class TestDisableSpamUser(AdminTestCase): def setUp(self): self.user = UserFactory() self.public_node = ProjectFactory(creator=self.user, is_public=True) self.public_node = ProjectFactory(creator=self.user, is_public=False) self.request = RequestFactory().post('/fake_path') self.view = SpamUserDeleteView() self.view = setup_log_view(self.view, self.request, guid=self.user._id) def test_get_object(self): obj = self.view.get_object() nt.assert_is_instance(obj, User) def test_get_context(self): res = self.view.get_context_data(object=self.user) nt.assert_in('guid', res) nt.assert_equal(res.get('guid'), self.user._id) def test_disable_spam_user(self): settings.ENABLE_EMAIL_SUBSCRIPTIONS = False count = OSFLogEntry.objects.count() self.view.delete(self.request) self.user.reload() self.public_node.reload() nt.assert_true(self.user.is_disabled) nt.assert_false(self.public_node.is_public) nt.assert_equal(OSFLogEntry.objects.count(), count + 3) def test_no_user(self): view = setup_view(UserDeleteView(), self.request, guid='meh') with nt.assert_raises(Http404): view.delete(self.request)
class TestMigrateMailingLists(OsfTestCase): def setUp(self): super(TestMigrateMailingLists, self).setUp() self.user1 = UserFactory(mailing_lists={'mail': True}) self.user2 = UserFactory(mailing_lists={'mail': False}) self.user3 = UserFactory() self.user1.save() self.user2.save() def test_get_users_with_mailing_lists(self): users_with_mailing_list_ids = [user._id for user in get_users_with_no_mailchimp_mailing_lists()] assert_equal(len(users_with_mailing_list_ids), 2) assert_true(self.user1._id in users_with_mailing_list_ids) assert_true(self.user2._id in users_with_mailing_list_ids) assert_false(self.user3._id in users_with_mailing_list_ids) def test_migration_of_mailing_lists(self): assert_equal(self.user1.mailchimp_mailing_lists, {}) assert_equal(self.user2.mailchimp_mailing_lists, {}) main() self.user1.reload() self.user2.reload() assert_true(self.user1.mailchimp_mailing_lists.get(u'mail')) assert_false(self.user2.mailchimp_mailing_lists.get(u'mail'))
class TestMigrateMailingLists(OsfTestCase): def setUp(self): super(TestMigrateMailingLists, self).setUp() self.user1 = UserFactory(mailing_lists={'mail': True}) self.user2 = UserFactory(mailing_lists={'mail': False}) self.user3 = UserFactory() self.user1.save() self.user2.save() def test_get_users_with_mailing_lists(self): users_with_mailing_list_ids = [ user._id for user in get_users_with_no_mailchimp_mailing_lists() ] assert_equal(len(users_with_mailing_list_ids), 2) assert_true(self.user1._id in users_with_mailing_list_ids) assert_true(self.user2._id in users_with_mailing_list_ids) assert_false(self.user3._id in users_with_mailing_list_ids) def test_migration_of_mailing_lists(self): assert_equal(self.user1.mailchimp_mailing_lists, {}) assert_equal(self.user2.mailchimp_mailing_lists, {}) main() self.user1.reload() self.user2.reload() assert_true(self.user1.mailchimp_mailing_lists.get(u'mail')) assert_false(self.user2.mailchimp_mailing_lists.get(u'mail'))
class TestDisableUser(AdminTestCase): def setUp(self): self.user = UserFactory() self.request = RequestFactory().post('/fake_path') self.view = UserDeleteView() self.view = setup_log_view(self.view, self.request, guid=self.user._id) def test_get_object(self): obj = self.view.get_object() nt.assert_is_instance(obj, User) def test_get_context(self): res = self.view.get_context_data(object=self.user) nt.assert_in('guid', res) nt.assert_equal(res.get('guid'), self.user._id) def test_disable_user(self): settings.ENABLE_EMAIL_SUBSCRIPTIONS = False count = OSFLogEntry.objects.count() self.view.delete(self.request) self.user.reload() nt.assert_true(self.user.is_disabled) nt.assert_equal(OSFLogEntry.objects.count(), count + 1) def test_reactivate_user(self): settings.ENABLE_EMAIL_SUBSCRIPTIONS = False self.view.delete(self.request) count = OSFLogEntry.objects.count() self.view.delete(self.request) self.user.reload() nt.assert_false(self.user.is_disabled) nt.assert_equal(OSFLogEntry.objects.count(), count + 1)
def test_update_comments_viewed_timestamp_none(self): user = UserFactory() user.comments_viewed_timestamp = {} user.save() update_comments_viewed_timestamp() user.reload() assert_equal(user.comments_viewed_timestamp, {})
def test_multiple_users_associated(self): # Create only one ExternalAccount for multiple OSF users # # For some providers (ex: GitHub), the act of completing the OAuth flow # revokes previously generated credentials. In addition, there is often no # way to know the user's id on the external service until after the flow # has completed. # # Having only one ExternalAccount instance per account on the external # service means that connecting subsequent OSF users to the same external # account will not invalidate the credentials used by the OSF for users # already associated. user_a = UserFactory() external_account = ExternalAccountFactory( provider='mock2', provider_id='mock_provider_id', provider_name='Mock Provider', ) user_a.external_accounts.append(external_account) user_a.save() user_b = UserFactory() # Mock the exchange of the code for an access token _prepare_mock_oauth2_handshake_response() # Fake a request context for the callback with self.app.app.test_request_context( path="/oauth/callback/mock2/", query_string="code=mock_code&state=mock_state" ) as ctx: # make sure the user is logged in authenticate(user=user_b, access_token=None, response=None) session = get_session() session.data['oauth_states'] = { self.provider.short_name: { 'state': 'mock_state', }, } session.save() # do the key exchange self.provider.auth_callback(user=user_b) user_a.reload() user_b.reload() external_account.reload() assert_equal( user_a.external_accounts, user_b.external_accounts, ) assert_equal( ExternalAccount.find().count(), 1 )
def test_dry_run_does_not_save_to_user(self, mock_send_mail): user = UserFactory() send_retraction_and_embargo_addition_message(user, MESSAGE_NAME, MAILER, dry_run=True) user.reload() assert_not_in(MESSAGE_NAME, user.security_messages)
def test_update_comments_viewed_timestamp(self): user = UserFactory() timestamp = datetime.utcnow().replace(microsecond=0) user.comments_viewed_timestamp = {'abc123': timestamp} user.save() update_comments_viewed_timestamp() user.reload() assert_equal(user.comments_viewed_timestamp, {'abc123': {'node': timestamp}})
def test_multiple_users_associated(self): # Create only one ExternalAccount for multiple OSF users # # For some providers (ex: GitHub), the act of completing the OAuth flow # revokes previously generated credentials. In addition, there is often no # way to know the user's id on the external service until after the flow # has completed. # # Having only one ExternalAccount instance per account on the external # service means that connecting subsequent OSF users to the same external # account will not invalidate the credentials used by the OSF for users # already associated. user_a = UserFactory() external_account = ExternalAccountFactory( provider='mock2', provider_id='mock_provider_id', provider_name='Mock Provider', ) user_a.external_accounts.append(external_account) user_a.save() user_b = UserFactory() # Mock the exchange of the code for an access token _prepare_mock_oauth2_handshake_response() # Fake a request context for the callback with self.app.app.test_request_context( path="/oauth/callback/mock2/", query_string="code=mock_code&state=mock_state" ) as ctx: # make sure the user is logged in authenticate(user=user_b, access_token=None, response=None) session.data['oauth_states'] = { self.provider.short_name: { 'state': 'mock_state', }, } session.save() # do the key exchange self.provider.auth_callback(user=user_b) user_a.reload() user_b.reload() external_account.reload() assert_equal( user_a.external_accounts, user_b.external_accounts, ) assert_equal( ExternalAccount.find().count(), 1 )
def test_was_not_invited(self): referrer = UserFactory() node = NodeFactory(creator=referrer) user = UserFactory() node.add_contributor(user, auth=Auth(referrer)) assert_false(is_invited(user)) user.is_invited = None user.save() main(dry_run=False) user.reload() assert_false(user.is_invited)
def test_update_comments_viewed_timestamp(self): user = UserFactory() timestamp = datetime.utcnow().replace(microsecond=0) user.comments_viewed_timestamp = {'abc123': timestamp} user.save() update_comments_viewed_timestamp() user.reload() assert_equal(user.comments_viewed_timestamp, {'abc123': { 'node': timestamp }})
def test_disconnect_with_multiple_connected(self): # Disconnect an account connected to multiple users from one user external_account = ExternalAccountFactory( provider='mock2', provider_id='mock_provider_id', provider_name='Mock Provider', ) self.user.external_accounts.append(external_account) self.user.save() other_user = UserFactory() other_user.external_accounts.append(external_account) other_user.save() response = self.app.delete( api_url_for('oauth_disconnect', external_account_id=external_account._id), auth=self.user.auth ) # Request succeeded assert_equal( response.status_code, http.OK, ) self.user.reload() # External account has been disassociated with the user assert_not_in( external_account, self.user.external_accounts, ) # External account is still in the database assert_equal(ExternalAccount.find().count(), 1) other_user.reload() # External account is still associated with the other user assert_in( external_account, other_user.external_accounts, )
def test_update_comments_viewed_timestamp(self): user = UserFactory() timestamp = timezone.now().replace(microsecond=0) user.comments_viewed_timestamp = { 'node_id': { 'node': timestamp, 'files': { 'file_id_1': timestamp, 'file_id_2': timestamp, } } } user.save() update_comments_viewed_timestamp() user.reload() assert_equal(user.comments_viewed_timestamp, { 'node_id': timestamp, 'file_id_1': timestamp, 'file_id_2': timestamp })
class TestForgotPassword(OsfTestCase): def setUp(self): super(TestForgotPassword, self).setUp() self.user = UserFactory() self.auth_user = AuthUserFactory() self.get_url = web_url_for('forgot_password_get') self.post_url = web_url_for('forgot_password_post') self.user.verification_key_v2 = {} self.user.save() # log users out before they land on forgot password page def test_forgot_password_logs_out_user(self): # visit forgot password link while another user is logged in res = self.app.get(self.get_url, auth=self.auth_user.auth) # check redirection to CAS logout assert_equal(res.status_code, 302) location = res.headers.get('Location') assert_not_in('reauth', location) assert_in('logout?service=', location) assert_in('forgotpassword', location) # test that forgot password page is loaded correctly def test_get_forgot_password(self): res = self.app.get(self.get_url) assert_equal(res.status_code, 200) assert_in('Forgot Password', res.body) assert_in('forgotPasswordForm', res.forms) # test that existing user can receive reset password email @mock.patch('framework.auth.views.mails.send_mail') def test_can_receive_reset_password_email(self, mock_send_mail): # load forgot password page and submit email res = self.app.get(self.get_url) form = res.forms['forgotPasswordForm'] form['forgot_password-email'] = self.user.username res = form.submit() # check mail was sent assert_true(mock_send_mail.called) # check http 200 response assert_equal(res.status_code, 200) # check request URL is /forgotpassword assert_equal(res.request.path, self.post_url) # check push notification assert_in_html('If there is an OSF account', res) assert_not_in_html('Please wait', res) # check verification_key_v2 is set self.user.reload() assert_not_equal(self.user.verification_key_v2, {}) # test that non-existing user cannot receive reset password email @mock.patch('framework.auth.views.mails.send_mail') def test_cannot_receive_reset_password_email(self, mock_send_mail): # load forgot password page and submit email res = self.app.get(self.get_url) form = res.forms['forgotPasswordForm'] form['forgot_password-email'] = 'fake' + self.user.username res = form.submit() # check mail was not sent assert_false(mock_send_mail.called) # check http 200 response assert_equal(res.status_code, 200) # check request URL is /forgotpassword assert_equal(res.request.path, self.post_url) # check push notification assert_in_html('If there is an OSF account', res) assert_not_in_html('Please wait', res) # check verification_key_v2 is not set self.user.reload() assert_equal(self.user.verification_key_v2, {}) # test that user cannot submit forgot password request too quickly @mock.patch('framework.auth.views.mails.send_mail') def test_cannot_reset_password_twice_quickly(self, mock_send_mail): # load forgot password page and submit email res = self.app.get(self.get_url) form = res.forms['forgotPasswordForm'] form['forgot_password-email'] = self.user.username res = form.submit() res = form.submit() # check http 200 response assert_equal(res.status_code, 200) # check push notification assert_in_html('Please wait', res) assert_not_in_html('If there is an OSF account', res)
class TestForgotPassword(OsfTestCase): def setUp(self): super(TestForgotPassword, self).setUp() self.user = UserFactory() self.get_url = web_url_for('forgot_password_get') self.post_url = web_url_for('forgot_password_post') self.user.verification_key = None # test that forgot password page is loaded correctly def test_get_forgot_password(self): res = self.app.get(self.get_url) assert_equal(res.status_code, 200) assert_in('Forgot Password', res.body) assert_in('forgotPasswordForm', res.forms) # Regression test for https://github.com/CenterForOpenScience/osf.io/issues/1320 # test that existing user can receive reset password email @mock.patch('framework.auth.views.mails.send_mail') def test_can_receive_reset_password_email(self, mock_send_mail): # load forgot password page and submit email res = self.app.get(self.get_url) form = res.forms['forgotPasswordForm'] form['forgot_password-email'] = self.user.username res = form.submit() # check mail was sent assert_true(mock_send_mail.called) # check http 200 response assert_equal(res.status_code, 200) # check request URL is /forgotpassword assert_equal(res.request.path, self.post_url) # check push notification assert_in_html('If there is an OSF account', res) assert_not_in_html('Please wait', res) # check verification_key(OSF) is set self.user.reload() assert_not_equal(self.user.verification_key, None) # test that non-existing user cannot receive reset password email @mock.patch('framework.auth.views.mails.send_mail') def test_cannot_receive_reset_password_email(self, mock_send_mail): # load forgot password page and submit email res = self.app.get(self.get_url) form = res.forms['forgotPasswordForm'] form['forgot_password-email'] = 'fake' + self.user.username res = form.submit() # check mail was not sent assert_false(mock_send_mail.called) # check http 200 response assert_equal(res.status_code, 200) # check request URL is /forgotpassword assert_equal(res.request.path, self.post_url) # check push notification assert_in_html('If there is an OSF account', res) assert_not_in_html('Please wait', res) # check verification_key(OSF) is not set self.user.reload() assert_equal(self.user.verification_key, None) # test that user cannot submit forgot password request too quickly @mock.patch('framework.auth.views.mails.send_mail') def test_cannot_reset_password_twice_quickly(self, mock_send_mail): # load forgot password page and submit email res = self.app.get(self.get_url) form = res.forms['forgotPasswordForm'] form['forgot_password-email'] = self.user.username res = form.submit() res = form.submit() # check http 200 response assert_equal(res.status_code, 200) # check push notification assert_in_html('Please wait', res) assert_not_in_html('If there is an OSF account', res)
def test_send_mail(self, mock_send_mail): user = UserFactory() send_security_message(user, MESSAGE_NAME, SECURITY_MESSAGE) user.reload() assert_in(MESSAGE_NAME, user.security_messages)