Пример #1
0
    def validate(self):
        r = super(AdsClassicFallBackLoginForm, self).validate()
        if r is True:
            return r

        cu = None
        try:
            cu = ClassicUserInfo(self.email.data, self.password.data)
        except HTTPError:
            return False  # if we can't contact ADS Classic, make it non-fatal

        if cu.is_authenticated():  # Classic did let them in....

            if not hasattr(
                    self,
                    'user') or self.user is None:  # User does not exist yet
                user_manipulator.create(email=self.email.data,
                                        password=self.password.data,
                                        name=cu.get_name(),
                                        active=True)
            else:
                if not self.user.password:  # password not set
                    return False
                if not self.user.validate_password(
                        self.password.data):  # Invalid passwd
                    self.user.password = self.password.data
                    user_manipulator.save(self.user)
                if requires_confirmation(self.user):
                    return False
                if not self.user.is_active() and cu.is_real_user(
                ):  # Disabled account
                    self.user.active = True
                    user_manipulator.save(self.user)

            # revalidate
            return super(AdsClassicFallBackLoginForm, self).validate()

        elif cu.is_real_user(
        ):  # they didn't get it, but the account at least exists...
            if self.user is None:
                user_manipulator.create(email=self.email.data,
                                        password=gen_salt(12),
                                        name=cu.get_name(),
                                        active=False)
        return False
Пример #2
0
    def validate(self):
        r = super(AdsClassicFallBackLoginForm, self).validate()
        if r is True:
            return r
        
        cu = None
        try:
            cu = ClassicUserInfo(self.email.data, self.password.data)
        except HTTPError:
            return False  # if we can't contact ADS Classic, make it non-fatal

        if cu.is_authenticated(): # Classic did let them in....
            
            if not hasattr(self, 'user') or self.user is None:  # User does not exist yet
                user_manipulator.create(email=self.email.data, 
                                     password=self.password.data,
                                     name=cu.get_name(),
                                     active=True)
            else:
                if not self.user.password: # password not set
                    return False
                if not self.user.validate_password(self.password.data): # Invalid passwd 
                    self.user.password = self.password.data
                    user_manipulator.save(self.user)
                if requires_confirmation(self.user):
                    return False
                if not self.user.is_active() and cu.is_real_user(): # Disabled account
                    self.user.active = True
                    user_manipulator.save(self.user)
                
            # revalidate
            return super(AdsClassicFallBackLoginForm, self).validate()
        
        elif cu.is_real_user(): # they didn't get it, but the account at least exists...
            if self.user is None:
                user_manipulator.create(email=self.email.data, 
                                     password=gen_salt(12),
                                     name=cu.get_name(),
                                     active=False)
        return False
Пример #3
0
    def test_users_crud_operations(self):
        """
        perform and test create, read, update, and delete patterns on user
        models using the `user_manipulator` service
        """

        # .new() should not save the User to the database
        joe = user_manipulator.new(email='joe')
        self.assertIsNone(user_manipulator.first(email='joe'))

        # .save() should save the User to the database
        user_manipulator.save(joe)
        u = user_manipulator.first(email='joe')
        self.assertIsNotNone(u)
        self.assertEqual(u.email, 'joe')

        # .create() should create immediately
        elias = user_manipulator.create(email='elias')
        u = user_manipulator.first(email='elias')
        self.assertIsNotNone(u)
        self.assertEqual(elias, u)

        # .update() should update immediately
        user_manipulator.update(elias, confirmed_at=datetime(2000, 1, 1))
        u = user_manipulator.first(email='elias')
        self.assertEqual(u.confirmed_at, datetime(2000, 1, 1))
        self.assertEqual(elias, u)

        # .delete() should delete immediately
        user_manipulator.delete(elias)
        u = user_manipulator.first(email='elias')
        self.assertIsNone(u)

        # even though this object was deleted in the db, we still should
        # have a reference to the python object
        self.assertIsNotNone(elias)
        self.assertEqual(elias.confirmed_at, datetime(2000, 1, 1))
Пример #4
0
    def test_users_crud_operations(self):
        """
        perform and test create, read, update, and delete patterns on user
        models using the `user_manipulator` service
        """

        # .new() should not save the User to the database
        joe = user_manipulator.new(email='joe')
        self.assertIsNone(user_manipulator.first(email='joe'))

        # .save() should save the User to the database
        user_manipulator.save(joe)
        u = user_manipulator.first(email='joe')
        self.assertIsNotNone(u)
        self.assertEqual(u.email, 'joe')

        # .create() should create immediately
        elias = user_manipulator.create(email='elias')
        u = user_manipulator.first(email='elias')
        self.assertIsNotNone(u)
        self.assertEqual(elias, u)

        # .update() should update immediately
        user_manipulator.update(elias, confirmed_at=datetime(2000, 1, 1))
        u = user_manipulator.first(email='elias')
        self.assertEqual(u.confirmed_at, datetime(2000, 1, 1))
        self.assertEqual(elias, u)

        # .delete() should delete immediately
        user_manipulator.delete(elias)
        u = user_manipulator.first(email='elias')
        self.assertIsNone(u)

        # even though this object was deleted in the db, we still should
        # have a reference to the python object
        self.assertIsNotNone(elias)
        self.assertEqual(elias.confirmed_at, datetime(2000, 1, 1))
Пример #5
0
    def setUp(self):
        super(OAuth2ProviderTestCase, self).setUp()
        # Set environment variable DEBUG to true, to allow testing without
        # SSL in oauthlib.
        if self.app.config.get('SITE_SECURE_URL').startswith('http://'):
            self.os_debug = os.environ.get('OAUTHLIB_INSECURE_TRANSPORT', '')
            os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = 'true'

        from ..models import OAuthClient, Scope
        from adsws.core import user_manipulator
        from ..registry import scopes as scopes_registry
        
        # Register a test scope
        scopes_registry.register(Scope('test:scope'))

        self.base_url = self.app.config.get('SITE_SECURE_URL')

        # Create needed objects
        u = user_manipulator.new(
            email='*****@*****.**',
            password = '******',
            active=True
        )

        u2 = user_manipulator.new(
            email='*****@*****.**',
            password = '******',
            active=True
        )
        
        user_manipulator.save(u)
        user_manipulator.save(u2)

        c1 = OAuthClient(
            client_id='dev',
            client_secret='dev',
            name='dev',
            description='',
            is_confidential=False,
            user_id=u.id,
            _redirect_uris='%s/oauth2test/authorized' % self.base_url,
            _default_scopes="test:scope"
        )

        c2 = OAuthClient(
            client_id='confidential',
            client_secret='confidential',
            name='confidential',
            description='',
            is_confidential=True,
            user_id=u.id,
            _redirect_uris='%s/oauth2test/authorized' % self.base_url,
            _default_scopes="test:scope"
        )

        db.session.add(c1)
        db.session.add(c2)
        db.session.commit()

        self.objects = [u, u2, c1, c2]

        # Create a personal access token as well.
        from ..models import OAuthToken
        self.personal_token = OAuthToken.create_personal(
            'test-personal', 1, scopes=[], is_internal=True
        )
Пример #6
0
    def setUp(self):
        super(OAuth2ProviderTestCase, self).setUp()
        # Set environment variable DEBUG to true, to allow testing without
        # SSL in oauthlib.
        if self.app.config.get('SITE_SECURE_URL').startswith('http://'):
            self.os_debug = os.environ.get('OAUTHLIB_INSECURE_TRANSPORT', '')
            os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = 'true'

        from ..models import OAuthClient, Scope
        from adsws.core import user_manipulator
        from ..registry import scopes as scopes_registry

        # Register a test scope
        scopes_registry.register(Scope('test:scope'))

        self.base_url = self.app.config.get('SITE_SECURE_URL')

        # Create needed objects
        u = user_manipulator.new(email='*****@*****.**',
                                 password='******',
                                 active=True)

        u2 = user_manipulator.new(email='*****@*****.**',
                                  password='******',
                                  active=True)

        user_manipulator.save(u)
        user_manipulator.save(u2)

        c1 = OAuthClient(client_id='dev',
                         client_secret='dev',
                         name='dev',
                         description='',
                         is_confidential=False,
                         user_id=u.id,
                         _redirect_uris='%s/oauth2test/authorized' %
                         self.base_url,
                         _default_scopes="test:scope")

        c2 = OAuthClient(client_id='confidential',
                         client_secret='confidential',
                         name='confidential',
                         description='',
                         is_confidential=True,
                         user_id=u.id,
                         _redirect_uris='%s/oauth2test/authorized' %
                         self.base_url,
                         _default_scopes="test:scope")

        db.session.add(c1)
        db.session.add(c2)
        db.session.commit()

        self.objects = [u, u2, c1, c2]

        # Create a personal access token as well.
        from ..models import OAuthToken
        self.personal_token = OAuthToken.create_personal('test-personal',
                                                         1,
                                                         scopes=[],
                                                         is_internal=True)