def test_student_post_doesnt_set_first_last_name():
old_first = "student1i"
old_last = "student"
params = {
"username": "******",
"password": "******",
"new_first_name": "asdf",
"new_last_name": "cheese",
}
r, data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200
details_dict = User("student_coll1_1").details_dictionary_for(
User.create_user("student_coll1_1", "cows"))
# restore original data
u = User("student_coll1_1")
u.set_first_name(old_first)
u.set_last_name(old_last)
u.save()
assert details_dict["first_name"] == old_first
assert details_dict["last_name"] == old_last
def test_post_sets_own_password_and_name():
old_password = "******"
new_password = '******'
old_first = "Blue"
old_last = "Shirt"
params = {
"username": "******",
"password": old_password,
"new_password": new_password,
"new_first_name": 'new_first',
"new_last_name": 'new_last',
}
r, data = test_helpers.server_post("/user/blueshirt", params)
assert r.status == 200
assert User("blueshirt")._user.bind(new_password)
u = User("blueshirt")
first = u.first_name
last = u.last_name
u.set_password(old_password)
u.set_first_name(old_first)
u.set_last_name(old_last)
u.save()
assert first == 'new_first'
assert last == 'new_last'
def test_email_change_request():
""" Test that change requests via POST at /user/ are handled correclty. """
username = "******"
old_email = User(username).email
new_email = "*****@*****.**"
params = {
"username": "******",
"password": "******",
"new_email": new_email,
}
r, data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200, data
user = User(username)
assert user.email == old_email
ps = test_helpers.last_email()
toaddr = ps.toaddr
assert toaddr == new_email
vars = ps.template_vars
first_name = user.first_name
assert first_name == vars['name']
template = ps.template_name
assert template == 'change_email'
test_helpers.assert_load_template(template, vars)
pe = PendingEmail(username)
assert pe.in_db
assert pe.new_email == new_email
def test_post_doesnt_set_blank_last_name():
old_last = User("student_coll1_1").last_name
params = {
"username": "******",
"password": "******",
"new_last_name": "",
}
r, data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200
assert User("student_coll1_1").last_name == old_last
def clear_old_registrations():
for pu in PendingUser.ListAll():
# deliberately a larger delta than we restrict against to avoid
# accidentally removing vaild entries
if pu.age > timedelta(days=3):
log_action('expiring registration', pu)
pu.delete()
expired = User(pu.username)
expired.delete()
team_leader = User(pu.teacher_username)
inform_team_lead_registration_expired(team_leader, expired)
def verify_email(username, code):
"""
Verifies to the system that an email address exists, and assigns it to a user.
Expected to be used only by users clicking links in email-verfication emails.
Not part of the documented API.
"""
change_request = PendingEmail(username)
if not change_request.in_db:
return "No such change request", 404
if change_request.age > timedelta(days=2):
return "Request not valid", 410
if change_request.verify_code != code:
return "Invalid verification code", 403
log_action('changing email',
user=username,
new_email=change_request.new_email)
u = User(change_request.username)
u.set_email(change_request.new_email)
u.save()
return "Email address successfully changed", 200
def test_post_by_blueshirt(self):
params = {"username": "******", "password": "******"}
r, data = test_helpers.server_post(
"/send-password-reset/student_coll1_1", params)
self.assertEqual(202, r.status, data)
user = User('student_coll1_1')
ps = test_helpers.last_email()
toaddr = ps.toaddr
self.assertEqual(user.email, toaddr)
vars = ps.template_vars
self.assertEqual(user.first_name, vars['name'], "Wrong first name")
self.assertEqual('Blue Shirt', vars['requestor_name'],
"Wrong requestor name")
template = ps.template_name
self.assertEqual('password_reset', template, "Wrong email template")
test_helpers.assert_load_template(template, vars)
ppr = PendingPasswordReset('student_coll1_1')
self.assertTrue(ppr.in_db,
"{0} should been in the database.".format(ppr))
self.assertEqual('blueshirt', ppr.requestor_username,
"Wrong requestor username.")
self.assertIn(ppr.verify_code, vars['password_reset_url'],
"Wrong verify code")
def test_post_sets_others_password():
old_password = "******"
params = {
"username": "******",
"password": "******",
"new_password": "******",
}
r, data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200
assert User("student_coll1_1")._user.bind("com")
u = User("student_coll1_1")
u.set_password(old_password)
u.save()
def test_team_leader_can_become_student():
# We need to test against another teacher, because team leaders demoting themselves is not allowed
u = User("student_coll1_1")
u.make_teacher()
u.save()
params = {
"username": "******",
"password": "******",
"new_type": "student",
}
r, data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200
assert not User("student_coll1_1").is_teacher
def test_post_any_blueshirt_can_record_student_media_consent():
blueshirt_mcf = srusers.user('blueshirt-mcf')
groups = blueshirt_mcf.groups()
# Sanity check
assert set(groups) == set(['mentors', 'media-consent-admin'])
params = {
"username": "******",
"password": "******",
"media_consent": 'true',
}
r, data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200, (r.status, data)
u = User("student_coll1_1")
assert u.has_media_consent
ps = test_helpers.last_email()
toaddr = ps.toaddr
expected_addr = u.email
assert toaddr == expected_addr
vars = ps.template_vars
first_name = u.first_name
assert first_name == vars['first_name']
template = ps.template_name
assert template == 'ticket_available'
test_helpers.assert_load_template(template, vars)
def verify_email(username, code):
"""
Verifies to the system that an email address exists, and assigns it to a user.
Expected to be used only by users clicking links in email-verfication emails.
Not part of the documented API.
"""
change_request = PendingEmail(username)
if not change_request.in_db:
return "No such change request", 404, PLAINTEXT_HEADER
email_change_days = config.config.getint('nemesis', 'email_change_days')
max_age = timedelta(days=email_change_days)
if change_request.age > max_age:
return "Request not valid", 410, PLAINTEXT_HEADER
if change_request.verify_code != code:
return "Invalid verification code", 403, PLAINTEXT_HEADER
log_action('changing email',
user=username,
new_email=change_request.new_email)
u = User(change_request.username)
u.set_email(change_request.new_email)
u.save()
return "Email address successfully changed", 200, PLAINTEXT_HEADER
def test_post_sets_own_password():
old_password = "******"
new_password = '******'
params = {
"username": "******",
"password": old_password,
"new_password": new_password,
}
r, data = test_helpers.server_post("/user/blueshirt", params)
assert r.status == 200
assert User("blueshirt")._user.bind(new_password)
u = User("blueshirt")
u.set_password(old_password)
u.save()
def clear_old_registrations():
# deliberately a larger delta than we restrict against to avoid
# accidentally removing vaild entries
activation_days = config.getint('nemesis', 'activation_days')
activation_days += 0.5
max_age = timedelta(days=activation_days)
for pu in PendingUser.ListAll():
if pu.age > max_age:
log_action('expiring registration', pu)
pu.delete()
expired = User(pu.username)
expired.delete()
inform_competitor_registration_expired(pu.email, expired)
team_leader = User(pu.teacher_username)
inform_team_lead_registration_expired(team_leader, expired)
def activate_account(username, code):
"""
Verifies to the system that an email address exists, and that the related
account should be made into a full account.
Expected to be used only by users clicking links in account-activation emails.
Not part of the documented API.
"""
pu = PendingUser(username)
if not pu.in_db:
return "No such user account", 404
if pu.age > timedelta(days=2):
return "Request not valid", 410
if pu.verify_code != code:
return "Invalid verification code", 403
log_action('activating user', pu)
from libnemesis import srusers
new_pass = srusers.users.GenPasswd()
u = User(username)
u.set_email(pu.email)
u.set_team(pu.team)
u.set_college(pu.college)
u.set_password(new_pass)
u.make_student()
u.save()
# let the team-leader know
rq_user = User.create_user(pu.teacher_username)
email_vars = {
'name': rq_user.first_name,
'au_username': username,
'au_first_name': u.first_name,
'au_last_name': u.last_name
}
mailer.email_template(rq_user.email, 'user_activated_team_leader',
email_vars)
pu.delete()
html = open(PATH + "/templates/activate.html").read()
replacements = {
'first_name': u.first_name,
'last_name': u.last_name,
'password': new_pass,
'email': u.email,
'username': username,
'root': url_for('.index')
}
html = html.format(**replacements)
return html, 200
def test_email_change_request_reset_without_change():
""" Test that a change requests to the original value,
where there is no actual outstanding request doens't explode"""
username = "******"
old_email = User(username).email
params = {
"username": "******",
"password": "******",
"new_email": old_email,
}
r, data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200, data
user = User(username)
assert user.email == old_email
test_helpers.assert_no_emails()
def test_verify_success():
username = "******"
old_email = User(username).email
new_email = "*****@*****.**"
setup_new_email('student_coll1_1', new_email, 'bees')
r, data = test_helpers.server_get("/verify/" + username + "/bees")
status = r.status
assert status == 200, data
u = User(username)
email = u.email
# restore the original first
u.set_email(old_email)
u.save()
assert email == new_email
def test_post_student_cant_withdraw_other_student():
params = {
"username": "******",
"password": "******",
"withdrawn": 'true',
}
r, data = test_helpers.server_post("/user/student_coll1_2", params)
assert r.status == 403
assert not User("student_coll1_2").has_withdrawn
def test_student_cant_set_team_leader():
params = {
"username": "******",
"password": "******",
"new_type": "team-leader",
}
r, data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200
assert not User("student_coll1_1").is_teacher
def test_post_teacher_cant_record_student_media_consent():
params = {
"username": "******",
"password": "******",
"media_consent": 'true',
}
r, data = test_helpers.server_post("/user/student_coll1_2", params)
assert r.status == 200
assert not User("student_coll1_2").has_media_consent
def test_post_teacher_cant_withdraw_self():
params = {
"username": "******",
"password": "******",
"withdrawn": 'true',
}
r, data = test_helpers.server_post("/user/teacher_coll1", params)
assert r.status == 200
assert not User("teacher_coll1").has_withdrawn
def test_team_leader_cant_demote_self():
params = {
"username": "******",
"password": "******",
"new_type": "student",
}
r, data = test_helpers.server_post("/user/teacher_coll1", params)
assert r.status == 200
assert User("teacher_coll1").is_teacher
def test_user_get_checks_same_email():
username = "******"
new_email = User(username).email
setup_new_email(username, new_email, 'bees')
params = {"username": username, "password": "******"}
r, data = test_helpers.server_get("/user/student_coll1_1", params)
assert r.status == 200, data
user_info = json.loads(data)
assert not user_info.has_key('new_email'), \
"Should not have a new_email key when the new one and the current one match"
def test_email_change_request_reset():
""" Test that change requests via POST at /user/ are handled correclty. """
username = "******"
old_email = User(username).email
new_email = "*****@*****.**"
setup_new_email(username, new_email, 'bees')
params = {
"username": "******",
"password": "******",
"new_email": old_email,
}
r, data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200, data
user = User(username)
assert user.email == old_email
pe = PendingEmail(username)
assert not pe.in_db, 'POST using original email should have cleared request'
test_helpers.assert_no_emails()
def test_clear_old_registrations(self):
first_name = 'old'
last_name = 'user'
old_user = srusers.user('old')
old_user.cname = first_name
old_user.sname = last_name
old_user.email = ''
old_user.save()
old_team_leader = User('teacher_coll1')
pu = PendingUser('old')
pu.teacher_username = old_team_leader.username
pu.college = 'college-1'
pu.team = 'team-ABC'
pu.email = '*****@*****.**'
pu.verify_code = 'bibble-old'
pu.save()
self._make_old('registrations', 'old')
pu = PendingUser('abc')
pu.teacher_username = '******'
pu.college = 'new-college-1'
pu.team = 'team-NEW'
pu.email = '*****@*****.**'
pu.verify_code = 'bibble'
pu.save()
helpers.clear_old_registrations()
pu = PendingUser('old')
assert not pu.in_db
pu = PendingUser('abc')
assert pu.in_db
ps = last_email()
toaddr = ps.toaddr
team_lead_email = old_team_leader.email
assert toaddr == team_lead_email
vars = ps.template_vars
team_lead_first = old_team_leader.first_name
assert team_lead_first == vars['name']
assert first_name == vars['pu_first_name']
assert last_name == vars['pu_last_name']
template = ps.template_name
assert template == 'registration_expired'
def test_post_blueshirt_record_student_media_consent_again_no_email():
params = {
"username": "******",
"password": "******",
"media_consent": 'true',
}
r, data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200, (r.status, data)
u = User("student_coll1_1")
assert u.has_media_consent
test_helpers.assert_no_emails()
def test_post_blueshirt_cant_set_team():
old_team = "team-ABC"
new_team = "team-DFE"
params = {
"username": "******",
"password": "******",
"new_team": new_team,
}
r, data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200
u = User("student_coll1_1")
teams = [t.name for t in u.teams]
assert [old_team] == teams
def test_post_teacher_cant_set_other_team():
old_team = "team-ABC"
new_team = "team-QWZ" # exists, but this teacher doesn't own it
params = {
"username": "******",
"password": "******",
"new_team": new_team,
}
r, data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200
u = User("student_coll1_1")
teams = [t.name for t in u.teams]
assert [old_team] == teams
def test_activate_success():
username = '******'
rq_user = User.create_user("teacher_coll1", "facebees")
cu = User.create_new_user(rq_user, 'college-1', 'James', 'Activate')
assert cu.username == username
pu = create_pending_user(username)
pu.save()
r, data = test_helpers.server_get("/activate/" + username + "/bibble")
status = r.status
assert status == 200, data
u = User(username)
email = u.email
assert pu.email == email
teams = [t.name for t in u.teams]
assert pu.team in teams
colleges = u.colleges
assert pu.college in colleges
students = srusers.group('students').members
assert username in students
pu = PendingUser(username)
assert not pu.in_db, "registration DB entry should have been removed"
# ensure we sent the team-leader a confirmation
ps = test_helpers.last_email()
toaddr = ps.toaddr
tl_email = rq_user.email
assert toaddr == tl_email
vars = ps.template_vars
tl_name = rq_user.first_name
assert tl_name == vars['name']
first_name = cu.first_name
assert first_name == vars['au_first_name']
last_name = cu.last_name
assert last_name == vars['au_last_name']
assert username == vars['au_username']
template = ps.template_name
assert template == 'user_activated_team_leader'
def test_team_leader_can_set_team_leader():
params = {
"username": "******",
"password": "******",
"new_type": "team-leader",
}
r, data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200
u = User("student_coll1_1")
is_teacher = u.is_teacher
# Clean up
u.make_student()
u.save()
# now assert (ensures the clean-up occurs)
assert is_teacher
def test_post_teacher_sets_team():
old_team = "team-ABC"
new_team = "team-DFE"
params = {
"username": "******",
"password": "******",
"new_team": new_team,
}
r, data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200
u = User("student_coll1_1")
teams = [t.name for t in u.teams]
assert [new_team] == teams
u.set_team(old_team)
u.save()
