def test_users(request, connection: SimpleLDAPObject) -> List[Tuple[str, str]]:
users = []
for user_id in range(request.param):
username = TEST_USERNAME + str(user_id)
password = TEST_USER_PASSWORD + str(user_id)
create_user(connection,
TEST_USER_DN_TEMPLATE.format(username, LDAP_BASE_DN),
password)
users.append((username, password))
yield users
for username, _ in users:
delete_user(connection,
TEST_USER_DN_TEMPLATE.format(username, LDAP_BASE_DN))
def test_is_active(db):
'''User:is_active'''
create_user(db)
user = db.query(User).filter(User.email == text_type('*****@*****.**')).one()
assert not user.is_active
assert not user.activated_at
user.is_active = True
assert user.is_active
assert user.activated_at
assert not user.deactivated_at
user.is_active = False
assert not user.is_active
assert user.deactivated_at
def setUp(self, *args, **kwargs):
super(TestUserAutocompletion, self).setUp(*args, **kwargs)
self.users = [
create_user(first_name="Peter", last_name="Luke",
email='*****@*****.**'),
create_user(first_name="John", last_name="Smith",
email='*****@*****.**'),
create_user(name="admin", password="******",
email='*****@*****.**'),
create_user(name="superuser", password="******",
email='*****@*****.**'),
]
self.client = Client()
self.client.login(username="******", password="******")
def test_delete_admin(db_with_user):
'''Admin user soft delete'''
user = db_with_user.query(User).filter(User.email == text_type('*****@*****.**')).one()
create_user(db_with_user, {'email': text_type('*****@*****.**'),
'address_ip': '127.0.0.1',
'password': '******',
'is_admin': True})
user.is_admin = True
db_with_user.commit()
user.delete()
assert user.deleted_at
def test_get_audiences_not_found(self):
user = create_user(self.session)[1]
auth_data = f"{user['user_name']}:{user['password']}".encode()
credentials = base64.b64encode(auth_data).decode('utf-8')
response = self.app.get(
'/audience/', headers={'Authorization': f'Basic {credentials}'})
self.assertEqual(403, response.status_code)
def test_get_alias_infos_with_pagination_v3_no_duplicate_when_empty_contact(
flask_client,
):
"""
Make sure an alias is returned once when it has 2 contacts that have no email log activity
"""
user = create_user(flask_client)
alias = Alias.first()
Contact.create(
user_id=user.id,
alias_id=alias.id,
website_email="*****@*****.**",
reply_email="*****@*****.**",
)
Contact.create(
user_id=user.id,
alias_id=alias.id,
website_email="*****@*****.**",
reply_email="*****@*****.**",
)
alias_infos = get_alias_infos_with_pagination_v3(user)
assert len(alias_infos) == 1
def test_delete_user_successful(self):
user = create_user(self.session)[1]
auth_data = f"{user['user_name']}:{user['password']}".encode()
credentials = base64.b64encode(auth_data).decode('utf-8')
response = self.app.delete(
'/user/1/', headers={'Authorization': f'Basic {credentials}'})
self.assertEqual(200, response.status_code)
def unauthorized_oauth_user(app, db_session):
users = dict(json.loads(utils.read_file(
'resources/unauthorized_users.json'
)))
user_id, username = utils.create_user(
users, db_session, is_admin=True
)
return Dict(username=username, user_id=user_id)
def test_post_reservation_successful(self):
user = create_user(self.session)[1]
auth_data = f"{user['user_name']}:{user['password']}".encode()
credentials = base64.b64encode(auth_data).decode('utf-8')
create_audience(self.session)
reservation = get_test_reservation_data()
response = self.app.post('/reservation/', json=reservation, headers={
'Authorization': f'Basic {credentials}'})
self.assertEqual(200, response.status_code)
def test_put_user_error(self):
user = create_user(self.session)[1]
auth_data = f"{user['user_name']}:{user['password']}".encode()
credentials = base64.b64encode(auth_data).decode('utf-8')
response = self.app.put(
'/user/2/',
json={'user_name': 'changed_name'},
headers={'Authorization': f'Basic {credentials}'})
self.assertEqual(403, response.status_code)
def test_post_audience_invalid_input_second(self):
user = create_user(self.session)[1]
auth_data = f"{user['user_name']}:{user['password']}".encode()
credentials = base64.b64encode(auth_data).decode('utf-8')
audience = get_test_audience_data()
audience['size'] = -1
response = self.app.post(
'/audience/',
json=audience,
headers={'Authorization': f'Basic {credentials}'})
self.assertEqual(405, response.status_code)
def test_post_reservation_error_date_check_to(self):
user = create_user(self.session)[1]
auth_data = f"{user['user_name']}:{user['password']}".encode()
credentials = base64.b64encode(auth_data).decode('utf-8')
create_audience(self.session)
data = get_test_reservation_data(from_date='2000-01-15')
create_reservation(self.session, data=data)
reservation = get_test_reservation_data()
response = self.app.post('/reservation/', json=reservation, headers={
'Authorization': f'Basic {credentials}'})
self.assertEqual(405, response.status_code)
def test_get_private(self):
"""Snippet detail GET must return the private queried snippet only to
those authorized to view it.
"""
owner = create_user('owner')
snippet = create_snippet('testing', private=True, owner=owner)
expected = [status.HTTP_404_NOT_FOUND] * 2 + [status.HTTP_200_OK] * 2
def check(i):
self.assert_status('get', expected[i], pk=snippet.pk)
self.check_for_users(check, owner)
def test_get_private(self):
"""Snippet list GET must return private snippets only to those
authorized to view them.
"""
owner = create_user('owner')
create_snippet('foo', private=True, owner=owner)
expected = [0, 0, 1, 1]
def check(i):
response = self.get()
self.assertEqual(len(response.data), expected[i])
self.check_for_users(check, owner)
def test_get_list_foreign(self):
"""User snippet list GET must not return snippets owned by other users
if the LIST_FOREIGN setting is True, unless requested by a staff user.
"""
user = create_user('someuser')
create_snippet('test')
expected = [0, 1, 1, 0]
def check(i):
response = self.get()
self.assertEqual(len(response.data), expected[i])
with constant('LIST_FOREIGN', False):
self.check_for_users(check, user)
def test_unsafe_methods(self):
"""Snippet detail unsafe methods must return an appropriate response
depending on the currently authenticated user.
"""
owner = create_user('owner')
expected = [
[status.HTTP_403_FORBIDDEN] * 2
+ [status.HTTP_204_NO_CONTENT] * 2,
[status.HTTP_403_FORBIDDEN] * 2 + [status.HTTP_200_OK] * 2,
[status.HTTP_403_FORBIDDEN] * 2
+ [status.HTTP_400_BAD_REQUEST] * 2]
def check(j):
snippet = create_snippet('baz', owner=owner)
self.assert_status(method, expected[i][j], pk=snippet.pk)
snippet.delete()
for i, method in enumerate(['delete', 'patch', 'put']):
self.check_for_users(check, owner)
def test_password_is_hashed(self):
u = utils.create_user()
self.assertNotEqual(u.password, 'pass')
def setUp(self):
self.app = create_app()
self.user = create_user(self.app)
self.event = create_event(self.app, str(self.user['_id']))
def create_test_user(connection: SimpleLDAPObject):
create_user(connection, TEST_USER_DN, TEST_USER_PASSWORD)
def db_with_user(db):
create_user(db, {'username': '******',
'password': '******',
'email': '*****@*****.**',
'address_ip': '127.0.0.1'})
return db
def user_client(db_session):
users = dict(json.loads(
utils.read_file("resources/authorized_users.json")))
user_id, username = utils.create_user(users, db_session, is_admin=True)
return Dict(username=username, user_id=user_id)
def setUp(self):
self.app = create_app()
self.user = create_user(self.app)
def setUpClass(cls):
"""Create and store a dummy user and a dummy staff user."""
super().setUpClass()
cls.user = create_user('user')
cls.staff_user = create_user('staff', is_staff=True)
def test_review_create(empty_database, app):
send = functools.partial(send_json, app, "post", "/reviews")
response = app.post("/reviews")
assert response.get_json() == {
"message": {
"product_id": "Missing required parameter in the JSON body"
}
}
response = send(dict(product_id=1))
assert response.get_json() == {
"message": {
"review": "Missing required parameter in the JSON body"
}
}
response = send(dict(product_id=1, review="4 8 15"))
assert response.get_json() == {
"message": {
"review_id": "Missing required parameter in the JSON body"
}
}
response = send(dict(product_id=1, review="4 8 15", review_id="1"))
assert response.get_json() == {
"message": {
"review_sig": "Missing required parameter in the JSON body"
}
}
response = send(
dict(product_id=1, review="4 8 15", review_id="1", review_sig="1"))
assert response.get_json() == {
"message": {
"snark": "Missing required parameter in the JSON body"
}
}
response = send(
dict(product_id=1,
review="4 8 15",
review_id="1",
review_sig="1",
snark="1"))
assert response.get_json() == {
"message": {
"tree_root": "Missing required parameter in the JSON body"
}
}
response = send(
dict(product_id=1,
review="4 8 15",
review_id="1",
review_sig="1",
tree_root="1"))
assert response.get_json() == {
"message": {
"snark": "Missing required parameter in the JSON body"
}
}
tree = snark.MerkleTree(config.TREE, config.TREE_INDEX)
sk, pk = create_user(app, "login", "pass", 1)
response = app.get("/path",
query_string=dict(user_hash=bytes_to_base64(pk)))
review = create_review("1", "4 8 1 16 23 42", sk,
base64_to_bytes(response.get_json()["path"]))
d = datetime.datetime.utcnow()
with mock.patch("datetime.datetime") as patched:
patched.utcnow = mock.Mock(return_value=d)
review["rate"] = 4
response = send(review)
assert response.status_code == 201
assert response.get_json() == {
"id": review["review_id"],
"review": "4 8 1 16 23 42",
"rate": 4,
"created_time": int(d.timestamp())
}
def test_validate_password(self):
u = utils.create_user()
self.assertTrue(u.verify_password('pass1'))
def test_get_reservation_successful(self):
create_user(self.session)
create_audience(self.session)
create_reservation(self.session)
response = self.app.get('/reservation/')
self.assertEqual(200, response.status_code)