def test__list_credentials(self):
# Create a token and Matching User
account = Account()
account.username = "******"
new_token = PushToken()
new_token.account = account.username
new_token.authenticated_user = account.username
new_token.token = "token1"
new_token.admin = True
credentials = TempCredentials()
credentials.account = account.username
credentials.username = "******"
credentials.password = "******"
self.persist([account, new_token, credentials])
rv = self.app.get("/manage/credentials?token=token1", data={})
assert rv.status_code == 200
response = json.loads(rv.data)
assert response["credentials"] == [{
"password": "******",
"username": "******"
}]
def test_manage_account_storage(self):
account = Account()
account.username = "******"
account.endpoint__dropbox_enabled = True
new_token = PushToken()
new_token.account = "michael"
new_token.token = "token1"
new_token.admin = True
storage = Storage()
storage.id = "id1"
storage.account = "michael"
storage.path = "/"
storage.endpoint__amazon_s3_access_key_id = "endpoint__amazon_s3_access_key_id"
storage.endpoint__amazon_s3_access_secret_key = "endpoint__amazon_s3_access_secret_key"
storage.endpoint__dropbox_access_token = "endpoint__dropbox_access_token"
storage.endpoint__dropbox_user_id = "endpoint__dropbox_user_id"
storage.store_type = "dropbox"
self.persist([account, new_token, storage])
rv = self.app.get(
"/manage/account/storage?token=token1",
)
assert json.loads(rv.data) == {
"storage": [
{
"account": "michael",
"endpoint__amazon_s3_access_key_id": "endpoint__amazon_s3_access_key_id",
"endpoint__amazon_s3_access_secret_key": "endpoint__amazon_s3_access_secret_key",
"endpoint__dropbox_access_token": "endpoint__dropbox_access_token",
"endpoint__dropbox_user_id": "endpoint__dropbox_user_id",
"id": "id1",
"path": "/",
"store_type": "dropbox"
}
]
}
def test_manage_account_storage_put(self):
account = Account()
account.username = "******"
account.endpoint__dropbox_enabled = True
new_token = PushToken()
new_token.account = "michael"
new_token.token = "token1"
new_token.admin = True
self.persist([account, new_token])
rv = self.app.put(
"/manage/account/storage?token=token1",
)
rv = self.app.get(
"/manage/account/storage?token=token1",
)
elem = json.loads(rv.data)["storage"]
assert elem[0]["account"] == "michael"
def test__download_file__invalid_permissions(self):
account = Account()
account.username = "******"
account.endpoint__amazon_s3_enabled = True
new_token = PushToken()
new_token.account = "michael"
new_token.token = "token1"
new_token.admin = True
file1 = File()
file1.filename = "filename1.png"
file1.id = "id1"
file1.account = "random_account"
file1.authenticated_user = "******"
file1.time = datetime.datetime.now()
self.persist([account, new_token, file1])
rv = self.app.get("/manage/files/id1/download?token=token1")
print rv.data
assert rv.status_code == 404
def test__upload_file__dropbox_nopath(self, __upload_dropbox):
account = Account()
account.username = "******"
account.endpoint__dropbox_enabled = True
new_token = PushToken()
new_token.account = "michael"
new_token.token = "token1"
new_token.admin = True
storage = Storage()
storage.id = "id1"
storage.account = "michael"
storage.path = "/"
storage.endpoint__amazon_s3_access_key_id = ""
storage.endpoint__amazon_s3_access_secret_key = ""
storage.endpoint__dropbox_access_token = ""
storage.endpoint__dropbox_user_id = ""
storage.store_type = "dropbox"
storage.permissions = "rw"
self.persist([account, new_token, storage])
resp = self.app.post('/push/upload/token1',
data={
'file': (StringIO('my file contents'),
'hello world.txt'),
'path':
"/hello world.txt"
})
assert resp.status_code == 200
assert len(self.session.query(File).all()) == 1
assert __upload_dropbox.called == 1
__upload_dropbox.assert_called_with(mock.ANY, mock.ANY,
'/hello world.txt')
def test__upload_file__dropbox__temp_user__wrong_permissions_path(
self, __upload_dropbox):
account = Account()
account.username = "******"
account.endpoint__dropbox_enabled = True
credentials = TempCredentials()
credentials.account = "michael"
credentials.username = "******"
credentials.permissions_mode = "w"
credentials.permissions_path = "/dudes"
new_token = PushToken()
new_token.account = "michael"
new_token.token = "token1"
new_token.admin = False
new_token.authenticated_user = "******"
storage = Storage()
storage.id = "id1"
storage.account = "michael"
storage.path = "/"
storage.endpoint__amazon_s3_access_key_id = ""
storage.endpoint__amazon_s3_access_secret_key = ""
storage.endpoint__dropbox_access_token = ""
storage.endpoint__dropbox_user_id = ""
storage.store_type = "dropbox"
storage.permissions = "rw"
self.persist([account, new_token, storage, credentials])
resp = self.app.post('/push/upload/token1',
data={
'file': (StringIO('my file contents'),
'hello world.txt'),
'path':
"/hello world.txt"
})
assert resp.status_code == 403
assert len(self.session.query(File).all()) == 0
assert __upload_dropbox.called == 0
def push_authenticate_get_token():
username = request.form.get("username")
service_token = request.form.get("service_token")
if service_token != config__get("COUCHDROP_SERVICE__SERVICE_TOKEN"):
return flask.jsonify(err="This route requires a service token"), 403
account = flask.g.db_session.query(Account).filter(
Account.username == username).scalar()
if account:
if not account.email_confirmation_code_accepted:
return flask.jsonify(
err="Account email address has not been registered"), 403
new_token = PushToken()
new_token.account = account.username
new_token.authenticated_user = username
new_token.token = str(uuid.uuid4())
new_token.admin = True
flask.g.db_session.add(new_token)
return flask.jsonify(token=new_token.token)
return flask.jsonify(err="Account was invalid"), 403
def test__delete_credentials__invalid_account(self):
# Create a token and Matching User
account = Account()
account.username = "******"
new_token = PushToken()
new_token.account = account.username
new_token.authenticated_user = account.username
new_token.token = "token1"
new_token.admin = True
credentials = TempCredentials()
credentials.account = "someotheruser"
credentials.username = "******"
credentials.password = "******"
self.persist([account, new_token, credentials])
rv = self.app.delete("/manage/credentials/user1/delete?token=token1",
data={})
# No delete operation performed
assert len(self.session.query(TempCredentials).all()) == 1
def test__create_credentials(self):
# Create a token and Matching User
account = Account()
account.username = "******"
new_token = PushToken()
new_token.account = account.username
new_token.authenticated_user = account.username
new_token.token = "token1"
new_token.admin = True
self.persist([account, new_token])
rv = self.app.put("/manage/credentials?token=token1", data={})
assert rv.status_code == 200
assert len(self.session.query(TempCredentials).all()) == 1
created_credentials = self.session.query(TempCredentials).all()[0]
assert created_credentials
assert created_credentials.account == "michael"
assert created_credentials.username
assert created_credentials.password
def test__delete_credentials(self):
# Create a token and Matching User
account = Account()
account.username = "******"
new_token = PushToken()
new_token.account = account.username
new_token.authenticated_user = account.username
new_token.token = "token1"
new_token.admin = True
credentials = TempCredentials()
credentials.account = account.username
credentials.username = "******"
credentials.password = "******"
self.persist([account, new_token, credentials])
rv = self.app.delete("/manage/credentials/user1/delete?token=token1",
data={})
assert rv.status_code == 200
assert len(self.session.query(TempCredentials).all()) == 0
def push_authenticate():
username = request.form.get("username")
password = request.form.get("password")
account = flask.g.db_session.query(Account).filter(
Account.username == username).scalar()
if account:
if not __internal_check_password_matches(account, password):
return flask.jsonify(err="Account was invalid"), 403
if not account.email_confirmation_code_accepted:
return flask.jsonify(
err="Account email address has not been registered"), 403
new_token = PushToken()
new_token.account = account.username
new_token.authenticated_user = username
new_token.token = str(uuid.uuid4())
new_token.admin = True
flask.g.db_session.add(new_token)
return flask.jsonify(token=new_token.token)
temp_account = flask.g.db_session.query(TempCredentials).filter(
TempCredentials.username == username).scalar()
if temp_account:
if temp_account.password != password:
return flask.jsonify(err="Account was invalid"), 403
new_token = PushToken()
new_token.account = temp_account.account
new_token.token = str(uuid.uuid4())
new_token.authenticated_user = username
new_token.admin = False
flask.g.db_session.add(new_token)
return flask.jsonify(token=new_token.token)
return flask.jsonify(err="Account was invalid"), 403