def make_user(username, password):
user = User(username)
user.set_password(password)
store.put(user)
secret_string = sha('%s%s' % (username, config['secret'])).hexdigest()
return secret_string
def test_cookie_set():
"""
test that we get a cookie relating to the space we are in
"""
store = get_store(config)
space = 'foo'
make_fake_space(store, space)
user = User('foo')
user.set_password('foobar')
store.put(user)
user_cookie = get_auth('foo', 'foobar')
response, content = http.request('http://foo.0.0.0.0:8080/status',
method='GET',
headers={
'Cookie': 'tiddlyweb_user="******"' % user_cookie
})
assert response['status'] == '200', content
time = datetime.now().strftime('%Y%m%d%H')
cookie = 'csrf_token=%s:%s:%s' % (time, user.usersign,
sha('%s:%s:%s:%s' % (user.usersign,
time, space, config['secret'])).hexdigest())
assert response['set-cookie'] == cookie
def _init_store(self, struct):
"""
creates basic store structure with bags, recipes and users
(no support for user passwords for security reasons)
"""
store = get_store(self.init_config)
bags = struct.get("bags", {})
for name, data in bags.items():
desc = data.get("desc")
bag = Bag(name, desc=desc)
constraints = data.get("policy", {})
_set_policy(bag, constraints)
store.put(bag)
recipes = struct.get("recipes", {})
for name, data in recipes.items(): # TODO: DRY
desc = data.get("desc")
recipe = Recipe(name, desc=desc)
recipe.set_recipe(data["recipe"])
constraints = data.get("policy", {})
_set_policy(recipe, constraints)
store.put(recipe)
users = struct.get("users", {})
for name, data in users.items():
note = data.get("note")
user = User(name, note=note)
password = data.get("_password")
if password:
user.set_password(password)
for role in data.get("roles", []):
user.add_role(role)
store.put(user)
def register_user(environ, start_response):
username, password, confirmation = [environ['tiddlyweb.query'][param][0] for
param in ('username', 'password', 'password_confirmation')]
user = User(username)
store = environ['tiddlyweb.store']
try:
store.get(user)
available = False
except NoUserError:
available = username not in BLACKLIST
if not available:
raise HTTP409('username unavailable')
if not password == confirmation:
raise HTTP400('passwords do not match')
_create_wiki(store, username, username, private=True)
user.set_password(password)
store.put(user)
index = Tiddler('index', username)
index.type = 'text/x-markdown'
index.text = "Welcome to %s's personal wiki." % username
store.put(index)
cookie = make_cookie('tiddlyweb_user', user.usersign,
path=uri('front page', environ),
mac_key=environ['tiddlyweb.config']['secret'],
expires=environ['tiddlyweb.config'].get('cookie_age', None))
start_response('303 See Other', [('Set-Cookie', cookie),
('Location', uri('dashboard', environ).encode('UTF-8'))])
return ['']
def test_cookie_set():
"""
test that we get a cookie relating to the space we are in
"""
store = get_store(config)
space = 'foo'
make_fake_space(store, space)
user = User('foo')
user.set_password('foobar')
store.put(user)
user_cookie = get_auth('foo', 'foobar')
response, _ = http.request(
'http://foo.0.0.0.0:8080/status',
method='GET',
headers={'Cookie': 'tiddlyweb_user="******"' % user_cookie})
assert response['status'] == '200'
time = datetime.now().strftime('%Y%m%d%H')
cookie = 'csrf_token=%s:%s:%s' % (
time, user.usersign,
sha('%s:%s:%s:%s' %
(user.usersign, time, space, config['secret'])).hexdigest())
assert response['set-cookie'] == cookie
def test_cookie_set():
"""
test that we get a cookie relating to the space we are in
"""
store = get_store(config)
hostname = "foo.0.0.0.0:8080"
user = User(u"f\u00F6o")
user.set_password("foobar")
store.put(user)
user_cookie = get_auth(u"f\u00F6o", "foobar")
response, content = http.request(
"http://foo.0.0.0.0:8080/", method="GET", headers={"Cookie": 'tiddlyweb_user="******"' % user_cookie}
)
assert response["status"] == "200", content
time = datetime.utcnow().strftime("%Y%m%d%H")
cookie = "csrf_token=%s:%s:%s" % (
time,
user.usersign,
sha("%s:%s:%s:%s" % (user.usersign, time, hostname, config["secret"])).hexdigest(),
)
assert response["set-cookie"] == quote(cookie.encode("utf-8"), safe=".!~*'():=")
def setup_module(module):
"""
clean up the store, establish a registered client
"""
clean_store()
module.store = get_store(config)
environ = {'tiddlyweb.config': config, 'tiddlyweb.store': module.store}
ensure_bags(config)
# make an application and store that info
app = create(name='testapp', owner='appowner1',
app_url='http://our_test_domain:8001',
callback_url='http://our_test_domain:8001/_oauth/callback')
client_id = app.title
client_secret = app.fields['client_secret']
store_app(environ, app)
config['oauth.servers']['testserver']['client_id'] = client_id
config['oauth.servers']['testserver']['client_secret'] = client_secret
module.client_id = client_id
initialize_app(config)
module.http = Http()
# we need a user who is going to use the client app
user = User('cdent')
user.set_password('cowpig')
module.store.put(user)
def test_no_cookie_sent():
"""
Test no cookie is sent if one is already present
"""
store = get_store(config)
space = 'foo'
make_fake_space(store, space)
user = User('foo')
user.set_password('foobar')
store.put(user)
user_cookie = get_auth('foo', 'foobar')
time = datetime.now().strftime('%Y%m%d%H')
cookie = 'csrf_token=%s:%s:%s' % (
time, user.usersign,
sha('%s:%s:%s:%s' %
(user.usersign, time, space, config['secret'])).hexdigest())
response, _ = http.request(
'http://foo.0.0.0.0:8080/status',
method='GET',
headers={'Cookie': 'tiddlyweb_user="******"; %s' % (user_cookie, cookie)})
cookie = response.get('set-cookie')
if cookie:
assert 'csrf_token' not in cookie
def setup_module(module):
try:
shutil.rmtree('store')
except:
pass # !!!
config['server_host'] = {
'host': 'our_test_domain',
'port': '8001',
'scheme': 'http',
}
from tiddlyweb.web import serve
# we have to have a function that returns the callable,
# Selector just _is_ the callable
def app_fn():
return serve.load_app()
#wsgi_intercept.debuglevel = 1
httplib2_intercept.install()
wsgi_intercept.add_wsgi_intercept('our_test_domain', 8001, app_fn)
environ = {'tiddlyweb.config': config}
module.store = Store(config['server_store'][0], config['server_store'][1], environ)
admin = User('admin')
admin.add_role('ADMIN')
admin.set_password('spank')
module.store.put(admin)
module.admin_authorization = b64encode('admin:spank')
module.user_authorization = b64encode('cdent:pigdog')
def test_users():
userc = User('cdent')
userc.set_password('foobar')
userc.add_role('ADMIN')
userc.note = 'A simple programmer of matter'
store.put(userc)
userf = User('FND')
userf.set_password('I<3whitespace')
store.put(userf)
user2 = store.get(User('cdent'))
assert user2.usersign == userc.usersign
assert user2.check_password('foobar')
assert user2.list_roles() == userc.list_roles()
assert user2.note == userc.note
users = list(store.list_users())
assert len(users) == 2
assert ['FND', 'cdent'] == sorted([user.usersign for user in users])
store.delete(User('FND'))
users = list(store.list_users())
assert len(users) == 1
py.test.raises(NoUserError, "store.get(User('FND'))")
def test_no_cookie_sent():
"""
Test no cookie is sent if one is already present
"""
store = get_store(config)
space = 'foo'
make_fake_space(store, space)
user = User('foo')
user.set_password('foobar')
store.put(user)
user_cookie = get_auth('foo', 'foobar')
time = datetime.now().strftime('%Y%m%d%H')
cookie = 'csrf_token=%s:%s:%s' % (time, user.usersign,
sha('%s:%s:%s:%s' % (user.usersign,
time, space, config['secret'])).hexdigest())
response, _ = http.request('http://foo.0.0.0.0:8080/status',
method='GET',
headers={
'Cookie': 'tiddlyweb_user="******"; %s' % (user_cookie, cookie)
})
cookie = response.get('set-cookie')
if cookie:
assert 'csrf_token' not in cookie
def setup_module(module):
initialize_app()
reset_textstore()
module.store = _teststore()
user = User(u'cd\u2714nt')
user.set_password('cowpig')
module.store.put(user)
muchdata(module.store)
def setup_module(module):
initialize_app()
reset_textstore()
module.store = _teststore()
user = User(name)
user.set_password(name)
module.store.put(user)
module.cookie = None
def setup_module(module):
initialize_app()
reset_textstore()
module.store = _teststore()
user = User(name)
user.set_password(name)
module.store.put(user)
module.cookie = None
def setup_module(module):
config['system_plugins'].append('test.test_web_extract')
initialize_app()
reset_textstore()
module.store = _teststore()
user = User('cow')
user.set_password('pig')
module.store.put(user)
def setup_module(module):
config['system_plugins'].append('test.test_web_extract')
initialize_app()
reset_textstore()
module.store = _teststore()
user = User('cow')
user.set_password('pig')
module.store.put(user)
def setup_module(module):
initialize_app()
reset_textstore()
module.store = _teststore()
user = User(u'cd\u2714nt')
user.set_password('cowpig')
module.store.put(user)
muchdata(module.store)
def test_simple_put():
user = User('cdent', note='foo')
user.set_password('cowpig')
user.add_role('ADMIN')
user.add_role('BOSS')
store.put(user)
assert os.path.exists(expected_stored_filename)
def _create_user(environ, start_response, creation=0, expiration=0, role='tier1'):
domain = get_domain(environ['HTTP_HOST'])
if creation == 0:
creation = time.time()
store = environ['tiddlyweb.store']
query = environ['tiddlyweb.query']
name = query.get('name', [None])[0]
email = query.get('email', [None])[0]
company = query.get('company', [None])[0]
country = query.get('country', [None])[0]
if not (name and email):
# The form has not been filled out
return _user_form(environ, start_response, role=role, message='Missing Data!',
formdata={'name': name, 'email': email,
'company': company, 'country': country})
user = User(email)
try:
user = store.get(user)
# User exists!
return _user_form(environ, start_response, role=role, message='That account already exists!',
formdata={'name': name, 'email': email,
'company': company, 'country': country})
except NoUserError:
password = _random_pass()
user.set_password(password)
user.add_role(role)
store.put(user)
bag_name = environ['tiddlyweb.config'].get('magicuser.bag', 'MAGICUSER')
ensure_bag(bag_name, store, policy_dict={
'read': ['NONE'], 'write': ['NONE'],
'create': ['NONE'], 'manage': ['NONE']})
tiddler = Tiddler(email, bag_name)
tiddler.fields['country'] = country
tiddler.fields['company'] = company
tiddler.fields['name'] = name
# Set the creation and expiration times.
now = time.time()
tiddler.fields['creation'] = '%s' % creation
tiddler.fields['expiry'] = '%s' % expiration
store.put(tiddler)
to_address = email
subject = domain+" user info"
body = """
Here's your info:
Username: %s
Password: %s
""" % (email, password)
query_string = '?email=%s' % to_address
try:
send_email(to_address, subject=subject, body=body, from_='avox@'+domain)
query_string += '&success=1&role=%s' % role
raise HTTP303(server_base_url(environ)+'/pages/new_account'+query_string)
except socket.error:
logging.debug('failed to send: %s:%s:%s', to_address, subject, body)
query_string += '&failure=1&role=%s' % role
raise HTTP302(server_base_url(environ)+'/pages/new_account'+query_string)
def test_post_data_multipart_form():
"""
test that a form POST requires a nonce
test using multipart/form-data
"""
store = get_store(config)
hostname = "foo.0.0.0.0:8080"
user = User(u"f\u00F6o")
user.set_password("foobar")
store.put(user)
timestamp = datetime.utcnow().strftime("%Y%m%d%H")
secret = config["secret"]
nonce = "%s:%s:%s" % (
timestamp,
user.usersign,
sha("%s:%s:%s:%s" % (user.usersign, timestamp, hostname, secret)).hexdigest(),
)
user_cookie = get_auth(u"f\u00F6o", "foobar")
csrf_token = "csrf_token=%s" % nonce
data = """---------------------------168072824752491622650073
Content-Disposition: form-data; name="title"
foobar
---------------------------168072824752491622650073
Content-Disposition: form-data; name="text"
Hello World
---------------------------168072824752491622650073--"""
# test success
uri = "http://foo.0.0.0.0:8080/bags/foo_public/tiddlers?%s" % csrf_token
response, content = http.request(
uri,
method="POST",
headers={
"Content-Type": "multipart/form-data; " "boundary=---------------------------168072824752491622650073",
"Cookie": 'tiddlyweb_user="******"' % user_cookie,
"Content-Length": "390",
},
body=data,
)
assert response["status"] == "204", content
# test failure
response, _ = http.request(
"http://foo.0.0.0.0:8080/bags/foo_public/tiddlers",
method="POST",
headers={
"Content-Type": "multipart/form-data; " "boundary=---------------------------168072824752491622650073",
"Cookie": 'tiddlyweb_user="******"' % user_cookie,
"Content-Length": "267",
},
body=data,
)
assert response["status"] == "400"
def setup_module(module):
make_test_env(module)
httplib2_intercept.install()
wsgi_intercept.add_wsgi_intercept('0.0.0.0', 8080, app_fn)
wsgi_intercept.add_wsgi_intercept('cdent.0.0.0.0', 8080, app_fn)
make_fake_space(module.store, 'cdent')
user = User('cdent')
user.set_password('cow')
module.store.put(user)
module.http = httplib2.Http()
def setup_module(module):
config["auth_systems"].append("not.really.there")
initialize_app()
reset_textstore()
module.store = _teststore()
muchdata(module.store)
user = User("cdent")
user.set_password("cowpig")
store.put(user)
def setup_module(module):
make_test_env(module)
httplib2_intercept.install()
wsgi_intercept.add_wsgi_intercept('0.0.0.0', 8080, app_fn)
wsgi_intercept.add_wsgi_intercept('cdent.0.0.0.0', 8080, app_fn)
make_fake_space(module.store, 'cdent')
user = User('cdent')
user.set_password('cow')
module.store.put(user)
module.http = httplib2.Http()
def setup_module(module):
config['auth_systems'].append('not.really.there')
initialize_app()
reset_textstore()
module.store = _teststore()
muchdata(module.store)
user = User('cdent')
user.set_password('cowpig')
store.put(user)
def test_post_data_multipart_form():
"""
test that a form POST requires a nonce
test using multipart/form-data
"""
store = get_store(config)
space = 'foo'
make_fake_space(store, space)
user = User('foo')
user.set_password('foobar')
store.put(user)
timestamp = datetime.now().strftime('%Y%m%d%H')
secret = config['secret']
nonce = '%s:%s:%s' % (
timestamp, user.usersign,
sha('%s:%s:%s:%s' %
(user.usersign, timestamp, space, secret)).hexdigest())
user_cookie = get_auth('foo', 'foobar')
csrf_token = 'csrf_token=%s' % nonce
data = '''---------------------------168072824752491622650073
Content-Disposition: form-data; name="title"
foobar
---------------------------168072824752491622650073
Content-Disposition: form-data; name="text"
Hello World
---------------------------168072824752491622650073--'''
#test success
uri = 'http://foo.0.0.0.0:8080/bags/foo_public/tiddlers?%s' % csrf_token
response, content = http.request(uri,
method='POST',
headers={
'Content-Type': 'multipart/form-data; ' \
'boundary=---------------------------168072824752491622650073',
'Cookie': 'tiddlyweb_user="******"' % user_cookie,
'Content-Length': '390'
},
body=data)
print content
assert response['status'] == '204'
#test failure
response, _ = http.request('http://foo.0.0.0.0:8080/bags/foo_public/tiddlers',
method='POST',
headers={
'Content-Type': 'multipart/form-data; ' \
'boundary=---------------------------168072824752491622650073',
'Cookie': 'tiddlyweb_user="******"' % user_cookie,
'Content-Length': '267'
},
body=data)
assert response['status'] == '400'
def test_simple_put():
user = User("cdent", note="foo")
user.set_password("cowpig")
user.add_role("ADMIN")
user.add_role("BOSS")
store.put(user)
if type(store.storage) != tiddlyweb.stores.text.Store:
py.test.skip("skipping this test for non-text store")
assert os.path.exists(expected_stored_filename)
def setup_module(module):
make_test_env(module)
from tiddlyweb.config import config
module.secret = config['secret']
httplib2_intercept.install()
wsgi_intercept.add_wsgi_intercept('0.0.0.0', 8080, app_fn)
user = User('cdent')
user.set_password('cow')
module.store.put(user)
user = User('fnd')
module.store.put(user)
def test_post_data_multipart_form():
"""
test that a form POST requires a nonce
test using multipart/form-data
"""
store = get_store(config)
space = 'foo'
make_fake_space(store, space)
user = User('foo')
user.set_password('foobar')
store.put(user)
timestamp = datetime.now().strftime('%Y%m%d%H')
secret = config['secret']
nonce = '%s:%s:%s' % (timestamp, user.usersign,
sha('%s:%s:%s:%s' % (user.usersign, timestamp, space, secret)).
hexdigest())
user_cookie = get_auth('foo', 'foobar')
csrf_token = 'csrf_token=%s' % nonce
data = '''---------------------------168072824752491622650073
Content-Disposition: form-data; name="title"
foobar
---------------------------168072824752491622650073
Content-Disposition: form-data; name="text"
Hello World
---------------------------168072824752491622650073--'''
#test success
uri = 'http://foo.0.0.0.0:8080/bags/foo_public/tiddlers?%s' % csrf_token
response, content = http.request(uri,
method='POST',
headers={
'Content-Type': 'multipart/form-data; ' \
'boundary=---------------------------168072824752491622650073',
'Cookie': 'tiddlyweb_user="******"' % user_cookie,
'Content-Length': '390'
},
body=data)
print content
assert response['status'] == '204'
#test failure
response, _ = http.request('http://foo.0.0.0.0:8080/bags/foo_public/tiddlers',
method='POST',
headers={
'Content-Type': 'multipart/form-data; ' \
'boundary=---------------------------168072824752491622650073',
'Cookie': 'tiddlyweb_user="******"' % user_cookie,
'Content-Length': '267'
},
body=data)
assert response['status'] == '400'
def setup_module(module):
initialize_app()
reset_textstore()
module.store = _teststore()
bag = Bag('bag0')
module.store.put(bag)
user = User('cdent')
user.set_password('cowpig')
module.store.put(user)
def setup_module(module):
initialize_app()
reset_textstore()
module.store = _teststore()
bag = Bag('bag0')
module.store.put(bag)
user = User('cdent')
user.set_password('cowpig')
module.store.put(user)
def test_simple_put():
user = User('cdent', note='foo')
user.set_password('cowpig')
user.add_role('ADMIN')
user.add_role('BOSS')
store.put(user)
if type(store.storage) != tiddlyweb.stores.text.Store:
py.test.skip('skipping this test for non-text store')
assert os.path.exists(expected_stored_filename)
def http_test():
initialize_app()
reset_textstore()
store = _teststore()
muchdata(store)
# we're going to need a user for testing auth stuff
# so make that now
user = User('cdent')
user.set_password('cowpig')
store.put(user)
def setup_module(module):
make_test_env(module)
from tiddlyweb.config import config
module.secret = config['secret']
httplib2_intercept.install()
wsgi_intercept.add_wsgi_intercept('0.0.0.0', 8080, app_fn)
user = User('cdent')
user.set_password('cow')
module.store.put(user)
user = User('fnd')
module.store.put(user)
def test_simple_put():
user = User('cdent', note='foo')
user.set_password('cowpig')
user.add_role('ADMIN')
user.add_role('BOSS')
store.put(user)
if type(store.storage) != tiddlyweb.stores.text.Store:
py.test.skip('skipping this test for non-text store')
assert os.path.exists(expected_stored_filename)
def http_test():
initialize_app()
reset_textstore()
store = _teststore()
muchdata(store)
# we're going to need a user for testing auth stuff
# so make that now
user = User('cdent')
user.set_password('cowpig')
store.put(user)
def setup_module(module):
make_test_env(module, hsearch=True)
httplib2_intercept.install()
wsgi_intercept.add_wsgi_intercept("0.0.0.0", 8080, app_fn)
wsgi_intercept.add_wsgi_intercept("cdent.0.0.0.0", 8080, app_fn)
wsgi_intercept.add_wsgi_intercept("fnd.0.0.0.0", 8080, app_fn)
make_fake_space(module.store, "cdent")
make_fake_space(module.store, "fnd")
user = User("cdent")
user.set_password("cow")
module.store.put(user)
module.http = httplib2.Http()
def setup_module(module):
make_test_env(module)
from tiddlyweb.config import config
module.secret = config["secret"]
httplib2_intercept.install()
wsgi_intercept.add_wsgi_intercept("0.0.0.0", 8080, app_fn)
user = User("cdent")
user.set_password("cow")
module.store.put(user)
user = User("fnd")
module.store.put(user)
def setup_module(module):
clean_store()
module.store = get_store(config)
module.environ = {'tiddlyweb.config': config,
'tiddlyweb.store': module.store}
ensure_bags(config)
initialize_app(config)
module.http = Http()
user = User('cdent')
user.set_password('cowpig')
module.store.put(user)
def test_store_user():
user = User('testuser')
user.set_password('testpass')
user.add_role('testrole')
store.put(user)
assert os.path.exists('store/testuser.user')
loaded_user = User('testuser')
loaded_user = store.get(loaded_user)
assert loaded_user.check_password('testpass')
def test_store_user():
user = User('testuser')
user.set_password('testpass')
user.add_role('testrole')
store.put(user)
assert os.path.exists('store/testuser.user')
loaded_user = User('testuser')
loaded_user = store.get(loaded_user)
assert loaded_user.check_password('testpass')
def test_users():
userc = User(name)
userc.set_password(name)
userc.add_role('ADMIN')
userc.note = 'A simple programmer of matter'
store.put(userc)
user2 = store.get(User(name))
assert user2.usersign == userc.usersign
assert user2.check_password(name)
assert user2.list_roles() == userc.list_roles()
assert user2.note == userc.note
def setup_module(module):
make_test_env(module)
httplib2_intercept.install()
wsgi_intercept.add_wsgi_intercept('0.0.0.0', 8080, app_fn)
wsgi_intercept.add_wsgi_intercept('thing.0.0.0.0', 8080, app_fn)
wsgi_intercept.add_wsgi_intercept('foo.0.0.0.0', 8080, app_fn)
user = User('thingone')
user.set_password('how')
store.put(user)
user = User('thingtwo')
user.set_password('how')
store.put(user)
module.http = httplib2.Http()
def setup_module(module):
make_test_env(module)
httplib2_intercept.install()
wsgi_intercept.add_wsgi_intercept("0.0.0.0", 8080, app_fn)
wsgi_intercept.add_wsgi_intercept("thing.0.0.0.0", 8080, app_fn)
wsgi_intercept.add_wsgi_intercept("foo.0.0.0.0", 8080, app_fn)
user = User("thingone")
user.set_password("how")
store.put(user)
user = User("thingtwo")
user.set_password("how")
store.put(user)
module.http = httplib2.Http()
def setup_module(module):
initialize_app()
module.store = Store(config['server_store'][0], config['server_store'][1],
{'tiddlyweb.config': config})
bag = Bag('MAPUSER')
module.store.put(bag)
user = User('ben')
user.set_password('mocha')
module.store.put(user)
user = User('chris')
user.set_password('piccolo')
module.store.put(user)
def setup_module(module):
clean_store()
module.store = get_store(config)
module.environ = {
'tiddlyweb.config': config,
'tiddlyweb.store': module.store
}
ensure_bags(config)
initialize_app(config)
module.http = Http()
user = User('cdent')
user.set_password('cowpig')
module.store.put(user)
def setup_module(module):
initialize_app()
reset_textstore()
module.store = _teststore()
muchdata(module.store)
user = User('cdent')
user.set_password('cowpig')
module.store.put(user)
try:
os.mkdir('.test_cache')
except OSError:
pass # we don't care if it already exists
def http_test(test_data, base):
global tests, store, base_url
base_url = base
tests = test_data
initialize_app()
reset_textstore()
store = _teststore()
muchdata(store)
# we're going to need a user for testing auth stuff
# so make that now
user = User('cdent')
user.set_password('cowpig')
store.put(user)
def test_status_base_auth():
user = User('foo')
user.set_password('foobar')
store.put(user)
user_cookie = get_auth('foo', 'foobar')
change_space_member(store, 'thing', add='foo')
response, content = http.request(
'http://0.0.0.0:8080/status',
headers={'Cookie': 'tiddlyweb_user="******"' % user_cookie})
assert response['status'] == '200'
info = simplejson.loads(content)
assert info['username'] == 'foo'
assert 'space' not in info
def setup_module(module):
make_test_env(module)
httplib2_intercept.install()
wsgi_intercept.add_wsgi_intercept('0.0.0.0', 8080, app_fn)
wsgi_intercept.add_wsgi_intercept('cdent.0.0.0.0', 8080, app_fn)
make_fake_space(module.store, 'fnd')
make_fake_space(module.store, 'cdent')
make_fake_space(module.store, 'psd')
users = {'fnd': 'foo', 'cdent': 'bar', 'psd': 'baz'}
for username, password in users.items():
user = User(username)
user.set_password(password)
module.store.put(user)
def setup_module(module):
make_test_env(module)
httplib2_intercept.install()
wsgi_intercept.add_wsgi_intercept('0.0.0.0', 8080, app_fn)
wsgi_intercept.add_wsgi_intercept('cdent.0.0.0.0', 8080, app_fn)
wsgi_intercept.add_wsgi_intercept('bar.example.com', 8080, app_fn)
make_fake_space(module.store, 'cdent')
user = User('cdent')
user.set_password('cow')
module.store.put(user)
module.auth = b64encode('cdent:cow')
user = User('fnd')
user.set_password('pig')
module.store.put(user)
module.badauth = b64encode('fnd:pig')
module.http = httplib2.Http()
def setup_module(module):
from tiddlyweb.filters.select import ATTRIBUTE_SELECTOR
from tiddlyweb.filters import FilterError
def hell_raiser(entity, attribute, value):
raise FilterError('no good man')
ATTRIBUTE_SELECTOR['error'] = hell_raiser
initialize_app()
reset_textstore()
module.store = _teststore()
muchdata(module.store)
user = User('cdent')
user.set_password('cowpig')
module.store.put(user)
def userpass(args):
"""Change the password of an existing user. <username> <password>"""
try:
username, password = args[0:2]
except (IndexError, ValueError) as exc:
usage('you must provide both a user and a password')
try:
store = _store()
user = User(username)
user = store.get(user)
user.set_password(password)
store.put(user)
except Exception as exc:
usage('unable to set password for user: %s' % exc)
return True
def test_invalid_cookie():
"""
Test that an invalid/old cookie causes a new cookie to be sent
"""
store = get_store(config)
space = 'foo'
make_fake_space(store, space)
user = User('foo')
user.set_password('foobar')
store.put(user)
user_cookie = get_auth('foo', 'foobar')
time = datetime.now() - timedelta(hours=3)
time = time.strftime('%Y%m%d%H')
cookie = 'csrf_token=%s:%s:%s' % (
time, user.usersign,
sha('%s:%s:%s:%s' %
(user.usersign, time, space, config['secret'])).hexdigest())
response, _ = http.request(
'http://foo.0.0.0.0:8080/status',
method='GET',
headers={'Cookie': 'tiddlyweb_user="******"; %s' % (user_cookie, cookie)})
assert 'csrf_token' in response['set-cookie']
cookie = 'csrf_token=adiudh9389wefnf98'
response, _ = http.request(
'http://foo.0.0.0.0:8080/status',
method='GET',
headers={'Cookie': 'tiddlyweb_user="******"; %s' % (user_cookie, cookie)})
assert 'csrf_token' in response['set-cookie']
user2 = User('bar')
user2.set_password('foobar')
store.put(user2)
user2_cookie = get_auth('bar', 'foobar')
response, _ = http.request(
'http://foo.0.0.0.0:8080/status',
method='GET',
headers={'Cookie': 'tiddlyweb_user="******"; %s' % (user2_cookie, cookie)})
assert 'csrf_token' in response.get('set-cookie', '')
def test_post_data_form_urlencoded():
"""
test that a form POST requires a nonce
test using application/x-www-form-urlencoded
"""
store = get_store(config)
space = 'foo'
make_fake_space(store, space)
user = User('foo')
user.set_password('foobar')
store.put(user)
timestamp = datetime.now().strftime('%Y%m%d%H')
secret = config['secret']
nonce = '%s:%s:%s' % (
timestamp, user.usersign,
sha('%s:%s:%s:%s' %
(user.usersign, timestamp, space, secret)).hexdigest())
user_cookie = get_auth('foo', 'foobar')
csrf_token = 'csrf_token="%s"' % nonce
data = 'title=foobar&text=hello%20world'
#test success
response, _ = http.request(
'http://foo.0.0.0.0:8080/bags/foo_public/tiddlers',
method='POST',
headers={
'Content-type': 'application/x-www-form-urlencoded',
'Cookie': 'tiddlyweb_user="******"; %s' % (user_cookie, csrf_token)
},
body='%s&csrf_token=%s' % (data, nonce))
assert response['status'] == '204'
#test failure
response, _ = http.request('http://0.0.0.0:8080/bags/foo_public/tiddlers',
method='POST',
headers={
'Content-type':
'application/x-www-form-urlencoded',
'Cookie':
'tiddlyweb_user="******"' % user_cookie
},
body='%s' % data)
assert response['status'] == '400'
def test_nonce_not_left_over():
"""
Test that the nonce is not left over in the tiddler after a POST
i.e. check that it is removed before the request continues
"""
store = get_store(config)
space = 'foo'
make_fake_space(store, space)
user = User('foo')
user.set_password('foobar')
store.put(user)
timestamp = datetime.now().strftime('%Y%m%d%H')
secret = config['secret']
nonce = '%s:%s:%s' % (
timestamp, user.usersign,
sha('%s:%s:%s:%s' %
(user.usersign, timestamp, space, secret)).hexdigest())
user_cookie = get_auth('foo', 'foobar')
csrf_token = 'csrf_token=%s' % nonce
data = 'title=foobar&text=hello%20world&extra_field=baz'
#test success
response, _ = http.request(
'http://foo.0.0.0.0:8080/bags/foo_public/tiddlers',
method='POST',
headers={
'Content-type': 'application/x-www-form-urlencoded',
'Cookie': 'tiddlyweb_user="******"' % user_cookie
},
body='%s&csrf_token=%s' % (data, nonce))
assert response['status'] == '204'
new_tiddler = Tiddler('foobar')
new_tiddler.bag = 'foo_public'
new_tiddler = store.get(new_tiddler)
assert new_tiddler.title == 'foobar'
assert new_tiddler.text == 'hello world'
assert new_tiddler.fields.get('extra_field') == 'baz'
assert new_tiddler.fields.get('nonce') == None
def adduser(args):
"""Add or update a user to the database: <username> <password> [[role] [role] ...]"""
try:
username, password = args[0:2]
except (IndexError, ValueError):
usage('you must include at least a username and password')
try:
roles = args[2:]
except IndexError:
roles = []
# this will raise an except to be caught by the handler
store = _store()
user = User(username)
user.set_password(password)
for role in roles:
user.add_role(role)
store.put(user)
return True
def setup_module(module):
make_test_env(module)
httplib2_intercept.install()
from tiddlyweb.config import config
config['blacklisted_spaces'] = ['scrappy']
wsgi_intercept.add_wsgi_intercept('0.0.0.0', 8080, app_fn)
wsgi_intercept.add_wsgi_intercept('cdent.0.0.0.0', 8080, app_fn)
make_fake_space(module.store, 'cdent')
user = User('cdent')
user.set_password('cow')
module.store.put(user)
user = User('fnd')
user.set_password('bird')
module.store.put(user)
user = User('psd')
user.set_password('cat')
module.store.put(user)
def test_space_not_expose_subscription_recipes():
make_fake_space(store, 'foo')
make_fake_space(store, 'bar')
make_fake_space(store, 'baz')
# add subscription (manual as this is currently insufficiently encapsulated)
public_recipe = store.get(Recipe('foo_public'))
private_recipe = store.get(Recipe('foo_private'))
public_recipe_list = public_recipe.get_recipe()
private_recipe_list = private_recipe.get_recipe()
public_recipe_list.insert(-1, ('bar_public', ''))
private_recipe_list.insert(-2, ('bar_public', ''))
public_recipe.set_recipe(public_recipe_list)
private_recipe.set_recipe(private_recipe_list)
store.put(public_recipe)
store.put(private_recipe)
http = httplib2.Http()
user = User('foo')
user.set_password('foobar')
store.put(user)
user_cookie = get_auth('foo', 'foobar')
response, content = http.request('http://foo.0.0.0.0:8080/recipes',
method='GET')
assert response['status'] == '200'
assert 'foo_public' in content, content
assert 'foo_private' not in content, content # not auth'd
assert 'bar_public' not in content, content
assert 'bar_private' not in content, content
assert 'baz_' not in content, content
response, content = http.request(
'http://foo.0.0.0.0:8080/recipes/foo_public', method='GET')
assert response['status'] == '200'
response, content = http.request(
'http://foo.0.0.0.0:8080/recipes/foo_private',
method='GET',
headers={'Cookie': 'tiddlyweb_user="******"' % user_cookie})
assert response['status'] == '200'
response, content = http.request(
'http://foo.0.0.0.0:8080/recipes/bar_public', method='GET')
assert response['status'] == '404'
response, content = http.request(
'http://foo.0.0.0.0:8080/recipes/bar_private',
method='GET',
headers={'Cookie': 'tiddlyweb_user="******"' % user_cookie})
assert response['status'] == '404'
response, content = http.request(
'http://foo.0.0.0.0:8080/recipes/baz_public', method='GET')
assert response['status'] == '404'
response, content = http.request(
'http://foo.0.0.0.0:8080/recipes/baz_private', method='GET')
assert response['status'] == '404'
