def test_api__reset_password_reset__err_400__expired_token(self): dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(models.User) \ .filter(models.User.email == '*****@*****.**') \ .one() uapi = UserApi( current_user=admin, session=dbsession, config=self.app_config, ) with freeze_time("1999-12-31 23:59:59"): reset_password_token = uapi.reset_password_notification( admin, do_save=True ) params = { 'email': '*****@*****.**', 'reset_password_token': reset_password_token, 'new_password': '******', 'new_password2': 'mynewpassword', } transaction.commit() with freeze_time("2000-01-01 00:00:05"): res = self.testapp.post_json( '/api/v2/auth/password/reset/modify', status=400, params=params, ) assert isinstance(res.json, dict) assert 'code' in res.json.keys() assert res.json_body['code'] == error.EXPIRED_RESET_PASSWORD_TOKEN # nopep8
def _populate_database(cls, settings: plaster_pastedeploy.ConfigDict, add_test_data: bool) -> None: engine = get_engine(settings) session_factory = get_session_factory(engine) app_config = CFG(settings) print("- Populate database with default data -") with transaction.manager: dbsession = get_tm_session(session_factory, transaction.manager) try: fixtures = [BaseFixture] fixtures_loader = FixturesLoader(dbsession, app_config) fixtures_loader.loads(fixtures) transaction.commit() if add_test_data: app_config.configure_filedepot() fixtures = [ContentFixture] fixtures_loader.loads(fixtures) transaction.commit() print("Database initialized.") except IntegrityError as exc: transaction.abort() print('Database initialization failed') raise DatabaseInitializationFailed( 'Warning, there was a problem when adding default data' ', it may have already been added.') from exc
def connect_database(self, create_tables: bool = False) -> None: self.engine = get_engine(self.settings) if create_tables: DeclarativeBase.metadata.create_all(self.engine) self.session_factory = get_session_factory(self.engine) self.session = get_tm_session(self.session_factory, transaction.manager)
def test_api__reset_password_reset__err_400__password_does_not_match(self): dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(models.User) \ .filter(models.User.email == '*****@*****.**') \ .one() uapi = UserApi( current_user=admin, session=dbsession, config=self.app_config, ) reset_password_token = uapi.reset_password_notification(admin, do_save=True) # nopep8 transaction.commit() params = { 'email': '*****@*****.**', 'reset_password_token': reset_password_token, 'new_password': '******', 'new_password2': 'anotherpassword', } res = self.testapp.post_json( '/api/v2/auth/password/reset/modify', status=400, params=params, ) assert isinstance(res.json, dict) assert 'code' in res.json.keys() assert res.json_body['code'] == error.PASSWORD_DO_NOT_MATCH
def test_api__reset_password_reset__err_400__invalid_token(self): dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(models.User) \ .filter(models.User.email == '*****@*****.**') \ .one() uapi = UserApi( current_user=admin, session=dbsession, config=self.app_config, ) reset_password_token = 'wrong_token' params = { 'email': '*****@*****.**', 'reset_password_token': reset_password_token, 'new_password': '******', 'new_password2': 'mynewpassword', } res = self.testapp.post_json( '/api/v2/auth/password/reset/modify', status=400, params=params, ) assert isinstance(res.json, dict) assert 'code' in res.json.keys() assert res.json_body['code'] == error.INVALID_RESET_PASSWORD_TOKEN
def test_api__post_content_comment__ok_200__nominal_case(self) -> None: """ Get alls comments of a content """ dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(models.User) \ .filter(models.User.email == '*****@*****.**') \ .one() # type: models.User workspace_api = WorkspaceApi(current_user=admin, session=dbsession, config=self.app_config) business_workspace = workspace_api.get_one(1) content_api = ContentApi(current_user=admin, session=dbsession, config=self.app_config) tool_folder = content_api.get_one( 1, content_type=content_type_list.Any_SLUG) test_thread = content_api.create( content_type_slug=content_type_list.Thread.slug, workspace=business_workspace, parent=tool_folder, label='Test Thread', do_save=True, do_notify=False, ) with new_revision( session=dbsession, tm=transaction.manager, content=test_thread, ): content_api.update_content(test_thread, new_label='test_thread_updated', new_content='Just a test') transaction.commit() self.testapp.authorization = ('Basic', ('*****@*****.**', '*****@*****.**')) params = {'raw_content': 'I strongly disagree, Tiramisu win!'} res = self.testapp.post_json( '/api/v2/workspaces/{}/contents/{}/comments'.format( business_workspace.workspace_id, test_thread.content_id), params=params, status=200) comment = res.json_body assert comment['content_id'] assert comment['parent_id'] == test_thread.content_id assert comment['raw_content'] == 'I strongly disagree, Tiramisu win!' assert comment['author'] assert comment['author']['user_id'] == admin.user_id # TODO - G.M - 2018-06-172 - [avatar] setup avatar url assert comment['author']['avatar_url'] is None assert comment['author']['public_name'] == admin.display_name # TODO - G.M - 2018-06-179 - better check for datetime assert comment['created']
def __call__(self, environ, start_response): # TODO - G.M - 18-05-2018 - This code should not create trouble # with thread and database, this should be verify. # see https://github.com/tracim/tracim_backend/issues/62 tm = transaction.manager dbsession = get_tm_session(self.session_factory, tm) environ['tracim_tm'] = tm environ['tracim_dbsession'] = dbsession environ['tracim_cfg'] = self.app_config app = self._application(environ, start_response) dbsession.close() return app
def test_api__post_content_comment__err_400__content_not_editable( self) -> None: """ Get alls comments of a content """ dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(models.User) \ .filter(models.User.email == '*****@*****.**') \ .one() # type: models.User workspace_api = WorkspaceApi(current_user=admin, session=dbsession, config=self.app_config) business_workspace = workspace_api.get_one(1) content_api = ContentApi(current_user=admin, session=dbsession, config=self.app_config) tool_folder = content_api.get_one( 1, content_type=content_type_list.Any_SLUG) test_thread = content_api.create( content_type_slug=content_type_list.Thread.slug, workspace=business_workspace, parent=tool_folder, label='Test Thread', do_save=True, do_notify=False, ) with new_revision( session=dbsession, tm=transaction.manager, content=test_thread, ): content_api.update_content(test_thread, new_label='test_thread_updated', new_content='Just a test') content_api.set_status(test_thread, 'closed-deprecated') transaction.commit() self.testapp.authorization = ('Basic', ('*****@*****.**', '*****@*****.**')) params = {'raw_content': 'I strongly disagree, Tiramisu win!'} res = self.testapp.post_json( '/api/v2/workspaces/{}/contents/{}/comments'.format( business_workspace.workspace_id, test_thread.content_id), params=params, status=400) assert res.json_body assert 'code' in res.json_body assert res.json_body['code'] == error.CONTENT_IN_NOT_EDITABLE_STATE
def set_html_document_slug_to_legacy(session_factory) -> None: """ Simple function to help some functional test. This modify "html-documents" type content in database to legacy "page" slug. :param session_factory: session factory of the test :return: Nothing. """ dbsession = get_tm_session(session_factory, transaction.manager) content_query = dbsession.query(ContentRevisionRO).filter( ContentRevisionRO.type == 'page').filter( ContentRevisionRO.content_id == 6) # nopep8 assert content_query.count() == 0 html_documents_query = dbsession.query(ContentRevisionRO).filter( ContentRevisionRO.type == 'html-document') # nopep8 html_documents_query.update({ContentRevisionRO.type: 'page'}) transaction.commit() assert content_query.count() > 0
def init_database(self) -> None: session = get_tm_session(self.session_factory, transaction.manager) with transaction.manager: try: DeclarativeBase.metadata.create_all(self.engine) fixtures_loader = FixturesLoader(session, self.app_config) fixtures_loader.loads(self.fixtures) transaction.commit() logger.info(self, "Database initialized.") except IntegrityError: logger.error( self, 'Warning, there was a problem when adding default data' # nopep8 ', it may have already been added:') import traceback logger.error(self, traceback.format_exc()) transaction.abort() logger.error(self, 'Database initialization failed')
def test_api__get_applications__ok_200__nominal_case(self): """ Get applications list with a registered user. """ self.testapp.authorization = ('Basic', ('*****@*****.**', '*****@*****.**')) res = self.testapp.get('/api/v2/system/applications', status=200) res = res.json_body dbsession = get_tm_session(self.session_factory, transaction.manager) app_api = ApplicationApi(app_list=app_list, ) applications = app_api.get_all() assert len(res) == len(applications) for counter, application in enumerate(applications): assert res[counter]['label'] == application.label assert res[counter]['slug'] == application.slug assert res[counter]['fa_icon'] == application.fa_icon assert res[counter]['hexcolor'] == application.hexcolor assert res[counter]['is_active'] == application.is_active assert res[counter]['config'] == application.config
def test_api__try_login_enpoint__err_401__user_not_activated(self): dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(models.User) \ .filter(models.User.email == '*****@*****.**') \ .one() uapi = UserApi( current_user=admin, session=dbsession, config=self.app_config, ) gapi = GroupApi( current_user=admin, session=dbsession, config=self.app_config, ) groups = [gapi.get_one_with_name('users')] test_user = uapi.create_user( email='*****@*****.**', password='******', name='bob', groups=groups, timezone='Europe/Paris', do_save=True, do_notify=False, ) uapi.save(test_user) uapi.disable(test_user) transaction.commit() params = { 'email': '*****@*****.**', 'password': '******', } res = self.testapp.post_json( '/api/v2/auth/login', params=params, status=403, ) assert res.json_body assert 'code' in res.json_body assert res.json_body['code'] == error.AUTHENTICATION_FAILED
def test_api__reset_password_check_token__ok_204__nominal_case(self): dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(models.User) \ .filter(models.User.email == '*****@*****.**') \ .one() uapi = UserApi( current_user=admin, session=dbsession, config=self.app_config, ) reset_password_token = uapi.reset_password_notification(admin, do_save=True) # nopep8 transaction.commit() params = { 'email': '*****@*****.**', 'reset_password_token': reset_password_token } self.testapp.post_json( '/api/v2/auth/password/reset/token/check', status=204, params=params, )
def test_api__try_whoami_enpoint__err_401__user_is_not_active(self): dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(models.User) \ .filter(models.User.email == '*****@*****.**') \ .one() uapi = UserApi( current_user=admin, session=dbsession, config=self.app_config, ) gapi = GroupApi( current_user=admin, session=dbsession, config=self.app_config, ) groups = [gapi.get_one_with_name('users')] test_user = uapi.create_user( email='*****@*****.**', password='******', name='bob', groups=groups, timezone='Europe/Paris', do_save=True, do_notify=False, ) uapi.save(test_user) uapi.disable(test_user) transaction.commit() headers_auth = { 'Tracim-Api-Key': 'mysuperapikey', 'Tracim-Api-Login': '******', } res = self.testapp.get('/api/v2/auth/whoami', status=401, headers=headers_auth) assert isinstance(res.json, dict) assert 'code' in res.json.keys() assert res.json_body['code'] is None
def test_api__try_whoami_enpoint__err_401__user_is_not_active(self): dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(models.User) \ .filter(models.User.email == '*****@*****.**') \ .one() uapi = UserApi( current_user=admin, session=dbsession, config=self.app_config, ) gapi = GroupApi( current_user=admin, session=dbsession, config=self.app_config, ) groups = [gapi.get_one_with_name('users')] test_user = uapi.create_user( email='*****@*****.**', password='******', name='bob', groups=groups, timezone='Europe/Paris', lang='en', do_save=True, do_notify=False, ) uapi.save(test_user) uapi.disable(test_user) transaction.commit() self.testapp.authorization = ('Basic', ('*****@*****.**', 'pass')) res = self.testapp.get('/api/v2/auth/whoami', status=401) assert isinstance(res.json, dict) assert 'code' in res.json.keys() # INFO - G.M - 2018-09-10 - Handled by marshmallow_schema assert res.json_body['code'] is None assert 'message' in res.json.keys() assert 'details' in res.json.keys()
def setUp(self) -> None: self._set_logger() logger.debug(self, 'Setup Test...') self.settings = plaster.get_settings(self.config_uri, self.config_section) self.config = testing.setUp(settings=self.settings) self.config.include('tracim_backend.models') DepotManager._clear() DepotManager.configure( 'test', {'depot.backend': 'depot.io.memory.MemoryFileStorage'}) settings = self.config.get_settings() self.app_config = CFG(settings) from tracim_backend.models import ( get_engine, get_session_factory, get_tm_session, ) self.engine = get_engine(settings) self.session_factory = get_session_factory(self.engine) self.init_database() self.session = get_tm_session(self.session_factory, transaction.manager)
def test_api__test_cookie_auth_token__ok__change_email_dont_break_cookie( self): # nopep8 """ Test if email change doesn't break cookie auth :return: """ dbsession = get_tm_session(self.session_factory, transaction.manager) admin = dbsession.query(models.User) \ .filter(models.User.email == '*****@*****.**') \ .one() with freeze_time("1999-12-31 23:59:58"): params = { 'email': '*****@*****.**', 'password': '******', } res = self.testapp.post_json( '/api/v2/auth/login', params=params, status=200, ) assert 'Set-Cookie' in res.headers assert 'session_key' in self.testapp.cookies user_session_key_1 = self.testapp.cookies['session_key'] # change own email with freeze_time("1999-12-31 23:59:59"): params = { 'email': '*****@*****.**', 'loggedin_user_password': '******', } self.testapp.put_json( '/api/v2/users/{}/email'.format(admin.user_id), params=params, status=200, ) assert 'Set-Cookie' in res.headers assert 'session_key' in self.testapp.cookies user_session_key_2 = self.testapp.cookies['session_key'] assert user_session_key_1 == user_session_key_2 # session_id should not be return before x time with freeze_time("2000-01-01 00:00:00"): res = self.testapp.get( '/api/v2/auth/whoami', status=200, ) assert 'Set-Cookie' not in res.headers assert 'session_key' in self.testapp.cookies user_session_key_3 = self.testapp.cookies['session_key'] assert user_session_key_3 == user_session_key_2 # after x time session_id should be renew with freeze_time("2000-01-01 00:02:01"): res = self.testapp.get( '/api/v2/auth/whoami', status=200, ) assert 'Set-Cookie' in res.headers assert 'session_key' in self.testapp.cookies user_session_key_4 = self.testapp.cookies['session_key'] assert user_session_key_4 != user_session_key_3 # after too much time, session_id should be revoked with freeze_time("2000-01-01 00:12:02"): res = self.testapp.get( '/api/v2/auth/whoami', params=params, status=401, ) assert 'Set-Cookie' in res.headers