def verify_mobile(request, user, new_mobile): log.info('Trying to verify mobile number for user {!r}.'.format(user)) log.debug('Mobile number: {!s}.'.format(new_mobile)) # Start by removing mobile number from any other user old_user_docs = request.db.profiles.find({ 'mobile': {'$elemMatch': {'mobile': new_mobile, 'verified': True}} }) steal_count = 0 for old_user_doc in old_user_docs: old_user = User(old_user_doc) if old_user: log.debug('Found old user {!r} with mobile number ({!s}) already verified.'.format(old_user, new_mobile)) log.debug('Old user mobile numbers BEFORE: {!r}.'.format(old_user.get_mobiles())) mobiles = [m for m in old_user.get_mobiles() if m['mobile'] != new_mobile] old_user.set_mobiles(mobiles) log.debug('Old user mobile numbers AFTER: {!r}.'.format(old_user.get_mobiles())) old_user.retrieve_modified_ts(request.db.profiles) old_user.save(request) log.info('Removed mobile number from user {!r}.'.format(old_user)) steal_count += 1 # Add the verified mobile number to the requesting user user.add_verified_mobile(new_mobile) log.info('Mobile number verified for user {!r}.'.format(user)) request.stats.count('dashboard/verify_mobile_stolen', steal_count) request.stats.count('dashboard/verify_mobile_completed', 1) return user, _('Mobile {obj} verified')
def add_success_other(self, ninform): newnin = self.schema.serialize(ninform) newnin = newnin['norEduPersonNIN'] newnin = normalize_nin(newnin) old_user = self.request.db.profiles.find_one({ 'norEduPersonNIN': newnin }) if old_user: old_user = User(old_user) nins = [nin for nin in old_user.get_nins() if nin != newnin] old_user.set_nins(nins) addresses = [a for a in old_user.get_addresses() if not a['verified']] old_user.set_addresses(addresses) old_user.save(self.request) nins = self.user.get_nins() nins.append(newnin) self.user.set_nins(nins) # Save the state in the verifications collection save_as_verificated(self.request, 'norEduPersonNIN', self.user.get_id(), newnin) self.user.save(self.request) self.request.session.flash(_('Changes saved'), queue='forms')
def propagate_user_changes(self, newuser): if self.workmode == 'personal': # Only update session if user is the same as currently in session user = self.request.session.get('user') newuser = User(newuser) if user.get_id() == newuser.get_id(): self.request.session['user'] = newuser else: user_session = self.request.session['user'].get(self.main_attribute) if user_session == newuser[self.main_attribute]: self.request.session['user'] = User(newuser) update_attributes.delay('eduid_dashboard', str(newuser['_id']))
def test_steal_verified_nin(self): self.set_logged(user='******') response_form = self.testapp.get('/profile/nins/') form = response_form.forms[self.formname] nin = '197801011234' form['norEduPersonNIN'].value = nin from eduiddashboard.msgrelay import MsgRelay with patch.multiple(MsgRelay, nin_validator=return_true, nin_reachable=return_true): response = form.submit('add') self.assertEqual(response.status, '200 OK') old_user = self.db.profiles.find_one({'_id': ObjectId('012345678901234567890123')}) old_user = User(old_user) self.assertIn(nin, old_user.get_nins()) nin_doc = self.db.verifications.find_one({ 'model_name': 'norEduPersonNIN', 'user_oid': ObjectId('901234567890123456789012'), 'obj_id': nin }) with patch.object(MsgRelay, 'get_postal_address', clear=True): MsgRelay.get_postal_address.return_value = { 'Address2': u'StreetName 104', 'PostalCode': u'74142', 'City': u'STOCKHOLM', } with patch.object(MsgRelay, 'postal_address_to_transaction_audit_log'): MsgRelay.postal_address_to_transaction_audit_log.return_value = True response = self.testapp.post( '/profile/nins-actions/', {'identifier': '197801011234 0', 'action': 'verify', 'code': nin_doc['code']} ) response_json = json.loads(response.body) self.assertEqual(response_json['result'], 'ok') old_user = self.db.profiles.find_one({'_id': ObjectId('012345678901234567890123')}) old_user = User(old_user) self.assertNotIn(nin, old_user.get_nins())
def get_user_by_username(self, username): users = self.get_users({'eduPersonPrincipalName': username}) if users.count() == 0: raise self.exceptions.UserDoesNotExist() if users.count() > 1: raise self.exceptions.MultipleUsersReturned() return User(users[0])
def test_steal_verified_mobile(self): self.set_logged(user='******') response_form = self.testapp.get('/profile/mobiles/') form = response_form.forms[self.formname] mobile = '+34609609609' form['mobile'].value = mobile with patch.object(MsgRelay, 'mobile_validator', clear=True): MsgRelay.mobile_validator.return_value = True response = form.submit('add') self.assertEqual(response.status, '200 OK') old_user = self.db.profiles.find_one({'_id': ObjectId('012345678901234567890123')}) old_user = User(old_user) self.assertIn(mobile, [mo['mobile'] for mo in old_user.get_mobiles()]) mobile_doc = self.db.verifications.find_one({ 'model_name': 'mobile', 'user_oid': ObjectId('901234567890123456789012'), 'obj_id': mobile }) with patch.object(MsgRelay, 'mobile_validator', clear=True): with patch.object(UserDB, 'exists_by_field', clear=True): UserDB.exists_by_field.return_value = False MsgRelay.mobile_validator.return_value = True response = self.testapp.post( '/profile/mobiles-actions/', {'identifier': 0, 'action': 'verify', 'code': mobile_doc['code']} ) response_json = json.loads(response.body) self.assertEqual(response_json['result'], 'ok') old_user = self.db.profiles.find_one({'_id': ObjectId('012345678901234567890123')}) old_user = User(old_user) self.assertNotIn(mobile, [mo['mobile'] for mo in old_user.get_mobiles()])
def get_user_by_nin(self, nin): users = self.get_users({ 'norEduPersonNIN.norEduPersonNIN': nin, 'norEduPersonNIN.verified': True, 'norEduPersonNIN.active': True, }) if users.count() == 0: raise self.exceptions.UserDoesNotExist() if users.count() > 1: raise self.exceptions.MultipleUsersReturned() return User(users[0])
def test_steal_verified_mail(self): self.set_logged(user='******') response_form = self.testapp.get('/profile/emails/') form = response_form.forms[self.formname] mail = '*****@*****.**' form['mail'].value = mail with patch.object(UserDB, 'exists_by_field', clear=True): UserDB.exists_by_field.return_value = True response = form.submit('add') self.assertEqual(response.status, '200 OK') old_user = self.db.profiles.find_one({'_id': ObjectId('012345678901234567890123')}) old_user = User(old_user) self.assertIn(mail, [ma['email'] for ma in old_user.get_mail_aliases()]) email_doc = self.db.verifications.find_one({ 'model_name': 'mailAliases', 'user_oid': ObjectId('901234567890123456789012'), 'obj_id': mail }) response = self.testapp.post( '/profile/emails-actions/', {'identifier': 3, 'action': 'verify', 'code': email_doc['code']} ) response_json = json.loads(response.body) self.assertEqual(response_json['result'], 'ok') old_user = self.db.profiles.find_one({'_id': ObjectId('012345678901234567890123')}) old_user = User(old_user) self.assertNotIn(mail, [ma['email'] for ma in old_user.get_mail_aliases()])
def get_user_by_attr(self, attr, value): """ Locate a user in the userdb using any attribute and value. :param attr: The attribute to match on :param value: The value to match on :return: eduid_am.user.User :raise self.UserDoesNotExist: No user match the search criteria :raise self.MultipleUsersReturned: More than one user matches the search criteria """ logger.debug("Looking in {!r} for user with {!r} = {!r}".format( self._db, attr, value)) try: doc = self._db.get_user_by_field(attr, value, raise_on_missing=True) logger.debug("Found user {!r}".format(doc)) return User(doc) except self.exceptions.UserDoesNotExist: logger.debug("UserDoesNotExist, {!r} = {!r}".format(attr, value)) raise self.exceptions.UserDoesNotExist() except self.exceptions.MultipleUsersReturned: logger.error("MultipleUsersReturned, {!r} = {!r}".format(attr, value)) raise self.exceptions.MultipleUsersReturned()
def get_user_by_filter(self, filter, fields=None): """ Locate a user in the userdb using a custom search filter. :param filter: the search filter :type filter: dict :param fields: the fields to return in the search result :type fields: dict :return: eduid_am.user.User :raise self.UserDoesNotExist: No user matching the search criteria :raise self.MultipleUsersReturned: More than one user matched the search criteria """ logger.debug("Looking in {!r} using filter {!r}, returning fields {!r}".format( self._db, filter, fields)) users = self.get_users(filter, fields) if users.count() == 0: raise self.exceptions.UserDoesNotExist() elif users.count() > 1: raise self.exceptions.MultipleUsersReturned() logger.debug("Found user {!r}".format(users[0])) return User(users[0])
class MongoTestCase(unittest.TestCase): """TestCase with an embedded MongoDB temporary instance. Each test runs on a temporary instance of MongoDB. The instance will be listen in a random port between 40000 and 5000. A test can access the connection using the attribute `conn`. A test can access the port using the attribute `port` """ fixtures = [] MockedUserDB = MockedUserDB user = User(MOCKED_USER_STANDARD) users = [] def setUp(self): super(MongoTestCase, self).setUp() self.tmp_db = MongoTemporaryInstance.get_instance() self.conn = self.tmp_db.conn self.port = self.tmp_db.port self.am_settings = { 'BROKER_TRANSPORT': 'memory', 'BROKER_URL': 'memory://', 'CELERY_EAGER_PROPAGATES_EXCEPTIONS': True, 'CELERY_ALWAYS_EAGER': True, 'CELERY_RESULT_BACKEND': "cache", 'CELERY_CACHE_BACKEND': 'memory', 'MONGO_URI': 'mongodb://localhost:%d/' % self.port, 'MONGO_DBNAME': 'am', } celery.conf.update(self.am_settings) self.am = get_attribute_manager(celery) for db_name in self.conn.database_names(): self.conn.drop_database(db_name) mongo_settings = { 'mongo_replicaset': None, 'mongo_uri_am': self.am_settings['MONGO_URI'] + 'am', } if getattr(self, 'settings', None) is None: self.settings = mongo_settings else: self.settings.update(mongo_settings) mongo_replicaset = self.settings.get('mongo_replicaset', None) self.amdb = self.am.conn.get_database('am') self.userdb = self.MockedUserDB(self.users) self.initial_verifications = (getattr(self, 'initial_verifications', None) or INITIAL_VERIFICATIONS) self.amdb.attributes.drop() userdocs = [] for userdoc in self.userdb.all_userdocs(): userdocs.append(deepcopy(userdoc)) self.amdb.attributes.insert(userdocs) def tearDown(self): super(MongoTestCase, self).tearDown() self.amdb.attributes.drop()
def all_users(self): for user in self.test_users.values(): yield User(deepcopy(user))
def get_user(self, userid): if userid not in self.test_users: raise self.UserDoesNotExist return User(deepcopy(self.test_users.get(userid)))
def get_user_by_email(self, email): doc = self._db.get_user_by_mail(email, raise_on_missing=True) return User(doc)