def test_multi_role_user(): user = User(u'cdent') user.add_role('cow') user.add_role('cow') store.put(user) user2 = store.get(User(u'cdent')) assert list(user2.roles) == ['cow']
def _do_login_or_register(environ, start_response, server_name, response_map, content): """ We had a valid response from the oauth provider, let's see if that is a user or somebody we can register. """ store = environ['tiddlyweb.store'] config = environ['tiddlyweb.config'] userinfo = simplejson.loads(content) userdata = {} for key, value in response_map.iteritems(): userdata[key] = userinfo.get(value, '') server_login = None username = userdata['login'] if not username: raise HTTP400('extractable username data required') userdata['server_name'] = server_name if config.get('oauth.use_mapuser', False): server_login = '******' % (server_name, username) map_bag_name = config.get('magicuser.map', 'MAPUSER') tiddler = Tiddler(server_login, map_bag_name) try: tiddler = store.get(tiddler) mapped_user = tiddler.fields.get('mapped_user') store.get(User(mapped_user)) user = User(server_login) return _send_cookie(environ, start_response, user) except StoreError: try: local_user = store.get(User(username)) except StoreError: local_user = None pass # fall through to register else: try: user = store.get(User(username)) return _send_cookie(environ, start_response, user) except StoreError: local_user = None pass # fall through to register registration_template = get_template(environ, 'registration.html') start_response('200 OK', [('Content-Type', 'text/html; charset=UTF-8'), ('Cache-Control', 'no-store')]) if local_user: userdata['local_user'] = local_user.usersign userdata['server_name_sig'] = _sign(config, server_name) if server_login: userdata['server_login'] = server_login userdata['server_login_sig'] = _sign(config, server_login) return registration_template.generate(userdata)
def test_put_get_user(): user = User('testone') user.add_role('monkey') store.put(user) read_user = User('testone') read_user = store.get(read_user) assert read_user.list_roles() == ['monkey']
def test_complex_username(): username = u'test\u00BB\u00BBuser.com/foo' user = User(username) store.put(user) users = list(store.list_users()) assert username in [user.usersign for user in users] user_out = User(username) user_out = store.get(user_out) assert user_out.usersign == username
def setup_module(module): make_test_env(module) from tiddlyweb.config import config module.secret = config['secret'] httplib2_intercept.install() wsgi_intercept.add_wsgi_intercept('0.0.0.0', 8080, app_fn) user = User('cdent') user.set_password('cow') module.store.put(user) user = User('fnd') module.store.put(user)
def test_store_user(): user = User('testuser') user.set_password('testpass') user.add_role('testrole') store.put(user) assert os.path.exists('store/testuser.user') loaded_user = User('testuser') loaded_user = store.get(loaded_user) assert loaded_user.check_password('testpass')
def test_list_users(): user1 = User('test1') user2 = User('test2') store.put(user1) store.put(user2) users = list(store.list_users()) assert len(users) == 3 usernames = [user.usersign for user in users] assert 'test1' in usernames assert 'test2' in usernames assert 'cdent' in usernames assert 'laramie' not in usernames
def setup_module(module): make_test_env(module) httplib2_intercept.install() wsgi_intercept.add_wsgi_intercept('0.0.0.0', 8080, app_fn) wsgi_intercept.add_wsgi_intercept('thing.0.0.0.0', 8080, app_fn) wsgi_intercept.add_wsgi_intercept('foo.0.0.0.0', 8080, app_fn) user = User('thingone') user.set_password('how') store.put(user) user = User('thingtwo') user.set_password('how') store.put(user) module.http = httplib2.Http()
def test_delete(): user = User('deleteme') user.note = 'delete me please' store.put(user) stored_user = User('deleteme') stored_user = store.get(stored_user) assert stored_user.note == 'delete me please' deleted_user = User('deleteme') store.delete(deleted_user) py.test.raises(NoUserError, 'store.get(deleted_user)') py.test.raises(NoUserError, 'store.delete(deleted_user)')
def setup_module(module): initialize_app() module.store = Store(config['server_store'][0], config['server_store'][1], {'tiddlyweb.config': config}) bag = Bag('MAPUSER') module.store.put(bag) user = User('ben') user.set_password('mocha') module.store.put(user) user = User('chris') user.set_password('piccolo') module.store.put(user)
def test_cookie_set(): """ test that we get a cookie relating to the space we are in """ store = get_store(config) space = 'foo' make_fake_space(store, space) user = User('foo') user.set_password('foobar') store.put(user) user_cookie = get_auth('foo', 'foobar') response, _ = http.request( 'http://foo.0.0.0.0:8080/status', method='GET', headers={'Cookie': 'tiddlyweb_user="******"' % user_cookie}) assert response['status'] == '200' time = datetime.now().strftime('%Y%m%d%H') cookie = 'csrf_token=%s:%s:%s' % ( time, user.usersign, sha('%s:%s:%s:%s' % (user.usersign, time, space, config['secret'])).hexdigest()) assert response['set-cookie'] == cookie
def userpage(environ, start_response): username = environ['tiddlyweb.usersign']['name'] user = environ['wsgiorg.routing_args'][1]['user'] if username != user: #raise ForbiddenError raise UserRequiredError store = environ['tiddlyweb.store'] user_data = User(user) try: user_data = store.get(user_data) wikinames = user_data.note.split('\n') wikis = [] if wikinames: for name in wikinames: if not len(name): continue recipe = Recipe(name) recipe = store.get(recipe) url = recipe_url(environ, recipe) wikis.append(dict(name=name, url=url, description=recipe.desc)) except NoUserError: wikis = [] start_response('200 OK', [('Content-Type', 'text/html')]) environ['tiddlyweb.title'] = 'Hello %s' % user template = template_env.get_template('user.html') return template.generate(wikis=wikis)
def setup_module(module): """ clean up the store, establish a registered client """ clean_store() module.store = get_store(config) environ = {'tiddlyweb.config': config, 'tiddlyweb.store': module.store} ensure_bags(config) # make an application and store that info app = create(name='testapp', owner='appowner1', app_url='http://our_test_domain:8001', callback_url='http://our_test_domain:8001/_oauth/callback') client_id = app.title client_secret = app.fields['client_secret'] store_app(environ, app) config['oauth.servers']['testserver']['client_id'] = client_id config['oauth.servers']['testserver']['client_secret'] = client_secret module.client_id = client_id initialize_app(config) module.http = Http() # we need a user who is going to use the client app user = User('cdent') user.set_password('cowpig') module.store.put(user)
def handle(environ, start_response): """ Handle a posted request for registration. If the provided username is blacklisted, ask them to log in as someone else. Otherwise send closing material with a link to get started. """ pretty_name = environ['tiddlyweb.query'].get('pretty_name', [None])[0] target_role = environ['tiddlyweb.config'].get('register_role', 'MEMBER') store = environ['tiddlyweb.store'] username = environ['tiddlyweb.usersign']['name'] if _blacklisted(environ, username): return _send_start(environ, start_response, message='That user has been blocked') user = User(username) try: user = store.get(user) except NoUserError: pass # is cool if they don't exist yet user.add_role('%s' % target_role) if pretty_name: user.note = pretty_name store.put(user) environ['tiddlyweb.usersign'] = { 'name': user.usersign, 'roles': user.list_roles() } return _send_finish(environ, start_response)
class Extractor(ExtractorInterface): def extract(self, environ, start_response): config = environ['tiddlyweb.config'] store = environ['tiddlyweb.store'] wrapped_extractor = config.get('wrapped_extractor', 'simple_cookie') try: imported_module = __import__( 'tiddlyweb.web.extractors.%s' % wrapped_extractor, {}, {}, ['Extractor']) except ImportError: try: imported_module = __import__(wrapped_extractor, {}, {}, ['Extractor']) except ImportError, exc: raise ImportError('could not load extractor %s: %s' % (wrapped_extractor, exc)) extractor = imported_module.Extractor() extracted_user = extractor.extract(environ, start_response) if extracted_user: LOGGER.debug('UserExtract:%s found %s', wrapped_extractor, extracted_user) try: map_tiddler = Tiddler(extracted_user['name'], 'MAPUSER') map_tiddler = store.get(map_tiddler) username = map_tiddler.fields['mapped_user'] user = store.get(User(username)) environ['tank.user'] = user environ['tank.user_info'] = simplejson.loads(user.note) return {'name': username, 'roles': user.list_roles()} except (StoreError, KeyError) as exc: pass return False
def test_adduser_with_roles(): handle(['', u'adduser', u'cdent', u'crunk', u'cow', u'monkey']) the_user = User('cdent') the_user = store.get(the_user) assert the_user.check_password('crunk') assert 'cow' in the_user.list_roles() assert 'monkey' in the_user.list_roles()
def user_page(environ, start_response): userpage = environ['wsgiorg.routing_args'][1]['userpage'] user = environ['tiddlyweb.usersign'] userpage = _decode_name(userpage) first_time_check(environ, user) store = environ['tiddlyweb.store'] # If we try to go to a user page that doesn't exist, # just go to the home page. XXX maybe should 404 instead. try: userpage_user = User(userpage) userpage_user = store.get(userpage_user) except NoUserError: pass # roles will be empty if 'MEMBER' not in userpage_user.list_roles(): raise HTTP404('%s has no page' % userpage) user_friend_names = get_friends(store, user['name']) friend_names = sorted(get_friends(store, userpage)) friends = [] for name in friend_names: email = get_email_tiddler(store, name) email_md5 = md5(email.lower()).hexdigest() friends.append((name, email_md5)) profile_tiddler = get_profile(store, user, userpage) profile_html = render_wikitext(profile_tiddler, environ) notice_tiddler = get_notice(environ) notice_html = render_wikitext(notice_tiddler, environ) kept_recipes = get_stuff(store, store.list_recipes(), user, userpage) kept_bags = get_stuff(store, store.list_bags(), user, userpage) kept_favorites = get_stuff(store, get_favorited_bags(store, userpage), user) kept_bookmarks = get_stuff(store, get_bookmarked_recipes(store, userpage), user) email = get_email_tiddler(store, userpage) email_md5 = md5(email.lower()).hexdigest() data = { 'bags': kept_bags, 'user_friends': user_friend_names, 'friends': friends, 'recipes': kept_recipes, 'favorites': kept_favorites, 'bookmarks': kept_bookmarks, 'home': userpage, 'profile': profile_html, 'notice': { 'html': notice_html, 'modified': notice_tiddler.modified }, 'title': userpage, 'email': email, 'email_md5': email_md5, 'user': get_user_object(environ) } return send_template(environ, 'profile.html', data)
def test_no_cookie_sent(): """ Test no cookie is sent if one is already present """ store = get_store(config) space = 'foo' make_fake_space(store, space) user = User('foo') user.set_password('foobar') store.put(user) user_cookie = get_auth('foo', 'foobar') time = datetime.now().strftime('%Y%m%d%H') cookie = 'csrf_token=%s:%s:%s' % ( time, user.usersign, sha('%s:%s:%s:%s' % (user.usersign, time, space, config['secret'])).hexdigest()) response, _ = http.request( 'http://foo.0.0.0.0:8080/status', method='GET', headers={'Cookie': 'tiddlyweb_user="******"; %s' % (user_cookie, cookie)}) cookie = response.get('set-cookie') if cookie: assert 'csrf_token' not in cookie
def tiddler_get(self, tiddler): store = self.main_store username = tiddler.title user = User(username) user = store.get(user) tiddler.text = '%s' % user.list_roles() return tiddler
def html_profile(environ, start_response): """ Send the HTML profile, made up for the user's SiteIcon, their profile from their space, and their most recently modified tiddlers. """ username = environ['wsgiorg.routing_args'][1]['username'] usersign = environ['tiddlyweb.usersign'] store = environ['tiddlyweb.store'] try: _ = store.get(User(username)) except NoUserError: raise HTTP404('Profile not found for %s' % username) activity_feed = profile_atom_url(environ, username) environ['tiddlyweb.links'] = [ '<link rel="alternate" type="application/atom+xml"' 'title="Atom activity feed" href="%s" />' % activity_feed ] profile_tiddler = Tiddler('profile', '%s_public' % username) try: profile_tiddler = store.get(profile_tiddler) except StoreError, exc: raise HTTP404('No profile for %s: %s' % (username, exc))
def _validate_and_redirect(self, environ, start_response, username, password, redirect): """ Check a username and password. If valid, send a cookie to the client. If it is not, send the form again. """ status = '401 Unauthorized' try: store = environ['tiddlyweb.store'] secret = environ['tiddlyweb.config']['secret'] cookie_age = environ['tiddlyweb.config'].get('cookie_age', None) user = User(username) user = store.get(user) if user.check_password(password): uri = '%s%s' % (server_host_url(environ), redirect) cookie_header_string = make_cookie( 'tiddlyweb_user', user.usersign, mac_key=secret, path=self._cookie_path(environ), expires=cookie_age) logging.debug('303 to %s', uri) start_response('303 Other', [('Set-Cookie', cookie_header_string), ('Content-Type', 'text/plain'), ('Location', uri.encode('utf-8'))]) return [uri] except KeyError: pass except NoUserError: pass return self._send_cookie_form(environ, start_response, redirect, status, 'User or Password no good')
def _status_gather_data(environ): """ Monkey patch twp.status to add additional information specific to TiddlySpace. """ data = original_gather_data(environ) data['server_host'] = environ['tiddlyweb.config']['server_host'] data['tiddlyspace_version'] = environ['tiddlyweb.config'][ 'tiddlyspace.version'] # gather space data http_host, host_url = determine_host(environ) if http_host != host_url: space_name = determine_space(environ, http_host) try: recipe_name = determine_space_recipe(environ, space_name) data['space'] = {'name': space_name, 'recipe': recipe_name} except HTTP404: pass # ensure user is known usersign = environ['tiddlyweb.usersign']['name'] store = environ['tiddlyweb.store'] try: store.get(User(usersign)) except NoUserError: data['username'] = '******' if usersign != 'GUEST': data['identity'] = usersign return data
def establish_user_auth(config, store, host, username): user = User(username) mapping_username = '******' % username mapping_tiddler = Tiddler(mapping_username, 'MAPUSER') mapping_tiddler.fields['mapped_user'] = username try: store.delete(user) except StoreError: pass try: store.delete(mapping_tiddler) except IOError: pass user.add_role('MEMBER') user.note = '{}' store.put(user) ensure_bag('MAPUSER', store) store.put(mapping_tiddler) stamp = datetime.utcnow().strftime('%Y%m%d%H') csrf = gen_nonce(username, host, stamp, config['secret']) cookie = make_cookie('tiddlyweb_user', mapping_username, mac_key=config['secret'], httponly=False) return cookie, csrf
def setup_module(module): make_test_env(module) httplib2_intercept.install() wsgi_intercept.add_wsgi_intercept('0.0.0.0', 8080, app_fn) wsgi_intercept.add_wsgi_intercept('cdent.0.0.0.0', 8080, app_fn) wsgi_intercept.add_wsgi_intercept('bar.example.com', 8080, app_fn) make_fake_space(module.store, 'cdent') user = User('cdent') user.set_password('cow') module.store.put(user) module.auth = b64encode('cdent:cow') user = User('fnd') user.set_password('pig') module.store.put(user) module.badauth = b64encode('fnd:pig') module.http = httplib2.Http()
def setup_module(module): config['system_plugins'].append('test.test_web_extract') initialize_app() reset_textstore() module.store = _teststore() user = User('cow') user.set_password('pig') module.store.put(user)
def list_users(self): """ List all the users in the store. """ path = os.path.join(self._store_root(), 'users') users = self._files_in_dir(path) return (User(urllib.unquote(user).decode('utf-8')) for user in users)
def setup_module(module): make_test_env(module) httplib2_intercept.install() from tiddlyweb.config import config config['blacklisted_spaces'] = ['scrappy'] wsgi_intercept.add_wsgi_intercept('0.0.0.0', 8080, app_fn) wsgi_intercept.add_wsgi_intercept('cdent.0.0.0.0', 8080, app_fn) make_fake_space(module.store, 'cdent') user = User('cdent') user.set_password('cow') module.store.put(user) user = User('fnd') user.set_password('bird') module.store.put(user) user = User('psd') user.set_password('cat') module.store.put(user)
def setup_module(module): initialize_app() reset_textstore() module.store = _teststore() user = User(name) user.set_password(name) module.store.put(user) module.cookie = None
def test_simple_get(): user = User('cdent') user = store.get(user) assert user.note == 'foo' assert user.check_password('cowpig') assert sorted(user.list_roles()) == ['ADMIN', 'BOSS'] assert not user.check_password('pigcow')
def test_delete_users(): user = User('test1') store.delete(user) users = list(store.list_users()) assert len(users) == 2 usernames = [user.usersign for user in users] assert 'test1' not in usernames