def test_add_question(browser: DriverAPI, registry, web_server, dbsession):
"""Adding questions should be succesful."""
b = browser
if b.driver.capabilities["browserName"] != "firefox":
# Fails at click and JavaScript modals for Chrome
pytest.skip("This test works only under Firefox WebDriver")
create_logged_in_user(dbsession, registry, web_server, browser, admin=True)
b.visit(web_server)
b.find_by_css("#nav-admin").click()
b.find_by_css("#btn-panel-add-question").click()
b.fill("question_text", "What is love")
b.find_by_css("#deformField2-date").click()
# Pick any date
b.find_by_css(".picker__day--infocus")[0].click()
time.sleep(0.8) # Give some time for the browser, next click fails on CI
b.find_by_css("#deformField2-time").click()
b.find_by_css(".picker__list-item")[0].click()
time.sleep(0.5) # Give some time for the browser, next click fails on CI
b.find_by_name("add").click()
assert b.is_element_present_by_css("#msg-item-added")
def test_context_sensitive_shell(web_server, browser, dbsession, init):
"""See we can open a context sensitive shell in admin."""
if dbsession.bind.dialect.name == "sqlite":
pytest.skip("This fails with sqlite on Travis - a fact that doesn't make sense, but it does")
b = browser
create_logged_in_user(dbsession, init.config.registry, web_server, browser, admin=True)
b.find_by_css("#nav-admin").click()
b.find_by_css("#latest-user-shortcut").click()
b.find_by_css("#btn-crud-shell").click()
# Ramping up shell takes some extended time
time.sleep(5)
# We succesfully exposed obj
assert b.is_text_present("*****@*****.**")
# File menu
b.find_by_css(".dropdown a")[0].click()
# Shutdown and Back to the home
assert b.is_element_visible_by_css("#shutdown")
b.find_by_css("#shutdown").click()
# There should be alert "Do you really wish to leave notebook?"
time.sleep(0.5)
alert = b.driver.switch_to_alert()
alert.accept()
# Back to home screen
assert b.is_element_visible_by_css("#nav-logout")
def test_put_user_to_group(web_server, browser, dbsession, init):
"""Check that we can assign users to groups in admin interface."""
b = browser
from websauna.system.user.models import Group
create_logged_in_user(dbsession,
init.config.registry,
web_server,
browser,
admin=True)
# Create a group where we
with transaction.manager:
g = Group(name=GROUP_NAME)
dbsession.add(g)
dbsession.flush()
group_uuid = uuid_to_slug(g.uuid)
b.find_by_css("#nav-admin").click()
b.find_by_css("#btn-panel-list-user").click()
b.find_by_css(".crud-row-1 .btn-crud-listing-edit").click()
# Check the group checkbox. We could put some more specific classes for controls here.
b.find_by_css(
"input[type='checkbox'][value='{}']".format(group_uuid)).click()
b.find_by_name("save").click()
assert b.is_text_present("Changes saved")
# Now we are on Show page of the user, having the new group name visible
assert b.is_text_present(GROUP_NAME)
def test_add_user_with_group(browser, web_server, init, dbsession):
"""Add a user and directly assign a group."""
b = browser
create_logged_in_user(dbsession,
init.config.registry,
web_server,
browser,
admin=True)
b.find_by_css("#nav-admin").click()
b.find_by_css("#btn-panel-add-user").click()
# b.fill("username", "test2")
b.fill("email", "*****@*****.**")
b.fill("password", "secret")
b.fill("password-confirm", "secret")
# TODO: Make sure checkbox widget gets proper css classes
b.find_by_css("input[type='checkbox']")[0].click()
b.find_by_name("add").click()
assert b.is_element_present_by_css("#msg-item-added")
with transaction.manager:
u = dbsession.query(User).get(2)
assert len(u.groups) == 1
def test_add_question(browser: DriverAPI, registry, web_server, dbsession):
"""Adding questions should be succesful."""
b = browser
if b.driver.capabilities["browserName"] != "firefox":
# Fails at click and JavaScript modals for Chrome
pytest.skip("This test works only under Firefox WebDriver")
create_logged_in_user(dbsession, registry, web_server, browser, admin=True)
b.visit(web_server)
b.find_by_css("#nav-admin").click()
b.find_by_css("#btn-panel-add-question").click()
b.fill("question_text", "What is love")
b.find_by_css("#deformField2-date").click()
# Pick any date
b.find_by_css(".picker__day--infocus")[0].click()
time.sleep(0.8) # Give some time for the browser, next click fails on CI
b.find_by_css("#deformField2-time").click()
b.find_by_css(".picker__list-item")[0].click()
time.sleep(0.5) # Give some time for the browser, next click fails on CI
b.find_by_name("add").click()
assert b.is_element_present_by_css("#msg-item-added")
def test_add_choice_question(browser: DriverAPI, tutorial_req, web_server, dbsession):
from .tutorial import Question
from .tutorial import Choice
with transaction.manager:
q = Question(question_text="What is love")
dbsession.add(q)
dbsession.flush()
question_uuid = uuid_to_slug(q.uuid)
b = browser
create_logged_in_user(dbsession, tutorial_req.registry, web_server, browser, admin=True)
b.visit(web_server)
b.find_by_css("#nav-admin").click()
b.find_by_css("#btn-panel-add-choice").click()
b.fill("choice_text", "Baby don't hurt me")
b.select("question", question_uuid)
b.find_by_name("add").click()
assert b.is_element_present_by_css("#msg-item-added")
with transaction.manager:
assert dbsession.query(Choice).first().question is not None
def test_put_user_to_group(web_server, browser, dbsession, init):
"""Check that we can assign users to groups in admin interface."""
b = browser
from websauna.system.user.models import Group
create_logged_in_user(dbsession, init.config.registry, web_server, browser, admin=True)
# Create a group where we
with transaction.manager:
g = Group(name=GROUP_NAME)
dbsession.add(g)
dbsession.flush()
group_uuid = uuid_to_slug(g.uuid)
b.find_by_css("#nav-admin").click()
b.find_by_css("#btn-panel-list-user").click()
b.find_by_css(".crud-row-1 .btn-crud-listing-edit").click()
# Check the group checkbox. We could put some more specific classes for controls here.
b.find_by_css("input[type='checkbox'][value='{}']".format(group_uuid)).click()
b.find_by_name("save").click()
assert b.is_text_present("Changes saved")
# Now we are on Show page of the user, having the new group name visible
assert b.is_text_present(GROUP_NAME)
def test_add_user_existing_email(browser, web_server, init, dbsession):
"""Add a user but there already exists one with the same email."""
with transaction.manager:
create_user(dbsession, init.config.registry, email="*****@*****.**")
b = browser
create_logged_in_user(dbsession,
init.config.registry,
web_server,
browser,
admin=True)
b.find_by_css("#nav-admin").click()
b.find_by_css("#btn-panel-add-user").click()
# b.fill("username", "test2")
b.fill("email", "*****@*****.**")
b.fill("password", "secret")
b.fill("password-confirm", "secret")
b.find_by_name("add").click()
assert b.is_element_present_by_css(
"#error-deformField1") # Email address already taken
def test_add_question(browser: DriverAPI, tutorial_req, web_server, dbsession):
"""Adding questions should be succesful."""
b = browser
create_logged_in_user(dbsession,
tutorial_req.registry,
web_server,
browser,
admin=True)
b.visit(web_server)
b.find_by_css("#nav-admin").click()
b.find_by_css("#btn-panel-add-question").click()
b.fill("question_text", "What is love")
b.find_by_css("#deformField2-date").click()
# Pick any date
b.find_by_css(".picker__day--infocus")[0].click()
time.sleep(0.8) # Give some time for the browser, next click fails on CI
b.find_by_css("#deformField2-time").click()
b.find_by_css(".picker__list-item")[0].click()
time.sleep(0.5) # Give some time for the browser, next click fails on CI
b.find_by_name("add").click()
assert b.is_element_present_by_css("#msg-item-added")
def test_csv_export_users(dbsession, registry, browser, web_server):
"""Test CSV export functionality."""
b = browser
create_logged_in_user(dbsession, registry, web_server, browser, admin=True)
unicode_bomb = "toholammin kevätkylvöt"
with transaction.manager:
u = dbsession.query(User).first()
u.username = unicode_bomb
b.find_by_css("#nav-admin").click()
b.find_by_css("#btn-panel-list-user").click()
assert b.is_element_present_by_css(
"#btn-crud-csv-export"
) # This button would trigger the download of CSV that we normally cannot test with Selenium
# Copy session cookie over to request, so we can do an authenticated user request using requests lib
cookies = b.driver.get_cookies()
# Convert to plain dict
cookies = {c["name"]: c["value"] for c in cookies}
resp = requests.get("{}/admin/models/user/csv-export".format(web_server),
cookies=cookies)
assert resp.status_code == 200
assert resp.headers["Content-Type"] == "text/csv; charset=utf-8"
assert unicode_bomb in resp.text
def test_edit_choice_question(browser: DriverAPI, tutorial_req, web_server, dbsession):
"""Change choice's assigned question in edit."""
from .tutorial import Question
from .tutorial import Choice
with transaction.manager:
q = Question(question_text="What is love")
dbsession.add(q)
dbsession.flush()
q2 = Question(question_text="Who shot JFK")
dbsession.add(q2)
dbsession.flush()
q2_slug = uuid_to_slug(q2.uuid)
c = Choice(choice_text="Foobar", question=q)
dbsession.add(c)
dbsession.flush()
c_slug = uuid_to_slug(c.uuid)
b = browser
create_logged_in_user(dbsession, tutorial_req.registry, web_server, browser, admin=True)
b.visit("{}/admin/models/choice/{}/edit".format(web_server, c_slug))
b.select("question", q2_slug)
b.find_by_name("save").click()
assert b.is_element_present_by_css("#msg-changes-saved")
with transaction.manager:
c = dbsession.query(Choice).get(1)
assert c.question.uuid == slug_to_uuid(q2_slug)
def test_question_shows_choices(browser: DriverAPI, tutorial_req, web_server,
dbsession):
"""If question has active choices they are shown on Show screen, albeit not editable."""
from .tutorial import Question
from .tutorial import Choice
with transaction.manager:
q = Question(question_text="What is love")
dbsession.add(q)
dbsession.flush()
q_slug = uuid_to_slug(q.uuid)
c = Choice(choice_text="Baby don't hurt me", question=q)
dbsession.add(c)
dbsession.flush()
b = browser
create_logged_in_user(dbsession,
tutorial_req.registry,
web_server,
browser,
admin=True)
b.visit("{}/admin/models/question/{}/show".format(web_server, q_slug))
assert b.is_text_present("Baby don't hurt me")
def test_edit_choice_remove_question(browser: DriverAPI, tutorial_req, web_server, dbsession):
"""Editing choice allows us to reset question value back to null."""
from .tutorial import Question
from .tutorial import Choice
with transaction.manager:
q = Question(question_text="What is love")
dbsession.add(q)
dbsession.flush()
c = Choice(choice_text="Foobar", question=q)
dbsession.add(c)
dbsession.flush()
c_slug = uuid_to_slug(c.uuid)
b = browser
create_logged_in_user(dbsession, tutorial_req.registry, web_server, browser, admin=True)
b.visit("{}/admin/models/choice/{}/edit".format(web_server, c_slug))
b.select("question", "")
b.find_by_name("save").click()
assert b.is_element_present_by_css("#msg-changes-saved")
with transaction.manager:
c = dbsession.query(Choice).get(1)
assert c.question == None
def test_add_user(browser, web_server, init, dbsession):
"""See that we can add new users."""
b = browser
create_logged_in_user(dbsession,
init.config.registry,
web_server,
browser,
admin=True)
b.find_by_css("#nav-admin").click()
b.find_by_css("#btn-panel-add-user").click()
# b.fill("username", "test2")
b.fill("email", "*****@*****.**")
b.fill("password", "secret")
b.fill("password-confirm", "secret")
b.find_by_name("add").click()
# TODO: Convert to CSS based test
assert b.is_element_present_by_css("#msg-item-added")
logout(web_server, b)
b.visit(web_server + "/login")
b.fill("username", "*****@*****.**")
b.fill("password", "secret")
b.find_by_name("login_email").click()
assert b.is_element_present_by_css("#msg-you-are-logged-in")
def test_add_question(browser: DriverAPI, tutorial_req, web_server, dbsession):
"""Adding questions should be succesful."""
b = browser
create_logged_in_user(dbsession, tutorial_req.registry, web_server, browser, admin=True)
b.visit(web_server)
b.find_by_css("#nav-admin").click()
b.find_by_css("#btn-panel-add-question").click()
b.fill("question_text", "What is love")
b.find_by_css("#deformField2-date").click()
# Pick any date
b.find_by_css(".picker__day--infocus")[0].click()
time.sleep(0.5) # Give some time for the browser, next click fails on CI
b.find_by_css("#deformField2-time").click()
b.find_by_css(".picker__list-item")[0].click()
time.sleep(0.5) # Give some time for the browser, next click fails on CI
b.find_by_name("add").click()
assert b.is_element_present_by_css("#msg-item-added")
def test_remove_user_from_group(web_server, init, browser, dbsession):
"""Remove users from assigned groups in admin."""
b = browser
from websauna.system.user.models import Group
create_logged_in_user(dbsession, init.config.registry, web_server, browser, admin=True)
# Create a group where we
with transaction.manager:
g = Group(name=GROUP_NAME)
dbsession.add(g)
u = get_user(dbsession)
u.groups.append(g)
dbsession.flush()
group_uuid = uuid_to_slug(g.uuid)
b.find_by_css("#nav-admin").click()
b.find_by_css("#btn-panel-list-user").click()
b.find_by_css(".crud-row-1 .btn-crud-listing-edit").click()
# Check the group checkbox. We could put some more specific classes for controls here.
b.find_by_css("input[type='checkbox'][value='{}']".format(group_uuid)).click()
b.find_by_name("save").click()
assert b.is_text_present("Changes saved")
# After removing we should no longer see the removed group name on user show page
assert not b.is_text_present(GROUP_NAME)
def test_add_user(browser, web_server, init, dbsession):
"""See that we can add new users."""
b = browser
create_logged_in_user(dbsession, init.config.registry, web_server, browser, admin=True)
b.find_by_css("#nav-admin").click()
b.find_by_css("#btn-panel-add-user").click()
# b.fill("username", "test2")
b.fill("email", "*****@*****.**")
b.fill("password", "secret")
b.fill("password-confirm", "secret")
b.find_by_name("add").click()
# TODO: Convert to CSS based test
assert b.is_element_present_by_css("#msg-item-added")
logout(web_server, b)
b.visit(web_server + "/login")
b.fill("username", "*****@*****.**")
b.fill("password", "secret")
b.find_by_name("login_email").click()
assert b.is_element_present_by_css("#msg-you-are-logged-in")
def test_question_delete(browser: DriverAPI, tutorial_req, web_server, dbsession):
"""Delete question and make sure it deletes related choices.."""
from .tutorial import Question
from .tutorial import Choice
with transaction.manager:
q = Question(question_text="What is love")
dbsession.add(q)
dbsession.flush()
c = Choice(choice_text="Baby don't hurt me", question=q)
dbsession.add(c)
dbsession.flush()
q_slug = uuid_to_slug(q.uuid)
b = browser
create_logged_in_user(dbsession, tutorial_req.registry, web_server, browser, admin=True)
b.visit("{}/admin/models/question/{}".format(web_server, q_slug))
b.find_by_css("#btn-crud-delete").click()
b.find_by_css("#btn-delete-yes").click()
with transaction.manager:
assert dbsession.query(Question).count() == 0
assert dbsession.query(Choice).count() == 0
def test_remove_user_from_group(web_server, init, browser, dbsession):
"""Remove users from assigned groups in admin."""
b = browser
from websauna.system.user.models import Group
create_logged_in_user(dbsession,
init.config.registry,
web_server,
browser,
admin=True)
# Create a group where we
with transaction.manager:
g = Group(name=GROUP_NAME)
dbsession.add(g)
u = get_user(dbsession)
u.groups.append(g)
dbsession.flush()
group_uuid = uuid_to_slug(g.uuid)
b.find_by_css("#nav-admin").click()
b.find_by_css("#btn-panel-list-user").click()
b.find_by_css(".crud-row-1 .btn-crud-listing-edit").click()
# Check the group checkbox. We could put some more specific classes for controls here.
b.find_by_css(
"input[type='checkbox'][value='{}']".format(group_uuid)).click()
b.find_by_name("save").click()
assert b.is_text_present("Changes saved")
# After removing we should no longer see the removed group name on user show page
assert not b.is_text_present(GROUP_NAME)
def test_add_choice_question(browser: DriverAPI, registry, web_server,
dbsession):
from .tutorial import Question
from .tutorial import Choice
with transaction.manager:
q = Question(question_text="What is love")
dbsession.add(q)
dbsession.flush()
question_uuid = uuid_to_slug(q.uuid)
b = browser
create_logged_in_user(dbsession, registry, web_server, browser, admin=True)
b.visit(web_server)
b.find_by_css("#nav-admin").click()
b.find_by_css("#btn-panel-add-choice").click()
b.fill("choice_text", "Baby don't hurt me")
b.select("question", question_uuid)
b.find_by_name("add").click()
assert b.is_element_present_by_css("#msg-item-added")
with transaction.manager:
assert dbsession.query(Choice).first().question is not None
def test_question_delete(browser: DriverAPI, registry, web_server, dbsession):
"""Delete question and make sure it deletes related choices.."""
from .tutorial import Question
from .tutorial import Choice
with transaction.manager:
q = Question(question_text="What is love")
dbsession.add(q)
dbsession.flush()
c = Choice(choice_text="Baby don't hurt me", question=q)
dbsession.add(c)
dbsession.flush()
q_slug = uuid_to_slug(q.uuid)
b = browser
create_logged_in_user(dbsession, registry, web_server, browser, admin=True)
b.visit("{}/admin/models/question/{}".format(web_server, q_slug))
b.find_by_css("#btn-crud-delete").click()
b.find_by_css("#btn-delete-yes").click()
with transaction.manager:
assert dbsession.query(Question).count() == 0
assert dbsession.query(Choice).count() == 0
def test_edit_choice_remove_question(browser: DriverAPI, registry, web_server,
dbsession):
"""Editing choice allows us to reset question value back to null."""
from .tutorial import Question
from .tutorial import Choice
with transaction.manager:
q = Question(question_text="What is love")
dbsession.add(q)
dbsession.flush()
c = Choice(choice_text="Foobar", question=q)
dbsession.add(c)
dbsession.flush()
c_slug = uuid_to_slug(c.uuid)
b = browser
create_logged_in_user(dbsession, registry, web_server, browser, admin=True)
b.visit("{}/admin/models/choice/{}/edit".format(web_server, c_slug))
b.select("question", "")
b.find_by_name("save").click()
assert b.is_element_present_by_css("#msg-changes-saved")
with transaction.manager:
c = dbsession.query(Choice).get(1)
assert c.question is None
def test_delete_user_confirm(browser, web_server, init, dbsession):
"""Delete a user."""
b = browser
create_logged_in_user(dbsession,
init.config.registry,
web_server,
browser,
admin=True)
# Create another user who we are going to delete
with transaction.manager:
create_user(dbsession,
init.config.registry,
email="*****@*****.**")
b.find_by_css("#nav-admin").click()
b.find_by_css("#latest-user-shortcut").click()
b.find_by_css("#btn-crud-delete").click()
b.find_by_css("#btn-delete-yes").click()
assert b.is_element_present_by_css("#msg-item-deleted")
with transaction.manager:
assert dbsession.query(User).count() == 1
def test_edit_choice_question(browser: DriverAPI, registry, web_server,
dbsession):
"""Change choice's assigned question in edit."""
from .tutorial import Question
from .tutorial import Choice
with transaction.manager:
q = Question(question_text="What is love")
dbsession.add(q)
dbsession.flush()
q2 = Question(question_text="Who shot JFK")
dbsession.add(q2)
dbsession.flush()
q2_slug = uuid_to_slug(q2.uuid)
c = Choice(choice_text="Foobar", question=q)
dbsession.add(c)
dbsession.flush()
c_slug = uuid_to_slug(c.uuid)
b = browser
create_logged_in_user(dbsession, registry, web_server, browser, admin=True)
b.visit("{}/admin/models/choice/{}/edit".format(web_server, c_slug))
b.select("question", q2_slug)
b.find_by_name("save").click()
assert b.is_element_present_by_css("#msg-changes-saved")
with transaction.manager:
c = dbsession.query(Choice).get(1)
assert c.question.uuid == slug_to_uuid(q2_slug)
def test_set_email(browser, victim_browser, web_server, init, dbsession):
"""Setting email resets user session and user can log in again."""
b = browser
b2 = victim_browser
create_logged_in_user(dbsession, init.config.registry, web_server, browser, admin=True)
create_logged_in_user(dbsession, init.config.registry, web_server, b2, email="*****@*****.**", password="******")
b.find_by_css("#nav-admin").click()
b.find_by_css("#latest-user-shortcut").click()
b.find_by_css("#btn-crud-edit").click()
b.fill("email", "*****@*****.**")
b.find_by_name("save").click()
assert b.is_element_present_by_css("#msg-changes-saved")
# Victim browser should have now logged out
b2.visit(web_server)
assert b2.is_element_present_by_css("#msg-session-invalidated")
assert b2.is_element_present_by_css("#nav-sign-in")
# See that we can log in with the new password
b2.visit(web_server + "/login")
b2.fill("username", "*****@*****.**")
b2.fill("password", "secret")
b2.find_by_name("login_email").click()
assert b2.is_element_present_by_css("#msg-you-are-logged-in")
def test_delete_user_cancel(browser, web_server, init, dbsession):
"""Delete a user, but back off on the confirmation screen."""
b = browser
create_logged_in_user(dbsession,
init.config.registry,
web_server,
browser,
admin=True)
# Create another user who we are going to delete
with transaction.manager:
create_user(dbsession,
init.config.registry,
email="*****@*****.**")
b.find_by_css("#nav-admin").click()
b.find_by_css("#latest-user-shortcut").click()
b.find_by_css("#btn-crud-delete").click()
b.find_by_css("#btn-delete-no").click()
# Back to the show page
assert b.is_element_present_by_css("#crud-show")
with transaction.manager:
assert dbsession.query(User).count() == 2
def test_set_email(browser, victim_browser, web_server, init, dbsession):
"""Setting email resets user session and user can log in again."""
b = browser
b2 = victim_browser
create_logged_in_user(dbsession, init.config.registry, web_server, browser, admin=True)
create_logged_in_user(dbsession, init.config.registry, web_server, b2, email="*****@*****.**", password="******")
b.find_by_css("#nav-admin").click()
b.find_by_css("#latest-user-shortcut").click()
b.find_by_css("#btn-crud-edit").click()
b.fill("email", "*****@*****.**")
b.find_by_name("save").click()
assert b.is_element_present_by_css("#msg-changes-saved")
# Victim browser should have now logged out
b2.visit(web_server)
assert b2.is_element_present_by_css("#msg-session-invalidated")
assert b2.is_element_present_by_css("#nav-sign-in")
# See that we can log in with the new password
b2.visit(web_server + "/login")
b2.fill("username", "*****@*****.**")
b2.fill("password", "secret")
b2.find_by_name("login_email").click()
assert b2.is_element_present_by_css("#msg-you-are-logged-in")
def test_set_enabled(browser: DriverAPI, victim_browser, web_server, init,
dbsession):
"""Setting enabled resets user session. User can log after the account has been re-enabled."""
b = browser
b2 = victim_browser
create_logged_in_user(dbsession,
init.config.registry,
web_server,
browser,
admin=True)
create_logged_in_user(dbsession,
init.config.registry,
web_server,
b2,
email="*****@*****.**",
password="******")
b.find_by_css("#nav-admin").click()
b.find_by_css("#latest-user-shortcut").click()
b.find_by_css("#btn-crud-edit").click()
b.find_by_name("enabled").click() # Turns off
b.find_by_name("save").click()
assert b.is_element_present_by_css("#msg-changes-saved")
# Victim browser should have now logged out
b2.visit(web_server)
# We do not get session invalidated message this time, because request.user does not resolve for disabled user at all and middleware cannot distinct between anonymous and disabled user
# assert b2.is_element_present_by_css("#msg-session-invalidated")
assert b2.is_element_present_by_css("#nav-sign-in")
# See that we cannot login on disabled user
b2.visit(web_server + "/login")
b2.fill("username", "*****@*****.**")
b2.fill("password", "secret")
b2.find_by_name("login_email").click()
assert b2.is_element_present_by_css("#msg-authentication-failure")
# Re-enable the use
b.find_by_css("#btn-crud-edit").click()
b.find_by_name("enabled").click() # Turns on
b.find_by_name("save").click()
assert b.is_element_present_by_css("#msg-changes-saved")
# User can log in again
# We get this message in wrong phase, but it's not really big deal as manual user deactivation should not be that common
b2.visit(web_server)
assert b2.is_element_present_by_css("#msg-session-invalidated")
b2.visit(web_server + "/login")
b2.fill("username", "*****@*****.**")
b2.fill("password", "secret")
b2.find_by_name("login_email").click()
assert b2.is_element_present_by_css("#msg-you-are-logged-in")
def test_add_choice_no_question(browser: DriverAPI, registry, web_server, dbsession):
"""Add one choice, no questions available."""
b = browser
create_logged_in_user(dbsession, registry, web_server, browser, admin=True)
b.visit(web_server)
b.find_by_css("#nav-admin").click()
b.find_by_css("#btn-panel-add-choice").click()
b.fill("choice_text", "Baby don't hurt me")
b.find_by_name("add").click()
assert b.is_element_present_by_css("#msg-item-added")
def test_add_choice_no_question(browser: DriverAPI, tutorial_req, web_server, dbsession):
"""Add one choice, no questions available."""
b = browser
create_logged_in_user(dbsession, tutorial_req.registry, web_server, browser, admin=True)
b.visit(web_server)
b.find_by_css("#nav-admin").click()
b.find_by_css("#btn-panel-add-choice").click()
b.fill("choice_text", "Baby don't hurt me")
b.find_by_name("add").click()
assert b.is_element_present_by_css("#msg-item-added")
def test_question_listing(browser: DriverAPI, tutorial_req, web_server, dbsession):
"""Question listing shows question text."""
from .tutorial import Question
with transaction.manager:
q = Question(question_text="What is love")
dbsession.add(q)
dbsession.flush()
b = browser
create_logged_in_user(dbsession, tutorial_req.registry, web_server, browser, admin=True)
b.visit("{}/admin/models/question/listing".format(web_server))
assert b.is_text_present("What is love")
def test_question_listing(browser: DriverAPI, registry, web_server, dbsession):
"""Question listing shows question text."""
from .tutorial import Question
with transaction.manager:
q = Question(question_text="What is love")
dbsession.add(q)
dbsession.flush()
b = browser
create_logged_in_user(dbsession, registry, web_server, browser, admin=True)
b.visit("{}/admin/models/question/listing".format(web_server))
assert b.is_text_present("What is love")
def test_set_enabled(browser:DriverAPI, victim_browser, web_server, init, dbsession):
"""Setting enabled resets user session. User can log after the account has been re-enabled."""
b = browser
b2 = victim_browser
create_logged_in_user(dbsession, init.config.registry, web_server, browser, admin=True)
create_logged_in_user(dbsession, init.config.registry, web_server, b2, email="*****@*****.**", password="******")
b.find_by_css("#nav-admin").click()
b.find_by_css("#latest-user-shortcut").click()
b.find_by_css("#btn-crud-edit").click()
b.find_by_name("enabled").click() # Turns off
b.find_by_name("save").click()
assert b.is_element_present_by_css("#msg-changes-saved")
# Victim browser should have now logged out
b2.visit(web_server)
# We do not get session invalidated message this time, because request.user does not resolve for disabled user at all and middleware cannot distinct between anonymous and disabled user
# assert b2.is_element_present_by_css("#msg-session-invalidated")
assert b2.is_element_present_by_css("#nav-sign-in")
# See that we cannot login on disabled user
b2.visit(web_server + "/login")
b2.fill("username", "*****@*****.**")
b2.fill("password", "secret")
b2.find_by_name("login_email").click()
assert b2.is_element_present_by_css("#msg-authentication-failure")
# Re-enable the use
b.find_by_css("#btn-crud-edit").click()
b.find_by_name("enabled").click() # Turns on
b.find_by_name("save").click()
assert b.is_element_present_by_css("#msg-changes-saved")
# User can log in again
# We get this message in wrong phase, but it's not really big deal as manual user deactivation should not be that common
b2.visit(web_server)
assert b2.is_element_present_by_css("#msg-session-invalidated")
b2.visit(web_server + "/login")
b2.fill("username", "*****@*****.**")
b2.fill("password", "secret")
b2.find_by_name("login_email").click()
assert b2.is_element_present_by_css("#msg-you-are-logged-in")
def test_user_group_choices_preserved_on_validation_error(
web_server, init, browser, dbsession):
"""When user edit form validation fails, we should preserve the existing group choices.
This stresses out hacky implementation of websauna.system.form.colander and deserialization.
"""
b = browser
from websauna.system.user.models import Group
create_logged_in_user(dbsession,
init.config.registry,
web_server,
browser,
admin=True)
# Create a group where we
with transaction.manager:
g = Group(name=GROUP_NAME)
dbsession.add(g)
u = get_user(dbsession)
u.groups.append(g)
dbsession.flush()
group_uuid = uuid_to_slug(g.uuid)
b.find_by_css("#nav-admin").click()
b.find_by_css("#btn-panel-list-user").click()
b.find_by_css(".crud-row-1 .btn-crud-listing-edit").click()
# We are in group 2 initially, assert checkbox is checked
assert b.find_by_css(
"input[type='checkbox'][value='{}'][checked='True']".format(
group_uuid))
# Do validation error by leaving username empty
b.fill("username", "")
b.find_by_name("save").click()
assert b.is_text_present("There was a problem")
# Both group checkboxes should be still selected
with transaction.manager:
for g in dbsession.query(Group).all():
assert b.find_by_css(
"input[type='checkbox'][value='{}'][checked='True']".format(
uuid_to_slug(g.uuid)))
def test_set_password(browser, victim_browser, web_server, init, dbsession):
"""See that we can reset the user password.
1. Have admin user, normal user
2. See that when the admin resets the user password all the user sessions are dropped (security feature)
"""
b = browser
b2 = victim_browser
create_logged_in_user(dbsession,
init.config.registry,
web_server,
browser,
admin=True)
create_logged_in_user(dbsession,
init.config.registry,
web_server,
b2,
email="*****@*****.**",
password="******")
b.find_by_css("#nav-admin").click()
b.find_by_css("#latest-user-shortcut").click()
b.find_by_css("#btn-crud-set-password").click()
b.fill("password", "new-secret")
b.fill("password-confirm", "new-secret")
b.find_by_name("save").click()
assert b.is_element_present_by_css("#msg-password-changed")
# Victim browser should have now logged out
b2.visit(web_server)
assert b2.is_element_present_by_css("#msg-session-invalidated")
assert b2.is_element_present_by_css("#nav-sign-in")
# See that we can log in with the new password
b2.visit(web_server + "/login")
b2.fill("username", "*****@*****.**")
b2.fill("password", "new-secret")
b2.find_by_name("login_email").click()
assert b2.is_element_present_by_css("#msg-you-are-logged-in")
def test_view_user_details(browser, web_server, init, dbsession):
"""See that we can view the details of the user in a browser."""
b = browser
create_logged_in_user(dbsession, init.config.registry, web_server, browser, admin=True)
b.find_by_css("#nav-admin").click()
b.find_by_css("#latest-user-shortcut").click()
# TODO: Use CSS selector
assert b.is_text_present("*****@*****.**")
with transaction.manager:
# Check that we show the user uuid slug on the page correctly
u = dbsession.query(User).first()
assert b.is_text_present(uuid_to_slug(u.uuid))
def test_view_user_details(browser, web_server, init, dbsession):
"""See that we can view the details of the user in a browser."""
b = browser
create_logged_in_user(dbsession, init.config.registry, web_server, browser, admin=True)
b.find_by_css("#nav-admin").click()
b.find_by_css("#latest-user-shortcut").click()
# TODO: Use CSS selector
assert b.is_text_present("*****@*****.**")
with transaction.manager:
# Check that we show the user uuid slug on the page correctly
u = dbsession.query(User).first()
assert b.is_text_present(uuid_to_slug(u.uuid))
def test_pagination(web_server, browser, dbsession, init):
with transaction.manager:
create_logged_in_user(dbsession,
init.config.registry,
web_server,
browser,
admin=True)
for index in range(1, 101):
u = create_user(dbsession,
init.config.registry,
email="example{}@example.com".format(index))
dbsession.add(u)
# quick check total users
assert dbsession.query(User).count() == 101
b = browser
b.visit(web_server + "/admin/models/user/listing")
# pagination should show correct number of total
assert b.is_text_present("Total 101 items")
assert b.is_text_present("Page #1 (1-20 of 101)")
# page should show 20 rows (default size)
assert len(b.find_by_css("tr.crud-row")) == 20
# first email should be last created
assert b.find_by_css(
"td.crud-column-email").first.text == "*****@*****.**"
# pager should show 2 buttons, first 2 are disabled
assert len(b.find_by_css(".pager li")) == 4
assert len(b.find_by_css(".pager li.disabled")) == 2
# click to next and repeat the above tests
b.find_by_css(".pager li")[2].click()
assert b.is_text_present("Total 101 items")
assert b.is_text_present("Page #2 (21-40 of 101)")
assert len(b.find_by_css("tr.crud-row")) == 20
assert b.find_by_css(
"td.crud-column-email").first.text == "*****@*****.**"
assert len(b.find_by_css(".pager li")) == 4
assert len(b.find_by_css(".pager li.disabled")) == 0
def test_add_user_password_mismatch(browser, web_server, init, dbsession):
"""Make sure new user is not created on password mismatch."""
b = browser
create_logged_in_user(dbsession, init.config.registry, web_server, browser, admin=True)
b.find_by_css("#nav-admin").click()
b.find_by_css("#btn-panel-add-user").click()
# b.fill("username", "test2")
b.fill("email", "*****@*****.**")
b.fill("password", "secret")
b.fill("password-confirm", "faied")
b.find_by_name("add").click()
# TODO: Convert to CSS based test
assert b.is_text_present("Password did not match confirm")
def test_delete_user_confirm(browser, web_server, init, dbsession):
"""Delete a user."""
b = browser
create_logged_in_user(dbsession, init.config.registry, web_server, browser, admin=True)
# Create another user who we are going to delete
with transaction.manager:
create_user(dbsession, init.config.registry, email="*****@*****.**")
b.find_by_css("#nav-admin").click()
b.find_by_css("#latest-user-shortcut").click()
b.find_by_css("#btn-crud-delete").click()
b.find_by_css("#btn-delete-yes").click()
assert b.is_element_present_by_css("#msg-item-deleted")
with transaction.manager:
assert dbsession.query(User).count() == 1
def test_add_user_password_mismatch(browser, web_server, init, dbsession):
"""Make sure new user is not created on password mismatch."""
b = browser
create_logged_in_user(dbsession, init.config.registry, web_server, browser, admin=True)
b.find_by_css("#nav-admin").click()
b.find_by_css("#btn-panel-add-user").click()
# b.fill("username", "test2")
b.fill("email", "*****@*****.**")
b.fill("password", "secret")
b.fill("password-confirm", "faied")
b.find_by_name("add").click()
# TODO: Convert to CSS based test
assert b.is_text_present("Password did not match confirm")
def test_context_sensitive_shell(web_server, browser, dbsession, init):
"""See we can open a context sensitive shell in admin."""
b = browser
create_logged_in_user(dbsession, init.config.registry, web_server, browser, admin=True)
b.find_by_css("#nav-admin").click()
b.find_by_css("#latest-user-shortcut").click()
b.find_by_css("#btn-crud-shell").click()
# Ramping up shell takes some extended time
time.sleep(5)
# We succesfully exposed obj
assert b.is_text_present("*****@*****.**")
b.find_by_css("#pyramid_notebook_shutdown").click()
# Back to home screen
assert b.is_element_visible_by_css("#nav-logout")
def test_add_group(web_server, browser, dbsession, init):
"""Create a new group through admin interface."""
b = browser
create_logged_in_user(dbsession, init.config.registry, web_server, browser, admin=True)
b.find_by_css("#nav-admin").click()
b.find_by_css("#btn-panel-add-group").click()
b.fill("name", GROUP_NAME)
b.fill("description", "Foobar")
b.find_by_name("add").click()
assert b.is_text_present("Item added")
# Check we appear in the list
b.visit("{}/admin/models/group/listing".format(web_server))
# The description appears in the listing
assert b.is_text_present("Foobar")
def test_context_sensitive_shell(web_server, browser, dbsession, init):
"""See we can open a context sensitive shell in admin."""
b = browser
create_logged_in_user(dbsession, init.config.registry, web_server, browser, admin=True)
b.find_by_css("#nav-admin").click()
b.find_by_css("#latest-user-shortcut").click()
b.find_by_css("#btn-crud-shell").click()
# Ramping up shell takes some extended time
time.sleep(5)
# We succesfully exposed obj
assert b.is_text_present("*****@*****.**")
b.find_by_css("#pyramid_notebook_shutdown").click()
# Back to home screen
assert b.is_element_visible_by_css("#nav-logout")
def test_add_group(web_server, browser, dbsession, init):
"""Create a new group through admin interface."""
b = browser
create_logged_in_user(dbsession, init.config.registry, web_server, browser, admin=True)
b.find_by_css("#nav-admin").click()
b.find_by_css("#btn-panel-add-group").click()
b.fill("name", GROUP_NAME)
b.fill("description", "Foobar")
b.find_by_name("add").click()
assert b.is_text_present("Item added")
# Check we appear in the list
b.visit("{}/admin/models/group/listing".format(web_server))
# The description appears in the listing
assert b.is_text_present("Foobar")
def test_question_shows_choices(browser: DriverAPI, tutorial_req, web_server, dbsession):
"""If question has active choices they are shown on Show screen, albeit not editable."""
from .tutorial import Question
from .tutorial import Choice
with transaction.manager:
q = Question(question_text="What is love")
dbsession.add(q)
dbsession.flush()
q_slug = uuid_to_slug(q.uuid)
c = Choice(choice_text="Baby don't hurt me", question=q)
dbsession.add(c)
dbsession.flush()
b = browser
create_logged_in_user(dbsession, tutorial_req.registry, web_server, browser, admin=True)
b.visit("{}/admin/models/question/{}/show".format(web_server, q_slug))
assert b.is_text_present("Baby don't hurt me")
def test_delete_user_cancel(browser, web_server, init, dbsession):
"""Delete a user, but back off on the confirmation screen."""
b = browser
create_logged_in_user(dbsession, init.config.registry, web_server, browser, admin=True)
# Create another user who we are going to delete
with transaction.manager:
create_user(dbsession, init.config.registry, email="*****@*****.**")
b.find_by_css("#nav-admin").click()
b.find_by_css("#latest-user-shortcut").click()
b.find_by_css("#btn-crud-delete").click()
b.find_by_css("#btn-delete-no").click()
# Back to the show page
assert b.is_element_present_by_css("#crud-show")
with transaction.manager:
assert dbsession.query(User).count() == 2
def test_add_user_existing_email(browser, web_server, init, dbsession):
"""Add a user but there already exists one with the same email."""
with transaction.manager:
create_user(dbsession, init.config.registry, email="*****@*****.**")
b = browser
create_logged_in_user(dbsession, init.config.registry, web_server, browser, admin=True)
b.find_by_css("#nav-admin").click()
b.find_by_css("#btn-panel-add-user").click()
# b.fill("username", "test2")
b.fill("email", "*****@*****.**")
b.fill("password", "secret")
b.fill("password-confirm", "secret")
b.find_by_name("add").click()
assert b.is_element_present_by_css("#error-deformField1") # Email address already taken
def test_context_sensitive_shell(web_server, browser, dbsession, init):
"""See we can open a context sensitive shell in admin."""
if dbsession.bind.dialect.name == "sqlite":
pytest.skip(
"This fails with sqlite on Travis - a fact that doesn't make sense, but it does"
)
b = browser
create_logged_in_user(dbsession,
init.config.registry,
web_server,
browser,
admin=True)
b.find_by_css("#nav-admin").click()
b.find_by_css("#latest-user-shortcut").click()
b.find_by_css("#btn-crud-shell").click()
# Ramping up shell takes some extended time
time.sleep(5)
# We succesfully exposed obj
assert b.is_text_present("*****@*****.**")
# File menu
b.find_by_css(".dropdown a")[0].click()
# Shutdown and Back to the home
assert b.is_element_visible_by_css("#shutdown")
b.find_by_css("#shutdown").click()
# There should be alert "Do you really wish to leave notebook?"
time.sleep(0.5)
alert = b.driver.switch_to_alert()
alert.accept()
# Back to home screen
assert b.is_element_visible_by_css("#nav-logout")
def test_user_group_choices_preserved_on_validation_error(web_server, init, browser, dbsession):
"""When user edit form validation fails, we should preserve the existing group choices.
This stresses out hacky implementation of websauna.system.form.colander and deserialization.
"""
b = browser
from websauna.system.user.models import Group
create_logged_in_user(dbsession, init.config.registry, web_server, browser, admin=True)
# Create a group where we
with transaction.manager:
g = Group(name=GROUP_NAME)
dbsession.add(g)
u = get_user(dbsession)
u.groups.append(g)
dbsession.flush()
group_uuid = uuid_to_slug(g.uuid)
b.find_by_css("#nav-admin").click()
b.find_by_css("#btn-panel-list-user").click()
b.find_by_css(".crud-row-1 .btn-crud-listing-edit").click()
# We are in group 2 initially, assert checkbox is checked
assert b.find_by_css("input[type='checkbox'][value='{}'][checked='True']".format(group_uuid))
# Do validation error by leaving username empty
b.fill("username", "")
b.find_by_name("save").click()
assert b.is_text_present("There was a problem")
# Both group checkboxes should be still selected
with transaction.manager:
for g in dbsession.query(Group).all():
assert b.find_by_css("input[type='checkbox'][value='{}'][checked='True']".format(uuid_to_slug(g.uuid)))
def test_set_password(browser, victim_browser, web_server, init, dbsession):
"""See that we can reset the user password.
1. Have admin user, normal user
2. See that when the admin resets the user password all the user sessions are dropped (security feature)
"""
b = browser
b2 = victim_browser
create_logged_in_user(dbsession, init.config.registry, web_server, browser, admin=True)
create_logged_in_user(dbsession, init.config.registry, web_server, b2, email="*****@*****.**", password="******")
b.find_by_css("#nav-admin").click()
b.find_by_css("#latest-user-shortcut").click()
b.find_by_css("#btn-crud-set-password").click()
b.fill("password", "new-secret")
b.fill("password-confirm", "new-secret")
b.find_by_name("save").click()
assert b.is_element_present_by_css("#msg-password-changed")
# Victim browser should have now logged out
b2.visit(web_server)
assert b2.is_element_present_by_css("#msg-session-invalidated")
assert b2.is_element_present_by_css("#nav-sign-in")
# See that we can log in with the new password
b2.visit(web_server + "/login")
b2.fill("username", "*****@*****.**")
b2.fill("password", "new-secret")
b2.find_by_name("login_email").click()
assert b2.is_element_present_by_css("#msg-you-are-logged-in")
def test_add_user_with_group(browser, web_server, init, dbsession):
"""Add a user and directly assign a group."""
b = browser
create_logged_in_user(dbsession, init.config.registry, web_server, browser, admin=True)
b.find_by_css("#nav-admin").click()
b.find_by_css("#btn-panel-add-user").click()
# b.fill("username", "test2")
b.fill("email", "*****@*****.**")
b.fill("password", "secret")
b.fill("password-confirm", "secret")
# TODO: Make sure checkbox widget gets proper css classes
b.find_by_css("input[type='checkbox']")[0].click()
b.find_by_name("add").click()
assert b.is_element_present_by_css("#msg-item-added")
with transaction.manager:
u = dbsession.query(User).get(2)
assert len(u.groups) == 1
