class PasswordCollectionRESTView(object):
def __init__(self, request):
self.request = request
self.passwords_manager = PasswordsManager(request.db)
@view_config(request_method='OPTIONS', renderer='string')
def options(self):
headers = self.request.response.headers
headers['Access-Control-Allow-Methods'] = 'GET, POST'
headers['Access-Control-Allow-Headers'] = ('Origin, Content-Type, '
'Accept, Authorization')
return ''
@view_config(request_method='GET')
def get(self):
user = authorize_user(self.request)
return list(self.passwords_manager.retrieve(user))
@view_config(request_method='POST')
def post(self):
user = authorize_user(self.request)
password, errors = validate_password(self.request.body,
self.request.charset)
if errors:
result = {'message': ','.join(errors)}
return HTTPBadRequest(body=json.dumps(result),
content_type='application/json')
return self.passwords_manager.create(user, password)
def backups_import(request):
response = HTTPFound(location=request.route_path('backups_index'))
if 'passwords-file' in request.POST:
passwords_field = request.POST['passwords-file']
if passwords_field != '':
try:
json_data = uncompress(passwords_field.file.read())
passwords_manager = PasswordsManager(request.db)
passwords_manager.delete(request.user)
passwords_manager.create(request.user, json_data)
except (IOError, ValueError):
request.session.flash(
_('There was a problem reading your passwords file'),
'error')
return response
n_passwords = len(json_data)
localizer = get_localizer(request)
msg = localizer.pluralize(
_('Congratulations, ${n_passwords} password has been imported'),
_('Congratulations, ${n_passwords} passwords have been imported'),
n_passwords,
domain=translation_domain,
mapping={'n_passwords': n_passwords},
)
request.session.flash(msg, 'success')
else:
request.session.flash(
_('The passwords file is required to upload the passwords'),
'error')
return response
else:
request.session.flash(
_('The passwords file is required to upload the passwords'),
'error')
return response
return response
class PasswordsManagerTests(unittest.TestCase):
def setUp(self):
self.config = testing.setUp()
mdb = MongoDB(MONGO_URI)
self.db = mdb.get_database()
self.pm = PasswordsManager(self.db)
self.user_id = self.db.users.insert({'name': 'John'}, safe=True)
self.user = self.db.users.find_one({'_id': self.user_id}, safe=True)
def tearDown(self):
testing.tearDown()
self.db.drop_collection('users')
self.db.drop_collection('passwords')
def test_create(self):
n_passwords = self.db.passwords.count()
password = {'secret': 'secret1'}
created_password = self.pm.create(self.user, password)
self.assertEqual(created_password['owner'], self.user_id)
self.assertTrue('_id' in created_password)
self.assertEqual(n_passwords + 1, self.db.passwords.count())
def test_retrieve(self):
p1 = self.db.passwords.insert({
'secret': 'secret1',
'owner': self.user_id,
}, safe=True)
password = self.pm.retrieve(self.user, p1)
self.assertEqual(password, {
'secret': 'secret1',
'owner': self.user_id,
'_id': p1,
})
p2 = self.db.passwords.insert({
'secret': 'secret2',
'owner': self.user_id,
}, safe=True)
passwords = self.pm.retrieve(self.user)
self.assertEqual(list(passwords), [{
'secret': 'secret1',
'owner': self.user_id,
'_id': p1,
}, {
'secret': 'secret2',
'owner': self.user_id,
'_id': p2,
}])
def test_update(self):
p1 = self.db.passwords.insert({
'secret': 'secret1',
'owner': self.user_id,
}, safe=True)
new_password = {'secret': 'new secret'}
updated_password = self.pm.update(self.user, p1, new_password)
self.assertEqual(updated_password, {
'_id': p1,
'owner': self.user_id,
'secret': 'new secret',
})
fake_user = {'_id': '000000000000000000000000'}
new_password['secret'] = 'another secret'
updated_password = self.pm.update(fake_user, p1, new_password)
self.assertEqual(None, updated_password)
def test_delete(self):
p1 = self.db.passwords.insert({
'secret': 'secret1',
'owner': self.user_id,
}, safe=True)
n_passwords = self.db.passwords.count()
self.assertTrue(self.pm.delete(self.user, p1))
self.assertEqual(n_passwords - 1, self.db.passwords.count())
password = self.db.passwords.find_one({'_id': p1}, safe=True)
self.assertEqual(None, password)
p1 = self.db.passwords.insert({
'secret': 'secret1',
'owner': self.user_id,
}, safe=True)
p2 = self.db.passwords.insert({
'secret': 'secret2',
'owner': self.user_id,
}, safe=True)
n_passwords = self.db.passwords.count()
self.assertTrue(self.pm.delete(self.user))
self.assertEqual(n_passwords - 2, self.db.passwords.count())
password1 = self.db.passwords.find_one({'_id': p1}, safe=True)
self.assertEqual(None, password1)
password2 = self.db.passwords.find_one({'_id': p2}, safe=True)
self.assertEqual(None, password2)
class PasswordsManagerTests(unittest.TestCase):
def setUp(self):
self.config = testing.setUp()
mdb = MongoDB(MONGO_URI)
self.db = mdb.get_database()
self.pm = PasswordsManager(self.db)
self.user_id = self.db.users.insert({'name': 'John'})
self.user = self.db.users.find_one({'_id': self.user_id})
def tearDown(self):
testing.tearDown()
clean_db(self.db)
def test_create(self):
n_passwords = self.db.passwords.count()
result = self.pm.create(self.user, {})
self.assertEqual(result, None)
self.assertEqual(n_passwords, self.db.passwords.count())
password = {'secret': 'secret1'}
created_password = self.pm.create(self.user, password)
self.assertEqual(created_password['owner'], self.user_id)
self.assertTrue('_id' in created_password)
self.assertEqual(n_passwords + 1, self.db.passwords.count())
result = self.pm.create(self.user, [])
self.assertEqual(result, None)
self.assertEqual(n_passwords + 1, self.db.passwords.count())
result = self.pm.create(self.user, [{}])
self.assertEqual(result, None)
self.assertEqual(n_passwords + 1, self.db.passwords.count())
passwords = [{
'secret1': 'abc',
}, {
'secret2': 'def',
}, {
'secret3': 'ghi',
}]
created_passwords = self.pm.create(self.user, passwords)
self.assertEqual(created_passwords[0]['owner'], self.user_id)
self.assertEqual(created_passwords[1]['owner'], self.user_id)
self.assertEqual(created_passwords[2]['owner'], self.user_id)
self.assertTrue('_id' in created_passwords[0])
self.assertTrue('_id' in created_passwords[1])
self.assertTrue('_id' in created_passwords[2])
self.assertEqual(n_passwords + 4, self.db.passwords.count())
def test_retrieve(self):
p1 = self.db.passwords.insert({
'secret': 'secret1',
'owner': self.user_id,
})
password = self.pm.retrieve(self.user, p1)
self.assertEqual(password, {
'secret': 'secret1',
'owner': self.user_id,
'_id': p1,
})
p2 = self.db.passwords.insert({
'secret': 'secret2',
'owner': self.user_id,
})
passwords = self.pm.retrieve(self.user)
self.assertEqual(list(passwords), [{
'secret': 'secret1',
'owner': self.user_id,
'_id': p1,
}, {
'secret': 'secret2',
'owner': self.user_id,
'_id': p2,
}])
def test_update(self):
p1 = self.db.passwords.insert({
'secret': 'secret1',
'owner': self.user_id,
})
new_password = {'secret': 'new secret'}
updated_password = self.pm.update(self.user, p1, new_password)
self.assertEqual(updated_password, {
'_id': p1,
'owner': self.user_id,
'secret': 'new secret',
})
fake_user = {'_id': '000000000000000000000000'}
new_password['secret'] = 'another secret'
updated_password = self.pm.update(fake_user, p1, new_password)
self.assertEqual(None, updated_password)
def test_delete(self):
p1 = self.db.passwords.insert({
'secret': 'secret1',
'owner': self.user_id,
})
n_passwords = self.db.passwords.count()
self.assertTrue(self.pm.delete(self.user, p1))
self.assertEqual(n_passwords - 1, self.db.passwords.count())
password = self.db.passwords.find_one({'_id': p1})
self.assertEqual(None, password)
p1 = self.db.passwords.insert({
'secret': 'secret1',
'owner': self.user_id,
})
p2 = self.db.passwords.insert({
'secret': 'secret2',
'owner': self.user_id,
})
n_passwords = self.db.passwords.count()
self.assertTrue(self.pm.delete(self.user))
self.assertEqual(n_passwords - 2, self.db.passwords.count())
password1 = self.db.passwords.find_one({'_id': p1})
self.assertEqual(None, password1)
password2 = self.db.passwords.find_one({'_id': p2})
self.assertEqual(None, password2)