def admin_users_add():
user = User()
user.id = ''
user.firstname = ''
user.lastname = ''
user.email = ''
return render_admin('user.html', user=user)
def test_user_password(self, testapp):
""" Test password hashing and checking """
admin = User(username="******", password="******")
assert admin.username == 'admin'
assert admin.check_password('supersafepassword')
def testapp(request):
app = create_app('impression.settings.TestConfig')
client = app.test_client()
db.app = app
db.create_all()
if getattr(request.module, "create_user", True):
admin = User(username="******", password="******")
admin.insert()
my_role = Role(name='admin')
my_role.insert()
admin.add_roles('admin')
non_admin = User(username="******", password="******")
non_admin.insert()
safe_commit()
def teardown():
db.session.remove()
db.drop_all()
request.addfinalizer(teardown)
return client
def sample_data():
"""
Creates a set of sample data
"""
from impression.models import Role
user = User(username="******", password="******")
my_role = Role(name='admin')
my_role.add_abilities('create_users', 'delete_users')
user.add_roles('admin', 'superadmin')
db.session.add(user)
db.session.add(my_role)
db.session.commit()
def test_user_update(self):
api_key = self.s.sign(self.api_key.name)
'''
UPDATE
'''
post_data = {
'name': 'New Person',
'email': '*****@*****.**',
'password': '******',
'id': self.user.id
}
# Try to update the user with no API key
rv = self.app.post('/user_update', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertFalse(data['success'])
# update the user. This should work fine.
post_data['api_key'] = api_key
rv = self.app.post('/user_update', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertTrue(data['success'])
self.assertTrue(data['user'])
self.assertIsNotNone(data['messages'])
self.assertEquals(data['messages'][0], 'The user was updated.')
# Make sure that we can grab the user from the DB.
user = User.get(self.user.id)
self.assertIsNotNone(user)
self.assertEquals(data['user']['name'], 'New Person')
self.assertEquals(user.name, 'New Person')
self.assertTrue(check_password_hash(user.password, 'newperson123'))
def test_user_update(self):
api_key = self.s.sign(self.api_key.name)
'''
UPDATE
'''
post_data = {
'name': 'New Person',
'email': '*****@*****.**',
'password': '******',
'id': self.user.id
}
# Try to update the user with no API key
rv = self.app.post('/user_update', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertFalse(data['success'])
# update the user. This should work fine.
post_data['api_key'] = api_key
rv = self.app.post('/user_update', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertTrue(data['success'])
self.assertTrue(data['user'])
self.assertIsNotNone(data['messages'])
self.assertEquals(data['messages'][0], 'The user was updated.')
# Make sure that we can grab the user from the DB.
user = User.get(self.user.id)
self.assertIsNotNone(user)
self.assertEquals(data['user']['name'], 'New Person')
self.assertEquals(user.name, 'New Person')
self.assertTrue(check_password_hash(user.password, 'newperson123'))
def create_user():
return_value = success('The user was created.')
payload = get_payload(request)
user = User(username=payload.get('email'), password=payload.get('password'),
name=payload.get('name'))
valid = user.validate()
if valid['success']:
user.insert()
safe_commit()
return_value['id'] = user.id
else:
del(user)
return_value = valid
return jsonify(return_value)
def admin_users_edit_post():
payload = get_payload(request)
user_id = payload.get('user_id')
if user_id:
user = User.get(user_id)
return_value = success('All profile values have been updated.')
else:
user = User()
user.insert()
return_value = success('User created.')
if not payload.get('password'):
return jsonify(failure('You must set a password for new users'))
if not payload.get('email'):
return jsonify(failure('You must set an email for new users'))
if not payload.get('name'):
return jsonify(failure('You must set a name for new users'))
for key in payload:
if key == 'password':
user.set_password(payload[key])
elif key != 'user_id':
setattr(user, key, payload[key])
g.user.insert()
safe_commit()
return jsonify(return_value)
def retrieve_user():
return_value = success('The user was retrieved.')
payload = get_payload(request)
user = User.get(payload.get('id'))
if not user:
return_value = failure('That user does not exist.')
else:
return_value['user'] = user.to_dict(camel_case=True)
return_value['user'].pop('password')
return_value['user'].pop('openid')
return jsonify(return_value)
def setUp(self):
impression.app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///test.db'
impression.app.config['TESTING'] = True
self.app = impression.app.test_client()
# Drop and create DB.
impression.db.drop_all(bind=[None])
impression.db.create_all(bind=[None])
key = '{0:02X}'.format(randrange(36**50))
self.api_key = ApiKey(key=key, name='test-key')
self.api_key.insert()
self.s = TimestampSigner(key)
safe_commit()
hashed_password = generate_password_hash('password-123')
# Create a user to update and delete later.
self.user = User(name="Test User", email='*****@*****.**', admin=True, openid='', password=hashed_password)
self.user.insert()
safe_commit()
def retrieve_user():
return_value = success('The user was retrieved.')
payload = get_payload(request)
user = User.get(payload.get('id'))
if not user:
return_value = failure('That user does not exist.')
else:
return_value['user'] = user.to_dict(camel_case=True)
return_value['user'].pop('password')
return_value['user'].pop('openid')
return jsonify(return_value)
def delete_user():
return_value = success('The user was deleted.')
payload = get_payload(request)
if not g.user or g.user.id != payload.get('id'):
user = User.filter(User.id == payload.get('id')).first()
if user:
user.delete()
safe_commit()
else:
return_value = failure('That user does not exist.')
else:
return_value = failure('You cannot delete the current user.')
return jsonify(return_value)
def delete_user():
return_value = success('The user was deleted.')
payload = get_payload(request)
if not g.user or g.user.id != payload.get('id'):
user = User.filter(User.id == payload.get('id')).first()
if user:
user.active = False
user.insert()
safe_commit()
else:
return_value = failure('That user does not exist.')
else:
return_value = failure('You cannot delete the current user.')
return jsonify(return_value)
def index():
user_count = User.count()
print(user_count)
if user_count == 0:
# Run setup wizard.
print('Redirecting to setup.')
return redirect(url_for('.setup'))
custom_front_page = get_setting('custom-front-page', '')
if custom_front_page:
try:
return render(custom_front_page)
except TemplateNotFound:
return render("error.html", title="Custom Front Page", error="You have configured a custom front page but the file ({}) was not found in your theme's template directory.".format(custom_front_page))
return redirect('/blog/')
def post_login():
payload = get_payload(request)
user = User.filter(User.email == payload.get('email')).first()
if user:
if check_password_hash(user.password, payload['password']):
session['userid'] = user.id
next_url = request.args.get('next', '')
if next_url:
return redirect(next_url)
else:
return redirect(url_for('admin'))
else:
flash("Incorrect password")
else:
flash("Invalid user")
return redirect(url_for('login'))
def create_user():
return_value = success('The user was created.')
payload = get_payload(request)
hashed_password = generate_password_hash(payload.get('password'))
user = User()
user.email = payload.get('email')
user.name = payload.get('name')
user.password = hashed_password
valid = user.validate()
if valid['success']:
user.insert()
safe_commit()
return_value['id'] = user.id
else:
del(user)
return_value = valid
return jsonify(return_value)
def update_user():
return_value = success('The user was updated.')
payload = get_payload(request)
user = User.get(payload.get('id'))
if not user:
return_value = failure('That user does not exist.')
else:
if payload.get('password'):
user.set_password(payload.get('password'))
if payload.get('email'):
user.email = payload.get('email')
if payload.get('name'):
user.name = payload.get('name')
safe_commit()
return_value['user'] = user.to_dict(camel_case=True)
return jsonify(return_value)
def update_user():
return_value = success('The user was updated.')
payload = get_payload(request)
user = User.get(payload.get('id'))
if not user:
return_value = failure('That user does not exist.')
else:
if payload.get('password'):
hashed_password = generate_password_hash(payload.get('password'))
if payload.get('email'):
user.email = payload.get('email')
if payload.get('name'):
user.name = payload.get('name')
user.password = hashed_password
safe_commit()
return_value['user'] = user.to_dict(camel_case=True)
return jsonify(return_value)
def test_user_create(self):
api_key = self.s.sign(self.api_key.name)
'''
CREATE
'''
post_data = {
'name': 'Testy McTesterson',
'email': '*****@*****.**',
'password': '******',
}
# Try to create the user with no API key
rv = self.app.post('/user_create', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertFalse(data['success'])
# Create the user. This should work fine.
post_data['api_key'] = api_key
rv = self.app.post('/user_create', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertTrue(data['success'])
self.assertTrue(data['id'])
self.assertIsNotNone(data['messages'])
self.assertEquals(data['messages'][0], 'The user was created.')
user_id = data['id']
# Make sure that we can grab the user from the DB.
user = User.get(user_id)
self.assertIsNotNone(user)
self.assertEquals(user.name, 'Testy McTesterson')
# Try to create the same user again. This should fail.
rv = self.app.post('/user_create', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertFalse(data['success'])
self.assertIsNotNone(data['messages'])
self.assertEquals(data['messages'][0], 'That user exists already.')
# Clean up!
user.delete()
safe_commit()
def test_user_create(self):
api_key = self.s.sign(self.api_key.name)
'''
CREATE
'''
post_data = {
'name': 'Testy McTesterson',
'email': '*****@*****.**',
'password': '******',
}
# Try to create the user with no API key
rv = self.app.post('/user_create', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertFalse(data['success'])
# Create the user. This should work fine.
post_data['api_key'] = api_key
rv = self.app.post('/user_create', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertTrue(data['success'])
self.assertTrue(data['id'])
self.assertIsNotNone(data['messages'])
self.assertEquals(data['messages'][0], 'The user was created.')
user_id = data['id']
# Make sure that we can grab the user from the DB.
user = User.get(user_id)
self.assertIsNotNone(user)
self.assertEquals(user.name, 'Testy McTesterson')
# Try to create the same user again. This should fail.
rv = self.app.post('/user_create', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertFalse(data['success'])
self.assertIsNotNone(data['messages'])
self.assertEquals(data['messages'][0], 'That user exists already.')
# Clean up!
user.delete()
safe_commit()
def test_user_delete(self):
api_key = self.s.sign(self.api_key.name)
'''
DELETE
'''
# Delete the user.
post_data = {
'id': self.user.id
}
# Try to delete the user with no API key
rv = self.app.post('/user_delete', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertFalse(data['success'])
# Removing should work now.
post_data['api_key'] = api_key
rv = self.app.post('/user_delete', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertTrue(data['success'])
user = User.get(self.user.id)
self.assertIsNone(user)
def setUp(self):
app.config["CACHE_TYPE"] = "null"
# Use memory DB
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///:memory:'
app.config['TESTING'] = True
self.app = app.test_client()
# Create DB.
db.drop_all()
db.create_all()
safe_commit()
key = '{0:02X}'.format(randrange(36**50))
self.api_key = ApiKey(key=key, name='test-key')
self.api_key.insert()
self.s = TimestampSigner(key)
hashed_password = generate_password_hash('password-123')
# Create a user to update and delete later.
self.user = User(name="Test User", email='*****@*****.**', admin=True, openid='', password=hashed_password)
self.user.insert()
# Available Themes
themes = ['Stock Bootstrap 3', 'amelia', 'cerulean', 'cosmo', 'cyborg', 'darkly', 'flatly', 'lumen', 'readable', 'simplex', 'slate', 'spacelab', 'superhero', 'united', 'yeti']
syntax_themes = ['autumn.css', 'borland.css', 'bw.css', 'colorful.css', 'default.css', 'emacs.css', 'friendly.css', 'fruity.css', 'github.css', 'manni.css', 'monokai.css', 'murphy.css', 'native.css', 'pastie.css', 'perldoc.css', 'tango.css', 'trac.css', 'vim.css', 'vs.css', 'zenburn.css']
# Create some system settings
Setting(name='blog-title', vartype='str', system=True).insert()
Setting(name='blog-copyright', vartype='str', system=True).insert()
Setting(name='cache-timeout', vartype='int', system=True, value=0).insert()
Setting(name='posts-per-page', vartype='int', system=True, value=4).insert()
Setting(name='bootstrap-theme', vartype='str', system=True, value='yeti', allowed=json.dumps(themes)).insert()
Setting(name='syntax-highlighting-theme', vartype='str', system=True, value='monokai.css', allowed=json.dumps(syntax_themes)).insert()
Setting(name='custom-front-page', vartype='str', system=True).insert()
safe_commit()
def test_user_delete(self):
api_key = self.s.sign(self.api_key.name)
'''
DELETE
'''
# Delete the user.
post_data = {
'id': self.user.id
}
# Try to delete the user with no API key
rv = self.app.post('/admin/users/delete', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertFalse(data['success'])
# Removing should work now.
post_data['api_key'] = api_key
rv = self.app.post('/user_delete', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertTrue(data['success'])
user = User.get(self.user.id)
self.assertIsNone(user)
def admin_users_list():
users = User.filter(User.active == True).all()
return render_admin('users_list.html', users=users, content_type="Pages")
def setup():
import shlex
import subprocess
user_count = User.count()
# print(user_count)
if user_count > 0:
# We already have a user. No running setup.
return redirect(url_for('.index'))
if request.method == 'POST':
payload = get_payload(request)
if payload.get('email') and payload.get('password'):
user = User(username=payload.get('email'),
password=payload.get('password'),
firstname=payload.get('firstname'),
lastname=payload.get('lastname'))
my_role = Role(name='admin')
my_role.add_abilities('create_users', 'delete_users', 'create_content',
'delete_content', 'upload_files', 'delete_files',
'change_settings')
user.add_roles('admin', 'superadmin')
login_user(user)
args = shlex.split("alembic history")
p = subprocess.Popen(args, stdout=subprocess.PIPE)
output, error = p.communicate()
data = output.split('\n')
latest_alembic = None
for row in data:
if "(head)" in row:
cols = row.split(" ")
latest_alembic = cols[2].strip()
if latest_alembic:
print("Stamping with latest Alembic revision: %s" %
latest_alembic)
args = shlex.split("alembic stamp %s" % latest_alembic)
subprocess.Popen(args, stdout=subprocess.PIPE)
from impression.upgrade import THEMES, SYNTAX_THEMES
# Create some system settings
Setting(name='blog-title', vartype='str', system=True).insert()
Setting(name='blog-copyright', vartype='str', system=True).insert()
Setting(name='blog-theme', vartype='str',
system=True, value='impression').insert()
Setting(name='posts-per-page', vartype='int',
system=True, value=4).insert()
Setting(name='bootstrap-theme', vartype='str', system=True,
value='sandstone', allowed=json.dumps(THEMES)).insert()
Setting(name='syntax-highlighting-theme', vartype='str', system=True,
value='monokai.css', allowed=json.dumps(SYNTAX_THEMES)).insert()
Setting(name='custom-front-page',
vartype='str', system=True).insert()
Setting(name='allowed-extensions', vartype='list', system=True,
value="['txt', 'pdf', 'png', 'jpg', 'jpeg', 'gif', 'tiff']").insert()
Setting(name='upload-directory', vartype='str', system=True, value='uploads/').insert()
Setting(name='max-file-size', vartype='int',
system=True, value=16777216).insert()
safe_commit()
flash("Initial Setup Complete", "success")
return redirect(url_for('admin_controller.admin_settings'))
return render('setup.html')
class impressionTestCase(unittest.TestCase):
def setUp(self):
app.config["CACHE_TYPE"] = "null"
# Use memory DB
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///:memory:'
app.config['TESTING'] = True
self.app = app.test_client()
# Create DB.
db.drop_all()
db.create_all()
safe_commit()
key = '{0:02X}'.format(randrange(36**50))
self.api_key = ApiKey(key=key, name='test-key')
self.api_key.insert()
self.s = TimestampSigner(key)
hashed_password = generate_password_hash('password-123')
# Create a user to update and delete later.
self.user = User(name="Test User", email='*****@*****.**', admin=True, openid='', password=hashed_password)
self.user.insert()
# Available Themes
themes = ['Stock Bootstrap 3', 'amelia', 'cerulean', 'cosmo', 'cyborg', 'darkly', 'flatly', 'lumen', 'readable', 'simplex', 'slate', 'spacelab', 'superhero', 'united', 'yeti']
syntax_themes = ['autumn.css', 'borland.css', 'bw.css', 'colorful.css', 'default.css', 'emacs.css', 'friendly.css', 'fruity.css', 'github.css', 'manni.css', 'monokai.css', 'murphy.css', 'native.css', 'pastie.css', 'perldoc.css', 'tango.css', 'trac.css', 'vim.css', 'vs.css', 'zenburn.css']
# Create some system settings
Setting(name='blog-title', vartype='str', system=True).insert()
Setting(name='blog-copyright', vartype='str', system=True).insert()
Setting(name='cache-timeout', vartype='int', system=True, value=0).insert()
Setting(name='posts-per-page', vartype='int', system=True, value=4).insert()
Setting(name='bootstrap-theme', vartype='str', system=True, value='yeti', allowed=json.dumps(themes)).insert()
Setting(name='syntax-highlighting-theme', vartype='str', system=True, value='monokai.css', allowed=json.dumps(syntax_themes)).insert()
Setting(name='custom-front-page', vartype='str', system=True).insert()
safe_commit()
def tearDown(self):
db.drop_all()
db.session.commit()
def test_upload(self):
filename = 'test.txt'
the_file = os.path.join(app.config['UPLOAD_FOLDER'], filename)
if os.path.isfile(the_file):
os.unlink(the_file)
post_data = {
'file': (StringIO("This is a test file."), filename),
'name': 'Test File',
'user_id': self.user.id
}
rv = self.app.post('/upload_ajax', data=post_data, follow_redirects=True)
self.assertEquals(rv.status_code, 200)
data = json.loads(rv.data)
self.assertEquals(data['messages'][0], 'The file was uploaded.')
afile = File.get(data['id'])
self.assertEquals(data['id'], afile.id)
self.assertTrue(os.path.isfile(the_file))
# Delete the file we uploaded
os.unlink(the_file)
def test_content_create(self):
api_key = self.s.sign(self.api_key.name)
'''
CREATE
'''
post_data = {
'title': 'This is a test page',
'body': 'Blah blah blah',
'type': 'post',
'published': 1,
'user_id': self.user.id
}
# Try to create the content with no API key
rv = self.app.post('/content_create', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertFalse(data['success'])
# Create the content. This should work fine.
post_data['api_key'] = api_key
rv = self.app.post('/content_create', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertTrue(data['success'])
self.assertTrue(data['id'])
self.assertIsNotNone(data['messages'])
self.assertEquals(data['messages'][0], 'The content was created.')
content_id = data['id']
# Make sure that we can grab the content from the DB.
content = Content.get(content_id)
self.assertIsNotNone(content)
self.assertEquals(content.title, post_data['title'])
# Try to create the same content again. This should fail.
rv = self.app.post('/content_create', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertFalse(data['success'])
self.assertIsNotNone(data['messages'])
self.assertEquals(data['messages'][0], 'That post or page exists already.')
# Clean up!
content.delete()
safe_commit()
# Create the content. This should work fine.
post_data['api_key'] = api_key
post_data['type'] = 'page'
rv = self.app.post('/content_create', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertTrue(data['success'])
self.assertTrue(data['id'])
self.assertIsNotNone(data['messages'])
self.assertEquals(data['messages'][0], 'The content was created.')
content_id = data['id']
# Make sure that we can grab the content from the DB.
content = Content.get(content_id)
self.assertIsNotNone(content)
self.assertEquals(content.title, post_data['title'])
# Try to create the same content again. This should fail.
rv = self.app.post('/content_create', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertFalse(data['success'])
self.assertIsNotNone(data['messages'])
self.assertEquals(data['messages'][0], 'That post or page exists already.')
# Clean up!
content.delete()
safe_commit()
def test_content_retrieve(self):
user_id = self.user.id
'''
RETRIEVE
'''
# Create some content using the model directly...
content = Content(title="Test Content", published=True, type="post", body="blah blah blah", user_id=self.user.id)
content.insert()
content1 = content.to_dict()
content2 = Content(title="Test Content 2", published=True, type="post", body="blah blah blah", user_id=self.user.id)
content2.insert()
content2 = content2.to_dict()
content3 = Content(title="Test Content 3", published=True, type="post", body="blah blah blah", user_id=self.user.id)
content3.insert()
content3 = content3.to_dict()
content4 = Content(title="Test Content 4", published=True, type="post", body="blah blah blah", user_id=self.user.id)
content4.insert()
content4 = content4.to_dict()
safe_commit()
post_data = {
'id': content.id
}
# retrieve the content. This should work fine.
rv = self.app.post('/content_retrieve', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertTrue(data['success'])
self.assertTrue(data['contents'][0])
self.assertIsNotNone(data['messages'])
content = Content.get(data['contents'][0]['id'])
self.assertEquals(content.title, data['contents'][0]['title'])
self.assertEquals(content.body, data['contents'][0]['body'])
self.assertEquals(user_id, data['contents'][0]['user_id'])
post_data = {
'content_type': 'post',
'page_size': 3
}
# retrieve the content. This should work fine.
rv = self.app.post('/content_retrieve', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertTrue(data['success'])
# There should be three posts.
self.assertEquals(data['contents'][0]['title'], content4['title'])
self.assertEquals(data['contents'][1]['title'], content3['title'])
self.assertEquals(data['contents'][2]['title'], content2['title'])
# And only three posts returned
self.assertTrue(len(data['contents']) == 3)
# Posts should be in the right order
self.assertTrue(data['contents'][1]['published_on'] < data['contents'][0]['published_on'])
self.assertIsNotNone(data['messages'])
post_data = {
'content_type': 'post',
'current_page': 2,
'page_size': 3
}
# retrieve the content. This should work fine.
rv = self.app.post('/content_retrieve', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertTrue(data['success'])
# There should be one post.
self.assertEquals(data['contents'][0]['title'], content1['title'])
# And only one post returned
self.assertTrue(len(data['contents']) == 1)
def test_user_create(self):
api_key = self.s.sign(self.api_key.name)
'''
CREATE
'''
post_data = {
'name': 'Testy McTesterson',
'email': '*****@*****.**',
'password': '******',
}
# Try to create the user with no API key
rv = self.app.post('/user_create', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertFalse(data['success'])
# Create the user. This should work fine.
post_data['api_key'] = api_key
rv = self.app.post('/user_create', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertTrue(data['success'])
self.assertTrue(data['id'])
self.assertIsNotNone(data['messages'])
self.assertEquals(data['messages'][0], 'The user was created.')
user_id = data['id']
# Make sure that we can grab the user from the DB.
user = User.get(user_id)
self.assertIsNotNone(user)
self.assertEquals(user.name, 'Testy McTesterson')
# Try to create the same user again. This should fail.
rv = self.app.post('/user_create', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertFalse(data['success'])
self.assertIsNotNone(data['messages'])
self.assertEquals(data['messages'][0], 'That user exists already.')
# Clean up!
user.delete()
safe_commit()
def test_user_retrieve(self):
api_key = self.s.sign(self.api_key.name)
'''
RETRIEVE
'''
post_data = {
'id': self.user.id
}
# Try to retrieve the user with no API key
rv = self.app.post('/user_retrieve', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertFalse(data['success'])
# Retrieve the user. This should work fine.
post_data['api_key'] = api_key
rv = self.app.post('/user_retrieve', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertTrue(data['success'])
self.assertTrue(data['user'])
self.assertEquals(data['user']['name'], 'Test User')
def test_user_update(self):
api_key = self.s.sign(self.api_key.name)
'''
UPDATE
'''
post_data = {
'name': 'New Person',
'email': '*****@*****.**',
'password': '******',
'id': self.user.id
}
# Try to update the user with no API key
rv = self.app.post('/user_update', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertFalse(data['success'])
# update the user. This should work fine.
post_data['api_key'] = api_key
rv = self.app.post('/user_update', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertTrue(data['success'])
self.assertTrue(data['user'])
self.assertIsNotNone(data['messages'])
self.assertEquals(data['messages'][0], 'The user was updated.')
# Make sure that we can grab the user from the DB.
user = User.get(self.user.id)
self.assertIsNotNone(user)
self.assertEquals(data['user']['name'], 'New Person')
self.assertEquals(user.name, 'New Person')
self.assertTrue(check_password_hash(user.password, 'newperson123'))
@unittest.skip("Skipping this since the API is changing")
def test_user_delete(self):
api_key = self.s.sign(self.api_key.name)
'''
DELETE
'''
# Delete the user.
post_data = {
'id': self.user.id
}
# Try to delete the user with no API key
rv = self.app.post('/admin/users/delete', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertFalse(data['success'])
# Removing should work now.
post_data['api_key'] = api_key
rv = self.app.post('/user_delete', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertTrue(data['success'])
user = User.get(self.user.id)
self.assertIsNone(user)
def admin_users_edit(user_id=''):
user = User.get(user_id)
return render_admin('user.html', user=user)
class impressionTestCase(unittest.TestCase):
def setUp(self):
impression.app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///test.db'
impression.app.config['TESTING'] = True
self.app = impression.app.test_client()
# Drop and create DB.
impression.db.drop_all(bind=[None])
impression.db.create_all(bind=[None])
key = '{0:02X}'.format(randrange(36**50))
self.api_key = ApiKey(key=key, name='test-key')
self.api_key.insert()
self.s = TimestampSigner(key)
safe_commit()
hashed_password = generate_password_hash('password-123')
# Create a user to update and delete later.
self.user = User(name="Test User", email='*****@*****.**', admin=True, openid='', password=hashed_password)
self.user.insert()
safe_commit()
def tearDown(self):
impression.db.drop_all(bind=[None])
def test_upload(self):
filename = 'test.txt'
post_data = {
'file': (StringIO("This is a test file."), filename),
'name': 'Test File',
'user_id': self.user.id
}
rv = self.app.post('/upload_ajax', data=post_data, follow_redirects=True)
self.assertEquals(rv.status_code, 200)
data = json.loads(rv.data)
self.assertEquals(data['messages'][0], 'The file was uploaded.')
afile = File.get(data['id'])
self.assertEquals(data['id'], afile.id)
the_file = os.path.join(impression.app.config['UPLOAD_FOLDER'], filename)
self.assertTrue(os.path.isfile(the_file))
# Delete the file we uploaded
os.unlink(the_file)
def test_content_create(self):
api_key = self.s.sign(self.api_key.name)
'''
CREATE
'''
post_data = {
'title': 'This is a test page',
'body': 'Blah blah blah',
'type': 'post',
'user_id': self.user.id
}
# Try to create the content with no API key
rv = self.app.post('/content_create', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertFalse(data['success'])
# Create the content. This should work fine.
post_data['api_key'] = api_key
rv = self.app.post('/content_create', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertTrue(data['success'])
self.assertTrue(data['id'])
self.assertIsNotNone(data['messages'])
self.assertEquals(data['messages'][0], 'The content was created.')
content_id = data['id']
# Make sure that we can grab the content from the DB.
content = Content.get(content_id)
self.assertIsNotNone(content)
self.assertEquals(content.title, post_data['title'])
# Try to create the same content again. This should fail.
rv = self.app.post('/content_create', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertFalse(data['success'])
self.assertIsNotNone(data['messages'])
self.assertEquals(data['messages'][0], 'That post or page exists already.')
# Clean up!
content.delete()
safe_commit()
# Create the content. This should work fine.
post_data['api_key'] = api_key
post_data['type'] = 'page'
rv = self.app.post('/content_create', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertTrue(data['success'])
self.assertTrue(data['id'])
self.assertIsNotNone(data['messages'])
self.assertEquals(data['messages'][0], 'The content was created.')
content_id = data['id']
# Make sure that we can grab the content from the DB.
content = Content.get(content_id)
self.assertIsNotNone(content)
self.assertEquals(content.title, post_data['title'])
# Try to create the same content again. This should fail.
rv = self.app.post('/content_create', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertFalse(data['success'])
self.assertIsNotNone(data['messages'])
self.assertEquals(data['messages'][0], 'That post or page exists already.')
# Clean up!
content.delete()
safe_commit()
def test_content_retrieve(self):
user_id = self.user.id
'''
RETRIEVE
'''
# Create some content using the model directly...
content = Content(title="Test Content", published=True, type="post", body="blah blah blah", user_id=self.user.id)
content.insert()
content1 = content.to_dict()
content2 = Content(title="Test Content 2", published=True, type="post", body="blah blah blah", user_id=self.user.id)
content2.insert()
content2 = content2.to_dict()
content3 = Content(title="Test Content 3", published=True, type="post", body="blah blah blah", user_id=self.user.id)
content3.insert()
content3 = content3.to_dict()
content4 = Content(title="Test Content 4", published=True, type="post", body="blah blah blah", user_id=self.user.id)
content4.insert()
content4 = content4.to_dict()
safe_commit()
post_data = {
'id': content.id
}
# retrieve the content. This should work fine.
rv = self.app.post('/content_retrieve', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertTrue(data['success'])
self.assertTrue(data['contents'][0])
self.assertIsNotNone(data['messages'])
content = Content.get(data['contents'][0]['id'])
self.assertEquals(content.title, data['contents'][0]['title'])
self.assertEquals(content.body, data['contents'][0]['body'])
self.assertEquals(user_id, data['contents'][0]['user_id'])
post_data = {
'content_type': 'post',
'page_size': 3
}
# retrieve the content. This should work fine.
rv = self.app.post('/content_retrieve', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertTrue(data['success'])
# There should be three posts.
self.assertEquals(data['contents'][0]['title'], content4['title'])
self.assertEquals(data['contents'][1]['title'], content3['title'])
self.assertEquals(data['contents'][2]['title'], content2['title'])
# And only three posts returned
self.assertTrue(len(data['contents']) == 3)
# Posts should be in the right order
self.assertTrue(data['contents'][1]['published_on'] < data['contents'][0]['published_on'])
self.assertIsNotNone(data['messages'])
post_data = {
'content_type': 'post',
'current_page': 2,
'page_size': 3
}
# retrieve the content. This should work fine.
rv = self.app.post('/content_retrieve', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertTrue(data['success'])
# There should be one post.
self.assertEquals(data['contents'][0]['title'], content1['title'])
# And only one post returned
self.assertTrue(len(data['contents']) == 1)
def test_user_create(self):
api_key = self.s.sign(self.api_key.name)
'''
CREATE
'''
post_data = {
'name': 'Testy McTesterson',
'email': '*****@*****.**',
'password': '******',
}
# Try to create the user with no API key
rv = self.app.post('/user_create', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertFalse(data['success'])
# Create the user. This should work fine.
post_data['api_key'] = api_key
rv = self.app.post('/user_create', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertTrue(data['success'])
self.assertTrue(data['id'])
self.assertIsNotNone(data['messages'])
self.assertEquals(data['messages'][0], 'The user was created.')
user_id = data['id']
# Make sure that we can grab the user from the DB.
user = User.get(user_id)
self.assertIsNotNone(user)
self.assertEquals(user.name, 'Testy McTesterson')
# Try to create the same user again. This should fail.
rv = self.app.post('/user_create', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertFalse(data['success'])
self.assertIsNotNone(data['messages'])
self.assertEquals(data['messages'][0], 'That user exists already.')
# Clean up!
user.delete()
safe_commit()
def test_user_retrieve(self):
api_key = self.s.sign(self.api_key.name)
'''
RETRIEVE
'''
post_data = {
'id': self.user.id
}
# Try to retrieve the user with no API key
rv = self.app.post('/user_retrieve', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertFalse(data['success'])
# Retrieve the user. This should work fine.
post_data['api_key'] = api_key
rv = self.app.post('/user_retrieve', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertTrue(data['success'])
self.assertTrue(data['user'])
self.assertEquals(data['user']['name'], 'Test User')
def test_user_update(self):
api_key = self.s.sign(self.api_key.name)
'''
UPDATE
'''
post_data = {
'name': 'New Person',
'email': '*****@*****.**',
'password': '******',
'id': self.user.id
}
# Try to update the user with no API key
rv = self.app.post('/user_update', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertFalse(data['success'])
# update the user. This should work fine.
post_data['api_key'] = api_key
rv = self.app.post('/user_update', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertTrue(data['success'])
self.assertTrue(data['user'])
self.assertIsNotNone(data['messages'])
self.assertEquals(data['messages'][0], 'The user was updated.')
# Make sure that we can grab the user from the DB.
user = User.get(self.user.id)
self.assertIsNotNone(user)
self.assertEquals(data['user']['name'], 'New Person')
self.assertEquals(user.name, 'New Person')
self.assertTrue(check_password_hash(user.password, 'newperson123'))
def test_user_delete(self):
api_key = self.s.sign(self.api_key.name)
'''
DELETE
'''
# Delete the user.
post_data = {
'id': self.user.id
}
# Try to delete the user with no API key
rv = self.app.post('/user_delete', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertFalse(data['success'])
# Removing should work now.
post_data['api_key'] = api_key
rv = self.app.post('/user_delete', data=post_data, follow_redirects=True)
data = json.loads(rv.data)
self.assertTrue(data['success'])
user = User.get(self.user.id)
self.assertIsNone(user)
