def DISABLED__test_cascading_delete(self):
from webidentity.models import Persona
from webidentity.models import User
from webidentity.models import UserAttribute
from webidentity.models import VisitedSite
user = User(u'john.doe', u'secret', u'*****@*****.**')
user.personas.append(
Persona(u'Test persönä', attributes=[
UserAttribute(type_uri, value)
for type_uri, value
in DUMMY_USER_ATTRIBUTES.iteritems()]))
user.personas.append(
Persona(u'Reversed persönä', attributes=[
UserAttribute(type_uri, ''.join(reversed(value)))
for type_uri, value
in DUMMY_USER_ATTRIBUTES.iteritems()]))
site1 = VisitedSite('http://www.rp.com', remember=False)
site2 = VisitedSite('http://www.plone.org', remember=True)
site2.persona = user.personas[0]
user.visited_sites.append(site1)
user.visited_sites.append(site2)
session = DBSession()
session.add(user)
session.flush()
self.assertEquals(2, len(session.query(User).get(1).personas))
self.assertEquals(2, len(session.query(User).get(1).visited_sites))
self.assertEquals(6, len(session.query(User).get(1).personas[0].attributes))
session.query(User).filter_by(username=u'john.doe').delete()
session.flush()
self.assertEquals(0, session.query(User).count())
self.assertEquals(0, session.query(Persona).count())
self.assertEquals(0, session.query(UserAttribute).count())
self.assertEquals(0, session.query(VisitedSite).count())
def test_visited_sites__not_empty(self):
from webidentity.views.user import visited_sites
self.config.testing_securitypolicy(userid=u"dokai")
session = DBSession()
user = User("dokai", "secret", "*****@*****.**")
user.personas.append(
Persona(
u"Test persönä",
attributes=[UserAttribute(type_uri, value) for type_uri, value in DUMMY_USER_ATTRIBUTES.iteritems()],
)
)
site1 = VisitedSite("http://www.rp.com", remember=False)
site2 = VisitedSite("http://www.plone.org", remember=True)
site2.persona = user.personas[0]
user.visited_sites.append(site1)
user.visited_sites.append(site2)
user.activity.append(
Activity(
ipaddr="1.2.3.4",
session="session1",
action=Activity.AUTHORIZE_ONCE,
url="http://www.rp.com",
timestamp=datetime(2010, 1, 15, 12, 0),
)
)
user.activity.append(
Activity(
ipaddr="2.3.4.5",
session="session2",
action=Activity.AUTHORIZE_ONCE,
url="http://www.plone.org",
timestamp=datetime(2010, 3, 24, 15, 23),
)
)
user.activity.append(
Activity(
ipaddr="2.3.4.5",
session="session3",
action=Activity.AUTHORIZE,
url="http://www.plone.org",
timestamp=datetime(2010, 11, 15, 17, 9),
)
)
session.add(user)
request = testing.DummyRequest()
self.assertEquals(
visited_sites(request),
{
"action_url": "form_action",
"sites": [
{
"url": u"http://www.plone.org",
"timestamp": "15.11.2010 17:09",
"persona": {"id": 1, "edit_url": "http://fo.bar/", "name": u"Test persönä"},
"id": 2,
"remember": "checked",
},
{
"url": u"http://www.rp.com",
"timestamp": "15.01.2010 12:00",
"persona": None,
"id": 1,
"remember": None,
},
],
},
)
def confirm(request):
"""Confirmation for an OpenID authentication request."""
user = authenticated_user(request)
if user is not None and 'form.submitted' in request.params:
if request.POST.get('csrf_token') != request.session.get_csrf_token():
raise Forbidden
session = DBSession()
result = session.query(CheckIdRequest)\
.filter_by(key=request.environ.get('repoze.browserid', ''))\
.first()
if result is not None:
openid_request = result.request
session.delete(result)
else:
# TODO: Return an error message
return HTTPBadRequest('Invalid confirmation request')
if 'accept' in request.params:
ax_attributes = get_ax_attributes(request)
visit = session.query(VisitedSite)\
.join(User)\
.filter(User.id == user.id)\
.filter(VisitedSite.trust_root == openid_request.trust_root)\
.first()
if visit is None:
# This is the first time the user is visiting this RP
visit = VisitedSite(openid_request.trust_root)
user.visited_sites.append(visit)
visit.remember = 'remember' in request.params
try:
persona_id = int(request.params.get('persona'))
# Make sure that the referenced persona actually belongs to the user
persona = session.query(Persona)\
.join(User)\
.filter(User.id == user.id)\
.filter(Persona.id == persona_id)\
.first()
if persona is not None:
visit.persona = persona
except (TypeError, ValueError):
pass
session.add(visit)
identity = identity_url(request, user.username)
openid_response = openid_request.answer(True, identity=identity)
add_ax_response(openid_request, openid_response, ax_attributes)
add_sreg_response(openid_request, openid_response, ax_attributes)
if visit.remember:
log_activity(request, Activity.AUTHORIZE, openid_request.trust_root)
else:
log_activity(request, Activity.AUTHORIZE_ONCE, openid_request.trust_root)
else:
log_activity(request, Activity.DENY, openid_request.trust_root)
openid_response = openid_request.answer(False)
store = AlchemyStore(session)
openid_server = server.Server(store, route_url('openid_endpoint', request))
response = webob_response(openid_server.encodeResponse(openid_response), request)
response.headerlist.extend(forget(request))
return response
return HTTPBadRequest('Invalid confirmation request')
