def setup_class(self):
CreateTestData.create()
model.repo.new_revision()
model.Session.add(model.Package(name=u'testpkgag'))
model.Session.add(model.Group(name=u'testgroupag'))
model.Session.add(model.User(name=u'ag_member'))
model.Session.add(model.User(name=u'ag_admin'))
model.Session.add(model.User(name=u'ag_notmember'))
model.Session.add(model.AuthorizationGroup(name=u'authz_group'))
model.repo.commit_and_remove()
pkg = model.Package.by_name(u'testpkgag')
grp = model.Group.by_name(u'testgroupag')
authzgrp = model.AuthorizationGroup.by_name(u'authz_group')
member = model.User.by_name(u'ag_member')
admin = model.User.by_name(u'ag_admin')
model.setup_default_user_roles(authzgrp, [admin])
model.add_authorization_group_to_role(authzgrp, model.Role.ADMIN, pkg)
model.add_authorization_group_to_role(authzgrp, model.Role.ADMIN, grp)
model.add_user_to_authorization_group(member, authzgrp, model.Role.EDITOR)
model.repo.commit_and_remove()
self.authorizer = ckan.authz.Authorizer()
self.pkg = model.Package.by_name(u'testpkgag')
self.grp = model.Group.by_name(u'testgroupag')
self.member = model.User.by_name(u'ag_member')
self.admin = model.User.by_name(u'ag_admin')
self.notmember = model.User.by_name(u'ag_notmember')
self.authzgrp = model.AuthorizationGroup.by_name(u'authz_group')
def setup_class(self):
# for the authorization editing tests we set up test data so:
# three users, madeup-sysadmin , madeup-administrator, and madeup-another
# one authzgroup
# two packages test6 and test6a, m-a is admin on both
model.repo.init_db()
model.repo.new_revision()
self.sysadmin = 'madeup-sysadmin'
sysadmin_user = model.User(name=unicode(self.sysadmin))
self.admin = 'madeup-administrator'
admin_user = model.User(name=unicode(self.admin))
self.another = u'madeup-another'
another_user = model.User(name=unicode(self.another))
self.authzgroup = u'madeup-authzgroup'
authzgroup = model.AuthorizationGroup(name=unicode(self.authzgroup))
for obj in sysadmin_user, admin_user, another_user, authzgroup:
model.Session.add(obj)
model.add_user_to_role(sysadmin_user, model.Role.ADMIN, model.System())
model.repo.new_revision()
self.pkgname = u'test6'
self.pkgname2 = u'test6a'
pkg = model.Package(name=self.pkgname)
pkg2 = model.Package(name=self.pkgname2)
model.Session.add(pkg)
model.Session.add(pkg2)
admin_user = model.User.by_name(unicode(self.admin))
assert admin_user
model.setup_default_user_roles(pkg, admins=[admin_user])
model.setup_default_user_roles(pkg2, admins=[admin_user])
model.repo.commit_and_remove()
def setup(self):
# need to do this for every test since we mess with System rights
CreateTestData.create()
model.repo.new_revision()
model.Session.add(model.User(name=u'testadmin'))
model.Session.add(model.User(name=u'testsysadmin'))
model.Session.add(model.User(name=u'notadmin'))
model.repo.commit_and_remove()
pkg = model.Package.by_name(u'annakarenina')
admin = model.User.by_name(u'testadmin')
sysadmin = model.User.by_name(u'testsysadmin')
model.add_user_to_role(admin, model.Role.ADMIN, pkg)
model.add_user_to_role(sysadmin, model.Role.ADMIN, model.System())
model.repo.commit_and_remove()
self.pkg = model.Package.by_name(u'annakarenina')
self.admin = model.User.by_name(u'testadmin')
self.sysadmin = model.User.by_name(u'testsysadmin')
self.notadmin = model.User.by_name(u'notadmin')
self.package_fillers = {
'title': 'test title',
'notes': 'test notes',
'license_id': 'mit-license',
}
def setup_class(self):
model.repo.init_db()
self.authorizer = authz.Authorizer()
self.admin_role = model.Role.ADMIN
self.editor_role = model.Role.EDITOR
self.reader_role = model.Role.READER
model.repo.new_revision()
anna = model.Package(name=u'annakarenina')
war = model.Package(name=u'warandpeace')
mradmin = model.User(name=u'mradmin')
mreditor = model.User(name=u'mreditor')
mrreader = model.User(name=u'mrreader')
tester = model.User(name=u'tester')
anauthzgroup = model.AuthorizationGroup(name=u'anauthzgroup')
for obj in [
anna, war, mradmin, mreditor, mrreader, tester, anauthzgroup
]:
model.Session.add(obj)
model.repo.commit_and_remove()
anna = model.Package.by_name(u'annakarenina')
tester = model.User.by_name(u'tester')
model.add_user_to_role(tester, self.admin_role, anna)
self.context = unicode(model.Package.__name__)
ra1 = model.RoleAction(
role=self.admin_role,
context=self.context,
action=model.Action.EDIT,
)
ra2 = model.RoleAction(
role=self.editor_role,
context=self.context,
action=model.Action.EDIT,
)
ra3 = model.RoleAction(
role=self.reader_role,
context=self.context,
action=model.Action.READ,
)
for obj in [ra1, ra2, ra3]:
model.Session.add(obj)
model.repo.commit_and_remove()
mradmin = model.User.by_name(u'mradmin')
mreditor = model.User.by_name(u'mreditor')
mrreader = model.User.by_name(u'mrreader')
model.add_user_to_role(mradmin, self.admin_role, anna)
model.add_user_to_role(mreditor, self.editor_role, anna)
model.add_user_to_role(mrreader, self.reader_role, anna)
model.repo.commit_and_remove()
self.mradmin = model.User.by_name(u'mradmin')
self.mreditor = model.User.by_name(u'mreditor')
self.mrreader = model.User.by_name(u'mrreader')
self.war = model.Package.by_name(u'warandpeace')
self.anna = model.Package.by_name(u'annakarenina')
def _create_test_data(cls):
CreateTestData.create()
# Remove visitor and logged in roles
roles = []
q = model.Session.query(model.UserObjectRole).\
filter(model.UserObjectRole.user==model.User.by_name(u"visitor"))
roles.extend(q.all())
q = model.Session.query(model.UserObjectRole).\
filter(model.UserObjectRole.user==model.User.by_name(u"logged_in"))
roles.extend(q.all())
for role in roles:
model.Session.delete(role)
rev = model.repo.new_revision()
model.Session.add_all([
model.User(name=u'pkggroupadmin'),
model.User(name=u'site_reader'),
model.User(name=u'outcast'),
model.Package(name=cls.ENTITY_NAME),
model.Package(name=u'deleted'),
model.Group(name=cls.ENTITY_NAME),
model.Group(name=u'deleted'),
model.Tag(name=cls.ENTITY_NAME),
model.RoleAction(role=cls.TRUSTED_ROLE,
context=u'',
action=model.Action.SITE_READ),
model.RoleAction(role=cls.TRUSTED_ROLE,
context=u'',
action=model.Action.READ),
])
model.repo.commit_and_remove()
# testsysadmin is sysadmin
# annafan is package admin for annakarenina
rev = model.repo.new_revision()
site_reader = model.User.by_name(u'site_reader')
pkggroupadmin = model.User.by_name(u'pkggroupadmin')
pkg = model.Package.by_name(cls.ENTITY_NAME)
group = model.Group.by_name(cls.ENTITY_NAME)
tag = model.Tag.by_name(cls.ENTITY_NAME)
pkg.add_tag(tag)
model.add_user_to_role(site_reader, cls.TRUSTED_ROLE, model.System())
model.add_user_to_role(site_reader, cls.TRUSTED_ROLE, pkg)
model.add_user_to_role(site_reader, cls.TRUSTED_ROLE, group)
model.add_user_to_role(pkggroupadmin, model.Role.ADMIN, pkg)
model.add_user_to_role(pkggroupadmin, model.Role.ADMIN, group)
model.Package.by_name(u'deleted').delete()
model.Group.by_name(u'deleted').delete()
model.repo.commit_and_remove()
cls.testsysadmin = model.User.by_name(u'testsysadmin')
cls.pkggroupadmin = model.User.by_name(u'pkggroupadmin')
cls.site_reader = model.User.by_name(u'site_reader')
cls.outcast = model.User.by_name(u'outcast')
def _get_user_profile_from_profilemanager(self, userkey, env):
log.info('Creating user via profile manager, key %s', userkey)
uid = env["HTTP_SHIB_IDP_UID"]
inst = env["HTTP_SHIB_ORIGINAL_AUTHENTICATION_INSTANT"]
idp = env["HTTP_SHIB_ORIGINAL_IDENTITY_PROVIDER"]
headers = {
'Content-type': 'application/json',
'Shib-Authentication-Instant': inst,
'Shib-Original-Identity-Provider': idp,
'Shib-idp-uid': uid}
r = requests.get(self.pm_url, auth=(self.pm_user, self.pm_pw), headers=headers) # type: Response
if r.status_code != requests.codes.ok:
log.warning('Error received from the profile manager %s', r.status_code)
return None
uj = r.json()
owner = uj.get('owner')
fullname = owner.get('firstname') + ' ' + owner.get('lastname')
deleg = uj.get('delegations')[0]
email = deleg.get('email')
user = model.User(fullname=fullname,
email=email,
openid=userkey)
return user
def test_user_edit_existing_user_name(self):
# create user
username = '******'
about = u'Test About'
user = model.User.by_name(unicode(username))
if not user:
model.Session.add(model.User(name=unicode(username), about=about,
email=u'*****@*****.**',
password='******'))
model.repo.commit_and_remove()
user = model.User.by_name(unicode(username))
# edit
offset = url_for(controller='user', action='edit', id=user.id)
res = self.app.get(offset, status=200, extra_environ={'REMOTE_USER':username})
main_res = self.main_div(res)
assert 'Edit User: '******'user-edit']
fv['name'] = 'annafan'
# commit
res = fv.submit('save', extra_environ={'REMOTE_USER':username})
assert res.status == 200
main_res = self.main_div(res)
assert 'Name: That login name is not available' in main_res, main_res
def test_get_or_create_user(self):
import re
user_dict = {
EPPN_FIELD: u'*****@*****.**',
MAIL_FIELD: u'*****@*****.**',
FULLNAME_FIELD: 'New Foo Bar',
AUTH_FIELD: SHIBBOLETH
}
#username = re.sub('[.@]', '_', user_dict[MAIL_FIELD])
username = unicode(user_dict[FULLNAME_FIELD],
errors='ignore').lower().replace(' ', '_')
user = model.User(name=username,
fullname=user_dict[FULLNAME_FIELD],
email=user_dict[MAIL_FIELD],
openid=user_dict[EPPN_FIELD])
model.Session.add(user)
model.Session.commit()
user_2 = self.plugin._get_or_create_user(user_dict)
self.assertNotEqual(user_2, {})
self.assertEqual(user.id, user_2.id)
self.assertEqual(user.openid, user_2.openid)
self.assertEqual(user.fullname, user_2.fullname)
self.assertEqual(user.email, user_2.email)
self.assertEqual(user.name, user_2.name)
def _create_datasets(self):
model.User(name="pidtest", sysadmin=True).save()
organization = get_action('organization_create')({'user': '******'},
{'name': 'test-organization', 'title': "Test organization"})
data = copy.deepcopy(TEST_DATADICT)
data['owner_org'] = organization['name']
data['private'] = False
data['pids'] = [{'provider': u'http://helda.helsinki.fi/oai/request',
'id': u'some_primary_pid_1',
'type': u'primary'},
{'provider': u'http://helda.helsinki.fi/oai/request',
'id': u'some_metadata_pid_1',
'type': u'relation',
'relation': u'isMetadataFor'}]
package_1 = get_action('package_create')({'user': '******'}, data)
data['pids'] = [{'provider': u'http://helda.helsinki.fi/oai/request',
'id': u'some_data_pid_2',
'type': u'relation',
'relation': u'generalRelation'},
{'provider': u'http://helda.helsinki.fi/oai/request',
'id': u'some_part_pid_2',
'type': u'relation',
'relation': u'hasPart'}]
package_2 = get_action('package_create')({'user': '******'}, data)
return package_1['id'], package_2['id']
def _run_import(self, xml, job):
if not model.User.get('harvest'):
model.User(name='harvest', sysadmin=True).save()
if not model.Group.get('test'):
get_action('organization_create')({
'user': '******'
}, {
'name': 'test'
})
record = _get_record(xml)
metadata = CmdiReader()(record)
metadata['unified']['owner_org'] = "test"
harvest_object = HarvestObject()
harvest_object.content = json.dumps(metadata.getMap())
harvest_object.id = xml
harvest_object.guid = xml
harvest_object.source = job.source
harvest_object.harvest_source_id = None
harvest_object.job = job
harvest_object.save()
self.harvester.import_stage(harvest_object)
return harvest_object
def _create_sysadmin():
model.repo.new_revision()
sysadmin_user = model.User(name='sysadmin')
model.Session.add(sysadmin_user)
model.add_user_to_role(sysadmin_user, model.Role.ADMIN, model.System())
model.repo.commit_and_remove()
return 'sysadmin'
def add(self):
from ckan import model
if len(self.args) < 2:
print 'Need name of the user.'
return
username = self.args[1]
apikey = self.args[2] if len(self.args) > 2 else None
password = self.password_prompt()
user = model.User.by_name(unicode(username))
if user:
print 'User "%s" already found' % username
sys.exit(1)
print('Creating user: %r' % username)
user_params = {'name': unicode(username),
'password': password}
if apikey:
user_params['apikey'] = unicode(apikey)
user = model.User(**user_params)
model.Session.add(user)
model.repo.commit_and_remove()
user = model.User.by_name(unicode(username))
print user
def setup_class(self):
print ("")
self.oMetadataPlugin = metadataPlugin.MetadataPlugin()
# Make the Paste TestApp that we'll use to simulate HTTP requests to CKAN.
self.app = paste.fixture.TestApp(pylons.test.pylonsapp)
# Access CKAN's model directly (bad) to create a sysadmin user and save
# it against self for all test methods to access.
self.sysadmin_user = model.User(name='test_sysadmin', sysadmin=True)
model.Session.add(self.sysadmin_user)
model.Session.commit()
model.Session.remove()
#Create organization
organization = {'name': 'test_org',
'title': 'Africa - Maroc',
'description': 'Maroc in north Africa.'}
self.organization = tests.call_action_api(self.app, 'organization_create', apikey=self.sysadmin_user.apikey, **organization)
#Create Dataset and tied it to created org
dataset = {'name': 'test_org_dataset_mapsearch',
'title': 'Africa - Maroc: Beautiful country for tourist',
'owner_org': organization['name'],
'md_package': ""}
self.dataset = tests.call_action_api(self.app, 'package_create', apikey=self.sysadmin_user.apikey, **dataset)
#Create Resource and tied it to created dataset
resource = {'package_id': self.dataset['id'], 'url': 'http://teste.teste', 'md_resource': ""}
self.resource = tests.call_action_api(self.app, 'resource_create', apikey=self.sysadmin_user.apikey, **resource)
def test_edit_spammer(self):
# create user
username = '******'
about = u'Test About <a href="http://spamsite.net">spamsite</a>'
user = model.User.by_name(unicode(username))
if not user:
model.Session.add(
model.User(name=unicode(username),
about=about,
password='******'))
model.repo.commit_and_remove()
user = model.User.by_name(unicode(username))
# edit
offset = url_for(controller='user', action='edit', id=user.id)
res = self.app.get(offset,
status=200,
extra_environ={'REMOTE_USER': username})
main_res = self.main_div(res)
assert 'Edit User: '******'Test About <a href="http://spamsite.net">spamsite</a>' in main_res, main_res
fv = res.forms['user-edit']
# commit
res = fv.submit('save', extra_environ={'REMOTE_USER': username})
assert res.status == 200, res.status
main_res = self.main_div(res)
assert 'looks like spam' in main_res, main_res
assert 'Edit User: ' in main_res, main_res
def _create_user(self, name, fullname):
user = model.User(name=name,
email="*****@*****.**",
fullname=fullname)
model.Session.add(user)
model.Session.commit()
return user
def setup_class(cls):
search.clear_all()
model.Session.add_all([
model.User(name=u'sysadmin', apikey=u'sysadmin',
password=u'sysadmin', sysadmin=True),
])
model.Session.commit()
data_dict = '%s=1' % json.dumps({
'name': 'org',
})
res = cls.app.post('/api/action/organization_create',
extra_environ={'Authorization': 'sysadmin'},
params=data_dict)
cls.org_id = json.loads(res.body)['result']['id']
cls.package_ids = []
for i in range(0,12):
data_dict = '%s=1' % json.dumps({
'name': 'name{i}'.format(i=i),
'owner_org': 'org',
})
res = cls.app.post('/api/action/package_create',
extra_environ={'Authorization': 'sysadmin'},
params=data_dict)
cls.package_ids.append(json.loads(res.body)['result']['id'])
def user_json(self, user_data):
email = user_data['user'][self.profile_api_mail_field]
user_name = user_data['user'][self.profile_api_user_field]
# In CKAN can exists more than one user associated with the same email
# Some providers, like Google and FIWARE only allows one account per email
user = None
users = model.User.by_email(email)
if len(users) == 1:
user = users[0]
# If the user does not exist, we have to create it...
if user is None:
user = model.User(email=email)
# Now we update his/her user_name with the one provided by the OAuth2 service
# In the future, users will be obtained based on this field
user.name = user_name
# Update fullname
if self.profile_api_fullname_field != "" and self.profile_api_fullname_field in user_data:
user.fullname = user_data[self.profile_api_fullname_field]
# Update sysadmin status
if self.profile_api_groupmembership_field != "" and self.profile_api_groupmembership_field in user_data:
user.sysadmin = self.sysadmin_group_name in user_data[
self.profile_api_groupmembership_field]
return user
def test_top_package_owners(self):
cath = model.User(name=u'Cath')
bob = model.User(name=u'Bob')
jill = model.User(name=u'Jill')
nate = model.User(name=u'Nate')
model.Session.add_all((cath, bob, jill, nate))
model.repo.commit_and_remove()
cath = model.User.by_name(u'Cath')
bob = model.User.by_name(u'Bob')
jill = model.User.by_name(u'Jill')
nate = model.User.by_name(u'Nate')
# add some package admins
for pkg_name, user_names in {
u'gils': (u'Cath', u'Bob', u'Jill'),
u'us-gov-images': (u'Bob', u'Jill'),
u'usa-courts-gov': [u'Jill']
}.items():
for user_name in user_names:
user = model.User.by_name(user_name)
package = model.Package.by_name(pkg_name)
assert user, user_name
assert package, pkg_name
add_user_to_role(user, model.authz.Role.ADMIN, package)
# add some decoy packages with editors
user = model.User.by_name(u'Nate')
for pkg_name in (u'usa-courts-gov', u'se-opengov'):
package = model.Package.by_name(pkg_name)
assert package
add_user_to_role(user, model.authz.Role.EDITOR, package)
# add some decoy groups with admins
user = model.User.by_name(u'Nate')
for group_name in (u'penguin', u'ukgov'):
group = model.Group.by_name(group_name)
assert group, group_name
add_user_to_role(user, model.authz.Role.ADMIN, group)
model.Session.commit()
res = Stats().top_package_owners()
assert len(res) == 3, res
assert res[0] == (model.User.by_name(u'Jill'), 3), res[0]
assert res[1] == (model.User.by_name(u'Bob'), 2), res[1]
assert res[2] == (model.User.by_name(u'Cath'), 1), res[2]
def create_test_user(cls):
tester = model.User.by_name(u'tester')
if tester is None:
tester = model.User(name=u'tester', password=u'tester')
model.Session.add(tester)
model.Session.commit()
model.Session.remove()
cls.user_refs.append(u'tester')
def test_get_dataset_permanent_address(self):
data_dict = copy.deepcopy(TEST_DATADICT)
model.User(name="pidtest", sysadmin=True).save()
organization = get_action('organization_create')({'user': '******'},
{'name': 'test-organization', 'title': "Test organization"})
data_dict['owner_org'] = organization['name']
package = get_action('package_create')({'user': '******'}, data_dict)
self.assertTrue(helpers.get_dataset_permanent_address(package).startswith('http://urn.fi/urn:nbn:fi:csc-kata'))
def test_get_package_id_by_primary_pid(self):
model.User(name="pidtest", sysadmin=True).save()
data_dict = copy.deepcopy(TEST_DATADICT)
organization = get_action('organization_create')({'user': '******'},
{'name': 'test-organization', 'title': "Test organization"})
data_dict['owner_org'] = organization['name']
get_action('package_create')({'user': '******'}, data_dict)
assert utils.get_package_id_by_primary_pid(data_dict)
def setup_class(cls):
model.User(name="test_sysadmin", sysadmin=True).save()
cls.organization = get_action('organization_create')(
{
'user': '******'
}, {
'name': 'test-organization',
'title': "Test organization"
})
def test_2_already_signed_in(self):
user = model.User.by_name(u'62')
if not user:
user = model.User(
name=u'62',
fullname=u'testname',
about=u'Drupal auto-generated user',
)
model.Session.add(user)
model.repo.commit_and_remove()
user = model.User.by_name(u'62')
assert user
cookie_string = 'Cookie: __utma=217959684.178461911.1286034407.1286034407.1286178542.2; __utmz=217959684.1286178542.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=coi%%20london; DRXtrArgs=James+Gardner; DRXtrArgs2=3e174e7f1e1d3fab5ca138c0a023e13a; SESSa5724d5ecd49e5f48a23fcc56d17ee0c=4160a72a4d6831abec1ac57d7b5a59eb; auth_tkt="ab48fe!4160a72a4d6831abec1ac57d7b5a59eb";"'
assert DrupalAuthMiddleware._is_this_a_ckan_cookie(cookie_string)
app = MockApp()
app_conf = None
self.middleware = DrupalAuthMiddleware(app, app_conf)
# (the drupal client defaults to mock drupal instance)
# make request with the Drupal auth_tkt cookie
self.mock_auth_tkt = MockAuthTkt()
environ = {
'HTTP_COOKIE': cookie_string,
'SERVER_NAME': 'testserver.org',
'repoze.who.plugins': {
'dgu_auth_tkt': self.mock_auth_tkt
},
# inserted by auth_tkt on seeing the auth_tkt cookie:
'repoze.who.identity': {
'repoze.who.userid': 'user_d62',
'userdata': '4160a72a4d6831abec1ac57d7b5a59eb',
'timestamp': time.time(),
}
}
start_response = mock_start_response
self.res = self.middleware(environ, start_response)
# environ doesn't have Drupal user info this time
assert isinstance(self.res, MockApp)
assert_equal(len(self.res.calls), 1)
environ = self.res.calls[0][0]
# check the ckan user was created
user = model.User.by_name(u'62')
assert user
assert_equal(user.fullname, u'testname')
# response has no need for Set-Cookie instructions as cookie already
# there
start_response = self.res.calls[0][1]
status, headers, exc_info = (1, [], None)
res = start_response(status, headers, exc_info)
headers = res[1]
assert_equal(headers, [('Existing_header', 'existing_header_value;')])
# no need for auth_tkt to be told to remember the Drupal user info
assert_equal(len(self.mock_auth_tkt.remembered), 0)
def test_2_timestamp_new(self):
user = model.User()
openid = u'http://xyz.com'
user.name = openid
model.Session.add(user)
model.repo.commit_and_remove()
out = model.User.by_name(openid)
assert len(str(out.created)) > 5, out.created
def test_2_timestamp_new(self):
user = model.User()
name = u'xyz'
user.name = name
model.Session.add(user)
model.repo.commit_and_remove()
out = model.User.by_name(name)
assert len(str(out.created)) > 5, out.created
def setup_class(self):
# for the authorization editing tests we set up test data so:
# three users, sysadmin , administrator, and another
# one authzgroup, one group, one package
# and administrator is admin on all three
# one extra authzgroup, authzgroup2, with no permissions to start with
model.repo.init_db()
model.repo.new_revision()
self.sysadmin = 'sysadmin'
sysadmin_user = model.User(name=unicode(self.sysadmin))
self.admin = 'administrator'
admin_user = model.User(name=unicode(self.admin))
self.another = 'another'
another_user = model.User(name=unicode(self.another))
self.authzgroup = 'authzgroup'
authzgroup = model.AuthorizationGroup(name=unicode(self.authzgroup))
self.group = 'group'
group = model.Group(name=unicode(self.group))
self.authzgroup2 = 'authzgroup2'
authzgroup2 = model.AuthorizationGroup(name=unicode(self.authzgroup2))
for obj in sysadmin_user, admin_user, another_user, authzgroup, group, authzgroup2:
model.Session.add(obj)
model.add_user_to_role(sysadmin_user, model.Role.ADMIN, model.System())
model.repo.commit_and_remove()
model.repo.new_revision()
self.pkg = u'dataset'
pkg = model.Package(name=self.pkg)
model.Session.add(pkg)
admin_user = model.User.by_name(unicode(self.admin))
assert admin_user
# setup all three authorization objects to have logged in and visitor as editors, and the admin as admin
model.setup_user_roles(pkg, ['editor'], ['editor'], [admin_user])
model.setup_user_roles(authzgroup, ['editor'], ['editor'],
[admin_user])
model.setup_user_roles(group, ['editor'], ['editor'], [admin_user])
model.repo.commit_and_remove()
def setup_class(self):
CreateTestData.create()
model.repo.new_revision()
model.Session.add(model.Package(name=u'testpkg'))
model.Session.add(model.Package(name=u'testpkg2'))
model.Session.add(model.Package(name=u'private_pkg'))
model.Session.add(model.User(name=u'testadmin'))
# Cannot setup testsysadmin user as it is alreade done in
# the default test data.
#model.Session.add(model.User(name=u'testsysadmin'))
model.Session.add(model.User(name=u'notadmin'))
model.Session.add(model.Group(name=u'testgroup'))
model.Session.add(model.Group(name=u'testgroup2'))
model.repo.commit_and_remove()
model.repo.new_revision()
pkg = model.Package.by_name(u'testpkg')
pkg2 = model.Package.by_name(u'testpkg2')
private_pkg = model.Package.by_name(u'private_pkg')
pkg.add_relationship(u'depends_on', pkg2)
pkg.add_relationship(u'depends_on', private_pkg)
model.repo.commit_and_remove()
pkg = model.Package.by_name(u'testpkg')
grp = model.Group.by_name(u'testgroup')
admin = model.User.by_name(u'testadmin')
sysadmin = model.User.by_name(u'testsysadmin')
notadmin = model.User.by_name(u'notadmin')
model.add_user_to_role(admin, model.Role.ADMIN, pkg)
model.add_user_to_role(admin, model.Role.ADMIN, grp)
model.add_user_to_role(sysadmin, model.Role.ADMIN, model.System())
model.add_user_to_role(notadmin, model.Role.READER, pkg)
model.add_user_to_role(notadmin, model.Role.READER, pkg2)
model.repo.commit_and_remove()
self.authorizer = ckan.authz.Authorizer()
self.pkg = model.Package.by_name(u'testpkg')
self.pkg2 = model.Package.by_name(u'testpkg2')
self.private_pkg = model.Package.by_name(u'private_pkg')
self.grp = model.Group.by_name(u'testgroup')
self.grp2 = model.Group.by_name(u'testgroup2')
self.admin = model.User.by_name(u'testadmin')
self.sysadmin = model.User.by_name(u'testsysadmin')
self.notadmin = model.User.by_name(u'notadmin')
def _get_or_create_user(self, env):
#WSGI Variables
#Shib-Application-ID 'default'
#Shib-Authentication-Instant '2012-08-13T12:04:22.492Z'
#Shib-Authentication-Method 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
#Shib-AuthnContext-Class 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
#Shib-Identity-Provider 'https://idp.example.com/idp/shibboleth'
#Shib-Session-ID '_7ec5a681e6dbae627c1cefcc7cb4d56a'
#Shib-Session-Index '39dafd8477850f5e0b968e3561570197f2109948c1d374a7a2b4c9a7adbf8628'
#cn 'My Other Self'
#givenName 'My Other Self'
#mail '*****@*****.**'
eppn = env.get(self.eppn, None)
fullname = env.get(self.fullname, None)
email = env.get(self.mail, None)
if not eppn or not fullname:
log.debug(
'Environ does not contain eppn or cn attributes, user not loaded.'
)
return None
user = model.Session.query(model.User).autoflush(False) \
.filter_by(openid=eppn).first()
# Check if user information from shibboleth has changed
if user:
if (user.fullname != fullname or user.email != email):
log.debug('User attributes modified, updating.')
user.fullname = fullname
user.email = email
else: # user is None:
log.debug('User does not exists, creating new one.')
basename = unicode(fullname,
errors='ignore').lower().replace(' ', '_')
username = basename
suffix = 0
while not model.User.check_name_available(username):
suffix += 1
username = basename + str(suffix)
user = model.User(name=username,
fullname=fullname,
email=email,
openid=eppn)
model.Session.add(user)
model.Session.flush()
log.info('Created new user {usr}'.format(usr=fullname))
model.Session.commit()
model.Session.remove()
return user
def setup_class(self):
print ("")
# get config options
config = ConfigParser.RawConfigParser({
'ckan_web_map_service_url': '',
})
config.read(os.path.join(os.path.dirname(os.path.abspath(__file__)),
'tests_config.cfg'))
self.serviceUrl = config.get('tests', 'ckan_web_map_service_url')
if not self.serviceUrl:
raise Exception('You must provide WebMapServer URL to the tests '
' configuration file')
self.actions = ngdsClientAction
# Make the Paste TestApp that we'll use to simulate HTTP requests to CKAN.
self.app = paste.fixture.TestApp(pylons.test.pylonsapp)
# Access CKAN's model directly (bad) to create a sysadmin user and save
# it against self for all test methods to access.
self.sysadmin_user = model.User(name='test_sysadmin', sysadmin=True)
model.Session.add(self.sysadmin_user)
model.Session.commit()
model.Session.remove()
#Create organization
organization = {'name': 'test_org',
'title': 'Maroc',
'description': 'Roger likes these books.'}
resultOrg = tests.call_action_api(self.app, 'organization_create', apikey=self.sysadmin_user.apikey, **organization)
self.orgID = resultOrg['id']
#Create Dataset and tied it to created org
dataset = {'name': 'test_org_dataset',
'title': 'A Novel By Tolstoy',
'owner_org': organization['name']}
resultDataset = tests.call_action_api(self.app, 'package_create',
apikey=self.sysadmin_user.apikey,
**dataset)
self.datasetID = resultDataset['id']
#Create Resource and tied it to created dataset
resource = {'package_id': resultDataset['id'], 'url': self.serviceUrl}
resultResource = tests.call_action_api(self.app, 'resource_create',
apikey=self.sysadmin_user.apikey,
**resource)
#save resource id
self.resourceID = resultResource['id']
def identify(self, token):
try:
if self.legacy_idm:
profile_response = requests.get(self.profile_api_url + '?access_token=%s' % token['access_token'], verify=self.verify_https)
else:
oauth = OAuth2Session(self.client_id, token=token)
profile_response = oauth.get(self.profile_api_url, verify=self.verify_https)
except requests.exceptions.SSLError as e:
# TODO search a better way to detect invalid certificates
if "verify failed" in six.text_type(e):
raise InsecureTransportError()
else:
raise
# Token can be invalid
if not profile_response.ok:
error = profile_response.json()
if error.get('error', '') == 'invalid_token':
raise ValueError(error.get('error_description'))
else:
profile_response.raise_for_status()
else:
user_data = profile_response.json()
email = user_data[self.profile_api_mail_field]
user_name = user_data[self.profile_api_user_field]
# In CKAN can exists more than one user associated with the same email
# Some providers, like Google and FIWARE only allows one account per email
user = None
users = model.User.by_email(email)
if len(users) == 1:
user = users[0]
# If the user does not exist, we have to create it...
if user is None:
user = model.User(email=email)
# Now we update his/her user_name with the one provided by the OAuth2 service
# In the future, users will be obtained based on this field
user.name = user_name
# Update fullname
if self.profile_api_fullname_field != "" and self.profile_api_fullname_field in user_data:
user.fullname = user_data[self.profile_api_fullname_field]
# Update sysadmin status
if self.profile_api_groupmembership_field != "" and self.profile_api_groupmembership_field in user_data:
user.sysadmin = self.sysadmin_group_name in user_data[self.profile_api_groupmembership_field]
# Save the user in the database
model.Session.add(user)
model.Session.commit()
model.Session.remove()
return user.name
