def test_registration(self): 'Make sure that registration works' url = self.get_url('user_register') username, password, nickname, email = [self.userS[x].replace('1', '9') for x in 'username', 'password', 'nickname', 'email'] params = ReplaceableDict(username=username, password=password, nickname=nickname, email=email) # Make sure the registration page appears properly self.assert_('Registration' in self.get(url).unicode_body) # Register registrationCount1 = db.query(User_).count() self.post(url, params) # Register with a username that already exists self.assert_json(self.post(url, params.replace(username=self.userS['username'])), 0) # Register with a nickname that already exists self.assert_json(self.post(url, params.replace(nickname=self.userS['nickname'])), 0) # Register with a email that already exists self.assert_json(self.post(url, params.replace(email=self.userS['email'])), 0) # Register with a weak password self.assert_json(self.post(url, params.replace(password='******')), 0) # Register with the same username but with different case self.post(url, params.replace(username=username.upper(), nickname=nickname + 'x', email=email + 'x')) # Register with the same nickname but with different case self.post(url, params.replace(username=username + 'x', nickname=nickname.upper(), email=email + 'x')) # Register with the same email but with different case self.post(url, params.replace(username=username + 'x', nickname=nickname + 'x', email=email.upper())) # Confirm with an invalid ticket self.get(self.get_url('user_confirm', ticket='xxx')) # Confirm registration registrationCount2 = db.query(User_).count() self.assertEqual(registrationCount2 - registrationCount1, +4) self.get(self.get_url('user_confirm', ticket=db.query(User_.ticket).filter_by(email=email).order_by(User_.when_expired.desc()).first()[0])) # Make sure the user exists self.assertEqual(db.query(User).filter_by(email=email).count(), 1) # Make sure that conflicting registrations have been deleted registrationCount3 = db.query(User_).count() self.assertEqual(registrationCount3 - registrationCount2, -4)
def update_(request): 'Update account' params = request.params if params.get('token') != request.session.get_csrf_token(): return dict(isOk=0, message='Invalid session token') userID = authenticated_userid(request) # If the user is trying to update account information, send confirmation email if 'username' in params: return save_user_(request, dict(params), 'update', db.query(User).get(userID)) # Make sure the smsAddressID belongs to the user smsAddressID = params.get('smsAddressID') smsAddress = db.query(SMSAddress).filter( (SMSAddress.id == smsAddressID) & (SMSAddress.user_id == userID)).first() if not smsAddress: return dict(isOk=0, message='Could not find smsAddressID=%s corresponding to userID=%s' % (smsAddressID, userID)) # Load smsAddressAction = params.get('smsAddressAction') # If the user is activating an SMS address, if 'activate' == smsAddressAction: smsAddress.is_active = True return dict(isOk=1, is_active=smsAddress.is_active) # If the user is deactivating an SMS address, if 'deactivate' == smsAddressAction: smsAddress.is_active = False return dict(isOk=1, is_active=smsAddress.is_active) # If the user is removing an SMS address, elif 'remove' == smsAddressAction: db.delete(smsAddress) return dict(isOk=1) # If the command is not recognized, return dict(isOk=0, message='Command not recognized')
def test_registration(self): 'Make sure that registration works' url = self.get_url('user_register') username, password, nickname, email = [ self.userS[x].replace('1', '9') for x in 'username', 'password', 'nickname', 'email' ] params = ReplaceableDict(username=username, password=password, nickname=nickname, email=email) # Make sure the registration page appears properly self.assert_('Registration' in self.get(url).unicode_body) # Register registrationCount1 = db.query(User_).count() self.post(url, params) # Register with a username that already exists self.assert_json( self.post(url, params.replace(username=self.userS['username'])), 0) # Register with a nickname that already exists self.assert_json( self.post(url, params.replace(nickname=self.userS['nickname'])), 0) # Register with a email that already exists self.assert_json( self.post(url, params.replace(email=self.userS['email'])), 0) # Register with a weak password self.assert_json(self.post(url, params.replace(password='******')), 0) # Register with the same username but with different case self.post( url, params.replace(username=username.upper(), nickname=nickname + 'x', email=email + 'x')) # Register with the same nickname but with different case self.post( url, params.replace(username=username + 'x', nickname=nickname.upper(), email=email + 'x')) # Register with the same email but with different case self.post( url, params.replace(username=username + 'x', nickname=nickname + 'x', email=email.upper())) # Confirm with an invalid ticket self.get(self.get_url('user_confirm', ticket='xxx')) # Confirm registration registrationCount2 = db.query(User_).count() self.assertEqual(registrationCount2 - registrationCount1, +4) self.get( self.get_url('user_confirm', ticket=db.query( User_.ticket).filter_by(email=email).order_by( User_.when_expired.desc()).first()[0])) # Make sure the user exists self.assertEqual(db.query(User).filter_by(email=email).count(), 1) # Make sure that conflicting registrations have been deleted registrationCount3 = db.query(User_).count() self.assertEqual(registrationCount3 - registrationCount2, -4)
def processRegistration(email): 'Process an SMS address registration' # Get userID and code match = pattern_registration.match(email.subject) if not match: return False userID, userCode = match.groups() userID = int(userID) fromWhom = parseaddr(email.fromWhom)[1] # Make sure we have a proper email address try: fromWhom = validators.Email(not_empty=True).to_python(fromWhom) except Invalid: return False # If userID is zero, then the sender wants to unregister his or her address if userID == 0: db.query(SMSAddress).filter_by(email=fromWhom).delete() return True # Load user = db.query(User).filter_by(id=userID, code=userCode).options(joinedload(User.sms_addresses)).first() # If the user doesn't exist, if not user: return False # If we have registered the address already, if fromWhom in (x.email for x in user.sms_addresses): return True # Add db.add(SMSAddress(email=fromWhom, user_id=userID)) return True
def processRegistration(email): 'Process an SMS address registration' # Get userID and code match = pattern_registration.match(email.subject) if not match: return False userID, userCode = match.groups() userID = int(userID) fromWhom = parseaddr(email.fromWhom)[1] # Make sure we have a proper email address try: fromWhom = validators.Email(not_empty=True).to_python(fromWhom) except Invalid: return False # If userID is zero, then the sender wants to unregister his or her address if userID == 0: db.query(SMSAddress).filter_by(email=fromWhom).delete() return True # Load user = db.query(User).filter_by(id=userID, code=userCode).options( joinedload(User.sms_addresses)).first() # If the user doesn't exist, if not user: return False # If we have registered the address already, if fromWhom in (x.email for x in user.sms_addresses): return True # Add db.add(SMSAddress(email=fromWhom, user_id=userID)) return True
def test_mutate(self): 'Make sure that mutating the user works' url = self.get_url('user_mutate') self.login(self.userI) token = get_token(self.get(self.get_url('user_update')).body) params = ReplaceableDict(token=token) # Check that a bad token fails self.assert_json(self.post(url, params.replace(token=token + 'x')), 0) # Check that we can mutate the user code userCode = db.query(User.code).filter_by(username=self.userI['username']).first()[0] self.assert_json(self.post(url, params), 1) self.assertNotEqual(userCode, db.query(User.code).filter_by(username=self.userI['username']).first()[0])
def test_reset(self): 'Make sure that resetting the password works' url = self.get_url('user_reset') password, email = [self.userI[x] for x in 'password', 'email'] # Trying to reset an email that does not exist returns an error self.assert_json(self.post(url, dict(email=email + 'x')), 0) # Resetting the password does not immediately change the password self.assert_json(self.post(url, dict(email=email)), 1) self.assertEqual(db.query(User).filter_by(email=email).first().check(password), True) # Apply change self.get(self.get_url('user_confirm', ticket=db.query(User_.ticket).filter_by(email=email).order_by(User_.when_expired.desc()).first()[0])) self.assertEqual(db.query(User).filter_by(email=email).first().check(password), False)
def move(request): 'Move a user to a different access category' params = request.params if params.get('token') != request.session.get_csrf_token(): return dict(isOk=0, message='Invalid session token') userID = authenticated_userid(request) # Load targetUser targetUserID = params.get('targetUserID', 0) targetUser = db.query(User).get(targetUserID) if not targetUser: return dict(isOk=0, message='Could not find targetUserID=%s' % targetUserID) if int(userID) == int(targetUserID): return dict(isOk=0, message='Cannot promote or demote yourself') # Load attributes hasAttributes = False for attributeName in 'is_active', 'is_super': value = params.get(attributeName) if value is None: continue try: value = bool(int(value)) except ValueError: return dict(isOk=0, message='Could not parse %s=%s' % (attributeName, value)) setattr(targetUser, attributeName, value) hasAttributes = True if not hasAttributes: return dict(isOk=0, message='No attributes specified') # Return region_invalidate(get_properties, None, targetUserID) return dict(isOk=1)
def test_mutate(self): 'Make sure that mutating the user works' url = self.get_url('user_mutate') self.login(self.userI) token = get_token(self.get(self.get_url('user_update')).body) params = ReplaceableDict(token=token) # Check that a bad token fails self.assert_json(self.post(url, params.replace(token=token + 'x')), 0) # Check that we can mutate the user code userCode = db.query( User.code).filter_by(username=self.userI['username']).first()[0] self.assert_json(self.post(url, params), 1) self.assertNotEqual( userCode, db.query(User.code).filter_by( username=self.userI['username']).first()[0])
def test_move(self): 'Make sure that only superusers can promote or demote other users' url = self.get_url('user_move') # Check that we only see the login page if the user is not logged in self.assert_forbidden(url, method='POST') # Check that only super users can promote or demote other users for userD in self.userA, self.userI: self.login(userD) self.assert_forbidden(url, method='POST') self.login(self.userS) userID = db.query( User.id).filter_by(username=self.userS['username']).first()[0] token = get_token(self.get(self.get_url('user_index')).body) get_targetUser = lambda: db.query(User).filter_by(username=self.userI[ 'username']).first() targetUser = get_targetUser() params = ReplaceableDict(token=token, targetUserID=targetUser.id, is_super=1, is_active=1) # Check that a bad token fails self.assert_json(self.post(url, params.replace(token=token + 'x')), 0) # Check that a bad targetUserID fails self.assert_json(self.post(url, params.replace(targetUserID=0)), 0) # Check that a bad attribute fails self.assert_json(self.post(url, params.replace(is_super='xxx')), 0) self.assert_json(self.post(url, params.replace(is_active='xxx')), 0) # Check that a super user cannot promote or demote self self.assert_json(self.post(url, params.replace(targetUserID=userID)), 0) # Check that a super user can promote or demote other users self.assert_json(self.post(url, params.replace(is_super=1)), 1) targetUser = get_targetUser() self.assertEqual(targetUser.is_super, True) self.assert_json(self.post(url, params.replace(is_super=0)), 1) targetUser = get_targetUser() self.assertEqual(targetUser.is_super, False) self.assert_json(self.post(url, params.replace(is_active=1)), 1) targetUser = get_targetUser() self.assertEqual(targetUser.is_active, True) self.assert_json(self.post(url, params.replace(is_active=0)), 1) targetUser = get_targetUser() self.assertEqual(targetUser.is_active, False)
def _to_python(self, value, user): 'Check whether the value is unique' # If the user is new or the value changed, if not user or getattr(user, self.fieldName) != value: # Make sure the value is unique if db.query(User).filter(getattr(User, self.fieldName)==value).first(): # Raise raise Invalid(self.errorMessage, value, user) # Return return value
def test_reset(self): 'Make sure that resetting the password works' url = self.get_url('user_reset') password, email = [self.userI[x] for x in 'password', 'email'] # Trying to reset an email that does not exist returns an error self.assert_json(self.post(url, dict(email=email + 'x')), 0) # Resetting the password does not immediately change the password self.assert_json(self.post(url, dict(email=email)), 1) self.assertEqual( db.query(User).filter_by(email=email).first().check(password), True) # Apply change self.get( self.get_url('user_confirm', ticket=db.query( User_.ticket).filter_by(email=email).order_by( User_.when_expired.desc()).first()[0])) self.assertEqual( db.query(User).filter_by(email=email).first().check(password), False)
def test_update(self): 'Make sure that updating credentials works' url = self.get_url('user_update') # Check that we only see the login page if the user is not logged in self.assert_forbidden(url) self.assert_forbidden(url, method='POST') # Check that the update form is filled with the user's credentials self.login(self.userI) body = self.get(url).unicode_body self.assert_(self.userI['username'] in body) self.assert_(self.userI['nickname'] in body) self.assert_(self.userI['email'].lower() in body) token = get_token(body) # Updating credentials requires a token username, password, nickname, email = [ '0' + self.userI[x] for x in 'username', 'password', 'nickname', 'email' ] params = ReplaceableDict(token=token, username=username, password=password, nickname=nickname, email=email) self.assert_json(self.post(url, params.replace(token='')), 0) self.assert_json(self.post(url, params), 1) # Make sure the credentials have not changed yet self.assertEqual( db.query(User).filter_by(username=username, nickname=nickname, email=email).count(), 0) # Make sure the credentials have changed after confirmation self.get( self.get_url('user_confirm', ticket=db.query( User_.ticket).filter_by(email=email).order_by( User_.when_expired.desc()).first()[0])) self.assertEqual( db.query(User).filter_by(username=username, nickname=nickname, email=email).first().check(password), True)
def get_patents(): return db.query(Patent).join(Patent.status, Patent.type).options( joinedload(Patent.technology), joinedload(Patent.firm), joinedload(Patent.status), joinedload(Patent.type), joinedload_all(Patent.inventors, PatentInventor.contact, Contact.phones), joinedload(Patent.country), ).order_by( PatentStatus.name, PatentType.name, Patent.date_filed, ).all()
def test_move(self): 'Make sure that only superusers can promote or demote other users' url = self.get_url('user_move') # Check that we only see the login page if the user is not logged in self.assert_forbidden(url, method='POST') # Check that only super users can promote or demote other users for userD in self.userA, self.userI: self.login(userD) self.assert_forbidden(url, method='POST') self.login(self.userS) userID = db.query(User.id).filter_by(username=self.userS['username']).first()[0] token = get_token(self.get(self.get_url('user_index')).body) get_targetUser = lambda: db.query(User).filter_by(username=self.userI['username']).first() targetUser = get_targetUser() params = ReplaceableDict(token=token, targetUserID=targetUser.id, is_super=1, is_active=1) # Check that a bad token fails self.assert_json(self.post(url, params.replace(token=token + 'x')), 0) # Check that a bad targetUserID fails self.assert_json(self.post(url, params.replace(targetUserID=0)), 0) # Check that a bad attribute fails self.assert_json(self.post(url, params.replace(is_super='xxx')), 0) self.assert_json(self.post(url, params.replace(is_active='xxx')), 0) # Check that a super user cannot promote or demote self self.assert_json(self.post(url, params.replace(targetUserID=userID)), 0) # Check that a super user can promote or demote other users self.assert_json(self.post(url, params.replace(is_super=1)), 1) targetUser = get_targetUser() self.assertEqual(targetUser.is_super, True) self.assert_json(self.post(url, params.replace(is_super=0)), 1) targetUser = get_targetUser() self.assertEqual(targetUser.is_super, False) self.assert_json(self.post(url, params.replace(is_active=1)), 1) targetUser = get_targetUser() self.assertEqual(targetUser.is_active, True) self.assert_json(self.post(url, params.replace(is_active=0)), 1) targetUser = get_targetUser() self.assertEqual(targetUser.is_active, False)
def test_update(self): 'Make sure that updating credentials works' url = self.get_url('user_update') # Check that we only see the login page if the user is not logged in self.assert_forbidden(url) self.assert_forbidden(url, method='POST') # Check that the update form is filled with the user's credentials self.login(self.userI) body = self.get(url).unicode_body self.assert_(self.userI['username'] in body) self.assert_(self.userI['nickname'] in body) self.assert_(self.userI['email'].lower() in body) token = get_token(body) # Updating credentials requires a token username, password, nickname, email = ['0' + self.userI[x] for x in 'username', 'password', 'nickname', 'email'] params = ReplaceableDict(token=token, username=username, password=password, nickname=nickname, email=email) self.assert_json(self.post(url, params.replace(token='')), 0) self.assert_json(self.post(url, params), 1) # Make sure the credentials have not changed yet self.assertEqual(db.query(User).filter_by(username=username, nickname=nickname, email=email).count(), 0) # Make sure the credentials have changed after confirmation self.get(self.get_url('user_confirm', ticket=db.query(User_.ticket).filter_by(email=email).order_by(User_.when_expired.desc()).first()[0])) self.assertEqual(db.query(User).filter_by(username=username, nickname=nickname, email=email).first().check(password), True)
def reset(request): 'Reset password' # Get email email = request.params.get('email') # Try to load the user user = db.query(User).filter(User.email==email).first() # If the email is not in our database, if not user: return dict(isOk=0) # Reset account return save_user_(request, dict( username=user.username, password=make_random_string(PASSWORD_LEN_MAX), nickname=user.nickname, email=user.email), 'reset', user)
def mutate(request): 'Mutate user token' params = request.params if params.get('token') != request.session.get_csrf_token(): return dict(isOk=0, message='Invalid session token') userID = authenticated_userid(request) # Mutate user code user = db.query(User).get(userID) user.code = make_random_string(CODE_LEN) # Refresh cookie if not hasattr(request, 'response_headerlist'): request.response_headerlist = [] request.response_headerlist.extend(remember(request, user.id, tokens=format_tokens(user))) # Return region_invalidate(get_properties, None, userID) return dict(isOk=1, code=user.code)
def apply_user_(ticket): 'Finalize a change to a user account' user_ = db.query(User_).filter( (User_.ticket == ticket) & (User_.when_expired >= datetime.datetime.utcnow())).first() if not user_: raise UserException('') # If the ticket is valid, if user_: # Apply the change and reset rejection_count userID = user_.user_id db.merge(User( id=userID, username=user_.username, password_=user_.password_, nickname=user_.nickname, email=user_.email, rejection_count=0, code=make_random_string(CODE_LEN))) region_invalidate(get_properties, None, userID) # Return return user_
def login_(request): 'Process login credentials' # Make shortcuts environ, params, registry = [getattr(request, x) for x in 'environ', 'params', 'registry'] username, password = [params.get(x, '').strip() for x in 'username', 'password'] if not username or not password: return dict(isOk=0) # Check username user = db.query(User).filter_by(username=username).first() if not user: return dict(isOk=0) # If the password is incorrect, increment and return rejection_count if not user.check(password): user.rejection_count += 1 return dict(isOk=0, rejection_count=user.rejection_count) # If there have been too many rejections, expect recaptcha if user.rejection_count >= REJECTION_LIMIT: rChallenge, rResponse = [params.get(x, '') for x in 'recaptcha_challenge', 'recaptcha_response'] rPrivate = registry.settings.get('recaptcha.private', '') clientIP = environ.get('HTTP_X_REAL_IP', environ.get('HTTP_X_FORWARDED_FOR', environ.get('REMOTE_ADDR'))) # If the response is not valid, say so if not captcha.submit(rChallenge, rResponse, rPrivate, clientIP).is_valid: return dict(isOk=0, rejection_count=user.rejection_count) # Save user try: user.minutes_offset = int(params.get('minutes_offset', MINUTES_OFFSET)) except ValueError: user.minutes_offset = MINUTES_OFFSET user.when_login = datetime.datetime.utcnow() user.rejection_count = 0 # Set cookie if not hasattr(request, 'response_headerlist'): request.response_headerlist = [] request.response_headerlist.extend(remember(request, user.id, tokens=format_tokens(user))) # Return return dict(isOk=1)
def get_properties(userID): 'Return user properties' return db.query(User.nickname, User.minutes_offset, User.is_active, User.is_super, User.code).filter_by(id=userID).first() def save_user_(request, valueByName, action, user=None): 'Validate values and send confirmation email if values are okay' # Validate form try: form = UserForm().to_python(valueByName, user) except Invalid, error: return dict(isOk=0, errorByID=error.unpack_errors()) # Prepare ticket try: ticket = make_random_unique_string(TICKET_LEN, lambda x: db.query(User_).filter_by(ticket=x).first() == None) except RuntimeError: return dict(isOk=0, errorByID={'status': 'Could not generate ticket; please try again later'}) # Prepare user_ user_ = User_( username=form['username'], password=form['password'], nickname=form['nickname'], email=form['email'], user_id=user.id if user else None, ticket=ticket, when_expired=datetime.datetime.utcnow() + datetime.timedelta(hours=TICKET_HOURS)) db.add(user_) # Send message get_mailer(request).send_to_queue(Message( recipients=[formataddr((user_.nickname, user_.email))],
def index(request): 'Display patent activity' upload = db.query(Upload).order_by(Upload.when.desc()).first() patents = get_patents() return dict(upload=upload, patents=patents)
def update(request): 'Show account update page' userID = authenticated_userid(request) user = db.query(User).options(joinedload(User.sms_addresses)).get(userID) return dict(user=user)
def test_index(self): 'Assert that the user index page shows how many accounts are on file' url = self.get_url('user_index') # Make sure that the user index page is visible self.assert_('%s users' % db.query(User).count() in self.get(url).unicode_body)
def test_update_smsAddress(self): 'Make sure that updating smsAddresses works' url = self.get_url('user_update') db.query(SMSAddress).delete() userSID, userSCode, userSEmail = db.query( User.id, User.code, User.email).filter_by(username=self.userS['username']).first() userAID, userACode, userAEmail = db.query( User.id, User.code, User.email).filter_by(username=self.userA['username']).first() userIID, userICode, userIEmail = db.query( User.id, User.code, User.email).filter_by(username=self.userI['username']).first() imapServer = sms.connect(self.router.registry.settings) # Register an invalid email address imapServer.revive( 'inbox', imapIO.build_message(subject='%s-%s' % (userSID, userSCode), fromWhom='')) # Register using an invalid userID or userCode imapServer.revive( 'inbox', imapIO.build_message(subject='%s-%s' % (-1, userSCode), fromWhom='sms_' + userSEmail)) imapServer.revive( 'inbox', imapIO.build_message(subject='%s-%s' % (userSID, -1), fromWhom='sms_' + userSEmail)) # Register three email addresses imapServer.revive( 'inbox', imapIO.build_message(subject='%s-%s' % (userSID, userSCode), fromWhom='sms_' + userSEmail)) imapServer.revive( 'inbox', imapIO.build_message(subject='%s-%s' % (userAID, userACode), fromWhom='sms_' + userAEmail)) imapServer.revive( 'inbox', imapIO.build_message(subject='%s-%s' % (userIID, userICode), fromWhom='sms_' + userIEmail)) # Register an address that already exists for the given user imapServer.revive( 'inbox', imapIO.build_message(subject='%s-%s' % (userSID, userSCode), fromWhom='sms_' + userSEmail)) # Remove an email address imapServer.revive( 'inbox', imapIO.build_message(subject='%s-%s' % (0, 'xxx'), fromWhom='sms_' + userSEmail)) # Process sms.process(self.router.registry.settings) # Make sure we only have two registered SMS address self.assertEqual(2, db.query(SMSAddress).count()) smsAddressA = db.query(SMSAddress).filter_by(user_id=userAID).first() smsAddressI = db.query(SMSAddress).filter_by(user_id=userIID).first() # Get token self.login(self.userI) token = get_token(self.get(url).unicode_body) params = ReplaceableDict(token=token, smsAddressAction='activate', smsAddressID=smsAddressI.id) # Activate an smsAddress that doesn't belong to the user self.assert_json( self.post(url, params.replace(smsAddressID=smsAddressA.id)), 0) # Activate an smsAddress self.assert_json(self.post(url, params), 1) self.assertEqual( db.query( SMSAddress.is_active).filter_by(user_id=userIID).first()[0], True) params = ReplaceableDict(token=token, smsAddressAction='deactivate', smsAddressID=smsAddressI.id) # Deactivate an smsAddress that doesn't belong to the user self.assert_json( self.post(url, params.replace(smsAddressID=smsAddressA.id)), 0) # Deactivate an smsAddress self.assert_json(self.post(url, params), 1) self.assertEqual( db.query( SMSAddress.is_active).filter_by(user_id=userIID).first()[0], False) params = ReplaceableDict(token=token, smsAddressAction='remove', smsAddressID=smsAddressI.id) # Remove an smsAddress that doesn't belong to the user self.assert_json( self.post(url, params.replace(smsAddressID=smsAddressA.id)), 0) # Remove an smsAddress that does belong to the user self.assert_json(self.post(url, params), 1) self.assertEqual( db.query(SMSAddress).filter_by(id=smsAddressI.id).count(), 0) params = ReplaceableDict(token=token) # Send an invalid command self.assert_json(self.post(url, params.replace(smsAddressAction='')), 0) self.assert_json( self.post(url, params.replace(smsAddressAction='xxx')), 0)
def index(request): 'Show information about people registered in the database' return dict(users=db.query(User).order_by(User.when_login.desc()).all())
def get_properties(userID): 'Return user properties' return db.query(User.nickname, User.minutes_offset, User.is_active, User.is_super, User.code).filter_by(id=userID).first()
def test_update_smsAddress(self): 'Make sure that updating smsAddresses works' url = self.get_url('user_update') db.query(SMSAddress).delete() userSID, userSCode, userSEmail = db.query(User.id, User.code, User.email).filter_by(username=self.userS['username']).first() userAID, userACode, userAEmail = db.query(User.id, User.code, User.email).filter_by(username=self.userA['username']).first() userIID, userICode, userIEmail = db.query(User.id, User.code, User.email).filter_by(username=self.userI['username']).first() imapServer = sms.connect(self.router.registry.settings) # Register an invalid email address imapServer.revive('inbox', imapIO.build_message(subject='%s-%s' % (userSID, userSCode), fromWhom='')) # Register using an invalid userID or userCode imapServer.revive('inbox', imapIO.build_message(subject='%s-%s' % (-1, userSCode), fromWhom='sms_' + userSEmail)) imapServer.revive('inbox', imapIO.build_message(subject='%s-%s' % (userSID, -1), fromWhom='sms_' + userSEmail)) # Register three email addresses imapServer.revive('inbox', imapIO.build_message(subject='%s-%s' % (userSID, userSCode), fromWhom='sms_' + userSEmail)) imapServer.revive('inbox', imapIO.build_message(subject='%s-%s' % (userAID, userACode), fromWhom='sms_' + userAEmail)) imapServer.revive('inbox', imapIO.build_message(subject='%s-%s' % (userIID, userICode), fromWhom='sms_' + userIEmail)) # Register an address that already exists for the given user imapServer.revive('inbox', imapIO.build_message(subject='%s-%s' % (userSID, userSCode), fromWhom='sms_' + userSEmail)) # Remove an email address imapServer.revive('inbox', imapIO.build_message(subject='%s-%s' % (0, 'xxx'), fromWhom='sms_' + userSEmail)) # Process sms.process(self.router.registry.settings) # Make sure we only have two registered SMS address self.assertEqual(2, db.query(SMSAddress).count()) smsAddressA = db.query(SMSAddress).filter_by(user_id=userAID).first() smsAddressI = db.query(SMSAddress).filter_by(user_id=userIID).first() # Get token self.login(self.userI) token = get_token(self.get(url).unicode_body) params = ReplaceableDict(token=token, smsAddressAction='activate', smsAddressID=smsAddressI.id) # Activate an smsAddress that doesn't belong to the user self.assert_json(self.post(url, params.replace(smsAddressID=smsAddressA.id)), 0) # Activate an smsAddress self.assert_json(self.post(url, params), 1) self.assertEqual(db.query(SMSAddress.is_active).filter_by(user_id=userIID).first()[0], True) params = ReplaceableDict(token=token, smsAddressAction='deactivate', smsAddressID=smsAddressI.id) # Deactivate an smsAddress that doesn't belong to the user self.assert_json(self.post(url, params.replace(smsAddressID=smsAddressA.id)), 0) # Deactivate an smsAddress self.assert_json(self.post(url, params), 1) self.assertEqual(db.query(SMSAddress.is_active).filter_by(user_id=userIID).first()[0], False) params = ReplaceableDict(token=token, smsAddressAction='remove', smsAddressID=smsAddressI.id) # Remove an smsAddress that doesn't belong to the user self.assert_json(self.post(url, params.replace(smsAddressID=smsAddressA.id)), 0) # Remove an smsAddress that does belong to the user self.assert_json(self.post(url, params), 1) self.assertEqual(db.query(SMSAddress).filter_by(id=smsAddressI.id).count(), 0) params = ReplaceableDict(token=token) # Send an invalid command self.assert_json(self.post(url, params.replace(smsAddressAction='')), 0) self.assert_json(self.post(url, params.replace(smsAddressAction='xxx')), 0)