def setUp(self):
'Prepare database'
# Prepare people
people = []
personPacks = [
('test_person1', model.hashString('test_person1'), u'test_person1', '*****@*****.**'),
('test_person2', model.hashString('test_person2'), u'test_person2', '*****@*****.**'),
]
for personPack in personPacks:
person = Session.query(model.Person).filter_by(username=personPack[0]).first()
if not person:
person = model.Person(*personPack)
Session.add(person)
people.append(person)
Session.commit()
self.person1Key, self.person2Key = [x.key for x in people]
# Prepare features
features = []
featurePacks = [
(people[0].id, geoalchemy.WKTSpatialElement('LINESTRING(3 4,10 50,20 25)')),
(people[1].id, geoalchemy.WKTSpatialElement('POLYGON((1 1,5 1,5 5,1 5,1 1),(2 2,2 3,3 3,3 2,2 2))')),
]
for featurePack in featurePacks:
feature = model.Feature()
feature.owner_id = featurePack[0]
feature.geometry = featurePack[1]
Session.add(feature)
features.append(feature)
Session.commit()
self.feature1ID, self.feature2ID = [x.id for x in features]
def test_reset(self):
"""
Make sure that resetting the password works
Trying to reset an email that does not exist should return an error
Make sure that resetting the password does not immediately change the password
Make sure that reset confirmation works
"""
# Initialize
urlName = 'person_reset'
# Reset an unfamiliar email
self.assertEqualJSON(self.app.post(url(urlName), dict(email=email)), 0)
# Add person
Session.add(
model.Person(username, model.hashString(password), nickname,
email))
Session.commit()
# Reset password
self.assertEqualJSON(self.app.post(url(urlName), dict(email=email)), 1)
# Make sure the candidate exists
self.assertEqual(
Session.query(
model.PersonCandidate).filter_by(email=email).count(), 1)
# Activate candidate
self.app.get(
url('person_confirm',
ticket=Session.query(model.PersonCandidate.ticket).filter_by(
email=email).first()[0]))
# Make sure the password has changed
self.assertEqual(
Session.query(model.Person).filter_by(
password_hash=model.hashString(password)).count(), 0)
def setUp(self):
'Prepare database'
# Prepare people
people = []
personPacks = [
('test_person1', model.hashString('test_person1'), u'test_person1', '*****@*****.**'),
('test_person2', model.hashString('test_person2'), u'test_person2', '*****@*****.**'),
]
for personPack in personPacks:
person = Session.query(model.Person).filter_by(username=personPack[0]).first()
if not person:
person = model.Person(*personPack)
Session.add(person)
people.append(person)
Session.commit()
self.person1Key, self.person2Key = [x.key for x in people]
# Prepare tags
tags = []
self.tagTexts = [
u'tag with features that are public',
u'tag with features that are private to person1',
u'tag with features that are private to person2',
]
for tagText in self.tagTexts:
tag = Session.query(model.Tag).filter_by(text=tagText).first()
if not tag:
tag = model.Tag(tagText)
Session.add(tag)
tags.append(tag)
Session.commit()
tag1Public, tag1Private, tag2Private = tags
# Prepare features
features = []
featurePacks = [
(people[0].id, geoalchemy.WKTSpatialElement('MULTIPOINT (-90.2307590000000062 15.7834710000000005, 126.9779692000000040 37.5665350000000018, -0.1963060000000000 5.5557169999999996, -91.5219589999999954 14.8361560000000008)'), model.scopePublic, {'description': 'Santa Eulalia; Seoul; Accra; Xela'}),
(people[0].id, geoalchemy.WKTSpatialElement('LINESTRING (-87.6297981999999962 41.8781135999999989, -84.3879823999999985 33.7489953999999983, -122.4194154999999995 37.7749294999999989)'), model.scopePrivate, {'description': 'Chicago; Atlanta; San Francisco'}),
(people[1].id, geoalchemy.WKTSpatialElement('LINESTRING (-74.0059731 40.7143528, -90.5352778 14.6133333)'), model.scopePrivate, {'passenger': u'Hélène'}),
]
for featurePack in featurePacks:
feature = model.Feature()
feature.owner_id, feature.geometry, feature.scope, feature.properties = featurePack
Session.add(feature)
features.append(feature)
feature1Public, feature1Private, feature2Private = features
feature1Public.tags = [tag1Public]
feature1Private.tags = [tag1Private]
feature2Private.tags = [tag2Private]
Session.commit()
self.feature1ID = feature1Public.id
def setUp(self):
'Prepare database'
# Prepare people
people = []
personPacks = [
('test_person1', model.hashString('test_person1'), u'test_person1', '*****@*****.**'),
('test_person2', model.hashString('test_person2'), u'test_person2', '*****@*****.**'),
]
for personPack in personPacks:
person = Session.query(model.Person).filter_by(username=personPack[0]).first()
if not person:
person = model.Person(*personPack)
Session.add(person)
people.append(person)
Session.commit()
self.person1Key, self.person2Key = [x.key for x in people]
# Prepare tags
tags = []
self.tagTexts = [
u'tag with features that are public',
u'tag with features that are private to person1',
u'tag with features that are private to person2',
]
for tagText in self.tagTexts:
tag = Session.query(model.Tag).filter_by(text=tagText).first()
if not tag:
tag = model.Tag(tagText)
Session.add(tag)
tags.append(tag)
Session.commit()
tag1Public, tag1Private, tag2Private = tags
# Prepare features
features = []
featurePacks = [
(people[0].id, geoalchemy.WKTSpatialElement('POINT(6 10)'), model.scopePublic),
(people[0].id, geoalchemy.WKTSpatialElement('LINESTRING(3 4,10 50,20 25)'), model.scopePrivate),
(people[1].id, geoalchemy.WKTSpatialElement('POLYGON((1 1,5 1,5 5,1 5,1 1),(2 2,2 3,3 3,3 2,2 2))'), model.scopePrivate),
]
for featurePack in featurePacks:
feature = model.Feature()
feature.owner_id, feature.geometry, feature.scope = featurePack
Session.add(feature)
features.append(feature)
feature1Public, feature1Private, feature2Private = features
feature1Public.tags = [tag1Public]
feature1Private.tags = [tag1Private]
feature2Private.tags = [tag2Private]
Session.commit()
def test_login(self):
"""
Make sure that logging in works
Ensure that the login page shows
Ensure that bad credentials result in an error message
Ensure that good credentials result in a proper redirect
"""
# Initialize
urlName = 'person_login'
exampleURL = url('person_update')
# Assert that the login page shows and stores url
self.assert_('Login' in self.app.get(url(urlName, url=exampleURL)))
# Add person
Session.add(
model.Person(username, model.hashString(password), nickname,
email))
Session.commit()
# Log in using bad credentials
self.assertEqualJSON(
self.app.post(url(urlName),
dict(username=username, password=password + 'x')), 0)
# Log in using good credentials
self.assertEqualJSON(
self.app.post(url(urlName),
dict(username=username, password=password)), 1)
def test_registration(self):
"Make sure that registration works"
# Initialize
urlName = "person_register"
# Make sure the registration page appears properly
self.assert_("Registration" in self.app.get(url(urlName)))
# Register
self.app.post(url(urlName), dict(username=username, password=password, nickname=nickname, email=email))
# Register with the same username but with different case
self.app.post(
url(urlName), dict(username=username.upper(), password=password, nickname=nickname + "x", email=email + "x")
)
# Register with the same nickname but with different case
self.app.post(
url(urlName), dict(username=username + "x", password=password, nickname=nickname.upper(), email=email + "x")
)
# Register with the same email but with different case
self.app.post(
url(urlName), dict(username=username + "x", password=password, nickname=nickname + "x", email=email.upper())
)
# Confirm registration
self.app.get(
url("person_confirm", ticket=Session.query(model.PersonCandidate.ticket).filter_by(email=email).first()[0])
)
# Make sure the person exists
self.assertEqual(Session.query(model.Person).filter_by(email=email).count(), 1)
# Make sure that conflicting registrations have been deleted
self.assertEqual(
Session.query(model.PersonCandidate).filter_by(password_hash=model.hashString(password)).count(), 0
)
def test_logout(self):
"""
Make sure that logging out works
If the person is logged in, make sure the person gets logged out
and is redirected properly. If the person is already logged out,
return the user to the page before the user tried to log out.
"""
# Initialize
urlName = 'person_logout'
exampleURL = url('person_index')
# Add person
Session.add(
model.Person(username, model.hashString(password), nickname,
email))
Session.commit()
# Logging out should redirect back
self.assert_(exampleURL in self.app.get(url(urlName, url=exampleURL)))
# Log in
self.assert_(
'Login' in self.app.get(url('person_login', url=exampleURL)))
self.assertEqualJSON(
self.app.post(url('person_login'),
dict(username=username, password=password)), 1)
# Logging out should redirect back
self.assert_(exampleURL in self.app.get(url(urlName, url=exampleURL)))
def test_index(self):
"Assert that the index page shows how many accounts are on file"
# Initialize
urlName = "person_index"
# Make sure that we begin with 0 people
self.assert_("0 people" in self.app.get(url(urlName)))
# Add person
Session.add(model.Person(username, model.hashString(password), nickname, email))
Session.commit()
# Make sure that we now have 1 person
self.assert_("1 people" in self.app.get(url(urlName)))
def test_index(self):
'Assert that the index page shows how many accounts are on file'
# Initialize
urlName = 'person_index'
# Make sure that we begin with 0 people
self.assert_('0 people' in self.app.get(url(urlName)))
# Add person
Session.add(
model.Person(username, model.hashString(password), nickname,
email))
Session.commit()
# Make sure that we now have 1 person
self.assert_('1 people' in self.app.get(url(urlName)))
def setUp(self):
'Prepare database'
# Prepare people
people = []
personPacks = [
('test_person1', model.hashString('test_person1'), u'test_person1',
'*****@*****.**'),
('test_person2', model.hashString('test_person2'), u'test_person2',
'*****@*****.**'),
]
for personPack in personPacks:
person = Session.query(
model.Person).filter_by(username=personPack[0]).first()
if not person:
person = model.Person(*personPack)
Session.add(person)
people.append(person)
Session.commit()
self.person1Key, self.person2Key = [x.key for x in people]
# Prepare features
features = []
featurePacks = [
(people[0].id,
geoalchemy.WKTSpatialElement('LINESTRING(3 4,10 50,20 25)')),
(people[1].id,
geoalchemy.WKTSpatialElement(
'POLYGON((1 1,5 1,5 5,1 5,1 1),(2 2,2 3,3 3,3 2,2 2))')),
]
for featurePack in featurePacks:
feature = model.Feature()
feature.owner_id = featurePack[0]
feature.geometry = featurePack[1]
Session.add(feature)
features.append(feature)
Session.commit()
self.feature1ID, self.feature2ID = [x.id for x in features]
def test_reset(self):
"""
Make sure that resetting the password works
Trying to reset an email that does not exist should return an error
Make sure that resetting the password does not immediately change the password
Make sure that reset confirmation works
"""
# Initialize
urlName = "person_reset"
# Reset an unfamiliar email
self.assertEqualJSON(self.app.post(url(urlName), dict(email=email)), 0)
# Add person
Session.add(model.Person(username, model.hashString(password), nickname, email))
Session.commit()
# Reset password
self.assertEqualJSON(self.app.post(url(urlName), dict(email=email)), 1)
# Make sure the candidate exists
self.assertEqual(Session.query(model.PersonCandidate).filter_by(email=email).count(), 1)
# Activate candidate
self.app.get(
url("person_confirm", ticket=Session.query(model.PersonCandidate.ticket).filter_by(email=email).first()[0])
)
# Make sure the password has changed
self.assertEqual(Session.query(model.Person).filter_by(password_hash=model.hashString(password)).count(), 0)
def test_registration(self):
'Make sure that registration works'
# Initialize
urlName = 'person_register'
# Make sure the registration page appears properly
self.assert_('Registration' in self.app.get(url(urlName)))
# Register
self.app.post(
url(urlName),
dict(username=username,
password=password,
nickname=nickname,
email=email))
# Register with the same username but with different case
self.app.post(
url(urlName),
dict(username=username.upper(),
password=password,
nickname=nickname + 'x',
email=email + 'x'))
# Register with the same nickname but with different case
self.app.post(
url(urlName),
dict(username=username + 'x',
password=password,
nickname=nickname.upper(),
email=email + 'x'))
# Register with the same email but with different case
self.app.post(
url(urlName),
dict(username=username + 'x',
password=password,
nickname=nickname + 'x',
email=email.upper()))
# Confirm registration
self.app.get(
url('person_confirm',
ticket=Session.query(model.PersonCandidate.ticket).filter_by(
email=email).first()[0]))
# Make sure the person exists
self.assertEqual(
Session.query(model.Person).filter_by(email=email).count(), 1)
# Make sure that conflicting registrations have been deleted
self.assertEqual(
Session.query(model.PersonCandidate).filter_by(
password_hash=model.hashString(password)).count(), 0)
def login_(self):
'Process login credentials'
# Check username
username = str(request.POST.get('username', ''))
person = Session.query(
model.Person).filter_by(username=username).first()
# If the username does not exist,
if not person:
return dict(isOk=0)
# Check password
password_hash = model.hashString(str(request.POST.get('password', '')))
# If the password is incorrect,
if password_hash != StringIO.StringIO(person.password_hash).read():
# Increase and return rejection_count without a requery
rejection_count = person.rejection_count = person.rejection_count + 1
Session.commit()
return dict(isOk=0, rejection_count=rejection_count)
# If there have been too many rejections,
if person.rejection_count >= parameter.REJECTION_LIMIT:
# Expect recaptcha response
recaptchaChallenge = request.POST.get('recaptcha_challenge_field',
'')
recaptchaResponse = request.POST.get('recaptcha_response_field',
'')
recaptchaPrivateKey = config.get('recaptcha.private', '')
# Validate
result = captcha.submit(recaptchaChallenge, recaptchaResponse,
recaptchaPrivateKey, h.getRemoteIP())
# If the response is not valid,
if not result.is_valid:
return dict(isOk=0, rejection_count=person.rejection_count)
# Get minutesOffset from UTC
minutesOffset = h.getMinutesOffset()
# Save session
session['minutesOffset'] = minutesOffset
session['personID'] = person.id
session['nickname'] = person.nickname
session['is_super'] = person.is_super
session.save()
# Save person
person.minutes_offset = minutesOffset
person.rejection_count = 0
Session.commit()
# Return
return dict(isOk=1)
def test_login(self):
"""
Make sure that logging in works
Ensure that the login page shows
Ensure that bad credentials result in an error message
Ensure that good credentials result in a proper redirect
"""
# Initialize
urlName = "person_login"
exampleURL = url("person_update")
# Assert that the login page shows and stores url
self.assert_("Login" in self.app.get(url(urlName, url=exampleURL)))
# Add person
Session.add(model.Person(username, model.hashString(password), nickname, email))
Session.commit()
# Log in using bad credentials
self.assertEqualJSON(self.app.post(url(urlName), dict(username=username, password=password + "x")), 0)
# Log in using good credentials
self.assertEqualJSON(self.app.post(url(urlName), dict(username=username, password=password)), 1)
def test_logout(self):
"""
Make sure that logging out works
If the person is logged in, make sure the person gets logged out
and is redirected properly. If the person is already logged out,
return the user to the page before the user tried to log out.
"""
# Initialize
urlName = "person_logout"
exampleURL = url("person_index")
# Add person
Session.add(model.Person(username, model.hashString(password), nickname, email))
Session.commit()
# Logging out should redirect back
self.assert_(exampleURL in self.app.get(url(urlName, url=exampleURL)))
# Log in
self.assert_("Login" in self.app.get(url("person_login", url=exampleURL)))
self.assertEqualJSON(self.app.post(url("person_login"), dict(username=username, password=password)), 1)
# Logging out should redirect back
self.assert_(exampleURL in self.app.get(url(urlName, url=exampleURL)))
def login_(self):
'Process login credentials'
# Check username
username = str(request.POST.get('username', ''))
person = Session.query(model.Person).filter_by(username=username).first()
# If the username does not exist,
if not person:
return dict(isOk=0)
# Check password
password_hash = model.hashString(str(request.POST.get('password', '')))
# If the password is incorrect,
if password_hash != StringIO.StringIO(person.password_hash).read():
# Increase and return rejection_count without a requery
rejection_count = person.rejection_count = person.rejection_count + 1
Session.commit()
return dict(isOk=0, rejection_count=rejection_count)
# If there have been too many rejections,
if person.rejection_count >= parameter.REJECTION_LIMIT:
# Expect recaptcha response
recaptchaChallenge = request.POST.get('recaptcha_challenge_field', '')
recaptchaResponse = request.POST.get('recaptcha_response_field', '')
recaptchaPrivateKey = config.get('recaptcha.private', '')
# Validate
result = captcha.submit(recaptchaChallenge, recaptchaResponse, recaptchaPrivateKey, h.getRemoteIP())
# If the response is not valid,
if not result.is_valid:
return dict(isOk=0, rejection_count=person.rejection_count)
# Get minutesOffset from UTC
minutesOffset = h.getMinutesOffset()
# Save session
session['minutesOffset'] = minutesOffset
session['personID'] = person.id
session['nickname'] = person.nickname
session['is_super'] = person.is_super
session.save()
# Save person
person.minutes_offset = minutesOffset
person.rejection_count = 0
Session.commit()
# Return
return dict(isOk=1)
def test_update(self):
"""
Make sure that updating credentials works
Make sure the update page only appears when the user is logged in
Make sure the update form is filled with the user's credentials
Make sure that update_ only works when the user is logged in
Make sure that update confirmation works
Make sure that update_ for SMS only works when the user is the owner
"""
# Initialize
urlName = "person_update"
# Assert that we are redirected to the login page if the person is not logged in
self.assert_(url("person_login", url=url(urlName)) in self.app.get(url(urlName)))
# Assert that we get rejected if we try to post without logging in
self.assertEqualJSON(self.app.post(url(urlName)), 0)
# Add people
Session.add(model.Person(username, model.hashString(password), nickname, email))
Session.add(model.Person(username + "x", model.hashString(password), nickname + "x", email + "x"))
Session.commit()
# Log in
self.app.post(url("person_login"), dict(username=username, password=password))
# Assert that the update form is filled with the user's credentials
responseBody = self.app.get(url(urlName)).body
self.assert_(username in responseBody)
self.assert_(nickname in responseBody)
self.assert_(email in responseBody)
# Update credentials
username_ = store.makeRandomString(parameter.USERNAME_LENGTH_MAXIMUM)
password_ = store.makeRandomAlphaNumericString(parameter.PASSWORD_LENGTH_AVERAGE)
nickname_ = unicode(store.makeRandomString(parameter.NICKNAME_LENGTH_MAXIMUM))
email_ = re.sub(r".*@", store.makeRandomString(16) + "@", email)
self.assertEqualJSON(
self.app.post(url(urlName), dict(username=username_, password=password_, nickname=nickname_, email=email_)),
1,
)
# Make sure the credentials have not changed yet
self.assertEqual(
Session.query(model.Person)
.filter_by(username=username_, password_hash=model.hashString(password_), nickname=nickname_, email=email_)
.count(),
0,
)
# Activate candidate
self.app.get(
url("person_confirm", ticket=Session.query(model.PersonCandidate.ticket).filter_by(email=email_).first()[0])
)
# Make sure the credentials have changed
self.assertEqual(
Session.query(model.Person)
.filter_by(username=username_, password_hash=model.hashString(password_), nickname=nickname_, email=email_)
.count(),
1,
)
# Load people
person1 = (
Session.query(model.Person)
.filter_by(username=username_, password_hash=model.hashString(password_), nickname=nickname_, email=email_)
.first()
)
person2 = Session.query(model.Person).filter_by(username=username + "x").first()
# Add SMSAddress
smsAddress = model.SMSAddress(emailSMS, person2.id)
Session.add(smsAddress)
Session.commit()
smsAddressID = smsAddress.id
# Make sure that only the owner can update SMS information
self.app.post(url("person_login"), dict(username=username, password=password))
self.assertEqualJSON(self.app.post(url(urlName), dict(smsAddressID=smsAddressID, action="activate")), 0)
self.assertEqualJSON(self.app.post(url(urlName), dict(smsAddressID=smsAddressID, action="deactivate")), 0)
self.assertEqualJSON(self.app.post(url(urlName), dict(smsAddressID=smsAddressID, action="remove")), 0)
self.app.post(url("person_login"), dict(username=username + "x", password=password))
self.assertEqualJSON(self.app.post(url(urlName), dict(smsAddressID=smsAddressID, action="activate")), 1)
self.assertEqualJSON(self.app.post(url(urlName), dict(smsAddressID=smsAddressID, action="deactivate")), 1)
self.assertEqualJSON(self.app.post(url(urlName), dict(smsAddressID=smsAddressID, action="remove")), 1)
# Reset account
c.password = store.makeRandomAlphaNumericString(parameter.PASSWORD_LENGTH_AVERAGE)
return changePerson(dict(username=person.username, password=c.password, nickname=person.nickname, email=person.email), 'reset', person)
# Helpers
def changePerson(valueByName, action, person=None):
'Validate values and send confirmation email if values are okay'
# Validate form
try:
form = PersonForm().to_python(valueByName, person)
except formencode.Invalid, error:
return dict(isOk=0, errorByID=error.unpack_errors())
# Prepare candidate
candidate = model.PersonCandidate(form['username'], model.hashString(form['password']), form['nickname'], form['email'])
candidate.person_id = person.id if person else None
candidate.ticket = store.makeRandomUniqueTicket(parameter.TICKET_LENGTH, Session.query(model.PersonCandidate))
candidate.when_expired = datetime.datetime.utcnow() + datetime.timedelta(days=parameter.TICKET_LIFESPAN_IN_DAYS)
Session.add(candidate)
Session.commit()
# Send confirmation
toByValue = dict(nickname=form['nickname'], email=form['email'])
subject = '[%s] Confirm %s' % (parameter.SITE_NAME, action)
c.candidate = candidate
c.username = form['username']
c.action = action
body = render('/people/confirm.mako')
try:
smtp.sendMessage(dict(email=config['error_email_from'], smtp=config['smtp_server'], username=config.get('smtp_username', ''), password=config.get('smtp_password', ''), nickname=parameter.SITE_NAME + ' Support'), toByValue, subject, body)
except smtp.SMTPError:
abort(400, 'Must specify a valid responseFormat: json')
# Authenticate via personID or key
personID = h.getPersonIDViaKey()
# Load srid
srid = request.params.get('srid', '')
try:
proj4 = model.validateSRID(srid)
except model.GeoRegistryError, error:
abort(400, str(error))
# Load tags
try:
tags = model.getTags(request.params.get('tags', ''))
except model.GeoRegistryError, error:
abort(400, str(error))
# Load query string
queryStringHash = model.hashString(request.query_string)
# Load cached map
cachedMap = Session.query(
model.Map).filter_by(query_hash=queryStringHash).first()
# If we do not have a cached map or the cached map is not current,
if not cachedMap or not cachedMap.when_updated or cachedMap.when_updated < max(
x.when_updated for x in tags):
# Load bboxFormat
bboxFormat = request.params.get('bboxFormat', 'yxyx')
if bboxFormat not in ['yxyx', 'xyxy']:
abort(400, 'Must specify a valid bboxFormat: yxyx, xyxy')
# Load bounding box
bbox = request.params.get('bbox', '')
# If a bounding box is specified,
if bbox:
# Expand
def setUp(self):
'Prepare database'
# Prepare people
people = []
personPacks = [
('test_person1', model.hashString('test_person1'), u'test_person1',
'*****@*****.**'),
('test_person2', model.hashString('test_person2'), u'test_person2',
'*****@*****.**'),
]
for personPack in personPacks:
person = Session.query(
model.Person).filter_by(username=personPack[0]).first()
if not person:
person = model.Person(*personPack)
Session.add(person)
people.append(person)
Session.commit()
self.person1Key, self.person2Key = [x.key for x in people]
# Prepare tags
tags = []
self.tagTexts = [
u'tag with features that are public',
u'tag with features that are private to person1',
u'tag with features that are private to person2',
]
for tagText in self.tagTexts:
tag = Session.query(model.Tag).filter_by(text=tagText).first()
if not tag:
tag = model.Tag(tagText)
Session.add(tag)
tags.append(tag)
Session.commit()
tag1Public, tag1Private, tag2Private = tags
# Prepare features
features = []
featurePacks = [
(people[0].id,
geoalchemy.WKTSpatialElement(
'MULTIPOINT (-90.2307590000000062 15.7834710000000005, 126.9779692000000040 37.5665350000000018, -0.1963060000000000 5.5557169999999996, -91.5219589999999954 14.8361560000000008)'
), model.scopePublic, {
'description': 'Santa Eulalia; Seoul; Accra; Xela'
}),
(people[0].id,
geoalchemy.WKTSpatialElement(
'LINESTRING (-87.6297981999999962 41.8781135999999989, -84.3879823999999985 33.7489953999999983, -122.4194154999999995 37.7749294999999989)'
), model.scopePrivate, {
'description': 'Chicago; Atlanta; San Francisco'
}),
(people[1].id,
geoalchemy.WKTSpatialElement(
'LINESTRING (-74.0059731 40.7143528, -90.5352778 14.6133333)'
), model.scopePrivate, {
'passenger': u'Hélène'
}),
]
for featurePack in featurePacks:
feature = model.Feature()
feature.owner_id, feature.geometry, feature.scope, feature.properties = featurePack
Session.add(feature)
features.append(feature)
feature1Public, feature1Private, feature2Private = features
feature1Public.tags = [tag1Public]
feature1Private.tags = [tag1Private]
feature2Private.tags = [tag2Private]
Session.commit()
self.feature1ID = feature1Public.id
email=person.email), 'reset', person)
# Helpers
def changePerson(valueByName, action, person=None):
'Validate values and send confirmation email if values are okay'
# Validate form
try:
form = PersonForm().to_python(valueByName, person)
except formencode.Invalid, error:
return dict(isOk=0, errorByID=error.unpack_errors())
# Prepare candidate
candidate = model.PersonCandidate(form['username'],
model.hashString(form['password']),
form['nickname'], form['email'])
candidate.person_id = person.id if person else None
candidate.ticket = store.makeRandomUniqueTicket(
parameter.TICKET_LENGTH, Session.query(model.PersonCandidate))
candidate.when_expired = datetime.datetime.utcnow() + datetime.timedelta(
days=parameter.TICKET_LIFESPAN_IN_DAYS)
Session.add(candidate)
Session.commit()
# Send confirmation
toByValue = dict(nickname=form['nickname'], email=form['email'])
subject = '[%s] Confirm %s' % (parameter.SITE_NAME, action)
c.candidate = candidate
c.username = form['username']
c.action = action
body = render('/people/confirm.mako')
abort(400, 'Must specify a valid responseFormat: json')
# Authenticate via personID or key
personID = h.getPersonIDViaKey()
# Load srid
srid = request.params.get('srid', '')
try:
proj4 = model.validateSRID(srid)
except model.GeoRegistryError, error:
abort(400, str(error))
# Load tags
try:
tags = model.getTags(request.params.get('tags', ''))
except model.GeoRegistryError, error:
abort(400, str(error))
# Load query string
queryStringHash = model.hashString(request.query_string)
# Load cached map
cachedMap = Session.query(model.Map).filter_by(query_hash=queryStringHash).first()
# If we do not have a cached map or the cached map is not current,
if not cachedMap or not cachedMap.when_updated or cachedMap.when_updated < max(x.when_updated for x in tags):
# Load bboxFormat
bboxFormat = request.params.get('bboxFormat', 'yxyx')
if bboxFormat not in ['yxyx', 'xyxy']:
abort(400, 'Must specify a valid bboxFormat: yxyx, xyxy')
# Load bounding box
bbox = request.params.get('bbox', '')
# If a bounding box is specified,
if bbox:
# Expand
try:
terms = [float(x) for x in bbox.split(',')]
def setup_app(command, conf, vars):
"""Place any commands to setup georegistry here"""
# If we are not in a testing environment,
if not pylons.test.pylonsapp:
load_environment(conf.global_conf, conf.local_conf)
# Create the tables if they don't already exist
Base.metadata.create_all(bind=Session.bind)
# If we are not in a testing environment and users do not exist,
if not pylons.test.pylonsapp and not Session.query(model.Person).all():
# Show feedback
print 'Please create an administrator account.'
# Prepare
passwordDefault = store.makeRandomString(parameter.PASSWORD_LENGTH_AVERAGE)
# Create
person = model.Person(raw_input('Username (administrator): ') or 'administrator', model.hashString(getpass.getpass('Password (%s): ' % passwordDefault) or passwordDefault), raw_input('Nickname (Administrator): ') or u'Administrator', raw_input('Email ([email protected]): ') or '*****@*****.**')
person.is_super = True
Session.add(person)
Session.commit()
def test_update(self):
"""
Make sure that updating credentials works
Make sure the update page only appears when the user is logged in
Make sure the update form is filled with the user's credentials
Make sure that update_ only works when the user is logged in
Make sure that update confirmation works
Make sure that update_ for SMS only works when the user is the owner
"""
# Initialize
urlName = 'person_update'
# Assert that we are redirected to the login page if the person is not logged in
self.assert_(
url('person_login', url=url(urlName)) in self.app.get(url(
urlName)))
# Assert that we get rejected if we try to post without logging in
self.assertEqualJSON(self.app.post(url(urlName)), 0)
# Add people
Session.add(
model.Person(username, model.hashString(password), nickname,
email))
Session.add(
model.Person(username + 'x', model.hashString(password),
nickname + 'x', email + 'x'))
Session.commit()
# Log in
self.app.post(url('person_login'),
dict(username=username, password=password))
# Assert that the update form is filled with the user's credentials
responseBody = self.app.get(url(urlName)).body
self.assert_(username in responseBody)
self.assert_(nickname in responseBody)
self.assert_(email in responseBody)
# Update credentials
username_ = store.makeRandomString(parameter.USERNAME_LENGTH_MAXIMUM)
password_ = store.makeRandomAlphaNumericString(
parameter.PASSWORD_LENGTH_AVERAGE)
nickname_ = unicode(
store.makeRandomString(parameter.NICKNAME_LENGTH_MAXIMUM))
email_ = re.sub(r'.*@', store.makeRandomString(16) + '@', email)
self.assertEqualJSON(
self.app.post(
url(urlName),
dict(username=username_,
password=password_,
nickname=nickname_,
email=email_)), 1)
# Make sure the credentials have not changed yet
self.assertEqual(
Session.query(model.Person).filter_by(
username=username_,
password_hash=model.hashString(password_),
nickname=nickname_,
email=email_).count(), 0)
# Activate candidate
self.app.get(
url('person_confirm',
ticket=Session.query(model.PersonCandidate.ticket).filter_by(
email=email_).first()[0]))
# Make sure the credentials have changed
self.assertEqual(
Session.query(model.Person).filter_by(
username=username_,
password_hash=model.hashString(password_),
nickname=nickname_,
email=email_).count(), 1)
# Load people
person1 = Session.query(model.Person).filter_by(
username=username_,
password_hash=model.hashString(password_),
nickname=nickname_,
email=email_).first()
person2 = Session.query(model.Person).filter_by(username=username +
'x').first()
# Add SMSAddress
smsAddress = model.SMSAddress(emailSMS, person2.id)
Session.add(smsAddress)
Session.commit()
smsAddressID = smsAddress.id
# Make sure that only the owner can update SMS information
self.app.post(url('person_login'),
dict(username=username, password=password))
self.assertEqualJSON(
self.app.post(url(urlName),
dict(smsAddressID=smsAddressID, action='activate')),
0)
self.assertEqualJSON(
self.app.post(url(urlName),
dict(smsAddressID=smsAddressID,
action='deactivate')), 0)
self.assertEqualJSON(
self.app.post(url(urlName),
dict(smsAddressID=smsAddressID, action='remove')), 0)
self.app.post(url('person_login'),
dict(username=username + 'x', password=password))
self.assertEqualJSON(
self.app.post(url(urlName),
dict(smsAddressID=smsAddressID, action='activate')),
1)
self.assertEqualJSON(
self.app.post(url(urlName),
dict(smsAddressID=smsAddressID,
action='deactivate')), 1)
self.assertEqualJSON(
self.app.post(url(urlName),
dict(smsAddressID=smsAddressID, action='remove')), 1)
