def user_activation(request, code, template_name="users/user_activation.html"): try: activation = UserActivationCode.objects.get(code=code) active = activation.is_active() except UserActivationCode.DoesNotExist: activation = active = False if active: user = activation.user user.is_active = True user.save() try: consumer = Consumer.objects.get(user=user) except Consumer.DoesNotExist: consumer = Consumer(name=user.username, user=user, status='accepted') consumer.generate_random_codes() consumer.save() try: token = Token.objects.get(user=user, consumer=consumer) except Token.DoesNotExist: token = Token(user=user, consumer=consumer, is_approved=True, timestamp=time.time(), token_type=Token.ACCESS) token.generate_random_codes() token.save() extra_context = { 'active': active, 'activation': activation } return direct_to_template(request, template_name, extra_context=extra_context)
def test_failed_user_lookup(self): partner = UserProfile.objects.get(email="*****@*****.**") c = Consumer(name="p", status="accepted", user=partner) c.generate_random_codes() c.save() r = oclient.get("api.user", c, None, params={"email": "*****@*****.**"}) eq_(r.status_code, 404)
def handle(self, *args, **options): from django.contrib.auth.models import User from piston.models import Consumer app = Consumer(status = 'accepted') username = raw_input('Username of the app\'s owner: ') while not username: username = raw_input('Username of the app\'s owner (required): ') try: app.user = User.objects.get(username = username) except User.DoesNotExist: raise CommandError('User %s not found' % username) name = raw_input('App name: ') while not name: name = raw_input('App name (required): ') app.name = name app.description = raw_input('App description (optional): ') app.generate_random_codes() app.save() print '\nApplication name: %s\nApplication creator: %s\nAPI key: %s\nAPI secret: %s' % ( app.name, app.user.get_full_name() or app.user.username, app.key, app.secret )
def test_user_lookup(self): partner = UserProfile.objects.get(email="*****@*****.**") c = Consumer(name="p", status="accepted", user=partner) c.generate_random_codes() c.save() r = oclient.get("api.user", c, None, params={"email": "*****@*****.**"}) eq_(r.status_code, 200) eq_(json.loads(r.content)["email"], "*****@*****.**")
def test_failed_user_lookup(self): partner = UserProfile.objects.get(email='*****@*****.**') c = Consumer(name='p', status='accepted', user=partner) c.generate_random_codes() c.save() r = oclient.get('api.user', c, None, params={'email': '*****@*****.**'}) eq_(r.status_code, 404)
class ConsumerTest(TestCase): fixtures = ['models.json'] def setUp(self): self.consumer = Consumer() self.consumer.name = "Piston Test Consumer" self.consumer.description = "A test consumer for Piston." self.consumer.user = User.objects.get(pk=3) self.consumer.generate_random_codes() def _pre_test_email(self): template = "piston/mails/consumer_%s.txt" % self.consumer.status try: loader.render_to_string(template, { 'consumer': self.consumer, 'user': self.consumer.user }) return True except TemplateDoesNotExist: """ They haven't set up the templates, which means they might not want these emails sent. """ return False def test_create_pending(self): """ Ensure creating a pending Consumer sends proper emails """ # Verify if the emails can be sent if not self._pre_test_email(): return # If it's pending we should have two messages in the outbox; one # to the consumer and one to the site admins. if len(settings.ADMINS): self.assertEquals(len(mail.outbox), 2) else: self.assertEquals(len(mail.outbox), 1) expected = "Your API Consumer for example.com is awaiting approval." self.assertEquals(mail.outbox[0].subject, expected) def test_delete_consumer(self): """ Ensure deleting a Consumer sends a cancel email """ # Clear out the outbox before we test for the cancel email. mail.outbox = [] # Delete the consumer, which should fire off the cancel email. self.consumer.delete() # Verify if the emails can be sent if not self._pre_test_email(): return self.assertEquals(len(mail.outbox), 1) expected = "Your API Consumer for example.com has been canceled." self.assertEquals(mail.outbox[0].subject, expected)
def test_user_lookup(self): partner = UserProfile.objects.get(email='*****@*****.**') c = Consumer(name='p', status='accepted', user=partner) c.generate_random_codes() c.save() r = oclient.get('api.user', c, None, params={'email': '*****@*****.**'}) eq_(r.status_code, 200) eq_(json.loads(r.content)['email'], '*****@*****.**')
def setUp(self): consumers = [] for status in ("accepted", "pending", "canceled"): c = Consumer(name="a", status=status) c.generate_random_codes() c.save() consumers.append(c) self.accepted_consumer = consumers[0] self.pending_consumer = consumers[1] self.canceled_consumer = consumers[2]
def setUp(self): consumers = [] for status in ('accepted', 'pending', 'canceled', ): c = Consumer(name='a', status=status) c.generate_random_codes() c.save() consumers.append(c) self.accepted_consumer = consumers[0] self.pending_consumer = consumers[1] self.canceled_consumer = consumers[2]
def setUp(self): self.user = User.objects.get(pk=2519) for status in ("accepted", "pending", "canceled"): c = Consumer(name="a", status=status, user=self.user) c.generate_random_codes() c.save() setattr(self, "%s_consumer" % status, c) self.client = OAuthClient(self.accepted_consumer)
def setUp(self): self.user = User.objects.get(pk=2519) for status in ('accepted', 'pending', 'canceled', ): c = Consumer(name='a', status=status, user=self.user) c.generate_random_codes() c.save() setattr(self, '%s_consumer' % status, c) self.client = OAuthClient(self.accepted_consumer)
def setUp(self): self.user = User.objects.get(pk=2519) self.user.get_profile().update(read_dev_agreement=datetime.now()) for status in ('accepted', 'pending', 'canceled', ): c = Consumer(name='a', status=status, user=self.user) c.generate_random_codes() c.save() setattr(self, '%s_consumer' % status, c) self.client = OAuthClient(self.accepted_consumer)
def setUp(self): self.editor = User.objects.get(email='*****@*****.**') self.admin = User.objects.get(email='*****@*****.**') consumers = [] for status in ('accepted', 'pending', 'canceled', ): c = Consumer(name='a', status=status, user=self.editor) c.generate_random_codes() c.save() consumers.append(c) self.accepted_consumer = consumers[0] self.pending_consumer = consumers[1] self.canceled_consumer = consumers[2] self.token = None
def setUp(self): self.editor = UserProfile.objects.get(email="*****@*****.**") self.admin = UserProfile.objects.get(email="*****@*****.**") consumers = [] for status in ("accepted", "pending", "canceled"): c = Consumer(name="a", status=status, user=self.editor) c.generate_random_codes() c.save() consumers.append(c) self.accepted_consumer = consumers[0] self.pending_consumer = consumers[1] self.canceled_consumer = consumers[2] self.token = None
def setUp(self): self.user = User.objects.get(pk=2519) for status in ( 'accepted', 'pending', 'canceled', ): c = Consumer(name='a', status=status, user=self.user) c.generate_random_codes() c.save() setattr(self, '%s_consumer' % status, c) self.client = OAuthClient(self.accepted_consumer)
class OAuthTests(APIMainTest): """ OAuthTest Does oauth handshake test and gives derived test classes tests the possibility to do OAuth resource requests. """ signature_method = oauth.OAuthSignatureMethod_HMAC_SHA1() def setUp(self): super(OAuthTests, self).setUp() self.consumer = Consumer(name='Test Consumer', description='Test', status='accepted') self.consumer.generate_random_codes() self.consumer.save() self.oa_atoken = None self.test_handshake() def tearDown(self): super(OAuthTests, self).tearDown() self.consumer.delete() def do_oauth_request(self, url , parameters = {} , http_method = 'POST' ): oaconsumer = oauth.OAuthConsumer(self.consumer.key, self.consumer.secret) request = oauth.OAuthRequest.from_consumer_and_token( oaconsumer, http_method=http_method, token=self.oa_atoken, http_url='http://testserver%s' % url ) request.parameters.update( parameters ) request.sign_request(self.signature_method, oaconsumer, self.oa_atoken ) if http_method == 'POST': response = self.client.post( url, request.parameters ) else : response = self.client.get( url, request.parameters ) return response def test_handshake(self): '''Test the OAuth handshake procedure ''' oaconsumer = oauth.OAuthConsumer(self.consumer.key, self.consumer.secret) # Get a request key... request = oauth.OAuthRequest.from_consumer_and_token(oaconsumer, http_url='http://testserver/oauth/request_token/' ) request.sign_request(self.signature_method, oaconsumer, None) response = self.client.get('/oauth/request_token/', request.parameters) oatoken = oauth.OAuthToken.from_string(response.content) token = Token.objects.get(key=oatoken.key, token_type=Token.REQUEST) self.assertEqual(token.secret, oatoken.secret) # Simulate user authentication... self.failUnless(self.client.login(username='******', password='******')) request = oauth.OAuthRequest.from_token_and_callback(token=oatoken, callback='http://printer.example.com/request_token_ready', http_url='http://testserver/oauth/authorize/') request.sign_request(self.signature_method, oaconsumer, oatoken) # Request the login page # TODO: Parse the response to make sure all the fields exist # response = self.client.get('/api/oauth/authorize', { # 'oauth_token': oatoken.key, # 'oauth_callback': 'http://printer.example.com/request_token_ready', # }) response = self.client.post('/oauth/authorize/', { 'oauth_token': oatoken.key, 'oauth_callback': 'http://printer.example.com/request_token_ready', 'csrf_signature': OAuthAuthenticationForm.get_csrf_signature(settings.SECRET_KEY, oatoken.key), 'authorize_access': 1, }) # Response should be a redirect... self.assertEqual(302, response.status_code) self.assertEqual('http://printer.example.com/request_token_ready?oauth_token='+oatoken.key, response['Location']) # Obtain access token... request = oauth.OAuthRequest.from_consumer_and_token(oaconsumer, token=oatoken, http_url='http://testserver/oauth/access_token/') request.sign_request(self.signature_method, oaconsumer, oatoken) response = self.client.get('/oauth/access_token/', request.parameters) oa_atoken = oauth.OAuthToken.from_string(response.content) atoken = Token.objects.get(key=oa_atoken.key, token_type=Token.ACCESS) self.assertEqual(atoken.secret, oa_atoken.secret) # save the acces token so we can do oauth requests self.oa_atoken = oa_atoken
class OAuthTests(APIMainTest): """ OAuthTest Does oauth handshake test and gives derived test classes tests the possibility to do OAuth resource requests. """ signature_method = oauth.OAuthSignatureMethod_HMAC_SHA1() def setUp(self): super(OAuthTests, self).setUp() self.consumer = Consumer(name='Test Consumer', description='Test', status='accepted') self.consumer.generate_random_codes() self.consumer.save() self.oa_atoken = None self.test_handshake() def tearDown(self): super(OAuthTests, self).tearDown() self.consumer.delete() def do_oauth_request(self, url, parameters={}, http_method='POST'): oaconsumer = oauth.OAuthConsumer(self.consumer.key, self.consumer.secret) request = oauth.OAuthRequest.from_consumer_and_token( oaconsumer, http_method=http_method, token=self.oa_atoken, http_url='http://testserver%s' % url) request.parameters.update(parameters) request.sign_request(self.signature_method, oaconsumer, self.oa_atoken) if http_method == 'POST': response = self.client.post(url, request.parameters) else: response = self.client.get(url, request.parameters) return response def test_handshake(self): '''Test the OAuth handshake procedure ''' oaconsumer = oauth.OAuthConsumer(self.consumer.key, self.consumer.secret) # Get a request key... request = oauth.OAuthRequest.from_consumer_and_token( oaconsumer, http_url='http://testserver/oauth/request_token/') request.sign_request(self.signature_method, oaconsumer, None) response = self.client.get('/oauth/request_token/', request.parameters) oatoken = oauth.OAuthToken.from_string(response.content) token = Token.objects.get(key=oatoken.key, token_type=Token.REQUEST) self.assertEqual(token.secret, oatoken.secret) # Simulate user authentication... self.failUnless(self.client.login(username='******', password='******')) request = oauth.OAuthRequest.from_token_and_callback( token=oatoken, callback='http://printer.example.com/request_token_ready', http_url='http://testserver/oauth/authorize/') request.sign_request(self.signature_method, oaconsumer, oatoken) # Request the login page # TODO: Parse the response to make sure all the fields exist # response = self.client.get('/api/oauth/authorize', { # 'oauth_token': oatoken.key, # 'oauth_callback': 'http://printer.example.com/request_token_ready', # }) response = self.client.post( '/oauth/authorize/', { 'oauth_token': oatoken.key, 'oauth_callback': 'http://printer.example.com/request_token_ready', 'csrf_signature': OAuthAuthenticationForm.get_csrf_signature( settings.SECRET_KEY, oatoken.key), 'authorize_access': 1, }) # Response should be a redirect... self.assertEqual(302, response.status_code) self.assertEqual( 'http://printer.example.com/request_token_ready?oauth_token=' + oatoken.key, response['Location']) # Obtain access token... request = oauth.OAuthRequest.from_consumer_and_token( oaconsumer, token=oatoken, http_url='http://testserver/oauth/access_token/') request.sign_request(self.signature_method, oaconsumer, oatoken) response = self.client.get('/oauth/access_token/', request.parameters) oa_atoken = oauth.OAuthToken.from_string(response.content) atoken = Token.objects.get(key=oa_atoken.key, token_type=Token.ACCESS) self.assertEqual(atoken.secret, oa_atoken.secret) # save the acces token so we can do oauth requests self.oa_atoken = oa_atoken
class OAuthTests(MainTests): signature_method = oauth.OAuthSignatureMethod_HMAC_SHA1() def setUp(self): super(OAuthTests, self).setUp() self.consumer = Consumer(name='Test Consumer', description='Test', status='accepted') self.consumer.generate_random_codes() self.consumer.save() def tearDown(self): super(OAuthTests, self).tearDown() self.consumer.delete() def test_handshake(self): '''Test the OAuth handshake procedure ''' oaconsumer = oauth.OAuthConsumer(self.consumer.key, self.consumer.secret) # Get a request key... request = oauth.OAuthRequest.from_consumer_and_token( oaconsumer, http_url='http://testserver/api/oauth/request_token') request.sign_request(self.signature_method, oaconsumer, None) response = self.client.get('/api/oauth/request_token', request.parameters) oatoken = oauth.OAuthToken.from_string(response.content) token = Token.objects.get(key=oatoken.key, token_type=Token.REQUEST) self.assertEqual(token.secret, oatoken.secret) # Simulate user authentication... self.failUnless(self.client.login(username='******', password='******')) request = oauth.OAuthRequest.from_token_and_callback( token=oatoken, callback='http://printer.example.com/request_token_ready', http_url='http://testserver/api/oauth/authorize') request.sign_request(self.signature_method, oaconsumer, oatoken) # Request the login page # TODO: Parse the response to make sure all the fields exist # response = self.client.get('/api/oauth/authorize', { # 'oauth_token': oatoken.key, # 'oauth_callback': 'http://printer.example.com/request_token_ready', # }) response = self.client.post( '/api/oauth/authorize', { 'oauth_token': oatoken.key, 'oauth_callback': 'http://printer.example.com/request_token_ready', 'csrf_signature': OAuthAuthenticationForm.get_csrf_signature( settings.SECRET_KEY, oatoken.key), 'authorize_access': 1, }) # Response should be a redirect... self.assertEqual(302, response.status_code) self.assertEqual( 'http://printer.example.com/request_token_ready?oauth_token=' + oatoken.key, response['Location']) # Obtain access token... request = oauth.OAuthRequest.from_consumer_and_token( oaconsumer, token=oatoken, http_url='http://testserver/api/oauth/access_token') request.sign_request(self.signature_method, oaconsumer, oatoken) response = self.client.get('/api/oauth/access_token', request.parameters) oa_atoken = oauth.OAuthToken.from_string(response.content) atoken = Token.objects.get(key=oa_atoken.key, token_type=Token.ACCESS) self.assertEqual(atoken.secret, oa_atoken.secret)
class OAuthTests(MainTests): signature_method = oauth.OAuthSignatureMethod_HMAC_SHA1() def setUp(self): super(OAuthTests, self).setUp() self.consumer = Consumer(name="Test Consumer", description="Test", status="accepted") self.consumer.generate_random_codes() self.consumer.save() def tearDown(self): super(OAuthTests, self).tearDown() self.consumer.delete() def test_handshake(self): """Test the OAuth handshake procedure """ oaconsumer = oauth.OAuthConsumer(self.consumer.key, self.consumer.secret) # Get a request key... request = oauth.OAuthRequest.from_consumer_and_token( oaconsumer, http_url="http://testserver/api/oauth/request_token" ) request.sign_request(self.signature_method, oaconsumer, None) response = self.client.get("/api/oauth/request_token", request.parameters) oatoken = oauth.OAuthToken.from_string(response.content) token = Token.objects.get(key=oatoken.key, token_type=Token.REQUEST) self.assertEqual(token.secret, oatoken.secret) # Simulate user authentication... self.failUnless(self.client.login(username="******", password="******")) request = oauth.OAuthRequest.from_token_and_callback( token=oatoken, callback="http://printer.example.com/request_token_ready", http_url="http://testserver/api/oauth/authorize", ) request.sign_request(self.signature_method, oaconsumer, oatoken) # Request the login page # TODO: Parse the response to make sure all the fields exist # response = self.client.get('/api/oauth/authorize', { # 'oauth_token': oatoken.key, # 'oauth_callback': 'http://printer.example.com/request_token_ready', # }) response = self.client.post( "/api/oauth/authorize", { "oauth_token": oatoken.key, "oauth_callback": "http://printer.example.com/request_token_ready", "csrf_signature": OAuthAuthenticationForm.get_csrf_signature(settings.SECRET_KEY, oatoken.key), "authorize_access": 1, }, ) # Response should be a redirect... self.assertEqual(302, response.status_code) self.assertEqual( "http://printer.example.com/request_token_ready?oauth_token=" + oatoken.key, response["Location"] ) # Obtain access token... request = oauth.OAuthRequest.from_consumer_and_token( oaconsumer, token=oatoken, http_url="http://testserver/api/oauth/access_token" ) request.sign_request(self.signature_method, oaconsumer, oatoken) response = self.client.get("/api/oauth/access_token", request.parameters) oa_atoken = oauth.OAuthToken.from_string(response.content) atoken = Token.objects.get(key=oa_atoken.key, token_type=Token.ACCESS) self.assertEqual(atoken.secret, oa_atoken.secret)
class UserTest(TestCase): """Tests for users """ def setUp(self): self.user = User.objects.create_user('user', '*****@*****.**', 'userpassword') self.user.save() self.client = Client() self.client.login(username='******', password='******') self.consumer = Consumer(name=self.user.username, status='accepted', user=self.user) self.consumer.generate_random_codes() self.consumer.save() self.token = Token(token_type=Token.ACCESS, timestamp=time.time(), is_approved=True, user=self.user, consumer=self.consumer) self.token.generate_random_codes() self.token.save() def test_user_profile(self): profile = self.user.get_profile() self.assertEqual(profile.in_search, True) self.assertEqual(profile.is_public, True) def test_private_profile(self): response = self.client.get('/user/profile/') self.assertEqual(response.status_code, 200) def test_my_public_profile(self): response = self.client.get('/user/public/%s/' % self.user.username) self.assertEqual(response.status_code, 200) def test_public_profile(self): another_user = User.objects.create_user('another_user', '*****@*****.**', 'userpassword') another_user.save() response = self.client.get('/user/public/%s/' % another_user.username) self.assertEqual(response.status_code, 200) profile = another_user.get_profile() profile.is_public = False profile.save() response = self.client.get('/user/public/%s/' % another_user.username) self.assertEqual(response.status_code, 403) def test_refresh_access_token(self): token_key = self.token.key token_secret = self.token.secret response = self.client.get('/user/refresh_access_token/') self.assertEqual(response.status_code, 200) token = Token.objects.get(user=self.user) self.assertNotEqual(token.key, token_key) self.assertNotEqual(token.secret, token_secret)
class UserTest(TestCase): """Tests for users """ def setUp(self): self.user = User.objects.create_user('username', '*****@*****.**', 'userpassword') self.user.save() self.client = Client() self.client.login(username='******', password='******') self.consumer = Consumer(name=self.user.username, status='accepted', user=self.user) self.consumer.generate_random_codes() self.consumer.save() self.token = Token(token_type=Token.ACCESS, timestamp=time.time(), is_approved=True, user=self.user, consumer=self.consumer) self.token.generate_random_codes() self.token.save() def test_user_profile(self): profile = self.user.get_profile() self.assertEqual(profile.in_search, True) self.assertEqual(profile.is_public, True) def test_private_profile(self): response = self.client.get('/user/profile/') self.assertEqual(response.status_code, 200) def test_my_public_profile(self): response = self.client.get('/user/public/%s/' % self.user.username) self.assertEqual(response.status_code, 200) def test_public_profile(self): another_user = User.objects.create_user('another_user', '*****@*****.**', 'userpassword') another_user.save() response = self.client.get('/user/public/%s/' % another_user.username) self.assertEqual(response.status_code, 200) profile = another_user.get_profile() profile.is_public = False profile.save() response = self.client.get('/user/public/%s/' % another_user.username) self.assertEqual(response.status_code, 403) def test_refresh_access_token(self): token_key = self.token.key token_secret = self.token.secret response = self.client.get('/user/refresh_access_token/') self.assertEqual(response.status_code, 200) token = Token.objects.get(user=self.user) self.assertNotEqual(token.key, token_key) self.assertNotEqual(token.secret, token_secret) def test_is_staffStatus(self): self.user.is_staff = True self.user.save() self.user.is_staff = False self.user.save() def test_is_activeStatus(self): self.user.is_active = True self.user.save() self.user.is_acive = False self.user.save() def test_is_authorize(self): self.user.is_staff = False response = self.client.get('/user/users/') self.assertEqual(response.status_code, 404)