def add_single_voting_project(event, _): """ Add a project to the user's single voting projects list """ project = event["body"] # Check if the project name is valid if not re.fullmatch(r"[a-z0-9_\.\-]{1,100}", project): return create_response(400, "POST", "Invalid project name") # Get the logged in user data user = User() username = get_logged_in_user(event) user_data = user.get_user_by_username(username) if not user_data: return create_response(400, "POST", "User not logged in correctly") # Update the list of single voting projects if "single_voting_projects" not in user_data: user_data["single_voting_projects"] = [] if not project in user_data["single_voting_projects"]: user.change_single_voting_projects( username, user_data["single_voting_projects"] + [project]) return create_response(200, "POST")
def change_voted_message_and_redirect(event, _): """ Change the user's voted message and redirect. """ # Parse the parameters params = parse_qs(event["body"]) # Check if the user is logged in correctly username = get_logged_in_user(event) if not username: return create_response(400, "POST", "User not logged in correctly") # Set the voted message and redirect voted_params = dict(user=username, voted_message=None, voted_redirect=None) if "voted_redirect" in params and params["voted_redirect"]: voted_params["voted_redirect"] = params["voted_redirect"][0] if "voted_message" in params and params["voted_message"]: voted_params["voted_message"] = params["voted_message"][0] user = User() try: user.set_voted_message_and_redirect(**voted_params) except ValueError as error: return create_response(400, "POST", str(error)) return create_response(200, "POST")
def test_change_password(self): # Positive case event_1 = dict( headers=dict( Cookie="user=user_1&signature=$2b$12$oGAaQWkNrjCWI0ugg8Go8uZ1ld2828dTeTk2cE/WZAO2yOB4aUxQm" ), body="newpassword=newpassword;newpassword2=newpassword", ) response_1 = create_response(200, "POST") self.assertEqual(response_1, change_password(event_1, None)) # Invalid password (too short) event_2 = dict( headers=dict( Cookie="user=user_1&signature=$2b$12$oGAaQWkNrjCWI0ugg8Go8uZ1ld2828dTeTk2cE/WZAO2yOB4aUxQm" ), body="newpassword=np;newpassword2=np", ) response_2 = create_response(400, "POST", "Invalid password") self.assertEqual(response_2, change_password(event_2, None)) # Password missmatch event_3 = dict( headers=dict( Cookie="user=user_1&signature=$2b$12$oGAaQWkNrjCWI0ugg8Go8uZ1ld2828dTeTk2cE/WZAO2yOB4aUxQm" ), body="newpassword=newpassword;newpassword2=otherpassword", ) response_3 = create_response(400, "POST", "The two passwords don't match") self.assertEqual(response_3, change_password(event_3, None)) # Bad password request event_4 = dict( headers=dict( Cookie="user=user_1&signature=$2b$12$oGAaQWkNrjCWI0ugg8Go8uZ1ld2828dTeTk2cE/WZAO2yOB4aUxQm" ), body="newpassword=newpassword", ) response_4 = create_response(400, "POST", "The two passwords don't match") self.assertEqual(response_4, change_password(event_4, None)) # Wrong user cookie event_5 = dict( headers=dict( Cookie="user=user_2&signature=$2b$12$oGAaQWkNrjCWI0ugg8Go8uZ1ld2828dTeTk2cE/WZAO2yOB4aUxQm" ), body="newpassword=newpassword;newpassword2=newpassword", ) response_5 = create_response(400, "POST", "User not logged in correctly") self.assertEqual(response_5, change_password(event_5, None))
def add_vote_and_redirect(event, _): """ Handle add vote requests and redirect to a info page :param event: event :return: redirect to a page explaining that the vote was added """ # Save the vote do_vote(event, None) redirect_url = "/voted" # Find the user and determine the redirect page username = event["pathParameters"]["user"].lower() user = User() user_data = user.get_user_by_username(username) if user_data: # If the user has a redirect page configured if user_data["voted_redirect"]: redirect_url = user_data["voted_redirect"] elif user_data["voted_message"]: redirect_url = f"/voted?message={quote_plus(user_data['voted_message'])}" # Return response return create_response(302, additional_headers={"Location": redirect_url})
def check_user_logged_in(event, _): """ Check if a user is logged in based on the provided cookie :param event: event :return: 200 if th euser is logged in, 401 otherwise """ return create_response(200 if get_logged_in_user(event) else 401)
def change_account_public(event, _): """ Change the public visibility of an account :param event: event :return: 200 if the change was successful, 400 otherwise """ # Check if the user is logged in correctly username = get_logged_in_user(event) if not username: return create_response(400, "POST", "User not logged in correctly") # Get the new value of the public option new_is_public = event["body"] == "1" # Change the user public setting user = User() user.set_account_public(username, new_is_public) return create_response(200, "POST")
def add_vote(event, _): """ Handle add vote requests :param event: event :return: empty 200 response """ # Save the vote do_vote(event, None) # Return response return create_response(200, "POST")
def test_get_votes_for_project(self, get_user_mock): # Define helper functions event = lambda user, project: dict(pathParameters=dict( user=user, project=project), ) response = lambda user, project, svp: create_response( 200, body=json.dumps( dict( single_voting_projects=svp, votes=get_expected_votes_data(user, project), )), ) # Good case #1 (with svp) get_user_mock.return_value = dict(is_public=True, single_voting_projects=["project_a"]) self.assertEqual( response("user_1", "project_a", ["project_a"]), get_votes_for_project(event("user_1", "project_a"), None), ) # Good case #2 (without svp) get_user_mock.return_value = dict(is_public=True, single_voting_projects=[]) self.assertEqual( response("user_1", "project_b", []), get_votes_for_project(event("user_1", "project_b"), None), ) # Invalid project self.assertEqual( response("user_1", "project_X", []), get_votes_for_project(event("user_1", "project_X"), None), ) # Invalid user get_user_mock.return_value = None self.assertEqual( create_response(400, "GET", "Invalid user"), get_votes_for_project(event("user_X", "project_X"), None), )
def delete_vote(event, _): """ Delete a vote :param event: event :return: votes data as JSON """ user = event["pathParameters"]["user"].lower() project = event["pathParameters"]["project"].lower() topic = event["pathParameters"]["topic"].lower() # Check if we are changing the currently logged in user loggedin_user = get_logged_in_user(event) if user != loggedin_user: return create_response(400, "POST", "User not logged in correctly") vote = Vote() # Check if the topic exists if vote.get_vote_count(user, get_topic_key(project, topic)) > 0: vote.delete_vote(user, project, topic) return create_response(200, "POST") else: return create_response(400, "POST", "Topic doesn't exist")
def test_login_user(self, _, __): # Test successful login event_1 = dict(body="[email protected];password=test") response_1 = create_response( 200, "POST", body="user_1", additional_headers={ "Access-Control-Allow-Credentials": "true", "Set-Cookie": "user=user_1&signature=$2b$12$oGAaQWkNrjCWI0ugg8Go8uZ1ld2828dTeTk2cE/WZAO2yOB4aUxQm;SameSite=Strict;Path=/;Expires=Fri, 31 Jan 2020 01:23:34 GMT;HttpOnly", }, ) self.assertEqual(response_1, login_user(event_1, None)) # Test wrong user event_2 = dict(body="[email protected];password=test") response_2 = create_response(401, "POST") self.assertEqual(response_2, login_user(event_2, None)) # Test wrong password event_3 = dict(body="[email protected];password=wrongpassowrd") response_3 = create_response(401, "POST") self.assertEqual(response_3, login_user(event_3, None))
def test_get_user_data(self): # Positive case event_1 = dict( headers=dict( Cookie="user=user_1&signature=$2b$12$oGAaQWkNrjCWI0ugg8Go8uZ1ld2828dTeTk2cE/WZAO2yOB4aUxQm" ), ) response_1 = create_response(200, body=json.dumps(self.get_user_data("user_1"))) self.assertEqual(response_1, get_user_data(event_1, None)) # Wrong cookie event_2 = dict( headers=dict( Cookie="user=user_2&signature=$2b$12$oGAaQWkNrjCWI0ugg8Go8uZ1ld2828dTeTk2cE/WZAO2yOB4aUxQm" ), ) response_2 = create_response(200, body=json.dumps(dict())) self.assertEqual(response_2, get_user_data(event_2, None)) # No cookie event_3 = dict(headers=dict(),) response_3 = create_response(200, body=json.dumps(dict())) self.assertEqual(response_3, get_user_data(event_3, None))
def get_votes_for_user(event, _): """ Handle get votes request for a user :param event: event :return: votes data as JSON """ # Get all parameters username = event["pathParameters"]["user"] # Check if the user stats are public or the user is logged in user = User() user_data = user.get_user_by_username(username) if user_data and (user_data["is_public"] or username == get_logged_in_user(event)): vote = Vote() votes_data = vote.get_votes_for_user(username) result = dict( single_voting_projects=user_data.get("single_voting_projects"), votes=votes_data, ) return create_response(200, body=json.dumps(result)) else: return create_response(400, "GET", "Invalid user")
def logout_user(event, _): """ Logout a user by expiring the login cookie """ cookie = f"user=;SameSite=Strict;Path=/;Expires={get_cookie_date(datetime.now() - timedelta(days=1))};HttpOnly" return create_response( 302, "GET", "", { "Access-Control-Allow-Credentials": "true", "Set-Cookie": cookie, "Location": "/", }, )