class TestBoxIntegration(OsfTestCase): def setUp(self): super(TestBoxIntegration, self).setUp() self.user = AuthUserFactory() # User is logged in self.app.authenticate(*self.user.auth) def test_cant_start_oauth_if_already_authorized(self): # User already has box authorized self.user.add_addon('box') self.user.save() settings = self.user.get_addon('box') oauth = BoxOAuthSettings(user_id='fa;l', access_token='a;lkjadl;kas') oauth.save() settings.oauth_settings = oauth settings.save() assert_true(self.user.get_addon('box').has_auth) # Tries to start oauth again url = api_url_for('box_oauth_start_user') res = self.app.get(url).follow() # Is redirected back to settings page assert_equal( res.request.path, web_url_for('user_addons') )
class TestAuthViews(OsfTestCase): def setUp(self): super(TestAuthViews, self).setUp() self.user = AuthUserFactory() # Log user in self.app.authenticate(*self.user.auth) def test_dropbox_oauth_start(self): url = api_url_for('dropbox_oauth_start_user') res = self.app.get(url) assert_is_redirect(res) assert_in('&force_reapprove=true', res.location) @mock.patch('website.addons.dropbox.views.auth.DropboxOAuth2Flow.finish') @mock.patch('website.addons.dropbox.views.auth.get_client_from_user_settings') def test_dropbox_oauth_finish(self, mock_get, mock_finish): mock_client = mock.MagicMock() mock_client.account_info.return_value = {'display_name': 'Mr. Drop Box'} mock_get.return_value = mock_client mock_finish.return_value = ('mytoken123', 'mydropboxid', 'done') url = api_url_for('dropbox_oauth_finish') res = self.app.get(url) assert_is_redirect(res) @mock.patch('website.addons.dropbox.client.DropboxClient.disable_access_token') def test_dropbox_oauth_delete_user(self, mock_disable_access_token): self.user.add_addon('dropbox') settings = self.user.get_addon('dropbox') settings.access_token = '12345abc' settings.save() assert_true(settings.has_auth) self.user.save() url = api_url_for('dropbox_oauth_delete_user') self.app.delete(url) settings.reload() assert_false(settings.has_auth) @mock.patch('website.addons.dropbox.client.DropboxClient.disable_access_token') def test_dropbox_oauth_delete_user_with_invalid_credentials(self, mock_disable_access_token): self.user.add_addon('dropbox') settings = self.user.get_addon('dropbox') settings.access_token = '12345abc' settings.save() assert_true(settings.has_auth) mock_response = mock.Mock() mock_response.status = 401 mock_disable_access_token.side_effect = ErrorResponse(mock_response, "The given OAuth 2 access token doesn't exist or has expired.") self.user.save() url = api_url_for('dropbox_oauth_delete_user') self.app.delete(url) settings.reload() assert_false(settings.has_auth)
class TestMenbibAuthViews(OsfTestCase): def setUp(self): self.app = TestApp(app) self.user = AuthUserFactory() self.app.authenticate(*self.user.auth) def test_menbib_oauth_start(self): url = api_url_for('menbib_oauth_start_user') res = self.app.get(url) assert_is_redirect(res) @mock.patch('website.addons.menbib.views.auth.finish_auth') def test_menbib_oauth_finish(self, mock_finish): mock_finish.return_value = AuthResult('mytokenabc', 'myrefreshabc', 'cool', '3600') url = api_url_for('menbib_oauth_finish') res = self.app.get(url) assert_is_redirect(res) def test_menbib_oauth_delete_user(self): self.user.add_addon('menbib') user_settings = self.user.get_addon('menbib') user_settings.access_token = '12345abc' assert_true(user_settings.has_auth) self.user.save() url = api_url_for('menbib_oauth_delete_user') res = self.app.delete(url) user_settings.reload() assert_false(user_settings.has_auth)
class TestBadge(OsfTestCase): def setUp(self): super(TestBadge, self).setUp() self.user = AuthUserFactory() self.user.add_addon('badges', override=True) self.usersettings = self.user.get_addon('badges', self.user.auth) self.usersettings.save() def test_fields(self): badgedata = create_badge_dict() create_mock_badge(self.usersettings, badge_data=badgedata) badge = self.usersettings.badges[0] assert_equals(badge.name, badgedata['badgeName']) assert_equals(badge.description, badgedata['description']) assert_equals(badge.image, 'temp.png') assert_equals(badge.criteria, badgedata['criteria']) def test_system_badge(self): create_mock_badge(self.usersettings) badge = self.usersettings.badges[0] badge.make_system_badge() assert_true(badge.is_system_badge) assert_equals(badge, Badge.get_system_badges()[0]) def test_assertions(self): create_mock_badge(self.usersettings) badge = self.usersettings.badges[0] assert_equals(len(badge.assertions), 0) for n in xrange(4): BadgeAssertion.create(badge, None) assert_equals(len(badge.assertions), n + 1)
class TestCreateBucket(OsfTestCase): def setUp(self): super(TestCreateBucket, self).setUp() self.user = AuthUserFactory() self.consolidated_auth = Auth(user=self.user) self.auth = ('test', self.user.api_keys[0]._primary_key) self.project = ProjectFactory(creator=self.user) self.project.add_addon('s3', auth=self.consolidated_auth) self.project.creator.add_addon('s3') self.user_settings = self.user.get_addon('s3') self.user_settings.access_key = 'We-Will-Rock-You' self.user_settings.secret_key = 'Idontknowanyqueensongs' self.user_settings.save() self.node_settings = self.project.get_addon('s3') self.node_settings.bucket = 'Sheer-Heart-Attack' self.node_settings.user_settings = self.project.creator.get_addon('s3') self.node_settings.save() def test_bad_names(self): assert_false(validate_bucket_name('bogus naMe')) assert_false(validate_bucket_name('')) assert_false(validate_bucket_name('no')) assert_false(validate_bucket_name('.cantstartwithp')) assert_false(validate_bucket_name('or.endwith.')) assert_false(validate_bucket_name('..nodoubles')) assert_false(validate_bucket_name('no_unders_in')) def test_names(self): assert_true(validate_bucket_name('imagoodname')) assert_true(validate_bucket_name('still.passing')) assert_true(validate_bucket_name('can-have-dashes')) assert_true(validate_bucket_name('kinda.name.spaced')) @mock.patch('website.addons.s3.views.crud.create_bucket') @mock.patch('website.addons.s3.utils.get_bucket_drop_down') def test_create_bucket_pass(self, mock_make, mock_dropdown): mock_make.return_value = True mock_dropdown.return_value = ['mybucket'] url = self.project.api_url_for('create_new_bucket') ret = self.app.post_json(url, {'bucket_name': 'doesntevenmatter'}, auth=self.user.auth) assert_equals(ret.status_int, http.OK) @mock.patch('website.addons.s3.views.crud.create_bucket') def test_create_bucket_fail(self, mock_make): error = S3ResponseError(418, 'because Im a test') error.message = 'This should work' mock_make.side_effect = error url = "/api/v1/project/{0}/s3/newbucket/".format(self.project._id) ret = self.app.post_json(url, {'bucket_name': 'doesntevenmatter'}, auth=self.user.auth, expect_errors=True) assert_equals(ret.body, '{"message": "This should work", "title": "Problem connecting to S3"}')
class TestUserSettingsModel(OsfTestCase): def setUp(self): super(TestUserSettingsModel, self).setUp() self.user = AuthUserFactory() self.user.add_addon('badges', override=True) self.usersettings = self.user.get_addon('badges') self.usersettings.save() def test_can_award(self): assert_false(self.usersettings.can_award) create_mock_badge(self.usersettings) assert_true(self.usersettings.can_award) def test_to_openbadge(self): self.user.fullname = 'HoneyBadger' self.user.username = '******' self.user.save() test = { 'name': 'HoneyBadger', 'email': '*****@*****.**' } assert_equal(self.usersettings.to_openbadge(), test) def test_badges(self): create_mock_badge(self.usersettings) create_mock_badge(self.usersettings) assert_equal(len(self.usersettings.badges), 2) create_mock_badge(self.usersettings) assert_equal(len(self.usersettings.badges), 3)
class TestGoogleDriveHgridViews(OsfTestCase): def setUp(self): super(TestGoogleDriveHgridViews, self).setUp() self.user = AuthUserFactory() self.user.add_addon('googledrive') self.project = ProjectFactory(creator=self.user) self.project.add_addon('googledrive', Auth(self.user)) self.node_settings = self.project.get_addon('googledrive') self.user_settings = self.user.get_addon('googledrive') self.node_settings.user_settings = self.user_settings self.user_settings.save() self.node_settings.save() # Log user in self.app.authenticate(*self.user.auth) @mock.patch('website.addons.googledrive.views.hgrid.GoogleDriveClient.folders') def test_googledrive_folders(self, mock_drive_client_folders): folderId = '12345' mock_drive_client_folders.return_value = mock_folders['items'] url = api_url_for('googledrive_folders', pid=self.project._primary_key, folderId=folderId) res = self.app.get(url, auth=self.user.auth) assert_equal(res.status_code, 200) assert_equal(len(res.json), len(mock_folders['items'])) @mock.patch('website.addons.googledrive.views.hgrid.GoogleDriveClient.about') def test_googledrive_folders_returns_only_root(self, mock_about): mock_about.return_value = {'rootFolderId': '24601'} url = self.project.api_url_for('googledrive_folders') res = self.app.get(url, auth=self.user.auth) assert_equal(len(res.json), 1) assert_equal(res.status_code, 200) assert_equal(res.json[0]['id'], '24601')
def test_set_user_config_fail(self, mock_connection): mock_connection.return_value = create_mock_connection('wrong', 'info') # Create a user with no settings user = AuthUserFactory() user.add_addon('dataverse') user_settings = user.get_addon('dataverse') url = api_url_for('dataverse_set_user_config') params = {'dataverse_username': '******', 'dataverse_password': '******'} # Post incorrect credentials to existing user res = self.app.post_json(url, params, auth=self.user.auth, expect_errors=True) self.user_settings.reload() # Original user's info has not changed assert_equal(res.status_code, http.UNAUTHORIZED) assert_equal(self.user_settings.dataverse_username, 'snowman') assert_equal(self.user_settings.dataverse_password, 'frosty') # Post incorrect credentials to new user res = self.app.post_json(url, params, auth=user.auth, expect_errors=True) user_settings.reload() # New user's incorrect credentials were not saved assert_equal(res.status_code, http.UNAUTHORIZED) assert_equal(user_settings.dataverse_username, None) assert_equal(user_settings.dataverse_password, None)
class TestAssertion(OsfTestCase): def setUp(self): super(TestAssertion, self).setUp() self.user = AuthUserFactory() self.user.add_addon('badges', override=True) self.usersettings = self.user.get_addon('badges', self.user.auth) self.usersettings.save() self.project = ProjectFactory() self.node_settings = self.project.get_addon('badges') create_mock_badge(self.usersettings) self.badge = self.usersettings.badges[0] def test_parent(self): assertion = BadgeAssertion.create(self.badge, self.project) assert_equals(assertion.badge, self.badge) def test_recipient(self): assertion = BadgeAssertion.create(self.badge, self.project) test_data = { 'idenity': self.project._id, 'type': 'osfnode', 'hashed': False } assert_equals(assertion.recipient, test_data) def test_awarder(self): assertion = BadgeAssertion.create(self.badge, self.project) assert_equals(assertion.awarder, self.usersettings)
def test_set_user_config_fail(self, mock_connection): mock_connection.side_effect = UnauthorizedError('Bad credentials!') # Create a user with no settings user = AuthUserFactory() user.add_addon('dataverse') user_settings = user.get_addon('dataverse') url = api_url_for('dataverse_set_user_config') params = {'api_token': 'wrong-info'} # Post incorrect credentials to existing user res = self.app.post_json(url, params, auth=self.user.auth, expect_errors=True) self.user_settings.reload() # Original user's info has not changed assert_equal(res.status_code, http.UNAUTHORIZED) assert_equal(self.user_settings.api_token, 'snowman-frosty') # Post incorrect credentials to new user res = self.app.post_json(url, params, auth=user.auth, expect_errors=True) user_settings.reload() # New user's incorrect credentials were not saved assert_equal(res.status_code, http.UNAUTHORIZED) assert_equal(user_settings.api_token, None)
class TestGoogleDriveHgridViews(OsfTestCase): def setUp(self): super(TestGoogleDriveHgridViews, self).setUp() self.user = AuthUserFactory() self.user.add_addon('googledrive') self.project = ProjectFactory(creator=self.user) self.project.add_addon('googledrive', Auth(self.user)) self.node_settings = self.project.get_addon('googledrive') self.user_settings = self.user.get_addon('googledrive') self.node_settings.user_settings = self.user_settings self.user_settings.save() self.node_settings.save() # Log user in self.app.authenticate(*self.user.auth) @mock.patch('website.addons.googledrive.views.hgrid.GoogleDriveClient.folders') def test_googledrive_folders(self, mock_drive_client_folders): folderId = '12345' mock_drive_client_folders.return_value = mock_folders['items'] url = api_url_for('googledrive_folders', pid=self.project._primary_key, folderId=folderId) res = self.app.get(url, auth=self.user.auth) assert_equal(res.status_code, 200) assert_equal(len(res.json), len(mock_folders['items'])) @mock.patch('website.addons.googledrive.views.hgrid.GoogleDriveClient.about') def test_googledrive_folders_returns_only_root(self, mock_about): mock_about.return_value = {'rootFolderId': '24601'} url = self.project.api_url_for('googledrive_folders') res = self.app.get(url, auth=self.user.auth) assert_equal(len(res.json), 1) assert_equal(res.status_code, 200) assert_equal(res.json[0]['id'], '24601')
class TestUserSettingsModel(OsfTestCase): def setUp(self): super(TestUserSettingsModel, self).setUp() self.user = AuthUserFactory() self.user.add_addon('badges', override=True) self.usersettings = self.user.get_addon('badges') self.usersettings.save() def test_can_award(self): assert_false(self.usersettings.can_award) create_mock_badge(self.usersettings) assert_true(self.usersettings.can_award) def test_to_openbadge(self): self.user.fullname = 'HoneyBadger' self.user.username = '******' self.user.save() test = {'name': 'HoneyBadger', 'email': '*****@*****.**'} assert_equal(self.usersettings.to_openbadge(), test) def test_badges(self): create_mock_badge(self.usersettings) create_mock_badge(self.usersettings) assert_equal(len(self.usersettings.badges), 2) create_mock_badge(self.usersettings) assert_equal(len(self.usersettings.badges), 3)
def test_set_user_config_fail(self, mock_connection): mock_connection.side_effect = UnauthorizedError('Bad credentials!') # Create a user with no settings user = AuthUserFactory() user.add_addon('dataverse') user_settings = user.get_addon('dataverse') url = api_url_for('dataverse_set_user_config') params = {'api_token': 'wrong-info'} # Post incorrect credentials to existing user res = self.app.post_json(url, params, auth=self.user.auth, expect_errors=True) self.user_settings.reload() # Original user's info has not changed assert_equal(res.status_code, http.UNAUTHORIZED) assert_equal(self.user_settings.api_token, 'snowman-frosty') # Post incorrect credentials to new user res = self.app.post_json(url, params, auth=user.auth, expect_errors=True) user_settings.reload() # New user's incorrect credentials were not saved assert_equal(res.status_code, http.UNAUTHORIZED) assert_equal(user_settings.api_token, None)
class TestBadge(OsfTestCase): def setUp(self): super(TestBadge, self).setUp() self.user = AuthUserFactory() self.user.add_addon('badges', override=True) self.usersettings = self.user.get_addon('badges', self.user.auth) self.usersettings.save() def test_fields(self): badgedata = create_badge_dict() create_mock_badge(self.usersettings, badge_data=badgedata) badge = self.usersettings.badges[0] assert_equals(badge.name, badgedata['badgeName']) assert_equals(badge.description, badgedata['description']) assert_equals(badge.image, 'temp.png') assert_equals(badge.criteria, badgedata['criteria']) def test_system_badge(self): create_mock_badge(self.usersettings) badge = self.usersettings.badges[0] badge.make_system_badge() assert_true(badge.is_system_badge) assert_equals(badge, Badge.get_system_badges()[0]) def test_assertions(self): create_mock_badge(self.usersettings) badge = self.usersettings.badges[0] assert_equals(len(badge.assertions), 0) for n in xrange(4): BadgeAssertion.create(badge, None) assert_equals(len(badge.assertions), n + 1)
class TestAssertion(OsfTestCase): def setUp(self): super(TestAssertion, self).setUp() self.user = AuthUserFactory() self.user.add_addon('badges', override=True) self.usersettings = self.user.get_addon('badges', self.user.auth) self.usersettings.save() self.project = ProjectFactory() self.node_settings = self.project.get_addon('badges') create_mock_badge(self.usersettings) self.badge = self.usersettings.badges[0] def test_parent(self): assertion = BadgeAssertion.create(self.badge, self.project) assert_equals(assertion.badge, self.badge) def test_recipient(self): assertion = BadgeAssertion.create(self.badge, self.project) test_data = { 'idenity': self.project._id, 'type': 'osfnode', 'hashed': False } assert_equals(assertion.recipient, test_data) def test_awarder(self): assertion = BadgeAssertion.create(self.badge, self.project) assert_equals(assertion.awarder, self.usersettings)
def test_oauth_delete_user_two_osf_user(self, mock_revoke_token, mock_github_user): mock_revoke_token.return_value = True user = mock.Mock() user.id = "testing user id" user.login = "******" mock_github_user.return_value = user views.auth.create_and_attach_oauth(self.user_settings, "testing acess token", "testing token type") user2 = AuthUserFactory() user2.add_addon('github') user2.save() user_settings2 = user2.get_addon('github') views.auth.create_and_attach_oauth(user_settings2, "testing access token", "testing token type") url = api_url_for("github_oauth_delete_user") self.app.delete(url, auth=self.user.auth) self.user_settings.reload() user_settings2.reload() assert_false(self.user_settings.oauth_token_type) assert_false(self.user_settings.oauth_access_token) assert_false(self.user_settings.github_user_name) assert_false(self.user_settings.oauth_settings) assert_true(user_settings2.oauth_settings) assert_equal(user_settings2.oauth_token_type, "testing token type") assert_equal(user_settings2.oauth_access_token, "testing access token") assert_equal(user_settings2.github_user_name, "testing user")
class TestAuthViews(OsfTestCase): def setUp(self): self.app = TestApp(app) self.user = AuthUserFactory() self.app.authenticate(*self.user.auth) def test_mendeley_oauth_start(self): self.user.add_addon('mendeley') settings = self.user.get_addon('mendeley') settings.access_token = '12345abc' print settings.has_auth settings.save() # assert_true(settings.has_auth) url = views.mendeley_oauth_start(self) print url def test_mendeley_oauth_delete_user(self): pass def test_mendeley_oauth_delete_node(self): pass def test_mendeley_oauth_callback(self): pass
class TestCreateBucket(OsfTestCase): def setUp(self): super(TestCreateBucket, self).setUp() self.user = AuthUserFactory() self.consolidated_auth = Auth(user=self.user) self.auth = ('test', self.user.api_keys[0]._primary_key) self.project = ProjectFactory(creator=self.user) self.project.add_addon('s3', auth=self.consolidated_auth) self.project.creator.add_addon('s3') self.user_settings = self.user.get_addon('s3') self.user_settings.access_key = 'We-Will-Rock-You' self.user_settings.secret_key = 'Idontknowanyqueensongs' self.user_settings.save() self.node_settings = self.project.get_addon('s3') self.node_settings.bucket = 'Sheer-Heart-Attack' self.node_settings.user_settings = self.project.creator.get_addon('s3') self.node_settings.save() def test_bad_names(self): assert_false(validate_bucket_name('bogus naMe')) assert_false(validate_bucket_name('')) assert_false(validate_bucket_name('no')) assert_false(validate_bucket_name('.cantstartwithp')) assert_false(validate_bucket_name('or.endwith.')) assert_false(validate_bucket_name('..nodoubles')) assert_false(validate_bucket_name('no_unders_in')) def test_names(self): assert_true(validate_bucket_name('imagoodname')) assert_true(validate_bucket_name('still.passing')) assert_true(validate_bucket_name('can-have-dashes')) assert_true(validate_bucket_name('kinda.name.spaced')) @mock.patch('website.addons.s3.views.crud.create_bucket') @mock.patch('website.addons.s3.utils.get_bucket_drop_down') def test_create_bucket_pass(self, mock_make, mock_dropdown): mock_make.return_value = True mock_dropdown.return_value = ['mybucket'] url = self.project.api_url_for('create_new_bucket') ret = self.app.post_json(url, {'bucket_name': 'doesntevenmatter'}, auth=self.user.auth) assert_equals(ret.status_int, http.OK) @mock.patch('website.addons.s3.views.crud.create_bucket') def test_create_bucket_fail(self, mock_make): error = S3ResponseError(418, 'because Im a test') error.message = 'This should work' mock_make.side_effect = error url = "/api/v1/project/{0}/s3/newbucket/".format(self.project._id) ret = self.app.post_json(url, {'bucket_name': 'doesntevenmatter'}, auth=self.user.auth, expect_errors=True) assert_equals(ret.body, '{"message": "This should work", "title": "Problem connecting to S3"}')
def test_oauth_delete_user_two_osf_user(self, mock_revoke_token, mock_github_user): mock_revoke_token.return_value = True user = mock.Mock() user.id = "testing user id" user.login = "******" mock_github_user.return_value = user views.auth.create_and_attach_oauth(self.user_settings, "testing acess token", "testing token type") user2 = AuthUserFactory() user2.add_addon('github') user2.save() user_settings2 = user2.get_addon('github') views.auth.create_and_attach_oauth(user_settings2, "testing access token", "testing token type") url = api_url_for("github_oauth_delete_user") self.app.delete(url, auth=self.user.auth) self.user_settings.reload() user_settings2.reload() assert_false(self.user_settings.oauth_token_type) assert_false(self.user_settings.oauth_access_token) assert_false(self.user_settings.github_user_name) assert_false(self.user_settings.oauth_settings) assert_true(user_settings2.oauth_settings) assert_equal(user_settings2.oauth_token_type, "testing token type") assert_equal(user_settings2.oauth_access_token, "testing access token") assert_equal(user_settings2.github_user_name, "testing user")
class TestViews(OsfTestCase): def setUp(self): super(TestViews, self).setUp() self.user = AuthUserFactory() self.user_addon = self.user.get_or_add_addon('twofactor') self.user_settings = self.user.get_addon('twofactor') def test_confirm_code(self): # Send a valid code to the API endpoint for the user settings. url = api_url_for('twofactor_settings_put') res = self.app.put_json( url, {'code': _valid_code(self.user_settings.totp_secret)}, auth=self.user.auth) # reload the user settings object from the DB self.user_settings.reload() assert_true(self.user_settings.is_confirmed) assert_equal(res.status_code, 200) def test_confirm_code_failure(self): url = api_url_for('twofactor_settings_put') res = self.app.put_json(url, {'code': '0000000'}, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 403) json = res.json assert_in('verification code', json['message_long']) # reload the user settings object from the DB self.user_settings.reload() assert_false(self.user_settings.is_confirmed)
class TestViews(OsfTestCase): @mock.patch('website.addons.twofactor.models.push_status_message') def setUp(self, mocked): super(TestViews, self).setUp() self.user = AuthUserFactory() self.user.add_addon('twofactor') self.user_settings = self.user.get_addon('twofactor') def test_confirm_code(self): # Send a valid code to the API endpoint for the user settings. res = self.app.post_json( '/api/v1/settings/twofactor/', {'code': _valid_code(self.user_settings.totp_secret)}, auth=self.user.auth) # reload the user settings object from the DB self.user_settings.reload() assert_true(self.user_settings.is_confirmed) assert_equal(res.status_code, 200) def test_confirm_code_failure(self): res = self.app.post_json('/api/v1/settings/twofactor/', {'code': '000000'}, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 403) json = res.json assert_in('verification code', json['message_long']) # reload the user settings object from the DB self.user_settings.reload() assert_false(self.user_settings.is_confirmed)
def test_set_user_config_fail(self, mock_connection): mock_connection.return_value = create_mock_connection('wrong', 'info') # Create a user with no settings user = AuthUserFactory() user.add_addon('dataverse') user_settings = user.get_addon('dataverse') url = api_url_for('dataverse_set_user_config') params = {'dataverse_username': '******', 'dataverse_password': '******'} # Post incorrect credentials to existing user res = self.app.post_json(url, params, auth=self.user.auth, expect_errors=True) self.user_settings.reload() # Original user's info has not changed assert_equal(res.status_code, http.UNAUTHORIZED) assert_equal(self.user_settings.dataverse_username, 'snowman') assert_equal(self.user_settings.dataverse_password, 'frosty') # Post incorrect credentials to new user res = self.app.post_json(url, params, auth=user.auth, expect_errors=True) user_settings.reload() # New user's incorrect credentials were not saved assert_equal(res.status_code, http.UNAUTHORIZED) assert_equal(user_settings.dataverse_username, None) assert_equal(user_settings.dataverse_password, None)
def test_user_settings_when_user_does_not_have_addon(self, _): user = AuthUserFactory() url = self.project.api_url_for("s3_post_user_settings") self.app.post_json(url, {"access_key": "ABCDEFG", "secret_key": "We are the champions"}, auth=user.auth) user.reload() user_settings = user.get_addon("s3") assert_equals(user_settings.access_key, "ABCDEFG") assert_equals(user_settings.secret_key, "We are the champions")
class TestGoogleDriveUtils(OsfTestCase): def setUp(self): super(TestGoogleDriveUtils, self).setUp() self.user = AuthUserFactory() self.user.add_addon('googledrive') self.project = ProjectFactory(creator=self.user) self.project.add_addon('googledrive', Auth(self.user)) self.node_settings = self.project.get_addon('googledrive') self.user_settings = self.user.get_addon('googledrive') oauth_settings = GoogleDriveOAuthSettingsFactory() self.user_settings.oauth_settings = oauth_settings self.node_settings.user_settings = self.user_settings self.node_settings.folder_id = '09120912' self.node_settings.folder_path = 'foo/bar' self.user_settings.save() self.node_settings.save() # Log user in self.app.authenticate(*self.user.auth) def test_serialize_settings_helper_returns_correct_urls(self): result = serialize_settings(self.node_settings, self.user) urls = result['urls'] assert_equal(urls['files'], self.project.web_url_for('collect_file_trees')) assert_equal(urls['config'], self.project.api_url_for('googledrive_config_put')) assert_equal(urls['deauthorize'], self.project.api_url_for('googledrive_deauthorize')) assert_equal(urls['importAuth'], self.project.api_url_for('googledrive_import_user_auth')) # Includes endpoint for fetching folders only # NOTE: Querystring params are in camelCase assert_equal(urls['get_folders'], self.project.api_url_for('googledrive_folders')) def test_serialize_settings_helper_returns_correct_auth_info(self): self.user_settings.access_token = 'abc123' result = serialize_settings(self.node_settings, self.user) assert_equal(result['nodeHasAuth'], self.node_settings.has_auth) assert_true(result['userHasAuth']) assert_true(result['userIsOwner']) def test_serialize_settings_for_user_no_auth(self): no_addon_user = AuthUserFactory() result = serialize_settings(self.node_settings, no_addon_user) assert_false(result['userIsOwner']) assert_false(result['userHasAuth']) def test_googledrive_import_user_auth_returns_serialized_settings(self): self.node_settings.user_settings = None self.node_settings.save() url = api_url_for('googledrive_import_user_auth', pid=self.project._primary_key) res = self.app.put(url, auth=self.user.auth) self.project.reload() self.node_settings.reload() expected_result = serialize_settings(self.node_settings, self.user) result = res.json['result'] assert_equal(result, expected_result)
class TestGoogleDriveUtils(OsfTestCase): def setUp(self): super(TestGoogleDriveUtils, self).setUp() self.user = AuthUserFactory() self.user.add_addon('googledrive') self.project = ProjectFactory(creator=self.user) self.project.add_addon('googledrive', Auth(self.user)) self.node_settings = self.project.get_addon('googledrive') self.user_settings = self.user.get_addon('googledrive') oauth_settings = GoogleDriveOAuthSettingsFactory() self.user_settings.oauth_settings = oauth_settings self.node_settings.user_settings = self.user_settings self.node_settings.folder_id = '09120912' self.node_settings.folder_path = 'foo/bar' self.user_settings.save() self.node_settings.save() # Log user in self.app.authenticate(*self.user.auth) def test_serialize_settings_helper_returns_correct_urls(self): result = serialize_settings(self.node_settings, self.user) urls = result['urls'] assert_equal(urls['files'], self.project.web_url_for('collect_file_trees')) assert_equal(urls['config'], self.project.api_url_for('googledrive_config_put')) assert_equal(urls['deauthorize'], self.project.api_url_for('googledrive_deauthorize')) assert_equal(urls['importAuth'], self.project.api_url_for('googledrive_import_user_auth')) # Includes endpoint for fetching folders only # NOTE: Querystring params are in camelCase assert_equal(urls['get_folders'], self.project.api_url_for('googledrive_folders')) def test_serialize_settings_helper_returns_correct_auth_info(self): self.user_settings.access_token = 'abc123' result = serialize_settings(self.node_settings, self.user) assert_equal(result['nodeHasAuth'], self.node_settings.has_auth) assert_true(result['userHasAuth']) assert_true(result['userIsOwner']) def test_serialize_settings_for_user_no_auth(self): no_addon_user = AuthUserFactory() result = serialize_settings(self.node_settings, no_addon_user) assert_false(result['userIsOwner']) assert_false(result['userHasAuth']) def test_googledrive_import_user_auth_returns_serialized_settings(self): self.node_settings.user_settings = None self.node_settings.save() url = api_url_for('googledrive_import_user_auth', pid=self.project._primary_key) res = self.app.put(url, auth=self.user.auth) self.project.reload() self.node_settings.reload() expected_result = serialize_settings(self.node_settings, self.user) result = res.json['result'] assert_equal(result, expected_result)
def test_s3_set_bucket_already_authed(self): user = AuthUserFactory() user.add_addon("s3") user_settings = user.get_addon("s3") user_settings.access_key = "foo" user_settings.secret_key = "bar" user_settings.save() self.project.add_contributor(user, save=True) url = self.project.api_url_for("s3_post_node_settings") res = self.app.post_json(url, {"s3_bucket": "hammertofall"}, auth=user.auth, expect_errors=True) assert_equal(res.status_code, http.BAD_REQUEST)
class TestAuthViews(OsfTestCase): def setUp(self): super(TestAuthViews, self).setUp() self.user = AuthUserFactory() # Log user in self.app.authenticate(*self.user.auth) def test_box_oauth_start(self): url = api_url_for('box_oauth_start_user') res = self.app.get(url) assert_is_redirect(res) @mock.patch('website.addons.box.views.auth.box_oauth_finish') @mock.patch('website.addons.box.views.auth.finish_auth') @mock.patch('website.addons.box.views.auth.BoxClient') def test_box_oauth_finish(self, mock_get, mock_finish, mock_oauth): mock_client = mock.MagicMock() mock_client.get_user_info.return_value = { 'name': 'Mr. Box', 'id': '1234567890' } mock_get.return_value = mock_client mock_finish.return_value = { 'token_type': 'something', 'access_token': 'something', 'refresh_token': 'something' } mock_oauth.return_value = ('mytoken123', 'myboxid', 'done') url = api_url_for('box_oauth_finish') res = self.app.get(url) assert_is_redirect(res) @mock.patch('website.addons.box.views.auth.flash') def test_box_oauth_finish_cancelled(self, mock_flash): url = api_url_for('box_oauth_finish', error='User declined!') res = self.app.get(url) assert_is_redirect(res) mock_flash.assert_called_once() @mock.patch('website.addons.box.model.BoxOAuthSettings.revoke_access_token' ) def test_box_oauth_delete_user(self, mock_disable_access_token): self.user.add_addon('box') settings = self.user.get_addon('box') oauth = BoxOAuthSettings(user_id='fa;l', access_token='a;lkjadl;kas') oauth.save() settings.oauth_settings = oauth settings.save() assert_true(settings.has_auth) self.user.save() url = api_url_for('box_oauth_delete_user') self.app.delete(url) settings.reload() assert_false(settings.has_auth)
def test_user_settings_when_user_does_not_have_addon(self, _): user = AuthUserFactory() url = self.project.api_url_for('s3_post_user_settings') self.app.post_json(url, { 'access_key': 'ABCDEFG', 'secret_key': 'We are the champions' }, auth=user.auth) user.reload() user_settings = user.get_addon('s3') assert_equals(user_settings.access_key, 'ABCDEFG') assert_equals(user_settings.secret_key, 'We are the champions')
class TestDropboxIntegration(OsfTestCase): def setUp(self): super(TestDropboxIntegration, self).setUp() self.user = AuthUserFactory() # User is logged in self.app.authenticate(*self.user.auth) def test_cant_start_oauth_if_already_authorized(self): # User already has dropbox authorized self.user.add_addon('dropbox') self.user.save() settings = self.user.get_addon('dropbox') settings.access_token = 'abc123foobarbaz' settings.save() assert_true(self.user.get_addon('dropbox').has_auth) # Tries to start oauth again url = api_url_for('dropbox_oauth_start_user') res = self.app.get(url).follow() # Is redirected back to settings page assert_equal(res.request.path, web_url_for('user_addons'))
def test_s3_set_bucket_already_authed(self): user = AuthUserFactory() user.add_addon('s3') user_settings = user.get_addon('s3') user_settings.access_key = 'foo' user_settings.secret_key = 'bar' user_settings.save() self.project.add_contributor(user, save=True) url = self.project.api_url_for('s3_post_node_settings') res = self.app.post_json(url, {'s3_bucket': 'hammertofall'}, auth=user.auth, expect_errors=True) assert_equal(res.status_code, http.BAD_REQUEST)
class TestRemove2Factor(AdminTestCase): def setUp(self): super(TestRemove2Factor, self).setUp() self.user = AuthUserFactory() @mock.patch('admin.users.views.User.delete_addon') def test_remove_two_factor_get(self, mock_delete_addon): guid = self.user._id request = RequestFactory().get('/fake_path') remove_2_factor(request, guid) mock_delete_addon.assert_called_with('twofactor') def test_integration_delete_two_factor(self): guid = self.user._id user_addon = self.user.get_or_add_addon('twofactor') assert_not_equal(user_addon, None) user_settings = self.user.get_addon('twofactor') assert_not_equal(user_settings, None) request = RequestFactory().post('/fake_path') remove_2_factor(request, guid) post_addon = self.user.get_addon('twofactor') assert_equal(post_addon, None)
class TestRemove2Factor(AdminTestCase): def setUp(self): super(TestRemove2Factor, self).setUp() self.user = AuthUserFactory() @mock.patch('admin.users.views.User.delete_addon') def test_remove_two_factor_get(self, mock_delete_addon): guid = self.user._id request = RequestFactory().get('/fake_path') remove_2_factor(request, guid) mock_delete_addon.assert_called_with('twofactor') def test_integration_delete_two_factor(self): guid = self.user._id user_addon = self.user.get_or_add_addon('twofactor') assert_not_equal(user_addon, None) user_settings = self.user.get_addon('twofactor') assert_not_equal(user_settings, None) request = RequestFactory().post('/fake_path') remove_2_factor(request, guid) post_addon = self.user.get_addon('twofactor') assert_equal(post_addon, None)
class TestAuthViews(OsfTestCase): def setUp(self): super(TestAuthViews, self).setUp() self.user = AuthUserFactory() # Log user in self.app.authenticate(*self.user.auth) def test_box_oauth_start(self): url = api_url_for('box_oauth_start_user') res = self.app.get(url) assert_is_redirect(res) @mock.patch('website.addons.box.views.auth.box_oauth_finish') @mock.patch('website.addons.box.views.auth.finish_auth') @mock.patch('website.addons.box.views.auth.BoxClient') def test_box_oauth_finish(self, mock_get, mock_finish, mock_oauth): mock_client = mock.MagicMock() mock_client.get_user_info.return_value = {'name': 'Mr. Box', 'id': '1234567890'} mock_get.return_value = mock_client mock_finish.return_value = { 'token_type': 'something', 'access_token': 'something', 'refresh_token': 'something' } mock_oauth.return_value = ('mytoken123', 'myboxid', 'done') url = api_url_for('box_oauth_finish') res = self.app.get(url) assert_is_redirect(res) @mock.patch('website.addons.box.views.auth.flash') def test_box_oauth_finish_cancelled(self, mock_flash): url = api_url_for('box_oauth_finish', error='User declined!') res = self.app.get(url) assert_is_redirect(res) mock_flash.assert_called_once() @mock.patch('website.addons.box.model.BoxOAuthSettings.revoke_access_token') def test_box_oauth_delete_user(self, mock_disable_access_token): self.user.add_addon('box') settings = self.user.get_addon('box') oauth = BoxOAuthSettings(user_id='fa;l', access_token='a;lkjadl;kas') oauth.save() settings.oauth_settings = oauth settings.save() assert_true(settings.has_auth) self.user.save() url = api_url_for('box_oauth_delete_user') self.app.delete(url) settings.reload() assert_false(settings.has_auth)
class TestRemove2Factor(AdminTestCase): def setUp(self): super(TestRemove2Factor, self).setUp() self.user = AuthUserFactory() self.request = RequestFactory().post('/fake_path') self.view = User2FactorDeleteView() self.view = setup_log_view(self.view, self.request, guid=self.user._id) @mock.patch('admin.users.views.User.delete_addon') def test_remove_two_factor_get(self, mock_delete_addon): self.view.delete(self.request) mock_delete_addon.assert_called_with('twofactor') def test_integration_delete_two_factor(self): user_addon = self.user.get_or_add_addon('twofactor') nt.assert_not_equal(user_addon, None) user_settings = self.user.get_addon('twofactor') nt.assert_not_equal(user_settings, None) count = OSFLogEntry.objects.count() self.view.delete(self.request) post_addon = self.user.get_addon('twofactor') nt.assert_equal(post_addon, None) nt.assert_equal(OSFLogEntry.objects.count(), count + 1)
class TestS3ViewsHgrid(OsfTestCase): def setUp(self): super(TestS3ViewsHgrid, self).setUp() self.user = AuthUserFactory() self.consolidated_auth = Auth(user=self.user) self.auth = ('test', self.user.api_keys[0]._primary_key) self.project = ProjectFactory(creator=self.user) self.project.add_addon('s3', auth=self.consolidated_auth) self.project.creator.add_addon('s3') self.user_settings = self.user.get_addon('s3') self.user_settings.access_key = 'We-Will-Rock-You' self.user_settings.secret_key = 'Idontknowanyqueensongs' self.user_settings.save() self.node_settings = self.project.get_addon('s3') self.node_settings.bucket = 'Sheer-Heart-Attack' self.node_settings.user_settings = self.project.creator.get_addon('s3') self.node_settings.save() def test_data_contents_no_user_settings(self): self.node_settings.user_settings = None self.node_settings.save() url = "/api/v1/project/{0}/s3/hgrid/".format(self.project._id) rv = self.app.get(url, expect_errors=True, auth=self.user.auth) assert_equals(rv.status_int, http.BAD_REQUEST) def test_dummy_folder(self): url = "/api/v1/project/{0}/s3/hgrid/dummy/".format(self.project._id) rv = self.app.get(url, auth=self.user.auth) assert_true(self.node_settings.bucket in rv.body) def test_dummy_folder_no_user_settings(self): self.node_settings.user_settings = None self.node_settings.save() url = "/api/v1/project/{0}/s3/hgrid/dummy/".format(self.project._id) rv = self.app.get(url, auth=self.user.auth) assert_equals(rv.body, 'null') def test_dummy_folder_no_bucket(self): self.node_settings.bucket = None self.node_settings.save() url = "/api/v1/project/{0}/s3/hgrid/dummy/".format(self.project._id) rv = self.app.get(url, auth=self.user.auth) assert_equals(rv.body, 'null')
class TestRemove2Factor(AdminTestCase): def setUp(self): super(TestRemove2Factor, self).setUp() self.user = AuthUserFactory() self.request = RequestFactory().post('/fake_path') self.view = User2FactorDeleteView() self.view = setup_log_view(self.view, self.request, guid=self.user._id) @mock.patch('admin.users.views.User.delete_addon') def test_remove_two_factor_get(self, mock_delete_addon): self.view.delete(self.request) mock_delete_addon.assert_called_with('twofactor') def test_integration_delete_two_factor(self): user_addon = self.user.get_or_add_addon('twofactor') nt.assert_not_equal(user_addon, None) user_settings = self.user.get_addon('twofactor') nt.assert_not_equal(user_settings, None) count = OSFLogEntry.objects.count() self.view.delete(self.request) post_addon = self.user.get_addon('twofactor') nt.assert_equal(post_addon, None) nt.assert_equal(OSFLogEntry.objects.count(), count + 1)
class TestS3ViewsHgrid(OsfTestCase): def setUp(self): super(TestS3ViewsHgrid, self).setUp() self.user = AuthUserFactory() self.consolidated_auth = Auth(user=self.user) self.auth = ('test', self.user.api_keys[0]._primary_key) self.project = ProjectFactory(creator=self.user) self.project.add_addon('s3', auth=self.consolidated_auth) self.project.creator.add_addon('s3') self.user_settings = self.user.get_addon('s3') self.user_settings.access_key = 'We-Will-Rock-You' self.user_settings.secret_key = 'Idontknowanyqueensongs' self.user_settings.save() self.node_settings = self.project.get_addon('s3') self.node_settings.bucket = 'Sheer-Heart-Attack' self.node_settings.user_settings = self.project.creator.get_addon('s3') self.node_settings.save() def test_data_contents_no_user_settings(self): self.node_settings.user_settings = None self.node_settings.save() url = "/api/v1/project/{0}/s3/hgrid/".format(self.project._id) rv = self.app.get(url, expect_errors=True, auth=self.user.auth) assert_equals(rv.status_int, http.BAD_REQUEST) def test_dummy_folder(self): url = "/api/v1/project/{0}/s3/hgrid/dummy/".format(self.project._id) rv = self.app.get(url, auth=self.user.auth) assert_true(self.node_settings.bucket in rv.body) def test_dummy_folder_no_user_settings(self): self.node_settings.user_settings = None self.node_settings.save() url = "/api/v1/project/{0}/s3/hgrid/dummy/".format(self.project._id) rv = self.app.get(url, auth=self.user.auth) assert_equals(rv.body, 'null') def test_dummy_folder_no_bucket(self): self.node_settings.bucket = None self.node_settings.save() url = "/api/v1/project/{0}/s3/hgrid/dummy/".format(self.project._id) rv = self.app.get(url, auth=self.user.auth) assert_equals(rv.body, 'null')
def test_s3_set_bucket_already_authed(self): user = AuthUserFactory() user.add_addon('s3') user_settings = user.get_addon('s3') user_settings.access_key = 'foo' user_settings.secret_key = 'bar' user_settings.save() self.project.add_contributor(user, save=True) url = self.project.api_url + 's3/settings/' res = self.app.post_json( url, {'s3_bucket': 'hammertofall'}, auth=user.auth, expect_errors=True ) assert_equal(res.status_code, http.BAD_REQUEST)
def test_user_settings_when_user_does_not_have_addon(self, _): user = AuthUserFactory() url = self.project.api_url_for('s3_post_user_settings') self.app.post_json( url, { 'access_key': 'ABCDEFG', 'secret_key': 'We are the champions' }, auth=user.auth ) user.reload() user_settings = user.get_addon('s3') assert_equals(user_settings.access_key, 'ABCDEFG') assert_equals(user_settings.secret_key, 'We are the champions')
def test_set_user_config(self, mock_connection): mock_connection.return_value = create_mock_connection() # Create a user with no settings user = AuthUserFactory() user.add_addon('dataverse') user_settings = user.get_addon('dataverse') url = api_url_for('dataverse_set_user_config') params = {'api_token': 'snowman-frosty'} # Post dataverse credentials self.app.post_json(url, params, auth=user.auth) user_settings.reload() # User settings have updated correctly assert_equal(user_settings.api_token, 'snowman-frosty')
def test_set_user_config(self, mock_connection): mock_connection.return_value = create_mock_connection() # Create a user with no settings user = AuthUserFactory() user.add_addon('dataverse') user_settings = user.get_addon('dataverse') url = api_url_for('dataverse_set_user_config') params = {'api_token': 'snowman-frosty'} # Post dataverse credentials self.app.post_json(url, params, auth=user.auth) user_settings.reload() # User settings have updated correctly assert_equal(user_settings.api_token, 'snowman-frosty')
def test_serialize_settings_helper_non_owner(self, mock_connection): mock_connection.return_value = create_mock_connection() # Non-owner user without add-on serializer = DataverseSerializer(node_settings=self.node_settings) result = serializer.serialized_node_settings assert_equal(result['nodeHasAuth'], self.node_settings.has_auth) assert_false(result['userHasAuth']) assert_false(result['userIsOwner']) # Non-owner user with add-on stranger = AuthUserFactory() stranger.add_addon('dataverse') stranger.external_accounts.append(create_external_account()) serializer.user_settings = stranger.get_addon('dataverse') result = serializer.serialized_node_settings assert_equal(result['nodeHasAuth'], self.node_settings.has_auth) assert_true(result['userHasAuth']) assert_false(result['userIsOwner'])
def test_serialize_settings_helper_non_owner(self, mock_connection): mock_connection.return_value = create_mock_connection() # Non-owner user without add-on stranger = AuthUserFactory() result = serialize_settings(self.node_settings, stranger) assert_equal(result['nodeHasAuth'], self.node_settings.has_auth) assert_false(result['userHasAuth']) assert_false(result['userIsOwner']) # Non-owner user with add-on stranger.add_addon('dataverse') stranger_settings = stranger.get_addon('dataverse') stranger_settings.api_token = 'foo-bar' stranger_settings.save() result = serialize_settings(self.node_settings, stranger) assert_equal(result['nodeHasAuth'], self.node_settings.has_auth) assert_true(result['userHasAuth']) assert_false(result['userIsOwner'])
def test_serialize_settings_helper_non_owner(self, mock_connection): mock_connection.return_value = create_mock_connection() # Non-owner user without add-on stranger = AuthUserFactory() result = serialize_settings(self.node_settings, stranger) assert_equal(result['nodeHasAuth'], self.node_settings.has_auth) assert_false(result['userHasAuth']) assert_false(result['userIsOwner']) # Non-owner user with add-on stranger.add_addon('dataverse') stranger_settings = stranger.get_addon('dataverse') stranger_settings.api_token = 'foo-bar' stranger_settings.save() result = serialize_settings(self.node_settings, stranger) assert_equal(result['nodeHasAuth'], self.node_settings.has_auth) assert_true(result['userHasAuth']) assert_false(result['userIsOwner'])
class TestUtils(OsfTestCase): @mock.patch('website.addons.twofactor.models.push_status_message') def setUp(self, mocked): super(TestUtils, self).setUp() self.user = AuthUserFactory() self.user_addon = self.user.get_or_add_addon('twofactor') self.user_settings = self.user.get_addon('twofactor') def test_serialize_urls_enabled(self): urls = serialize_urls(self.user_addon) for key in ['enable', 'disable', 'settings', 'otpauth']: assert_in(key, urls) assert_equal(urls['otpauth'], self.user_addon.otpauth_url) def test_serialize_urls_disabled(self): urls = serialize_urls(None) for key in ['enable', 'disable', 'settings', 'otpauth']: assert_in(key, urls) assert_equal(urls['otpauth'], '') def test_serialize_settings_enabled_and_unconfirmed(self): settings = serialize_settings(Auth(self.user)) assert_true(settings['is_enabled']) assert_false(settings['is_confirmed']) assert_equal(settings['secret'], self.user_addon.totp_secret_b32) assert_equal(settings['drift'], self.user_addon.totp_drift) def test_serialize_settings_enabled_and_confirmed(self): self.user_addon.is_confirmed = True self.user_addon.save() settings = serialize_settings(Auth(self.user)) assert_true(settings['is_enabled']) assert_true(settings['is_confirmed']) assert_equal(settings['secret'], self.user_addon.totp_secret_b32) assert_equal(settings['drift'], self.user_addon.totp_drift) def test_serialize_settings_disabled(self): user = AuthUserFactory() settings = serialize_settings(Auth(user)) assert_false(settings['is_enabled']) assert_false(settings['is_confirmed']) assert_equal(settings['secret'], None) assert_equal(settings['drift'], None)
class TestUtils(OsfTestCase): @mock.patch('website.addons.twofactor.models.push_status_message') def setUp(self, mocked): super(TestUtils, self).setUp() self.user = AuthUserFactory() self.user_addon = self.user.get_or_add_addon('twofactor') self.user_settings = self.user.get_addon('twofactor') def test_serialize_urls_enabled(self): urls = serialize_urls(self.user_addon) for key in ['enable', 'disable', 'settings', 'otpauth']: assert_in(key, urls) assert_equal(urls['otpauth'], self.user_addon.otpauth_url) def test_serialize_urls_disabled(self): urls = serialize_urls(None) for key in ['enable', 'disable', 'settings', 'otpauth']: assert_in(key, urls) assert_equal(urls['otpauth'], '') def test_serialize_settings_enabled_and_unconfirmed(self): settings = serialize_settings(Auth(self.user)) assert_true(settings['is_enabled']) assert_false(settings['is_confirmed']) assert_equal(settings['secret'], self.user_addon.totp_secret_b32) assert_equal(settings['drift'], self.user_addon.totp_drift) def test_serialize_settings_enabled_and_confirmed(self): self.user_addon.is_confirmed = True self.user_addon.save() settings = serialize_settings(Auth(self.user)) assert_true(settings['is_enabled']) assert_true(settings['is_confirmed']) assert_equal(settings['secret'], self.user_addon.totp_secret_b32) assert_equal(settings['drift'], self.user_addon.totp_drift) def test_serialize_settings_disabled(self): user = AuthUserFactory() settings = serialize_settings(Auth(user)) assert_false(settings['is_enabled']) assert_false(settings['is_confirmed']) assert_equal(settings['secret'], None) assert_equal(settings['drift'], None)
class TestViews(OsfTestCase): @mock.patch('website.addons.twofactor.models.push_status_message') def setUp(self, mocked): super(TestViews, self).setUp() self.user = AuthUserFactory() self.user_addon = self.user.get_or_add_addon('twofactor') self.user_settings = self.user.get_addon('twofactor') def test_confirm_code(self): # Send a valid code to the API endpoint for the user settings. url = api_url_for('twofactor_settings_put') res = self.app.put_json( url, {'code': _valid_code(self.user_settings.totp_secret)}, auth=self.user.auth ) # reload the user settings object from the DB self.user_settings.reload() assert_true(self.user_settings.is_confirmed) assert_equal(res.status_code, 200) def test_confirm_code_failure(self): url = api_url_for('twofactor_settings_put') res = self.app.put_json( url, {'code': '0000000'}, auth=self.user.auth, expect_errors=True ) assert_equal(res.status_code, 403) json = res.json assert_in('verification code', json['message_long']) # reload the user settings object from the DB self.user_settings.reload() assert_false(self.user_settings.is_confirmed)
class TestAddonLogs(OsfTestCase): def setUp(self): super(TestAddonLogs, self).setUp() self.flask_app = SetEnvironMiddleware(self.app.app, REMOTE_ADDR='127.0.0.1') self.test_app = webtest.TestApp(self.flask_app) self.user = AuthUserFactory() self.auth_obj = Auth(user=self.user) self.node = ProjectFactory(creator=self.user) self.session = Session(data={'auth_user_id': self.user._id}) self.session.save() self.cookie = itsdangerous.Signer(settings.SECRET_KEY).sign( self.session._id) self.configure_addon() def configure_addon(self): self.user.add_addon('github') self.user_addon = self.user.get_addon('github') self.oauth_settings = AddonGitHubOauthSettings(github_user_id='john') self.oauth_settings.save() self.user_addon.oauth_settings = self.oauth_settings self.user_addon.oauth_access_token = 'secret' self.user_addon.save() self.node.add_addon('github', self.auth_obj) self.node_addon = self.node.get_addon('github') self.node_addon.user = '******' self.node_addon.repo = 'youre-my-best-friend' self.node_addon.user_settings = self.user_addon self.node_addon.save() def build_payload(self, metadata, **kwargs): options = dict( auth={'id': self.user._id}, action='create', provider=self.node_addon.config.short_name, metadata=metadata, time=time.time() + 1000, ) options.update(kwargs) options = { key: value for key, value in options.iteritems() if value is not None } message, signature = signing.default_signer.sign_payload(options) return { 'payload': message, 'signature': signature, } @mock.patch('website.notifications.events.files.FileAdded.perform') def test_add_log(self, mock_perform): path = 'pizza' url = self.node.api_url_for('create_waterbutler_log') payload = self.build_payload(metadata={'path': path}) nlogs = len(self.node.logs) self.test_app.put_json(url, payload, headers={'Content-Type': 'application/json'}) self.node.reload() assert_equal(len(self.node.logs), nlogs + 1) # # Mocking form_message and perform so that the payload need not be exact. # assert_true(mock_form_message.called, "form_message not called") assert_true(mock_perform.called, "perform not called") def test_add_log_missing_args(self): path = 'pizza' url = self.node.api_url_for('create_waterbutler_log') payload = self.build_payload(metadata={'path': path}, auth=None) nlogs = len(self.node.logs) res = self.test_app.put_json( url, payload, headers={'Content-Type': 'application/json'}, expect_errors=True, ) assert_equal(res.status_code, 400) self.node.reload() assert_equal(len(self.node.logs), nlogs) def test_add_log_no_user(self): path = 'pizza' url = self.node.api_url_for('create_waterbutler_log') payload = self.build_payload(metadata={'path': path}, auth={'id': None}) nlogs = len(self.node.logs) res = self.test_app.put_json( url, payload, headers={'Content-Type': 'application/json'}, expect_errors=True, ) assert_equal(res.status_code, 400) self.node.reload() assert_equal(len(self.node.logs), nlogs) def test_add_log_no_addon(self): path = 'pizza' node = ProjectFactory(creator=self.user) url = node.api_url_for('create_waterbutler_log') payload = self.build_payload(metadata={'path': path}) nlogs = len(node.logs) res = self.test_app.put_json( url, payload, headers={'Content-Type': 'application/json'}, expect_errors=True, ) assert_equal(res.status_code, 400) self.node.reload() assert_equal(len(node.logs), nlogs) def test_add_log_bad_action(self): path = 'pizza' url = self.node.api_url_for('create_waterbutler_log') payload = self.build_payload(metadata={'path': path}, action='dance') nlogs = len(self.node.logs) res = self.test_app.put_json( url, payload, headers={'Content-Type': 'application/json'}, expect_errors=True, ) assert_equal(res.status_code, 400) self.node.reload() assert_equal(len(self.node.logs), nlogs) def test_action_file_rename(self): url = self.node.api_url_for('create_waterbutler_log') payload = self.build_payload( action='rename', metadata={ 'path': 'foo', }, source={ 'materialized': 'foo', 'provider': 'github', 'node': { '_id': self.node._id }, 'name': 'new.txt', 'kind': 'file', }, destination={ 'path': 'foo', 'materialized': 'foo', 'provider': 'github', 'node': { '_id': self.node._id }, 'name': 'old.txt', 'kind': 'file', }, ) self.test_app.put_json(url, payload, headers={'Content-Type': 'application/json'}) self.node.reload() assert_equal( self.node.logs[-1].action, 'github_addon_file_renamed', )
class TestCreateBucket(S3AddonTestCase): def setUp(self): super(TestCreateBucket, self).setUp() self.user = AuthUserFactory() self.consolidated_auth = Auth(user=self.user) self.auth = self.user.auth self.project = ProjectFactory(creator=self.user) self.project.add_addon('s3', auth=self.consolidated_auth) self.project.creator.add_addon('s3') self.user_settings = self.user.get_addon('s3') self.user_settings.access_key = 'We-Will-Rock-You' self.user_settings.secret_key = 'Idontknowanyqueensongs' self.user_settings.save() self.node_settings = self.project.get_addon('s3') self.node_settings.bucket = 'Sheer-Heart-Attack' self.node_settings.user_settings = self.project.creator.get_addon('s3') self.node_settings.save() def test_bad_names(self): assert_false(validate_bucket_name('')) assert_false(validate_bucket_name('no')) assert_false(validate_bucket_name('a' * 64)) assert_false(validate_bucket_name(' leadingspace')) assert_false(validate_bucket_name('trailingspace ')) assert_false(validate_bucket_name('bogus naMe')) assert_false(validate_bucket_name('.cantstartwithp')) assert_false(validate_bucket_name('or.endwith.')) assert_false(validate_bucket_name('..nodoubles')) assert_false(validate_bucket_name('no_unders_in')) assert_false(validate_bucket_name('-leadinghyphen')) assert_false(validate_bucket_name('trailinghyphen-')) assert_false(validate_bucket_name('Mixedcase')) assert_false(validate_bucket_name('empty..label')) assert_false(validate_bucket_name('label-.trailinghyphen')) assert_false(validate_bucket_name('label.-leadinghyphen')) assert_false(validate_bucket_name('8.8.8.8')) assert_false(validate_bucket_name('600.9000.0.28')) assert_false(validate_bucket_name('no_underscore')) assert_false(validate_bucket_name('_nounderscoreinfront')) assert_false(validate_bucket_name('no-underscore-in-back_')) assert_false( validate_bucket_name('no-underscore-in_the_middle_either')) def test_names(self): assert_true(validate_bucket_name('imagoodname')) assert_true(validate_bucket_name('still.passing')) assert_true(validate_bucket_name('can-have-dashes')) assert_true(validate_bucket_name('kinda.name.spaced')) assert_true(validate_bucket_name('a-o.valid')) assert_true(validate_bucket_name('11.12.m')) assert_true(validate_bucket_name('a--------a')) assert_true(validate_bucket_name('a' * 63)) def test_bad_locations(self): assert_false(validate_bucket_location('Venus')) assert_false(validate_bucket_location('AlphaCentari')) assert_false(validate_bucket_location('CostaRica')) def test_locations(self): assert_true(validate_bucket_location('')) assert_true(validate_bucket_location('us-east-2')) assert_true(validate_bucket_location('eu-central-1')) assert_true(validate_bucket_location('us-west-1')) assert_true(validate_bucket_location('us-west-2')) assert_true(validate_bucket_location('ap-northeast-1')) assert_true(validate_bucket_location('ap-northeast-2')) assert_true(validate_bucket_location('ap-southeast-1')) assert_true(validate_bucket_location('ap-southeast-2')) assert_true(validate_bucket_location('ap-south-1')) assert_true(validate_bucket_location('sa-east-1')) assert_true(validate_bucket_location('eu-west-1')) @mock.patch('website.addons.s3.views.utils.create_bucket') @mock.patch('website.addons.s3.views.utils.get_bucket_names') def test_create_bucket_pass(self, mock_names, mock_make): mock_make.return_value = True mock_names.return_value = ['butintheend', 'it', 'doesntevenmatter'] url = self.project.api_url_for('create_bucket') ret = self.app.post_json(url, { 'bucket_name': 'doesntevenmatter', 'bucket_location': '', }, auth=self.user.auth) assert_equal(ret.status_int, http.OK) assert_equal(ret.json, {}) @mock.patch('website.addons.s3.views.utils.create_bucket') def test_create_bucket_fail(self, mock_make): error = S3ResponseError(418, 'because Im a test') error.message = 'This should work' mock_make.side_effect = error url = "/api/v1/project/{0}/s3/newbucket/".format(self.project._id) ret = self.app.post_json(url, {'bucket_name': 'doesntevenmatter'}, auth=self.user.auth, expect_errors=True) assert_equals( ret.body, '{"message": "This should work", "title": "Problem connecting to S3"}' ) @mock.patch('website.addons.s3.views.utils.create_bucket') def test_bad_location_fails(self, mock_make): url = "/api/v1/project/{0}/s3/newbucket/".format(self.project._id) ret = self.app.post_json( url, { 'bucket_name': 'doesntevenmatter', 'bucket_location': 'not a real bucket location', }, auth=self.user.auth, expect_errors=True) assert_equals( ret.body, '{"message": "That bucket location is not valid.", "title": "Invalid bucket location"}' )
class TestNodeFilesListPagination(ApiTestCase): def setUp(self): super(TestNodeFilesListPagination, self).setUp() self.user = AuthUserFactory() self.project = ProjectFactory(creator=self.user) httpretty.enable() def tearDown(self): super(TestNodeFilesListPagination, self).tearDown() httpretty.disable() httpretty.reset() def add_github(self): user_auth = Auth(self.user) self.project.add_addon('github', auth=user_auth) addon = self.project.get_addon('github') addon.repo = 'something' addon.user = '******' oauth_settings = GitHubAccountFactory() oauth_settings.save() self.user.add_addon('github') self.user.external_accounts.append(oauth_settings) self.user.save() addon.user_settings = self.user.get_addon('github') addon.save() self.project.save() def check_file_order(self, resp): previous_file_name = 0 for file in resp.json['data']: int_file_name = int(file['attributes']['name']) assert(int_file_name > previous_file_name, 'Files were not in order') previous_file_name = int_file_name def test_node_files_are_sorted_correctly(self): prepare_mock_wb_response( node=self.project, provider='github', files=[ {'name': '01', 'path': '/01/', 'materialized': '/01/', 'kind': 'folder'}, {'name': '02', 'path': '/02', 'materialized': '/02', 'kind': 'file'}, {'name': '03', 'path': '/03/', 'materialized': '/03/', 'kind': 'folder'}, {'name': '04', 'path': '/04', 'materialized': '/04', 'kind': 'file'}, {'name': '05', 'path': '/05/', 'materialized': '/05/', 'kind': 'folder'}, {'name': '06', 'path': '/06', 'materialized': '/06', 'kind': 'file'}, {'name': '07', 'path': '/07/', 'materialized': '/07/', 'kind': 'folder'}, {'name': '08', 'path': '/08', 'materialized': '/08', 'kind': 'file'}, {'name': '09', 'path': '/09/', 'materialized': '/09/', 'kind': 'folder'}, {'name': '10', 'path': '/10', 'materialized': '/10', 'kind': 'file'}, {'name': '11', 'path': '/11/', 'materialized': '/11/', 'kind': 'folder'}, {'name': '12', 'path': '/12', 'materialized': '/12', 'kind': 'file'}, {'name': '13', 'path': '/13/', 'materialized': '/13/', 'kind': 'folder'}, {'name': '14', 'path': '/14', 'materialized': '/14', 'kind': 'file'}, {'name': '15', 'path': '/15/', 'materialized': '/15/', 'kind': 'folder'}, {'name': '16', 'path': '/16', 'materialized': '/16', 'kind': 'file'}, {'name': '17', 'path': '/17/', 'materialized': '/17/', 'kind': 'folder'}, {'name': '18', 'path': '/18', 'materialized': '/18', 'kind': 'file'}, {'name': '19', 'path': '/19/', 'materialized': '/19/', 'kind': 'folder'}, {'name': '20', 'path': '/20', 'materialized': '/20', 'kind': 'file'}, {'name': '21', 'path': '/21/', 'materialized': '/21/', 'kind': 'folder'}, {'name': '22', 'path': '/22', 'materialized': '/22', 'kind': 'file'}, {'name': '23', 'path': '/23/', 'materialized': '/23/', 'kind': 'folder'}, {'name': '24', 'path': '/24', 'materialized': '/24', 'kind': 'file'}, ] ) self.add_github() url = '/{}nodes/{}/files/github/?page[size]=100'.format(API_BASE, self.project._id) res = self.app.get(url, auth=self.user.auth) self.check_file_order(res)
class TestNodeFilesList(ApiTestCase): def setUp(self): super(TestNodeFilesList, self).setUp() self.user = AuthUserFactory() self.project = ProjectFactory(creator=self.user) self.private_url = '/{}nodes/{}/files/'.format(API_BASE, self.project._id) self.user_two = AuthUserFactory() self.public_project = ProjectFactory(creator=self.user, is_public=True) self.public_url = '/{}nodes/{}/files/'.format(API_BASE, self.public_project._id) httpretty.enable() def tearDown(self): super(TestNodeFilesList, self).tearDown() httpretty.disable() httpretty.reset() def add_github(self): user_auth = Auth(self.user) self.project.add_addon('github', auth=user_auth) addon = self.project.get_addon('github') addon.repo = 'something' addon.user = '******' oauth_settings = GitHubAccountFactory() oauth_settings.save() self.user.add_addon('github') self.user.external_accounts.append(oauth_settings) self.user.save() addon.user_settings = self.user.get_addon('github') addon.save() self.project.save() def _prepare_mock_wb_response(self, node=None, **kwargs): prepare_mock_wb_response(node=node or self.project, **kwargs) def test_returns_public_files_logged_out(self): res = self.app.get(self.public_url, expect_errors=True) assert_equal(res.status_code, 200) assert_equal(res.json['data'][0]['attributes']['provider'], 'osfstorage') assert_equal(res.content_type, 'application/vnd.api+json') def test_returns_public_files_logged_in(self): res = self.app.get(self.public_url, auth=self.user.auth) assert_equal(res.status_code, 200) assert_equal(res.content_type, 'application/vnd.api+json') assert_equal(res.json['data'][0]['attributes']['provider'], 'osfstorage') def test_returns_storage_addons_link(self): res = self.app.get(self.private_url, auth=self.user.auth) assert_in('storage_addons', res.json['data'][0]['links']) def test_returns_file_data(self): fobj = self.project.get_addon('osfstorage').get_root().append_file('NewFile') fobj.save() res = self.app.get('{}osfstorage/{}'.format(self.private_url, fobj._id), auth=self.user.auth) assert_equal(res.status_code, 200) assert_true(isinstance(res.json['data'], dict)) assert_equal(res.content_type, 'application/vnd.api+json') assert_equal(res.json['data']['attributes']['kind'], 'file') assert_equal(res.json['data']['attributes']['name'], 'NewFile') def test_returns_osfstorage_folder_version_two(self): fobj = self.project.get_addon('osfstorage').get_root().append_folder('NewFolder') fobj.save() res = self.app.get('{}osfstorage/'.format(self.private_url), auth=self.user.auth) assert_equal(res.status_code, 200) def test_returns_osf_storage_folder_version_two_point_two(self): fobj = self.project.get_addon('osfstorage').get_root().append_folder('NewFolder') fobj.save() res = self.app.get('{}osfstorage/?version=2.2'.format(self.private_url), auth=self.user.auth) assert_equal(res.status_code, 200) def test_list_returns_folder_data(self): fobj = self.project.get_addon('osfstorage').get_root().append_folder('NewFolder') fobj.save() res = self.app.get('{}osfstorage/'.format(self.private_url, fobj._id), auth=self.user.auth) assert_equal(res.status_code, 200) assert_equal(len(res.json['data']), 1) assert_equal(res.content_type, 'application/vnd.api+json') assert_equal(res.json['data'][0]['attributes']['name'], 'NewFolder') def test_returns_folder_data(self): fobj = self.project.get_addon('osfstorage').get_root().append_folder('NewFolder') fobj.save() res = self.app.get('{}osfstorage/{}/'.format(self.private_url, fobj._id), auth=self.user.auth) assert_equal(res.status_code, 200) assert_equal(len(res.json['data']), 0) assert_equal(res.content_type, 'application/vnd.api+json') def test_returns_private_files_logged_out(self): res = self.app.get(self.private_url, expect_errors=True) assert_equal(res.status_code, 401) assert_in('detail', res.json['errors'][0]) def test_returns_private_files_logged_in_contributor(self): res = self.app.get(self.private_url, auth=self.user.auth) assert_equal(res.status_code, 200) assert_equal(res.content_type, 'application/vnd.api+json') assert_equal(len(res.json['data']), 1) assert_equal(res.json['data'][0]['attributes']['provider'], 'osfstorage') def test_returns_private_files_logged_in_non_contributor(self): res = self.app.get(self.private_url, auth=self.user_two.auth, expect_errors=True) assert_equal(res.status_code, 403) assert_in('detail', res.json['errors'][0]) def test_returns_addon_folders(self): user_auth = Auth(self.user) res = self.app.get(self.private_url, auth=self.user.auth) assert_equal(len(res.json['data']), 1) assert_equal(res.json['data'][0]['attributes']['provider'], 'osfstorage') self.project.add_addon('github', auth=user_auth) addon = self.project.get_addon('github') addon.repo = 'something' addon.user = '******' oauth_settings = GitHubAccountFactory() oauth_settings.save() self.user.add_addon('github') self.user.external_accounts.append(oauth_settings) self.user.save() addon.user_settings = self.user.get_addon('github') addon.save() self.project.save() res = self.app.get(self.private_url, auth=self.user.auth) data = res.json['data'] providers = [item['attributes']['provider'] for item in data] assert_equal(len(data), 2) assert_in('github', providers) assert_in('osfstorage', providers) def test_returns_node_files_list(self): self._prepare_mock_wb_response(provider='github', files=[{'name': 'NewFile'}]) self.add_github() url = '/{}nodes/{}/files/github/'.format(API_BASE, self.project._id) res = self.app.get(url, auth=self.user.auth) assert_equal(res.json['data'][0]['attributes']['name'], 'NewFile') assert_equal(res.json['data'][0]['attributes']['provider'], 'github') def test_returns_node_file(self): self._prepare_mock_wb_response(provider='github', files=[{'name': 'NewFile'}], folder=False, path='/file') self.add_github() url = '/{}nodes/{}/files/github/file'.format(API_BASE, self.project._id) res = self.app.get(url, auth=self.user.auth, headers={ 'COOKIE': 'foo=bar;' # Webtests doesnt support cookies? }) assert_equal(res.status_code, 200) assert_equal(res.json['data']['attributes']['name'], 'NewFile') assert_equal(res.json['data']['attributes']['provider'], 'github') def test_notfound_node_file_returns_folder(self): self._prepare_mock_wb_response(provider='github', files=[{'name': 'NewFile'}], path='/file') url = '/{}nodes/{}/files/github/file'.format(API_BASE, self.project._id) res = self.app.get(url, auth=self.user.auth, expect_errors=True, headers={ 'COOKIE': 'foo=bar;' # Webtests doesnt support cookies? }) assert_equal(res.status_code, 404) def test_notfound_node_folder_returns_file(self): self._prepare_mock_wb_response(provider='github', files=[{'name': 'NewFile'}], folder=False, path='/') url = '/{}nodes/{}/files/github/'.format(API_BASE, self.project._id) res = self.app.get(url, auth=self.user.auth, expect_errors=True, headers={ 'COOKIE': 'foo=bar;' # Webtests doesnt support cookies? }) assert_equal(res.status_code, 404) def test_waterbutler_server_error_returns_503(self): self._prepare_mock_wb_response(status_code=500) self.add_github() url = '/{}nodes/{}/files/github/'.format(API_BASE, self.project._id) res = self.app.get(url, auth=self.user.auth, expect_errors=True, headers={ 'COOKIE': 'foo=bar;' # Webtests doesnt support cookies? }) assert_equal(res.status_code, 503) def test_waterbutler_invalid_data_returns_503(self): wb_url = waterbutler_api_url_for(self.project._id, provider='github', path='/', meta=True) self.add_github() httpretty.register_uri( httpretty.GET, wb_url, body=json.dumps({}), status=400 ) url = '/{}nodes/{}/files/github/'.format(API_BASE, self.project._id) res = self.app.get(url, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 503) def test_handles_unauthenticated_waterbutler_request(self): self._prepare_mock_wb_response(status_code=401) self.add_github() url = '/{}nodes/{}/files/github/'.format(API_BASE, self.project._id) res = self.app.get(url, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 403) assert_in('detail', res.json['errors'][0]) def test_handles_notfound_waterbutler_request(self): invalid_provider = 'gilkjadsflhub' self._prepare_mock_wb_response(status_code=404, provider=invalid_provider) url = '/{}nodes/{}/files/{}/'.format(API_BASE, self.project._id, invalid_provider) res = self.app.get(url, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 404) assert_in('detail', res.json['errors'][0]) def test_handles_request_to_provider_not_configured_on_project(self): provider = 'box' url = '/{}nodes/{}/files/{}/'.format(API_BASE, self.project._id, provider) res = self.app.get(url, auth=self.user.auth, expect_errors=True) assert_false(self.project.get_addon(provider)) assert_equal(res.status_code, 404) assert_equal(res.json['errors'][0]['detail'], 'The {} provider is not configured for this project.'.format(provider)) def test_handles_bad_waterbutler_request(self): wb_url = waterbutler_api_url_for(self.project._id, provider='github', path='/', meta=True) httpretty.register_uri( httpretty.GET, wb_url, body=json.dumps({}), status=418 ) self.add_github() url = '/{}nodes/{}/files/github/'.format(API_BASE, self.project._id) res = self.app.get(url, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 503) assert_in('detail', res.json['errors'][0]) def test_files_list_contains_relationships_object(self): res = self.app.get(self.public_url, auth=self.user.auth) assert_equal(res.status_code, 200) assert 'relationships' in res.json['data'][0]
class TestAddonAuth(OsfTestCase): def setUp(self): super(TestAddonAuth, self).setUp() self.flask_app = SetEnvironMiddleware(self.app.app, REMOTE_ADDR='127.0.0.1') self.test_app = webtest.TestApp(self.flask_app) self.user = AuthUserFactory() self.auth_obj = Auth(user=self.user) self.node = ProjectFactory(creator=self.user) self.session = Session(data={'auth_user_id': self.user._id}) self.session.save() self.cookie = itsdangerous.Signer(settings.SECRET_KEY).sign(self.session._id) self.configure_addon() def configure_addon(self): self.user.add_addon('github') self.user_addon = self.user.get_addon('github') self.oauth_settings = AddonGitHubOauthSettings(github_user_id='john') self.oauth_settings.save() self.user_addon.oauth_settings = self.oauth_settings self.user_addon.oauth_access_token = 'secret' self.user_addon.save() self.node.add_addon('github', self.auth_obj) self.node_addon = self.node.get_addon('github') self.node_addon.user = '******' self.node_addon.repo = 'youre-my-best-friend' self.node_addon.user_settings = self.user_addon self.node_addon.save() def build_url(self, **kwargs): options = dict( action='download', cookie=self.cookie, nid=self.node._id, provider=self.node_addon.config.short_name, ) options.update(kwargs) return api_url_for('get_auth', **options) def test_auth_download(self): url = self.build_url() res = self.test_app.get(url) assert_equal(res.json['auth'], views.make_auth(self.user)) assert_equal(res.json['credentials'], self.node_addon.serialize_waterbutler_credentials()) assert_equal(res.json['settings'], self.node_addon.serialize_waterbutler_settings()) expected_url = furl.furl(self.node.api_url_for('create_waterbutler_log', _absolute=True)) observed_url = furl.furl(res.json['callback_url']) observed_url.port = expected_url.port assert_equal(expected_url, observed_url) def test_auth_missing_args(self): url = self.build_url(cookie=None) res = self.test_app.get(url, expect_errors=True) assert_equal(res.status_code, 400) def test_auth_bad_cookie(self): url = self.build_url(cookie=self.cookie[::-1]) res = self.test_app.get(url, expect_errors=True) assert_equal(res.status_code, 401) def test_auth_missing_addon(self): url = self.build_url(provider='queenhub') res = self.test_app.get(url, expect_errors=True) assert_equal(res.status_code, 400) def test_auth_bad_ip(self): flask_app = SetEnvironMiddleware(self.app.app, REMOTE_ADDR='192.168.1.1') test_app = webtest.TestApp(flask_app) url = self.build_url() res = test_app.get(url, expect_errors=True) assert_equal(res.status_code, 403)
class TestNodeFilesListFiltering(ApiTestCase): def setUp(self): super(TestNodeFilesListFiltering, self).setUp() self.user = AuthUserFactory() self.project = ProjectFactory(creator=self.user) httpretty.enable() # Prep HTTP mocks prepare_mock_wb_response( node=self.project, provider='github', files=[ {'name': 'abc', 'path': '/abc/', 'materialized': '/abc/', 'kind': 'folder'}, {'name': 'xyz', 'path': '/xyz', 'materialized': '/xyz', 'kind': 'file'}, ] ) def tearDown(self): super(TestNodeFilesListFiltering, self).tearDown() httpretty.disable() httpretty.reset() def add_github(self): user_auth = Auth(self.user) self.project.add_addon('github', auth=user_auth) addon = self.project.get_addon('github') addon.repo = 'something' addon.user = '******' oauth_settings = GitHubAccountFactory() oauth_settings.save() self.user.add_addon('github') self.user.external_accounts.append(oauth_settings) self.user.save() addon.user_settings = self.user.get_addon('github') addon.save() self.project.save() def test_node_files_are_filterable_by_name(self): url = '/{}nodes/{}/files/github/?filter[name]=xyz'.format(API_BASE, self.project._id) self.add_github() res = self.app.get(url, auth=self.user.auth) assert_equal(res.status_code, 200) assert_equal(len(res.json['data']), 1) # filters out 'abc' assert_equal(res.json['data'][0]['attributes']['name'], 'xyz') def test_node_files_filter_by_name_case_insensitive(self): url = '/{}nodes/{}/files/github/?filter[name]=XYZ'.format(API_BASE, self.project._id) self.add_github() res = self.app.get(url, auth=self.user.auth) assert_equal(res.status_code, 200) assert_equal(len(res.json['data']), 1) # filters out 'abc', but finds 'xyz' assert_equal(res.json['data'][0]['attributes']['name'], 'xyz') def test_node_files_are_filterable_by_path(self): url = '/{}nodes/{}/files/github/?filter[path]=abc'.format(API_BASE, self.project._id) self.add_github() res = self.app.get(url, auth=self.user.auth) assert_equal(res.status_code, 200) assert_equal(len(res.json['data']), 1) # filters out 'xyz' assert_equal(res.json['data'][0]['attributes']['name'], 'abc') def test_node_files_are_filterable_by_kind(self): url = '/{}nodes/{}/files/github/?filter[kind]=folder'.format(API_BASE, self.project._id) self.add_github() res = self.app.get(url, auth=self.user.auth) assert_equal(res.status_code, 200) assert_equal(len(res.json['data']), 1) # filters out 'xyz' assert_equal(res.json['data'][0]['attributes']['name'], 'abc') def test_node_files_external_provider_can_filter_by_last_touched(self): yesterday_stamp = datetime.datetime.utcnow() - datetime.timedelta(days=1) self.add_github() url = '/{}nodes/{}/files/github/?filter[last_touched][gt]={}'.format(API_BASE, self.project._id, yesterday_stamp.isoformat()) res = self.app.get(url, auth=self.user.auth) assert_equal(res.status_code, 200) assert_equal(len(res.json['data']), 2) def test_node_files_osfstorage_cannot_filter_by_last_touched(self): yesterday_stamp = datetime.datetime.utcnow() - datetime.timedelta(days=1) self.file = api_utils.create_test_file(self.project, self.user) url = '/{}nodes/{}/files/osfstorage/?filter[last_touched][gt]={}'.format(API_BASE, self.project._id, yesterday_stamp.isoformat()) res = self.app.get(url, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) assert_equal(len(res.json['errors']), 1)
class TestAddonFileViews(OsfTestCase): @classmethod def setUpClass(cls): super(TestAddonFileViews, cls).setUpClass() PROVIDER_MAP['github'] = [TestFolder, TestFile, TestFileNode] TestFileNode.provider = 'github' def setUp(self): super(TestAddonFileViews, self).setUp() self.user = AuthUserFactory() self.project = ProjectFactory(creator=self.user) self.user.add_addon('github') self.project.add_addon('github', auth=Auth(self.user)) self.user_addon = self.user.get_addon('github') self.node_addon = self.project.get_addon('github') self.oauth = AddonGitHubOauthSettings(github_user_id='denbarell', oauth_access_token='Truthy') self.oauth.save() self.user_addon.oauth_settings = self.oauth self.user_addon.save() self.node_addon.user_settings = self.user_addon self.node_addon.repo = 'Truth' self.node_addon.user = '******' self.node_addon.save() @classmethod def tearDownClass(cls): super(TestAddonFileViews, cls).tearDownClass() PROVIDER_MAP['github'] = [ models.GithubFolder, models.GithubFile, models.GithubFileNode ] del PROVIDER_MAP['test_addons'] def get_test_file(self): ret = TestFile(name='Test', node=self.project, path='/test/Test', materialized_path='/test/Test') ret.save() return ret def get_mako_return(self): ret = serialize_node(self.project, Auth(self.user), primary=True) ret.update({ 'error': '', 'provider': '', 'file_path': '', 'sharejs_uuid': '', 'private': '', 'urls': { 'files': '', 'render': '', 'sharejs': '', 'mfr': '', 'gravatar': '', 'external': '', }, 'size': '', 'extra': '', 'file_name': '', 'materialized_path': '', }) ret.update(rubeus.collect_addon_assets(self.project)) return ret def test_redirects_to_guid(self): file_node = self.get_test_file() guid = file_node.get_guid(create=True) resp = self.app.get(self.project.web_url_for( 'addon_view_or_download_file', path=file_node.path.strip('/'), provider='github'), auth=self.user.auth) assert_equals(resp.status_code, 302) assert_equals(resp.location, 'http://*****:*****@mock.patch('website.addons.base.views.addon_view_file') def test_action_view_calls_view_file(self, mock_view_file): self.user.reload() self.project.reload() file_node = self.get_test_file() guid = file_node.get_guid(create=True) mock_view_file.return_value = self.get_mako_return() self.app.get('/{}/?action=view'.format(guid._id), auth=self.user.auth) args, kwargs = mock_view_file.call_args assert_equals(kwargs, {}) assert_equals(args[0].user, self.user) assert_equals(args[1], self.project) assert_equals(args[2], file_node) assert_true(isinstance(args[3], file_node.touch(None).__class__)) @mock.patch('website.addons.base.views.addon_view_file') def test_no_action_calls_view_file(self, mock_view_file): self.user.reload() self.project.reload() file_node = self.get_test_file() guid = file_node.get_guid(create=True) mock_view_file.return_value = self.get_mako_return() self.app.get('/{}/'.format(guid._id), auth=self.user.auth) args, kwargs = mock_view_file.call_args assert_equals(kwargs, {}) assert_equals(args[0].user, self.user) assert_equals(args[1], self.project) assert_equals(args[2], file_node) assert_true(isinstance(args[3], file_node.touch(None).__class__)) def test_download_create_guid(self): file_node = self.get_test_file() assert_is(file_node.get_guid(), None) self.app.get(self.project.web_url_for( 'addon_view_or_download_file', path=file_node.path.strip('/'), provider='github', ), auth=self.user.auth) assert_true(file_node.get_guid()) def test_unauthorized_addons_raise(self): path = 'cloudfiles' self.node_addon.user_settings = None self.node_addon.save() resp = self.app.get(self.project.web_url_for( 'addon_view_or_download_file', path=path, provider='github', action='download'), auth=self.user.auth, expect_errors=True) assert_equals(resp.status_code, 401) def test_nonstorage_addons_raise(self): resp = self.app.get(self.project.web_url_for( 'addon_view_or_download_file', path='sillywiki', provider='wiki', action='download'), auth=self.user.auth, expect_errors=True) assert_equals(resp.status_code, 400) def test_head_returns_url(self): file_node = self.get_test_file() guid = file_node.get_guid(create=True) resp = self.app.head('/{}/'.format(guid._id), auth=self.user.auth) location = furl.furl(resp.location) assert_urls_equal(location.url, file_node.generate_waterbutler_url(direct=None)) def test_nonexistent_addons_raise(self): path = 'cloudfiles' self.project.delete_addon('github', Auth(self.user)) self.project.save() resp = self.app.get(self.project.web_url_for( 'addon_view_or_download_file', path=path, provider='github', action='download'), auth=self.user.auth, expect_errors=True) assert_equals(resp.status_code, 400) def test_unauth_addons_raise(self): path = 'cloudfiles' self.node_addon.user_settings = None self.node_addon.save() resp = self.app.get(self.project.web_url_for( 'addon_view_or_download_file', path=path, provider='github', action='download'), auth=self.user.auth, expect_errors=True) assert_equals(resp.status_code, 401)
class TestNodeFilesList(ApiTestCase): def setUp(self): super(TestNodeFilesList, self).setUp() self.user = AuthUserFactory() self.project = ProjectFactory(creator=self.user) self.private_url = '/{}nodes/{}/files/'.format(API_BASE, self.project._id) self.user_two = AuthUserFactory() self.public_project = ProjectFactory(creator=self.user, is_public=True) self.public_url = '/{}nodes/{}/files/'.format(API_BASE, self.public_project._id) httpretty.enable() def tearDown(self): super(TestNodeFilesList, self).tearDown() httpretty.disable() httpretty.reset() def _prepare_mock_wb_response(self, node=None, **kwargs): prepare_mock_wb_response(node=node or self.project, **kwargs) def test_cannot_access_retracted_files_list(self): registration = RegistrationFactory(creator=self.user, project=self.public_project) url = '/{}nodes/{}/files/'.format(API_BASE, registration._id) retraction = RetractedRegistrationFactory(registration=registration, user=registration.creator) res = self.app.get(url, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 404) def test_returns_public_files_logged_out(self): res = self.app.get(self.public_url, expect_errors=True) assert_equal(res.status_code, 200) assert_equal(res.json['data'][0]['attributes']['provider'], 'osfstorage') assert_equal(res.content_type, 'application/vnd.api+json') def test_returns_public_files_logged_in(self): res = self.app.get(self.public_url, auth=self.user.auth) assert_equal(res.status_code, 200) assert_equal(res.content_type, 'application/vnd.api+json') assert_equal(res.json['data'][0]['attributes']['provider'], 'osfstorage') def test_returns_file_data(self): fobj = self.project.get_addon('osfstorage').get_root().append_file( 'NewFile') fobj.save() res = self.app.get('{}osfstorage/{}'.format(self.private_url, fobj._id), auth=self.user.auth) assert_equal(res.status_code, 200) assert_true(isinstance(res.json['data'], dict)) assert_equal(res.content_type, 'application/vnd.api+json') assert_equal(res.json['data']['attributes']['kind'], 'file') assert_equal(res.json['data']['attributes']['name'], 'NewFile') def test_returns_folder_data(self): fobj = self.project.get_addon('osfstorage').get_root().append_folder( 'NewFolder') fobj.save() res = self.app.get('{}osfstorage/{}/'.format(self.private_url, fobj._id), auth=self.user.auth) assert_equal(res.status_code, 200) assert_equal(len(res.json['data']), 0) assert_equal(res.content_type, 'application/vnd.api+json') def test_returns_private_files_logged_out(self): res = self.app.get(self.private_url, expect_errors=True) assert_equal(res.status_code, 401) assert_in('detail', res.json['errors'][0]) def test_returns_private_files_logged_in_contributor(self): res = self.app.get(self.private_url, auth=self.user.auth) assert_equal(res.status_code, 200) assert_equal(res.content_type, 'application/vnd.api+json') assert_equal(len(res.json['data']), 1) assert_equal(res.json['data'][0]['attributes']['provider'], 'osfstorage') def test_returns_private_files_logged_in_non_contributor(self): res = self.app.get(self.private_url, auth=self.user_two.auth, expect_errors=True) assert_equal(res.status_code, 403) assert_in('detail', res.json['errors'][0]) def test_returns_addon_folders(self): user_auth = Auth(self.user) res = self.app.get(self.private_url, auth=self.user.auth) assert_equal(len(res.json['data']), 1) assert_equal(res.json['data'][0]['attributes']['provider'], 'osfstorage') self.project.add_addon('github', auth=user_auth) addon = self.project.get_addon('github') addon.repo = 'something' addon.user = '******' oauth_settings = GitHubAccountFactory() oauth_settings.save() self.user.add_addon('github') self.user.external_accounts.append(oauth_settings) self.user.save() addon.user_settings = self.user.get_addon('github') addon.save() self.project.save() res = self.app.get(self.private_url, auth=self.user.auth) data = res.json['data'] providers = [item['attributes']['provider'] for item in data] assert_equal(len(data), 2) assert_in('github', providers) assert_in('osfstorage', providers) def test_returns_node_files_list(self): self._prepare_mock_wb_response(provider='github', files=[{ 'name': 'NewFile' }]) url = '/{}nodes/{}/files/github/'.format(API_BASE, self.project._id) res = self.app.get(url, auth=self.user.auth) assert_equal(res.json['data'][0]['attributes']['name'], 'NewFile') assert_equal(res.json['data'][0]['attributes']['provider'], 'github') def test_returns_node_file(self): self._prepare_mock_wb_response(provider='github', files=[{ 'name': 'NewFile' }], folder=False, path='/file') url = '/{}nodes/{}/files/github/file'.format(API_BASE, self.project._id) res = self.app.get( url, auth=self.user.auth, headers={ 'COOKIE': 'foo=bar;' # Webtests doesnt support cookies? }) assert_equal(res.status_code, 200) assert_equal(res.json['data']['attributes']['name'], 'NewFile') assert_equal(res.json['data']['attributes']['provider'], 'github') def test_notfound_node_file_returns_folder(self): self._prepare_mock_wb_response(provider='github', files=[{ 'name': 'NewFile' }], path='/file') url = '/{}nodes/{}/files/github/file'.format(API_BASE, self.project._id) res = self.app.get( url, auth=self.user.auth, expect_errors=True, headers={ 'COOKIE': 'foo=bar;' # Webtests doesnt support cookies? }) assert_equal(res.status_code, 404) def test_notfound_node_folder_returns_file(self): self._prepare_mock_wb_response(provider='github', files=[{ 'name': 'NewFile' }], folder=False, path='/') url = '/{}nodes/{}/files/github/'.format(API_BASE, self.project._id) res = self.app.get( url, auth=self.user.auth, expect_errors=True, headers={ 'COOKIE': 'foo=bar;' # Webtests doesnt support cookies? }) assert_equal(res.status_code, 404) def test_waterbutler_server_error_returns_503(self): self._prepare_mock_wb_response(status_code=500) url = '/{}nodes/{}/files/github/'.format(API_BASE, self.project._id) res = self.app.get( url, auth=self.user.auth, expect_errors=True, headers={ 'COOKIE': 'foo=bar;' # Webtests doesnt support cookies? }) assert_equal(res.status_code, 503) def test_waterbutler_invalid_data_returns_503(self): wb_url = waterbutler_api_url_for(self.project._id, provider='github', path='/', meta=True) httpretty.register_uri(httpretty.GET, wb_url, body=json.dumps({}), status=400) url = '/{}nodes/{}/files/github/'.format(API_BASE, self.project._id) res = self.app.get(url, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 503) def test_handles_unauthenticated_waterbutler_request(self): self._prepare_mock_wb_response(status_code=401) url = '/{}nodes/{}/files/github/'.format(API_BASE, self.project._id) res = self.app.get(url, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 403) assert_in('detail', res.json['errors'][0]) def test_handles_notfound_waterbutler_request(self): invalid_provider = 'gilkjadsflhub' self._prepare_mock_wb_response(status_code=404, provider=invalid_provider) url = '/{}nodes/{}/files/{}/'.format(API_BASE, self.project._id, invalid_provider) res = self.app.get(url, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 404) assert_in('detail', res.json['errors'][0]) def test_handles_bad_waterbutler_request(self): wb_url = waterbutler_api_url_for(self.project._id, provider='github', path='/', meta=True) httpretty.register_uri(httpretty.GET, wb_url, body=json.dumps({}), status=418) url = '/{}nodes/{}/files/github/'.format(API_BASE, self.project._id) res = self.app.get(url, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 503) assert_in('detail', res.json['errors'][0]) def test_files_list_contains_relationships_object(self): res = self.app.get(self.public_url, auth=self.user.auth) assert_equal(res.status_code, 200) assert 'relationships' in res.json['data'][0]
class TestGoogleDriveAuthViews(OsfTestCase): def setUp(self): super(TestGoogleDriveAuthViews, self).setUp() self.user = AuthUserFactory() self.user.add_addon('googledrive') self.project = ProjectFactory(creator=self.user) self.project.add_addon('googledrive', Auth(self.user)) self.node_settings = self.project.get_addon('googledrive') self.user_settings = self.user.get_addon('googledrive') oauth_settings = GoogleDriveOAuthSettingsFactory() self.user_settings.oauth_settings = oauth_settings self.node_settings.user_settings = self.user_settings # Log user in self.app.authenticate(*self.user.auth) self.flow = mock.Mock() self.credentials = mock.Mock() # Class variables(self) are usually used to mark mock variables. Can be removed later. @mock.patch('website.addons.googledrive.views.auth.GoogleAuthClient.start') def test_googledrive_oauth_start(self, mock_auth_client_start): url = api_url_for('googledrive_oauth_start_user', Auth(self.user)) authorization_url = 'https://fake.domain/' state = 'secure state' mock_auth_client_start.return_value = (authorization_url, state) res = self.app.post(url) assert_true(res.json['url'], authorization_url) @mock.patch('website.addons.googledrive.views.auth.GoogleAuthClient.userinfo') @mock.patch('website.addons.googledrive.views.auth.GoogleAuthClient.finish') @mock.patch('website.addons.googledrive.views.auth.session') def test_googledrive_oauth_finish(self, mock_session, mock_auth_client_finish, mock_auth_client_userinfo): user_no_addon = AuthUserFactory() nid = self.project._primary_key state = '1234' mock_session.data = { 'googledrive_auth_nid': nid, 'googledrive_auth_state': state, } mock_auth_client_finish.return_value = { 'access_token': '1111', 'refresh_token': '2222', 'expires_at': time.time() + 3600, } mock_auth_client_userinfo.return_value = { 'sub': 'unique id', 'name': 'test-user', } url = api_url_for('googledrive_oauth_finish', user_no_addon.auth, nid=self.project._primary_key, code='1234', state=state) res = self.app.get(url) assert_is_redirect(res) @mock.patch('website.addons.googledrive.views.auth.flash') def test_googledrive_oauth_finish_cancelled(self, mock_flash): user_no_addon = AuthUserFactory() url = api_url_for( 'googledrive_oauth_finish', user_no_addon.auth, nid=self.project._primary_key, code='1234', state='3322', error='User declined!' ) res = self.app.get(url) assert_is_redirect(res) mock_flash.assert_called_once() @mock.patch('website.addons.googledrive.views.auth.GoogleAuthClient.userinfo') @mock.patch('website.addons.googledrive.views.auth.GoogleAuthClient.finish') @mock.patch('website.addons.googledrive.views.auth.session') def test_googledrive_oauth_finish_user_only(self, mock_session, mock_auth_client_finish, mock_auth_client_userinfo): user_no_addon = AuthUserFactory() state = '1234' mock_session.data = { 'googledrive_auth_state': state, } mock_auth_client_finish.return_value = { 'access_token': '1111', 'refresh_token': '2222', 'expires_at': time.time() + 3600, } mock_auth_client_userinfo.return_value = { 'sub': 'unique id', 'name': 'test-user', } url = api_url_for('googledrive_oauth_finish', user_no_addon.auth, code='1234', state=state) res = self.app.get(url) assert_is_redirect(res) @mock.patch('website.addons.googledrive.views.auth.GoogleAuthClient.revoke') def test_googledrive_oauth_delete_user(self, mock_auth_client_revoke): self.user_settings.access_token = 'abc123' self.user_settings.save() assert_true(self.user_settings.has_auth) self.user.save() url = api_url_for('googledrive_oauth_delete_user') self.app.delete(url) self.user_settings.reload() mock_auth_client_revoke.assert_called_once() assert_false(self.user_settings.has_auth) def test_googledrive_deauthorize(self): self.node_settings.folder_id = 'foobar' self.node_settings.folder_path = 'My folder' self.node_settings.save() url = self.project.api_url_for('googledrive_deauthorize') self.app.delete(url) self.project.reload() self.node_settings.reload() assert_false(self.node_settings.has_auth) assert_is(self.node_settings.folder_id, None) assert_is(self.node_settings.folder_path, None) assert_is(self.node_settings.user_settings, None)
class TestAddonLogs(OsfTestCase): def setUp(self): super(TestAddonLogs, self).setUp() self.flask_app = SetEnvironMiddleware(self.app.app, REMOTE_ADDR='127.0.0.1') self.test_app = webtest.TestApp(self.flask_app) self.user = AuthUserFactory() self.auth_obj = Auth(user=self.user) self.node = ProjectFactory(creator=self.user) self.session = Session(data={'auth_user_id': self.user._id}) self.session.save() self.cookie = itsdangerous.Signer(settings.SECRET_KEY).sign(self.session._id) self.configure_addon() def configure_addon(self): self.user.add_addon('github') self.user_addon = self.user.get_addon('github') self.oauth_settings = AddonGitHubOauthSettings(github_user_id='john') self.oauth_settings.save() self.user_addon.oauth_settings = self.oauth_settings self.user_addon.oauth_access_token = 'secret' self.user_addon.save() self.node.add_addon('github', self.auth_obj) self.node_addon = self.node.get_addon('github') self.node_addon.user = '******' self.node_addon.repo = 'youre-my-best-friend' self.node_addon.user_settings = self.user_addon self.node_addon.save() def build_payload(self, metadata, **kwargs): options = dict( auth={'id': self.user._id}, action='create', provider=self.node_addon.config.short_name, metadata=metadata, time=time.time() + 1000, ) options.update(kwargs) options = { key: value for key, value in options.iteritems() if value is not None } message, signature = signing.default_signer.sign_payload(options) return { 'payload': message, 'signature': signature, } def test_add_log(self): path = 'pizza' url = self.node.api_url_for('create_waterbutler_log') payload = self.build_payload(metadata={'path': path}) nlogs = len(self.node.logs) self.test_app.put_json(url, payload, headers={'Content-Type': 'application/json'}) self.node.reload() assert_equal(len(self.node.logs), nlogs + 1) def test_add_log_missing_args(self): path = 'pizza' url = self.node.api_url_for('create_waterbutler_log') payload = self.build_payload(metadata={'path': path}, auth=None) nlogs = len(self.node.logs) res = self.test_app.put_json( url, payload, headers={'Content-Type': 'application/json'}, expect_errors=True, ) assert_equal(res.status_code, 400) self.node.reload() assert_equal(len(self.node.logs), nlogs) def test_add_log_no_user(self): path = 'pizza' url = self.node.api_url_for('create_waterbutler_log') payload = self.build_payload(metadata={'path': path}, auth={'id': None}) nlogs = len(self.node.logs) res = self.test_app.put_json( url, payload, headers={'Content-Type': 'application/json'}, expect_errors=True, ) assert_equal(res.status_code, 400) self.node.reload() assert_equal(len(self.node.logs), nlogs) def test_add_log_no_addon(self): path = 'pizza' node = ProjectFactory(creator=self.user) url = node.api_url_for('create_waterbutler_log') payload = self.build_payload(metadata={'path': path}) nlogs = len(node.logs) res = self.test_app.put_json( url, payload, headers={'Content-Type': 'application/json'}, expect_errors=True, ) assert_equal(res.status_code, 400) self.node.reload() assert_equal(len(node.logs), nlogs) def test_add_log_bad_action(self): path = 'pizza' url = self.node.api_url_for('create_waterbutler_log') payload = self.build_payload(metadata={'path': path}, action='dance') nlogs = len(self.node.logs) res = self.test_app.put_json( url, payload, headers={'Content-Type': 'application/json'}, expect_errors=True, ) assert_equal(res.status_code, 400) self.node.reload() assert_equal(len(self.node.logs), nlogs)
class TestAddonFileViews(OsfTestCase): def setUp(self): super(TestAddonFileViews, self).setUp() self.user = AuthUserFactory() self.project = ProjectFactory(creator=self.user) self.user.add_addon('github') self.project.add_addon('github', auth=Auth(self.user)) self.user_addon = self.user.get_addon('github') self.node_addon = self.project.get_addon('github') self.oauth = AddonGitHubOauthSettings( github_user_id='denbarell', oauth_access_token='Truthy' ) self.oauth.save() self.user_addon.oauth_settings = self.oauth self.user_addon.save() self.node_addon.user_settings = self.user_addon self.node_addon.save() # self.node_addon.user_settings = 'Truthy' # setattr(self.node_addon, 'has_auth', True) def get_mako_return(self): ret = serialize_node(self.project, Auth(self.user), primary=True) ret.update({ 'extra': '', 'provider': '', 'rendered': '', 'file_path': '', 'files_url': '', 'file_name': '', 'render_url': '', }) ret.update(rubeus.collect_addon_assets(self.project)) return ret def test_redirects_to_guid(self): path = 'bigdata' guid, _ = self.node_addon.find_or_create_file_guid('/' + path) resp = self.app.get( self.project.web_url_for( 'addon_view_or_download_file', path=path, provider='github' ), auth=self.user.auth ) assert_equals(resp.status_code, 302) assert_equals(resp.headers['Location'], 'http://*****:*****@mock.patch('website.addons.base.request') def test_public_download_url_includes_view_only(self, mock_request): view_only = 'justworkplease' mock_request.args = { 'view_only': view_only } path = 'cloudfiles' guid, _ = self.node_addon.find_or_create_file_guid('/' + path) assert_in('view_only={}'.format(view_only), guid.public_download_url) @mock.patch('website.addons.base.views.addon_view_file') def test_action_view_calls_view_file(self, mock_view_file): self.user.reload() self.project.reload() path = 'cloudfiles' mock_view_file.return_value = self.get_mako_return() guid, _ = self.node_addon.find_or_create_file_guid('/' + path) self.app.get(guid.guid_url + '?action=view', auth=self.user.auth) args, kwargs = mock_view_file.call_args assert_equals(kwargs, {}) assert_equals(args[-1], {'action': 'view'}) assert_equals(args[1], self.project) assert_equals(args[0].user, self.user) assert_equals(args[2], self.node_addon) @mock.patch('website.addons.base.views.addon_view_file') def test_no_action_calls_view_file(self, mock_view_file): self.user.reload() self.project.reload() path = 'cloudfiles' mock_view_file.return_value = self.get_mako_return() guid, _ = self.node_addon.find_or_create_file_guid('/' + path) self.app.get(guid.guid_url, auth=self.user.auth) args, kwargs = mock_view_file.call_args assert_equals(kwargs, {}) assert_equals(args[-1], {}) assert_equals(args[1], self.project) assert_equals(args[0].user, self.user) assert_equals(args[2], self.node_addon) def test_download_create_guid(self): path = 'cloudfiles' self.app.get( self.project.web_url_for( 'addon_view_or_download_file', path=path, provider='github', action='download' ), auth=self.user.auth ) guid, created = self.node_addon.find_or_create_file_guid('/' + path) assert_true(guid) assert_false(created) assert_equals(guid.waterbutler_path, '/' + path) def test_unauthorized_addons_raise(self): path = 'cloudfiles' self.node_addon.user_settings = None self.node_addon.save() resp = self.app.get( self.project.web_url_for( 'addon_view_or_download_file', path=path, provider='github', action='download' ), auth=self.user.auth, expect_errors=True ) assert_equals(resp.status_code, 403) def test_head_returns_url(self): path = 'the little engine that couldnt' guid, _ = self.node_addon.find_or_create_file_guid('/' + path) download_url = furl.furl(guid.download_url) download_url.args['accept_url'] = 'false' resp = self.app.head(guid.guid_url, auth=self.user.auth) assert_urls_equal(resp.headers['Location'], download_url.url) def test_nonexistent_addons_raise(self): path = 'cloudfiles' self.project.delete_addon('github', Auth(self.user)) self.project.save() resp = self.app.get( self.project.api_url_for( 'addon_render_file', path=path, provider='github', action='download' ), auth=self.user.auth, expect_errors=True ) assert_equals(resp.status_code, 400) def test_unauth_addons_raise(self): path = 'cloudfiles' self.node_addon.user_settings = None self.node_addon.save() resp = self.app.get( self.project.api_url_for( 'addon_render_file', path=path, provider='github', action='download' ), auth=self.user.auth, expect_errors=True ) assert_equals(resp.status_code, 401) def test_unconfigured_addons_raise(self): path = 'cloudfiles' self.node_addon.repo = None self.node_addon.save() resp = self.app.get( self.project.api_url_for( 'addon_render_file', path=path, provider='github', action='download' ), auth=self.user.auth, expect_errors=True ) assert_equals(resp.status_code, 400)