactor") user1_addon.totp_drift = 1 user1_addon.totp_secret = self.TOTP_SECRET user1_addon.is_confirmed = True user1_addon.save() res = self.app.get( self.reachable_url, auth=self.user1.auth, headers={"X-OSF-OTP": "invalid otp"}, expect_errors=True ) assert_equal(res.status_code, 401) assert_true("X-OSF-OTP" not in res.headers) assert_equal(res.json.get("errors")[0]["detail"], "Invalid two-factor authentication OTP code.") @mock.patch("website.addons.twofactor.models.push_status_message") def test_valid_credential_twofactor_valid_otp(self, mock_push_status_message): user1_addon = self.user1.get_or_add_addon("twofactor") user1_addon.totp_drift = 1 user1_addon.totp_secret = self.TOTP_SECRET user1_addon.is_confirmed = True user1_addon.save() res = self.app.get( self.reachable_url, auth=self.user1.auth, headers={"X-OSF-OTP": _valid_code(self.TOTP_SECRET)} ) assert_equal(res.status_code, 200)
class ApiAddonTestCase(ApiTestCase): """Base `TestCase` for tests that require interaction with addons. """ @abc.abstractproperty def short_name(self): pass @abc.abstractproperty def addon_type(self): pass @abc.abstractmethod def _apply_auth_configuration(self): pass @abc.abstractmethod def _set_urls(self): pass def _settings_kwargs(self, node, user_settings): return { 'user_settings': self.user_settings, 'folder_id': '1234567890', 'owner': self.node } def setUp(self): super(ApiAddonTestCase, self).setUp() from tests.factories import ( ProjectFactory, AuthUserFactory, ) from website.addons.base import (AddonOAuthNodeSettingsBase, AddonNodeSettingsBase, AddonOAuthUserSettingsBase, AddonUserSettingsBase) assert self.addon_type in ('CONFIGURABLE', 'OAUTH', 'UNMANAGEABLE', 'INVALID') self.account = None self.node_settings = None self.user_settings = None self.user = AuthUserFactory() self.auth = Auth(self.user) self.node = ProjectFactory(creator=self.user) if self.addon_type not in ('UNMANAGEABLE', 'INVALID'): if self.addon_type in ('OAUTH', 'CONFIGURABLE'): self.account = self.AccountFactory() self.user.external_accounts.append(self.account) self.user.save() self.user_settings = self.user.get_or_add_addon(self.short_name) self.node_settings = self.node.get_or_add_addon(self.short_name, auth=self.auth) if self.addon_type in ('OAUTH', 'CONFIGURABLE'): self.node_settings.set_auth(self.account, self.user) self._apply_auth_configuration() if self.addon_type in ('OAUTH', 'CONFIGURABLE'): assert isinstance(self.node_settings, AddonOAuthNodeSettingsBase) assert isinstance(self.user_settings, AddonOAuthUserSettingsBase) self.account_id = self.account._id if self.account else None self.set_urls() def tearDown(self): super(ApiAddonTestCase, self).tearDown() self.user.remove() self.node.remove() if self.node_settings: self.node_settings.remove() if self.user_settings: self.user_settings.remove() if self.account: self.account.remove()
class TestBasicAuthenticationValidation(ApiTestCase): """Test that APIv2 requests can validate and respond to Basic Authentication""" TOTP_SECRET = 'b8f85986068f8079aa9d' def setUp(self): super(TestBasicAuthenticationValidation, self).setUp() self.user1 = AuthUserFactory() self.user2 = AuthUserFactory() # Test projects for which a given user DOES and DOES NOT have appropriate permissions self.reachable_project = ProjectFactory(title="Private Project User 1", is_public=False, creator=self.user1) self.unreachable_project = ProjectFactory( title="Private Project User 2", is_public=False, creator=self.user2) self.reachable_url = "/{}nodes/{}/".format(API_BASE, self.reachable_project._id) self.unreachable_url = "/{}nodes/{}/".format( API_BASE, self.unreachable_project._id) # User1 can't access this def test_missing_credential_fails(self): res = self.app.get(self.unreachable_url, auth=None, expect_errors=True) assert_equal(res.status_code, 401) assert_equal( res.json.get("errors")[0]['detail'], 'Authentication credentials were not provided.') def test_invalid_credential_fails(self): res = self.app.get(self.unreachable_url, auth=(self.user1.username, 'invalid password'), expect_errors=True) assert_equal(res.status_code, 401) assert_equal( res.json.get("errors")[0]['detail'], 'Invalid username/password.') def test_valid_credential_authenticates_and_has_permissions(self): res = self.app.get(self.reachable_url, auth=self.user1.auth) assert_equal(res.status_code, 200, msg=res.json) def test_valid_credential_authenticates_but_user_lacks_object_permissions( self): res = self.app.get(self.unreachable_url, auth=self.user1.auth, expect_errors=True) assert_equal(res.status_code, 403, msg=res.json) def test_valid_credential_but_twofactor_required(self): user1_addon = self.user1.get_or_add_addon('twofactor') user1_addon.totp_drift = 1 user1_addon.totp_secret = self.TOTP_SECRET user1_addon.is_confirmed = True user1_addon.save() res = self.app.get(self.reachable_url, auth=self.user1.auth, expect_errors=True) assert_equal(res.status_code, 401) assert_equal(res.headers['X-OSF-OTP'], 'required; app') assert_equal( res.json.get("errors")[0]['detail'], 'Must specify two-factor authentication OTP code.') def test_valid_credential_twofactor_invalid_otp(self): user1_addon = self.user1.get_or_add_addon('twofactor') user1_addon.totp_drift = 1 user1_addon.totp_secret = self.TOTP_SECRET user1_addon.is_confirmed = True user1_addon.save() res = self.app.get(self.reachable_url, auth=self.user1.auth, headers={'X-OSF-OTP': 'invalid otp'}, expect_errors=True) assert_equal(res.status_code, 401) assert_true('X-OSF-OTP' not in res.headers) assert_equal( res.json.get("errors")[0]['detail'], 'Invalid two-factor authentication OTP code.') def test_valid_credential_twofactor_valid_otp(self): user1_addon = self.user1.get_or_add_addon('twofactor') user1_addon.totp_drift = 1 user1_addon.totp_secret = self.TOTP_SECRET user1_addon.is_confirmed = True user1_addon.save() res = self.app.get( self.reachable_url, auth=self.user1.auth, headers={'X-OSF-OTP': _valid_code(self.TOTP_SECRET)}) assert_equal(res.status_code, 200)
class TestAuthBasicAuthentication(OsfTestCase): TOTP_SECRET = 'b8f85986068f8079aa9d' def setUp(self): super(TestAuthBasicAuthentication, self).setUp() self.user1 = AuthUserFactory() self.user2 = AuthUserFactory() # Test projects for which a given user DOES and DOES NOT have appropriate permissions self.reachable_project = ProjectFactory(title="Private Project User 1", is_public=False, creator=self.user1) self.unreachable_project = ProjectFactory(title="Private Project User 2", is_public=False, creator=self.user2) self.reachable_url = self.reachable_project.web_url_for('view_project') self.unreachable_url = self.unreachable_project.web_url_for('view_project') def test_missing_credential_fails(self): res = self.app.get(self.unreachable_url, auth=None, expect_errors=True) assert_equal(res.status_code, 302) assert_true('Location' in res.headers) assert_true('/login' in res.headers['Location']) def test_invalid_credential_fails(self): res = self.app.get(self.unreachable_url, auth=(self.user1.username, 'invalid password'), expect_errors=True) assert_equal(res.status_code, 401) assert_true('<h2 id=\'error\' data-http-status-code="401">Unauthorized</h2>' in res.body) def test_valid_credential_authenticates_and_has_permissions(self): res = self.app.get(self.reachable_url, auth=self.user1.auth) assert_equal(res.status_code, 200) def test_valid_credential_authenticates_but_user_lacks_object_permissions(self): res = self.app.get(self.unreachable_url, auth=self.user1.auth, expect_errors=True) assert_equal(res.status_code, 403) def test_valid_credential_but_twofactor_required(self): user1_addon = self.user1.get_or_add_addon('twofactor') user1_addon.totp_drift = 1 user1_addon.totp_secret = self.TOTP_SECRET user1_addon.is_confirmed = True user1_addon.save() res = self.app.get(self.reachable_url, auth=self.user1.auth, expect_errors=True) assert_equal(res.status_code, 401) assert_true('<h2 id=\'error\' data-http-status-code="401">Unauthorized</h2>' in res.body) def test_valid_credential_twofactor_invalid_otp(self): user1_addon = self.user1.get_or_add_addon('twofactor') user1_addon.totp_drift = 1 user1_addon.totp_secret = self.TOTP_SECRET user1_addon.is_confirmed = True user1_addon.save() res = self.app.get(self.reachable_url, auth=self.user1.auth, headers={'X-OSF-OTP': 'invalid otp'}, expect_errors=True) assert_equal(res.status_code, 401) assert_true('<h2 id=\'error\' data-http-status-code="401">Unauthorized</h2>' in res.body) def test_valid_credential_twofactor_valid_otp(self): user1_addon = self.user1.get_or_add_addon('twofactor') user1_addon.totp_drift = 1 user1_addon.totp_secret = self.TOTP_SECRET user1_addon.is_confirmed = True user1_addon.save() res = self.app.get(self.reachable_url, auth=self.user1.auth, headers={'X-OSF-OTP': _valid_code(self.TOTP_SECRET)}) assert_equal(res.status_code, 200)
class TestUserSettings(OsfTestCase): @classmethod def setUpClass(cls): init_mock_addon() super(TestUserSettings, cls).setUpClass() @classmethod def tearDownClass(cls): remove_mock_addon() super(TestUserSettings, cls).tearDownClass() def setUp(self): super(TestUserSettings, self).setUp() self.user = AuthUserFactory() self.user_settings = self.user.get_or_add_addon( MockUserSettings.oauth_provider.short_name) self.external_account = ExternalAccountFactory() self.user.external_accounts.append(self.external_account) self.user.save() self.project = ProjectFactory(creator=self.user) def tearDown(self): super(TestUserSettings, self).tearDown() def test_connected_accounts_empty(self): self.user.external_accounts = [] assert_equal(self.user_settings.external_accounts, []) def test_connected_accounts(self): assert_equal(self.user_settings.external_accounts, [self.external_account]) def test_verify_false_no_grants(self): assert_false( self.user_settings.verify_oauth_access( external_account=self.external_account, node=self.project)) def test_verify_false_with_grants(self): self.user_settings.grant_oauth_access( external_account=self.external_account, node=ProjectFactory()) assert_false( self.user_settings.verify_oauth_access( external_account=self.external_account, node=self.project)) def test_verify_false_metadata(self): self.user_settings.grant_oauth_access( external_account=self.external_account, node=self.project, metadata={'foo': 'bar'}) assert_false( self.user_settings.verify_oauth_access( external_account=self.external_account, node=self.project, metadata={'baz': 'qiz'})) def test_verify_true(self): self.user_settings.grant_oauth_access( external_account=self.external_account, node=self.project) assert_true( self.user_settings.verify_oauth_access( external_account=self.external_account, node=self.project)) def test_verify_true_with_metadata(self): self.user_settings.grant_oauth_access( external_account=self.external_account, node=self.project, metadata={'foo': 'bar'}) assert_true( self.user_settings.verify_oauth_access( external_account=self.external_account, node=self.project, metadata={'foo': 'bar'})) def test_grant(self): self.user_settings.grant_oauth_access( external_account=self.external_account, node=self.project) assert_equal(self.user_settings.oauth_grants, {self.project._id: { self.external_account._id: {} }}) def test_grant_not_owned(self): self.user.external_accounts = [] with assert_raises(PermissionsError): self.user_settings.grant_oauth_access( external_account=self.external_account, node=self.project) assert_equal(self.user_settings.oauth_grants, {}) def test_grant_metadata(self): self.user_settings.grant_oauth_access( external_account=self.external_account, node=self.project, metadata={'foo': 'bar'}) assert_equal( self.user_settings.oauth_grants, {self.project._id: { self.external_account._id: { 'foo': 'bar' } }}) def test_on_delete(self): node_settings = self.project.get_or_add_addon( MockUserSettings.oauth_provider.short_name, auth=Auth(user=self.user)) node_settings.set_auth(external_account=self.external_account, user=self.user) self.user.delete_addon(MockUserSettings.oauth_provider.short_name) node_settings.reload() assert_is_none(node_settings.external_account) assert_is_none(node_settings.user_settings)
class TestAuthBasicAuthentication(OsfTestCase): TOTP_SECRET = 'b8f85986068f8079aa9d' def setUp(self): super(TestAuthBasicAuthentication, self).setUp() self.user1 = AuthUserFactory() self.user2 = AuthUserFactory() # Test projects for which a given user DOES and DOES NOT have appropriate permissions self.reachable_project = ProjectFactory(title="Private Project User 1", is_public=False, creator=self.user1) self.unreachable_project = ProjectFactory( title="Private Project User 2", is_public=False, creator=self.user2) self.reachable_url = self.reachable_project.web_url_for('view_project') self.unreachable_url = self.unreachable_project.web_url_for( 'view_project') def test_missing_credential_fails(self): res = self.app.get(self.unreachable_url, auth=None, expect_errors=True) assert_equal(res.status_code, 302) assert_true('Location' in res.headers) assert_true('/login' in res.headers['Location']) def test_invalid_credential_fails(self): res = self.app.get(self.unreachable_url, auth=(self.user1.username, 'invalid password'), expect_errors=True) assert_equal(res.status_code, 401) assert_true( '<h2 id=\'error\' data-http-status-code="401">Unauthorized</h2>' in res.body) def test_valid_credential_authenticates_and_has_permissions(self): res = self.app.get(self.reachable_url, auth=self.user1.auth) assert_equal(res.status_code, 200) def test_valid_credential_authenticates_but_user_lacks_object_permissions( self): res = self.app.get(self.unreachable_url, auth=self.user1.auth, expect_errors=True) assert_equal(res.status_code, 403) def test_valid_credential_but_twofactor_required(self): user1_addon = self.user1.get_or_add_addon('twofactor') user1_addon.totp_drift = 1 user1_addon.totp_secret = self.TOTP_SECRET user1_addon.is_confirmed = True user1_addon.save() res = self.app.get(self.reachable_url, auth=self.user1.auth, expect_errors=True) assert_equal(res.status_code, 401) assert_true( '<h2 id=\'error\' data-http-status-code="401">Unauthorized</h2>' in res.body) def test_valid_credential_twofactor_invalid_otp(self): user1_addon = self.user1.get_or_add_addon('twofactor') user1_addon.totp_drift = 1 user1_addon.totp_secret = self.TOTP_SECRET user1_addon.is_confirmed = True user1_addon.save() res = self.app.get(self.reachable_url, auth=self.user1.auth, headers={'X-OSF-OTP': 'invalid otp'}, expect_errors=True) assert_equal(res.status_code, 401) assert_true( '<h2 id=\'error\' data-http-status-code="401">Unauthorized</h2>' in res.body) def test_valid_credential_twofactor_valid_otp(self): user1_addon = self.user1.get_or_add_addon('twofactor') user1_addon.totp_drift = 1 user1_addon.totp_secret = self.TOTP_SECRET user1_addon.is_confirmed = True user1_addon.save() res = self.app.get( self.reachable_url, auth=self.user1.auth, headers={'X-OSF-OTP': _valid_code(self.TOTP_SECRET)}) assert_equal(res.status_code, 200)
class TestAddonCount(OsfTestCase): def setUp(self): super(TestAddonCount, self).setUp() self.user = AuthUserFactory() self.node = ProjectFactory(creator=self.user) self.user.add_addon('github') self.user_addon = self.user.get_addon('github') self.external_account = GitHubAccountFactory(display_name='hmoco1') self.user_settings = self.user.get_or_add_addon('github') self.user_settings.save() self.user.external_accounts.append(self.external_account) self.user.save() self.node.add_addon('github', Auth(self.user)) self.node_addon = self.node.get_addon('github') self.node_addon.user = self.user.fullname self.node_addon.repo = '29 #Strafford APTS' self.node_addon.user_settings = self.user_addon self.node_addon.external_account = self.external_account self.node_addon.save() self.user_settings.grant_oauth_access( node=self.node, external_account=self.external_account, ) def tearDown(self): GitHubNodeSettings.remove() GitHubUserSettings.remove() GoogleDriveNodeSettings.remove() GoogleDriveUserSettings.remove() def test_run_for_all_addon(self): results = AddonSnapshot().get_events() names = [res['provider']['name'] for res in results] for addon in ADDONS_AVAILABLE: assert_in(addon.short_name, names) def test_one_user_one_node_one_addon(self): results = AddonSnapshot().get_events() github_res = [ res for res in results if res['provider']['name'] == 'github' ][0] assert_equal(github_res['users']['enabled'], 1) assert_equal(github_res['nodes']['total'], 1) def test_one_user_one_node_one_addon_one_node_linked(self): results = AddonSnapshot().get_events() github_res = [ res for res in results if res['provider']['name'] == 'github' ][0] assert_equal(github_res['users']['enabled'], 1) assert_equal(github_res['nodes']['total'], 1) def test_one_user_with_multiple_githubs(self): oauth_settings2 = GitHubAccountFactory(display_name='hmoco2') oauth_settings2.save() self.user.external_accounts.append(oauth_settings2) self.user.save() results = AddonSnapshot().get_events() github_res = [ res for res in results if res['provider']['name'] == 'github' ][0] assert_equal(github_res['users']['enabled'], 1) def test_one_user_with_multiple_addons(self): results = AddonSnapshot().get_events() github_res = [ res for res in results if res['provider']['name'] == 'github' ][0] googledrive_res = [ res for res in results if res['provider']['name'] == 'googledrive' ][0] assert_equal(github_res['users']['enabled'], 1) assert_equal(googledrive_res['users']['enabled'], 0) self.user.add_addon('googledrive') oauth_settings = GoogleDriveAccountFactory() oauth_settings.save() self.user.external_accounts.append(oauth_settings) self.user.save() results = AddonSnapshot().get_events() github_res = [ res for res in results if res['provider']['name'] == 'github' ][0] googledrive_res = [ res for res in results if res['provider']['name'] == 'googledrive' ][0] assert_equal(github_res['users']['enabled'], 1) assert_equal(googledrive_res['users']['enabled'], 1) def test_many_users_each_with_a_different_github(self): user = AuthUserFactory() user.add_addon('github') oauth_settings2 = GitHubAccountFactory(display_name='hmoco2') oauth_settings2.save() user.external_accounts.append(oauth_settings2) user.save() results = AddonSnapshot().get_events() github_res = [ res for res in results if res['provider']['name'] == 'github' ][0] assert_equal(github_res['users']['enabled'], 2) assert_equal(github_res['users']['authorized'], 1) assert_equal(github_res['users']['linked'], 1) def test_many_users_each_with_the_same_github_enabled(self): user = AuthUserFactory() user.add_addon('github') user.external_accounts.append(self.external_account) user.save() results = AddonSnapshot().get_events() github_res = [ res for res in results if res['provider']['name'] == 'github' ][0] assert_equal(github_res['users']['enabled'], 2) def test_github_enabled_not_linked_or_authorized(self): user = AuthUserFactory() user.add_addon('github') user.external_accounts.append(self.external_account) user.save() results = AddonSnapshot().get_events() github_res = [ res for res in results if res['provider']['name'] == 'github' ][0] assert_equal(github_res['users']['enabled'], 2) assert_equal(github_res['users']['authorized'], 1) assert_equal(github_res['users']['linked'], 1) def test_one_node_with_multiple_addons(self): results = AddonSnapshot().get_events() github_res = [ res for res in results if res['provider']['name'] == 'github' ][0] googledrive_res = [ res for res in results if res['provider']['name'] == 'googledrive' ][0] assert_equal(github_res['nodes']['total'], 1) assert_equal(googledrive_res['nodes']['total'], 0) self.user.add_addon('googledrive') user_addon = self.user.get_addon('googledrive') oauth_settings = GoogleDriveAccountFactory() oauth_settings.save() self.user.external_accounts.append(oauth_settings) self.user.save() self.node.add_addon('googledrive', Auth(self.user)) node_addon = self.node.get_addon('googledrive') node_addon.user = self.user.fullname node_addon.user_settings = user_addon node_addon.external_account = oauth_settings node_addon.save() results = AddonSnapshot().get_events() github_res = [ res for res in results if res['provider']['name'] == 'github' ][0] googledrive_res = [ res for res in results if res['provider']['name'] == 'googledrive' ][0] assert_equal(github_res['nodes']['total'], 1) assert_equal(googledrive_res['nodes']['total'], 1) def test_many_nodes_with_one_addon(self): results = AddonSnapshot().get_events() github_res = [ res for res in results if res['provider']['name'] == 'github' ][0] assert_equal(github_res['nodes']['total'], 1) node = ProjectFactory(creator=self.user) node.add_addon('github', Auth(self.user)) node_addon = node.get_addon('github') node_addon.user = self.user.fullname node_addon.repo = '8 (circle)' node_addon.user_settings = self.user_addon node_addon.external_account = self.external_account node_addon.save() node.save() results = AddonSnapshot().get_events() github_res = [ res for res in results if res['provider']['name'] == 'github' ][0] assert_equal(github_res['nodes']['total'], 2) def test_node_count_deleted_addon(self): results = AddonSnapshot().get_events() github_res = [ res for res in results if res['provider']['name'] == 'github' ][0] assert_equal(github_res['nodes']['deleted'], 0) node = ProjectFactory(creator=self.user) node.add_addon('github', Auth(self.user)) node_addon = node.get_addon('github') node_addon.delete() results = AddonSnapshot().get_events() github_res = [ res for res in results if res['provider']['name'] == 'github' ][0] assert_equal(github_res['nodes']['deleted'], 1) def test_node_count_disconected_addon(self): results = AddonSnapshot().get_events() github_res = [ res for res in results if res['provider']['name'] == 'github' ][0] assert_equal(github_res['nodes']['disconnected'], 0) node = ProjectFactory(creator=self.user) node.add_addon('github', Auth(self.user)) node_addon = node.get_addon('github') node_addon.external_account = None node_addon.save() results = AddonSnapshot().get_events() github_res = [ res for res in results if res['provider']['name'] == 'github' ][0] assert_equal(github_res['nodes']['disconnected'], 1) def test_all_users_have_wiki_osfstorage_enabled(self): all_user_count = User.find().count() results = AddonSnapshot().get_events() osfstorage_res = [ res for res in results if res['provider']['name'] == 'osfstorage' ][0] wiki_res = [ res for res in results if res['provider']['name'] == 'osfstorage' ][0] assert_equal(osfstorage_res['users']['enabled'], all_user_count) assert_equal(wiki_res['users']['enabled'], all_user_count) def test_wiki_deleted_shows_as_deleted(self): node = ProjectFactory(creator=self.user) node.delete_addon('wiki', auth=Auth(self.user)) results = AddonSnapshot().get_events() wiki_res = [ res for res in results if res['provider']['name'] == 'wiki' ][0] assert_equal(wiki_res['nodes']['deleted'], 1) def test_node_settings_has_no_owner_not_connected(self): self.node_addon.owner = None self.node_addon.save() results = AddonSnapshot().get_events() storage_res = [ res for res in results if res['provider']['name'] == 'github' ][0] assert_equal(storage_res['nodes']['connected'], 0) def test_bookmark_collection_not_counted(self): BookmarkCollectionFactory(creator=self.user) all_node_count = Node.find().count() results = AddonSnapshot().get_events() storage_res = [ res for res in results if res['provider']['name'] == 'osfstorage' ][0] assert_equal(storage_res['nodes']['connected'], all_node_count - 1)
class TestGoogleDriveConfigViews(OsfTestCase): def setUp(self): super(TestGoogleDriveConfigViews, self).setUp() self.account = GoogleDriveAccountFactory() self.user = AuthUserFactory(external_accounts=[self.account]) self.user_settings = self.user.get_or_add_addon('googledrive') self.project = ProjectFactory(creator=self.user) self.project.add_addon('googledrive', Auth(self.user)) self.node_settings = self.project.get_addon('googledrive') self.node_settings.user_settings = self.user_settings self.node_settings.save() self.user_settings.save() # Log user in self.app.authenticate(*self.user.auth) def test_list_googledrive_accounts_returns_accounts_single(self): url = api_url_for('list_googledrive_user_accounts') res = self.app.get(url) assert_equal(res.status_code, 200) assert_equal(len(res.json['accounts']), 1) assert_equal(res.json['accounts'][0]['provider_id'], self.account.provider_id) assert_equal(res.json['accounts'][0]['provider_name'], self.account.provider_name) def test_list_googledrive_accounts_returns_accounts_multiple(self): external_account = GoogleDriveAccountFactory() self.user.external_accounts.append( external_account) # self.account is already present self.user.save() url = api_url_for('list_googledrive_user_accounts') res = self.app.get(url) assert_equal(res.status_code, 200) assert_equal(len(res.json['accounts']), 2) def test_googledrive_config_get_return_correct_urls(self): url = self.project.api_url_for('googledrive_config_get') res = self.app.get(url) assert_equal(res.status_code, http.OK) result = res.json['result'] assert_equal( result['urls']['accounts'], self.project.api_url_for('list_googledrive_user_accounts')) assert_equal(result['urls']['auth'], api_url_for('oauth_connect', service_name='googledrive')) assert_equal(result['urls']['config'], self.project.api_url_for('googledrive_config_put')) assert_equal(result['urls']['deauthorize'], self.project.api_url_for('googledrive_remove_user_auth')) assert_equal(result['urls']['files'], self.project.web_url_for('collect_file_trees')) assert_equal(result['urls']['folders'], self.project.api_url_for('googledrive_folders')) assert_equal(result['urls']['importAuth'], self.project.api_url_for('googledrive_import_user_auth')) assert_equal(result['urls']['settings'], web_url_for('user_addons')) def test_googledrive_config_get_has_auth(self): self.node_settings.set_auth(external_account=self.account, user=self.user) self.node_settings.save() url = self.project.api_url_for('googledrive_config_get') res = self.app.get(url) assert_equal(res.status_code, 200) result = res.json['result'] assert_true(result['nodeHasAuth']) def test_googledrive_config_get_does_not_has_auth(self): url = self.project.api_url_for('googledrive_config_get') res = self.app.get(url) result = res.json['result'] assert_false(result['nodeHasAuth']) def test_googledrive_config_put(self): self.node_settings.set_auth(external_account=self.account, user=self.user) self.node_settings.save() url = self.project.api_url_for('googledrive_config_put') selected = { 'path': 'Google Drive/ My Folder', 'name': 'Google Drive/ My Folder', 'id': '12345' } # Can set folder through API call res = self.app.put_json(url, {'selected': selected}, auth=self.user.auth) assert_equal(res.status_code, 200) self.node_settings.reload() self.project.reload() # Folder was set assert_equal(self.node_settings.folder_path, 'Google Drive/ My Folder') # A log event was created last_log = self.project.logs[-1] assert_equal(last_log.action, 'googledrive_folder_selected') params = last_log.params assert_equal(params['folder'], ' My Folder') def test_googledrive_import_user_auth(self): url = self.project.api_url_for('googledrive_import_user_auth', auth=self.user.auth) self.app.put_json(url, {'external_account_id': self.account._id}) self.node_settings.reload() assert_equal(self.node_settings.external_account, self.account) def test_googledrive_remove_user_auth(self): self.node_settings.set_auth(external_account=self.account, user=self.user) self.node_settings.save() assert_equal(self.node_settings.external_account, self.account) url = self.project.api_url_for('googledrive_remove_user_auth', auth=self.user.auth) self.app.delete(url) self.node_settings.reload() assert_equal(self.node_settings.external_account, None)