def test_serialize_user_full(self):
user = UserFactory()
ProjectFactory(creator=user, is_public=False)
NodeFactory(creator=user)
ProjectFactory(creator=user, is_public=True)
CollectionFactory(creator=user)
d = utils.serialize_user(user, full=True, include_node_counts=True)
gravatar = filters.gravatar(user,
use_ssl=True,
size=settings.PROFILE_IMAGE_LARGE)
assert_equal(d['id'], user._primary_key)
assert_equal(d['url'], user.url)
assert_equal(d.get('username'), None)
assert_equal(d['fullname'], user.fullname)
assert_equal(d['registered'], user.is_registered)
assert_equal(d['gravatar_url'], gravatar)
assert_equal(d['absolute_url'], user.absolute_url)
assert_equal(d['date_registered'],
user.date_registered.strftime('%Y-%m-%d'))
projects = [
node for node in user.contributed if node.category == 'project'
and not node.is_registration and not node.is_deleted
]
public_projects = [p for p in projects if p.is_public]
assert_equal(d['number_projects'], len(projects))
assert_equal(d['number_public_projects'], len(public_projects))
def serialize_draft_registration(draft, auth=None):
import sys
sys.path.insert(0, submodule_path('utils.py'))
from website.profile.utils import serialize_user # noqa
#import ipdb; ipdb.set_trace()
node = draft.branched_from
return {
'pk': draft._id,
'branched_from': serialize_node(draft.branched_from, auth),
'initiator': serialize_user(draft.initiator, full=True),
'registration_metadata': draft.registration_metadata,
'registration_schema': serialize_meta_schema(draft.registration_schema),
'initiated': str(draft.datetime_initiated),
'updated': str(draft.datetime_updated),
'config': draft.config or {},
'flags': draft.flags,
# 'urls': {
# 'edit': node.web_url_for('edit_draft_registration_page', draft_id=draft._id),
# 'before_register': node.api_url_for('project_before_register'),
# 'register': node.api_url_for('register_draft_registration', draft_id=draft._id),
# 'register_page': node.web_url_for('draft_before_register_page', draft_id=draft._id),
# 'registrations': node.web_url_for('node_registrations')
# }
}
def serialize_draft_registration(draft, auth=None):
import sys
sys.path.insert(0, submodule_path('utils.py'))
from website.profile.utils import serialize_user # noqa
node = draft.branched_from
return {
'pk': draft._id,
'branched_from': serialize_node(draft.branched_from, auth),
'initiator': serialize_user(draft.initiator, full=True),
'registration_metadata': draft.registration_metadata,
'registration_schema': serialize_meta_schema(draft.registration_schema),
'initiated': str(draft.datetime_initiated),
'updated': str(draft.datetime_updated),
'flags': draft.flags,
'requires_approval': draft.requires_approval,
#'is_pending_approval': draft.is_pending_review,
#'is_approved': draft.is_approved,
'approval': serialize_draft_registration_approval(draft.approval)
# 'urls': {
# 'edit': node.web_url_for('edit_draft_registration_page', draft_id=draft._id),
# 'before_register': node.api_url_for('project_before_register'),
# 'register': node.api_url_for('register_draft_registration', draft_id=draft._id),
# 'register_page': node.web_url_for('draft_before_register_page', draft_id=draft._id),
# 'registrations': node.web_url_for('node_registrations')
# }
}
def _profile_view(profile, is_profile=False, include_node_counts=False):
if profile and profile.is_disabled:
raise HTTPError(http.GONE)
if profile:
profile_quickfilesnode = QuickFilesNode.objects.get_for_user(profile)
profile_user_data = profile_utils.serialize_user(
profile,
full=True,
is_profile=is_profile,
include_node_counts=include_node_counts)
ret = {
'profile': profile_user_data,
'user': {
'_id':
profile._id,
'is_profile':
is_profile,
'can_edit':
None, # necessary for rendering nodes
'permissions': [], # necessary for rendering nodes
'has_quickfiles':
profile_quickfilesnode.files.filter(
type='osf.osfstoragefile').exists()
},
}
return ret
raise HTTPError(http.NOT_FOUND)
def _profile_view(profile, is_profile=False, embed_nodes=False):
if profile and profile.is_disabled:
raise HTTPError(http.GONE)
# NOTE: While badges, are unused, 'assertions' and 'badges' can be
# empty lists.
badge_assertions = []
badges = []
if profile:
profile_user_data = profile_utils.serialize_user(profile, full=True, is_profile=is_profile, include_node_counts=embed_nodes)
ret = {
'profile': profile_user_data,
'assertions': badge_assertions,
'badges': badges,
'user': {
'_id': profile._id,
'is_profile': is_profile,
'can_edit': None, # necessary for rendering nodes
'permissions': [], # necessary for rendering nodes
},
}
if embed_nodes:
ret.update({
'public_projects': get_public_projects(user=profile),
'public_components': get_public_components(user=profile),
})
return ret
raise HTTPError(http.NOT_FOUND)
def _profile_view(profile, is_profile=False):
# TODO: Fix circular import
from website.addons.badges.util import get_sorted_user_badges
if profile and profile.is_disabled:
raise HTTPError(http.GONE)
if 'badges' in settings.ADDONS_REQUESTED:
badge_assertions = get_sorted_user_badges(profile),
badges = _get_user_created_badges(profile)
else:
# NOTE: While badges, are unused, 'assertions' and 'badges' can be
# empty lists.
badge_assertions = []
badges = []
if profile:
profile_user_data = profile_utils.serialize_user(profile,
full=True,
is_profile=is_profile)
return {
'profile': profile_user_data,
'assertions': badge_assertions,
'badges': badges,
'user': {
'is_profile': is_profile,
'can_edit': None, # necessary for rendering nodes
'permissions': [], # necessary for rendering nodes
},
}
raise HTTPError(http.NOT_FOUND)
def _profile_view(profile, is_profile):
# TODO: Fix circular import
from website.addons.badges.util import get_sorted_user_badges
if profile and profile.is_disabled:
raise HTTPError(http.GONE)
if 'badges' in settings.ADDONS_REQUESTED:
badge_assertions = get_sorted_user_badges(profile),
badges = _get_user_created_badges(profile)
else:
# NOTE: While badges, are unused, 'assertions' and 'badges' can be
# empty lists.
badge_assertions = []
badges = []
if profile:
profile_user_data = profile_utils.serialize_user(profile, full=True)
return {
'profile': profile_user_data,
'assertions': badge_assertions,
'badges': badges,
'user': {
'is_profile': is_profile,
'can_edit': None, # necessary for rendering nodes
'permissions': [], # necessary for rendering nodes
},
}
raise HTTPError(http.NOT_FOUND)
def _profile_view(profile, is_profile=False, embed_nodes=False, include_node_counts=False):
if profile and profile.is_disabled:
raise HTTPError(http.GONE)
# NOTE: While badges, are unused, 'assertions' and 'badges' can be
# empty lists.
badge_assertions = []
badges = []
if profile:
profile_user_data = profile_utils.serialize_user(profile, full=True, is_profile=is_profile, include_node_counts=include_node_counts)
ret = {
'profile': profile_user_data,
'assertions': badge_assertions,
'badges': badges,
'user': {
'_id': profile._id,
'is_profile': is_profile,
'can_edit': None, # necessary for rendering nodes
'permissions': [], # necessary for rendering nodes
},
}
if embed_nodes:
ret.update({
'public_projects': get_public_projects(user=profile),
'public_components': get_public_components(user=profile),
})
return ret
raise HTTPError(http.NOT_FOUND)
def serialize_draft_registration(draft, auth=None):
from website.profile.utils import serialize_user # noqa
from website.project.utils import serialize_node # noqa
node = draft.branched_from
return {
'pk': draft._id,
'branched_from': serialize_node(node, auth),
'initiator': serialize_user(draft.initiator, full=True),
'registration_metadata': draft.registration_metadata,
'registration_schema': serialize_meta_schema(draft.registration_schema),
'initiated': utils.iso8601format(draft.datetime_initiated),
'updated': utils.iso8601format(draft.datetime_updated),
'flags': draft.flags,
'urls': {
'edit': node.web_url_for('edit_draft_registration_page', draft_id=draft._id),
'submit': node.api_url_for('submit_draft_for_review', draft_id=draft._id),
'before_register': node.api_url_for('project_before_register'),
'register': node.api_url_for('register_draft_registration', draft_id=draft._id),
'register_page': node.web_url_for('draft_before_register_page', draft_id=draft._id),
'registrations': node.web_url_for('node_registrations')
},
'requires_approval': draft.requires_approval,
'is_pending_approval': draft.is_pending_review,
'is_approved': draft.is_approved,
}
def serialize_draft_registration(draft, auth=None):
import sys
sys.path.insert(0, submodule_path('utils.py'))
from website.profile.utils import serialize_user # noqa
node = draft.branched_from
return {
'pk': draft._id,
'branched_from': serialize_node(draft.branched_from, auth),
'initiator': serialize_user(draft.initiator, full=True),
'registration_metadata': draft.registration_metadata,
'registration_schema':
serialize_meta_schema(draft.registration_schema),
'initiated': str(draft.datetime_initiated),
'updated': str(draft.datetime_updated),
'flags': draft.flags,
'requires_approval': draft.requires_approval,
#'is_pending_approval': draft.is_pending_review,
#'is_approved': draft.is_approved,
'approval': serialize_draft_registration_approval(draft.approval)
# 'urls': {
# 'edit': node.web_url_for('edit_draft_registration_page', draft_id=draft._id),
# 'before_register': node.api_url_for('project_before_register'),
# 'register': node.api_url_for('register_draft_registration', draft_id=draft._id),
# 'register_page': node.web_url_for('draft_before_register_page', draft_id=draft._id),
# 'registrations': node.web_url_for('node_registrations')
# }
}
def _profile_view(profile, is_profile=False):
# TODO: Fix circular import
from website.addons.badges.util import get_sorted_user_badges
if profile and profile.is_disabled:
raise HTTPError(http.GONE)
if "badges" in settings.ADDONS_REQUESTED:
badge_assertions = (get_sorted_user_badges(profile),)
badges = _get_user_created_badges(profile)
else:
# NOTE: While badges, are unused, 'assertions' and 'badges' can be
# empty lists.
badge_assertions = []
badges = []
if profile:
profile_user_data = profile_utils.serialize_user(profile, full=True, is_profile=is_profile)
return {
"profile": profile_user_data,
"assertions": badge_assertions,
"badges": badges,
"user": {
"is_profile": is_profile,
"can_edit": None, # necessary for rendering nodes
"permissions": [], # necessary for rendering nodes
},
}
raise HTTPError(http.NOT_FOUND)
def _profile_view(uid=None):
# TODO: Fix circular import
from website.addons.badges.util import get_sorted_user_badges
user = get_current_user()
profile = User.load(uid) if uid else user
if not (uid or user):
return redirect('/login/?next={0}'.format(request.path))
if 'badges' in settings.ADDONS_REQUESTED:
badge_assertions = get_sorted_user_badges(profile),
badges = _get_user_created_badges(profile)
else:
# NOTE: While badges, are unused, 'assertions' and 'badges' can be
# empty lists.
badge_assertions = []
badges = []
if profile:
profile_user_data = profile_utils.serialize_user(profile, full=True)
return {
'profile': profile_user_data,
'assertions': badge_assertions,
'badges': badges,
'user': {
'is_profile': user == profile,
'can_edit': None, # necessary for rendering nodes
'permissions': [], # necessary for rendering nodes
},
}
raise HTTPError(http.NOT_FOUND)
def test_serialize_user_full(self):
user = UserFactory()
ProjectFactory(creator=user, is_public=False)
NodeFactory(creator=user)
ProjectFactory(creator=user, is_public=True)
CollectionFactory(creator=user)
d = utils.serialize_user(user, full=True, include_node_counts=True)
profile_image_url = filters.profile_image_url(settings.PROFILE_IMAGE_PROVIDER,
user,
use_ssl=True,
size=settings.PROFILE_IMAGE_LARGE)
assert_equal(d['id'], user._primary_key)
assert_equal(d['url'], user.url)
assert_equal(d.get('username'), None)
assert_equal(d['fullname'], user.fullname)
assert_equal(d['registered'], user.is_registered)
assert_equal(d['profile_image_url'], profile_image_url)
assert_equal(d['absolute_url'], user.absolute_url)
assert_equal(d['date_registered'], user.date_registered.strftime('%Y-%m-%d'))
projects = [
node
for node in user.contributed
if node.category == 'project'
and not node.is_registration
and not node.is_deleted
]
public_projects = [p for p in projects if p.is_public]
assert_equal(d['number_projects'], len(projects))
assert_equal(d['number_public_projects'], len(public_projects))
def test_serialize_user_full_includes_email_if_is_profile(self):
serialized = utils.serialize_user(
self.project.creator,
self.project,
full=True,
is_profile=True
)
assert_in('emails', serialized)
def test_serialize_user_merged(self):
master = UserFactory()
user = UserFactory()
master.merge_user(user)
d = utils.serialize_user(user, full=True)
assert_true(d['is_merged'])
assert_equal(d['merged_by']['url'], user.merged_by.url)
assert_equal(d['merged_by']['absolute_url'], user.merged_by.absolute_url)
def claim_user_registered(auth, node, **kwargs):
"""View that prompts user to enter their password in order to claim
contributorship on a project.
A user must be logged in.
"""
current_user = auth.user
sign_out_url = web_url_for('auth_login', logout=True, next=request.url)
if not current_user:
return redirect(sign_out_url)
# Logged in user should not be a contributor the project
if node.is_contributor(current_user):
logout_url = web_url_for('auth_logout', redirect_url=request.url)
data = {
'message_short': 'Already a contributor',
'message_long': ('The logged-in user is already a contributor to this '
'project. Would you like to <a href="{}">log out</a>?').format(logout_url)
}
raise HTTPError(http.BAD_REQUEST, data=data)
uid, pid, token = kwargs['uid'], kwargs['pid'], kwargs['token']
unreg_user = User.load(uid)
if not verify_claim_token(unreg_user, token, pid=node._primary_key):
raise HTTPError(http.BAD_REQUEST)
# Store the unreg_user data on the session in case the user registers
# a new account
session.data['unreg_user'] = {
'uid': uid, 'pid': pid, 'token': token
}
form = PasswordForm(request.form)
if request.method == 'POST':
if form.validate():
if current_user.check_password(form.password.data):
node.replace_contributor(old=unreg_user, new=current_user)
node.save()
status.push_status_message(
'You are now a contributor to this project.',
kind='success',
trust=False
)
return redirect(node.url)
else:
status.push_status_message(language.LOGIN_FAILED, kind='warning', trust=False)
else:
forms.push_errors_to_status(form.errors)
if is_json_request():
form_ret = forms.utils.jsonify(form)
user_ret = profile_utils.serialize_user(current_user, full=False)
else:
form_ret = form
user_ret = current_user
return {
'form': form_ret,
'user': user_ret,
'signOutUrl': sign_out_url
}
def claim_user_registered(auth, node, **kwargs):
"""
View that prompts user to enter their password in order to claim being a contributor on a project.
A user must be logged in.
"""
current_user = auth.user
sign_out_url = web_url_for("auth_register", logout=True, next=request.url)
if not current_user:
return redirect(sign_out_url)
# Logged in user should not be a contributor the project
if node.is_contributor(current_user):
logout_url = web_url_for("auth_logout", redirect_url=request.url)
data = {
"message_short": "Already a contributor",
"message_long": (
"The logged-in user is already a contributor to this "
'project. Would you like to <a href="{}">log out</a>?'
).format(logout_url),
}
raise HTTPError(http.BAD_REQUEST, data=data)
uid, pid, token = kwargs["uid"], kwargs["pid"], kwargs["token"]
unreg_user = User.load(uid)
if not verify_claim_token(unreg_user, token, pid=node._primary_key):
error_data = {
"message_short": "Invalid url.",
"message_long": "The token in the URL is invalid or has expired.",
}
raise HTTPError(http.BAD_REQUEST, data=error_data)
# Store the unreg_user data on the session in case the user registers
# a new account
session.data["unreg_user"] = {"uid": uid, "pid": pid, "token": token}
form = PasswordForm(request.form)
if request.method == "POST":
if form.validate():
if current_user.check_password(form.password.data):
node.replace_contributor(old=unreg_user, new=current_user)
node.save()
status.push_status_message("You are now a contributor to this project.", kind="success", trust=False)
return redirect(node.url)
else:
status.push_status_message(language.LOGIN_FAILED, kind="warning", trust=False)
else:
forms.push_errors_to_status(form.errors)
if is_json_request():
form_ret = forms.utils.jsonify(form)
user_ret = profile_utils.serialize_user(current_user, full=False)
else:
form_ret = form
user_ret = current_user
return {"form": form_ret, "user": user_ret, "signOutUrl": sign_out_url}
def test_serialize_user(self):
master = UserFactory()
user = UserFactory()
master.merge_user(user)
d = utils.serialize_user(user)
assert_equal(d['id'], user._primary_key)
assert_equal(d['url'], user.url)
assert_equal(d.get('username', None), None)
assert_equal(d['fullname'], user.fullname)
assert_equal(d['registered'], user.is_registered)
assert_equal(d['absolute_url'], user.absolute_url)
assert_equal(d['date_registered'], user.date_registered.strftime('%Y-%m-%d'))
assert_equal(d['active'], user.is_active)
def test_serialize_access_requests(self):
new_user = AuthUserFactory()
node_request = NodeRequestFactory(
creator=new_user,
target=self.project,
request_type=workflows.RequestTypes.ACCESS.value,
machine_state=workflows.DefaultStates.INITIAL.value)
node_request.run_submit(new_user)
res = utils.serialize_access_requests(self.project)
assert len(res) == 1
assert res[0]['comment'] == node_request.comment
assert res[0]['id'] == node_request._id
assert res[0]['user'] == utils.serialize_user(new_user)
def test_serialize_access_requests(self):
new_user = AuthUserFactory()
node_request = NodeRequestFactory(
creator=new_user,
target=self.project,
request_type=workflows.RequestTypes.ACCESS.value,
machine_state=workflows.DefaultStates.INITIAL.value
)
node_request.run_submit(new_user)
res = utils.serialize_access_requests(self.project)
assert len(res) == 1
assert res[0]['comment'] == node_request.comment
assert res[0]['id'] == node_request._id
assert res[0]['user'] == utils.serialize_user(new_user)
def _profile_view(profile, is_profile=False, include_node_counts=False):
if profile and profile.is_disabled:
raise HTTPError(http.GONE)
if profile:
profile_quickfilesnode = QuickFilesNode.objects.get_for_user(profile)
profile_user_data = profile_utils.serialize_user(profile, full=True, is_profile=is_profile, include_node_counts=include_node_counts)
ret = {
'profile': profile_user_data,
'user': {
'_id': profile._id,
'is_profile': is_profile,
'can_edit': None, # necessary for rendering nodes
'permissions': [], # necessary for rendering nodes
'has_quickfiles': profile_quickfilesnode.files.filter(type='osf.osfstoragefile').exists()
},
}
return ret
raise HTTPError(http.NOT_FOUND)
def _profile_view(profile, is_profile=False, include_node_counts=False):
if profile and profile.is_disabled:
raise HTTPError(http.GONE)
if profile:
profile_user_data = profile_utils.serialize_user(
profile,
full=True,
is_profile=is_profile,
include_node_counts=include_node_counts)
ret = {
'profile': profile_user_data,
'user': {
'_id': profile._id,
'is_profile': is_profile,
'can_edit': None, # necessary for rendering nodes
'permissions': [], # necessary for rendering nodes
},
}
return ret
raise HTTPError(http.NOT_FOUND)
def test_serialize_user_admin(self):
serialized = utils.serialize_user(self.project.creator, self.project, admin=True)
assert_false(serialized["visible"])
assert_equal(serialized["permission"], "read")
def test_serialize_user_admin(self):
serialized = utils.serialize_user(self.project.creator,
self.project,
admin=True)
assert_false(serialized['visible'])
assert_equal(serialized['permission'], 'read')
def test_serialize_user_full_does_not_include_emails_by_default(self):
serialized = utils.serialize_user(self.project.creator,
self.project,
full=True)
assert_not_in('emails', serialized)
def test_serialize_user(self):
serialized = utils.serialize_user(self.project.creator, self.project)
assert_true(serialized['visible'])
assert_equal(serialized['permission'], 'admin')
def claim_user_registered(auth, node, **kwargs):
"""
View that prompts user to enter their password in order to claim being a contributor on a project.
A user must be logged in.
"""
current_user = auth.user
sign_out_url = cas.get_logout_url(service_url=cas.get_login_url(
service_url=request.url))
if not current_user:
return redirect(sign_out_url)
# Logged in user should not be a contributor the project
if hasattr(node, 'is_contributor') and node.is_contributor(current_user):
data = {
'message_short':
'Already a contributor',
'message_long':
('The logged-in user is already a contributor to this '
'project. Would you like to <a href="{}">log out</a>?'
).format(sign_out_url)
}
raise HTTPError(http_status.HTTP_400_BAD_REQUEST, data=data)
# Logged in user is already a member of the OSF Group
if hasattr(node, 'is_member') and node.is_member(current_user):
data = {
'message_short':
'Already a member',
'message_long':
('The logged-in user is already a member of this OSF Group. '
'Would you like to <a href="{}">log out</a>?'
).format(sign_out_url)
}
raise HTTPError(http_status.HTTP_400_BAD_REQUEST, data=data)
uid, pid, token = kwargs['uid'], kwargs['pid'], kwargs['token']
unreg_user = OSFUser.load(uid)
if not verify_claim_token(unreg_user, token, pid=node._primary_key):
error_data = {
'message_short': 'Invalid url.',
'message_long': 'The token in the URL is invalid or has expired.'
}
raise HTTPError(http_status.HTTP_400_BAD_REQUEST, data=error_data)
# Store the unreg_user data on the session in case the user registers
# a new account
session.data['unreg_user'] = {'uid': uid, 'pid': pid, 'token': token}
session.save()
# If a user is already validated though external auth, it is OK to claim
should_claim = check_external_auth(auth.user)
form = PasswordForm(request.form)
if request.method == 'POST':
if form.validate():
if current_user.check_password(form.password.data):
should_claim = True
else:
status.push_status_message(language.LOGIN_FAILED,
kind='warning',
trust=False)
else:
forms.push_errors_to_status(form.errors)
if should_claim:
node.replace_contributor(old=unreg_user, new=current_user)
node.save()
if isinstance(node, OSFGroup):
status.push_status_message(
'You are now a member of this OSFGroup.',
kind='success',
trust=False)
else:
status.push_status_message(
'You are now a contributor to this project.',
kind='success',
trust=False)
return redirect(node.url)
if is_json_request():
form_ret = forms.utils.jsonify(form)
user_ret = profile_utils.serialize_user(current_user, full=False)
else:
form_ret = form
user_ret = current_user
return {'form': form_ret, 'user': user_ret, 'signOutUrl': sign_out_url}
def test_serialize_user_full_does_not_include_emails_by_default(self):
serialized = utils.serialize_user(self.project.creator, self.project, full=True)
assert_not_in('emails', serialized)
def test_serialize_user_admin(self):
serialized = utils.serialize_user(self.project.creator, self.project, admin=True)
assert_false(serialized['visible'])
assert_equal(serialized['permission'], 'read')
def test_serialize_user(self):
serialized = utils.serialize_user(self.project.creator, self.project)
assert_true(serialized['visible'])
assert_equal(serialized['permission'], 'admin')
def test_serialize_user(self):
serialized = utils.serialize_user(self.project.creator, self.project)
assert_true(serialized["visible"])
assert_equal(serialized["permission"], "admin")