Пример #1
0
def records():
    """Load test data fixture."""
    import uuid
    from invenio_records.api import Record
    from invenio_pidstore.models import PersistentIdentifier, PIDStatus

    create_test_user()

    indexer = RecordIndexer()

    # Record 1 - Live record
    with db.session.begin_nested():
        rec_uuid = uuid.uuid4()
        pid1 = PersistentIdentifier.create(
            'recid', '1', object_type='rec', object_uuid=rec_uuid,
            status=PIDStatus.REGISTERED)
        Record.create({
            'title': 'Registered',
            'description': 'This is an awesome description',
            'control_number': '1',
            'access_right': 'restricted',
            'access_conditions': 'fuu',
            'owners': [1, 2],
            'recid': 1
        }, id_=rec_uuid)
        indexer.index_by_id(pid1.object_uuid)

    db.session.commit()

    sleep(3)
def test_view_list_sessions(app):
    """Test view list sessions."""
    with app.test_request_context():
        user1 = create_test_user(email="*****@*****.**")
        user2 = create_test_user(email="*****@*****.**")

    with app.test_client() as client:
        client.post(
            url_for_security("login"),
            data=dict(
                email=user1.email,
                password=user1.password_plaintext,
            ),
        )

    with app.test_client() as client:
        client.post(
            url_for_security("login"),
            data=dict(
                email=user2.email,
                password=user2.password_plaintext,
            ),
        )

        # get the list of user 2 sessions
        url = url_for("invenio_accounts.security")
        res = client.get(url)
        assert res.status_code == 200

        # check session for user 1 is not in the list
        sessions_1 = SessionActivity.query.filter_by(user_id=user1.id).all()
        assert len(sessions_1) == 1
        assert sessions_1[0].sid_s not in res.data.decode("utf-8")

        # check session for user 2 is in the list
        sessions_2 = SessionActivity.query.filter_by(user_id=user2.id).all()
        assert len(sessions_2) == 1
        assert sessions_2[0].sid_s in res.data.decode("utf-8")

        # test user 2 to delete user 1 session
        url = url_for("invenio_accounts.revoke_session")
        res = client.post(url, data={"sid_s": sessions_1[0].sid_s})
        assert res.status_code == 302
        assert (
            SessionActivity.query.filter_by(
                user_id=user1.id, sid_s=sessions_1[0].sid_s
            ).count()
            == 1
        )

        # test user 2 to delete user 1 session
        url = url_for("invenio_accounts.revoke_session")
        res = client.post(url, data={"sid_s": sessions_2[0].sid_s})
        assert res.status_code == 302
        assert (
            SessionActivity.query.filter_by(
                user_id=user1.id, sid_s=sessions_2[0].sid_s
            ).count()
            == 0
        )
def users(db, app):
    """Create users."""
    # create users
    admin = create_test_user(email='*****@*****.**',
                             password='******',
                             active=True)
    librarian = create_test_user(email='*****@*****.**',
                                 password='******',
                                 active=True)
    patron = create_test_user(email='*****@*****.**',
                              password='******',
                              active=True)

    with db.session.begin_nested():
        datastore = app.extensions['security'].datastore
        # Give role to admin
        admin_role = Role(name='admin')
        db.session.add(
            ActionRoles(action=superuser_access.value, role=admin_role))
        datastore.add_role_to_user(admin, admin_role)
        # Give role to librarian
        librarian_role = Role(name='librarian')
        db.session.add(
            ActionRoles(action=authenticated_user.value, role=librarian_role))
        datastore.add_role_to_user(librarian, librarian_role)
    db.session.commit()

    return {'admin': admin, 'librarian': librarian, 'user': patron}
Пример #4
0
def test_create_test_user(app):
    """Test for testutils.py:create_test_user('*****@*****.**').

    Demonstrates basic usage and context requirements.
    """
    ds = app.extensions['security'].datastore
    email = '*****@*****.**'
    password = '******'

    with app.app_context():
        user = testutils.create_test_user(email, password)
        assert user.password_plaintext == password
        # Will fail if the app is configured to not "encrypt" the passwords.
        assert user.password != password

        # Verify that user exists in app's datastore
        user_ds = ds.find_user(email=email)
        assert user_ds
        assert user_ds.password == user.password

        with pytest.raises(Exception):
            # Catch-all "Exception" because it's raised by the datastore,
            # and the actual exception type will probably vary depending on
            # which datastore we're running the tests with.
            testutils.create_test_user(email, password)
Пример #5
0
def test_confirm_email_view(api):
    from flask_security.confirmable import generate_confirmation_token
    app = api
    with app.app_context():
        normal_user = create_test_user(email='*****@*****.**')
        confirmed_user = create_test_user(email='*****@*****.**',
                                          confirmed_at=datetime.datetime.now())

        db.session.commit()
        # Generate token
        token = generate_confirmation_token(normal_user)
        confirmed_token = generate_confirmation_token(confirmed_user)
        with app.test_client() as client:
            url = url_for('invenio_accounts_rest_auth.confirm_email')

            # Invalid token
            res = client.post(url, data=dict(token='foo'))
            payload = get_json(res)
            assert 'invalid confirmation token' in \
                payload['message'][0].lower()

            # Already confirmed user
            res = client.post(url, data=dict(token=confirmed_token))
            payload = get_json(res)
            assert 'email has already been confirmed' in \
                payload['message'].lower()

            # Valid confirm user
            assert normal_user.confirmed_at is None
            res = client.post(url, data=dict(token=token))
            payload = get_json(res)
            assert 'your email has been confirmed' in \
                payload['message'].lower()
            assert normal_user.confirmed_at
Пример #6
0
def records():
    """Load test data fixture."""
    import uuid
    from invenio_records.api import Record
    from invenio_pidstore.models import PersistentIdentifier, PIDStatus

    create_test_user()

    indexer = RecordIndexer()

    # Record 1 - Live record
    with db.session.begin_nested():
        rec_uuid = uuid.uuid4()
        pid1 = PersistentIdentifier.create('recid',
                                           '1',
                                           object_type='rec',
                                           object_uuid=rec_uuid,
                                           status=PIDStatus.REGISTERED)
        Record.create(
            {
                'title': 'Registered',
                'description': 'This is an awesome description',
                'control_number': '1',
                'access_right': 'restricted',
                'access_conditions': 'fuu',
                'owners': [1, 2],
                'recid': 1
            },
            id_=rec_uuid)
        indexer.index_by_id(pid1.object_uuid)

    db.session.commit()

    sleep(3)
Пример #7
0
def test_create_test_user(app):
    """Test for testutils.py:create_test_user().

    Demonstrates basic usage and context requirements.
    """
    ds = app.extensions['security'].datastore
    email = '*****@*****.**'
    password = '******'

    with app.app_context():
        user = testutils.create_test_user(email, password)
        assert user.password_plaintext == password
        # Will fail if the app is configured to not "encrypt" the passwords.
        assert user.password != password

        # Verify that user exists in app's datastore
        user_ds = ds.find_user(email=email)
        assert user_ds
        assert user_ds.password == user.password

        with pytest.raises(Exception):
            # Catch-all "Exception" because it's raised by the datastore,
            # and the actual exception type will probably vary depending on
            # which datastore we're running the tests with.
            testutils.create_test_user(email, password)
def test_login_view(api):
    app = api
    with app.app_context():

        normal_user = create_test_user(email="*****@*****.**")
        create_test_user(email="*****@*****.**", active=False)
        create_test_user(email="*****@*****.**", password=None)

        db.session.commit()

        with app.test_client() as client:
            url = url_for("invenio_accounts_rest_auth.login")
            # Missing fields
            res = client.post(url)
            assert_error_resp(
                res,
                (
                    ("password", "required"),
                    ("email", "required"),
                ),
            )

            # Invalid fields
            res = client.post(url,
                              data=dict(email="invalid-email", password=None))
            assert_error_resp(
                res,
                (
                    ("password", "required field"),
                    ("email", "not a valid email"),
                ),
            )

            # Invalid credentials
            res = client.post(url,
                              data=dict(email="*****@*****.**",
                                        password="******"))
            assert_error_resp(res, (("email", "user does not exist"), ))

            # No-password user
            res = client.post(url,
                              data=dict(email="*****@*****.**",
                                        password="******"))
            assert_error_resp(res, (("password", "no password is set"), ))

            # Disabled account
            res = client.post(url,
                              data=dict(email="*****@*****.**",
                                        password="******"))
            assert_error_resp(res, ((None, "account is disabled"), ))

            # Successful login
            _login_user(client, normal_user)

            # User info view
            res = client.get(url_for("invenio_accounts_rest_auth.user_info"))
            payload = get_json(res)
            assert res.status_code == 200
            assert payload["id"] == normal_user.id
Пример #9
0
def test_login_view(api):
    app = api
    with app.app_context():

        normal_user = create_test_user(email='*****@*****.**')
        create_test_user(email='*****@*****.**', active=False)
        create_test_user(email='*****@*****.**', password=None)

        db.session.commit()

        with app.test_client() as client:
            url = url_for('invenio_accounts_rest_auth.login')
            # Missing fields
            res = client.post(url)
            assert_error_resp(res, (
                ('password', 'required'),
                ('email', 'required'),
            ))

            # Invalid fields
            res = client.post(url, data=dict(
                email='invalid-email', password=None))
            assert_error_resp(res, (
                ('password', 'required field'),
                ('email', 'not a valid email'),
            ))

            # Invalid credentials
            res = client.post(url, data=dict(
                email='*****@*****.**', password='******'))
            assert_error_resp(res, (
                ('email', 'user does not exist'),
            ))

            # No-password user
            res = client.post(url, data=dict(
                email='*****@*****.**', password='******'))
            assert_error_resp(res, (
                ('password', 'no password is set'),
            ))

            # Disabled account
            res = client.post(url, data=dict(
                email='*****@*****.**', password='******'))
            assert_error_resp(res, (
                (None, 'account is disabled'),
            ))

            # Successful login
            _login_user(client, normal_user)

            # User info view
            res = client.get(url_for('invenio_accounts_rest_auth.user_info'))
            payload = get_json(res)
            assert res.status_code == 200
            assert payload['id'] == normal_user.id
Пример #10
0
def users(app, db):
    """Create users."""
    user1 = create_test_user(email='*****@*****.**', password='******')
    user2 = create_test_user(email='*****@*****.**', password='******')

    db.session.commit()

    return [
        {'email': user1.email, 'id': user1.id},
        {'email': user2.email, 'id': user2.id},
    ]
Пример #11
0
def test_clean_session_table(task_app):
    """Test clean session table."""
    # set session lifetime
    task_app.permanent_session_lifetime = timedelta(seconds=20)

    # protected page
    @task_app.route("/test", methods=["GET"])
    @login_required
    def test():
        return "test"

    with task_app.test_request_context():
        user1 = create_test_user(email="*****@*****.**")
        user2 = create_test_user(email="*****@*****.**")

        with task_app.test_client() as client:
            client.post(
                url_for_security("login"),
                data=dict(
                    email=user1.email,
                    password=user1.password_plaintext,
                ),
            )
        assert len(SessionActivity.query.all()) == 1
        sleep(15)

        with task_app.test_client() as client:
            client.post(
                url_for_security("login"),
                data=dict(
                    email=user2.email,
                    password=user2.password_plaintext,
                ),
            )
            assert len(SessionActivity.query.all()) == 2
            sleep(10)

            clean_session_table.s().apply()
            assert len(SessionActivity.query.all()) == 1

            protected_url = url_for("test")

            res = client.get(protected_url)
            assert res.status_code == 200

            sleep(15)
            clean_session_table.s().apply()
            assert len(SessionActivity.query.all()) == 0

            res = client.get(protected_url)
            # check if the user is really logout
            assert res.status_code == 302
def test_registration_view(api):
    app = api
    with app.app_context():
        create_test_user(email="*****@*****.**")
        db.session.commit()
        with app.test_client() as client:
            url = url_for("invenio_accounts_rest_auth.register")

            # Missing fields
            res = client.post(url)
            assert_error_resp(
                res,
                (
                    ("password", "required"),
                    ("email", "required"),
                ),
            )

            # Invalid fields
            res = client.post(url,
                              data=dict(email="invalid-email",
                                        password="******"))
            assert_error_resp(
                res,
                (
                    ("password", "length"),
                    ("email", "not a valid email"),
                ),
            )

            # Existing user
            res = client.post(url,
                              data=dict(email="*****@*****.**",
                                        password="******"))
            assert_error_resp(
                res, (("email", "[email protected] is already associated"), ))

            # Successful registration
            res = client.post(url,
                              data=dict(email="*****@*****.**",
                                        password="******"))
            payload = get_json(res)
            assert res.status_code == 200
            assert payload["id"] == 2
            assert payload["email"] == "*****@*****.**"
            session_cookie = next(c for c in client.cookie_jar
                                  if c.name == "session")
            assert session_cookie is not None
            assert session_cookie.value

            res = client.get(url_for("invenio_accounts_rest_auth.user_info"))
            assert res.status_code == 200
Пример #13
0
def users(app):
    """Create users."""
    user1 = create_test_user(email='*****@*****.**',
                             password='******')
    user2 = create_test_user(email='*****@*****.**',
                             password='******')

    return [
        {'email': user1.email, 'id': user1.id,
         'password': user1.password_plaintext, 'obj': user1},
        {'email': user2.email, 'id': user2.id,
         'password': user2.password_plaintext, 'obj': user2},
    ]
Пример #14
0
def users(app, db):
    """Create users."""
    user1 = create_test_user(email='*****@*****.**',
                             password='******')
    user2 = create_test_user(email='*****@*****.**',
                             password='******')

    user1.allowed_token = Token.create_personal(name='allowed_token',
                                                user_id=user1.id,
                                                scopes=[]).access_token
    user2.allowed_token = Token.create_personal(name='allowed_token',
                                                user_id=user2.id,
                                                scopes=[]).access_token
    return {'authorized': user1, 'unauthorized': user2}
Пример #15
0
def users(app, db):
    """Create users."""
    user1 = create_test_user(email='*****@*****.**', password='******')
    user2 = create_test_user(email='*****@*****.**', password='******')
    user_admin = create_test_user(email='*****@*****.**',
                                  password='******')
    with db.session.begin_nested():
        # set admin permissions
        db.session.add(ActionUsers(action=action_admin_access.value,
                                   user=user_admin))

    db.session.commit()
    return [{'email': user1.email, 'id': user1.id},
            {'email': user2.email, 'id': user2.id},
            {'email': user_admin.email, 'id': user_admin.id}]
Пример #16
0
def test_view_list_sessions(app, app_i18n):
    """Test view list sessions."""
    with app.test_request_context():
        user1 = create_test_user(email='*****@*****.**')
        user2 = create_test_user(email='*****@*****.**')

        with app.test_client() as client:
            client.post(url_for_security('login'), data=dict(
                email=user1.email,
                password=user1.password_plaintext,
            ))

        with app.test_client() as client:
            client.post(url_for_security('login'), data=dict(
                email=user2.email,
                password=user2.password_plaintext,
            ))

            # get the list of user 2 sessions
            url = url_for('invenio_accounts.security')
            res = client.get(url)
            assert res.status_code == 200

            # check session for user 1 is not in the list
            sessions_1 = SessionActivity.query.filter_by(
                user_id=user1.id).all()
            assert len(sessions_1) == 1
            assert sessions_1[0].sid_s not in res.data.decode('utf-8')

            # check session for user 2 is in the list
            sessions_2 = SessionActivity.query.filter_by(
                user_id=user2.id).all()
            assert len(sessions_2) == 1
            assert sessions_2[0].sid_s in res.data.decode('utf-8')

            # test user 2 to delete user 1 session
            url = url_for('invenio_accounts.revoke_session')
            res = client.post(url, data={'sid_s': sessions_1[0].sid_s})
            assert res.status_code == 302
            assert SessionActivity.query.filter_by(
                user_id=user1.id, sid_s=sessions_1[0].sid_s).count() == 1

            # test user 2 to delete user 1 session
            url = url_for('invenio_accounts.revoke_session')
            res = client.post(url, data={'sid_s': sessions_2[0].sid_s})
            assert res.status_code == 302
            assert SessionActivity.query.filter_by(
                user_id=user1.id, sid_s=sessions_2[0].sid_s).count() == 0
Пример #17
0
def test_user_login(app):
    """Test users' high-level login process."""
    with app.app_context():
        user = create_test_user('*****@*****.**')
        with app.test_client() as client:
            login_user_via_view(client, user.email, user.password_plaintext)
            assert client_authenticated(client)
Пример #18
0
def test_repeated_login_session_population(app):
    """Verify session population on repeated login.

    Check that the number of SessionActivity entries match the number of
    sessions in the kv-store, when logging in with one user.
    """
    with app.app_context():
        user = testutils.create_test_user('*****@*****.**')
        query = db.session.query(SessionActivity)
        assert query.count() == len(app.kvsession_store.keys())

        with app.test_client() as client:
            # After logging in, there should be one session in the kv-store and
            # one SessionActivity
            testutils.login_user_via_view(client, user=user)
            assert testutils.client_authenticated(client)
            query = db.session.query(SessionActivity)
            assert query.count() == 1
            assert query.count() == len(app.kvsession_store.keys())

            # Sessions are not deleted upon logout
            client.get(flask_security.url_for_security('logout'))
            assert len(app.kvsession_store.keys()) == 1
            query = db.session.query(SessionActivity)
            assert query.count() == len(app.kvsession_store.keys())

            # After logging out and back in, the number of sessions correspond
            # to the number of SessionActivity entries.
            testutils.login_user_via_view(client, user=user)
            query = db.session.query(SessionActivity)
            assert query.count() == len(app.kvsession_store.keys())
Пример #19
0
def test_create_sessions_for_user(app):
    """Test testutils.py:create_sessions_for_user."""
    InvenioAccounts(app)
    app.register_blueprint(blueprint)
    user = testutils.create_test_user()
    assert len(user.active_sessions) == 0
    res = testutils.create_sessions_for_user(user=user)
    assert len(user.active_sessions) == 1
    assert res['user'] == user

    # Cookie is retrievable from the client.
    sid_s = user.active_sessions[0].sid_s
    client_one = res['clients'][0]
    cookie = testutils.get_cookie_from_client(client_one)
    assert sid_s == testutils.get_sid_s_from_cookie(cookie)

    # The client is still authenticated
    with client_one as client:
        assert testutils.client_authenticated(client)

    # Repeated calls create new sessions.
    res = testutils.create_sessions_for_user(app=app, user=user)
    assert len(user.active_sessions) == 2
    assert len(res['clients']) == 1

    # No user argument (fails b/c `create_test_user` has static default values)
    # res = testutils.create_sessions_for_user(app=app)
    # user_two = res['user']
    # assert not user_two == user
    # assert len(user_two.active_sessions) == 1

    n = 3
    res = testutils.create_sessions_for_user(user=user, n=n)
    assert len(user.active_sessions) == 2+n
    assert len(res['clients']) == n
Пример #20
0
def test_create_sessions_for_user(app):
    """Test testutils.py:create_sessions_for_user."""
    InvenioAccounts(app)
    app.register_blueprint(blueprint)
    user = testutils.create_test_user()
    assert len(user.active_sessions) == 0
    res = testutils.create_sessions_for_user(user=user)
    assert len(user.active_sessions) == 1
    assert res['user'] == user

    # Cookie is retrievable from the client.
    sid_s = user.active_sessions[0].sid_s
    client_one = res['clients'][0]
    cookie = testutils.get_cookie_from_client(client_one)
    assert sid_s == testutils.get_sid_s_from_cookie(cookie)

    # The client is still authenticated
    with client_one as client:
        assert testutils.client_authenticated(client)

    # Repeated calls create new sessions.
    res = testutils.create_sessions_for_user(app=app, user=user)
    assert len(user.active_sessions) == 2
    assert len(res['clients']) == 1

    # No user argument (fails b/c `create_test_user` has static default values)
    # res = testutils.create_sessions_for_user(app=app)
    # user_two = res['user']
    # assert not user_two == user
    # assert len(user_two.active_sessions) == 1

    n = 3
    res = testutils.create_sessions_for_user(user=user, n=n)
    assert len(user.active_sessions) == 2 + n
    assert len(res['clients']) == n
Пример #21
0
def test_repeated_login_session_population(app):
    """Verify session population on repeated login."""
    with app.app_context():
        user = testutils.create_test_user('*****@*****.**')
        query = db.session.query(SessionActivity)
        assert query.count() == len(app.kvsession_store.keys())

        with app.test_client() as client:
            # After logging in, there should be one session in the kv-store and
            # one SessionActivity
            testutils.login_user_via_view(client, user=user)
            assert testutils.client_authenticated(client)
            query = db.session.query(SessionActivity)
            assert query.count() == 1
            assert len(app.kvsession_store.keys()) == 1
            first_login_session_id = app.kvsession_store.keys()[0]

            # Sessions are not deleted upon logout
            client.get(flask_security.url_for_security('logout'))
            assert len(app.kvsession_store.keys()) == 1
            query = db.session.query(SessionActivity)
            assert query.count() == 1
            assert len(app.kvsession_store.keys()) == 1
            # Session id doesn't change after logout
            assert first_login_session_id == app.kvsession_store.keys()[0]

            # After logging out and back in, the inital session id in the
            # sessionstore should be updated, and there should be two
            # SessionActivity entries (the old one and the regenerated).
            testutils.login_user_via_view(client, user=user)
            query = db.session.query(SessionActivity)
            assert query.count() == 2
            assert len(app.kvsession_store.keys()) == 1
            assert first_login_session_id != app.kvsession_store.keys()[0]
Пример #22
0
def test_sessionstore_default_ttl_secs(app):
    """Test the `default_ttl_secs` field for simplekv sessionstore backends
    using the TimeToLive-mixin
    (http://pythonhosted.org/simplekv/index.html#simplekv.TimeToLiveMixin)"""
    ttl_seconds = 1
    ttl_delta = datetime.timedelta(0, ttl_seconds)

    sessionstore = RedisStore(redis.StrictRedis())
    sessionstore.default_ttl_secs = ttl_seconds

    ext = InvenioAccounts(app, sessionstore=sessionstore)
    app.register_blueprint(blueprint)

    # Verify that the backend supports ttl
    assert ext.sessionstore.ttl_support

    user = testutils.create_test_user()
    with app.test_client() as client:
        testutils.login_user_via_view(client, user=user)
        sid = testutils.unserialize_session(flask.session.sid_s)
        while not sid.has_expired(ttl_delta):
            pass
        # When we get here the session should have expired.
        # But the client is still authenticated.
        assert testutils.client_authenticated(client)
Пример #23
0
def test_session_ttl(app):
    """Test actual/working session expiration/TTL settings."""
    ttl_seconds = 1
    # Set ttl to "0 days, 1 seconds"
    ttl_delta = datetime.timedelta(0, ttl_seconds)

    ext = InvenioAccounts(app)
    app.register_blueprint(blueprint)

    assert ext.sessionstore.ttl_support

    # _THIS_ is what flask_kvsession uses to determine default ttl
    # sets default ttl to `ttl_seconds` seconds
    app.config['PERMANENT_SESSION_LIFETIME'] = ttl_delta
    assert app.permanent_session_lifetime.total_seconds() == ttl_seconds

    user = testutils.create_test_user()
    with app.test_client() as client:
        testutils.login_user_via_view(client, user=user)
        assert len(testutils.get_kvsession_keys()) == 1

        sid = testutils.unserialize_session(flask.session.sid_s)
        testutils.let_session_expire()

        assert sid.has_expired(ttl_delta)
        assert not testutils.client_authenticated(client)

        # Expired sessions are automagically removed from the sessionstore
        # Although not _instantly_.
        while len(testutils.get_kvsession_keys()) > 0:
            pass
        assert len(testutils.get_kvsession_keys()) == 0
Пример #24
0
def test_sessionstore_default_ttl_secs(app):
    """Test the `default_ttl_secs` field for simplekv sessionstore.

    See http://simplekv.readthedocs.io/index.html#simplekv.TimeToLiveMixin.
    """
    if type(app.kvsession_store) is not RedisStore:
        pytest.skip('TTL support needed, this test requires Redis.')

    ttl_seconds = 3
    ttl_delta = datetime.timedelta(0, ttl_seconds)

    sessionstore = app.kvsession_store
    sessionstore.default_ttl_secs = ttl_seconds

    # Verify that the backend supports ttl
    assert sessionstore.ttl_support

    app.kvsession_store = sessionstore

    with app.app_context():
        user = testutils.create_test_user('*****@*****.**')

        with app.test_client() as client:
            testutils.login_user_via_view(client, user=user)
            sid = testutils.unserialize_session(session.sid_s)
            while not sid.has_expired(ttl_delta):
                pass
            # When we get here the session should have expired.
            # But the client is still authenticated.
            assert testutils.client_authenticated(client)
Пример #25
0
def test_repeated_login_session_population(app):
    """Verify that the number of SessionActivity entries match the number of
    sessions in the kv-store, when logging in with one user."""
    InvenioAccounts(app)
    app.register_blueprint(blueprint)

    user = testutils.create_test_user()
    query = _datastore.db.session.query(SessionActivity)
    assert query.count() == len(testutils.get_kvsession_keys())

    with app.test_client() as client:
        # After logging in, there should be one session in the kv-store and
        # one SessionActivity
        testutils.login_user_via_view(client, user=user)
        assert testutils.client_authenticated(client)
        query = _datastore.db.session.query(SessionActivity)
        assert query.count() == 1
        assert query.count() == len(testutils.get_kvsession_keys())

        # Sessions are not deleted upon logout
        client.get(flask_security.url_for_security('logout'))
        assert len(testutils.get_kvsession_keys()) == 1
        query = _datastore.db.session.query(SessionActivity)
        assert query.count() == len(testutils.get_kvsession_keys())

        # After logging out and back in, the number of sessions correspond to
        # the number of SessionActivity entries.
        testutils.login_user_via_view(client, user=user)
        query = _datastore.db.session.query(SessionActivity)
        assert query.count() == len(testutils.get_kvsession_keys())
Пример #26
0
def test_session_deletion(app):
    """Test that a user/client is no longer authenticated when its session is
    deleted via `delete_session`."""
    InvenioAccounts(app)
    app.register_blueprint(blueprint)
    user = testutils.create_test_user()

    with app.test_client() as client:
        testutils.login_user_via_view(client, user=user)
        assert testutils.client_authenticated(client)
        assert len(user.active_sessions) == 1
        saved_sid_s = flask.session.sid_s

        delete_session(saved_sid_s)
        # The user now has no active sessions
        assert len(testutils.get_kvsession_keys()) == 0
        assert len(user.active_sessions) == 0
        query = _datastore.db.session.query(SessionActivity)
        assert query.count() == 0

        # After deleting the session, the client is not authenticated
        assert not testutils.client_authenticated(client)

        # A new session is created in the kv-sessionstore, but its
        # sid_s is different and the user is not authenticated with it.
        assert len(testutils.get_kvsession_keys()) == 1
        assert not flask.session.sid_s == saved_sid_s
        assert not testutils.client_authenticated(client)
Пример #27
0
def test_sip_model(db):
    """Test the SIP model."""
    user1 = create_test_user('*****@*****.**')

    # Valid agent JSON
    agent1 = {'email': '*****@*****.**', 'ip_address': '1.1.1.1'}

    # Invalid agent JSON
    agent2 = {
        'email': ['should', 'not', 'be', 'a', 'list'],
        'ip_address': {'definitely': 'not', 'a': 'dict'},
    }
    # Agent JSON with wrong schema
    agent3 = {
        'email': '*****@*****.**',
        'ip_address': '1.1.1.1',
        '$schema': 'http://incorrect/agent/schema.json',
    }
    sip1 = SIP.create(user_id=user1.id, agent=agent1)
    assert sip1.user == user1

    SIP.create()
    SIP.create(user_id=user1.id, agent=agent1)
    assert SIP.query.count() == 3

    pytest.raises(ValidationError, SIP.create, agent=agent2)
    pytest.raises(SIPUserDoesNotExist, SIP.create, user_id=5)
    pytest.raises(JSONSchemaNotFound, SIP.create, agent=agent3)
    db.session.commit()
Пример #28
0
def test_session_deletion(app):
    """Test if user is not authenticated when session is deleted."""
    with app.app_context():
        user = testutils.create_test_user('*****@*****.**')

        with app.test_client() as client:
            testutils.login_user_via_view(client, user=user)
            assert testutils.client_authenticated(client)
            assert len(user.active_sessions) == 1
            saved_sid_s = session.sid_s

            delete_session(saved_sid_s)
            db.session.commit()
            # The user now has no active sessions
            assert len(app.kvsession_store.keys()) == 0
            assert len(user.active_sessions) == 0
            query = db.session.query(SessionActivity)
            assert query.count() == 0

            # After deleting the session, the client is not authenticated
            assert not testutils.client_authenticated(client)

            # A new session is created in the kv-sessionstore, but its
            # sid_s is different and the user is not authenticated with it.
            assert len(app.kvsession_store.keys()) == 1
            assert not session.sid_s == saved_sid_s
            assert not testutils.client_authenticated(client)
Пример #29
0
def test_session_ttl(app):
    """Test actual/working session expiration/TTL settings."""
    if type(app.kvsession_store) is not RedisStore:
        pytest.skip('TTL support needed, this test requires Redis.')

    ttl_seconds = 3
    # Set ttl to "0 days, 1 seconds"
    ttl_delta = datetime.timedelta(0, ttl_seconds)

    assert app.kvsession_store.ttl_support

    # _THIS_ is what flask_kvsession uses to determine default ttl
    # sets default ttl to `ttl_seconds` seconds
    app.config['PERMANENT_SESSION_LIFETIME'] = ttl_delta
    assert app.permanent_session_lifetime.total_seconds() == ttl_seconds

    with app.app_context():
        user = testutils.create_test_user('*****@*****.**')

        with app.test_client() as client:
            testutils.login_user_via_view(client, user=user)
            assert len(app.kvsession_store.keys()) == 1

            sid = testutils.unserialize_session(session.sid_s)
            time.sleep(ttl_seconds + 1)

            assert sid.has_expired(ttl_delta)
            assert not testutils.client_authenticated(client)

            # Expired sessions are automagically removed from the sessionstore
            # Although not _instantly_.
            while len(app.kvsession_store.keys()) > 0:
                pass
            assert len(app.kvsession_store.keys()) == 0
Пример #30
0
def admin_user(db):
    """Permission for admin users."""
    perms = [
        location_update_all,
        bucket_read_all,
        bucket_read_versions_all,
        bucket_update_all,
        bucket_listmultiparts_all,
        object_read_all,
        object_read_version_all,
        object_delete_all,
        object_delete_version_all,
        multipart_read_all,
        multipart_delete_all,
        bucket_read_all,
        object_read_all,
        bucket_update_all,
        object_delete_all,
        multipart_read_all,
        object_read_all,
    ]

    admin = Role(name='admin')

    for perm in perms:
        db.session.add(ActionRoles.allow(perm, role=admin))

    admin_user = create_test_user(email='*****@*****.**',
                                  password='******',
                                  active=True)
    admin.users.append(admin_user)

    db.session.commit()

    yield admin_user
Пример #31
0
def test_repeated_login_session_population(app):
    """Verify session population on repeated login."""
    with app.app_context():
        user = testutils.create_test_user('*****@*****.**')
        query = db.session.query(SessionActivity)
        assert query.count() == len(app.kvsession_store.keys())

        with app.test_client() as client:
            # After logging in, there should be one session in the kv-store and
            # one SessionActivity
            testutils.login_user_via_view(client, user=user)
            assert testutils.client_authenticated(client)
            query = db.session.query(SessionActivity)
            assert query.count() == 1
            assert len(app.kvsession_store.keys()) == 1
            first_login_session_id = app.kvsession_store.keys()[0]

            # SessionActivity is deleted upon logout
            client.get(flask_security.url_for_security('logout'))
            query = db.session.query(SessionActivity)
            assert query.count() == 0
            # Session id changes after logout
            assert len(app.kvsession_store.keys()) == 1
            assert first_login_session_id != app.kvsession_store.keys()[0]

            # After logging out and back in, the should be one
            # SessionActivity entry.
            testutils.login_user_via_view(client, user=user)
            query = db.session.query(SessionActivity)
            assert query.count() == 1
            assert len(app.kvsession_store.keys()) == 1
            assert first_login_session_id != app.kvsession_store.keys()[0]
Пример #32
0
def test_load_permissions_on_identity_loaded(app):
    """Check that the needs are loaded properly in the user Identity."""
    InvenioAccess(app)

    with app.test_request_context():
        identity_changed.send(current_app._get_current_object(),
                              identity=AnonymousIdentity())
        assert g.identity.provides == {any_user}

    with app.test_request_context():
        user = testutils.create_test_user('*****@*****.**')
        login_user(user)
        assert g.identity.provides == {
            any_user, authenticated_user, UserNeed(user.id)
        }
        logout_user()
        # FIXME: The user is still authenticatd when the identity loader
        # is called during logout. We could filter on AnonymousIdentity, but
        # This would be inconsistent as the UserNeed(user.id) is still there.
        # This will pass even if it is unexpected:
        # assert g.identity.provides == {
        #     any_user, authenticated_user, UserNeed(user.id)
        # }
        # Forcing the identity to reload again cleans the mess. In practice
        # this won't be needed as the identity is reloaded between requests.
        identity_changed.send(current_app._get_current_object(),
                              identity=AnonymousIdentity())
        assert g.identity.provides == {any_user}
Пример #33
0
def test_session_ttl(app):
    """Test actual/working session expiration/TTL settings."""
    ttl_seconds = 1
    # Set ttl to "0 days, 1 seconds"
    ttl_delta = datetime.timedelta(0, ttl_seconds)

    ext = InvenioAccounts(app)
    app.register_blueprint(blueprint)

    assert ext.sessionstore.ttl_support

    # _THIS_ is what flask_kvsession uses to determine default ttl
    # sets default ttl to `ttl_seconds` seconds
    app.config['PERMANENT_SESSION_LIFETIME'] = ttl_delta
    assert app.permanent_session_lifetime.total_seconds() == ttl_seconds

    user = testutils.create_test_user()
    with app.test_client() as client:
        testutils.login_user_via_view(client, user=user)
        assert len(testutils.get_kvsession_keys()) == 1

        sid = testutils.unserialize_session(flask.session.sid_s)
        testutils.let_session_expire()

        assert sid.has_expired(ttl_delta)
        assert not testutils.client_authenticated(client)

        # Expired sessions are automagically removed from the sessionstore
        # Although not _instantly_.
        while len(testutils.get_kvsession_keys()) > 0:
            pass
        assert len(testutils.get_kvsession_keys()) == 0
Пример #34
0
def test_Archive(db):
    """Test the Archive model class."""
    assert Archive.query.count() == 0
    # we create an SIP, it will automatically create an Archive via signals
    user = create_test_user('*****@*****.**')
    sip = SIP.create(True, user_id=user.id, agent={'test': 'test'})
    db.session.commit()

    assert Archive.query.count() == 1
    ark = Archive.get_from_sip(sip.id)
    assert ark.sip.user.id == sip.user.id
    assert ark.status == ArchiveStatus.NEW
    assert ark.accession_id is None
    assert ark.archivematica_id is None
    # let's change the object
    ark.status = ArchiveStatus.REGISTERED
    ark.accession_id = '08'
    ark.archivematica_id = sip.id
    db.session.commit()
    ark = Archive.get_from_accession_id('08')
    assert Archive.query.count() == 1
    assert ark.status == ArchiveStatus.REGISTERED
    assert ark.archivematica_id == sip.id
    # we try to get a non existing record
    assert Archive.get_from_sip(uuid.uuid4()) is None
Пример #35
0
def test_change_password_view(api):
    app = api
    with app.app_context():
        normal_user = create_test_user(email='*****@*****.**')
        db.session.commit()
        with app.test_client() as client:
            url = url_for('invenio_accounts_rest_auth.change_password')

            # Not authorized user
            res = client.post(url,
                              data=dict(password='******',
                                        new_password='******'))
            assert_error_resp(
                res,
                ((None, 'server could not verify that you are authorized'), ),
                expected_status_code=401)

            # Logged in user
            _login_user(client, normal_user)

            # Same password
            res = client.post(url,
                              data=dict(password='******',
                                        new_password='******'))
            assert_error_resp(
                res, (('password', 'new password must be different'), ))

            # Valid password
            res = client.post(url,
                              data=dict(password='******',
                                        new_password='******'))
            payload = get_json(res)
            assert 'successfully changed your password' in payload['message']
            # Log in using new password
            _login_user(client, normal_user, password='******')
Пример #36
0
def test_repeated_login_session_population(app):
    """Verify that the number of SessionActivity entries match the number of
    sessions in the kv-store, when logging in with one user."""
    InvenioAccounts(app)
    app.register_blueprint(blueprint)

    user = testutils.create_test_user()
    query = _datastore.db.session.query(SessionActivity)
    assert query.count() == len(testutils.get_kvsession_keys())

    with app.test_client() as client:
        # After logging in, there should be one session in the kv-store and
        # one SessionActivity
        testutils.login_user_via_view(client, user=user)
        assert testutils.client_authenticated(client)
        query = _datastore.db.session.query(SessionActivity)
        assert query.count() == 1
        assert query.count() == len(testutils.get_kvsession_keys())

        # Sessions are not deleted upon logout
        client.get(flask_security.url_for_security('logout'))
        assert len(testutils.get_kvsession_keys()) == 1
        query = _datastore.db.session.query(SessionActivity)
        assert query.count() == len(testutils.get_kvsession_keys())

        # After logging out and back in, the number of sessions correspond to
        # the number of SessionActivity entries.
        testutils.login_user_via_view(client, user=user)
        query = _datastore.db.session.query(SessionActivity)
        assert query.count() == len(testutils.get_kvsession_keys())
Пример #37
0
def test_repeated_login_session_population(app):
    """Verify session population on repeated login."""
    with app.app_context():
        user = testutils.create_test_user('*****@*****.**')
        query = db.session.query(SessionActivity)
        assert query.count() == len(app.kvsession_store.keys())

        with app.test_client() as client:
            # After logging in, there should be one session in the kv-store and
            # one SessionActivity
            testutils.login_user_via_view(client, user=user)
            assert testutils.client_authenticated(client)
            query = db.session.query(SessionActivity)
            assert query.count() == 1
            assert len(app.kvsession_store.keys()) == 1
            first_login_session_id = app.kvsession_store.keys()[0]

            # Sessions are not deleted upon logout
            client.get(flask_security.url_for_security('logout'))
            assert len(app.kvsession_store.keys()) == 1
            query = db.session.query(SessionActivity)
            assert query.count() == 1
            assert len(app.kvsession_store.keys()) == 1
            # Session id doesn't change after logout
            assert first_login_session_id == app.kvsession_store.keys()[0]

            # After logging out and back in, the inital session id in the
            # sessionstore should be updated, and there should be two
            # SessionActivity entries (the old one and the regenerated).
            testutils.login_user_via_view(client, user=user)
            query = db.session.query(SessionActivity)
            assert query.count() == 2
            assert len(app.kvsession_store.keys()) == 1
            assert first_login_session_id != app.kvsession_store.keys()[0]
Пример #38
0
def test_session_ttl(app):
    """Test actual/working session expiration/TTL settings."""
    if type(app.kvsession_store) is not RedisStore:
        pytest.skip('TTL support needed, this test requires Redis.')

    ttl_seconds = 1
    # Set ttl to "0 days, 1 seconds"
    ttl_delta = datetime.timedelta(0, ttl_seconds)

    assert app.kvsession_store.ttl_support

    # _THIS_ is what flask_kvsession uses to determine default ttl
    # sets default ttl to `ttl_seconds` seconds
    app.config['PERMANENT_SESSION_LIFETIME'] = ttl_delta
    assert app.permanent_session_lifetime.total_seconds() == ttl_seconds

    with app.app_context():
        user = testutils.create_test_user()

        with app.test_client() as client:
            testutils.login_user_via_view(client, user=user)
            assert len(app.kvsession_store.keys()) == 1

            sid = testutils.unserialize_session(flask.session.sid_s)
            time.sleep(ttl_seconds + 1)

            assert sid.has_expired(ttl_delta)
            assert not testutils.client_authenticated(client)

            # Expired sessions are automagically removed from the sessionstore
            # Although not _instantly_.
            while len(app.kvsession_store.keys()) > 0:
                pass
            assert len(app.kvsession_store.keys()) == 0
Пример #39
0
def test_session_deletion(app):
    """Test that a user/client is no longer authenticated when its session is
    deleted via `delete_session`."""
    with app.app_context():
        user = testutils.create_test_user()

        with app.test_client() as client:
            testutils.login_user_via_view(client, user=user)
            assert testutils.client_authenticated(client)
            assert len(user.active_sessions) == 1
            saved_sid_s = flask.session.sid_s

            delete_session(saved_sid_s)
            db.session.commit()
            # The user now has no active sessions
            assert len(app.kvsession_store.keys()) == 0
            assert len(user.active_sessions) == 0
            query = db.session.query(SessionActivity)
            assert query.count() == 0

            # After deleting the session, the client is not authenticated
            assert not testutils.client_authenticated(client)

            # A new session is created in the kv-sessionstore, but its
            # sid_s is different and the user is not authenticated with it.
            assert len(app.kvsession_store.keys()) == 1
            assert not flask.session.sid_s == saved_sid_s
            assert not testutils.client_authenticated(client)
Пример #40
0
def test_reset_password_view(api):
    from flask_security.recoverable import generate_reset_password_token
    app = api
    with app.app_context():
        normal_user = create_test_user(email='*****@*****.**')
        # Generate token
        token = generate_reset_password_token(normal_user)
        db.session.commit()
        with app.test_client() as client:
            url = url_for('invenio_accounts_rest_auth.reset_password')
            res = client.post(url,
                              data=dict(password='******', token=token))
            payload = get_json(res)
            assert res.status_code == 200
            assert 'You successfully reset your password' in payload['message']

            # Login using new password
            res = client.post(url,
                              data=dict(email='*****@*****.**',
                                        password='******'))
            payload = get_json(res)
            assert res.status_code == 200
            assert payload['id'] == normal_user.id
            assert payload['email'] == normal_user.email
            session_cookie = next(c for c in client.cookie_jar
                                  if c.name == 'session')
            assert session_cookie is not None
            assert session_cookie.value
Пример #41
0
def test_sip_model(db):
    """Test the SIP model."""
    user1 = create_test_user('*****@*****.**')

    # Valid agent JSON
    agent1 = {'email': '*****@*****.**', 'ip_address': '1.1.1.1'}

    # Invalid agent JSON
    agent2 = {
        'email': ['should', 'not', 'be', 'a', 'list'],
        'ip_address': {'definitely': 'not', 'a': 'dict'},
    }
    # Agent JSON with wrong schema
    agent3 = {
        'email': '*****@*****.**',
        'ip_address': '1.1.1.1',
        '$schema': 'http://incorrect/agent/schema.json',
    }
    sip1 = SIP.create(user_id=user1.id, agent=agent1)
    assert sip1.user == user1

    SIP.create()
    SIP.create(user_id=user1.id, agent=agent1)
    assert SIP.query.count() == 3

    pytest.raises(ValidationError, SIP.create, agent=agent2)
    pytest.raises(SIPUserDoesNotExist, SIP.create, user_id=5)
    pytest.raises(JSONSchemaNotFound, SIP.create, agent=agent3)
    db.session.commit()
Пример #42
0
def test_repeated_login_session_population(app):
    """Verify session population on repeated login.

    Check that the number of SessionActivity entries match the number of
    sessions in the kv-store, when logging in with one user.
    """
    with app.app_context():
        user = testutils.create_test_user()
        query = db.session.query(SessionActivity)
        assert query.count() == len(app.kvsession_store.keys())

        with app.test_client() as client:
            # After logging in, there should be one session in the kv-store and
            # one SessionActivity
            testutils.login_user_via_view(client, user=user)
            assert testutils.client_authenticated(client)
            query = db.session.query(SessionActivity)
            assert query.count() == 1
            assert query.count() == len(app.kvsession_store.keys())

            # Sessions are not deleted upon logout
            client.get(flask_security.url_for_security('logout'))
            assert len(app.kvsession_store.keys()) == 1
            query = db.session.query(SessionActivity)
            assert query.count() == len(app.kvsession_store.keys())

            # After logging out and back in, the number of sessions correspond
            # to the number of SessionActivity entries.
            testutils.login_user_via_view(client, user=user)
            query = db.session.query(SessionActivity)
            assert query.count() == len(app.kvsession_store.keys())
Пример #43
0
def test_user_login(app):
    """Test users' high-level login process."""
    with app.app_context():
        user = create_test_user('*****@*****.**')
        with app.test_client() as client:
            login_user_via_view(client, user.email, user.password_plaintext)
            assert client_authenticated(client)
def test_model_featured_community(app):
    """Test the featured community model and actions."""
    with app.app_context():
        # Create a user and two communities
        t1 = datetime.now()
        user1 = create_test_user()
        comm1 = Community(id='comm1', id_user=user1.id)
        comm2 = Community(id='comm2', id_user=user1.id)
        db.session.add(comm1)
        db.session.add(comm2)
        db.session.commit()

        # Create two community featurings starting at different times
        fc1 = FeaturedCommunity(id_community=comm1.id,
                                start_date=t1 + timedelta(days=1))
        fc2 = FeaturedCommunity(id_community=comm2.id,
                                start_date=t1 + timedelta(days=3))
        db.session.add(fc1)
        db.session.add(fc2)
        # Check the featured community at three different points in time
        assert FeaturedCommunity.get_featured_or_none(start_date=t1) is None
        assert FeaturedCommunity.get_featured_or_none(
            start_date=t1 + timedelta(days=2)) is comm1
        assert FeaturedCommunity.get_featured_or_none(
            start_date=t1 + timedelta(days=4)) is comm2
Пример #45
0
def test_sessionstore_default_ttl_secs(app):
    """Test the `default_ttl_secs` field for simplekv sessionstore.

    See http://pythonhosted.org/simplekv/index.html#simplekv.TimeToLiveMixin.
    """
    if type(app.kvsession_store) is not RedisStore:
        pytest.skip('TTL support needed, this test requires Redis.')

    ttl_seconds = 1
    ttl_delta = datetime.timedelta(0, ttl_seconds)

    sessionstore = app.kvsession_store
    sessionstore.default_ttl_secs = ttl_seconds

    # Verify that the backend supports ttl
    assert sessionstore.ttl_support

    app.kvsession_store = sessionstore

    with app.app_context():
        user = testutils.create_test_user()

        with app.test_client() as client:
            testutils.login_user_via_view(client, user=user)
            sid = testutils.unserialize_session(flask.session.sid_s)
            while not sid.has_expired(ttl_delta):
                pass
            # When we get here the session should have expired.
            # But the client is still authenticated.
            assert testutils.client_authenticated(client)
Пример #46
0
def test_sessionstore_default_ttl_secs(app):
    """Test the `default_ttl_secs` field for simplekv sessionstore backends
    using the TimeToLive-mixin
    (http://pythonhosted.org/simplekv/index.html#simplekv.TimeToLiveMixin)"""
    ttl_seconds = 1
    ttl_delta = datetime.timedelta(0, ttl_seconds)

    sessionstore = RedisStore(redis.StrictRedis())
    sessionstore.default_ttl_secs = ttl_seconds

    ext = InvenioAccounts(app, sessionstore=sessionstore)
    app.register_blueprint(blueprint)

    # Verify that the backend supports ttl
    assert ext.sessionstore.ttl_support

    user = testutils.create_test_user()
    with app.test_client() as client:
        testutils.login_user_via_view(client, user=user)
        sid = testutils.unserialize_session(flask.session.sid_s)
        while not sid.has_expired(ttl_delta):
            pass
        # When we get here the session should have expired.
        # But the client is still authenticated.
        assert testutils.client_authenticated(client)
Пример #47
0
def test_create_test_user_defaults(app):
    """Test the default values for testutils.py:create_test_user."""
    with app.app_context():
        user = testutils.create_test_user()
        with app.test_client() as client:
            testutils.login_user_via_view(client, user.email,
                                          user.password_plaintext)
            assert testutils.client_authenticated(client)
Пример #48
0
def test_registration_view(api):
    app = api
    with app.app_context():
        create_test_user(email='*****@*****.**')
        db.session.commit()
        with app.test_client() as client:
            url = url_for('invenio_accounts_rest_auth.register')

            # Missing fields
            res = client.post(url)
            assert_error_resp(res, (
                ('password', 'required'),
                ('email', 'required'),
            ))

            # Invalid fields
            res = client.post(url,
                              data=dict(email='invalid-email',
                                        password='******'))
            assert_error_resp(res, (
                ('password', 'length'),
                ('email', 'not a valid email'),
            ))

            # Existing user
            res = client.post(url,
                              data=dict(email='*****@*****.**',
                                        password='******'))
            assert_error_resp(
                res, (('email', '[email protected] is already associated'), ))

            # Successful registration
            res = client.post(url,
                              data=dict(email='*****@*****.**',
                                        password='******'))
            payload = get_json(res)
            assert res.status_code == 200
            assert payload['id'] == 2
            assert payload['email'] == '*****@*****.**'
            session_cookie = next(c for c in client.cookie_jar
                                  if c.name == 'session')
            assert session_cookie is not None
            assert session_cookie.value

            res = client.get(url_for('invenio_accounts_rest_auth.user_info'))
            assert res.status_code == 200
Пример #49
0
def test_clean_session_table(task_app):
    """Test clean session table."""
    # set session lifetime
    task_app.permanent_session_lifetime = timedelta(seconds=20)

    # protected page
    @task_app.route('/test', methods=['GET'])
    @login_required
    def test():
        return 'test'

    with task_app.test_request_context():
        user1 = create_test_user(email='*****@*****.**')
        user2 = create_test_user(email='*****@*****.**')

        with task_app.test_client() as client:
            client.post(url_for_security('login'), data=dict(
                email=user1.email,
                password=user1.password_plaintext,
            ))
        assert len(SessionActivity.query.all()) == 1
        sleep(15)

        with task_app.test_client() as client:
            client.post(url_for_security('login'), data=dict(
                email=user2.email,
                password=user2.password_plaintext,
            ))
            assert len(SessionActivity.query.all()) == 2
            sleep(10)

            clean_session_table.s().apply()
            assert len(SessionActivity.query.all()) == 1

            protected_url = url_for('test')

            res = client.get(protected_url)
            assert res.status_code == 200

            sleep(15)
            clean_session_table.s().apply()
            assert len(SessionActivity.query.all()) == 0

            res = client.get(protected_url)
            # check if the user is really logout
            assert res.status_code == 302
Пример #50
0
def permissions(db, bucket):
    """Permission for users."""
    users = {
        None: None,
    }

    for user in [
            'auth', 'location', 'bucket',
            'objects', 'objects-read-version']:
        users[user] = create_test_user(
            email='{0}@invenio-software.org'.format(user),
            password='******',
            active=True
        )

    location_perms = [
        location_update_all,
        bucket_read_all,
        bucket_read_versions_all,
        bucket_update_all,
        bucket_listmultiparts_all,
        object_read_all,
        object_read_version_all,
        object_delete_all,
        object_delete_version_all,
        multipart_read_all,
        multipart_delete_all,
    ]

    bucket_perms = [
        bucket_read_all,
        object_read_all,
        bucket_update_all,
        object_delete_all,
        multipart_read_all,
    ]

    objects_perms = [
        object_read_all,
    ]

    for perm in location_perms:
        db.session.add(ActionUsers(
            action=perm.value,
            user=users['location']))
    for perm in bucket_perms:
        db.session.add(ActionUsers(
            action=perm.value,
            argument=str(bucket.id),
            user=users['bucket']))
    for perm in objects_perms:
        db.session.add(ActionUsers(
            action=perm.value,
            argument=str(bucket.id),
            user=users['objects']))
    db.session.commit()

    yield users
Пример #51
0
def users(app, db):
    """Demo users."""
    sender = create_test_user(
        email='*****@*****.**',
        password='******',
        confirmed_at=datetime.utcnow(),
    )
    receiver = create_test_user(
        email='*****@*****.**',
        password='******',
    )

    users = {
        "sender": dict(id=sender.id),
        "receiver": dict(id=receiver.id),
    }

    return users
Пример #52
0
def test_session_activity_model(app):
    """Test SessionActivity model."""
    ext = InvenioAccounts(app)
    app.register_blueprint(blueprint)

    # SessionActivity table is in the datastore database.
    datastore = app.extensions['invenio-accounts'].datastore
    inspector = inspect(datastore.db.engine)
    assert 'accounts_user_session_activity' in inspector.get_table_names()

    user = testutils.create_test_user()

    # Create a new SessionActivity object, put it in the datastore.
    session_activity = SessionActivity(user_id=user.get_id(),
                                       sid_s="teststring")
    database = datastore.db

    # the `created` field is magicked in via the Timestamp mixin class
    assert not session_activity.created
    assert not session_activity.id
    database.session.add(session_activity)
    # Commit it to the books.
    database.session.commit()
    assert session_activity.created
    assert session_activity.id
    assert len(user.active_sessions) == 1

    # Now how does this look on the user object?
    assert session_activity == user.active_sessions[0]

    session_two = SessionActivity(user_id=user.get_id(),
                                  sid_s="testring_2")
    database.session.add(session_two)
    # Commit it to the books.
    database.session.commit()

    assert len(user.active_sessions) == 2
    # Check #columns in table
    queried = database.session.query(SessionActivity)
    assert queried.count() == 2
    active_sessions = queried.all()
    assert session_activity.sid_s in [x.sid_s for x in active_sessions]
    assert session_two in queried.filter(
        SessionActivity.sid_s == session_two.sid_s)
    assert queried.count() == 2  # `.filter` doesn't change the query

    # Test session deletion
    session_to_delete = user.active_sessions[0]
    database.session.delete(session_to_delete)
    assert len(user.active_sessions) == 2  # Not yet updated.
    assert queried.count() == 1
    # Deletion is visible on `user` once database session is commited.
    database.session.commit()
    assert len(user.active_sessions) == 1
    assert user.active_sessions[0].sid_s != session_to_delete.sid_s
def test_model_init(app):
    """Test basic model initialization and actions."""
    with app.app_context():
        # Init the User and the Community
        user1 = create_test_user()
        comm1 = Community(id='comm1', id_user=user1.id)
        db.session.add(comm1)
        db.session.commit()
        communities_key = app.config["COMMUNITIES_RECORD_KEY"]
        # Create a record and accept it into the community by creating an
        # InclusionRequest and then calling the accept action
        rec1 = Record.create({'title': 'Foobar'})
        InclusionRequest.create(community=comm1, record=rec1)
        assert InclusionRequest.query.count() == 1
        comm1.accept_record(rec1)
        assert 'comm1' in rec1[communities_key]
        assert InclusionRequest.query.count() == 0

        # Likewise, reject a record from the community
        rec2 = Record.create({'title': 'Bazbar'})
        InclusionRequest.create(community=comm1, record=rec2)
        assert InclusionRequest.query.count() == 1
        comm1.reject_record(rec2)
        assert communities_key not in rec2  # dict key should not be created
        assert InclusionRequest.query.count() == 0

        # Add record to another community
        comm2 = Community(id='comm2', id_user=user1.id)
        db.session.add(comm2)
        db.session.commit()
        InclusionRequest.create(community=comm2, record=rec1)
        comm2.accept_record(rec1)
        assert communities_key in rec1
        assert len(rec1[communities_key]) == 2
        assert comm1.id in rec1[communities_key]
        assert comm2.id in rec1[communities_key]

        # Accept/reject a record to/from a community without inclusion request
        rec3 = Record.create({'title': 'Spam'})
        pytest.raises(InclusionRequestMissingError, comm1.accept_record, rec3)
        pytest.raises(InclusionRequestMissingError, comm1.reject_record, rec3)

        # Create two inclusion requests
        comm3 = Community(id='comm3', id_user=user1.id)
        db.session.add(comm3)
        db.session.commit()
        InclusionRequest.create(community=comm3, record=rec1)
        pytest.raises(InclusionRequestExistsError, InclusionRequest.create,
                      community=comm3, record=rec1)

        # Try to accept a record to a community twice (should raise)
        # (comm1 is already in rec1)
        pytest.raises(InclusionRequestObsoleteError, InclusionRequest.create,
                      community=comm1, record=rec1)
Пример #54
0
def test_login_user_via_session(app):
    """Test the login-via-view function/hack."""
    email = '*****@*****.**'
    password = '******'

    with app.app_context():
        user = testutils.create_test_user(email, password)
        with app.test_client() as client:
            assert not testutils.client_authenticated(client)
            testutils.login_user_via_session(client, email=user.email)
            assert testutils.client_authenticated(client)
Пример #55
0
def test_RecordSIP_create(db, mocker):
    """Test create method from the API class RecordSIP."""
    # we setup a file storage
    tmppath = tempfile.mkdtemp()
    db.session.add(Location(name='default', uri=tmppath, default=True))
    # setup metadata
    mtype = SIPMetadataType(title='JSON Test', name='json-test',
                            format='json', schema='url://to/schema')
    db.session.add(mtype)
    db.session.commit()
    # first we create a record
    recid = uuid.uuid4()
    pid = PersistentIdentifier.create(
        'recid',
        '1337',
        object_type='rec',
        object_uuid=recid,
        status=PIDStatus.REGISTERED)
    mocker.patch('invenio_records.api.RecordBase.validate',
                 return_value=True, autospec=True)
    record = Record.create(
        {'title': 'record test', '$schema': 'url://to/schema'},
        recid)
    # we add a file to the record
    bucket = Bucket.create()
    content = b'Test file\n'
    RecordsBuckets.create(record=record.model, bucket=bucket)
    record.files['test.txt'] = BytesIO(content)
    db.session.commit()
    # Let's create a SIP
    user = create_test_user('*****@*****.**')
    agent = {'email': '*****@*****.**', 'ip_address': '1.1.1.1'}
    rsip = RecordSIP.create(pid, record, True, user_id=user.id, agent=agent)
    db.session.commit()
    # test!
    assert RecordSIP_.query.count() == 1
    assert SIP_.query.count() == 1
    assert SIPFile.query.count() == 1
    assert SIPMetadata.query.count() == 1
    assert len(rsip.sip.files) == 1
    assert len(rsip.sip.metadata) == 1
    metadata = rsip.sip.metadata[0]
    assert metadata.type.format == 'json'
    assert '"title": "record test"' in metadata.content
    assert rsip.sip.archivable is True
    # we try with no files
    rsip = RecordSIP.create(pid, record, True, create_sip_files=False,
                            user_id=user.id, agent=agent)
    assert SIPFile.query.count() == 1
    assert SIPMetadata.query.count() == 2
    assert len(rsip.sip.files) == 0
    assert len(rsip.sip.metadata) == 1
    # finalization
    rmtree(tmppath)
def create_user_with_access(username, action):
    user = _datastore.find_user(email=username)

    if not user:
        user = create_test_user(email=username, password='******')

    db_.session.add(ActionUsers.allow(
        ActionNeed(action), user=user))

    db_.session.commit()

    return user
def test_communities_load(db, communities_dump, featured_dump, logos_dir):
    """Load the communities JSON dump."""
    # Create a single user (with id=1) to meet the community's FK constraint.
    create_test_user('*****@*****.**', password='******')

    # Initialize communities bucket (requires a default Location)
    loc = Location(name='local', uri='file:///tmp', default=True)
    db.session.add(loc)
    db.session.commit()
    initialize_communities_bucket()

    # Load the communities
    for data in communities_dump:
        load_community.delay(data, logos_dir)

    # Check if community was loaded correctly
    assert Community.query.count() == 1
    c = Community.query.first()
    assert c.title == 'Invenio Community'
    assert c.id == 'invenio'

    # Check object metadata
    assert ObjectVersion.query.count() == 1  # Check if the logo was created
    assert ObjectVersion.query.first().key == 'invenio/logo.jpg'

    # Open the original logo from test data and check if checksums match
    with open(join(logos_dir, 'invenio.jpg'), 'rb') as fp:
        logo_checksum = hashlib.md5(fp.read()).hexdigest()
        assert ObjectVersion.query.first().file.checksum == \
            'md5:{0}'.format(logo_checksum)

    # Load the community featurings
    for data in featured_dump:
        load_featured.delay(data)

    # Make sure they are loaded correctly
    assert FeaturedCommunity.query.count() == 1
    fc = FeaturedCommunity.query.first()
    assert fc.community.id == c.id
def create_user_with_role(username, rolename):
    _datastore = LocalProxy(
        lambda: current_app.extensions['security'].datastore)

    user, role = _datastore._prepare_role_modify_args(username, rolename)

    if not user:
        user = create_test_user(email=username, password='******')
    if not role:
        role = _datastore.create_role(name=rolename)

    _datastore.add_role_to_user(user, role)

    return user
Пример #59
0
def test_login_user_via_view(app):
    """Test the login-via-view function/hack."""
    InvenioAccounts(app)
    app.register_blueprint(blueprint)
    email = '*****@*****.**'
    password = '******'

    with app.app_context():
        user = testutils.create_test_user(email, password)
        with app.test_client() as client:
            assert not testutils.client_authenticated(client)
            testutils.login_user_via_view(client, user.email,
                                          user.password_plaintext)
            assert testutils.client_authenticated(client)