def test_can_redirect_to_domains_on_same_domain_after_login(self, came_from):
user = User.example()
quoted_came_from = urllib.quote_plus(came_from)
request = self.init_fake_request(server_name='server.example',
request_uri='/login/post_login?came_from='+quoted_came_from)
response = self.call_post_login(user, request=request)
assert_equals(came_from, response.location)
def test_handles_bad_came_from_parameter_gracefully(self):
user = User.example()
quoted_came_from = urllib.quote_plus('invalid junk')
request = self.init_fake_request(server_name='server.example',
request_uri='/login/post_login?came_from='+quoted_came_from)
response = self.call_post_login(user, request=request)
assert_equals('http://server.example:80/', response.location)
def test_can_redirect_to_domains_on_same_domain_after_login(self, came_from):
user = User.example()
quoted_came_from = urllib.quote_plus(came_from)
request = self.init_fake_request(server_name='server.example',
request_uri='/login/post_login?came_from='+quoted_came_from)
response = self.call_post_login(user, request=request)
assert_equals(came_from, response.location)
def test_handles_bad_came_from_parameter_gracefully(self):
user = User.example()
quoted_came_from = urllib.quote_plus('invalid junk')
request = self.init_fake_request(server_name='server.example',
request_uri='/login/post_login?came_from='+quoted_came_from)
response = self.call_post_login(user, request=request)
assert_equals('http://server.example:80/', response.location)
def test_uses_correct_redirect_url_if_mediadrop_is_mounted_in_subdirectory(self):
user = User.example()
request = self.init_fake_request(server_name="server.example", request_uri="/login/post_login")
request.environ["SCRIPT_NAME"] = "my_media"
response = self.call_post_login(user, request=request)
assert_equals("http://server.example:80/my_media/", response.location)
def test_non_editors_are_redirect_to_home_page_after_login(self):
user = User.example()
perm = MediaDropPermissionSystem.permissions_for_user(user, config)
assert_false(perm.contains_permission(u'edit'))
assert_false(perm.contains_permission(u'admin'))
response = self.call_post_login(user)
assert_equals('http://server.example:80/', response.location)
def test_non_editors_are_redirect_to_home_page_after_login(self):
user = User.example()
perm = MediaDropPermissionSystem.permissions_for_user(user, config)
assert_false(perm.contains_permission(u'edit'))
assert_false(perm.contains_permission(u'admin'))
response = self.call_post_login(user)
assert_equals('http://server.example:80/', response.location)
def test_prevent_parameter_base_redirection(self):
user = User.example()
came_from = urllib.quote_plus('http://evil.site/malware/')
request = self.init_fake_request(server_name='server.example',
request_uri='/login/post_login?came_from='+came_from)
response = self.call_post_login(user, request=request)
assert_equals('http://server.example:80/', response.location,
message='should only redirect to urls on the same domain')
def test_uses_correct_redirect_url_if_mediadrop_is_mounted_in_subdirectory(self):
user = User.example()
request = self.init_fake_request(server_name='server.example',
request_uri='/login/post_login')
request.environ['SCRIPT_NAME'] = 'my_media'
response = self.call_post_login(user, request=request)
assert_equals('http://server.example:80/my_media/', response.location)
def test_can_create_example_user(self):
user = User.example()
assert_not_none(user.id)
assert_equals(u'joe', user.user_name)
assert_equals(u'Joe Smith', user.display_name)
assert_equals(u'*****@*****.**', user.email_address)
assert_almost_equals(datetime.now(), user.created,
max_delta=timedelta(seconds=1))
def test_uses_correct_redirect_url_if_mediadrop_is_mounted_in_subdirectory(self):
user = User.example()
request = self.init_fake_request(server_name='server.example',
request_uri='/login/post_login')
request.environ['SCRIPT_NAME'] = 'my_media'
response = self.call_post_login(user, request=request)
assert_equals('http://server.example:80/my_media/', response.location)
def test_prevent_parameter_base_redirection(self):
user = User.example()
came_from = urllib.quote_plus('http://evil.site/malware/')
request = self.init_fake_request(server_name='server.example',
request_uri='/login/post_login?came_from='+came_from)
response = self.call_post_login(user, request=request)
assert_equals('http://server.example:80/', response.location,
message='should only redirect to urls on the same domain')
def test_can_create_example_user(self):
user = User.example()
assert_not_none(user.id)
assert_equals(u'joe', user.user_name)
assert_equals(u'Joe Smith', user.display_name)
assert_equals(u'*****@*****.**', user.email_address)
assert_almost_equals(datetime.now(), user.created,
max_delta=timedelta(seconds=1))
def _create_user_with_admin_permission_only(self):
admin_perm = DBSession.query(Permission).filter(Permission.permission_name == u'admin').one()
second_admin_group = Group.example(name=u'Second admin group')
admin_perm.groups.append(second_admin_group)
admin = User.example(groups=[second_admin_group])
DBSession.commit()
perm = MediaDropPermissionSystem.permissions_for_user(admin, config)
assert_true(perm.contains_permission(u'admin'))
assert_false(perm.contains_permission(u'edit'))
return admin
def _create_user_with_admin_permission_only(self):
admin_perm = DBSession.query(Permission).filter(Permission.permission_name == u'admin').one()
second_admin_group = Group.example(name=u'Second admin group')
admin_perm.groups.append(second_admin_group)
admin = User.example(groups=[second_admin_group])
DBSession.commit()
perm = MediaDropPermissionSystem.permissions_for_user(admin, config)
assert_true(perm.contains_permission(u'admin'))
assert_false(perm.contains_permission(u'edit'))
return admin
def test_permits_access_if_user_is_logged_in(self):
request = self.init_fake_request()
self.set_authenticated_user(User.example())
assert_true(is_logged_in().has_required_permission(request))
def test_permits_access_if_user_is_logged_in(self):
request = self.init_fake_request()
self.set_authenticated_user(User.example())
assert_true(is_logged_in().has_required_permission(request))
def _create_user_with_edit_permission_only(self):
editor = User.example(groups=[self.editor_group()])
perm = MediaDropPermissionSystem.permissions_for_user(editor, config)
assert_true(perm.contains_permission(u'edit'))
assert_false(perm.contains_permission(u'admin'))
return editor
def test_can_override_example_data(self):
user = User.example(display_name=u'Bar Foo')
assert_equals(u'Bar Foo', user.display_name)
def test_can_override_example_data(self):
user = User.example(display_name=u'Bar Foo')
assert_equals(u'Bar Foo', user.display_name)
def _create_user_with_edit_permission_only(self):
editor = User.example(groups=[self.editor_group()])
perm = MediaDropPermissionSystem.permissions_for_user(editor, config)
assert_true(perm.contains_permission(u'edit'))
assert_false(perm.contains_permission(u'admin'))
return editor
