def test_increment_user_activity_counters(self): user = UserFactory() date = timezone.now() assert_equal(user.get_activity_points(db=None), 0) analytics.increment_user_activity_counters(user._id, 'project_created', date.isoformat(), db=None) assert_equal(user.get_activity_points(db=None), 1)
class TestDisableUser(AdminTestCase): def setUp(self): self.user = UserFactory() self.request = RequestFactory().post('/fake_path') self.view = views.UserDeleteView self.view = setup_log_view(self.view, self.request, guid=self.user._id) def test_get_object(self): obj = self.view().get_object() nt.assert_is_instance(obj, OSFUser) def test_get_context(self): res = self.view().get_context_data(object=self.user) nt.assert_in('guid', res) nt.assert_equal(res.get('guid'), self.user._id) def test_disable_user(self): settings.ENABLE_EMAIL_SUBSCRIPTIONS = False count = AdminLogEntry.objects.count() self.view().delete(self.request) self.user.reload() nt.assert_true(self.user.is_disabled) nt.assert_equal(AdminLogEntry.objects.count(), count + 1) def test_reactivate_user(self): settings.ENABLE_EMAIL_SUBSCRIPTIONS = False self.view().delete(self.request) count = AdminLogEntry.objects.count() self.view().delete(self.request) self.user.reload() nt.assert_false(self.user.is_disabled) nt.assert_equal(AdminLogEntry.objects.count(), count + 1) def test_no_user(self): view = setup_view(views.UserDeleteView(), self.request, guid='meh') with nt.assert_raises(Http404): view.delete(self.request) def test_no_user_permissions_raises_error(self): user = UserFactory() guid = user._id request = RequestFactory().get(reverse('users:disable', kwargs={'guid': guid})) request.user = user with self.assertRaises(PermissionDenied): self.view.as_view()(request, guid=guid) def test_correct_view_permissions(self): user = UserFactory() guid = user._id change_permission = Permission.objects.get(codename='change_osfuser') user.user_permissions.add(change_permission) user.save() request = RequestFactory().get(reverse('users:disable', kwargs={'guid': guid})) request.user = user response = self.view.as_view()(request, guid=guid) self.assertEqual(response.status_code, 200)
def test_revoke_remote_access_not_called(self): user2 = UserFactory() user2.external_accounts.add(self.external_account) user2.save() with mock.patch.object(self.user_settings, 'revoke_remote_oauth_access') as mock_revoke: with mock_auth(self.user): self.user_settings.revoke_oauth_access(self.external_account) assert_equal(mock_revoke.call_count, 0)
def test_no_two_emails_to_same_person(self, mock_send): user = UserFactory() user.osf_mailing_lists[settings.OSF_HELP_LIST] = True user.save() self.queue_mail(user=user) self.queue_mail(user=user) main(dry_run=False) assert_equal(mock_send.call_count, 1)
def test_serialize_user_merged(self): master = UserFactory() user = UserFactory() master.merge_user(user) d = utils.serialize_user(user, full=True) assert_true(d['is_merged']) assert_equal(d['merged_by']['url'], user.merged_by.url) assert_equal(d['merged_by']['absolute_url'], user.merged_by.absolute_url)
def test_csrf_cookie_gets_set_on_authd_request(self): user = UserFactory() # use session auth session_cookie = user.get_or_create_cookie() self.app.set_cookie(settings.COOKIE_NAME, str(session_cookie)) res = self.app.get('/settings/') assert res.status_code == 200 assert api_settings.CSRF_COOKIE_NAME in self.app.cookies
class TestGithubNodeSettings(unittest.TestCase): def setUp(self): super(TestGithubNodeSettings, self).setUp() self.user = UserFactory() self.user.add_addon('github') self.user_settings = self.user.get_addon('github') self.external_account = factories.GitHubAccountFactory() self.user_settings.owner.external_accounts.add(self.external_account) self.user_settings.owner.save() self.node_settings = factories.GitHubNodeSettingsFactory(user_settings=self.user_settings) @mock.patch('addons.github.api.GitHubClient.delete_hook') def test_delete_hook(self, mock_delete_hook): self.node_settings.hook_id = 'hook' self.node_settings.save() args = ( self.node_settings.user, self.node_settings.repo, self.node_settings.hook_id, ) res = self.node_settings.delete_hook() assert_true(res) mock_delete_hook.assert_called_with(*args) @mock.patch('addons.github.api.GitHubClient.delete_hook') def test_delete_hook_no_hook(self, mock_delete_hook): res = self.node_settings.delete_hook() assert_false(res) assert_false(mock_delete_hook.called) @mock.patch('addons.github.api.GitHubClient.delete_hook') def test_delete_hook_not_found(self, mock_delete_hook): self.node_settings.hook_id = 'hook' self.node_settings.save() mock_delete_hook.side_effect = NotFoundError args = ( self.node_settings.user, self.node_settings.repo, self.node_settings.hook_id, ) res = self.node_settings.delete_hook() assert_false(res) mock_delete_hook.assert_called_with(*args) @mock.patch('addons.github.api.GitHubClient.delete_hook') def test_delete_hook_error(self, mock_delete_hook): self.node_settings.hook_id = 'hook' self.node_settings.save() mock_delete_hook.side_effect = GitHubError(mock.Mock()) args = ( self.node_settings.user, self.node_settings.repo, self.node_settings.hook_id, ) res = self.node_settings.delete_hook() assert_false(res) mock_delete_hook.assert_called_with(*args)
def setUp(self): super(TestMergingAccounts, self).setUp() self.user = UserFactory.build() self.user.fullname = "tess' test string" self.user.set_password('science') self.user.save() self.dupe = UserFactory.build() self.dupe.set_password('example') self.dupe.save()
def create_fake_user(): email = fake_email() name = fake.name() user = UserFactory(username=email, fullname=name, is_registered=True, emails=[email], date_registered=fake.date_time(tzinfo=pytz.UTC), ) user.set_password('faker123') user.save() logger.info('Created user: {0} <{1}>'.format(user.fullname, user.username)) return user
def test_serialize_account_status(self): user = UserFactory() info = serialize_user(user) nt.assert_equal(info['disabled'], False) user.is_disabled = True info = serialize_user(user) nt.assert_almost_equal( int(info['disabled'].strftime('%s')), int(timezone.now().strftime('%s')), delta=50) nt.assert_is_instance(info['disabled'], datetime)
def test_subscribe_fake_email_does_not_throw_validation_error(self, mock_get_mailchimp_api): list_name = 'foo' user = UserFactory(username='******') mock_client = mock.MagicMock() mock_get_mailchimp_api.return_value = mock_client mock_client.lists.list.return_value = {'data': [{'id': 1, 'list_name': list_name}]} mock_client.lists.subscribe.side_effect = mailchimp.ValidationError mailchimp_utils.subscribe_mailchimp(list_name, user._id) handlers.celery_teardown_request() user.reload() assert_false(user.mailchimp_mailing_lists[list_name])
def test_get_total_activity_count(self): user = UserFactory() date = timezone.now() assert_equal(analytics.get_total_activity_count(user._id), 0) assert_equal(analytics.get_total_activity_count(user._id), user.get_activity_points()) analytics.increment_user_activity_counters(user._id, 'project_created', date.isoformat()) assert_equal(analytics.get_total_activity_count(user._id), 1) assert_equal(analytics.get_total_activity_count(user._id), user.get_activity_points())
def setUp(self): super(TestInstitutionUsersList, self).setUp() self.institution = InstitutionFactory() self.user1 = UserFactory() self.user1.affiliated_institutions.add(self.institution) self.user1.save() self.user2 = UserFactory() self.user2.affiliated_institutions.add(self.institution) self.user2.save() self.institution_user_url = '/{0}institutions/{1}/users/'.format(API_BASE, self.institution._id)
def test_region_wb_url_from_creators_defaults(self): user = UserFactory() region = factories.RegionFactory() user_settings = user.get_addon('osfstorage') user_settings.default_region = region user_settings.save() project = ProjectFactory(creator=user) node_settings = project.get_addon('osfstorage') assert node_settings.region_id == region.id
def test_swapping_guids(self): user = UserFactory() node = NodeFactory() user_guid = user.guids[0] node_guid = node.guids[0] user._id = node_guid._id node._id = user_guid._id assert node_guid._id == user._id assert user_guid._id == node._id
class TestDisabledUser(OsfTestCase): def setUp(self): super(TestDisabledUser, self).setUp() self.user = UserFactory() self.user.set_password('Korben Dallas') self.user.is_disabled = True self.user.save() def test_profile_disabled_returns_401(self): res = self.app.get(self.user.url, expect_errors=True) assert_equal(res.status_code, 410)
def test_serialize_two_factor(self): user = UserFactory() info = serialize_user(user) nt.assert_false(info['two_factor']) user.get_or_add_addon('twofactor') info = serialize_user(user) nt.assert_is_instance(info, dict) nt.assert_equal(info['name'], user.fullname) nt.assert_equal(list(info['emails']), list(user.emails.values_list('address', flat=True))) nt.assert_equal(info['last_login'], user.date_last_login) nt.assert_equal(len(info['nodes']), 0) nt.assert_true(info['two_factor'])
def test_serialize_user(self): master = UserFactory() user = UserFactory() master.merge_user(user) d = utils.serialize_user(user) assert_equal(d['id'], user._primary_key) assert_equal(d['url'], user.url) assert_equal(d.get('username', None), None) assert_equal(d['fullname'], user.fullname) assert_equal(d['registered'], user.is_registered) assert_equal(d['absolute_url'], user.absolute_url) assert_equal(d['date_registered'], user.date_registered.strftime('%Y-%m-%d')) assert_equal(d['active'], user.is_active)
def test_correct_view_permissions(self): user = UserFactory() guid = user._id view_permission = Permission.objects.get(codename='view_osfuser') user.user_permissions.add(view_permission) user.save() request = RequestFactory().get(reverse('users:user', kwargs={'guid': guid})) request.user = user response = views.UserView.as_view()(request, guid=guid) self.assertEqual(response.status_code, 200)
def test_must_be_authorizer_false(self): # Setup self.project.add_addon('github', auth=None) node_settings = self.project.get_addon('github') user2 = UserFactory() user2.add_addon('github') user_settings = user2.get_addon('github') node_settings.user_settings = user_settings node_settings.save() # Test with assert_raises(HTTPError): self.decorated()
def test_build_create_user_time_conflict(self): # Test that build and create user factories do not create conflicting usernames # because they occured quickly user_email_one = fake_email() user_email_two = fake_email() assert user_email_one != user_email_two user_one_build = UserFactory.build() user_two_build = UserFactory.build() assert user_one_build.username != user_two_build.username user_one_create = UserFactory() user_two_create = UserFactory() assert user_one_create.username != user_two_create.username
def test_callback_wrong_user(self): # Reject temporary credentials not assigned to the user # # This prohibits users from associating their external account with # another user's OSF account by using XSS or similar attack vector to # complete the OAuth flow using the logged-in user but their own account # on the external service. # # If the OSF were to allow login via OAuth with the provider in question, # this would allow attackers to hijack OSF accounts with a simple script # injection. # mock a successful call to the provider to exchange temp keys for # permanent keys responses.add( responses.Response( responses.POST, 'http://mock1a.com/callback', body='oauth_token=perm_token' '&oauth_token_secret=perm_secret' '&oauth_callback_confirmed=true', ) ) user = UserFactory() account = ExternalAccountFactory( provider="mock1a", provider_name='Mock 1A', oauth_key="temp_key", oauth_secret="temp_secret" ) account.save() # associate this ExternalAccount instance with the user user.external_accounts.add(account) user.save() malicious_user = UserFactory() # Fake a request context for the callback with self.app.app.test_request_context( path="/oauth/callback/mock1a/", query_string="oauth_token=temp_key&oauth_verifier=mock_verifier" ): # make sure the user is logged in authenticate(user=malicious_user, access_token=None, response=None) with assert_raises(PermissionsError): # do the key exchange self.provider.auth_callback(user=malicious_user)
def test_users_list_filter_multiple_fields_with_additional_filters(self): self.john_doe = UserFactory(fullname='John Doe') self.john_doe.given_name = 'John' self.john_doe.family_name = 'Doe' self.john_doe.save() self.doe_jane = UserFactory(fullname='Doe Jane') self.doe_jane.given_name = 'Doe' self.doe_jane.family_name = 'Jane' self.doe_jane.save() url = "/{}users/?filter[given_name,family_name]=Doe&filter[id]={}".format(API_BASE, self.john_doe._id) res = self.app.get(url) data = res.json['data'] assert_equal(len(data), 1)
def test_correct_view_permissions(self): user = UserFactory() guid = user._id view_permission = Permission.objects.get(codename='view_osfuser') spam_permission = Permission.objects.get(codename='view_spam') user.user_permissions.add(view_permission) user.user_permissions.add(spam_permission) user.save() request = RequestFactory().get(self.url) request.user = user response = self.plain_view.as_view()(request, guid=guid) self.assertEqual(response.status_code, 200)
def test_users_list_filter_multiple_field(self, app, user_one, user_two): john_doe = UserFactory(fullname='John Doe') john_doe.given_name = 'John' john_doe.family_name = 'Doe' john_doe.save() doe_jane = UserFactory(fullname='Doe Jane') doe_jane.given_name = 'Doe' doe_jane.family_name = 'Jane' doe_jane.save() url = '/{}users/?filter[given_name,family_name]=Doe'.format(API_BASE) res = app.get(url) data = res.json['data'] assert len(data) == 2
def test_multiple_users_associated(self): # Create only one ExternalAccount for multiple OSF users # # For some providers (ex: GitHub), the act of completing the OAuth flow # revokes previously generated credentials. In addition, there is often no # way to know the user's id on the external service until after the flow # has completed. # # Having only one ExternalAccount instance per account on the external # service means that connecting subsequent OSF users to the same external # account will not invalidate the credentials used by the OSF for users # already associated. user_a = UserFactory() external_account = ExternalAccountFactory( provider='mock2', provider_id='mock_provider_id', provider_name='Mock Provider', ) user_a.external_accounts.add(external_account) user_a.save() user_b = UserFactory() # Mock the exchange of the code for an access token _prepare_mock_oauth2_handshake_response() # Fake a request context for the callback with self.app.app.test_request_context( path="/oauth/callback/mock2/", query_string="code=mock_code&state=mock_state" ) as ctx: # make sure the user is logged in authenticate(user=user_b, access_token=None, response=None) session.data['oauth_states'] = { self.provider.short_name: { 'state': 'mock_state', }, } session.save() # do the key exchange self.provider.auth_callback(user=user_b) user_a.reload() user_b.reload() external_account.reload() assert_equal( list(user_a.external_accounts.values_list('pk', flat=True)), list(user_b.external_accounts.values_list('pk', flat=True)), ) assert_equal( ExternalAccount.objects.all().count(), 1 )
def test_unverified_orcid(self): user = UserFactory.build(is_registered=True) user.external_identity = {'ORCID': {'fake-orcid': 'SOMETHINGELSE'}} user.save() node = format_user(user) assert {x.attrs['uri'] for x in node.get_related()} == {user.absolute_url, user.profile_image_url()}
def setUp(self): super(TestCallbacks, self).setUp() self.project = ProjectFactory.build() self.consolidated_auth = Auth(self.project.creator) self.project.creator.save() self.non_authenticator = UserFactory() self.non_authenticator.save() self.project.save() self.project.add_contributor( contributor=self.non_authenticator, auth=self.consolidated_auth, ) self.project.add_addon('gitlab', auth=self.consolidated_auth) self.project.creator.add_addon('gitlab') self.external_account = GitLabAccountFactory() self.project.creator.external_accounts.add(self.external_account) self.project.creator.save() self.node_settings = self.project.get_addon('gitlab') self.user_settings = self.project.creator.get_addon('gitlab') self.node_settings.user_settings = self.user_settings self.node_settings.user = '******' self.node_settings.repo = 'Sheer-Heart-Attack' self.node_settings.external_account = self.external_account self.node_settings.save() self.node_settings.set_auth
def setUp(self): self.user = UserFactory() self.public_node = ProjectFactory(creator=self.user, is_public=True) self.private_node = ProjectFactory(creator=self.user, is_public=False) self.request = RequestFactory().post('/fake_path') self.view = views.SpamUserDeleteView self.view = setup_log_view(self.view, self.request, guid=self.user._id)
def test_callback(self): # Exchange temporary credentials for permanent credentials # mock a successful call to the provider to exchange temp keys for # permanent keys httpretty.register_uri( httpretty.POST, 'http://mock1a.com/callback', body=( 'oauth_token=perm_token' '&oauth_token_secret=perm_secret' '&oauth_callback_confirmed=true' ), ) user = UserFactory() # Fake a request context for the callback ctx = self.app.app.test_request_context( path='/oauth/callback/mock1a/', query_string='oauth_token=temp_key&oauth_verifier=mock_verifier', ) with ctx: # make sure the user is logged in authenticate(user=user, access_token=None, response=None) session.data['oauth_states'] = { self.provider.short_name: { 'token': 'temp_key', 'secret': 'temp_secret', }, } session.save() # do the key exchange self.provider.auth_callback(user=user) account = ExternalAccount.objects.first() assert_equal(account.oauth_key, 'perm_token') assert_equal(account.oauth_secret, 'perm_secret') assert_equal(account.provider_id, 'mock_provider_id') assert_equal(account.provider_name, 'Mock OAuth 1.0a Provider')
def test_subscribe_called_with_correct_arguments(self, mock_get_mailchimp_api): list_name = 'foo' user = UserFactory() mock_client = mock.MagicMock() mock_get_mailchimp_api.return_value = mock_client mock_client.lists.list.return_value = {'data': [{'id': 1, 'list_name': list_name}]} list_id = mailchimp_utils.get_list_id_from_name(list_name) mailchimp_utils.subscribe_mailchimp(list_name, user._id) handlers.celery_teardown_request() mock_client.lists.subscribe.assert_called_with( id=list_id, email={'email': user.username}, merge_vars={ 'fname': user.given_name, 'lname': user.family_name, }, double_optin=False, update_existing=True, )
def test_retract_report(self): user = UserFactory() time = timezone.now() self.comment.report_abuse(user, date=time, category='spam', text='ads', save=True) assert_equal(self.comment.spam_status, SpamStatus.FLAGGED) self.comment.retract_report(user, save=True) assert_equal(self.comment.spam_status, SpamStatus.UNKNOWN) equivalent = { 'date': time, 'category': 'spam', 'text': 'ads', 'retracted': True } assert_in(user._id, self.comment.reports) assert_equal(self.comment.reports[user._id], equivalent)
def test_unregistered_user_csl(self): # Tests the csl name for an unregistered user referrer = UserFactory() project = NodeFactory(creator=referrer) user = UnregUserFactory() user.add_unclaimed_record(project, given_name=user.fullname, referrer=referrer, email=fake_email()) user.save() name = user.unclaimed_records[project._primary_key]['name'].split(' ') family_name = name[-1] given_name = ' '.join(name[:-1]) assert bool( user.csl_name(project._id) == { 'given': given_name, 'family': family_name, } )
def test_GET_disapprove_with_wrong_admins_token_returns_HTTPBad_Request(self): admin2 = UserFactory() Contributor.objects.create(user=admin2, node=self.registration) self.registration.add_permission(admin2, 'admin', save=True) self.registration.embargo_registration( self.user, timezone.now() + datetime.timedelta(days=10) ) self.registration.save() assert_true(self.registration.is_pending_embargo) wrong_rejection_token = self.registration.embargo.approval_state[admin2._id]['rejection_token'] res = self.app.get( self.registration.web_url_for('view_project', token=wrong_rejection_token), auth=self.user.auth, expect_errors=True ) assert_true(self.registration.is_pending_embargo) assert_equal(res.status_code, 400)
def test_serialize_node_summary_private_fork_private_project_should_include_is_fork( self): # contributor on a private project user = UserFactory() node = ProjectFactory(is_public=False) node.add_contributor(user) # contributor cannot see private fork of this project consolidated_auth = Auth(user=node.creator) fork = node.fork_node(consolidated_auth) res = serialize_node_summary( fork, auth=Auth(user), primary=True, ) # serialized result should have is_fork assert_false(res['can_view']) assert_true(res['is_fork'])
def test_cannot_set_email_to_a_user_that_already_exists(self): reg_user = UserFactory() name, email = fake.name(), fake_email() new_user = self.project.add_unregistered_contributor( email=email, fullname=name, auth=Auth(self.referrer)) self.project.save() # Goes to claim url and successfully claims account claim_url = new_user.get_claim_url(self.project._primary_key) res = self.app.get(claim_url) self.project.reload() assert_in('Set Password', res) form = res.forms['setPasswordForm'] # Fills out an email that is the username of another user form['username'] = reg_user.username form['password'] = '******' form['password2'] = 'killerqueen' res = form.submit().maybe_follow(expect_errors=True) assert_in(language.ALREADY_REGISTERED.format(email=reg_user.username), res)
def test_service_validate(self): user = UserFactory() url = furl.furl(self.base_url) url.path.segments.extend(( 'p3', 'serviceValidate', )) service_url = 'http://test.osf.io' ticket = fake.md5() body = make_service_validation_response_body(user, ticket) responses.add( responses.Response( responses.GET, url.url, body=body, status=200, )) resp = self.client.service_validate(ticket, service_url) assert_true(resp.authenticated)
def create_fake_user(): email = fake_email() name = fake.name() user = UserFactory( username=email, fullname=name, is_registered=True, emails=[email], date_registered=fake.date_time(tzinfo=pytz.UTC), ) user.set_password('faker123') user.save() logger.info('Created user: {0} <{1}>'.format(user.fullname, user.username)) return user
class TestTriggeredMails(OsfTestCase): def setUp(self): super(TestTriggeredMails, self).setUp() self.user = UserFactory() self.user.date_last_login = timezone.now() self.user.save() @mock.patch('website.mails.queue_mail') def test_dont_trigger_no_login_mail(self, mock_queue): self.user.date_last_login = timezone.now() - timedelta(seconds=6) self.user.save() main(dry_run=False) assert_false(mock_queue.called) @mock.patch('website.mails.queue_mail') def test_trigger_no_login_mail(self, mock_queue): self.user.date_last_login = timezone.now() - timedelta(weeks=6) self.user.save() main(dry_run=False) mock_queue.assert_called_with( user=mock.ANY, fullname=self.user.fullname, to_addr=self.user.username, mail={ 'callback': mock.ANY, 'template': 'no_login', 'subject': mock.ANY }, send_at=mock.ANY, ) @mock.patch('website.mails.send_mail') def test_find_inactive_users_with_no_inactivity_email_sent_or_queued( self, mock_mail): user_active = UserFactory(fullname='Spot') user_inactive = UserFactory(fullname='Nucha') user_already_received_mail = UserFactory(fullname='Pep') user_active.date_last_login = timezone.now() - timedelta(seconds=6) user_inactive.date_last_login = timezone.now() - timedelta(weeks=6) user_already_received_mail.date_last_login = timezone.now( ) - timedelta(weeks=6) user_active.save() user_inactive.save() user_already_received_mail.save() mails.queue_mail(to_addr=user_already_received_mail.username, send_at=timezone.now(), user=user_already_received_mail, mail=mails.NO_LOGIN) users = find_inactive_users_with_no_inactivity_email_sent_or_queued() assert_equal(len(users), 1)
def setUp(self): super(TestDraftFormView, self).setUp() self.user = AuthUserFactory() self.dr1 = DraftRegistrationFactory( initiator=self.user, registration_schema=utils.draft_reg_util(), registration_metadata=utils.SCHEMA_DATA) self.dr1.submit_for_review(self.user, {}, save=True) self.dr1.flags # sets flags if there aren't any yet. self.request = RequestFactory().get('/fake_path') self.view = DraftFormView() self.view = setup_view(self.view, self.request, draft_pk=self.dr1._id) self.post = RequestFactory().post('/fake_path') self.post.user = UserFactory() self.post_view = DraftFormView() self.form_data = { 'notes': 'Far between', 'proof_of_publication': 'approved', }
def test_must_set_self(self): user = UserFactory() assert_equal(self.file.checkout, None) res = self.app.put_json_api( self.file_url, { 'data': { 'id': self.file._id, 'type': 'files', 'attributes': { 'checkout': user._id } } }, auth=self.user.auth, expect_errors=True, ) self.file.reload() assert_equal(res.status_code, 400) assert_equal(self.file.checkout, None)
def test_must_set_self(self, app, user, file, file_url): user_unauthorized = UserFactory() assert file.checkout is None res = app.put_json_api( file_url, { 'data': { 'id': file._id, 'type': 'files', 'attributes': { 'checkout': user_unauthorized._id } } }, auth=user.auth, expect_errors=True, ) file.reload() assert res.status_code == 400 assert file.checkout is None
def test_one_approval_with_two_admins_stays_pending(self): self.admin2 = UserFactory() Contributor.objects.create(node=self.registration, user=self.admin2) self.registration.add_permission(self.admin2, 'admin', save=True) self.registration.retract_registration(self.user) self.registration.save() self.registration.reload() approval_token = self.registration.retraction.approval_state[ self.user._id]['approval_token'] assert_equal(self.registration.retraction.state, Retraction.UNAPPROVED) self.registration.retraction.approve_retraction( self.user, approval_token) assert_true(self.registration.is_pending_retraction) num_of_approvals = sum([ val['has_approved'] for val in self.registration.retraction.approval_state.values() ]) assert_equal(num_of_approvals, 1)
def test_non_admin_approval_token_raises_PermissionsError(self): non_admin = UserFactory() self.registration.retract_registration(self.user) self.registration.save() assert_true(self.registration.is_pending_retraction) approval_token = self.registration.retraction.approval_state[self.user._id]['approval_token'] with assert_raises(PermissionsError): self.registration.retraction.approve_retraction(non_admin, approval_token) assert_true(self.registration.is_pending_retraction) assert_false(self.registration.is_retracted) # group admin on node cannot retract registration group_mem = AuthUserFactory() group = OSFGroupFactory(creator=group_mem) self.registration.registered_from.add_osf_group(group, permissions.ADMIN) with assert_raises(PermissionsError): self.registration.retraction.approve_retraction(group_mem, approval_token) assert_true(self.registration.is_pending_retraction) assert_false(self.registration.is_retracted)
def setUp(self): self.flagged_user = UserFactory() self.flagged_user.spam_status = SpamStatus.FLAGGED self.flagged_user.save() self.spam_user = UserFactory() self.spam_user.spam_status = SpamStatus.SPAM self.spam_user.save() self.ham_user = UserFactory() self.ham_user.spam_status = SpamStatus.HAM self.ham_user.save() self.request = RequestFactory().post('/fake_path')
def test_password_change_sends_email(self, mock_mail): user = UserFactory() user.set_password('killerqueen') user.save() assert_equal(len(mock_mail.call_args_list), 1) empty, kwargs = mock_mail.call_args kwargs['user'].reload() assert_equal(empty, ()) assert_equal(kwargs, { 'user': user, 'mimetype': 'plain', 'mail': mails.PASSWORD_RESET, 'to_addr': user.username, })
def test_sparse_registration_serializer(self, user): user = UserFactory() versioned_request = make_drf_request_with_version(version='2.2') registration = RegistrationFactory(creator=user) result = SparseRegistrationSerializer(registration, context={ 'request': versioned_request }).data data = result['data'] assert data['id'] == registration._id assert data['type'] == 'sparse-registrations' # Attributes attributes = data['attributes'] assert attributes['withdrawn'] == registration.is_retracted assert attributes['title'] == registration.title assert attributes['description'] == registration.description assert attributes['public'] == registration.is_public assert set(attributes['tags']) == set( registration.tags.values_list('name', flat=True)) assert 'current_user_can_comment' not in attributes assert 'license' not in attributes assert attributes['category'] == registration.category assert attributes['fork'] == registration.is_fork # Relationships relationships = data['relationships'] assert 'registered_by' not in relationships assert 'registered_from' not in relationships assert 'region' not in relationships assert 'children' in relationships assert 'detail' in relationships assert 'contributors' in relationships assert 'files' not in relationships assert 'affiliated_institutions' not in relationships assert 'registrations' not in relationships assert 'forked_from' not in relationships assert 'sparse' not in relationships['detail']['links']['related'][ 'href'] assert 'sparse' in relationships['children']['links']['related'][ 'href']
def setUp(self): super(TestRubeus, self).setUp() self.project = ProjectFactory.create() self.consolidated_auth = Auth(user=self.project.creator) self.non_authenticator = UserFactory() self.project.save() self.project.add_contributor( contributor=self.non_authenticator, auth=self.consolidated_auth, ) self.project.add_addon('s3', self.consolidated_auth) self.project.creator.add_addon('s3', self.consolidated_auth) self.node_settings = self.project.get_addon('s3') self.user_settings = self.project.creator.get_addon('s3') self.user_settings.access_key = 'We-Will-Rock-You' self.user_settings.secret_key = 'Idontknowanyqueensongs' self.node_settings.bucket = 'Sheer-Heart-Attack' self.node_settings.user_settings = self.user_settings self.node_settings.save()
def test_two_approvals_with_two_admins_retracts(self): self.admin2 = UserFactory() Contributor.objects.create(node=self.registration, user=self.admin2) self.registration.add_permission(self.admin2, permissions.ADMIN, save=True) self.registration.retract_registration(self.user) self.registration.save() self.registration.reload() # First admin approves approval_token = self.registration.retraction.approval_state[self.user._id]['approval_token'] self.registration.retraction.approve_retraction(self.user, approval_token) assert_true(self.registration.is_pending_retraction) num_of_approvals = sum([val['has_approved'] for val in self.registration.retraction.approval_state.values()]) assert_equal(num_of_approvals, 1) # Second admin approves approval_token = self.registration.retraction.approval_state[self.admin2._id]['approval_token'] self.registration.retraction.approve_retraction(self.admin2, approval_token) num_of_approvals = sum([val['has_approved'] for val in self.registration.retraction.approval_state.values()]) assert_equal(num_of_approvals, 2) assert_true(self.registration.is_retracted)
def test_admin_can_checkin(self, app, user, node, file, file_url): user_unauthorized = UserFactory() node.add_contributor(user_unauthorized) file.checkout = user_unauthorized file.save() res = app.put_json_api( file_url, { 'data': { 'id': file._id, 'type': 'files', 'attributes': { 'checkout': None } } }, auth=user.auth, expect_errors=True, ) file.reload() node.reload() assert res.status_code == 200 assert file.checkout is None assert node.logs.latest().action == NodeLog.CHECKED_IN assert node.logs.latest().user == user
class TestCore(unittest.TestCase): def setUp(self): super(TestCore, self).setUp() self.user = UserFactory() self.user.add_addon('box') self.user.save() self.settings = self.user.get_addon('box') self.settings.save() def test_get_addon_returns_box_user_settings(self): result = self.user.get_addon('box') assert_true(isinstance(result, UserSettings))
def setUp(self): super(TestMustBeContributorOrPublicButNotAnonymizedDecorator, self).setUp() self.contrib = AuthUserFactory() self.non_contrib = AuthUserFactory() admin = UserFactory() self.public_project = ProjectFactory(is_public=True) self.public_project.add_contributor( admin, auth=Auth(self.public_project.creator), permissions=['read', 'write', 'admin']) self.private_project = ProjectFactory(is_public=False) self.private_project.add_contributor( admin, auth=Auth(self.private_project.creator), permissions=['read', 'write', 'admin']) self.public_project.add_contributor(self.contrib, auth=Auth( self.public_project.creator)) self.private_project.add_contributor(self.contrib, auth=Auth( self.private_project.creator)) self.public_project.save() self.private_project.save() self.anonymized_link_to_public_project = PrivateLinkFactory( anonymous=True) self.anonymized_link_to_private_project = PrivateLinkFactory( anonymous=True) self.anonymized_link_to_public_project.nodes.add(self.public_project) self.anonymized_link_to_public_project.save() self.anonymized_link_to_private_project.nodes.add(self.private_project) self.anonymized_link_to_private_project.save() self.flaskapp = Flask('Testing decorator') @self.flaskapp.route('/project/<pid>/') @must_be_contributor_or_public_but_not_anonymized def project_get(**kwargs): return 'success', 200 self.app = WebtestApp(self.flaskapp)
def test_user_denies_access(self): # Create a 401 error _prepare_mock_401_error() user = UserFactory() # Fake a request context for the callback with self.app.app.test_request_context( path="/oauth/callback/mock2/", query_string="error=mock_error&code=mock_code&state=mock_state" ): # make sure the user is logged in authenticate(user=user, access_token=None, response=None) session.data['oauth_states'] = { self.provider.short_name: { 'state': 'mock_state', }, } session.save() assert_false(self.provider.auth_callback(user=user))
def test_change_embargo_date(self): assert_false(self.registration.embargo) assert_true(self.registration.is_public) # Note: Date comparisons accept a difference up to a day because embargoes start at midnight # Create an embargo from a registration with none change_embargo_date(self.registration, self.user, self.date_valid) assert_almost_equal(self.registration.embargo.end_date, self.date_valid, delta=datetime.timedelta(days=1)) # Make sure once embargo is set, registration is made private self.registration.reload() assert_false(self.registration.is_public) # Update an embargo end date change_embargo_date(self.registration, self.user, self.date_valid2) assert_almost_equal(self.registration.embargo.end_date, self.date_valid2, delta=datetime.timedelta(days=1)) # Test invalid dates with assert_raises(ValidationError): change_embargo_date(self.registration, self.user, self.date_too_late) with assert_raises(ValidationError): change_embargo_date(self.registration, self.user, self.date_too_soon) # Test that checks user has permission with assert_raises(PermissionDenied): change_embargo_date(self.registration, UserFactory(), self.date_valid) assert_almost_equal(self.registration.embargo.end_date, self.date_valid2, delta=datetime.timedelta(days=1))
def test_update_wiki_updates_comments_and_user_comments_viewed_timestamp(self): project = ProjectFactory(creator=self.user, is_public=True) wiki_page = WikiFactory(node=project, page_name='test') wiki = WikiVersionFactory(wiki_page=wiki_page) comment = CommentFactory(node=project, target=Guid.load(wiki_page._id), user=UserFactory()) # user views comments -- sets user.comments_viewed_timestamp url = project.api_url_for('update_comments_timestamp') res = self.app.put_json(url, { 'page': 'wiki', 'rootId': wiki_page._id }, auth=self.user.auth) assert res.status_code == 200 self.user.reload() assert wiki_page._id in self.user.comments_viewed_timestamp # user updates the wiki project.update_node_wiki('test', 'Updating wiki', self.auth) comment.reload() self.user.reload() assert wiki_page._id in self.user.comments_viewed_timestamp assert comment.target.referent._id == wiki_page._id
def test_one_approval_with_two_admins_stays_pending(self): admin2 = UserFactory() Contributor.objects.create(node=self.registration, user=admin2) self.registration.add_permission(admin2, 'admin', save=True) self.registration.require_approval( self.user ) self.registration.save() # First admin approves approval_token = self.registration.registration_approval.approval_state[self.user._id]['approval_token'] self.registration.registration_approval.approve(self.user, approval_token) assert_true(self.registration.is_pending_registration) num_of_approvals = sum([val['has_approved'] for val in self.registration.registration_approval.approval_state.values()]) assert_equal(num_of_approvals, 1) # Second admin approves approval_token = self.registration.registration_approval.approval_state[admin2._id]['approval_token'] self.registration.registration_approval.approve(admin2, approval_token) assert_false(self.registration.is_pending_registration) num_of_approvals = sum([val['has_approved'] for val in self.registration.registration_approval.approval_state.values()]) assert_equal(num_of_approvals, 2)
def test_cannot_checkout_when_checked_out( self, app, user, node, file, file_url): user_unauthorized = UserFactory() node.add_contributor(user_unauthorized) file.checkout = user_unauthorized file.save() count = node.logs.count() res = app.put_json_api( file_url, { 'data': { 'id': file._id, 'type': 'files', 'attributes': { 'checkout': user._id } } }, auth=user.auth, expect_errors=True, ) file.reload() node.reload() assert res.status_code == 200 assert file.checkout == user_unauthorized assert node.logs.count() == count
def test_password_change_sends_email(self, mock_mail): user = UserFactory() user.set_password('killerqueen') user.save() assert_equal(len(mock_mail.call_args_list), 1) empty, kwargs = mock_mail.call_args kwargs['user'].reload() assert_equal(empty, ()) assert_equal(kwargs, { 'user': user, 'mimetype': 'html', 'mail': mails.PASSWORD_RESET, 'to_addr': user.username, 'can_change_preferences': False, 'osf_contact_email': settings.OSF_CONTACT_EMAIL, })
def test_create_conference_node_with_same_name_as_existing_node(self, mock_upload, mock_send_mail): conference = ConferenceFactory() user = UserFactory() title = 'Long Live Greg' ProjectFactory(creator=user, title=title) body = 'Greg is a good plant' content = 'Long may they reign.' recipient = '{0}{1}[email protected]'.format( 'test-' if settings.DEV_MODE else '', conference.endpoint, ) self.app.post( api_url_for('meeting_hook'), { 'X-Mailgun-Sscore': 0, 'timestamp': '123', 'token': 'secret', 'signature': hmac.new( key=settings.MAILGUN_API_KEY.encode(), msg='{}{}'.format('123', 'secret').encode(), digestmod=hashlib.sha256, ).hexdigest(), 'attachment-count': '1', 'X-Mailgun-Sscore': 0, 'from': '{0} <{1}>'.format(user.fullname, user.username), 'recipient': recipient, 'subject': title, 'stripped-text': body, }, upload_files=[ ('attachment-1', 'attachment-1', content.encode()), ], ) assert AbstractNode.objects.filter(title=title, creator=user).count() == 2 assert mock_upload.called assert mock_send_mail.called