def test_admin_creates_local(app, set_auth, client, outbox, ldap_user_info):
from .factories import DatasetFactory
_set_config(admin_email='*****@*****.**')
create_user('ze_admin', ['admin'])
force_login(client, 'ze_admin')
DatasetFactory()
models.db.session.commit()
register_page = client.get(flask.url_for('auth.admin_create_local'))
register_page.form['id'] = 'foo'
register_page.form['email'] = '*****@*****.**'
register_page.form['password'] = '******'
register_page.form['name'] = 'foo me'
register_page.form['institution'] = 'foo institution'
result_page = register_page.form.submit().follow()
assert "User foo created successfully." in result_page
foo_user = models.RegisteredUser.query.get('foo')
assert foo_user.email == '*****@*****.**'
assert foo_user.confirmed_at is not None
assert foo_user.active
assert not foo_user.is_ldap
assert foo_user.password.startswith('{SSHA}')
assert len(outbox) == 1
message = outbox.pop()
assert 'Dear foo me,' in message.body
assert '"foo"' in message.body
assert '"p455w4rd"' in message.body
def test_change_ldap_password(app, set_auth, client):
foo = create_user('foo')
foo.is_ldap = True
models.db.session.commit()
force_login(client, 'foo')
page = client.get(flask.url_for('auth.change_password'))
assert os.environ.get('EEA_PASSWORD_RESET') in page
def test_view(app, client, set_auth, user, request_args, expect_errors,
status_code):
if user:
create_user(user)
force_login(client, user)
resp = client.get(request_args, expect_errors=expect_errors)
assert resp.status_code == status_code
def test_email_notification_for_role_changes(app, set_auth, client, outbox):
from .factories import DatasetFactory
create_user('ze_admin', ['admin'])
create_user('foo', ['etc', 'stakeholder'], name="Foo Person")
DatasetFactory()
models.db.session.commit()
force_login(client, 'ze_admin')
page = client.get(flask.url_for('auth.admin_user', user_id='foo'))
page.form['roles'] = ['stakeholder', 'nat']
page.form['name'] = "Foo Person"
page.form['email'] = "*****@*****.**"
page.form['institution'] = "Foo Institution"
page.form.submit()
assert len(outbox) == 0
page.form['roles'] = ['etc', 'stakeholder']
page.form['name'] = "Foo Person"
page.form['email'] = "*****@*****.**"
page.form['institution'] = "Foo Institution"
page.form['notify_user'] = True
page.form.submit()
assert len(outbox) == 1
[msg] = outbox
assert msg.recipients == ['*****@*****.**']
assert "* European topic center" in msg.body
assert "* Stakeholder" in msg.body
def test_autofill_conclusion_form(app, client, set_auth, setup_autofill,
request_args, user):
create_user(user, ['stakeholder'])
force_login(client, user)
resp = client.get(*get_request_params('get', request_args))
form = resp.context['manual_form']
assert form.conclusion_assessment_prev.data == 'FV'
def test_get_revision(app, setup, set_auth, client):
create_user('testuser', role_names=['etc'])
set_user('testuser')
force_login(client, 'testuser')
resp = client.get('/species/summary/datasheet/get_revision/',
{'revision_id': 1})
assert (resp.html.text == "The wolf was the world's most widely "
"distributed mammal.")
def test_404_error(app, setup, set_auth, client, request_type, request_args,
post_params):
create_user('otheruser')
set_user('otheruser')
force_login(client, 'otheruser')
resp = getattr(client,
request_type)(*get_request_params(request_type,
request_args,
post_params),
expect_errors=True)
assert resp.status_code == 404
def test_add_conclusion_etc(app, client, set_auth, setup_add, request_args,
post_params, user, MS, roles, model_cls):
create_user(user, roles, ms=MS)
force_login(client, user)
resp = client.post(*get_request_params('post', request_args, post_params))
assert resp.status_code == 200
post_params.pop('submit', None)
manual_ass = model_cls.query.filter_by(**post_params).one()
assert manual_ass.MS == 'EU28'
def test_toggle_del(app, setup, set_auth, client):
create_user('testuser')
set_user('testuser')
force_login(client, 'testuser')
initial_value = get_instance(WikiComment, id=1).deleted or 0
client.get('/species/summary/datasheet/manage_comment/', {
'comment_id': 1,
'toggle': 'del',
'period': '5'
})
assert get_instance(WikiComment, id=1).deleted == 1 - initial_value
def test_hide_adm_etc_username(app, setup, set_auth, client, roles):
create_user('testuser', roles, 'Secret Name', 'Test Insitution')
create_user('otheruser')
set_user('otheruser')
force_login(client, 'otheruser')
resp = client.get('/species/summary/datasheet/', {
'period': '5',
'subject': 'Canis lupus',
'region': ''
})
assert 'Secret Name' not in resp.html.name
def test_update_decision(app, client, set_auth, setup_decision, request_args,
post_params, user, roles, expect_errors, status_code,
success, message):
create_user(user, roles)
force_login(client, user)
resp = client.post(*get_request_params('post', request_args, post_params),
expect_errors=expect_errors)
assert resp.status_code == status_code
if status_code == 200:
assert resp.json['success'] == success
assert resp.json.get('error', '') == message
def test_data(app, client, set_auth, setup, user, request_args,
exp_conclusion_fields, exp_comment_fields):
create_user(user)
force_login(client, user)
resp = client.get(request_args)
assert resp.status_code == 200
comments, conclusions = resp.html.find_all('table')
comment_fields = [c.text for c in comments.find_all('td')]
conclusion_fields = [c.text for c in conclusions.find_all('td')]
assert comment_fields == exp_comment_fields
assert conclusion_fields == exp_conclusion_fields
def test_edit_comment(app, setup, set_auth, client):
create_user('testuser', role_names=['stakeholder'])
set_user('testuser')
force_login(client, 'testuser')
client.post(*get_request_params('post', [
'/species/summary/datasheet/edit_comment/', {
'period': '5',
'subject': 'Canis lupus',
'region': '',
'comment_id': 1
}
], {'comment': 'Test edit comment.'}))
assert get_instance(WikiComment, id=1).comment == 'Test edit comment.'
def test_edit_page(app, setup, set_auth, client):
create_user('testuser', role_names=['etc'])
set_user('testuser')
force_login(client, 'testuser')
client.post(*get_request_params('post', [
'/species/summary/datasheet/edit_page/', {
'period': '5',
'subject': 'Canis lupus',
'region': ''
}
], {'text': 'Test edit page.'}))
assert get_instance(WikiChange, id=1).active == 0
assert get_instance(WikiChange, body='Test edit page.').active == 1
def test_change_active_revision(app, setup, set_auth, client):
create_user('otheruser', role_names=['etc'])
set_user('otheruser')
force_login(client, 'otheruser')
client.post(*get_request_params('post', [
'/species/summary/datasheet/page_history/', {
'period': '5',
'subject': 'Canis lupus',
'region': ''
}
], {'revision_id': 3}))
assert get_instance(WikiChange, id=1).active == 0
assert get_instance(WikiChange, id=3).active == 1
def test_view_requires_admin(app, set_auth, client):
from .factories import DatasetFactory
create_user('ze_admin', ['admin'])
create_user('foo')
DatasetFactory()
models.db.session.commit()
admin_user_url = flask.url_for('auth.admin_user', user_id='foo')
assert client.get(admin_user_url, expect_errors=True).status_code == 403
force_login(client, 'ze_admin')
assert client.get(admin_user_url).status_code == 200
def test_self_registration_flow(app, set_auth, client, outbox, ldap_user_info):
from .factories import DatasetFactory
_set_config(admin_email='*****@*****.**')
create_user('ze_admin', ['admin'])
DatasetFactory()
models.db.session.commit()
register_page = client.get(flask.url_for('auth.register_local'))
register_page.form['id'] = 'foo'
register_page.form['email'] = '*****@*****.**'
register_page.form['password'] = '******'
register_page.form['name'] = 'foo me'
register_page.form['institution'] = 'foo institution'
result_page = register_page.form.submit()
assert "Confirmation instructions have been sent" in result_page.text
foo_user = models.RegisteredUser.query.get('foo')
assert foo_user.email == '*****@*****.**'
assert foo_user.confirmed_at is None
assert not foo_user.active
assert not foo_user.is_ldap
assert foo_user.password.startswith('{SSHA}')
assert len(outbox) == 1
confirm_message = outbox.pop()
assert 'Dear foo me,' in confirm_message.body
assert '*****@*****.**' in confirm_message.body
url = confirm_message.body.splitlines()[4].strip()
assert url.startswith("http://localhost/confirm/")
client.get(url)
foo_user = models.RegisteredUser.query.get('foo')
assert foo_user.confirmed_at is not None
assert foo_user.active
assert len(outbox) == 1
admin_message = outbox.pop()
assert admin_message.recipients == ['*****@*****.**']
assert "Local user has registered" in admin_message.body
url = admin_message.body.split()[-1]
assert url == 'http://localhost/auth/users/foo'
force_login(client, 'ze_admin')
activation_page = client.get(url)
activation_page.form['active'] = False
activation_page.form.submit()
foo_user = models.RegisteredUser.query.get('foo')
assert not foo_user.active
def test_edit_conclusion(app, client, set_auth, setup_edit, request_args,
post_params, user, roles, expect_errors, status_code,
search_text):
create_user(user, roles)
force_login(client, user)
resp = client.post(*get_request_params('post', request_args, post_params),
expect_errors=expect_errors)
assert resp.status_code == status_code
if resp.status_code == 302:
resp = resp.follow()
if search_text:
assert search_text in resp.html.text
def test_identity_is_set_from_plone_whoami(app, set_auth, client):
create_user('ze_admin', ['admin'])
@app.route('/identity')
def get_identity():
identity = flask.g.identity
return flask.jsonify(
id=identity.id,
provides=sorted(list(identity.provides)),
)
force_login(client, 'ze_admin')
identity = client.get('/identity').json
assert identity['id'] == 'ze_admin'
assert identity['provides'] == [['id', 'ze_admin'], ['role', 'admin']]
def test_toggle_read(app, setup, set_auth, client):
create_user('otheruser')
set_user('otheruser')
force_login(client, 'otheruser')
def get_value():
return get_instance(WikiComment,
id=1) in get_instance(RegisteredUser,
id='otheruser').read_comments
initial_value = get_value()
client.get('/species/summary/datasheet/manage_comment/', {
'comment_id': 1,
'toggle': 'read',
'period': '5'
})
assert get_value() is not initial_value
def test_read_comments(app, client, set_auth, setup_read, username,
request_args, comment_cls, exp_comment_fields):
user = create_user(username)
force_login(client, username)
comment = comment_cls(region='ALP', post_date='2014-03-20',
author_id='author')
models.db.session.commit()
comment.readers.append(user)
models.db.session.commit()
resp = client.get(request_args)
assert resp.status_code == 200
comment_fields = [c.text for c in resp.html.find('table').find_all('td')]
assert comment_fields == exp_comment_fields
def test_count_read_comments_view(app, client, set_auth, manual_assessment_cls,
comment_cls, request_args):
DatasetFactory()
manual_assessment_cls(region='ALP')
comment = comment_cls(region='ALP')
models.db.session.commit()
user = create_user('someuser')
comment.readers.append(user)
models.db.session.commit()
force_login(client, 'someuser')
resp = client.get(*get_request_params('get', request_args))
assert resp.status_code == 200
assert (resp.html.find('a', {
'title': 'Comments: Read/Total'
}).text.strip() == '1/1')
def test_change_local_password(app, set_auth, client):
from flask.ext.security.utils import encrypt_password
foo = create_user('foo')
old_enc_password = encrypt_password('my old pw')
foo.password = old_enc_password
models.db.session.commit()
set_auth.update({'user_id': 'foo'})
force_login(client, 'foo')
page = client.get(flask.url_for('auth.change_password'))
page.form['password'] = '******'
page.form['new_password'] = '******'
page.form['new_password_confirm'] = 'the new pw'
confirmation_page = page.form.submit().follow()
assert "password has been changed" in confirmation_page.text
foo = models.RegisteredUser.query.filter_by(id='foo').first()
assert foo.password != old_enc_password
def test_add_comment(app, setup, set_auth, client):
create_user('newuser')
set_user('newuser')
force_login(client, 'newuser')
request_data = ('post', [
'/species/summary/datasheet/add_comment/', {
'period': '5',
'subject': 'Canis lupus',
'region': ''
}
], {
'comment': 'Test add comment.'
})
client.post(*get_request_params(*request_data))
request_args = request_data[1][1]
wiki = get_instance(Wiki,
dataset_id=request_args['period'],
assesment_speciesname=request_args['subject'],
region_code=request_args['region'])
assert request_data[2]['comment'] in [c.comment for c in wiki.comments]
def test_ldap_account_activation_flow(app, set_auth, client, outbox,
ldap_user_info):
from art17.auth.providers import set_user
from .factories import DatasetFactory
_set_config(admin_email='*****@*****.**')
ldap_user_info['foo'] = {'email': '*****@*****.**', 'full_name': 'foo'}
create_user('ze_admin', ['admin'])
DatasetFactory()
models.db.session.commit()
@app.before_request
def set_testing_user():
set_user('foo', is_ldap_user=True)
register_page = client.get(flask.url_for('auth.register_ldap'))
register_page.form['institution'] = 'foo institution'
result_page = register_page.form.submit()
assert "has been registered" in result_page.text
foo_user = models.RegisteredUser.query.get('foo')
assert foo_user.email == '*****@*****.**'
assert foo_user.confirmed_at is not None
assert foo_user.active
assert foo_user.is_ldap
assert len(outbox) == 1
admin_message = outbox.pop()
assert admin_message.recipients == ['*****@*****.**']
assert "Eionet user has registered" in admin_message.body
url = admin_message.body.split()[-1]
assert url == 'http://localhost/auth/users/foo'
force_login(client, 'ze_admin')
activation_page = client.get(url)
activation_page.form['active'] = False
activation_page.form.submit()
foo_user = models.RegisteredUser.query.get('foo')
assert not foo_user.active
def test_comments(app, client, setup, set_auth, request_type, request_args,
post_params, user, expect_errors, status_code,
assert_condition):
create_user('testuser')
if user:
if user[0] != 'testuser':
create_user(*user)
force_login(client, user[0])
resp = getattr(client,
request_type)(*get_request_params(request_type,
request_args,
post_params),
expect_errors=expect_errors)
assert resp.status_code == status_code
if resp.status_code == 302:
resp = resp.follow()
if assert_condition:
assert eval(assert_condition)
def test_admin_edit_user_info(app, set_auth, client, outbox):
from .factories import DatasetFactory
_set_config(admin_email='*****@*****.**')
create_user('ze_admin', ['admin'])
create_user('foo', ['etc', 'stakeholder'], name="Foo Person")
DatasetFactory()
models.db.session.commit()
force_login(client, 'ze_admin')
page = client.get(flask.url_for('auth.admin_user', user_id='foo'))
page.form['name'] = "Foo Person"
page.form['email'] = "*****@*****.**"
page.form['institution'] = "Foo Institution"
page.form['qualification'] = "Foo is web developer"
result_page = page.form.submit()
assert "User information updated" in result_page.follow().text
assert not result_page.status_code == 200
assert not 'already associated with an account' in result_page.text
foo_user = models.RegisteredUser.query.get('foo')
assert foo_user.email == '*****@*****.**'
assert foo_user.name == 'Foo Person'
assert foo_user.institution == 'Foo Institution'
assert foo_user.qualification == 'Foo is web developer'
assert not foo_user.is_ldap
create_user('bar', ['etc'], name="Bar Person")
models.db.session.commit()
page = client.get(flask.url_for('auth.admin_user', user_id='bar'))
page.form['name'] = "Bar Person"
page.form['email'] = "*****@*****.**"
page.form['institution'] = "Bar Institution"
page.form['qualification'] = "Bar is web developer"
result_page = page.form.submit()
assert result_page.status_code == 200
assert 'already associated with an account' in result_page.text
def test_delete_conclusion(app, client, set_auth, setup_edit, request_args,
user, status_code, expect_errors, model_cls):
if user:
create_user(user)
force_login(client, user)
resp = client.get(*get_request_params('get', request_args),
expect_errors=expect_errors)
assert resp.status_code == status_code
if model_cls:
args = request_args[1]
records = model_cls.query.filter_by(
dataset_id=args['period'],
subject=args['subject'],
region=args['delete_region'],
user_id=args['delete_user'],
MS=args['delete_ms'],
).all()
assert len(records) == 1
assert records[0].deleted == 1
def test_deleted(app, client, set_auth, setup_deleted, user, request_args):
create_user(user)
force_login(client, user)
resp = client.get(request_args)
assert resp.status_code == 200
assert len(resp.html.find_all('td')) == 0
