def testRemoveOldGroups(self):
gf = GroupsFile(join(self.tempdir, 'groups1'),
availableGroups=['users', 'toberemoved'])
gf.setGroupsForUser(username='******',
groupnames=['users', 'toberemoved'])
gf.setGroupsForUser(username='******',
groupnames=['admin', 'users', 'toberemoved'])
gf = GroupsFile(join(self.tempdir, 'groups1'),
availableGroups=['users'])
usertest = BasicHtmlLoginForm.User('test')
userroot = BasicHtmlLoginForm.User('root')
gf.enrichUser(usertest)
gf.enrichUser(userroot)
self.assertEquals(set(['users', 'toberemoved']), usertest.groups())
self.assertEquals(set(['users', 'toberemoved', 'admin']),
userroot.groups())
self.assertEquals(set(['users', 'toberemoved', 'admin']),
gf.listGroups())
gf.convert(keepOnlyTheseGroups=set(['users']))
usertest = BasicHtmlLoginForm.User('test')
userroot = BasicHtmlLoginForm.User('root')
gf.enrichUser(usertest)
gf.enrichUser(userroot)
self.assertEquals(set(['users']), usertest.groups())
self.assertEquals(set(['users', 'admin']), userroot.groups())
self.assertEquals(set(['users', 'admin']), gf.listGroups())
def setUp(self):
super(UserGroupsFormTest, self).setUp()
self.groupsFile = GroupsFile(
filename=join(self.tempdir, 'groups'),
availableGroups=['admin', 'users', 'special', 'management'],
groupsForUserManagement=['management'],
defaultGroups=['users'])
self.userGroups = UserGroupsForm(action='/action')
self.userGroups.addObserver(self.groupsFile)
self.groupsFile.setGroupsForUser(username='******',
groupnames=['users'])
self.groupsFile.setGroupsForUser(username='******',
groupnames=['admin', 'users'])
self.groupsFile.setGroupsForUser(username='******',
groupnames=['management'])
self.otherManagerName = 'tim'
self.otherAdminName = 'johan'
self.groupsFile.setGroupsForUser(username=self.otherManagerName,
groupnames=['management'])
self.groupsFile.setGroupsForUser(username=self.otherAdminName,
groupnames=['admin'])
self.normalUser = BasicHtmlLoginForm.User('normal')
self.adminUser = BasicHtmlLoginForm.User('bob')
self.managementUser = BasicHtmlLoginForm.User('bill')
self.groupsFile.enrichUser(self.normalUser)
self.groupsFile.enrichUser(self.adminUser)
self.groupsFile.enrichUser(self.managementUser)
def setUp(self):
SeecrTestCase.setUp(self)
self.info = UserInfo(join(self.tempdir, 'users'))
self.form = UserInfoForm(action='/action')
self.form.addObserver(self.info)
self.info.addUserInfo('normal', fullname='Full Username')
self.adminUser = BasicHtmlLoginForm.User('admin')
self.normalUser = BasicHtmlLoginForm.User('normal')
def testCanEdit(self):
admin = BasicHtmlLoginForm.User('admin')
other = BasicHtmlLoginForm.User('other')
self.assertTrue(admin.canEdit('other'))
self.assertTrue(admin.canEdit(other))
self.assertTrue(other.canEdit('other'))
self.assertTrue(other.canEdit(other))
self.assertFalse(other.canEdit('admin'))
self.assertFalse(other.canEdit(admin))
def testChangePasswordMismatch(self):
Body = urlencode(dict(username='******', oldPassword='******', newPassword="******", retypedPassword="******", formUrl='/show/changepasswordform'))
session = {'user': BasicHtmlLoginForm.User('user')}
result = asString(self.form.handleRequest(path='/login/changepassword', Client=('127.0.0.1', 3451), Method='POST', Body=Body, session=session))
self.assertEquals({'username':'******', 'errorMessage': 'New passwords do not match'}, session['BasicHtmlLoginForm.formValues'])
self.assertEqualsWS("""HTTP/1.0 302 Found\r\nLocation: /show/changepasswordform\r\n\r\n""", result)
def testIsMember(self):
self.groups.setGroupsForUser('user1', ['users', 'management'])
class Group(object):
def __init__(self, name):
self.name = name
users = Group('users')
management = Group('management')
others = Group('others')
user1 = BasicHtmlLoginForm.User('user1')
self.groups.enrichUser(user1)
self.assertEquals(set(['users', 'management']), user1.groups())
self.assertTrue(user1.isMemberOf('users'))
self.assertTrue(user1.isMemberOf(users))
self.assertTrue(user1.isMemberOfAny('users'))
self.assertTrue(user1.isMemberOfAny(users))
self.assertFalse(user1.isMemberOf('others'))
self.assertFalse(user1.isMemberOf(others))
self.assertFalse(user1.isMemberOfAny('others'))
self.assertFalse(user1.isMemberOfAny(others))
self.assertTrue(user1.isMemberOf('users', 'management'))
self.assertTrue(user1.isMemberOf(users, management))
self.assertTrue(user1.isMemberOfAny('users', 'management'))
self.assertTrue(user1.isMemberOfAny(users, management))
self.assertFalse(user1.isMemberOf('users', 'others'))
self.assertFalse(user1.isMemberOf(users, others))
self.assertTrue(user1.isMemberOfAny('users', 'others'))
self.assertTrue(user1.isMemberOfAny(users, others))
self.assertRaises(ValueError, lambda: user1.isMemberOf())
self.assertRaises(ValueError, lambda: user1.isMemberOfAny())
def testNewUserWithoutRights(self):
session = {'user': BasicHtmlLoginForm.User('auser')}
pf = PasswordFile(join(self.tempdir, 'passwd'))
self.form.addObserver(pf)
Body = urlencode(dict(username='******', password='******', retypedPassword='******', formUrl='/page/newUser', returnUrl='/return'))
result = asString(self.form.handleRequest(path='/action/newUser', Client=('127.0.0.1', 3451), Method='POST', Body=Body, session=session))
header, body = result.split(CRLF*2)
self.assertEquals(['admin'], pf.listUsernames())
self.assertTrue('401' in header)
def testAddUserToGroup(self):
user = BasicHtmlLoginForm.User('username')
self.groups.enrichUser(user)
self.assertEquals(set(), user.groups())
self.groups.setGroupsForUser(username='******', groupnames=['admin'])
self.assertEquals(set(['admin']), user.groups())
self.groups.setGroupsForUser(username='******',
groupnames=['admin', 'users'])
self.assertEquals(set(['admin', 'users']), user.groups())
def testChangePassword(self):
observer = CallTrace()
self.form.addObserver(observer)
observer.returnValues['validateUser'] = True
Body = urlencode(dict( username='******', oldPassword='******', newPassword="******", retypedPassword="******", formUrl='/show/changepasswordform', returnUrl='/home'))
session = {'user': BasicHtmlLoginForm.User('user')}
result = asString(self.form.handleRequest(path='/login/changepassword', Client=('127.0.0.1', 3451), Method='POST', Body=Body, session=session))
self.assertEquals(['validateUser', 'setPassword'], [m.name for m in observer.calledMethods])
self.assertEquals("HTTP/1.0 302 Found\r\nLocation: /home\r\n\r\n", result)
def testChangePasswordWrongOld(self):
observer = CallTrace()
self.form.addObserver(observer)
observer.returnValues['validateUser'] = False
Body = urlencode(dict(username='******', oldPassword='******', newPassword="******", retypedPassword="******", formUrl='/show/changepasswordform'))
session = {'user': BasicHtmlLoginForm.User('user')}
result = asString(self.form.handleRequest(path='/login/changepassword', Client=('127.0.0.1', 3451), Method='POST', Body=Body, session=session))
self.assertEquals({'username':'******', 'errorMessage': 'Username and password do not match'}, session['BasicHtmlLoginForm.formValues'])
self.assertEquals("HTTP/1.0 302 Found\r\nLocation: /show/changepasswordform\r\n\r\n", result)
def testIsAdmin(self):
user = BasicHtmlLoginForm.User('username')
self.groups.enrichUser(user)
self.assertFalse(user.isAdmin())
self.groups.setGroupsForUser(username='******',
groupnames=['admin', 'users'])
self.assertTrue(user.isAdmin())
self.groups.setGroupsForUser(username='******', groupnames=['users'])
self.assertFalse(user.isAdmin())
self.groups.setGroupsForUser(username='******',
groupnames=['users', 'management'])
self.assertFalse(user.isAdmin())
def testDeleteUserAsAdmin(self):
observer = CallTrace(returnValues={'hasUser': True})
self.form.addObserver(observer)
result = asString(self.form.handleRequest(
path='/login/remove',
Client=('127.0.0.1', 3451),
Method='POST',
Body=urlencode(dict(username='******', formUrl='/show/userlist')),
session={'user': BasicHtmlLoginForm.User('admin')}))
self.assertEquals(['hasUser', 'enrichUser', 'removeUser', 'removeCookies', 'removeCookies'], [m.name for m in observer.calledMethods])
self.assertEquals("HTTP/1.0 302 Found\r\nLocation: /show/userlist\r\n\r\n", result)
def testDeleteNonExistingUser(self):
observer = CallTrace(returnValues={'hasUser': False}, )
self.form.addObserver(observer)
session = {'user': BasicHtmlLoginForm.User('admin')}
result = asString(self.form.handleRequest(
path='/login/remove',
Client=('127.0.0.1', 3451),
Method='POST',
Body=urlencode(dict(username='******', formUrl='/show/userlist')),
session=session))
self.assertEquals(['hasUser'], [m.name for m in observer.calledMethods])
self.assertEquals('HTTP/1.0 401 Unauthorized\r\nContent-Type: text/plain; charset=utf-8\r\n\r\nUnauthorized access.', result)
def testBroadcastAddUserToAllObservers(self):
values = []
dna = be(
(Observable(),
(BasicHtmlLoginForm(action="/action", loginPath="/"),
(CallTrace(methods={'addUser': lambda *args, **kwargs: values.append(("1st", args, kwargs))}),),
(CallTrace(methods={'addUser': lambda *args, **kwargs: values.append(("2nd", args, kwargs))}),),
(CallTrace(methods={'addUser': lambda *args, **kwargs: values.append(("3rd", args, kwargs))}),),
)
)
)
asString(dna.all.handleNewUser(session={'user': BasicHtmlLoginForm.User('admin')}, Body=urlencode(dict(password="******", retypedPassword="******", username='******'))))
self.assertEquals(3, len(values))
def testCanEdit(self):
self.groups.setGroupsForUser('admin1', ['admin'])
self.groups.setGroupsForUser('admin2', ['admin'])
self.groups.setGroupsForUser('manager1', ['management'])
self.groups.setGroupsForUser('manager2', ['management'])
self.groups.setGroupsForUser('user1', ['users'])
self.groups.setGroupsForUser('user2', ['users'])
admin1 = BasicHtmlLoginForm.User('admin1')
manager1 = BasicHtmlLoginForm.User('manager1')
user1 = BasicHtmlLoginForm.User('user1')
self.groups.enrichUser(admin1)
self.groups.enrichUser(manager1)
self.groups.enrichUser(user1)
self.assertTrue(admin1.canEdit()) #any user
self.assertTrue(admin1.canEdit('admin1'))
self.assertTrue(admin1.canEdit(admin1))
self.assertTrue(admin1.canEdit('manager1'))
self.assertTrue(admin1.canEdit(manager1))
self.assertTrue(admin1.canEdit('admin2'))
self.assertTrue(admin1.canEdit('user1'))
self.assertTrue(admin1.canEdit(user1))
self.assertTrue(admin1.canEdit('unexisting'))
self.assertTrue(manager1.canEdit())
self.assertTrue(manager1.canEdit('manager1'))
self.assertTrue(manager1.canEdit(manager1))
self.assertTrue(manager1.canEdit('manager2'))
self.assertFalse(manager1.canEdit('admin1'))
self.assertFalse(manager1.canEdit(admin1))
self.assertTrue(manager1.canEdit('user1'))
self.assertTrue(manager1.canEdit('unexisting'))
self.assertFalse(user1.canEdit())
self.assertTrue(user1.canEdit('user1'))
self.assertFalse(user1.canEdit('manager1'))
self.assertFalse(user1.canEdit('admin1'))
self.assertFalse(user1.canEdit('user2'))
self.assertFalse(user1.canEdit('unexisting'))
def testNewUserWithPOSTFailsDifferentPasswords(self):
pf = PasswordFile(join(self.tempdir, 'passwd'))
self.form.addObserver(pf)
pf.addUser('existing', 'password')
Body = urlencode(dict(username='******', password='******', retypedPassword='******', formUrl='/page/newUser', returnUrl='/return'))
session = {'user': BasicHtmlLoginForm.User('admin')}
result = asString(self.form.handleRequest(path='/action/newUser', Client=('127.0.0.1', 3451), Method='POST', Body=Body, session=session))
header, body = result.split(CRLF*2)
self.assertTrue('302' in header)
self.assertTrue('Location: /page/newUser' in header)
self.assertEquals(set(['existing', 'admin']), set(pf.listUsernames()))
self.assertEquals({'errorMessage':'Passwords do not match', 'username':'******'}, session['BasicHtmlLoginForm.newUserFormValues'])
def testNewEmptyPassword(self):
pf = PasswordFile(join(self.tempdir, 'passwd'))
self.form.addObserver(pf)
pf.addUser('existing', 'password')
Body = urlencode(dict(username='******', oldPassword='******', newPassword='', retypedPassword='', formUrl='/page/newUser', returnUrl='/return'))
session = {'user': BasicHtmlLoginForm.User('admin')}
result = asString(self.form.handleRequest(path='/action/changepassword', Client=('127.0.0.1', 3451), Method='POST', Body=Body, session=session))
header, body = result.split(CRLF*2)
self.assertTrue('302' in header)
self.assertTrue('Location: /page/newUser' in header)
self.assertEquals(set(['existing', 'admin']), set(pf.listUsernames()))
self.assertTrue(pf.validateUser('existing', 'password'))
self.assertEquals({'errorMessage':'New password is invalid.', 'username':'******'}, session['BasicHtmlLoginForm.formValues'])
def testAdminCanChangeOtherAdmins(self):
otherAdminUser = BasicHtmlLoginForm.User('johan')
self.groupsFile.enrichUser(otherAdminUser)
Body = urlencode(
{
'username': [otherAdminUser.name],
'groupname': ['special'],
'formUrl': ['/useraccount']
},
doseq=True)
session = {'user': self.adminUser}
result = asString(
self.userGroups.handleRequest(Method='POST',
path='/action/updateGroupsForUser',
session=session,
Body=Body))
self.assertEquals(
'HTTP/1.0 302 Found\r\nLocation: /useraccount\r\n\r\n', result)
self.assertEquals(set(['special']), otherAdminUser.groups())
def testNewUserWithPOSTsucceeds(self):
pf = PasswordFile(join(self.tempdir, 'passwd'))
self.form.addObserver(pf)
observer = CallTrace()
self.form.addObserver(observer)
pf.addUser('existing', 'password')
Body = urlencode(dict(username='******', password='******', retypedPassword='******', formUrl='/page/newUser', returnUrl='/return'))
session = {'user': BasicHtmlLoginForm.User('admin')}
result = asString(self.form.handleRequest(path='/action/newUser', Client=('127.0.0.1', 3451), Method='POST', Body=Body, session=session))
header, body = result.split(CRLF*2)
self.assertTrue('302' in header)
self.assertTrue('Location: /return' in header)
self.assertEquals(set(['existing', 'newuser', 'admin']), set(pf.listUsernames()))
self.assertTrue(pf.validateUser('newuser', 'secret'))
self.assertEquals('Added user "newuser"', session['BasicHtmlLoginForm.newUserFormValues']['successMessage'])
self.assertEqual(['addUser', 'handleNewUser'], observer.calledMethodNames())
self.assertEqual({'username': '******', 'password': '******'}, observer.calledMethods[0].kwargs)
self.assertEqual({'Body': 'username=newuser&formUrl=%2Fpage%2FnewUser&password=secret&returnUrl=%2Freturn&retypedPassword=secret', 'username': '******'}, observer.calledMethods[1].kwargs)
def testNewUserFormEN(self):
session = {
'user': BasicHtmlLoginForm.User('username'),
'BasicHtmlLoginForm.newUserFormValues': {'errorMessage': 'BAD BOY'},
}
result = asString(self.form.newUserForm(session=session, path='/page/login2', returnUrl='/return'))
self.assertEqualsWS("""<div id="login-new-user-form">
<p class="error">BAD BOY</p>
<form method="POST" name="newUser" action="/action/newUser">
<input type="hidden" name="formUrl" value="/page/login2"/>
<input type="hidden" name="returnUrl" value="/return"/>
<dl>
<dt>Username</dt>
<dd><input type="text" name="username" value=""/></dd>
<dt>Password</dt>
<dd><input type="password" name="password"/></dd>
<dt>Retype password</dt>
<dd><input type="password" name="retypedPassword"/></dd>
<dd class="submit"><input type="submit" value="Create"/></dd>
</dl>
</form>
</div>""", result)
def testShowChangePasswordFormForSpecifiedUser(self):
session = {
'user': BasicHtmlLoginForm.User('username'),
'BasicHtmlLoginForm.formValues': {'errorMessage': 'BAD BOY'},
}
result = asString(self.form.changePasswordForm(session=session, path='/show/changepasswordform', lang="nl", arguments=dict(user=['myuser']), user='******', onlyNewPassword=True))
self.assertEqualsWS("""<div id="login-change-password-form">
<p class="error">BAD BOY</p>
<form method="POST" name="changePassword" action="/action/changepassword">
<input type="hidden" name="formUrl" value="/show/changepasswordform?user=myuser"/>
<input type="hidden" name="returnUrl" value="/show/changepasswordform"/>
<input type="hidden" name="username" value="myuser"/>
<dl>
<dt>Nieuw wachtwoord</dt>
<dd><input type="password" name="newPassword"/></dd>
<dt>Herhaal nieuw wachtwoord</dt>
<dd><input type="password" name="retypedPassword"/></dd>
<dd class="submit"><input type="submit" value="Aanpassen"/></dd>
</dl>
</form>
</div>""", result)
def testShowChangePasswordFormEn(self):
session = {
'user': BasicHtmlLoginForm.User('username'),
'BasicHtmlLoginForm.formValues': {'errorMessage': 'BAD BOY'},
}
result = asString(self.form.changePasswordForm(session=session, path='/show/changepasswordform', arguments={}))
self.assertEqualsWS("""<div id="login-change-password-form">
<p class="error">BAD BOY</p>
<form method="POST" name="changePassword" action="/action/changepassword">
<input type="hidden" name="formUrl" value="/show/changepasswordform"/>
<input type="hidden" name="returnUrl" value="/show/changepasswordform"/>
<input type="hidden" name="username" value="username"/>
<dl>
<dt>Old password</dt>
<dd><input type="password" name="oldPassword"/></dd>
<dt>New password</dt>
<dd><input type="password" name="newPassword"/></dd>
<dt>Retype new password</dt>
<dd><input type="password" name="retypedPassword"/></dd>
<dd class="submit"><input type="submit" value="Change"/></dd>
</dl>
</form>
</div>""", result)
def testUserNoGroups(self):
user = BasicHtmlLoginForm.User('username')
self.groups.enrichUser(user)
self.assertEquals(set(), user.groups())