def college_info(collegeid):
ah = AuthHelper(request)
c = College(collegeid)
if ah.auth_will_succeed and c in ah.user.colleges or ah.user.is_blueshirt:
response = {}
response["name"] = c.name
response["teams"] = [t.name for t in c.teams]
au = ah.user
if c in au.colleges:
response["users"] = [
m.username for m in c.users if au.can_administrate(m)
]
return json.dumps(response), 200
else:
return ah.auth_error_json, 403
def user_details(userid):
ah = AuthHelper(request)
if not (ah.auth_will_succeed and ah.user.can_view(userid)):
return ah.auth_error_json, 403
user = User.create_user(userid)
details = user.details_dictionary_for(ah.user)
if 'email' in details:
"""Then the requesting user can view the emails -- also tell them
about any pending changes."""
email_change_rq = PendingEmail(user.username)
if email_change_rq.in_db:
new_email = email_change_rq.new_email
if new_email != details['email']:
details['new_email'] = new_email
return json.dumps(details), 200
def set_user_details(userid):
ah = AuthHelper(request)
if not (ah.auth_will_succeed and ah.user.can_administrate(userid)):
return ah.auth_error_json, 403
user_to_update = User.create_user(userid)
if request.form.has_key("new_email") and not ah.user.is_blueshirt:
new_email = request.form["new_email"]
request_new_email(user_to_update, new_email)
# Students aren't allowed to update their own names
# at this point, if the ah.user is valid, we know it's a self-edit
if request.form.has_key(
"new_first_name"
) and not ah.user.is_student and request.form["new_first_name"] != '':
user_to_update.set_first_name(request.form["new_first_name"])
if request.form.has_key(
"new_last_name"
) and not ah.user.is_student and request.form["new_last_name"] != '':
user_to_update.set_last_name(request.form["new_last_name"])
if request.form.has_key("new_team"):
team = request.form["new_team"]
if (not user_to_update.is_blueshirt) and ah.user.manages_team(team):
user_to_update.set_team(team)
if request.form.has_key(
"new_type") and ah.user.is_teacher and user_to_update != ah.user:
if request.form["new_type"] == 'student':
user_to_update.make_student()
elif request.form["new_type"] == 'team-leader':
user_to_update.make_teacher()
if request.form.has_key("withdrawn") and request.form['withdrawn'] == 'true' \
and ah.user.can_withdraw(user_to_update):
user_to_update.withdraw()
user_to_update.save()
# Do this separately and last because it makes an immediate change
# to the underlying database, rather than waiting for save().
if request.form.has_key("new_password"):
user_to_update.set_password(request.form["new_password"])
return '{}', 200
def colleges():
ah = AuthHelper(request)
if ah.auth_will_succeed and ah.user.is_blueshirt:
return json.dumps({"colleges": College.all_college_names()})
else:
return ah.auth_error_json, 403
def wrapper(*args, **kwargs):
ah = AuthHelper(request)
if not ah.auth_will_succeed:
return ah.auth_error_json, 403
return func(ah.user, *args, **kwargs)
def test_authhelper_will_succeed_all_right():
x = AuthHelper(FakeRequest("blueshirt", "blueshirt"))
assert x.auth_will_succeed
def test_authhelper_will_succeed_wrong_password():
x = AuthHelper(FakeRequest("blueshirt", "bees"))
assert not x.auth_will_succeed
def test_authhelper_produces_correct_user_from_wrong_case():
x = AuthHelper(FakeRequest("Student_Coll1_1", "cows"))
assert x.user.username == "student_coll1_1"
def test_authhelper_produces_null_user():
x = AuthHelper(FakeRequest("owiefjwqoi", "blueshirt"))
assert not x.user.is_blueshirt
def test_authhelper_produces_correct_user():
x = AuthHelper(FakeRequest("blueshirt", "blueshirt"))
assert x.user.is_blueshirt
def test_authhelper_finds_right_password():
x = AuthHelper(FakeRequest("student_coll1_1", "cows"))
assert x.password_correct
def test_authhelper_finds_wrong_password():
x = AuthHelper(FakeRequest("student_coll1_1", "wrong_password"))
assert not x.password_correct
def test_authhelper_finds_valid_users():
x = AuthHelper(FakeRequest("student_coll1_1", "wrong_password"))
assert x.user_exists
def test_authhelper_finds_invalid_users():
x = AuthHelper(FakeRequest("wrong_user", "wrong_password"))
assert not x.user_exists
def test_authhelper_will_succeed_no_form():
x = AuthHelper(FakeRequest())
assert not x.auth_will_succeed
def register_user():
ah = AuthHelper(request)
if not ah.auth_will_succeed:
return ah.auth_error_json, 403
requesting_user = ah.user
if not requesting_user.can_register_users:
return json.dumps({"error": "YOU_CANT_REGISTER_USERS"}), 403
teacher_username = requesting_user.username
college_group = request.form["college"].strip()
first_name = request.form["first_name"].strip()
last_name = request.form["last_name"].strip()
email = request.form["email"].strip()
team = request.form["team"].strip()
if College(college_group) not in requesting_user.colleges:
return json.dumps({"error": "BAD_COLLEGE"}), 403
if team not in [t.name for t in College(college_group).teams]:
return json.dumps({"error": "BAD_TEAM"}), 403
if not helpers.is_email_valid(email):
return json.dumps({"error": "BAD_EMAIL"}), 403
if not helpers.is_name_valid(first_name):
return json.dumps({"error": "BAD_FIRST_NAME"}), 403
if not helpers.is_name_valid(last_name):
return json.dumps({"error": "BAD_LAST_NAME"}), 403
if User.name_used(first_name, last_name) or helpers.email_used(email):
return json.dumps({"error": "DETAILS_ALREADY_USED"}), 403
u = User.create_new_user(requesting_user, college_group, first_name,
last_name)
verify_code = helpers.create_verify_code(u.username, email)
pu = PendingUser(u.username)
pu.teacher_username = teacher_username
pu.college = college_group
pu.email = email
pu.team = team
pu.verify_code = verify_code
pu.save()
log_action('registering user', pu)
url = url_for('activate_account',
username=u.username,
code=verify_code,
_external=True)
pu.send_welcome_email(first_name, url)
rqu_email_vars = {
'name': requesting_user.first_name,
'pu_first_name': first_name,
'pu_last_name': last_name,
'pu_username': pu.username,
'pu_college': College(pu.college).name,
'pu_email': pu.email,
'pu_team': pu.team
}
mailer.email_template(requesting_user.email, 'user_requested',
rqu_email_vars)
return "{}", 202
def test_authhelper_finds_right_password_wrong_case_username():
x = AuthHelper(FakeRequest("Student_Coll1_1", "cows"))
assert x.password_correct