def test_admin_creates_local(app, set_auth, client, outbox, ldap_user_info): from .factories import DatasetFactory _set_config(admin_email='*****@*****.**') create_user('ze_admin', ['admin']) force_login(client, 'ze_admin') DatasetFactory() models.db.session.commit() register_page = client.get(flask.url_for('auth.admin_create_local')) register_page.form['id'] = 'foo' register_page.form['email'] = '*****@*****.**' register_page.form['password'] = '******' register_page.form['name'] = 'foo me' register_page.form['institution'] = 'foo institution' result_page = register_page.form.submit().follow() assert "User foo created successfully." in result_page foo_user = models.RegisteredUser.query.get('foo') assert foo_user.email == '*****@*****.**' assert foo_user.confirmed_at is not None assert foo_user.active assert not foo_user.is_ldap assert foo_user.password.startswith('{SSHA}') assert len(outbox) == 1 message = outbox.pop() assert 'Dear foo me,' in message.body assert '"foo"' in message.body assert '"p455w4rd"' in message.body
def test_change_ldap_password(app, set_auth, client): foo = create_user('foo') foo.is_ldap = True models.db.session.commit() force_login(client, 'foo') page = client.get(flask.url_for('auth.change_password')) assert os.environ.get('EEA_PASSWORD_RESET') in page
def test_view(app, client, set_auth, user, request_args, expect_errors, status_code): if user: create_user(user) force_login(client, user) resp = client.get(request_args, expect_errors=expect_errors) assert resp.status_code == status_code
def test_email_notification_for_role_changes(app, set_auth, client, outbox): from .factories import DatasetFactory create_user('ze_admin', ['admin']) create_user('foo', ['etc', 'stakeholder'], name="Foo Person") DatasetFactory() models.db.session.commit() force_login(client, 'ze_admin') page = client.get(flask.url_for('auth.admin_user', user_id='foo')) page.form['roles'] = ['stakeholder', 'nat'] page.form['name'] = "Foo Person" page.form['email'] = "*****@*****.**" page.form['institution'] = "Foo Institution" page.form.submit() assert len(outbox) == 0 page.form['roles'] = ['etc', 'stakeholder'] page.form['name'] = "Foo Person" page.form['email'] = "*****@*****.**" page.form['institution'] = "Foo Institution" page.form['notify_user'] = True page.form.submit() assert len(outbox) == 1 [msg] = outbox assert msg.recipients == ['*****@*****.**'] assert "* European topic center" in msg.body assert "* Stakeholder" in msg.body
def test_autofill_conclusion_form(app, client, set_auth, setup_autofill, request_args, user): create_user(user, ['stakeholder']) force_login(client, user) resp = client.get(*get_request_params('get', request_args)) form = resp.context['manual_form'] assert form.conclusion_assessment_prev.data == 'FV'
def test_get_revision(app, setup, set_auth, client): create_user('testuser', role_names=['etc']) set_user('testuser') force_login(client, 'testuser') resp = client.get('/species/summary/datasheet/get_revision/', {'revision_id': 1}) assert (resp.html.text == "The wolf was the world's most widely " "distributed mammal.")
def test_404_error(app, setup, set_auth, client, request_type, request_args, post_params): create_user('otheruser') set_user('otheruser') force_login(client, 'otheruser') resp = getattr(client, request_type)(*get_request_params(request_type, request_args, post_params), expect_errors=True) assert resp.status_code == 404
def test_add_conclusion_etc(app, client, set_auth, setup_add, request_args, post_params, user, MS, roles, model_cls): create_user(user, roles, ms=MS) force_login(client, user) resp = client.post(*get_request_params('post', request_args, post_params)) assert resp.status_code == 200 post_params.pop('submit', None) manual_ass = model_cls.query.filter_by(**post_params).one() assert manual_ass.MS == 'EU28'
def test_toggle_del(app, setup, set_auth, client): create_user('testuser') set_user('testuser') force_login(client, 'testuser') initial_value = get_instance(WikiComment, id=1).deleted or 0 client.get('/species/summary/datasheet/manage_comment/', { 'comment_id': 1, 'toggle': 'del', 'period': '5' }) assert get_instance(WikiComment, id=1).deleted == 1 - initial_value
def test_hide_adm_etc_username(app, setup, set_auth, client, roles): create_user('testuser', roles, 'Secret Name', 'Test Insitution') create_user('otheruser') set_user('otheruser') force_login(client, 'otheruser') resp = client.get('/species/summary/datasheet/', { 'period': '5', 'subject': 'Canis lupus', 'region': '' }) assert 'Secret Name' not in resp.html.name
def test_update_decision(app, client, set_auth, setup_decision, request_args, post_params, user, roles, expect_errors, status_code, success, message): create_user(user, roles) force_login(client, user) resp = client.post(*get_request_params('post', request_args, post_params), expect_errors=expect_errors) assert resp.status_code == status_code if status_code == 200: assert resp.json['success'] == success assert resp.json.get('error', '') == message
def test_data(app, client, set_auth, setup, user, request_args, exp_conclusion_fields, exp_comment_fields): create_user(user) force_login(client, user) resp = client.get(request_args) assert resp.status_code == 200 comments, conclusions = resp.html.find_all('table') comment_fields = [c.text for c in comments.find_all('td')] conclusion_fields = [c.text for c in conclusions.find_all('td')] assert comment_fields == exp_comment_fields assert conclusion_fields == exp_conclusion_fields
def test_edit_comment(app, setup, set_auth, client): create_user('testuser', role_names=['stakeholder']) set_user('testuser') force_login(client, 'testuser') client.post(*get_request_params('post', [ '/species/summary/datasheet/edit_comment/', { 'period': '5', 'subject': 'Canis lupus', 'region': '', 'comment_id': 1 } ], {'comment': 'Test edit comment.'})) assert get_instance(WikiComment, id=1).comment == 'Test edit comment.'
def test_edit_page(app, setup, set_auth, client): create_user('testuser', role_names=['etc']) set_user('testuser') force_login(client, 'testuser') client.post(*get_request_params('post', [ '/species/summary/datasheet/edit_page/', { 'period': '5', 'subject': 'Canis lupus', 'region': '' } ], {'text': 'Test edit page.'})) assert get_instance(WikiChange, id=1).active == 0 assert get_instance(WikiChange, body='Test edit page.').active == 1
def test_change_active_revision(app, setup, set_auth, client): create_user('otheruser', role_names=['etc']) set_user('otheruser') force_login(client, 'otheruser') client.post(*get_request_params('post', [ '/species/summary/datasheet/page_history/', { 'period': '5', 'subject': 'Canis lupus', 'region': '' } ], {'revision_id': 3})) assert get_instance(WikiChange, id=1).active == 0 assert get_instance(WikiChange, id=3).active == 1
def test_view_requires_admin(app, set_auth, client): from .factories import DatasetFactory create_user('ze_admin', ['admin']) create_user('foo') DatasetFactory() models.db.session.commit() admin_user_url = flask.url_for('auth.admin_user', user_id='foo') assert client.get(admin_user_url, expect_errors=True).status_code == 403 force_login(client, 'ze_admin') assert client.get(admin_user_url).status_code == 200
def test_self_registration_flow(app, set_auth, client, outbox, ldap_user_info): from .factories import DatasetFactory _set_config(admin_email='*****@*****.**') create_user('ze_admin', ['admin']) DatasetFactory() models.db.session.commit() register_page = client.get(flask.url_for('auth.register_local')) register_page.form['id'] = 'foo' register_page.form['email'] = '*****@*****.**' register_page.form['password'] = '******' register_page.form['name'] = 'foo me' register_page.form['institution'] = 'foo institution' result_page = register_page.form.submit() assert "Confirmation instructions have been sent" in result_page.text foo_user = models.RegisteredUser.query.get('foo') assert foo_user.email == '*****@*****.**' assert foo_user.confirmed_at is None assert not foo_user.active assert not foo_user.is_ldap assert foo_user.password.startswith('{SSHA}') assert len(outbox) == 1 confirm_message = outbox.pop() assert 'Dear foo me,' in confirm_message.body assert '*****@*****.**' in confirm_message.body url = confirm_message.body.splitlines()[4].strip() assert url.startswith("http://localhost/confirm/") client.get(url) foo_user = models.RegisteredUser.query.get('foo') assert foo_user.confirmed_at is not None assert foo_user.active assert len(outbox) == 1 admin_message = outbox.pop() assert admin_message.recipients == ['*****@*****.**'] assert "Local user has registered" in admin_message.body url = admin_message.body.split()[-1] assert url == 'http://localhost/auth/users/foo' force_login(client, 'ze_admin') activation_page = client.get(url) activation_page.form['active'] = False activation_page.form.submit() foo_user = models.RegisteredUser.query.get('foo') assert not foo_user.active
def test_edit_conclusion(app, client, set_auth, setup_edit, request_args, post_params, user, roles, expect_errors, status_code, search_text): create_user(user, roles) force_login(client, user) resp = client.post(*get_request_params('post', request_args, post_params), expect_errors=expect_errors) assert resp.status_code == status_code if resp.status_code == 302: resp = resp.follow() if search_text: assert search_text in resp.html.text
def test_identity_is_set_from_plone_whoami(app, set_auth, client): create_user('ze_admin', ['admin']) @app.route('/identity') def get_identity(): identity = flask.g.identity return flask.jsonify( id=identity.id, provides=sorted(list(identity.provides)), ) force_login(client, 'ze_admin') identity = client.get('/identity').json assert identity['id'] == 'ze_admin' assert identity['provides'] == [['id', 'ze_admin'], ['role', 'admin']]
def test_toggle_read(app, setup, set_auth, client): create_user('otheruser') set_user('otheruser') force_login(client, 'otheruser') def get_value(): return get_instance(WikiComment, id=1) in get_instance(RegisteredUser, id='otheruser').read_comments initial_value = get_value() client.get('/species/summary/datasheet/manage_comment/', { 'comment_id': 1, 'toggle': 'read', 'period': '5' }) assert get_value() is not initial_value
def test_read_comments(app, client, set_auth, setup_read, username, request_args, comment_cls, exp_comment_fields): user = create_user(username) force_login(client, username) comment = comment_cls(region='ALP', post_date='2014-03-20', author_id='author') models.db.session.commit() comment.readers.append(user) models.db.session.commit() resp = client.get(request_args) assert resp.status_code == 200 comment_fields = [c.text for c in resp.html.find('table').find_all('td')] assert comment_fields == exp_comment_fields
def test_count_read_comments_view(app, client, set_auth, manual_assessment_cls, comment_cls, request_args): DatasetFactory() manual_assessment_cls(region='ALP') comment = comment_cls(region='ALP') models.db.session.commit() user = create_user('someuser') comment.readers.append(user) models.db.session.commit() force_login(client, 'someuser') resp = client.get(*get_request_params('get', request_args)) assert resp.status_code == 200 assert (resp.html.find('a', { 'title': 'Comments: Read/Total' }).text.strip() == '1/1')
def test_change_local_password(app, set_auth, client): from flask.ext.security.utils import encrypt_password foo = create_user('foo') old_enc_password = encrypt_password('my old pw') foo.password = old_enc_password models.db.session.commit() set_auth.update({'user_id': 'foo'}) force_login(client, 'foo') page = client.get(flask.url_for('auth.change_password')) page.form['password'] = '******' page.form['new_password'] = '******' page.form['new_password_confirm'] = 'the new pw' confirmation_page = page.form.submit().follow() assert "password has been changed" in confirmation_page.text foo = models.RegisteredUser.query.filter_by(id='foo').first() assert foo.password != old_enc_password
def test_add_comment(app, setup, set_auth, client): create_user('newuser') set_user('newuser') force_login(client, 'newuser') request_data = ('post', [ '/species/summary/datasheet/add_comment/', { 'period': '5', 'subject': 'Canis lupus', 'region': '' } ], { 'comment': 'Test add comment.' }) client.post(*get_request_params(*request_data)) request_args = request_data[1][1] wiki = get_instance(Wiki, dataset_id=request_args['period'], assesment_speciesname=request_args['subject'], region_code=request_args['region']) assert request_data[2]['comment'] in [c.comment for c in wiki.comments]
def test_ldap_account_activation_flow(app, set_auth, client, outbox, ldap_user_info): from art17.auth.providers import set_user from .factories import DatasetFactory _set_config(admin_email='*****@*****.**') ldap_user_info['foo'] = {'email': '*****@*****.**', 'full_name': 'foo'} create_user('ze_admin', ['admin']) DatasetFactory() models.db.session.commit() @app.before_request def set_testing_user(): set_user('foo', is_ldap_user=True) register_page = client.get(flask.url_for('auth.register_ldap')) register_page.form['institution'] = 'foo institution' result_page = register_page.form.submit() assert "has been registered" in result_page.text foo_user = models.RegisteredUser.query.get('foo') assert foo_user.email == '*****@*****.**' assert foo_user.confirmed_at is not None assert foo_user.active assert foo_user.is_ldap assert len(outbox) == 1 admin_message = outbox.pop() assert admin_message.recipients == ['*****@*****.**'] assert "Eionet user has registered" in admin_message.body url = admin_message.body.split()[-1] assert url == 'http://localhost/auth/users/foo' force_login(client, 'ze_admin') activation_page = client.get(url) activation_page.form['active'] = False activation_page.form.submit() foo_user = models.RegisteredUser.query.get('foo') assert not foo_user.active
def test_comments(app, client, setup, set_auth, request_type, request_args, post_params, user, expect_errors, status_code, assert_condition): create_user('testuser') if user: if user[0] != 'testuser': create_user(*user) force_login(client, user[0]) resp = getattr(client, request_type)(*get_request_params(request_type, request_args, post_params), expect_errors=expect_errors) assert resp.status_code == status_code if resp.status_code == 302: resp = resp.follow() if assert_condition: assert eval(assert_condition)
def test_admin_edit_user_info(app, set_auth, client, outbox): from .factories import DatasetFactory _set_config(admin_email='*****@*****.**') create_user('ze_admin', ['admin']) create_user('foo', ['etc', 'stakeholder'], name="Foo Person") DatasetFactory() models.db.session.commit() force_login(client, 'ze_admin') page = client.get(flask.url_for('auth.admin_user', user_id='foo')) page.form['name'] = "Foo Person" page.form['email'] = "*****@*****.**" page.form['institution'] = "Foo Institution" page.form['qualification'] = "Foo is web developer" result_page = page.form.submit() assert "User information updated" in result_page.follow().text assert not result_page.status_code == 200 assert not 'already associated with an account' in result_page.text foo_user = models.RegisteredUser.query.get('foo') assert foo_user.email == '*****@*****.**' assert foo_user.name == 'Foo Person' assert foo_user.institution == 'Foo Institution' assert foo_user.qualification == 'Foo is web developer' assert not foo_user.is_ldap create_user('bar', ['etc'], name="Bar Person") models.db.session.commit() page = client.get(flask.url_for('auth.admin_user', user_id='bar')) page.form['name'] = "Bar Person" page.form['email'] = "*****@*****.**" page.form['institution'] = "Bar Institution" page.form['qualification'] = "Bar is web developer" result_page = page.form.submit() assert result_page.status_code == 200 assert 'already associated with an account' in result_page.text
def test_delete_conclusion(app, client, set_auth, setup_edit, request_args, user, status_code, expect_errors, model_cls): if user: create_user(user) force_login(client, user) resp = client.get(*get_request_params('get', request_args), expect_errors=expect_errors) assert resp.status_code == status_code if model_cls: args = request_args[1] records = model_cls.query.filter_by( dataset_id=args['period'], subject=args['subject'], region=args['delete_region'], user_id=args['delete_user'], MS=args['delete_ms'], ).all() assert len(records) == 1 assert records[0].deleted == 1
def test_deleted(app, client, set_auth, setup_deleted, user, request_args): create_user(user) force_login(client, user) resp = client.get(request_args) assert resp.status_code == 200 assert len(resp.html.find_all('td')) == 0