def get_or_create_app(name,
redirect_uri,
user,
client_id=None,
client_secret=None):
"""
Get or creates an OAuth2 application.
"""
try:
application = Application.objects.get(name=name)
except Application.DoesNotExist:
application = Application()
application.user = user
if client_id and client_secret:
application.client_id = client_id
application.client_secret = client_secret
application.name = name
application.authorization_grant_type = Application.GRANT_AUTHORIZATION_CODE
application.client_type = Application.CLIENT_CONFIDENTIAL
application.redirect_uris = redirect_uri
application.save()
return application
def save(self, commit=True):
app = Application(**self.cleaned_data)
app.authorization_grant_type = Application.GRANT_CLIENT_CREDENTIALS
app.user = self.user
app.client_type = Application.CLIENT_CONFIDENTIAL
app.save(commit)
return app
def add_auth(entity, user, form):
if "client_id" in form.cleaned_data:
if "client_secret" in form.cleaned_data:
if "token_end_point" in form.cleaned_data:
id = form.cleaned_data['client_id']
secret = form.cleaned_data['client_secret']
end_point = form.cleaned_data['token_end_point']
client = OAuthRemoteClient()
client.client_id = id
client.client_secret = secret
client.token_endpoint = end_point
client.entity = entity
client.save()
application = Application()
application.user = user
application.client_type = 'confidential'
application.authorization_grant_type = 'client-credentials'
application.name = entity.name
application.save()
entityOA = EntityOAuth()
entityOA.entity = entity
entityOA.application = application
entityOA.save()
def save(self, commit=True):
app = Application(**self.cleaned_data)
app.authorization_grant_type = Application.GRANT_CLIENT_CREDENTIALS
app.user = self.user
app.client_type = Application.CLIENT_CONFIDENTIAL
app.save(commit)
return app
def createApplication(self, user, name, id, secret):
application = Application()
application.user = user
application.client_type = 'confidential'
application.authorization_grant_type = 'password'
application.name = name
application.client_id = id
application.client_secret = secret
application.save()
def createApplication(self, user, name, id, secret):
application = Application()
application.user = user
application.client_type = 'confidential'
application.authorization_grant_type = 'password'
application.name = name
application.client_id = id
application.client_secret = secret
application.save()
def create_user_settings(sender, instance=None, created=False, **kwargs):
""" For created user, creating Application instance for oauth2 model,
use 'client_type = public' for authorization with client_id without client_secret,
and 'grant_type = password' for password authenticate.
Value for variable from oauth source code.
"""
if created:
app = Application()
app.user = instance
app.name = 'default'
app.authorization_grant_type = 'password'
app.client_type = 'public'
app.save()
def setUp(self):
user = MyUser.objects.create(username=self.username)
self.client = APIClient()
self.client.force_authenticate(user=user)
self.user = user
self.user.set_password(self.password)
self.user.save()
self.cl = APIClient()
app= Application()
app.client_id=self.client_id
app.user=self.user
app.authorization_grant_type="password"
app.client_type="public"
app.client_secret=self.client_secret
app.save()
def save(self, *args, **kwargs):
if hasattr(self, "application"):
application = self.application
else:
application = Application()
application.name = self.name
application.user = self.coordinator.user
application.client_type = Application.CLIENT_CONFIDENTIAL
application.redirect_uris = self.redirect_url
application.authorization_grant_type = Application.GRANT_AUTHORIZATION_CODE
application.save()
self.application = application
super(OAuth2DataRequestProject, self).save(*args, **kwargs)
def setup_user_token():
# create user
user = User.objects.create_user('hongzhi', password='******')
# create oauth application
app = Application()
app.user = user
app.save()
token = AccessToken()
token.user = user
token.expires = timezone.now().replace(year=timezone.now().year + 1)
token.application = app
token.token = '987654321'
token.save()
return user, token.token
def save(self, *args, **kwargs):
if hasattr(self, "application"):
application = self.application
else:
application = Application()
application.name = self.name
application.user = self.coordinator.user
application.client_type = Application.CLIENT_CONFIDENTIAL
application.redirect_uris = self.redirect_url
application.authorization_grant_type = Application.GRANT_AUTHORIZATION_CODE
application.save()
self.application = application
super(OAuth2DataRequestProject, self).save(*args, **kwargs)
def setup_user_token():
# create user
user = User.objects.create_user('hongzhi', password='******')
# create oauth application
app = Application()
app.user = user
app.save()
token = AccessToken()
token.user = user
token.expires = timezone.now().replace(year=timezone.now().year + 1)
token.application = app
token.token = '987654321'
token.save()
return user, token.token
def form_valid(self, form):
if Application.objects.filter(name=form.cleaned_data["application_name"]).exists():
messages.warning(self.request, "Application with this name already exists.")
else:
oapp = OAuthApplication()
oapp.description = form.cleaned_data["description"]
oapp.website = form.cleaned_data["website"]
omodel = Application()
omodel.user = self.request.user
omodel.redirect_uris = form.cleaned_data["callback_url"]
omodel.client_type = "confidential"
omodel.authorization_grant_type = "authorization-code"
omodel.name = form.cleaned_data["application_name"]
omodel.save()
oapp.client = omodel
oapp.save()
messages.success(self.request, "Application Created!")
return super(OAuthClientCreateView, self).form_valid(form)
def get_or_create_app(name, redirect_uri, user, client_id=None, client_secret=None):
"""
Get or creates an OAuth2 application.
"""
try:
application = Application.objects.get(name=name)
except Application.DoesNotExist:
application = Application()
application.user = user
if client_id and client_secret:
application.client_id = client_id
application.client_secret = client_secret
application.name = name
application.authorization_grant_type = Application.GRANT_AUTHORIZATION_CODE
application.client_type = Application.CLIENT_CONFIDENTIAL
application.redirect_uris = redirect_uri
application.save()
return application
def test_unregister(self):
"""
To test that unregistering user is working.
"""
# test not logged user can't unregister.
self.client.logout()
result = self.client.post(reverse('member-unregister'), follow=False)
self.assertEqual(result.status_code, 302)
# test logged user can register.
user = ProfileFactory()
login_check = self.client.login(username=user.user.username,
password='******')
self.assertEqual(login_check, True)
result = self.client.post(reverse('member-unregister'), follow=False)
self.assertEqual(result.status_code, 302)
self.assertEqual(
User.objects.filter(username=user.user.username).count(), 0)
# Attach a user at tutorials, articles, topics and private topics. After that,
# unregister this user and check that he is well removed in all contents.
user = ProfileFactory()
user2 = ProfileFactory()
alone_gallery = GalleryFactory()
UserGalleryFactory(gallery=alone_gallery, user=user.user)
shared_gallery = GalleryFactory()
UserGalleryFactory(gallery=shared_gallery, user=user.user)
UserGalleryFactory(gallery=shared_gallery, user=user2.user)
# first case : a published tutorial with only one author
published_tutorial_alone = PublishedContentFactory(type='TUTORIAL')
published_tutorial_alone.authors.add(user.user)
published_tutorial_alone.save()
# second case : a published tutorial with two authors
published_tutorial_2 = PublishedContentFactory(type='TUTORIAL')
published_tutorial_2.authors.add(user.user)
published_tutorial_2.authors.add(user2.user)
published_tutorial_2.save()
# third case : a private tutorial with only one author
writing_tutorial_alone = PublishableContentFactory(type='TUTORIAL')
writing_tutorial_alone.authors.add(user.user)
writing_tutorial_alone.save()
writing_tutorial_alone_galler_path = writing_tutorial_alone.gallery.get_gallery_path(
)
# fourth case : a private tutorial with at least two authors
writing_tutorial_2 = PublishableContentFactory(type='TUTORIAL')
writing_tutorial_2.authors.add(user.user)
writing_tutorial_2.authors.add(user2.user)
writing_tutorial_2.save()
self.client.login(username=self.staff.username, password="******")
# same thing for articles
published_article_alone = PublishedContentFactory(type='ARTICLE')
published_article_alone.authors.add(user.user)
published_article_alone.save()
published_article_2 = PublishedContentFactory(type='ARTICLE')
published_article_2.authors.add(user.user)
published_article_2.authors.add(user2.user)
published_article_2.save()
writing_article_alone = PublishableContentFactory(type='ARTICLE')
writing_article_alone.authors.add(user.user)
writing_article_alone.save()
writing_article_2 = PublishableContentFactory(type='ARTICLE')
writing_article_2.authors.add(user.user)
writing_article_2.authors.add(user2.user)
writing_article_2.save()
# beta content
beta_forum = ForumFactory(category=CategoryFactory())
beta_content = BetaContentFactory(author_list=[user.user],
forum=beta_forum)
beta_content_2 = BetaContentFactory(
author_list=[user.user, user2.user], forum=beta_forum)
# about posts and topics
authored_topic = TopicFactory(author=user.user, forum=self.forum11)
answered_topic = TopicFactory(author=user2.user, forum=self.forum11)
PostFactory(topic=answered_topic, author=user.user, position=2)
edited_answer = PostFactory(topic=answered_topic,
author=user.user,
position=3)
edited_answer.editor = user.user
edited_answer.save()
upvoted_answer = PostFactory(topic=answered_topic,
author=user2.user,
position=4)
upvoted_answer.like += 1
upvoted_answer.save()
CommentVote.objects.create(user=user.user,
comment=upvoted_answer,
positive=True)
private_topic = PrivateTopicFactory(author=user.user)
private_topic.participants.add(user2.user)
private_topic.save()
PrivatePostFactory(author=user.user,
privatetopic=private_topic,
position_in_topic=1)
# add API key
self.assertEqual(Application.objects.count(), 0)
self.assertEqual(AccessToken.objects.count(), 0)
api_application = Application()
api_application.client_id = 'foobar'
api_application.user = user.user
api_application.client_type = 'confidential'
api_application.authorization_grant_type = 'password'
api_application.client_secret = '42'
api_application.save()
token = AccessToken()
token.user = user.user
token.token = 'r@d0m'
token.application = api_application
token.expires = datetime.now()
token.save()
self.assertEqual(Application.objects.count(), 1)
self.assertEqual(AccessToken.objects.count(), 1)
# login and unregister:
login_check = self.client.login(username=user.user.username,
password='******')
self.assertEqual(login_check, True)
result = self.client.post(reverse('member-unregister'), follow=False)
self.assertEqual(result.status_code, 302)
# check that the bot have taken authorship of tutorial:
self.assertEqual(published_tutorial_alone.authors.count(), 1)
self.assertEqual(published_tutorial_alone.authors.first().username,
settings.ZDS_APP["member"]["external_account"])
self.assertFalse(os.path.exists(writing_tutorial_alone_galler_path))
self.assertEqual(published_tutorial_2.authors.count(), 1)
self.assertEqual(
published_tutorial_2.authors.filter(
username=settings.ZDS_APP["member"]
["external_account"]).count(), 0)
# check that published tutorials remain published and accessible
self.assertIsNotNone(
published_tutorial_2.public_version.get_prod_path())
self.assertTrue(
os.path.exists(
published_tutorial_2.public_version.get_prod_path()))
self.assertIsNotNone(
published_tutorial_alone.public_version.get_prod_path())
self.assertTrue(
os.path.exists(
published_tutorial_alone.public_version.get_prod_path()))
self.assertEqual(
self.client.get(reverse('tutorial:view',
args=[
published_tutorial_alone.pk,
published_tutorial_alone.slug
]),
follow=False).status_code, 200)
self.assertEqual(
self.client.get(reverse(
'tutorial:view',
args=[published_tutorial_2.pk, published_tutorial_2.slug]),
follow=False).status_code, 200)
# test that published articles remain accessible
self.assertTrue(
os.path.exists(
published_article_alone.public_version.get_prod_path()))
self.assertEqual(
self.client.get(reverse('article:view',
args=[
published_article_alone.pk,
published_article_alone.slug
]),
follow=True).status_code, 200)
self.assertEqual(
self.client.get(reverse(
'article:view',
args=[published_article_2.pk, published_article_2.slug]),
follow=True).status_code, 200)
# check that the tutorial for which the author was alone does not exists anymore
self.assertEqual(
PublishableContent.objects.filter(
pk=writing_tutorial_alone.pk).count(), 0)
self.assertFalse(os.path.exists(
writing_tutorial_alone.get_repo_path()))
# check that bot haven't take the authorship of the tuto with more than one author
self.assertEqual(writing_tutorial_2.authors.count(), 1)
self.assertEqual(
writing_tutorial_2.authors.filter(
username=settings.ZDS_APP["member"]
["external_account"]).count(), 0)
# authorship for the article for which user was the only author
self.assertEqual(published_article_alone.authors.count(), 1)
self.assertEqual(published_article_alone.authors.first().username,
settings.ZDS_APP["member"]["external_account"])
self.assertEqual(published_article_2.authors.count(), 1)
self.assertEqual(
PublishableContent.objects.filter(
pk=writing_article_alone.pk).count(), 0)
self.assertFalse(os.path.exists(writing_article_alone.get_repo_path()))
# not bot if another author:
self.assertEqual(
published_article_2.authors.filter(
username=settings.ZDS_APP["member"]
["external_account"]).count(), 0)
self.assertEqual(writing_article_2.authors.count(), 1)
self.assertEqual(
writing_article_2.authors.filter(
username=settings.ZDS_APP["member"]
["external_account"]).count(), 0)
# topics, gallery and PMs:
self.assertEqual(
Topic.objects.filter(author__username=user.user.username).count(),
0)
self.assertEqual(
Post.objects.filter(author__username=user.user.username).count(),
0)
self.assertEqual(
Post.objects.filter(editor__username=user.user.username).count(),
0)
self.assertEqual(
PrivatePost.objects.filter(
author__username=user.user.username).count(), 0)
self.assertEqual(
PrivateTopic.objects.filter(
author__username=user.user.username).count(), 0)
self.assertIsNotNone(Topic.objects.get(pk=authored_topic.pk))
self.assertIsNotNone(PrivateTopic.objects.get(pk=private_topic.pk))
self.assertIsNotNone(Gallery.objects.get(pk=alone_gallery.pk))
self.assertEquals(alone_gallery.get_linked_users().count(), 1)
self.assertEquals(shared_gallery.get_linked_users().count(), 1)
self.assertEquals(
UserGallery.objects.filter(user=user.user).count(), 0)
self.assertEquals(
CommentVote.objects.filter(user=user.user, positive=True).count(),
0)
self.assertEquals(
Post.objects.filter(pk=upvoted_answer.id).first().like, 0)
# zep 12, published contents and beta
self.assertIsNotNone(
PublishedContent.objects.filter(
content__pk=published_tutorial_alone.pk).first())
self.assertIsNotNone(
PublishedContent.objects.filter(
content__pk=published_tutorial_2.pk).first())
self.assertTrue(
Topic.objects.get(pk=beta_content.beta_topic.pk).is_locked)
self.assertFalse(
Topic.objects.get(pk=beta_content_2.beta_topic.pk).is_locked)
# check API
self.assertEqual(Application.objects.count(), 0)
self.assertEqual(AccessToken.objects.count(), 0)
