def test_get_user(self):
user = add_user(self.session,
role=UserRole,
email='*****@*****.**',
firstname='User')
user2 = add_user(self.session,
role=UserRole,
email='*****@*****.**',
firstname='User')
admin = add_user(self.session,
role=Administrator,
email='*****@*****.**',
firstname='Admin')
req = dummy_request(self.session)
req.matchdict = {}
with self.assertRaises(exc.HTTPBadRequest):
get_user_view(req)
req.matchdict['id'] = user.id
self.config.testing_securitypolicy(userid=user2.id, permissive=True)
with self.assertRaises(exc.HTTPForbidden):
get_user_view(req)
self.config.testing_securitypolicy(userid=admin.id, permissive=True)
req.matchdict['id'] = 100
with self.assertRaises(exc.HTTPNotFound):
get_user_view(req)
req.matchdict['id'] = user.id
resp = get_user_view(req)
self.assertEqual(resp, user.as_dict())
def test_edit_collection(self):
user1 = add_user(self.session, role=User, email='*****@*****.**', firstname='User1')
user2 = add_user(self.session, role=User, email='*****@*****.**', firstname='User2')
collection = add_collection(self.session, 'Collection', 'Description', users=[user1])
self.assertEqual(collection.users[0], user1)
req = dummy_request(self.session)
req.matchdict = {}
with self.assertRaises(exc.HTTPBadRequest):
req.json_body = {}
edit_collection(req)
with self.assertRaises(exc.HTTPNotFound):
req.matchdict['id'] = 100
req.json_body = {'title': 'Edited title', 'description': 'Edited description', 'users': [user2.as_dict()]}
edit_collection(req)
with self.assertRaises(exc.HTTPBadRequest):
req.matchdict['id'] = collection.id
req.json_body = {'description': 'Description'}
edit_collection(req)
req.json_body = {'title': 'Edited title', 'description': 'Edited description', 'users': [user2.as_dict()]}
resp = edit_collection(req)
self.assertEqual(resp['title'], 'Edited title')
self.assertEqual(resp['users'][0], user2.as_dict())
def test_edit_dashboard_view(self):
collection = Collection(title='Title')
self.session.add(collection)
self.session.flush()
user = add_user(self.session)
dashboard = add_dashboard(self.session, title='Test title')
req = dummy_request(self.session)
with self.assertRaises(exc.HTTPBadRequest):
edit_dashboard_view(req)
req.matchdict = {'id': dashboard.id}
req.json_body = {
'title': 'Edit title',
'description': 'Description',
'collection_id': collection.id,
'type': 'new',
'content': '<h1>Hello world!</h1>',
'users': [user.as_dict()]
}
dashboard = edit_dashboard_view(req)
self.assertEqual(dashboard['title'], 'Edit title')
self.assertEqual(dashboard['description'], 'Description')
self.assertEqual(dashboard['type'], 'new')
self.assertEqual(dashboard['content'], '<h1>Hello world!</h1>')
self.assertEqual(dashboard['users'][0], user.as_dict())
def test_create_dashboard_in_collection(self):
collection = Collection(title='Title')
self.session.add(collection)
self.session.flush()
user = add_user(self.session)
req = dummy_request(self.session)
req.json_body = {
'title': 'Title',
'description': 'Description',
'collection_id': collection.id,
'users': [user.as_dict()]
}
resp = create_dashboard_view(req)
self.assertEqual(resp['title'], 'Title')
self.assertEqual(resp['collection_id'], collection.id)
self.assertEqual(resp['index'], 0)
self.assertEqual(resp['users'][0], user.as_dict())
req.json_body = {
'title': 'Title',
'description': 'Description',
'collection_id': collection.id
}
resp = create_dashboard_view(req)
self.assertEqual(resp['index'], 1)
def test_list_dashboards_view(self):
user = add_user(self.session)
self.config.testing_securitypolicy(userid=user.id, permissive=True)
add_dashboard(self.session, title='Dashboard 1')
add_dashboard(self.session, title='Dashboard 2')
add_dashboard(self.session, title='Dashboard 3', users=[user])
collection = Collection(title='Title')
self.session.add(collection)
self.session.flush()
add_dashboard(self.session,
title='Dashboard 4',
collection_id=collection.id)
add_dashboard(self.session,
title='Dashboard 5',
collection_id=collection.id,
users=[user])
req = dummy_request(self.session)
req.params = {}
dashboards = list_dashboards_view(req)
self.assertEqual(len(dashboards), 5)
req.params = {'collection_id': None}
dashboards = list_dashboards_view(req)
self.assertEqual(len(dashboards), 3)
req.params = {'collection_id': collection.id}
dashboards = list_dashboards_view(req)
self.assertEqual(len(dashboards), 2)
req.params = {'user_id': True}
dashboards = list_dashboards_view(req)
self.assertEqual(len(dashboards), 2)
def test_paste_dashboard_view(self):
collection = Collection(title='Collection 1')
self.session.add(collection)
self.session.flush()
collection_id = collection.id
collection2 = Collection(title='Collection 2')
self.session.add(collection2)
self.session.flush()
collection2_id = collection2.id
data_source = DataSource(name='Data source')
self.session.add(data_source)
self.session.flush()
user = add_user(self.session)
dashboard = add_dashboard(self.session,
title='Test title',
collection_id=collection.id,
users=[user])
dashboard_id = dashboard.id
self.session.add(
Variable(name='Variable', value='V', dashboard_id=dashboard.id))
self.session.add(
Chart(title='Chart',
data_source_id=data_source.id,
dashboard_id=dashboard.id))
self.session.add(
Chart(title='Chart',
data_source_id=data_source.id,
dashboard_id=dashboard.id))
self.session.add(
SingleStat(title='Single stat',
data_source_id=data_source.id,
dashboard_id=dashboard_id))
self.session.add(
Query(name="Query",
query="query",
dashboard_id=dashboard.id,
data_source_id=data_source.id))
self.session.flush()
req = dummy_request(self.session)
req.json_body = {}
with self.assertRaises(exc.HTTPBadRequest):
paste_dashboard_view(req)
req.matchdict = {'id': dashboard_id}
req.json_body = {'collection_id': collection_id}
dashboard = paste_dashboard_view(req)
self.assertEqual(dashboard['title'], 'Copy of Test title')
self.assertEqual(len(dashboard['variables']), 1)
req.matchdict = {'id': dashboard_id}
req.json_body = {'collection_id': collection2_id}
dashboard = paste_dashboard_view(req)
self.assertEqual(dashboard['title'], 'Test title')
dashboard = self.session.query(Dashboard).get(dashboard['id'])
self.assertEqual(dashboard.queries[0].name, "Query")
def test_create_collection(self):
admin = add_user(self.session, role=Administrator, firstname='Admin')
user1 = add_user(self.session, role=User, email='*****@*****.**', firstname='User1')
self.config.testing_securitypolicy(userid=admin.id, permissive=True)
req = dummy_request(self.session)
req.json_body = {}
with self.assertRaises(exc.HTTPBadRequest):
create_collection(req)
req.json_body = {'title': 'Collection',
'description': 'Description',
'users': [user1.as_dict()]}
collection = create_collection(req)
self.assertIsNotNone(collection['id'])
self.assertEqual(collection['title'], 'Collection')
self.assertEqual(len(collection['users']), 2)
def test_paste_collection(self):
user1 = add_user(self.session, role=User, email='*****@*****.**', firstname='User1')
user2 = add_user(self.session, role=User, email='*****@*****.**', firstname='User2')
collection = add_collection(self.session, 'Collection', 'Description', users=[user1, user2])
add_dashboard(self.session, 'Dash', 'Dashboard', collection_id=collection.id)
collection_id = collection.id
req = dummy_request(self.session)
req.json_body = {}
with self.assertRaises(exc.HTTPBadRequest):
paste_collection_view(req)
req.matchdict['id'] = collection_id
pasted = paste_collection_view(req)
self.assertEqual(pasted['title'], 'Copy of Collection')
self.assertEqual(len(pasted['users']), len(collection.users))
pasted = paste_collection_view(req)
self.assertEqual(pasted['title'], 'Copy of Collection (2)')
pasted = paste_collection_view(req)
self.assertEqual(pasted['title'], 'Copy of Collection (3)')
def test_get_collection(self):
user1 = add_user(self.session, role=User, email='*****@*****.**', firstname='User1')
user2 = add_user(self.session, role=User, email='*****@*****.**', firstname='User2')
collection = add_collection(self.session, 'Collection', 'Description', users=[user1, user2])
dash = add_dashboard(self.session, 'Dash', 'Dashboard', collection_id=collection.id)
req = dummy_request(self.session)
req.matchdict = {}
with self.assertRaises(exc.HTTPBadRequest):
get_collection_view(req)
with self.assertRaises(exc.HTTPNotFound):
req.matchdict['id'] = 100
get_collection_view(req)
req.matchdict['id'] = collection.id
resp = get_collection_view(req)
self.assertEqual(resp['id'], collection.id)
self.assertEqual(resp['title'], 'Collection')
self.assertEqual(resp['dashboards'][0], dash.as_dict())
def test_list_collections(self):
admin = add_user(self.session, role=Administrator, firstname='Admin')
user1 = add_user(self.session, role=User, email='*****@*****.**', firstname='User1')
user2 = add_user(self.session, role=User, email='*****@*****.**', firstname='User2')
user3 = add_user(self.session, role=User, email='*****@*****.**', firstname='User3')
ca = add_collection(self.session, 'Collection A', 'Weather stats', users=[user1, user2])
cada = add_dashboard(self.session, 'Dash CAA', 'Dashboard CAA', collection_id=ca.id)
cadb = add_dashboard(self.session, 'Dash CAB', 'Dashboard CAB', collection_id=ca.id)
cb = add_collection(self.session, 'Collection B', 'Temperature stats', users=[user3])
cbda = add_dashboard(self.session, 'Dash CBA', 'Dashboard CBA', collection_id=cb.id)
cbdb = add_dashboard(self.session, 'Dash CBB', 'Dashboard CBB', collection_id=cb.id)
req = dummy_request(self.session)
req.params = {}
self.config.testing_securitypolicy(userid=admin.id, permissive=True)
lst = list_collections(req)
self.assertEqual(lst, [ca.as_dict(), cb.as_dict()])
self.config.testing_securitypolicy(userid=user1.id, permissive=True)
lst = list_collections(req)
self.assertEqual(lst, [ca.as_dict()])
self.config.testing_securitypolicy(userid=user2.id, permissive=True)
lst = list_collections(req)
self.assertEqual(lst, [ca.as_dict()])
self.config.testing_securitypolicy(userid=user3.id, permissive=True)
lst = list_collections(req)
self.assertEqual(lst, [cb.as_dict()])
req.params = {'list_dashboards': True}
lst = list_collections(req)
collection = cb.as_dict()
collection['dashboards'] = [cbda.as_dict(), cbdb.as_dict()]
self.assertEqual(lst, [collection])
def test_delete_user(self):
user = add_user(self.session,
role=UserRole,
email='*****@*****.**',
firstname='User')
req = dummy_request(self.session)
req.matchdict = {}
with self.assertRaises(exc.HTTPBadRequest):
delete_user(req)
req.matchdict['id'] = 100
with self.assertRaises(exc.HTTPNotFound):
delete_user(req)
req.matchdict['id'] = user.id
delete_user(req)
with self.assertRaises(exc.HTTPNotFound):
delete_user(req)
def test_add_collection(self):
""" Test add a collection """
dashboard = add_dashboard(self.session, 'Dashboard')
user = add_user(self.session)
collection = Collection(title="Collection", description="Description")
collection.dashboards.append(dashboard)
collection.users.append(user)
self.session.add(collection)
self.session.flush()
collection_id = collection.id
collection = self.session.query(Collection).get(collection_id)
self.assertIsNotNone(collection.id)
self.assertEqual(collection.title, 'Collection')
self.assertEqual(collection.description, 'Description')
self.assertEqual(collection.dashboards[0], dashboard)
self.assertEqual(collection.users[0], user)
self.assertEqual(
collection.__repr__(),
'Collection<id: %s, title: "Collection">' % collection_id)
def test_as_dict(self):
""" Test as_dict method """
user = add_user(self.session)
collection = Collection(title="Collection", description="Description")
collection.users.append(user)
self.session.add(collection)
self.session.flush()
collection_id = collection.id
collection = self.session.query(Collection).get(collection_id)
self.assertEqual(
collection.as_dict(), {
'id': collection.id,
'title': "Collection",
'description': "Description",
'users': [
user.as_dict(),
],
'image': None
})
def test_set_new_password(self):
mock_otp()
add_roles_and_permissions(self.session)
req = dummy_request(self.session)
user = add_user(self.session)
req.json_body = {'application_url': '/'}
secrets = generate_and_send_otp(req, user)
otp = self.session.query(OTP).filter(OTP.user_id == user.id).first()
req.json_body = {
'user_id': user.id,
'password': '******',
'otp': otp.otp,
'secret': secrets.get('emailsecret'),
}
response = set_new_password(req)
user = get_user(user_id=response.get('id'))
self.assertTrue(user.validate_password('new_password'))
def test_list_users(self):
add_user(self.session,
role=UserRole,
email='*****@*****.**',
firstname='User')
add_user(self.session,
role=UserRole,
email='*****@*****.**',
firstname='User',
surname='Filter')
user = add_user(self.session,
role=UserRole,
email='*****@*****.**',
firstname='User3')
user.inactive = True
add_user(self.session, role=Administrator, firstname='Admin')
req = dummy_request(self.session)
users = list_users(req)
self.assertEqual(len(users), 4)
# TODO no concat function in sqlite
req.params = {'role': UserRole}
users = list_users(req)
self.assertEqual(len(users), 3)
req.params = {'name': 'User'}
users = list_users(req)
self.assertEqual(len(users), 3)
req.params = {'name': 'Admin'}
users = list_users(req)
self.assertEqual(len(users), 1)
req.params = {'search': 'Fil'}
users = list_users(req)
self.assertEqual(len(users), 1)
req.params = {'inactive': True}
users = list_users(req)
self.assertEqual(len(users), 1)
def test_edit_user(self):
""" Test edit a user """
user = add_user(self.session,
role='User',
firstname='Henry',
surname='Jones',
telephone='098111222',
address='1 Never road, Never Never Land',
password='******',
email='*****@*****.**')
user1 = add_user(self.session,
email='*****@*****.**',
telephone='00000')
self.session.add(user)
self.session.flush()
self.assertIsNotNone(user.id)
self.config.testing_securitypolicy(userid=user.id, permissive=True)
req = dummy_request(self.session)
req.matchdict = {}
req.json_body = {}
with self.assertRaises(exc.HTTPBadRequest):
edit_user(req)
req.matchdict = {'id': 100}
req.json_body = {
'firstname': 'Sarah',
'surname': 'Johnson',
'telephone': '021888000',
'address': '1 New road',
'password': '******',
# 'email': '*****@*****.**',
'role': 'Administrator'
}
with self.assertRaises(exc.HTTPNotFound):
edit_user(req)
req.matchdict = {'id': user.id}
with self.assertRaises(exc.HTTPBadRequest):
edit_user(req)
req.json_body = {
# 'firstname': 'Sarah',
# 'surname': 'Johnson',
'telephone': '021888000',
'address': '1 New road',
'password': '******',
'email': '*****@*****.**',
'role': 'Administrator'
}
with self.assertRaises(exc.HTTPBadRequest):
edit_user(req)
req.json_body = {
'firstname': 'Sarah',
'surname': 'Johnson',
'telephone': '021888000',
'address': '1 New road',
'password': '******',
'email': '*****@*****.**',
# 'role': 'Administrator'
}
with self.assertRaises(exc.HTTPBadRequest):
edit_user(req)
req.json_body = {
'firstname': 'Sarah',
'surname': 'Johnson',
'telephone': '00000',
'address': '1 New road',
'password': '******',
'email': '*****@*****.**',
'role': 'Administrator'
}
req.json_body = {
'firstname': 'Sarah',
'surname': 'Johnson',
'telephone': '00000',
'address': '1 New road',
'password': '******',
'email': '*****@*****.**',
'role': 'Administrator'
}
req.json_body = {
'firstname': 'Sarah',
'surname': 'Johnson',
'telephone': '021888000',
'address': '1 New road',
'password': '******',
'email': '*****@*****.**',
'role': 'Administrator'
}
with self.assertRaises(exc.HTTPBadRequest):
edit_user(req)
req.json_body = {
'firstname': 'Sarah',
'surname': 'Johnson',
'telephone': '021888000',
'address': '1 New road',
'password': '******',
'email': '*****@*****.**',
'role': 'Administrator'
}
edit_user(req)
self.assertEqual(user.firstname, req.json_body['firstname'])
self.assertEqual(user.surname, req.json_body['surname'])
self.assertEqual(user.telephone, req.json_body['telephone'])
self.assertEqual(user.email, req.json_body['email'])
self.assertEqual(user.address, req.json_body['address'])
self.assertEqual(user.roles[0].name, req.json_body['role'])
self.assertTrue(user.validate_password(req.json_body['password']))
def test_user_login(self):
mock_otp()
user = add_user(self.session, email='*****@*****.**', password='******')
user2 = add_user(self.session, email='*****@*****.**', telephone='02188911', password='******')
req = dummy_request(self.session)
req.method = 'POST'
with self.assertRaises(exc.HTTPBadRequest):
req.json_body = {}
login(req)
# Attempt to login to account with no password set
with self.assertRaises(exc.HTTPBadRequest):
req.json_body = {
'email': user2.email,
'application_url': '/'
}
login(req)
# Attempt successful login
req.json_body = {
'email': user2.email,
'password': '******'
}
response = login(req)
self.assertIsNotNone(response.get('access_token'))
# Check that log in with email is case insensitive
req.json_body = {
'email': user2.email.upper(),
'password': '******'
}
response = login(req)
self.assertIsNotNone(response.get('access_token'))
# Attempt to login to invalid account
user3 = add_user(self.session, email='*****@*****.**', password='******', confirmed_registration=False)
req.json_body = {
'email': user3.email,
'application_url': '/'
}
response = login(req)
self.assertEqual(response.get('message'),
'You have not yet confirmed your account. Please check your email for further instructions.')
# Validate account
otp = self.session.query(OTP).filter(OTP.user_id == user3.id).first()
req.json_body = {'otp': otp.otp, 'secret': response.get('secrets').get('emailsecret')}
response = confirm_otp_registration(req)
self.assertIsNotNone(response.get('id'))
user3 = get_user(user_id=response.get('id'))
self.assertEqual(user3.confirmed_registration, True)
# Attempt missing password login
req.json_body = {
'email': user.email,
'password': ''
}
with self.assertRaises(exc.HTTPBadRequest):
login(req)
# Attempt wrong password login
req.json_body = {
'email': user.email,
'password': '******'
}
with self.assertRaises(exc.HTTPBadRequest):
login(req)
# Attempt successful login
req.json_body = {
'email': user.email,
'password': '******'
}
response = login(req)
self.assertEqual(response.get('id'), user.id)
self.assertEqual(response.get('firstname'), user.firstname)
self.assertEqual(response.get('surname'), user.surname)
# Attempt login with case insensitive email
req.json_body = {
'email': '*****@*****.**',
'password': '******'
}
response = login(req)
self.assertEqual(response.get('id'), user.id)
def test_has_role(self):
admin = add_user(self.session, Administrator)
self.assertTrue(admin.has_role(Administrator))
self.assertFalse(admin.has_role(User))