def add_single_voting_project(event, _):
"""
Add a project to the user's single voting projects list
"""
project = event["body"]
# Check if the project name is valid
if not re.fullmatch(r"[a-z0-9_\.\-]{1,100}", project):
return create_response(400, "POST", "Invalid project name")
# Get the logged in user data
user = User()
username = get_logged_in_user(event)
user_data = user.get_user_by_username(username)
if not user_data:
return create_response(400, "POST", "User not logged in correctly")
# Update the list of single voting projects
if "single_voting_projects" not in user_data:
user_data["single_voting_projects"] = []
if not project in user_data["single_voting_projects"]:
user.change_single_voting_projects(
username, user_data["single_voting_projects"] + [project])
return create_response(200, "POST")
def change_voted_message_and_redirect(event, _):
"""
Change the user's voted message and redirect.
"""
# Parse the parameters
params = parse_qs(event["body"])
# Check if the user is logged in correctly
username = get_logged_in_user(event)
if not username:
return create_response(400, "POST", "User not logged in correctly")
# Set the voted message and redirect
voted_params = dict(user=username, voted_message=None, voted_redirect=None)
if "voted_redirect" in params and params["voted_redirect"]:
voted_params["voted_redirect"] = params["voted_redirect"][0]
if "voted_message" in params and params["voted_message"]:
voted_params["voted_message"] = params["voted_message"][0]
user = User()
try:
user.set_voted_message_and_redirect(**voted_params)
except ValueError as error:
return create_response(400, "POST", str(error))
return create_response(200, "POST")
def test_change_password(self):
# Positive case
event_1 = dict(
headers=dict(
Cookie="user=user_1&signature=$2b$12$oGAaQWkNrjCWI0ugg8Go8uZ1ld2828dTeTk2cE/WZAO2yOB4aUxQm"
),
body="newpassword=newpassword;newpassword2=newpassword",
)
response_1 = create_response(200, "POST")
self.assertEqual(response_1, change_password(event_1, None))
# Invalid password (too short)
event_2 = dict(
headers=dict(
Cookie="user=user_1&signature=$2b$12$oGAaQWkNrjCWI0ugg8Go8uZ1ld2828dTeTk2cE/WZAO2yOB4aUxQm"
),
body="newpassword=np;newpassword2=np",
)
response_2 = create_response(400, "POST", "Invalid password")
self.assertEqual(response_2, change_password(event_2, None))
# Password missmatch
event_3 = dict(
headers=dict(
Cookie="user=user_1&signature=$2b$12$oGAaQWkNrjCWI0ugg8Go8uZ1ld2828dTeTk2cE/WZAO2yOB4aUxQm"
),
body="newpassword=newpassword;newpassword2=otherpassword",
)
response_3 = create_response(400, "POST", "The two passwords don't match")
self.assertEqual(response_3, change_password(event_3, None))
# Bad password request
event_4 = dict(
headers=dict(
Cookie="user=user_1&signature=$2b$12$oGAaQWkNrjCWI0ugg8Go8uZ1ld2828dTeTk2cE/WZAO2yOB4aUxQm"
),
body="newpassword=newpassword",
)
response_4 = create_response(400, "POST", "The two passwords don't match")
self.assertEqual(response_4, change_password(event_4, None))
# Wrong user cookie
event_5 = dict(
headers=dict(
Cookie="user=user_2&signature=$2b$12$oGAaQWkNrjCWI0ugg8Go8uZ1ld2828dTeTk2cE/WZAO2yOB4aUxQm"
),
body="newpassword=newpassword;newpassword2=newpassword",
)
response_5 = create_response(400, "POST", "User not logged in correctly")
self.assertEqual(response_5, change_password(event_5, None))
def add_vote_and_redirect(event, _):
"""
Handle add vote requests and redirect to a info page
:param event: event
:return: redirect to a page explaining that the vote was added
"""
# Save the vote
do_vote(event, None)
redirect_url = "/voted"
# Find the user and determine the redirect page
username = event["pathParameters"]["user"].lower()
user = User()
user_data = user.get_user_by_username(username)
if user_data:
# If the user has a redirect page configured
if user_data["voted_redirect"]:
redirect_url = user_data["voted_redirect"]
elif user_data["voted_message"]:
redirect_url = f"/voted?message={quote_plus(user_data['voted_message'])}"
# Return response
return create_response(302, additional_headers={"Location": redirect_url})
def check_user_logged_in(event, _):
"""
Check if a user is logged in based on the provided cookie
:param event: event
:return: 200 if th euser is logged in, 401 otherwise
"""
return create_response(200 if get_logged_in_user(event) else 401)
def change_account_public(event, _):
"""
Change the public visibility of an account
:param event: event
:return: 200 if the change was successful, 400 otherwise
"""
# Check if the user is logged in correctly
username = get_logged_in_user(event)
if not username:
return create_response(400, "POST", "User not logged in correctly")
# Get the new value of the public option
new_is_public = event["body"] == "1"
# Change the user public setting
user = User()
user.set_account_public(username, new_is_public)
return create_response(200, "POST")
def add_vote(event, _):
"""
Handle add vote requests
:param event: event
:return: empty 200 response
"""
# Save the vote
do_vote(event, None)
# Return response
return create_response(200, "POST")
def test_get_votes_for_project(self, get_user_mock):
# Define helper functions
event = lambda user, project: dict(pathParameters=dict(
user=user, project=project), )
response = lambda user, project, svp: create_response(
200,
body=json.dumps(
dict(
single_voting_projects=svp,
votes=get_expected_votes_data(user, project),
)),
)
# Good case #1 (with svp)
get_user_mock.return_value = dict(is_public=True,
single_voting_projects=["project_a"])
self.assertEqual(
response("user_1", "project_a", ["project_a"]),
get_votes_for_project(event("user_1", "project_a"), None),
)
# Good case #2 (without svp)
get_user_mock.return_value = dict(is_public=True,
single_voting_projects=[])
self.assertEqual(
response("user_1", "project_b", []),
get_votes_for_project(event("user_1", "project_b"), None),
)
# Invalid project
self.assertEqual(
response("user_1", "project_X", []),
get_votes_for_project(event("user_1", "project_X"), None),
)
# Invalid user
get_user_mock.return_value = None
self.assertEqual(
create_response(400, "GET", "Invalid user"),
get_votes_for_project(event("user_X", "project_X"), None),
)
def delete_vote(event, _):
"""
Delete a vote
:param event: event
:return: votes data as JSON
"""
user = event["pathParameters"]["user"].lower()
project = event["pathParameters"]["project"].lower()
topic = event["pathParameters"]["topic"].lower()
# Check if we are changing the currently logged in user
loggedin_user = get_logged_in_user(event)
if user != loggedin_user:
return create_response(400, "POST", "User not logged in correctly")
vote = Vote()
# Check if the topic exists
if vote.get_vote_count(user, get_topic_key(project, topic)) > 0:
vote.delete_vote(user, project, topic)
return create_response(200, "POST")
else:
return create_response(400, "POST", "Topic doesn't exist")
def test_login_user(self, _, __):
# Test successful login
event_1 = dict(body="[email protected];password=test")
response_1 = create_response(
200,
"POST",
body="user_1",
additional_headers={
"Access-Control-Allow-Credentials": "true",
"Set-Cookie": "user=user_1&signature=$2b$12$oGAaQWkNrjCWI0ugg8Go8uZ1ld2828dTeTk2cE/WZAO2yOB4aUxQm;SameSite=Strict;Path=/;Expires=Fri, 31 Jan 2020 01:23:34 GMT;HttpOnly",
},
)
self.assertEqual(response_1, login_user(event_1, None))
# Test wrong user
event_2 = dict(body="[email protected];password=test")
response_2 = create_response(401, "POST")
self.assertEqual(response_2, login_user(event_2, None))
# Test wrong password
event_3 = dict(body="[email protected];password=wrongpassowrd")
response_3 = create_response(401, "POST")
self.assertEqual(response_3, login_user(event_3, None))
def test_get_user_data(self):
# Positive case
event_1 = dict(
headers=dict(
Cookie="user=user_1&signature=$2b$12$oGAaQWkNrjCWI0ugg8Go8uZ1ld2828dTeTk2cE/WZAO2yOB4aUxQm"
),
)
response_1 = create_response(200, body=json.dumps(self.get_user_data("user_1")))
self.assertEqual(response_1, get_user_data(event_1, None))
# Wrong cookie
event_2 = dict(
headers=dict(
Cookie="user=user_2&signature=$2b$12$oGAaQWkNrjCWI0ugg8Go8uZ1ld2828dTeTk2cE/WZAO2yOB4aUxQm"
),
)
response_2 = create_response(200, body=json.dumps(dict()))
self.assertEqual(response_2, get_user_data(event_2, None))
# No cookie
event_3 = dict(headers=dict(),)
response_3 = create_response(200, body=json.dumps(dict()))
self.assertEqual(response_3, get_user_data(event_3, None))
def get_votes_for_user(event, _):
"""
Handle get votes request for a user
:param event: event
:return: votes data as JSON
"""
# Get all parameters
username = event["pathParameters"]["user"]
# Check if the user stats are public or the user is logged in
user = User()
user_data = user.get_user_by_username(username)
if user_data and (user_data["is_public"]
or username == get_logged_in_user(event)):
vote = Vote()
votes_data = vote.get_votes_for_user(username)
result = dict(
single_voting_projects=user_data.get("single_voting_projects"),
votes=votes_data,
)
return create_response(200, body=json.dumps(result))
else:
return create_response(400, "GET", "Invalid user")
def logout_user(event, _):
"""
Logout a user by expiring the login cookie
"""
cookie = f"user=;SameSite=Strict;Path=/;Expires={get_cookie_date(datetime.now() - timedelta(days=1))};HttpOnly"
return create_response(
302,
"GET",
"",
{
"Access-Control-Allow-Credentials": "true",
"Set-Cookie": cookie,
"Location": "/",
},
)
