def helper(username, password):
u = User.create_user(username, password)
u1 = User.create_user(username, password)
assert u.can_view(u), "should be able to same instance"
assert u.can_view(u1), "should be able to see other authenticated self"
u2 = User.create_user(username)
assert u.can_view(u2), "should be able to see other plain self"
def test_authed_teachers_cant_see_blueshirt():
u1 = User.create_user("teacher_coll1", "facebees")
u2 = User.create_user("teacher_coll2", "noway")
users = [u1, u2]
a = User.create_user("blueshirt")
assert not any([u.can_administrate(a) for u in users])
def set_user_details(requesting_user, userid):
user_to_update = User.create_user(userid)
can_admin = requesting_user.can_administrate(user_to_update)
if request.form.get(
"media_consent"
) == 'true' and requesting_user.can_record_media_consent:
if not user_to_update.has_media_consent:
user_to_update.got_media_consent()
notify_ticket_available(user_to_update)
user_to_update.save()
if not can_admin:
return '{}', 200
elif not can_admin:
return AUTHORIZATION_DENIED
assert can_admin
user_to_update = User.create_user(userid)
if request.form.has_key("new_email") and not requesting_user.is_blueshirt:
new_email = request.form["new_email"]
request_new_email(user_to_update, new_email)
# Students aren't allowed to update their own names
# at this point, if the requesting_user is valid, we know it's a self-edit
if not requesting_user.is_student:
fname = request.form.get("new_first_name")
if fname:
user_to_update.set_first_name(fname)
lname = request.form.get("new_last_name")
if lname:
user_to_update.set_last_name(lname)
if request.form.has_key("new_team"):
team = request.form["new_team"]
if (not user_to_update.is_blueshirt
) and requesting_user.manages_team(team):
user_to_update.set_team(team)
if request.form.has_key(
"new_type"
) and requesting_user.is_teacher and user_to_update != requesting_user:
if request.form["new_type"] == 'student':
user_to_update.make_student()
elif request.form["new_type"] == 'team-leader':
user_to_update.make_teacher()
if request.form.get("withdrawn") == 'true' and not user_to_update.has_withdrawn \
and requesting_user.can_withdraw(user_to_update):
user_to_update.withdraw()
user_to_update.save()
# Do this separately and last because it makes an immediate change
# to the underlying database, rather than waiting for save().
if request.form.has_key("new_password"):
user_to_update.set_password(request.form["new_password"])
return '{}', 200
def form_helper(rq_user, rq_pass, new_fname, new_lname):
new_email = "*****@*****.**"
params = {
"username": rq_user,
"password": rq_pass,
"first_name": new_fname,
"last_name": new_lname,
"email": new_email,
"team": "team-ABC",
"college": "college-1"
}
r, data = test_helpers.server_post("/registrations", params)
status = r.status
assert status == 202, data
created = User.create_user('1_rt1')
assert created.email == ''
pending = PendingUser('1_rt1')
assert pending.email == "*****@*****.**"
assert pending.team == "team-ABC"
assert pending.college == "college-1"
email_datas = test_helpers.last_n_emails(2)
student_ps = email_datas[0]
template = student_ps.template_name
assert template == 'new_user'
to = student_ps.toaddr
assert to == new_email
vars = student_ps.template_vars
assert new_fname == vars['name']
vcode = pending.verify_code
assert vcode in vars['activation_url']
test_helpers.assert_load_template(template, vars)
teacher = User.create_user(rq_user)
teacher_ps = email_datas[1]
template = teacher_ps.template_name
assert template == 'user_requested'
to = teacher_ps.toaddr
assert to == teacher.email
vars = teacher_ps.template_vars
assert new_fname == vars['pu_first_name']
assert new_lname == vars['pu_last_name']
assert new_email == vars['pu_email']
assert '1_rt1' == vars['pu_username']
assert 'team-ABC' == vars['pu_team']
assert 'college the first' == vars['pu_college']
vars_str = teacher_ps.template_vars_json
assert vcode not in vars_str, "Should not contain the verification code."
test_helpers.assert_load_template(template, vars)
def form_helper(rq_user, rq_pass, new_fname, new_lname):
new_email = "*****@*****.**"
params = {"username":rq_user,
"password":rq_pass,
"first_name":new_fname,
"last_name":new_lname,
"email":new_email,
"team":"team-ABC",
"college":"college-1"}
r,data = test_helpers.server_post("/registrations", params)
status = r.status
assert status == 202, data
created = User.create_user('1_rt1')
assert created.email == ''
pending = PendingUser('1_rt1')
assert pending.email == "*****@*****.**"
assert pending.team == "team-ABC"
assert pending.college == "college-1"
email_datas = test_helpers.last_n_emails(2)
student_ps = email_datas[0]
template = student_ps.template_name
assert template == 'new_user'
to = student_ps.toaddr
assert to == new_email
vars = student_ps.template_vars
assert new_fname == vars['name']
vcode = pending.verify_code
assert vcode in vars['activation_url']
test_helpers.assert_load_template(template, vars)
teacher = User.create_user(rq_user)
teacher_ps = email_datas[1]
template = teacher_ps.template_name
assert template == 'user_requested'
to = teacher_ps.toaddr
assert to == teacher.email
vars = teacher_ps.template_vars
assert new_fname == vars['pu_first_name']
assert new_lname == vars['pu_last_name']
assert new_email == vars['pu_email']
assert '1_rt1' == vars['pu_username']
assert 'team-ABC' == vars['pu_team']
assert 'college the first' == vars['pu_college']
vars_str = teacher_ps.template_vars_json
assert vcode not in vars_str, "Should not contain the verification code."
test_helpers.assert_load_template(template, vars)
def test_set_password():
u = User.create_user("teacher_coll1", "facebees")
u.set_password("bacon")
u.save()
u = User.create_user("teacher_coll1", "bacon")
assert u.can_administrate("student_coll1_1")
u.set_password("facebees")
u.save()
def helper(other_username):
blueshirt = User.create_user("blueshirt-extra", "blueshirt")
competitor = User.create_user(other_username)
assert blueshirt.can_view(competitor), "Sanity check"
details = competitor.details_dictionary_for(blueshirt)
for keyname in ["username", "first_name", "last_name", "is_student", \
"is_team_leader", "has_withdrawn", "has_media_consent", \
"teams", "colleges"]:
assert keyname in details
assert not 'email' in details, "No need to be able to see their email"
def test_registration_rq_from_blueshirt():
new_email = "*****@*****.**"
params = {
"username": "******",
"password": "******",
"first_name": NEW_USER_FNAME,
"last_name": NEW_USER_LNAME,
"email": new_email,
"team": "team-ABC",
"college": "college-1",
}
r, data = test_helpers.server_post("/registrations", params)
status = r.status
assert status == 202, data
created = User.create_user("1_rt1")
assert created.email == ""
pending = PendingUser("1_rt1")
assert pending.email == "*****@*****.**"
assert pending.team == "team-ABC"
assert pending.college == "college-1"
email_datas = test_helpers.last_n_emails(2)
student_ps = email_datas[0]
template = student_ps.template_name
assert template == "new_user"
to = student_ps.toaddr
assert to == new_email
vars = student_ps.template_vars
assert NEW_USER_FNAME == vars["name"]
vcode = pending.verify_code
assert vcode in vars["activation_url"]
teacher = User.create_user("blueshirt")
teacher_ps = email_datas[1]
template = teacher_ps.template_name
assert template == "user_requested"
to = teacher_ps.toaddr
assert to == teacher.email
vars = teacher_ps.template_vars
assert NEW_USER_FNAME == vars["pu_first_name"]
assert NEW_USER_LNAME == vars["pu_last_name"]
assert new_email == vars["pu_email"]
assert "1_rt1" == vars["pu_username"]
assert "team-ABC" == vars["pu_team"]
assert "college the first" == vars["pu_college"]
vars_str = teacher_ps.template_vars_json
assert vcode not in vars_str, "Should not contain the verification code."
def set_user_details(requesting_user, userid):
user_to_update = User.create_user(userid)
can_admin = requesting_user.can_administrate(user_to_update)
if request.form.get("media_consent") == 'true' and requesting_user.can_record_media_consent:
if not user_to_update.has_media_consent:
user_to_update.got_media_consent()
notify_ticket_available(user_to_update)
user_to_update.save()
if not can_admin:
return '{}', 200
elif not can_admin:
return AUTHORIZATION_DENIED
assert can_admin
user_to_update = User.create_user(userid)
if request.form.has_key("new_email") and not requesting_user.is_blueshirt:
new_email = request.form["new_email"]
request_new_email(user_to_update, new_email)
# Students aren't allowed to update their own names
# at this point, if the requesting_user is valid, we know it's a self-edit
if not requesting_user.is_student:
fname = request.form.get("new_first_name")
if fname:
user_to_update.set_first_name(fname)
lname = request.form.get("new_last_name")
if lname:
user_to_update.set_last_name(lname)
if request.form.has_key("new_team"):
team = request.form["new_team"]
if (not user_to_update.is_blueshirt) and requesting_user.manages_team(team):
user_to_update.set_team(team)
if request.form.has_key("new_type") and requesting_user.is_teacher and user_to_update != requesting_user:
if request.form["new_type"] == 'student':
user_to_update.make_student()
elif request.form["new_type"] == 'team-leader':
user_to_update.make_teacher()
if request.form.get("withdrawn") == 'true' and not user_to_update.has_withdrawn \
and requesting_user.can_withdraw(user_to_update):
user_to_update.withdraw()
user_to_update.save()
# Do this separately and last because it makes an immediate change
# to the underlying database, rather than waiting for save().
if request.form.has_key("new_password"):
user_to_update.set_password(request.form["new_password"])
return '{}', 200
def test_registration_email_in_use():
params = {"username":"******",
"password":"******",
"first_name":NEW_USER_FNAME,
"last_name":NEW_USER_LNAME,
"email":"*****@*****.**", # student_coll2_2
"team":"team-ABC",
"college":"college-1"}
r,data = test_helpers.server_post("/registrations", params)
assert r.status == 403
assert 'DETAILS_ALREADY_USED' in data
assert len(test_helpers.get_registrations()) == 0
try:
created = User.create_user('1_rt1')
assert False, "Should not have created user"
except:
pass
pending = PendingUser('1_rt1')
assert not pending.in_db
test_helpers.assert_no_emails()
def test_new_user_not_allowed():
try:
ru = User.create_user("student_coll1_1", "cows")
User.create_new_user(ru, 'college-1', 'first', 'last')
assert False
except Exception as e:
assert "student_coll1_1" in str(e)
def test_new_user_not_authed():
try:
ru = User.create_user("teacher_coll1")
User.create_new_user(ru, 'college-1', 'first', 'last')
assert False
except Exception as e:
assert "teacher_coll1" in str(e)
def test_registration_rq_from_student():
test_helpers.delete_db()
params = {"username":"******",
"password":"******",
"first_name":"register",
"last_name":"this.user",
"email":"*****@*****.**",
"team":"team-ABC",
"college":"college-1"}
r,data = test_helpers.server_post("/registrations", params)
status = r.status
assert status == 403
assert 'YOU_CANT_REGISTER_USERS' in data
assert len(test_helpers.get_registrations()) == 0
try:
created = User.create_user('2_rt1')
assert False, "Should not have created user"
except:
pass
pending = PendingUser('2_rt1')
assert not pending.in_db
test_helpers.assert_no_emails()
def test_authed_blueshirt_cant_see_other_students():
a = User.create_user("blueshirt", "blueshirt")
users = ["student_coll2_2", "student_coll2_1"]
results = [a.can_administrate(user) for user in users]
assert not any(results)
def test_registration_email_in_use():
params = {
"username": "******",
"password": "******",
"first_name": NEW_USER_FNAME,
"last_name": NEW_USER_LNAME,
"email": "*****@*****.**", # student_coll2_2
"team": "team-ABC",
"college": "college-1",
}
r, data = test_helpers.server_post("/registrations", params)
assert r.status == 403
assert "DETAILS_ALREADY_USED" in data
assert len(test_helpers.get_registrations()) == 0
try:
created = User.create_user("1_rt1")
assert False, "Should not have created user"
except:
pass
pending = PendingUser("1_rt1")
assert not pending.in_db
test_helpers.assert_no_emails()
def test_registration_bad_frist_name():
params = {"username":"******",
"password":"******",
"first_name":NEW_USER_FNAME,
"last_name":'2'+NEW_USER_LNAME,
"email":"*****@*****.**",
"team":"team-ABC",
"college":"college-1"}
r,data = test_helpers.server_post("/registrations", params)
assert r.status == 403
assert 'BAD_LAST_NAME' in data
assert len(test_helpers.get_registrations()) == 0
try:
created = User.create_user('1_rt1')
assert False, "Should not have created user"
except:
pass
pending = PendingUser('1_rt1')
assert not pending.in_db
test_helpers.assert_no_emails()
def test_registration_bad_frist_name():
params = {"username":"******",
"password":"******",
"first_name":NEW_USER_FNAME,
"last_name":'2'+NEW_USER_LNAME,
"email":"*****@*****.**",
"team":"team-ABC",
"college":"college-1"}
r,data = test_helpers.server_post("/registrations", params)
assert r.status == 403
assert 'BAD_LAST_NAME' in data
assert len(test_helpers.get_registrations()) == 0
try:
created = User.create_user('1_rt1')
assert False, "Should not have created user"
except:
pass
pending = PendingUser('1_rt1')
assert not pending.in_db
test_helpers.assert_no_emails()
def test_registration_name_in_use():
params = {"username":"******",
"password":"******",
"first_name":'student2', # student_coll1_2
"last_name":'student',
"email":"*****@*****.**",
"team":"team-ABC",
"college":"college-1"}
r,data = test_helpers.server_post("/registrations", params)
status = r.status
assert status == 403, data
assert 'DETAILS_ALREADY_USED' in data
assert len(test_helpers.get_registrations()) == 0
try:
created = User.create_user('1_ss1')
assert False, "Should not have created user"
except:
pass
pending = PendingUser('1_ss1')
assert not pending.in_db
test_helpers.assert_no_emails()
def test_authed_blueshirt_can_see_own_students():
a = User.create_user("blueshirt", "blueshirt")
users = ["student_coll1_1", "teacher_coll1"]
results = [a.can_administrate(user) for user in users]
assert all(results)
def test_authed_teacher_cant_see_other_students():
a = User.create_user("teacher_coll1", "facebees")
users = ["student_coll2_1", "student_coll2_2"]
results = [a.can_administrate(user) for user in users]
assert not any(results)
def test_registration_rq_from_student():
test_helpers.delete_db()
params = {
"username": "******",
"password": "******",
"first_name": "register",
"last_name": "this.user",
"email": "*****@*****.**",
"team": "team-ABC",
"college": "college-1",
}
r, data = test_helpers.server_post("/registrations", params)
status = r.status
assert status == 403
assert "YOU_CANT_REGISTER_USERS" in data
assert len(test_helpers.get_registrations()) == 0
try:
created = User.create_user("2_rt1")
assert False, "Should not have created user"
except:
pass
pending = PendingUser("2_rt1")
assert not pending.in_db
test_helpers.assert_no_emails()
def test_student_post_doesnt_set_first_last_name():
old_first = "student1i"
old_last = "student"
params = {
"username": "******",
"password": "******",
"new_first_name": "asdf",
"new_last_name": "cheese",
}
r, data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200
details_dict = User("student_coll1_1").details_dictionary_for(
User.create_user("student_coll1_1", "cows"))
# restore original data
u = User("student_coll1_1")
u.set_first_name(old_first)
u.set_last_name(old_last)
u.save()
assert details_dict["first_name"] == old_first
assert details_dict["last_name"] == old_last
def send_password_reset(requesting_user, userid):
user_to_update = User.create_user(userid)
if not requesting_user.can_administrate(user_to_update):
return AUTHORIZATION_DENIED
verify_code = helpers.create_verify_code(user_to_update.username,
requesting_user.username)
ppr = PendingPasswordReset(user_to_update.username)
ppr.requestor_username = requesting_user.username
ppr.verify_code = verify_code
ppr.save()
log_action('sending password reset', ppr)
url = url_for('reset_password',
username=user_to_update.username,
code=verify_code,
_external=True)
ppr.send_reset_email(
user_to_update.email,
user_to_update.first_name,
url,
"{0} {1}".format(requesting_user.first_name,
requesting_user.last_name),
)
return "{}", 202
def test_user_properties_team_leader():
u = User.create_user("teacher_coll2", "noway")
data = u.details_dictionary_for(u)
assert data['is_team_leader']
assert not data['is_student']
assert not data['is_blueshirt']
def test_user_properties_student():
u = User.create_user("student_coll1_1", "cows")
data = u.details_dictionary_for(u)
assert data['is_student']
assert not data['is_team_leader']
assert not data['is_blueshirt']
def test_team_set_in_user():
u = User.create_user('st_user1')
u.set_team(NEW_TEAM_NAME)
u.save()
u_teams = [t.name for t in u.teams]
assert set(u_teams) == set([NEW_TEAM_NAME])
def test_team_set_in_user():
u = User.create_user('st_user1')
u.set_team(NEW_TEAM_NAME)
u.save()
u_teams = [t.name for t in u.teams]
assert set(u_teams) == set([NEW_TEAM_NAME])
def test_college_set_in_user():
u = User.create_user('st_user1')
u.set_college(NEW_COLLEGE_NAME)
u.save()
u_colleges = u.colleges
assert set(u_colleges) == set([NEW_COLLEGE_NAME])
def test_college_set_in_user():
u = User.create_user('st_user1')
u.set_college(NEW_COLLEGE_NAME)
u.save()
u_colleges = u.colleges
assert set(u_colleges) == set([NEW_COLLEGE_NAME])
def test_new_user_wrong_college():
try:
ru = User.create_user("teacher_coll1", "facebees")
User.create_new_user(ru, 'college-2', 'first', 'last')
assert False
except Exception as e:
assert "teacher_coll1" in str(e)
assert 'college-2' in str(e)
def activate_account(username, code):
"""
Verifies to the system that an email address exists, and that the related
account should be made into a full account.
Expected to be used only by users clicking links in account-activation emails.
Not part of the documented API.
"""
pu = PendingUser(username)
if not pu.in_db:
return "No such user account", 404
if pu.age > timedelta(days=2):
return "Request not valid", 410
if pu.verify_code != code:
return "Invalid verification code", 403
log_action('activating user', pu)
from libnemesis import srusers
new_pass = srusers.users.GenPasswd()
u = User(username)
u.set_email(pu.email)
u.set_team(pu.team)
u.set_college(pu.college)
u.set_password(new_pass)
u.make_student()
u.save()
# let the team-leader know
rq_user = User.create_user(pu.teacher_username)
email_vars = {
'name': rq_user.first_name,
'au_username': username,
'au_first_name': u.first_name,
'au_last_name': u.last_name
}
mailer.email_template(rq_user.email, 'user_activated_team_leader',
email_vars)
pu.delete()
html = open(PATH + "/templates/activate.html").read()
replacements = {
'first_name': u.first_name,
'last_name': u.last_name,
'password': new_pass,
'email': u.email,
'username': username,
'root': url_for('.index')
}
html = html.format(**replacements)
return html, 200
def test_withdrawn_true_2():
username = '******'
sru = create_withdrawn(username)
password = '******'
sru.set_passwd(new=password)
u = User.create_user(username, password)
data = u.details_dictionary_for(u)
assert data['has_withdrawn']
def test_team_set_in_db():
u = User.create_user('st_user1')
u.set_team(NEW_TEAM_NAME)
u.save()
sru = srusers.user('st_user1')
sru_groups = sru.groups()
assert set(sru_groups) == set([NEW_TEAM_NAME, 'st_other_group'])
def test_media_consent_true_2():
username = '******'
sru = create_media_consent(username)
password = '******'
sru.set_passwd(new=password)
u = User.create_user(username, password)
data = u.details_dictionary_for(u)
assert data['has_media_consent']
def test_media_consent_true_1():
username = '******'
sru = srusers.user(username)
sru.cname = 'admin'
sru.sname = 'consent'
sru.email = ''
sru.save()
# Sanity check
u = User.create_user(username)
assert not u.can_record_media_consent
g = srusers.group('media-consent-admin')
g.user_add(sru)
g.save()
u = User.create_user(username)
assert u.can_record_media_consent
def test_authed_can_see_self():
user_passwords = [("teacher_coll1", "facebees"),
("student_coll1_1", "cows"), ("teacher_coll2", "noway"),
("blueshirt", "blueshirt")]
user_objects = [User.create_user(u[0], u[1]) for u in user_passwords]
results = [user.can_administrate(user.username) for user in user_objects]
assert all(results)
def test_team_set_in_db():
u = User.create_user('st_user1')
u.set_team(NEW_TEAM_NAME)
u.save()
sru = srusers.user('st_user1')
sru_groups = sru.groups()
assert set(sru_groups) == set([NEW_TEAM_NAME, 'st_other_group'])
def test_college_set_in_db():
u = User.create_user('st_user1')
u.set_college(NEW_COLLEGE_NAME)
u.save()
sru = srusers.user('st_user1')
sru_groups = sru.groups()
assert set(sru_groups) == set([NEW_COLLEGE_NAME, 'st_other_group'])
def test_college_set_in_db():
u = User.create_user('st_user1')
u.set_college(NEW_COLLEGE_NAME)
u.save()
sru = srusers.user('st_user1')
sru_groups = sru.groups()
assert set(sru_groups) == set([NEW_COLLEGE_NAME, 'st_other_group'])
def test_media_consent_grant():
username = '******'
sru = srusers.user(username)
sru.cname = 'to'
sru.sname = 'consent'
sru.email = ''
sru.save()
u = User.create_user(username)
# Sanity check
assert not u.has_media_consent, "Fresh user should not have granted media consent"
u.got_media_consent()
u.save()
assert u.has_media_consent, "Should have recorded the media-consent grant"
# Fresh instance
u = User.create_user(username)
assert u.has_media_consent, "Media consent grant should persist"
def activate_account(username, code):
"""
Verifies to the system that an email address exists, and that the related
account should be made into a full account.
Expected to be used only by users clicking links in account-activation emails.
Not part of the documented API.
"""
pu = PendingUser(username)
if not pu.in_db:
return "No such user account", 404
if pu.age > timedelta(days = 2):
return "Request not valid", 410
if pu.verify_code != code:
return "Invalid verification code", 403
log_action('activating user', pu)
from libnemesis import srusers
new_pass = srusers.users.GenPasswd()
u = User(username)
u.set_email(pu.email)
u.set_team(pu.team)
u.set_college(pu.college)
u.set_password(new_pass)
u.make_student()
u.save()
# let the team-leader know
rq_user = User.create_user(pu.teacher_username)
email_vars = { 'name': rq_user.first_name,
'au_username': username,
'au_first_name': u.first_name,
'au_last_name': u.last_name
}
mailer.email_template(rq_user.email, 'user_activated_team_leader', email_vars)
pu.delete()
html = open(PATH + "/templates/activate.html").read()
replacements = { 'first_name': u.first_name
, 'last_name': u.last_name
, 'password': new_pass
, 'email': u.email
, 'username': username
, 'root': url_for('.index')
}
html = html.format(**replacements)
return html, 200
def test_details_dictionary_for_team_leader_member():
u = User.create_user("teacher_coll1", "facebees")
data = assert_college_1_details_dictionary_for(u)
expected_users = [
"teacher_coll1",
"student_coll1_1",
"student_coll1_2",
"withdrawn_student",
]
actual_users = data["users"]
assert actual_users == expected_users
def test_make_student():
u = User.create_user('st_user1')
u.make_student()
u.save()
assert not u.is_teacher
students = srusers.group('students').members
assert 'st_user1' in students
teachers = srusers.group('teachers').members
assert 'st_user1' not in teachers
def user_details(userid):
ah = AuthHelper(request)
if ah.auth_will_succeed and ah.user.can_administrate(userid):
user = User.create_user(userid)
details = user.details_dictionary_for(ah.user)
email_change_rq = PendingEmail(userid)
if email_change_rq.in_db:
new_email = email_change_rq.new_email
if new_email != details['email']:
details['new_email'] = new_email
return json.dumps(details), 200
else:
return ah.auth_error_json, 403
def test_make_student_teacher():
students = srusers.group('students')
students.user_add('st_user1')
students.save()
u = User.create_user('st_user1')
u.make_teacher()
u.save()
assert u.is_teacher
teachers = srusers.group('teachers').members
assert 'st_user1' in teachers
students = srusers.group('students').members
assert 'st_user1' not in students
def user_details(requesting_user, userid):
if not requesting_user.can_view(userid):
return AUTHORIZATION_DENIED
user = User.create_user(userid)
details = user.details_dictionary_for(requesting_user)
if 'email' in details:
# The requesting user can view the emails -- also tell them
# about any pending changes.
email_change_rq = PendingEmail(user.username)
if email_change_rq.in_db:
new_email = email_change_rq.new_email
if new_email != details['email']:
details['new_email'] = new_email
return json.dumps(details), 200
def test_activate_success():
username = '******'
rq_user = User.create_user("teacher_coll1", "facebees")
cu = User.create_new_user(rq_user, 'college-1', 'James', 'Activate')
assert cu.username == username
pu = create_pending_user(username)
pu.save()
r,data = test_helpers.server_get("/activate/" + username + "/bibble")
status = r.status
assert status == 200, data
u = User(username)
email = u.email
assert pu.email == email
teams = [t.name for t in u.teams]
assert pu.team in teams
colleges = u.colleges
assert pu.college in colleges
students = srusers.group('students').members
assert username in students
pu = PendingUser(username)
assert not pu.in_db, "registration DB entry should have been removed"
# ensure we sent the team-leader a confirmation
ps = test_helpers.last_email()
toaddr = ps.toaddr
tl_email = rq_user.email
assert toaddr == tl_email
vars = ps.template_vars
tl_name = rq_user.first_name
assert tl_name == vars['name']
first_name = cu.first_name
assert first_name == vars['au_first_name']
last_name = cu.last_name
assert last_name == vars['au_last_name']
assert username == vars['au_username']
template = ps.template_name
assert template == 'user_activated_team_leader'
def user_details(userid):
ah = AuthHelper(request)
if not (ah.auth_will_succeed and ah.user.can_view(userid)):
return ah.auth_error_json, 403
user = User.create_user(userid)
details = user.details_dictionary_for(ah.user)
if 'email' in details:
"""Then the requesting user can view the emails -- also tell them
about any pending changes."""
email_change_rq = PendingEmail(user.username)
if email_change_rq.in_db:
new_email = email_change_rq.new_email
if new_email != details['email']:
details['new_email'] = new_email
return json.dumps(details), 200
def test_post_sets_first_last_name():
old_first = "student1i"
old_last = "student"
params = {"username":"******",
"password":"******",
"new_first_name":"asdf",
"new_last_name":"cheese",
}
r,data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200
details_dict = User("student_coll1_1").details_dictionary_for(User.create_user("student_coll1_1", "cows"))
assert details_dict["first_name"] == "asdf"
assert details_dict["last_name"] == "cheese"
u = User("student_coll1_1")
u.set_first_name(old_first)
u.set_last_name(old_last)
u.save()
def test_verify_success(self):
username = "******"
setup_password_reset(username, 'bees')
r, data = test_helpers.server_get("/reset_password/" + username + "/bees")
self.assertEqual(200, r.status, data)
try:
match = re.search(r'"password": "******"]+)"', data)
self.assertTrue(match, "Failed to extract password")
new_password = match.group(1)
user = User.create_user(username, new_password)
self.assertTrue(user.is_authenticated, "Wrong password ({0}) found in page!".format(new_password))
finally:
User(username).set_password('cows')
ppr = PendingPasswordReset('student_coll1_1')
self.assertFalse(ppr.in_db, "{0} should no longer in the database.".format(ppr))
def test_details_dictionary_for_blueshirt_non_member():
u = User.create_user("blueshirt")
c = College("college-2")
data = c.details_dictionary_for(u)
actual_name = data["name"]
assert actual_name == "secondary college"
actual_teams = data["teams"]
assert actual_teams == ["team-QWZ"]
assert "users" not in data
actual_counts = data["counts"]
expected_counts = {
'team_leaders': 1,
'students': 2,
'media_consent': 0,
'withdrawn': 0,
}
assert actual_counts == expected_counts
def set_user_details(userid):
ah = AuthHelper(request)
if ah.auth_will_succeed and ah.user.can_administrate(userid):
user_to_update = User.create_user(userid)
if request.form.has_key("new_email") and not ah.user.is_blueshirt:
new_email = request.form["new_email"]
request_new_email(user_to_update, new_email)
if request.form.has_key("new_password"):
user_to_update.set_password(request.form["new_password"])
if request.form.has_key("new_first_name"):
user_to_update.set_first_name(request.form["new_first_name"])
if request.form.has_key("new_last_name"):
user_to_update.set_last_name(request.form["new_last_name"])
if request.form.has_key("new_team"):
team = request.form["new_team"]
if (not user_to_update.is_blueshirt) and ah.user.manages_team(team):
user_to_update.set_team(team)
user_to_update.save()
return '{}', 200
else:
return ah.auth_error_json, 403
def send_password_reset(requesting_user, userid):
user_to_update = User.create_user(userid)
if not requesting_user.can_administrate(user_to_update):
return AUTHORIZATION_DENIED
verify_code = helpers.create_verify_code(user_to_update.username, requesting_user.username)
ppr = PendingPasswordReset(user_to_update.username)
ppr.requestor_username = requesting_user.username
ppr.verify_code = verify_code
ppr.save()
log_action('sending password reset', ppr)
url = url_for('reset_password', username=user_to_update.username, code=verify_code, _external=True)
ppr.send_reset_email(
user_to_update.email,
user_to_update.first_name,
url,
"{0} {1}".format(requesting_user.first_name, requesting_user.last_name),
)
return "{}", 202
def set_user_details(userid):
ah = AuthHelper(request)
if not (ah.auth_will_succeed and ah.user.can_administrate(userid)):
return ah.auth_error_json, 403
user_to_update = User.create_user(userid)
if request.form.has_key("new_email") and not ah.user.is_blueshirt:
new_email = request.form["new_email"]
request_new_email(user_to_update, new_email)
# Students aren't allowed to update their own names
# at this point, if the ah.user is valid, we know it's a self-edit
if request.form.has_key("new_first_name") and not ah.user.is_student and request.form["new_first_name"] != '':
user_to_update.set_first_name(request.form["new_first_name"])
if request.form.has_key("new_last_name") and not ah.user.is_student and request.form["new_last_name"] != '':
user_to_update.set_last_name(request.form["new_last_name"])
if request.form.has_key("new_team"):
team = request.form["new_team"]
if (not user_to_update.is_blueshirt) and ah.user.manages_team(team):
user_to_update.set_team(team)
if request.form.has_key("new_type") and ah.user.is_teacher and user_to_update != ah.user:
if request.form["new_type"] == 'student':
user_to_update.make_student()
elif request.form["new_type"] == 'team-leader':
user_to_update.make_teacher()
if request.form.has_key("withdrawn") and request.form['withdrawn'] == 'true' \
and ah.user.can_withdraw(user_to_update):
user_to_update.withdraw()
user_to_update.save()
# Do this separately and last because it makes an immediate change
# to the underlying database, rather than waiting for save().
if request.form.has_key("new_password"):
user_to_update.set_password(request.form["new_password"])
return '{}', 200
def test_details_dictionary_for_student_member():
u = User.create_user("student_coll1_1")
data = assert_college_1_details_dictionary_for(u)
actual_users = data["users"]
assert actual_users == []
def test_details_dictionary_for_non_member():
c = College("college-1")
u = User.create_user("student_coll2_1")
with assert_raises(AssertionError):
c.details_dictionary_for(u)
