def test_multi_role_user():
user = User(u'cdent')
user.add_role('cow')
user.add_role('cow')
store.put(user)
user2 = store.get(User(u'cdent'))
assert list(user2.roles) == ['cow']
def _do_login_or_register(environ, start_response, server_name, response_map,
content):
"""
We had a valid response from the oauth provider, let's see if that is
a user or somebody we can register.
"""
store = environ['tiddlyweb.store']
config = environ['tiddlyweb.config']
userinfo = simplejson.loads(content)
userdata = {}
for key, value in response_map.iteritems():
userdata[key] = userinfo.get(value, '')
server_login = None
username = userdata['login']
if not username:
raise HTTP400('extractable username data required')
userdata['server_name'] = server_name
if config.get('oauth.use_mapuser', False):
server_login = '******' % (server_name, username)
map_bag_name = config.get('magicuser.map', 'MAPUSER')
tiddler = Tiddler(server_login, map_bag_name)
try:
tiddler = store.get(tiddler)
mapped_user = tiddler.fields.get('mapped_user')
store.get(User(mapped_user))
user = User(server_login)
return _send_cookie(environ, start_response, user)
except StoreError:
try:
local_user = store.get(User(username))
except StoreError:
local_user = None
pass # fall through to register
else:
try:
user = store.get(User(username))
return _send_cookie(environ, start_response, user)
except StoreError:
local_user = None
pass # fall through to register
registration_template = get_template(environ, 'registration.html')
start_response('200 OK', [('Content-Type', 'text/html; charset=UTF-8'),
('Cache-Control', 'no-store')])
if local_user:
userdata['local_user'] = local_user.usersign
userdata['server_name_sig'] = _sign(config, server_name)
if server_login:
userdata['server_login'] = server_login
userdata['server_login_sig'] = _sign(config, server_login)
return registration_template.generate(userdata)
def test_put_get_user():
user = User('testone')
user.add_role('monkey')
store.put(user)
read_user = User('testone')
read_user = store.get(read_user)
assert read_user.list_roles() == ['monkey']
def test_complex_username():
username = u'test\u00BB\u00BBuser.com/foo'
user = User(username)
store.put(user)
users = list(store.list_users())
assert username in [user.usersign for user in users]
user_out = User(username)
user_out = store.get(user_out)
assert user_out.usersign == username
def setup_module(module):
make_test_env(module)
from tiddlyweb.config import config
module.secret = config['secret']
httplib2_intercept.install()
wsgi_intercept.add_wsgi_intercept('0.0.0.0', 8080, app_fn)
user = User('cdent')
user.set_password('cow')
module.store.put(user)
user = User('fnd')
module.store.put(user)
def test_store_user():
user = User('testuser')
user.set_password('testpass')
user.add_role('testrole')
store.put(user)
assert os.path.exists('store/testuser.user')
loaded_user = User('testuser')
loaded_user = store.get(loaded_user)
assert loaded_user.check_password('testpass')
def test_list_users():
user1 = User('test1')
user2 = User('test2')
store.put(user1)
store.put(user2)
users = list(store.list_users())
assert len(users) == 3
usernames = [user.usersign for user in users]
assert 'test1' in usernames
assert 'test2' in usernames
assert 'cdent' in usernames
assert 'laramie' not in usernames
def setup_module(module):
make_test_env(module)
httplib2_intercept.install()
wsgi_intercept.add_wsgi_intercept('0.0.0.0', 8080, app_fn)
wsgi_intercept.add_wsgi_intercept('thing.0.0.0.0', 8080, app_fn)
wsgi_intercept.add_wsgi_intercept('foo.0.0.0.0', 8080, app_fn)
user = User('thingone')
user.set_password('how')
store.put(user)
user = User('thingtwo')
user.set_password('how')
store.put(user)
module.http = httplib2.Http()
def test_delete():
user = User('deleteme')
user.note = 'delete me please'
store.put(user)
stored_user = User('deleteme')
stored_user = store.get(stored_user)
assert stored_user.note == 'delete me please'
deleted_user = User('deleteme')
store.delete(deleted_user)
py.test.raises(NoUserError, 'store.get(deleted_user)')
py.test.raises(NoUserError, 'store.delete(deleted_user)')
def setup_module(module):
initialize_app()
module.store = Store(config['server_store'][0], config['server_store'][1],
{'tiddlyweb.config': config})
bag = Bag('MAPUSER')
module.store.put(bag)
user = User('ben')
user.set_password('mocha')
module.store.put(user)
user = User('chris')
user.set_password('piccolo')
module.store.put(user)
def test_cookie_set():
"""
test that we get a cookie relating to the space we are in
"""
store = get_store(config)
space = 'foo'
make_fake_space(store, space)
user = User('foo')
user.set_password('foobar')
store.put(user)
user_cookie = get_auth('foo', 'foobar')
response, _ = http.request(
'http://foo.0.0.0.0:8080/status',
method='GET',
headers={'Cookie': 'tiddlyweb_user="******"' % user_cookie})
assert response['status'] == '200'
time = datetime.now().strftime('%Y%m%d%H')
cookie = 'csrf_token=%s:%s:%s' % (
time, user.usersign,
sha('%s:%s:%s:%s' %
(user.usersign, time, space, config['secret'])).hexdigest())
assert response['set-cookie'] == cookie
def userpage(environ, start_response):
username = environ['tiddlyweb.usersign']['name']
user = environ['wsgiorg.routing_args'][1]['user']
if username != user:
#raise ForbiddenError
raise UserRequiredError
store = environ['tiddlyweb.store']
user_data = User(user)
try:
user_data = store.get(user_data)
wikinames = user_data.note.split('\n')
wikis = []
if wikinames:
for name in wikinames:
if not len(name):
continue
recipe = Recipe(name)
recipe = store.get(recipe)
url = recipe_url(environ, recipe)
wikis.append(dict(name=name, url=url, description=recipe.desc))
except NoUserError:
wikis = []
start_response('200 OK', [('Content-Type', 'text/html')])
environ['tiddlyweb.title'] = 'Hello %s' % user
template = template_env.get_template('user.html')
return template.generate(wikis=wikis)
def setup_module(module):
"""
clean up the store, establish a registered client
"""
clean_store()
module.store = get_store(config)
environ = {'tiddlyweb.config': config, 'tiddlyweb.store': module.store}
ensure_bags(config)
# make an application and store that info
app = create(name='testapp', owner='appowner1',
app_url='http://our_test_domain:8001',
callback_url='http://our_test_domain:8001/_oauth/callback')
client_id = app.title
client_secret = app.fields['client_secret']
store_app(environ, app)
config['oauth.servers']['testserver']['client_id'] = client_id
config['oauth.servers']['testserver']['client_secret'] = client_secret
module.client_id = client_id
initialize_app(config)
module.http = Http()
# we need a user who is going to use the client app
user = User('cdent')
user.set_password('cowpig')
module.store.put(user)
def handle(environ, start_response):
"""
Handle a posted request for registration.
If the provided username is blacklisted, ask them to
log in as someone else. Otherwise send closing
material with a link to get started.
"""
pretty_name = environ['tiddlyweb.query'].get('pretty_name', [None])[0]
target_role = environ['tiddlyweb.config'].get('register_role', 'MEMBER')
store = environ['tiddlyweb.store']
username = environ['tiddlyweb.usersign']['name']
if _blacklisted(environ, username):
return _send_start(environ,
start_response,
message='That user has been blocked')
user = User(username)
try:
user = store.get(user)
except NoUserError:
pass # is cool if they don't exist yet
user.add_role('%s' % target_role)
if pretty_name:
user.note = pretty_name
store.put(user)
environ['tiddlyweb.usersign'] = {
'name': user.usersign,
'roles': user.list_roles()
}
return _send_finish(environ, start_response)
class Extractor(ExtractorInterface):
def extract(self, environ, start_response):
config = environ['tiddlyweb.config']
store = environ['tiddlyweb.store']
wrapped_extractor = config.get('wrapped_extractor', 'simple_cookie')
try:
imported_module = __import__(
'tiddlyweb.web.extractors.%s' % wrapped_extractor, {}, {},
['Extractor'])
except ImportError:
try:
imported_module = __import__(wrapped_extractor, {}, {},
['Extractor'])
except ImportError, exc:
raise ImportError('could not load extractor %s: %s' %
(wrapped_extractor, exc))
extractor = imported_module.Extractor()
extracted_user = extractor.extract(environ, start_response)
if extracted_user:
LOGGER.debug('UserExtract:%s found %s', wrapped_extractor,
extracted_user)
try:
map_tiddler = Tiddler(extracted_user['name'], 'MAPUSER')
map_tiddler = store.get(map_tiddler)
username = map_tiddler.fields['mapped_user']
user = store.get(User(username))
environ['tank.user'] = user
environ['tank.user_info'] = simplejson.loads(user.note)
return {'name': username, 'roles': user.list_roles()}
except (StoreError, KeyError) as exc:
pass
return False
def test_adduser_with_roles():
handle(['', u'adduser', u'cdent', u'crunk', u'cow', u'monkey'])
the_user = User('cdent')
the_user = store.get(the_user)
assert the_user.check_password('crunk')
assert 'cow' in the_user.list_roles()
assert 'monkey' in the_user.list_roles()
def user_page(environ, start_response):
userpage = environ['wsgiorg.routing_args'][1]['userpage']
user = environ['tiddlyweb.usersign']
userpage = _decode_name(userpage)
first_time_check(environ, user)
store = environ['tiddlyweb.store']
# If we try to go to a user page that doesn't exist,
# just go to the home page. XXX maybe should 404 instead.
try:
userpage_user = User(userpage)
userpage_user = store.get(userpage_user)
except NoUserError:
pass # roles will be empty
if 'MEMBER' not in userpage_user.list_roles():
raise HTTP404('%s has no page' % userpage)
user_friend_names = get_friends(store, user['name'])
friend_names = sorted(get_friends(store, userpage))
friends = []
for name in friend_names:
email = get_email_tiddler(store, name)
email_md5 = md5(email.lower()).hexdigest()
friends.append((name, email_md5))
profile_tiddler = get_profile(store, user, userpage)
profile_html = render_wikitext(profile_tiddler, environ)
notice_tiddler = get_notice(environ)
notice_html = render_wikitext(notice_tiddler, environ)
kept_recipes = get_stuff(store, store.list_recipes(), user, userpage)
kept_bags = get_stuff(store, store.list_bags(), user, userpage)
kept_favorites = get_stuff(store, get_favorited_bags(store, userpage),
user)
kept_bookmarks = get_stuff(store, get_bookmarked_recipes(store, userpage),
user)
email = get_email_tiddler(store, userpage)
email_md5 = md5(email.lower()).hexdigest()
data = {
'bags': kept_bags,
'user_friends': user_friend_names,
'friends': friends,
'recipes': kept_recipes,
'favorites': kept_favorites,
'bookmarks': kept_bookmarks,
'home': userpage,
'profile': profile_html,
'notice': {
'html': notice_html,
'modified': notice_tiddler.modified
},
'title': userpage,
'email': email,
'email_md5': email_md5,
'user': get_user_object(environ)
}
return send_template(environ, 'profile.html', data)
def test_no_cookie_sent():
"""
Test no cookie is sent if one is already present
"""
store = get_store(config)
space = 'foo'
make_fake_space(store, space)
user = User('foo')
user.set_password('foobar')
store.put(user)
user_cookie = get_auth('foo', 'foobar')
time = datetime.now().strftime('%Y%m%d%H')
cookie = 'csrf_token=%s:%s:%s' % (
time, user.usersign,
sha('%s:%s:%s:%s' %
(user.usersign, time, space, config['secret'])).hexdigest())
response, _ = http.request(
'http://foo.0.0.0.0:8080/status',
method='GET',
headers={'Cookie': 'tiddlyweb_user="******"; %s' % (user_cookie, cookie)})
cookie = response.get('set-cookie')
if cookie:
assert 'csrf_token' not in cookie
def tiddler_get(self, tiddler):
store = self.main_store
username = tiddler.title
user = User(username)
user = store.get(user)
tiddler.text = '%s' % user.list_roles()
return tiddler
def html_profile(environ, start_response):
"""
Send the HTML profile, made up for the user's SiteIcon,
their profile from their space, and their most recently
modified tiddlers.
"""
username = environ['wsgiorg.routing_args'][1]['username']
usersign = environ['tiddlyweb.usersign']
store = environ['tiddlyweb.store']
try:
_ = store.get(User(username))
except NoUserError:
raise HTTP404('Profile not found for %s' % username)
activity_feed = profile_atom_url(environ, username)
environ['tiddlyweb.links'] = [
'<link rel="alternate" type="application/atom+xml"'
'title="Atom activity feed" href="%s" />' % activity_feed
]
profile_tiddler = Tiddler('profile', '%s_public' % username)
try:
profile_tiddler = store.get(profile_tiddler)
except StoreError, exc:
raise HTTP404('No profile for %s: %s' % (username, exc))
def _validate_and_redirect(self, environ, start_response, username,
password, redirect):
"""
Check a username and password. If valid, send a cookie
to the client. If it is not, send the form again.
"""
status = '401 Unauthorized'
try:
store = environ['tiddlyweb.store']
secret = environ['tiddlyweb.config']['secret']
cookie_age = environ['tiddlyweb.config'].get('cookie_age', None)
user = User(username)
user = store.get(user)
if user.check_password(password):
uri = '%s%s' % (server_host_url(environ), redirect)
cookie_header_string = make_cookie(
'tiddlyweb_user',
user.usersign,
mac_key=secret,
path=self._cookie_path(environ),
expires=cookie_age)
logging.debug('303 to %s', uri)
start_response('303 Other',
[('Set-Cookie', cookie_header_string),
('Content-Type', 'text/plain'),
('Location', uri.encode('utf-8'))])
return [uri]
except KeyError:
pass
except NoUserError:
pass
return self._send_cookie_form(environ, start_response, redirect,
status, 'User or Password no good')
def _status_gather_data(environ):
"""
Monkey patch twp.status to add additional information
specific to TiddlySpace.
"""
data = original_gather_data(environ)
data['server_host'] = environ['tiddlyweb.config']['server_host']
data['tiddlyspace_version'] = environ['tiddlyweb.config'][
'tiddlyspace.version']
# gather space data
http_host, host_url = determine_host(environ)
if http_host != host_url:
space_name = determine_space(environ, http_host)
try:
recipe_name = determine_space_recipe(environ, space_name)
data['space'] = {'name': space_name, 'recipe': recipe_name}
except HTTP404:
pass
# ensure user is known
usersign = environ['tiddlyweb.usersign']['name']
store = environ['tiddlyweb.store']
try:
store.get(User(usersign))
except NoUserError:
data['username'] = '******'
if usersign != 'GUEST':
data['identity'] = usersign
return data
def establish_user_auth(config, store, host, username):
user = User(username)
mapping_username = '******' % username
mapping_tiddler = Tiddler(mapping_username, 'MAPUSER')
mapping_tiddler.fields['mapped_user'] = username
try:
store.delete(user)
except StoreError:
pass
try:
store.delete(mapping_tiddler)
except IOError:
pass
user.add_role('MEMBER')
user.note = '{}'
store.put(user)
ensure_bag('MAPUSER', store)
store.put(mapping_tiddler)
stamp = datetime.utcnow().strftime('%Y%m%d%H')
csrf = gen_nonce(username, host, stamp, config['secret'])
cookie = make_cookie('tiddlyweb_user',
mapping_username,
mac_key=config['secret'],
httponly=False)
return cookie, csrf
def setup_module(module):
make_test_env(module)
httplib2_intercept.install()
wsgi_intercept.add_wsgi_intercept('0.0.0.0', 8080, app_fn)
wsgi_intercept.add_wsgi_intercept('cdent.0.0.0.0', 8080, app_fn)
wsgi_intercept.add_wsgi_intercept('bar.example.com', 8080, app_fn)
make_fake_space(module.store, 'cdent')
user = User('cdent')
user.set_password('cow')
module.store.put(user)
module.auth = b64encode('cdent:cow')
user = User('fnd')
user.set_password('pig')
module.store.put(user)
module.badauth = b64encode('fnd:pig')
module.http = httplib2.Http()
def setup_module(module):
config['system_plugins'].append('test.test_web_extract')
initialize_app()
reset_textstore()
module.store = _teststore()
user = User('cow')
user.set_password('pig')
module.store.put(user)
def list_users(self):
"""
List all the users in the store.
"""
path = os.path.join(self._store_root(), 'users')
users = self._files_in_dir(path)
return (User(urllib.unquote(user).decode('utf-8')) for user in users)
def setup_module(module):
make_test_env(module)
httplib2_intercept.install()
from tiddlyweb.config import config
config['blacklisted_spaces'] = ['scrappy']
wsgi_intercept.add_wsgi_intercept('0.0.0.0', 8080, app_fn)
wsgi_intercept.add_wsgi_intercept('cdent.0.0.0.0', 8080, app_fn)
make_fake_space(module.store, 'cdent')
user = User('cdent')
user.set_password('cow')
module.store.put(user)
user = User('fnd')
user.set_password('bird')
module.store.put(user)
user = User('psd')
user.set_password('cat')
module.store.put(user)
def setup_module(module):
initialize_app()
reset_textstore()
module.store = _teststore()
user = User(name)
user.set_password(name)
module.store.put(user)
module.cookie = None
def test_simple_get():
user = User('cdent')
user = store.get(user)
assert user.note == 'foo'
assert user.check_password('cowpig')
assert sorted(user.list_roles()) == ['ADMIN', 'BOSS']
assert not user.check_password('pigcow')
def test_delete_users():
user = User('test1')
store.delete(user)
users = list(store.list_users())
assert len(users) == 2
usernames = [user.usersign for user in users]
assert 'test1' not in usernames
