def test_unit__disable_user___ok__nominal_case(self, session, app_config): api = UserApi(current_user=None, session=session, config=app_config) profile = Profile.USER user = api.create_user( email="*****@*****.**", password="******", name="bob", profile=profile, timezone="Europe/Paris", do_save=True, do_notify=False, ) user2 = api.create_user( email="*****@*****.**", password="******", name="bob2", profile=profile, timezone="Europe/Paris", do_save=True, do_notify=False, ) api2 = UserApi(current_user=user, session=session, config=app_config) api2.disable(user2) updated_user2 = api.get_one(user2.user_id) assert updated_user2.is_active is False assert updated_user2.user_id == user2.user_id assert updated_user2.email == user2.email
def test_unit__disable_user___err__user_cant_disable_itself(self): api = UserApi( current_user=None, session=self.session, config=self.app_config, ) gapi = GroupApi( current_user=None, session=self.session, config=self.app_config, ) groups = [gapi.get_one_with_name('users')] user = api.create_user( email='*****@*****.**', password='******', name='bob', groups=groups, timezone='Europe/Paris', do_save=True, do_notify=False, ) api2 = UserApi(current_user=user, session=self.session, config=self.app_config) from tracim_backend.exceptions import UserCantDisableHimself with pytest.raises(UserCantDisableHimself): api2.disable(user)
def test_api__try_whoami_enpoint__err_401__user_is_not_active(self): dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User).filter(User.email == "*****@*****.**").one() uapi = UserApi(current_user=admin, session=dbsession, config=self.app_config) gapi = GroupApi(current_user=admin, session=dbsession, config=self.app_config) groups = [gapi.get_one_with_name("users")] test_user = uapi.create_user( email="*****@*****.**", password="******", name="bob", groups=groups, timezone="Europe/Paris", lang="en", do_save=True, do_notify=False, ) uapi.save(test_user) uapi.disable(test_user) transaction.commit() self.testapp.authorization = ("Basic", ("*****@*****.**", "password")) res = self.testapp.get("/api/v2/auth/whoami", status=401) assert isinstance(res.json, dict) assert "code" in res.json.keys() # INFO - G.M - 2018-09-10 - Handled by marshmallow_schema assert res.json_body["code"] is None assert "message" in res.json.keys() assert "details" in res.json.keys()
def test_unit__disable_user___ok__nominal_case(self): api = UserApi(current_user=None, session=self.session, config=self.app_config) gapi = GroupApi(current_user=None, session=self.session, config=self.app_config) groups = [gapi.get_one_with_name("users")] user = api.create_user( email="*****@*****.**", password="******", name="bob", groups=groups, timezone="Europe/Paris", do_save=True, do_notify=False, ) user2 = api.create_user( email="*****@*****.**", password="******", name="bob2", groups=groups, timezone="Europe/Paris", do_save=True, do_notify=False, ) api2 = UserApi(current_user=user, session=self.session, config=self.app_config) api2.disable(user2) updated_user2 = api.get_one(user2.user_id) assert updated_user2.is_active is False assert updated_user2.user_id == user2.user_id assert updated_user2.email == user2.email
def test_unit__disable_user___err__user_cant_disable_itself(self): api = UserApi( current_user=None, session=self.session, config=self.app_config, ) gapi = GroupApi( current_user=None, session=self.session, config=self.app_config, ) groups = [gapi.get_one_with_name('users')] user = api.create_user( email='*****@*****.**', password='******', name='bob', groups=groups, timezone='Europe/Paris', do_save=True, do_notify=False, ) api2 = UserApi(current_user=user,session=self.session, config=self.app_config) from tracim_backend.exceptions import UserCantDisableHimself with pytest.raises(UserCantDisableHimself): api2.disable(user)
def disable_user(self, context, request: TracimRequest, hapic_data=None): """ disable user """ app_config = request.registry.settings["CFG"] # type: CFG uapi = UserApi( current_user=request.current_user, session=request.dbsession, config=app_config # User ) uapi.disable(user=request.candidate_user, do_save=True) return
def disable_user(self, context, request: TracimRequest, hapic_data=None): """ disable user """ app_config = request.registry.settings['CFG'] uapi = UserApi( current_user=request.current_user, # User session=request.dbsession, config=app_config, ) uapi.disable(user=request.candidate_user, do_save=True) return
def test_unit__authenticate_user___err__user_not_active(self): api = UserApi(current_user=None, session=self.session, config=self.app_config) gapi = GroupApi(current_user=None, session=self.session, config=self.app_config) groups = [gapi.get_one_with_name("users")] user = api.create_user( email="*****@*****.**", password="******", name="bob", groups=groups, timezone="Europe/Paris", do_save=True, do_notify=False, ) api.disable(user) with pytest.raises(AuthenticationFailed): api.authenticate("*****@*****.**", "*****@*****.**")
def test_unit__authenticate_user___err__user_not_active(self, session, app_config): api = UserApi(current_user=None, session=session, config=app_config) profile = Profile.USER user = api.create_user( email="*****@*****.**", password="******", name="bob", profile=profile, timezone="Europe/Paris", do_save=True, do_notify=False, ) api.disable(user) with pytest.raises(AuthenticationFailed): api.authenticate("*****@*****.**", "*****@*****.**")
def test_api__try_whoami_enpoint__err_401__user_is_not_active(self): dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User) \ .filter(User.email == '*****@*****.**') \ .one() uapi = UserApi( current_user=admin, session=dbsession, config=self.app_config, ) gapi = GroupApi( current_user=admin, session=dbsession, config=self.app_config, ) groups = [gapi.get_one_with_name('users')] test_user = uapi.create_user( email='*****@*****.**', password='******', name='bob', groups=groups, timezone='Europe/Paris', lang='en', do_save=True, do_notify=False, ) uapi.save(test_user) uapi.disable(test_user) transaction.commit() self.testapp.authorization = ( 'Basic', ( '*****@*****.**', 'password' ) ) res = self.testapp.get('/api/v2/auth/whoami', status=401) assert isinstance(res.json, dict) assert 'code' in res.json.keys() # INFO - G.M - 2018-09-10 - Handled by marshmallow_schema assert res.json_body['code'] is None assert 'message' in res.json.keys() assert 'details' in res.json.keys()
def test_unit__disable_user___err__user_cant_disable_itself(self, session, app_config): api = UserApi(current_user=None, session=session, config=app_config) profile = Profile.USER user = api.create_user( email="*****@*****.**", password="******", name="bob", profile=profile, timezone="Europe/Paris", do_save=True, do_notify=False, ) api2 = UserApi(current_user=user, session=session, config=app_config) from tracim_backend.exceptions import UserCantDisableHimself with pytest.raises(UserCantDisableHimself): api2.disable(user)
def test_api__try_login_enpoint__err_401__user_not_activated(self): dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(models.User) \ .filter(models.User.email == '*****@*****.**') \ .one() uapi = UserApi( current_user=admin, session=dbsession, config=self.app_config, ) gapi = GroupApi( current_user=admin, session=dbsession, config=self.app_config, ) groups = [gapi.get_one_with_name('users')] test_user = uapi.create_user( email='*****@*****.**', password='******', name='bob', groups=groups, timezone='Europe/Paris', do_save=True, do_notify=False, ) uapi.save(test_user) uapi.disable(test_user) transaction.commit() params = { 'email': '*****@*****.**', 'password': '******', } res = self.testapp.post_json( '/api/v2/auth/login', params=params, status=403, ) assert res.json_body assert 'code' in res.json_body assert res.json_body['code'] == error.AUTHENTICATION_FAILED
def test_api__try_login_enpoint__err_401__user_not_activated(self): dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User) \ .filter(User.email == '*****@*****.**') \ .one() uapi = UserApi( current_user=admin, session=dbsession, config=self.app_config, ) gapi = GroupApi( current_user=admin, session=dbsession, config=self.app_config, ) groups = [gapi.get_one_with_name('users')] test_user = uapi.create_user( email='*****@*****.**', password='******', name='bob', groups=groups, timezone='Europe/Paris', do_save=True, do_notify=False, ) uapi.save(test_user) uapi.disable(test_user) transaction.commit() params = { 'email': '*****@*****.**', 'password': '******', } res = self.testapp.post_json( '/api/v2/auth/login', params=params, status=403, ) assert res.json_body assert 'code' in res.json_body assert res.json_body['code'] == error.AUTHENTICATION_FAILED
def test_unit__disable_user___ok__nominal_case(self): api = UserApi( current_user=None, session=self.session, config=self.app_config, ) gapi = GroupApi( current_user=None, session=self.session, config=self.app_config, ) groups = [gapi.get_one_with_name('users')] user = api.create_user( email='*****@*****.**', password='******', name='bob', groups=groups, timezone='Europe/Paris', do_save=True, do_notify=False, ) user2 = api.create_user( email='*****@*****.**', password='******', name='bob2', groups=groups, timezone='Europe/Paris', do_save=True, do_notify=False, ) api2 = UserApi(current_user=user, session=self.session, config=self.app_config) from tracim_backend.exceptions import UserCantDisableHimself api2.disable(user2) updated_user2 = api.get_one(user2.user_id) assert updated_user2.is_active == False assert updated_user2.user_id == user2.user_id assert updated_user2.email == user2.email
def test_api__try_whoami_enpoint__err_401__user_is_not_active(self): dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User) \ .filter(User.email == '*****@*****.**') \ .one() uapi = UserApi( current_user=admin, session=dbsession, config=self.app_config, ) gapi = GroupApi( current_user=admin, session=dbsession, config=self.app_config, ) groups = [gapi.get_one_with_name('users')] test_user = uapi.create_user( email='*****@*****.**', password='******', name='bob', groups=groups, timezone='Europe/Paris', do_save=True, do_notify=False, ) uapi.save(test_user) uapi.disable(test_user) transaction.commit() headers_auth = { 'Tracim-Api-Key': 'mysuperapikey', 'Tracim-Api-Login': '******', } res = self.testapp.get( '/api/v2/auth/whoami', status=401, headers=headers_auth ) assert isinstance(res.json, dict) assert 'code' in res.json.keys() assert res.json_body['code'] is None
def test_api__try_whoami_enpoint__err_401__user_is_not_active(self): dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(models.User) \ .filter(models.User.email == '*****@*****.**') \ .one() uapi = UserApi( current_user=admin, session=dbsession, config=self.app_config, ) gapi = GroupApi( current_user=admin, session=dbsession, config=self.app_config, ) groups = [gapi.get_one_with_name('users')] test_user = uapi.create_user( email='*****@*****.**', password='******', name='bob', groups=groups, timezone='Europe/Paris', do_save=True, do_notify=False, ) uapi.save(test_user) uapi.disable(test_user) transaction.commit() headers_auth = { 'Tracim-Api-Key': 'mysuperapikey', 'Tracim-Api-Login': '******', } res = self.testapp.get('/api/v2/auth/whoami', status=401, headers=headers_auth) assert isinstance(res.json, dict) assert 'code' in res.json.keys() assert res.json_body['code'] is None
def test_api__try_whoami_enpoint__err_401__user_is_not_active(self): dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(models.User) \ .filter(models.User.email == '*****@*****.**') \ .one() uapi = UserApi( current_user=admin, session=dbsession, config=self.app_config, ) gapi = GroupApi( current_user=admin, session=dbsession, config=self.app_config, ) groups = [gapi.get_one_with_name('users')] test_user = uapi.create_user( email='*****@*****.**', password='******', name='bob', groups=groups, timezone='Europe/Paris', lang='en', do_save=True, do_notify=False, ) uapi.save(test_user) uapi.disable(test_user) transaction.commit() self.testapp.authorization = ('Basic', ('*****@*****.**', 'pass')) res = self.testapp.get('/api/v2/auth/whoami', status=401) assert isinstance(res.json, dict) assert 'code' in res.json.keys() # INFO - G.M - 2018-09-10 - Handled by marshmallow_schema assert res.json_body['code'] is None assert 'message' in res.json.keys() assert 'details' in res.json.keys()
def test_unit__disable_user___ok__nominal_case(self): api = UserApi( current_user=None, session=self.session, config=self.app_config, ) gapi = GroupApi( current_user=None, session=self.session, config=self.app_config, ) groups = [gapi.get_one_with_name('users')] user = api.create_user( email='*****@*****.**', password='******', name='bob', groups=groups, timezone='Europe/Paris', do_save=True, do_notify=False, ) user2 = api.create_user( email='*****@*****.**', password='******', name='bob2', groups=groups, timezone='Europe/Paris', do_save=True, do_notify=False, ) api2 = UserApi(current_user=user,session=self.session, config=self.app_config) from tracim_backend.exceptions import UserCantDisableHimself api2.disable(user2) updated_user2 = api.get_one(user2.user_id) assert updated_user2.is_active == False assert updated_user2.user_id == user2.user_id assert updated_user2.email == user2.email
def test_api__try_whoami_enpoint__err_401__remote_user_is_not_active(self): dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User).filter(User.email == "*****@*****.**").one() uapi = UserApi(current_user=admin, session=dbsession, config=self.app_config) gapi = GroupApi(current_user=admin, session=dbsession, config=self.app_config) groups = [gapi.get_one_with_name("users")] test_user = uapi.create_user( email="*****@*****.**", password="******", name="bob", groups=groups, timezone="Europe/Paris", do_save=True, do_notify=False, ) uapi.save(test_user) uapi.disable(test_user) transaction.commit() extra_environ = {"REMOTE_USER": "******"} res = self.testapp.get("/api/v2/auth/whoami", status=401, extra_environ=extra_environ) assert isinstance(res.json, dict) assert "code" in res.json.keys() assert res.json_body["code"] is None
def test_api__try_login_enpoint__err_401__user_not_activated(self): dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(User).filter(User.email == "*****@*****.**").one() uapi = UserApi(current_user=admin, session=dbsession, config=self.app_config) gapi = GroupApi(current_user=admin, session=dbsession, config=self.app_config) groups = [gapi.get_one_with_name("users")] test_user = uapi.create_user( email="*****@*****.**", password="******", name="bob", groups=groups, timezone="Europe/Paris", do_save=True, do_notify=False, ) uapi.save(test_user) uapi.disable(test_user) transaction.commit() params = {"email": "*****@*****.**", "password": "******"} res = self.testapp.post_json("/api/v2/auth/login", params=params, status=403) assert res.json_body assert "code" in res.json_body assert res.json_body["code"] == ErrorCode.AUTHENTICATION_FAILED
def test_unit__authenticate_user___err__user_not_active(self): api = UserApi( current_user=None, session=self.session, config=self.app_config, ) gapi = GroupApi( current_user=None, session=self.session, config=self.app_config, ) groups = [gapi.get_one_with_name('users')] user = api.create_user( email='*****@*****.**', password='******', name='bob', groups=groups, timezone='Europe/Paris', do_save=True, do_notify=False, ) api.disable(user) with pytest.raises(AuthenticationFailed): api.authenticate('*****@*****.**', '*****@*****.**')