def test_try_to_register_whilst_logged_in(self):
'''Login as user A and then (try to) register user B (without
logout). #1799.'''
# create user A
password = u'letmein'
CreateTestData.create_user(name=u'user_a_', password=password)
userA = model.User.by_name(u'user_a_')
# do the login
offset = url_for(controller='user', action='login')
res = self.app.get(offset)
fv = res.forms['login']
fv['login'] = '******'
fv['password'] = str(password)
res = fv.submit()
while res.status == 302:
res = res.follow()
assert_equal(res.status, 200)
# try to register
offset = url_for(controller='user', action='register')
res = self.app.get(offset)
assert not res.forms.has_key('Password') # i.e. no registration form
assert 'To register or log in as another user' in res.body, res.body
assert 'logout' in res.body, res.body
def test_request_reset_user_password_using_search(self):
CreateTestData.create_user(name='larry1', email='*****@*****.**')
offset = url_for(controller='user',
action='request_reset')
res = self.app.get(offset)
fv = res.forms['user-password-reset']
fv['user'] = '******'
res = fv.submit()
assert_equal(res.status, 302)
assert_equal(res.header_dict['Location'], 'http://localhost/')
CreateTestData.create_user(name='larry2', fullname='kittens')
res = self.app.get(offset)
fv = res.forms['user-password-reset']
fv['user'] = '******'
res = fv.submit()
assert '"kittens" matched several users' in res, res
assert 'larry1' not in res, res
assert 'larry2' not in res, res
res = self.app.get(offset)
fv = res.forms['user-password-reset']
fv['user'] = ''
res = fv.submit()
assert 'No such user:'******'user-password-reset']
fv['user'] = '******'
res = fv.submit()
assert 'No such user:' in res, res
def test_login_wrong_password(self):
# create test user
username = u'testloginwrong'
password = u'letmein'
CreateTestData.create_user(name=username,
password=password)
user = model.User.by_name(username)
# do the login
offset = url_for(controller='user', action='login')
res = self.app.get(offset)
fv = res.forms['login']
fv['login'] = username
fv['password'] = '******'
res = fv.submit()
# first get redirected to logged_in
assert_equal(res.status, 302)
assert res.header('Location').startswith('http://localhost/user/logged_in') or \
res.header('Location').startswith('/user/logged_in')
# then get redirected to login
res = res.follow()
assert_equal(res.status, 302)
assert res.header('Location').startswith('http://localhost/user/login') or \
res.header('Location').startswith('/user/login')
res = res.follow()
assert_equal(res.status, 200)
assert 'Login failed. Bad username or password.' in res.body
assert 'Login:' in res.body
def test_perform_reset_user_password_link_key_missing(self):
CreateTestData.create_user(name='jack', password='******')
user = model.User.by_name(u'jack')
offset = url_for(controller='user',
action='perform_reset',
id=user.id) # not, no key specified
res = self.app.get(offset, status=403) # error
def test_reset_user_password_link(self):
# Set password
CreateTestData.create_user(name='bob', email='*****@*****.**', password='******')
# Set password to something new
model.User.by_name(u'bob').password = '******'
model.repo.commit_and_remove()
test2_encoded = model.User.by_name(u'bob').password
assert test2_encoded != 'test2'
assert model.User.by_name(u'bob').password == test2_encoded
# Click link from reset password email
create_reset_key(model.User.by_name(u'bob'))
reset_password_link = get_reset_link(model.User.by_name(u'bob'))
offset = reset_password_link.replace('http://test.ckan.net', '')
print offset
res = self.app.get(offset)
# Reset password form
fv = res.forms['user-reset']
fv['password1'] = 'test1'
fv['password2'] = 'test1'
res = fv.submit('save', status=302)
# Check a new password is stored
assert model.User.by_name(u'bob').password != test2_encoded
def test_login_remembered(self):
# create test user
username = u'testlogin2'
password = u'letmein'
CreateTestData.create_user(name=username,
password=password)
user = model.User.by_name(username)
# do the login
offset = url_for(controller='user', action='login')
res = self.app.get(offset)
fv = res.forms['login']
fv['login'] = str(username)
fv['password'] = str(password)
fv['remember'] = True
res = fv.submit()
# check cookies set
cookies = self._get_cookie_headers(res)
assert cookies
# check cookie is remembered via Max-Age and Expires
# (both needed for cross-browser compatibility)
for cookie in cookies:
assert 'Max-Age=63072000;' in cookie, cookie
assert 'Expires=' in cookie, cookie
def test_login_remembered(self):
# create test user
username = u'testlogin2'
password = u'letmein'
CreateTestData.create_user(name=username, password=password)
identifiers = self._get_repoze_identifiers()
# do the login
offset = url_for(controller='user', action='login')
res = self.app.get(offset)
fv = res.forms['login']
fv['login'] = str(username)
fv['password'] = str(password)
fv['remember'] = True
res = fv.submit()
if 'auth_tkt' in identifiers:
# check cookies set
cookies = self._get_cookie_headers(res)
assert cookies
# check cookie is remembered via Max-Age and Expires
# (both needed for cross-browser compatibility)
for cookie in cookies:
assert 'Max-Age=63072000;' in cookie, cookie
assert 'Expires=' in cookie, cookie
elif 'use_beaker' in identifiers:
# remember check box ignored when using beaker
pass
else:
raise Exception('Unknown cookie identification type')
def test_try_to_register_whilst_logged_in(self):
"""Login as user A and then (try to) register user B (without
logout). #1799."""
# create user A
password = u"letmein"
CreateTestData.create_user(name=u"user_a_", password=password)
userA = model.User.by_name(u"user_a_")
# do the login
offset = url_for(controller="user", action="login")
res = self.app.get(offset)
fv = res.forms["login"]
fv["login"] = "******"
fv["password"] = str(password)
res = fv.submit()
while res.status == 302:
res = res.follow()
assert_equal(res.status, 200)
# try to register
offset = url_for(controller="user", action="register")
res = self.app.get(offset)
assert not res.forms.has_key("Password") # i.e. no registration form
assert "To register or log in as another user" in res.body, res.body
assert "logout" in res.body, res.body
def test_relogin(self):
"""Login as user A and then (try to) login as user B (without
logout). #1799."""
# create test users A & B
password = u"letmein"
CreateTestData.create_user(name=u"user_a", password=password)
CreateTestData.create_user(name=u"user_b", password=password)
userA = model.User.by_name(u"user_a")
userB = model.User.by_name(u"user_b")
# do the login
offset = url_for(controller="user", action="login")
res = self.app.get(offset)
fv = res.forms["login"]
fv["login"] = "******"
fv["password"] = str(password)
res = fv.submit()
while res.status == 302:
res = res.follow()
assert_equal(res.status, 200)
# login as userB
offset = url_for(controller="user", action="login")
res = self.app.get(offset)
assert not res.forms.has_key("login") # i.e. no login box is presented
assert "To register or log in as another user" in res.body, res.body
assert "logout" in res.body, res.body
def test_register_whilst_logged_in(self):
"""Start registration form as user B then in another window login
as user A, and then try and then submit form for user B. #1799."""
# create user A
password = u"letmein"
CreateTestData.create_user(name=u"user_a__", password=password)
userA = model.User.by_name(u"user_a__")
# make him a sysadmin, to ensure he is allowed to create a user
model.add_user_to_role(userA, model.Role.ADMIN, model.System())
model.repo.commit_and_remove()
userA = model.User.by_name(u"user_a__")
# start to register user B
offset = url_for(controller="user", action="register")
res = self.app.get(offset)
fvA = res.forms["user-edit"]
fvA["name"] = "user_b_"
fvA["fullname"] = "User B"
fvA["email"] = "*****@*****.**"
fvA["password1"] = password
fvA["password2"] = password
# login user A
offset = url_for(controller="user", action="login")
res = self.app.get(offset)
fvB = res.forms["login"]
fvB["login"] = "******"
fvB["password"] = str(password)
res = fvB.submit()
while res.status == 302:
res = res.follow()
assert_equal(res.status, 200)
# finish registration of user B
res = fvA.submit("save")
assert_equal(res.status, 200)
assert "user_a__</a> is currently logged in" in res.body, res.body
assert (
'User "user_b_" is now registered but you are still logged in as "user_a__" from before'.replace(
'"', """
)
in res.body
), res.body
assert "logout" in res.body, res.body
# logout and login as user B
res = self.app.get("/user/logout")
res2 = res.follow()
res2 = res2.follow()
assert "You have logged out successfully." in res2, res2
offset = url_for(controller="user", action="login")
res = self.app.get(offset)
fv = res.forms["login"]
fv["login"] = "******"
fv["password"] = str(password)
res = fv.submit()
while res.status == 302:
res = res.follow()
assert_equal(res.status, 200)
assert "User B is now logged in" in res.body, res.body
def test_reset_user_password_link(self):
# Set password
CreateTestData.create_user(name="bob", email="*****@*****.**", password="******")
# Set password to something new
model.User.by_name(u"bob").password = "******"
model.repo.commit_and_remove()
test2_encoded = model.User.by_name(u"bob").password
assert test2_encoded != "test2"
assert model.User.by_name(u"bob").password == test2_encoded
# Click link from reset password email
create_reset_key(model.User.by_name(u"bob"))
reset_password_link = get_reset_link(model.User.by_name(u"bob"))
offset = reset_password_link.replace("http://test.ckan.net", "")
res = self.app.get(offset)
# Reset password form
fv = res.forms["user-reset"]
fv["password1"] = "test1"
fv["password2"] = "test1"
res = fv.submit("save", status=302)
# Check a new password is stored
assert model.User.by_name(u"bob").password != test2_encoded
def test_request_reset_user_password_using_search(self):
CreateTestData.create_user(name="larry1", email="*****@*****.**")
offset = url_for(controller="user", action="request_reset")
res = self.app.get(offset)
fv = res.forms["user-password-reset"]
fv["user"] = "******"
res = fv.submit()
assert_equal(res.status, 302)
assert_equal(res.header_dict["Location"], "http://localhost/?__no_cache__=True")
CreateTestData.create_user(name="larry2", fullname="kittens")
res = self.app.get(offset)
fv = res.forms["user-password-reset"]
fv["user"] = "******"
res = fv.submit()
assert ""kittens" matched several users" in res, res
assert "larry1" not in res, res
assert "larry2" not in res, res
res = self.app.get(offset)
fv = res.forms["user-password-reset"]
fv["user"] = ""
res = fv.submit()
assert "No such user:"******"user-password-reset"]
fv["user"] = "******"
res = fv.submit()
assert "No such user:" in res, res
def test_relogin(self):
'''Login as user A and then (try to) login as user B (without
logout). #1799.'''
# create test users A & B
password = u'letmein'
CreateTestData.create_user(name=u'user_a',
password=password)
CreateTestData.create_user(name=u'user_b',
password=password)
userA = model.User.by_name(u'user_a')
userB = model.User.by_name(u'user_b')
# do the login
offset = url_for(controller='user', action='login')
res = self.app.get(offset)
fv = res.forms['login']
fv['login'] = '******'
fv['password'] = str(password)
res = fv.submit()
while res.status == 302:
res = res.follow()
assert_equal(res.status, 200)
# login as userB
offset = url_for(controller='user', action='login')
res = self.app.get(offset)
assert not res.forms.has_key('login') # i.e. no login box is presented
assert 'To register or log in as another user' in res.body, res.body
assert 'logout' in res.body, res.body
def test_perform_reset_user_password_link_key_missing(self):
CreateTestData.create_user(name='jack', password='******')
user = model.User.by_name(u'jack')
offset = url_for(controller='user',
action='perform_reset',
id=user.id) # not, no key specified
res = self.app.get(offset, status=403) # error
def test_login_remembered(self):
# create test user
username = u'testlogin2'
password = u'letmein'
CreateTestData.create_user(name=username,
password=password)
user = model.User.by_name(username)
# do the login
offset = url_for(controller='user', action='login')
res = self.app.get(offset)
fv = res.forms['login']
fv['login'] = str(username)
fv['password'] = str(password)
fv['remember'] = True
res = fv.submit()
# check cookies set
cookies = self._get_cookie_headers(res)
assert cookies
# check cookie is remembered via Max-Age and Expires
# (both needed for cross-browser compatibility)
for cookie in cookies:
assert 'Max-Age=63072000;' in cookie, cookie
assert 'Expires=' in cookie, cookie
def test_login_wrong_password(self):
# create test user
username = u'testloginwrong'
password = u'letmein'
CreateTestData.create_user(name=username,
password=password)
user = model.User.by_name(username)
# do the login
offset = url_for(controller='user', action='login')
res = self.app.get(offset)
fv = res.forms['login']
fv['login'] = username
fv['password'] = '******'
res = fv.submit()
# first get redirected to logged_in
assert_equal(res.status, 302)
assert res.header('Location').startswith('http://localhost/user/logged_in')
# then get redirected to login
res = res.follow()
assert_equal(res.status, 302)
assert res.header('Location').startswith('http://localhost/user/login')
res = res.follow()
assert_equal(res.status, 200)
assert 'Login failed. Bad username or password.' in res.body
assert 'Login:' in res.body
def test_try_to_register_whilst_logged_in(self):
'''Login as user A and then (try to) register user B (without
logout). #1799.'''
# create user A
password = u'letmein'
CreateTestData.create_user(name=u'user_a_',
password=password)
userA = model.User.by_name(u'user_a_')
# do the login
offset = url_for(controller='user', action='login')
res = self.app.get(offset)
fv = res.forms['login']
fv['login'] = '******'
fv['password'] = str(password)
res = fv.submit()
while res.status == 302:
res = res.follow()
assert_equal(res.status, 200)
# try to register
offset = url_for(controller='user', action='register')
res = self.app.get(offset)
assert not res.forms.has_key('Password') # i.e. no registration form
assert 'To register or log in as another user' in res.body, res.body
assert 'logout' in res.body, res.body
def test_request_reset_user_password_using_search(self):
CreateTestData.create_user(name='larry1', email='*****@*****.**')
offset = url_for(controller='user',
action='request_reset')
res = self.app.get(offset)
fv = res.forms['user-password-reset']
fv['user'] = '******'
res = fv.submit()
assert_equal(res.status, 302)
assert_equal(res.header_dict['Location'], 'http://localhost/')
CreateTestData.create_user(name='larry2', fullname='kittens')
res = self.app.get(offset)
fv = res.forms['user-password-reset']
fv['user'] = '******'
res = fv.submit()
assert '"kittens" matched several users' in res, res
assert 'larry1' not in res, res
assert 'larry2' not in res, res
res = self.app.get(offset)
fv = res.forms['user-password-reset']
fv['user'] = ''
res = fv.submit()
assert 'No such user:'******'user-password-reset']
fv['user'] = '******'
res = fv.submit()
assert 'No such user:' in res, res
def test_login_wrong_password(self):
# create test user
username = u"testloginwrong"
password = u"letmein"
CreateTestData.create_user(name=username, password=password)
user = model.User.by_name(username)
# do the login
offset = url_for(controller="user", action="login")
res = self.app.get(offset)
fv = res.forms["login"]
fv["login"] = username
fv["password"] = "******"
res = fv.submit()
# first get redirected to logged_in
assert_equal(res.status, 302)
assert res.header("Location").startswith("http://localhost/user/logged_in") or res.header(
"Location"
).startswith("/user/logged_in")
# then get redirected to login
res = res.follow()
assert_equal(res.status, 302)
assert res.header("Location").startswith("http://localhost/user/login") or res.header("Location").startswith(
"/user/login"
)
res = res.follow()
assert_equal(res.status, 200)
assert "Login failed. Bad username or password." in res.body
assert "Login:" in res.body
def test_reset_user_password_link(self):
# Set password
CreateTestData.create_user(name='bob', email='*****@*****.**', password='******')
# Set password to something new
model.User.by_name(u'bob').password = '******'
model.repo.commit_and_remove()
test2_encoded = model.User.by_name(u'bob').password
assert test2_encoded != 'test2'
assert model.User.by_name(u'bob').password == test2_encoded
# Click link from reset password email
create_reset_key(model.User.by_name(u'bob'))
reset_password_link = get_reset_link(model.User.by_name(u'bob'))
offset = reset_password_link.replace('http://test.ckan.net', '')
print offset
res = self.app.get(offset)
# Reset password form
fv = res.forms['user-reset']
fv['password1'] = 'test1'
fv['password2'] = 'test1'
res = fv.submit('save', status=302)
# Check a new password is stored
assert model.User.by_name(u'bob').password != test2_encoded
def test_relogin(self):
'''Login as user A and then (try to) login as user B (without
logout). #1799.'''
# create test users A & B
password = u'letmein'
CreateTestData.create_user(name=u'user_a', password=password)
CreateTestData.create_user(name=u'user_b', password=password)
userA = model.User.by_name(u'user_a')
userB = model.User.by_name(u'user_b')
# do the login
offset = url_for(controller='user', action='login')
res = self.app.get(offset)
fv = res.forms['login']
fv['login'] = '******'
fv['password'] = str(password)
res = fv.submit()
while res.status == 302:
res = res.follow()
assert_equal(res.status, 200)
# login as userB
offset = url_for(controller='user', action='login')
res = self.app.get(offset)
assert not res.forms.has_key('login') # i.e. no login box is presented
assert 'To register or log in as another user' in res.body, res.body
assert 'logout' in res.body, res.body
def test_register_whilst_logged_in(self):
'''Start registration form as user B then in another window login
as user A, and then try and then submit form for user B. #1799.'''
# create user A
password = u'letmein'
CreateTestData.create_user(name=u'user_a__',
password=password)
userA = model.User.by_name(u'user_a__')
# make him a sysadmin, to ensure he is allowed to create a user
model.add_user_to_role(userA, model.Role.ADMIN, model.System())
model.repo.commit_and_remove()
userA = model.User.by_name(u'user_a__')
# start to register user B
offset = url_for(controller='user', action='register')
res = self.app.get(offset)
fvA = res.forms['user-edit']
fvA['name'] = 'user_b_'
fvA['fullname'] = 'User B'
fvA['email'] = '*****@*****.**'
fvA['password1'] = password
fvA['password2'] = password
# login user A
offset = url_for(controller='user', action='login')
res = self.app.get(offset)
fvB = res.forms['login']
fvB['login'] = '******'
fvB['password'] = str(password)
res = fvB.submit()
while res.status == 302:
res = res.follow()
assert_equal(res.status, 200)
# finish registration of user B
res = fvA.submit('save')
assert_equal(res.status, 200)
assert 'user_a__</a> is currently logged in' in res.body, res.body
assert 'User "user_b_" is now registered but you are still logged in as "user_a__" from before'.replace('"', '"') in res.body, res.body
assert 'logout' in res.body, res.body
# logout and login as user B
res = self.app.get('/user/_logout')
res2 = res.follow()
while res2.status == 302:
res2 = res2.follow()
assert 'You have logged out successfully.' in res2, res2
offset = url_for(controller='user', action='login')
res = self.app.get(offset)
fv = res.forms['login']
fv['login'] = '******'
fv['password'] = str(password)
res = fv.submit()
while res.status == 302:
res = res.follow()
assert_equal(res.status, 200)
assert 'User B is now logged in' in res.body, res.body
def create_packages(cls):
CreateTestData.create_user('tester', about='A tester', password='******')
for dtype, packages in cls.packages.items():
for source_lang, langs, name, pkg in packages:
ctx = make_api_context('tester')
pkg_result = create_action(ctx, pkg)
pkg['id'] = pkg_result['id']
pkg[dtype]['identifier'] = pkg_result[dtype].identifier
return
def test_register_whilst_logged_in(self):
'''Start registration form as user B then in another window login
as user A, and then try and then submit form for user B. #1799.'''
# create user A
password = u'letmein'
CreateTestData.create_user(name=u'user_a__', password=password)
userA = model.User.by_name(u'user_a__')
# make him a sysadmin, to ensure he is allowed to create a user
model.add_user_to_role(userA, model.Role.ADMIN, model.System())
model.repo.commit_and_remove()
userA = model.User.by_name(u'user_a__')
# start to register user B
offset = url_for(controller='user', action='register')
res = self.app.get(offset)
fvA = res.forms['user-edit']
fvA['name'] = 'user_b_'
fvA['fullname'] = 'User B'
fvA['email'] = '*****@*****.**'
fvA['password1'] = password
fvA['password2'] = password
# login user A
offset = url_for(controller='user', action='login')
res = self.app.get(offset)
fvB = res.forms['login']
fvB['login'] = '******'
fvB['password'] = str(password)
res = fvB.submit()
while res.status == 302:
res = res.follow()
assert_equal(res.status, 200)
# finish registration of user B
res = fvA.submit('save')
assert_equal(res.status, 200)
assert 'user_a__</a> is currently logged in' in res.body, res.body
assert 'User "user_b_" is now registered but you are still logged in as "user_a__" from before'.replace(
'"', '"') in res.body, res.body
assert 'logout' in res.body, res.body
# logout and login as user B
res = self.app.get('/user/_logout')
res2 = res.follow()
while res2.status == 302:
res2 = res2.follow()
assert 'You have logged out successfully.' in res2, res2
offset = url_for(controller='user', action='login')
res = self.app.get(offset)
fv = res.forms['login']
fv['login'] = '******'
fv['password'] = str(password)
res = fv.submit()
while res.status == 302:
res = res.follow()
assert_equal(res.status, 200)
assert 'User B is now logged in' in res.body, res.body
def test_perform_reset_user_password_link_key_incorrect(self):
CreateTestData.create_user(name='jack', password='******')
# Make up a key - i.e. trying to hack this
user = model.User.by_name(u'jack')
offset = url_for(controller='user',
action='perform_reset',
id=user.id,
key='randomness') # i.e. incorrect
res = self.app.get(offset, status=403) # error
def test_perform_reset_user_password_link_key_incorrect(self):
CreateTestData.create_user(name='jack', password='******')
# Make up a key - i.e. trying to hack this
user = model.User.by_name(u'jack')
offset = url_for(controller='user',
action='perform_reset',
id=user.id,
key='randomness') # i.e. incorrect
res = self.app.get(offset, status=403) # error
def create_packages(cls):
CreateTestData.create_user('tester',
about='A tester',
password='******')
for dtype, packages in cls.packages.items():
for source_lang, langs, name, pkg in packages:
ctx = make_api_context('tester')
pkg_result = create_action(ctx, pkg)
pkg['id'] = pkg_result['id']
pkg[dtype]['identifier'] = pkg_result[dtype].identifier
return
def test_login(self):
# create test user
username = u'testlogin'
password = u'letmein'
CreateTestData.create_user(name=username,
password=password)
user = model.User.by_name(username)
# do the login
offset = url_for(controller='user', action='login')
res = self.app.get(offset)
fv = res.forms['login']
fv['login'] = str(username)
fv['password'] = str(password)
fv['remember'] = False
res = fv.submit()
# check cookies set
cookies = self._get_cookie_headers(res)
assert cookies
for cookie in cookies:
assert not 'max-age' in cookie.lower(), cookie
# first get redirected to user/logged_in
assert_equal(res.status, 302)
assert res.header('Location').startswith('http://localhost/user/logged_in') or \
res.header('Location').startswith('/user/logged_in')
# then get redirected to user page
res = res.follow()
assert_equal(res.status, 302)
assert res.header('Location').startswith('http://localhost/user/testlogin') or \
res.header('Location').startswith('/user/testlogin')
res = res.follow()
assert_equal(res.status, 200)
assert 'testlogin is now logged in' in res.body
assert 'checkpoint:is-myself' in res.body
# check user object created
user = model.User.by_name(username)
assert user
assert_equal(user.name, username)
assert len(user.apikey) == 36
# check cookie created
cookie = res.request.environ['HTTP_COOKIE']
assert 'auth_tkt=' in cookie, cookie
assert 'testlogin!userid_type:unicode' in cookie, cookie
# navigate to another page and check username still displayed
print res.body
res = res.click('Search')
print res
assert 'testlogin' in res.body, res.body
def setup_class(cls):
# Note Testing package-scoped translation requires some existing datasets
CreateTestData.create_user('tester', about='A tester', password='******')
for pkg_name, pkg in cls.packages.items():
ctx = make_api_context('tester')
pkg_result = create_action(ctx, pkg)
pkg.update({'id': pkg_result['id']})
return
def test_login(self):
# create test user
username = u"testlogin"
password = u"letmein"
CreateTestData.create_user(name=username, password=password)
user = model.User.by_name(username)
# do the login
offset = url_for(controller="user", action="login")
res = self.app.get(offset)
fv = res.forms["login"]
fv["login"] = str(username)
fv["password"] = str(password)
fv["remember"] = False
res = fv.submit()
# check cookies set
cookies = self._get_cookie_headers(res)
assert cookies
for cookie in cookies:
assert not "max-age" in cookie.lower(), cookie
# first get redirected to user/logged_in
assert_equal(res.status, 302)
assert res.header("Location").startswith("http://localhost/user/logged_in") or res.header(
"Location"
).startswith("/user/logged_in")
# then get redirected to user's dashboard
res = res.follow()
assert_equal(res.status, 302)
assert res.header("Location").startswith("http://localhost/dashboard") or res.header("Location").startswith(
"/dashboard"
)
res = res.follow()
assert_equal(res.status, 200)
assert "testlogin is now logged in" in res.body
assert "checkpoint:my-dashboard" in res.body
# check user object created
user = model.User.by_name(username)
assert user
assert_equal(user.name, username)
assert len(user.apikey) == 36
# check cookie created
cookie = res.request.environ["HTTP_COOKIE"]
assert "auth_tkt=" in cookie, cookie
assert "testlogin!userid_type:unicode" in cookie, cookie
# navigate to another page and check username still displayed
res = res.click("Search")
assert "testlogin" in res.body, res.body
def test_login(self):
# create test user
username = u'testlogin'
password = u'letmein'
CreateTestData.create_user(name=username, password=password)
user = model.User.by_name(username)
# do the login
offset = url_for(controller='user', action='login')
res = self.app.get(offset)
fv = res.forms['login']
fv['login'] = str(username)
fv['password'] = str(password)
fv['remember'] = False
res = fv.submit()
# check cookies set
cookies = self._get_cookie_headers(res)
assert cookies
for cookie in cookies:
assert not 'max-age' in cookie.lower(), cookie
# first get redirected to user/logged_in
assert_equal(res.status, 302)
assert res.header('Location').startswith('http://localhost/user/logged_in') or \
res.header('Location').startswith('/user/logged_in')
# then get redirected to user page
res = res.follow()
assert_equal(res.status, 302)
assert res.header('Location').startswith('http://localhost/user/testlogin') or \
res.header('Location').startswith('/user/testlogin')
res = res.follow()
assert_equal(res.status, 200)
assert 'testlogin is now logged in' in res.body
assert 'checkpoint:is-myself' in res.body
# check user object created
user = model.User.by_name(username)
assert user
assert_equal(user.name, username)
assert len(user.apikey) == 36
# check cookie created
cookie = res.request.environ['HTTP_COOKIE']
assert 'auth_tkt=' in cookie, cookie
assert 'testlogin!userid_type:unicode' in cookie, cookie
# navigate to another page and check username still displayed
print res.body
res = res.click('Search')
print res
assert 'testlogin' in res.body, res.body
def test_login(self):
# create test user
username = u'testlogin'
password = u'letmein'
CreateTestData.create_user(name=username,
password=password)
user = model.User.by_name(username)
# do the login
offset = url_for(controller='user', action='login')
res = self.app.get(offset)
fv = res.forms['login']
fv['login'] = str(username)
fv['password'] = str(password)
res = fv.submit()
# check cookies set
cookies = self._get_cookie_headers(res)
assert cookies
# first get redirected to user/logged_in
assert_equal(res.status, 302)
assert res.header('Location').startswith('http://localhost/user/logged_in') or \
res.header('Location').startswith('/user/logged_in')
# then get redirected to user page
res = res.follow()
assert_equal(res.status, 302)
assert res.header('Location') in ('http://localhost/user/testlogin',
'/user/testlogin')
res = res.follow()
assert_equal(res.status, 200)
assert 'testlogin is now logged in' in res.body
assert 'My Account' in res.body
# check user object created
user = model.User.by_name(username)
assert user
assert_equal(user.name, username)
assert len(user.apikey) == 36
# check cookie created
cookie = res.request.environ['HTTP_COOKIE']
# I think some versions of webob do not produce quotes, hence the 'or'
assert 'ckan_display_name="testlogin"' in cookie or \
'ckan_display_name=testlogin' in cookie, cookie
assert 'auth_tkt=' in cookie, cookie
assert 'testlogin!userid_type:unicode' in cookie, cookie
# navigate to another page and check username still displayed
res = res.click('Search')
assert 'testlogin' in res.body, res.body
def test_login(self):
# create test user
username = u'testlogin'
password = u'letmein'
CreateTestData.create_user(name=username,
password=password)
user = model.User.by_name(username)
# do the login
offset = url_for(controller='user', action='login')
res = self.app.get(offset)
fv = res.forms['login']
fv['login'] = str(username)
fv['password'] = str(password)
res = fv.submit()
# check cookies set
cookies = self._get_cookie_headers(res)
assert cookies
# first get redirected to user/logged_in
assert_equal(res.status, 302)
assert res.header('Location').startswith('http://localhost/user/logged_in')
# then get redirected to user page
res = res.follow()
assert_equal(res.status, 302)
assert_equal(res.header('Location'), 'http://localhost/user/testlogin')
res = res.follow()
assert_equal(res.status, 200)
assert 'testlogin is now logged in' in res.body
assert 'My Account' in res.body
# check user object created
user = model.User.by_name(username)
assert user
assert_equal(user.name, username)
assert len(user.apikey) == 36
# check cookie created
cookie = res.request.environ['HTTP_COOKIE']
# I think some versions of webob do not produce quotes, hence the 'or'
assert 'ckan_display_name="testlogin"' in cookie or \
'ckan_display_name=testlogin' in cookie, cookie
assert 'auth_tkt=' in cookie, cookie
assert 'testlogin!userid_type:unicode' in cookie, cookie
# navigate to another page and check username still displayed
res = res.click('Search')
assert 'testlogin' in res.body, res.body
def setup_class(cls):
smtp_server = config.get('test_smtp_server')
if smtp_server:
host, port = smtp_server.split(':')
port = int(port) + int(
str(hashlib.md5(cls.__name__).hexdigest())[0], 16)
config['test_smtp_server'] = '%s:%s' % (host, port)
PylonsTestCase.setup_class()
SmtpServerHarness.setup_class()
CreateTestData.create()
# make 3 changes, authored by annafan
for i in range(3):
rev = model.repo.new_revision()
pkg = model.Package.by_name(u'annakarenina')
pkg.notes = u'Changed notes %i' % i
rev.author = u'annafan'
model.repo.commit_and_remove()
CreateTestData.create_user('unfinisher',
about='<a href="http://unfinished.tag')
CreateTestData.create_user('uncloser',
about='<a href="http://unclosed.tag">')
CreateTestData.create_user(
'spammer',
about=
u'<a href="http://mysite">mysite</a> <a href=\u201dhttp://test2\u201d>test2</a>'
)
CreateTestData.create_user(
'spammer2',
about=
u'<a href="http://spamsite1.com\u201d>spamsite1</a>\r\n<a href="http://www.spamsite2.com\u201d>spamsite2</a>\r\n'
)
def setup_class(self):
CreateTestData.create()
# make 3 changes, authored by annafan
for i in range(3):
rev = model.repo.new_revision()
pkg = model.Package.by_name(u'annakarenina')
pkg.notes = u'Changed notes %i' % i
rev.author = u'annafan'
model.repo.commit_and_remove()
CreateTestData.create_user('unfinisher',
about='<a href="http://unfinished.tag')
CreateTestData.create_user('uncloser',
about='<a href="http://unclosed.tag">')
CreateTestData.create_user(
'spammer',
about=
u'<a href="http://mysite">mysite</a> <a href=\u201dhttp://test2\u201d>test2</a>'
)
CreateTestData.create_user(
'spammer2',
about=
u'<a href="http://spamsite1.com\u201d>spamsite1</a>\r\n<a href="http://www.spamsite2.com\u201d>spamsite2</a>\r\n'
)
def setup_class(self):
username = u'testlogin2'
password = u'letmein'
CreateTestData.create_user(name=username,
password=password)
# do the login
offset = url_for(controller='user', action='login')
res = self.app.get(offset)
fv = res.forms['login']
fv['login'] = str(username)
fv['password'] = str(password)
fv['remember'] = True
res = fv.submit()
setup()
def setup_class(cls):
smtp_server = config.get("test_smtp_server")
if smtp_server:
host, port = smtp_server.split(":")
port = int(port) + int(str(hashlib.md5(cls.__name__).hexdigest())[0], 16)
config["test_smtp_server"] = "%s:%s" % (host, port)
PylonsTestCase.setup_class()
SmtpServerHarness.setup_class()
CreateTestData.create()
# make 3 changes, authored by annafan
for i in range(3):
rev = model.repo.new_revision()
pkg = model.Package.by_name(u"annakarenina")
pkg.notes = u"Changed notes %i" % i
rev.author = u"annafan"
model.repo.commit_and_remove()
CreateTestData.create_user("unfinisher", about='<a href="http://unfinished.tag')
CreateTestData.create_user("uncloser", about='<a href="http://unclosed.tag">')
CreateTestData.create_user(
"spammer", about=u'<a href="http://mysite">mysite</a> <a href=\u201dhttp://test2\u201d>test2</a>'
)
CreateTestData.create_user(
"spammer2",
about=u'<a href="http://spamsite1.com\u201d>spamsite1</a>\r\n<a href="http://www.spamsite2.com\u201d>spamsite2</a>\r\n',
)
def test_login(self):
# create test user
username = u"testlogin"
password = u"letmein"
CreateTestData.create_user(name=username, password=password)
user = model.User.by_name(username)
# do the login
offset = url_for(controller="user", action="login")
res = self.app.get(offset)
fv = res.forms["login"]
fv["login"] = str(username)
fv["password"] = str(password)
res = fv.submit()
# check cookies set
cookies = self._get_cookie_headers(res)
assert cookies
# first get redirected to user/logged_in
assert_equal(res.status, 302)
assert res.header("Location").startswith("http://localhost/user/logged_in") or res.header(
"Location"
).startswith("/user/logged_in")
# then get redirected to user page
res = res.follow()
assert_equal(res.status, 302)
assert res.header("Location") in ("http://localhost/user/testlogin", "/user/testlogin")
res = res.follow()
assert_equal(res.status, 200)
assert "testlogin is now logged in" in res.body
assert "My Account" in res.body
# check user object created
user = model.User.by_name(username)
assert user
assert_equal(user.name, username)
assert len(user.apikey) == 36
# check cookie created
cookie = res.request.environ["HTTP_COOKIE"]
# I think some versions of webob do not produce quotes, hence the 'or'
assert 'ckan_display_name="testlogin"' in cookie or "ckan_display_name=testlogin" in cookie, cookie
assert "auth_tkt=" in cookie, cookie
assert "testlogin!userid_type:unicode" in cookie, cookie
# navigate to another page and check username still displayed
res = res.click("Search")
assert "testlogin" in res.body, res.body
def setup_class(cls):
logging.basicConfig(level=logging.INFO)
CreateTestData.create_user('tester', about='A tester', password='******')
CreateTestData.create_groups([
{
'name': cls.owner_org['name'],
'title': cls.owner_org['title'],
'description': cls.owner_org['description'],
'type': 'organization',
'is_organization': True,
}], admin_user_name='tester')
cls.extra_environ = {'REMOTE_USER': '******'}
return
def setup_class(cls):
CreateTestData.create_user('tester',
about='A tester',
password='******')
CreateTestData.create_groups([{
'name': 'acme',
'title': u'Acme',
'description': u'A fictional organization',
'type': 'organization',
'is_organization': True,
}],
admin_user_name='tester')
cls.find_translatable_fields()
cls.default_lang = pylons.config['ckan.locale_default']
def test_user_delete_redirects_to_user_index(self):
user = CreateTestData.create_user("a_user")
url = url_for(controller="user", action="delete", id=user.id)
extra_environ = {"REMOTE_USER": "******"}
redirect_url = url_for(controller="user", action="index", qualified=True)
res = self.app.get(url, status=302, extra_environ=extra_environ)
assert user.is_deleted(), user
assert res.header("Location").startswith(redirect_url), res.header("Location")
def test_user_delete_redirects_to_user_index(self):
user = CreateTestData.create_user('a_user')
url = url_for(controller='user', action='delete', id=user.id)
extra_environ = {'REMOTE_USER': '******'}
redirect_url = url_for(controller='user', action='index',
qualified=True)
res = self.app.get(url, status=302, extra_environ=extra_environ)
assert user.is_deleted(), user
assert res.header('Location').startswith(redirect_url), res.header('Location')
def setup_class(cls):
logging.basicConfig(level=logging.INFO)
CreateTestData.create_user('tester',
about='A tester',
password='******')
CreateTestData.create_groups(
[{
'name': cls.owner_org['name'],
'title': cls.owner_org['title'],
'description': cls.owner_org['description'],
'type': 'organization',
'is_organization': True,
}],
admin_user_name='tester')
cls.extra_environ = {'REMOTE_USER': '******'}
return
def test_user_delete_redirects_to_user_index(self):
user = CreateTestData.create_user('a_user')
url = url_for(controller='user', action='delete', id=user.id)
extra_environ = {'REMOTE_USER': '******'}
redirect_url = url_for(controller='user', action='index',
qualified=True)
res = self.app.get(url, status=302, extra_environ=extra_environ)
assert user.is_deleted(), user
assert res.header('Location').startswith(redirect_url), res.header('Location')
def test_perform_reset_doesnt_activate_deleted_user(self):
password = "******"
params = {"password1": password, "password2": password}
user = CreateTestData.create_user(name="deleted_user", email="*****@*****.**")
user.delete()
create_reset_key(user)
assert user.is_deleted(), user.state
offset = url_for(controller="user", action="perform_reset", id=user.id, key=user.reset_key)
res = self.app.post(offset, params=params, status=302)
user = model.User.get(user.id)
assert user.is_deleted(), user
def setup_class(self):
CreateTestData.create()
# make 3 changes, authored by annafan
for i in range(3):
rev = model.repo.new_revision()
pkg = model.Package.by_name(u'annakarenina')
pkg.notes = u'Changed notes %i' % i
rev.author = u'annafan'
model.repo.commit_and_remove()
CreateTestData.create_user('unfinisher', about='<a href="http://unfinished.tag')
CreateTestData.create_user('uncloser', about='<a href="http://unclosed.tag">')
CreateTestData.create_user('spammer', about=u'<a href="http://mysite">mysite</a> <a href=\u201dhttp://test2\u201d>test2</a>')
CreateTestData.create_user('spammer2', about=u'<a href="http://spamsite1.com\u201d>spamsite1</a>\r\n<a href="http://www.spamsite2.com\u201d>spamsite2</a>\r\n')
def test_request_reset_user_password_using_search(self):
offset = url_for(controller="user", action="request_reset")
CreateTestData.create_user(name="larry1", fullname="kittens")
CreateTestData.create_user(name="larry2", fullname="kittens")
res = self.app.get(offset)
fv = res.forms["user-password-reset"]
fv["user"] = "******"
res = fv.submit()
assert ""kittens" matched several users" in res, res
assert "larry1" not in res, res
assert "larry2" not in res, res
res = self.app.get(offset)
fv = res.forms["user-password-reset"]
fv["user"] = ""
res = fv.submit()
assert "No such user:"******"user-password-reset"]
fv["user"] = "******"
res = fv.submit()
assert "No such user:" in res, res
def test_request_reset_user_password_using_search(self):
offset = url_for(controller='user', action='request_reset')
CreateTestData.create_user(name='larry1', fullname='kittens')
CreateTestData.create_user(name='larry2', fullname='kittens')
res = self.app.get(offset)
fv = res.forms['user-password-reset']
fv['user'] = '******'
res = fv.submit()
assert '"kittens" matched several users' in res, res
assert 'larry1' not in res, res
assert 'larry2' not in res, res
res = self.app.get(offset)
fv = res.forms['user-password-reset']
fv['user'] = ''
res = fv.submit()
assert 'No such user:'******'user-password-reset']
fv['user'] = '******'
res = fv.submit()
assert 'No such user:' in res, res
def test_login_remembered(self):
# create test user
username = u"testlogin2"
password = u"letmein"
CreateTestData.create_user(name=username, password=password)
user = model.User.by_name(username)
# do the login
offset = url_for(controller="user", action="login")
res = self.app.get(offset)
fv = res.forms["login"]
fv["login"] = str(username)
fv["password"] = str(password)
fv["remember"] = True
res = fv.submit()
# check cookies set
cookies = self._get_cookie_headers(res)
assert cookies
# check cookie is remembered via Max-Age and Expires
# (both needed for cross-browser compatibility)
for cookie in cookies:
assert "Max-Age=63072000;" in cookie, cookie
assert "Expires=" in cookie, cookie
def test_perform_reset_doesnt_activate_deleted_user(self):
password = '******'
params = {'password1': password, 'password2': password}
user = CreateTestData.create_user(name='deleted_user',
email='*****@*****.**')
user.delete()
create_reset_key(user)
assert user.is_deleted(), user.state
offset = url_for(controller='user',
action='perform_reset',
id=user.id,
key=user.reset_key)
res = self.app.post(offset, params=params, status=302)
user = model.User.get(user.id)
assert user.is_deleted(), user
def setup_class(cls):
CreateTestData.create_user('tester',
about='A tester',
password='******')
return
