def ThreadedFunction(from_email="", username="", title="", agency="", userEmail="", link=""): """ This inner function sends emails in a new thread as there could be lots of admins from_email -- (string) the from email address username -- (string) the name of the user title -- (string) the title of the user agency -- (string) the agency of the user userEmail -- (string) the email of the user link -- (string) the broker email link """ threadedDatabase = UserHandler() try: for user in threadedDatabase.getUsersByType("website_admin"): emailTemplate = { '[REG_NAME]': username, '[REG_TITLE]': title, '[REG_AGENCY]': agency, '[REG_EMAIL]': userEmail, '[URL]': link } newEmail = sesEmail(user.email, system_email, templateType="account_creation", parameters=emailTemplate, database=threadedDatabase) newEmail.send() finally: InterfaceHolder.closeOne(threadedDatabase)
def decorated_function(*args, **kwargs): errorMessage = "Login Required" if LoginSession.isLogin(session): userDb = UserHandler() try: user = userDb.getUserByUID(session["name"]) validUser = True for permission in permissionList: if not userDb.hasPermission(user, permission): validUser = False finally: InterfaceHolder.closeOne(userDb) if validUser: return f(*args, **kwargs) errorMessage = "Wrong User Type" elif "check_email_token" in permissionList: if LoginSession.isRegistering(session): return f(*args, **kwargs) else: errorMessage = "unauthorized" elif "check_password_token" in permissionList: if LoginSession.isResetingPassword(session): return f(*args, **kwargs) else: errorMessage = "unauthorized" returnResponse = flask.Response() returnResponse.headers["Content-Type"] = "application/json" returnResponse.status_code = 401 # Error code responseDict = {} responseDict["message"] = errorMessage returnResponse.set_data(json.dumps(responseDict)) return returnResponse
def ThreadedFunction (from_email="",username="",title="",cgac_code="",userEmail="" ,link="") : """ This inner function sends emails in a new thread as there could be lots of admins from_email -- (string) the from email address username -- (string) the name of the user title -- (string) the title of the user agency -- (string) the agency of the user userEmail -- (string) the email of the user link -- (string) the broker email link """ threadedDatabase = UserHandler() try: agency_name = self.interfaces.validationDb.getAgencyName(cgac_code) agency_name = "Unknown" if agency_name is None else agency_name for user in threadedDatabase.getUsersByType("website_admin"): emailTemplate = {'[REG_NAME]': username, '[REG_TITLE]':title, '[REG_AGENCY_NAME]':agency_name, '[REG_CGAC_CODE]': cgac_code,'[REG_EMAIL]' : userEmail,'[URL]':link} newEmail = sesEmail(user.email, system_email,templateType="account_creation",parameters=emailTemplate,database=threadedDatabase) newEmail.send() for user in threadedDatabase.getUsersByType("agency_admin"): if user.cgac_code == cgac_code: emailTemplate = {'[REG_NAME]': username, '[REG_TITLE]': title, '[REG_AGENCY_NAME]': agency_name, '[REG_CGAC_CODE]': cgac_code,'[REG_EMAIL]': userEmail, '[URL]': link} newEmail = sesEmail(user.email, system_email, templateType="account_creation", parameters=emailTemplate, database=threadedDatabase) newEmail.send() finally: InterfaceHolder.closeOne(threadedDatabase)
def decorated_function(*args, **kwargs): errorMessage = "Login Required" if LoginSession.isLogin(session): userDb = UserHandler() try: user = userDb.getUserByUID(session["name"]) validUser = True for permission in permissionList: if (not userDb.hasPermission(user, permission)): validUser = False finally: InterfaceHolder.closeOne(userDb) if (validUser): return f(*args, **kwargs) errorMessage = "Wrong User Type" elif "check_email_token" in permissionList: if (LoginSession.isRegistering(session)): return f(*args, **kwargs) else: errorMessage = "unauthorized" elif "check_password_token" in permissionList: if (LoginSession.isResetingPassword(session)): return f(*args, **kwargs) else: errorMessage = "unauthorized" returnResponse = flask.Response() returnResponse.headers["Content-Type"] = "application/json" returnResponse.status_code = 401 # Error code responseDict = {} responseDict["message"] = errorMessage returnResponse.set_data(json.dumps(responseDict)) return returnResponse
def ThreadedFunction(from_email="", username="", title="", cgac_code="", userEmail="", link=""): """ This inner function sends emails in a new thread as there could be lots of admins from_email -- (string) the from email address username -- (string) the name of the user title -- (string) the title of the user agency -- (string) the agency of the user userEmail -- (string) the email of the user link -- (string) the broker email link """ threadedDatabase = UserHandler() try: agency_name = self.interfaces.validationDb.getAgencyName( cgac_code) agency_name = "Unknown" if agency_name is None else agency_name for user in threadedDatabase.getUsersByType("website_admin"): emailTemplate = { '[REG_NAME]': username, '[REG_TITLE]': title, '[REG_AGENCY_NAME]': agency_name, '[REG_CGAC_CODE]': cgac_code, '[REG_EMAIL]': userEmail, '[URL]': link } newEmail = sesEmail(user.email, system_email, templateType="account_creation", parameters=emailTemplate, database=threadedDatabase) newEmail.send() for user in threadedDatabase.getUsersByType("agency_admin"): if user.cgac_code == cgac_code: emailTemplate = { '[REG_NAME]': username, '[REG_TITLE]': title, '[REG_AGENCY_NAME]': agency_name, '[REG_CGAC_CODE]': cgac_code, '[REG_EMAIL]': userEmail, '[URL]': link } newEmail = sesEmail(user.email, system_email, templateType="account_creation", parameters=emailTemplate, database=threadedDatabase) newEmail.send() finally: InterfaceHolder.closeOne(threadedDatabase)
def sendResetPasswordEmail(self, user, system_email, email=None, unlock_user=False): if email is None: email = user.email # User must be approved and active to reset password if user.user_status_id != self.interfaces.userDb.getUserStatusId( "approved"): raise ResponseException( "User must be approved before resetting password", StatusCode.CLIENT_ERROR) elif not unlock_user and not user.is_active: raise ResponseException("User is locked, cannot reset password", StatusCode.CLIENT_ERROR) # If unlocking a user, wipe out current password if unlock_user: UserHandler().clearPassword(user) self.interfaces.userDb.session.commit() # Send email with token emailToken = sesEmail.createToken(email, "password_reset") link = "".join( [AccountHandler.FRONT_END, '#/forgotpassword/', emailToken]) emailTemplate = {'[URL]': link} templateType = "unlock_account" if unlock_user else "reset_password" newEmail = sesEmail(user.email, system_email, templateType=templateType, parameters=emailTemplate, database=self.interfaces.userDb) newEmail.send()
def ThreadedFunction (from_email="",username="",title="",agency="",userEmail="" ,link="") : """ This inner function sends emails in a new thread as there could be lots of admins from_email -- (string) the from email address username -- (string) the name of the user title -- (string) the title of the user agency -- (string) the agency of the user userEmail -- (string) the email of the user link -- (string) the broker email link """ threadedDatabase = UserHandler() try: for user in threadedDatabase.getUsersByType("website_admin") : emailTemplate = {'[REG_NAME]': username, '[REG_TITLE]':title, '[REG_AGENCY]':agency,'[REG_EMAIL]' : userEmail,'[URL]':link} newEmail = sesEmail(user.email, system_email,templateType="account_creation",parameters=emailTemplate,database=threadedDatabase) newEmail.send() finally: InterfaceHolder.closeOne(threadedDatabase)
def test_delete_user(database): user_handler = UserHandler() # Create user with email user_to_be_deleted = UserFactory() email = user_to_be_deleted.email other_user = UserFactory() database.session.add_all([user_to_be_deleted, other_user]) database.session.commit() # Create two submissions for this user and one for a different user sub_one = SubmissionFactory(user_id=user_to_be_deleted.user_id) sub_two = SubmissionFactory(user_id=user_to_be_deleted.user_id) other_sub = SubmissionFactory(user_id=other_user.user_id) database.session.add_all([sub_one, sub_two, other_sub]) database.session.commit() # Delete a user user_handler.deleteUser(email) # Confirm user has been deleted and that user's submissions have no user_id assert database.session.query(User).filter_by(email=email).count() == 0 assert sub_one.user_id is None assert sub_two.user_id is None # Confirm that other submission was not affected assert other_sub.user_id == other_user.user_id
def __init__(self): """ Create the interfaces """ if BaseInterface.interfaces is None: self.jobDb = JobHandler() self.errorDb = ErrorHandler() self.userDb = UserHandler() self.validationDb = ValidationInterface() self.stagingDb = self.validationDb BaseInterface.interfaces = self else: self.jobDb = BaseInterface.interfaces.jobDb self.errorDb = BaseInterface.interfaces.errorDb self.userDb = BaseInterface.interfaces.userDb self.validationDb = BaseInterface.interfaces.validationDb self.stagingDb = self.validationDb
def createAdmin(): """Create initial admin user.""" adminEmail = CONFIG_BROKER['admin_email'] adminPass = CONFIG_BROKER['admin_password'] userDb = UserHandler() try: user = userDb.getUserByEmail(adminEmail) except ResponseException as e: if type(e.wrappedException) is NoResultFound: userDb.createUserWithPassword(adminEmail, adminPass, Bcrypt(), admin=True) user = userDb.getUserByEmail(adminEmail) userDb.addUserInfo(user, "Admin", "System", "System Admin") userDb.session.close()
def emailUsers(self, system_email, session): """ Send email notification to list of users """ requestDict = RequestDictionary(self.request) if not (requestDict.exists("users") and requestDict.exists("submission_id") and requestDict.exists("email_template")): exc = ResponseException( "Email users route requires users, email_template, and submission_id", StatusCode.CLIENT_ERROR) return JsonResponse.error(exc, exc.status) uid = session["name"] current_user = self.interfaces.userDb.getUserByUID(uid) user_ids = requestDict.getValue("users") submission_id = requestDict.getValue("submission_id") # Check if submission id is valid self.jobManager.getSubmissionById(submission_id) template_type = requestDict.getValue("email_template") # Check if email template type is valid self.userManager.getEmailTemplate(template_type) users = [] link = "".join( [AccountHandler.FRONT_END, '#/reviewData/', str(submission_id)]) emailTemplate = { '[REV_USER_NAME]': current_user.name, '[REV_URL]': link } for user_id in user_ids: # Check if user id is valid, if so add User object to array users.append(self.userManager.getUserByUID(user_id)) for user in users: newEmail = sesEmail(user.email, system_email, templateType=template_type, parameters=emailTemplate, database=UserHandler()) newEmail.send() return JsonResponse.create(StatusCode.OK, {"message": "Emails successfully sent"})
def createAdmin(): """Create initial admin user.""" adminEmail = CONFIG_BROKER['admin_email'] adminPass = CONFIG_BROKER['admin_password'] userDb = UserHandler() try: user = userDb.getUserByEmail(adminEmail) except ResponseException as e: if type(e.wrappedException) is NoResultFound: userDb.createUserWithPassword( adminEmail, adminPass, Bcrypt(), permission=2) user = userDb.getUserByEmail(adminEmail) userDb.addUserInfo(user, "Admin", "SYS", "System Admin") userDb.session.close()
def decorated_function(*args, **kwargs): try: errorMessage = "Login Required" if "check_email_token" in permissionList: if(LoginSession.isRegistering(session)) : return f(*args, **kwargs) else : errorMessage = "unauthorized" elif "check_password_token" in permissionList : if(LoginSession.isResetingPassword(session)) : return f(*args, **kwargs) else : errorMessage = "unauthorized" elif LoginSession.isLogin(session): userDb = UserHandler() try: user = userDb.getUserByUID(session["name"]) validUser = True for permission in permissionList : if(not userDb.hasPermission(user, permission)) : validUser = False else: validUser = True break finally: userDb.close() if(validUser) : return f(*args, **kwargs) errorMessage = "Wrong User Type" returnResponse = flask.Response() returnResponse.headers["Content-Type"] = "application/json" returnResponse.status_code = 401 # Error code responseDict = {} responseDict["message"] = errorMessage returnResponse.set_data(json.dumps(responseDict)) return returnResponse except ResponseException as e: return JsonResponse.error(e,e.status) except Exception as e: exc = ResponseException(str(e),StatusCode.INTERNAL_ERROR,type(e)) return JsonResponse.error(exc,exc.status)
def setupEmails(): """Create email templates from model metadata.""" userDb = UserHandler() # insert email template types typeList = [ ('validate_email', ''), ('account_approved', ''), ('account_rejected', ''), ('reset_password', ''), ('account_creation', ''), ('account_creation_user', '') ] for t in typeList: emailId = userDb.session.query( EmailTemplateType.email_template_type_id).filter( EmailTemplateType.name == t[0]).one_or_none() if not emailId: type = EmailTemplateType(name=t[0], description=t[1]) userDb.session.add(type) # insert email templates #Confirm template = "This email address was just used to create a user account with the DATA Act Broker. To continue the registration process, please click <a href='[URL]'>here</a>. The link will expire in 24 hours. <br /> <br /> If you did not initiate this process, you may disregard this email.<br /><br />The DATA Act Broker Helpdesk<br />[email protected] " userDb.loadEmailTemplate("DATA Act Broker - Registration", template, "validate_email") #Approve template = "Thank you for registering for a user account with the DATA Act Broker. Your request has been approved by the DATA Act Broker Help Desk. You may now log into the Data Broker portal, using the password you created at registration, by clicking <a href='[URL]'>here</a>.<br /><br /> If you have any questions, please contact the DATA Act Broker Help Desk at [EMAIL].<br /><br />DATA Act Broker Helpdesk<br />[email protected]" userDb.loadEmailTemplate("DATA Act Broker - Access Approved", template, "account_approved") #Reject template = "Thank you for requesting log-in credentials for the DATA Act Broker. Your attempt to register has been denied. If you believe this determination was made in error, please contact the DATA Act Broker Helpdesk at [email protected].<br /><br />DATA Act Broker Helpdesk<br />[email protected]" userDb.loadEmailTemplate("DATA Act Broker - Access Denied", template, "account_rejected") #Password Reset template = "You have requested your password to be reset for your account. Please click the following link <a href='[URL]'>here</a> to start the processs. The link will expire in 24 hours. <br/> <br/> If you did not request this password reset, please notify the DATA Act Broker Helpdesk ([email protected]) <br /><br />DATA Act Broker Helpdesk<br /><br />[email protected]" userDb.loadEmailTemplate("DATA Act Broker - Password Reset", template, "reset_password") #Admin Email template = "This email is to notify you that the following person has requested an account for the DATA Act Broker:<br /><br />Name: [REG_NAME]<br /><br />Title: [REG_TITLE]<br /><br />Agency: [REG_AGENCY]<br /><br />Email: [REG_EMAIL]<br /><br /><br /><br />To approve or deny this user for access to the Data Broker, please click <a href='[URL]'>here</a>.<br /><br />This action must be taken within 24 hours. <br /><br />Thank you for your prompt attention.<br /><br />DATA Act Broker Helpdesk<br />[email protected]" userDb.loadEmailTemplate("New Data Broker registration - Action Required", template, "account_creation") #User Email When finished submitting template = ("Thank you for registering a DATA Act Broker user account. " "The final registration step is for the Help Desk to review your " "request. You should receive an e-mail update from them within one " "business day, saying whether they've approved or denied your access." "<br /><br />" "Until the Help Desk approves your request, you won't be able to log " "into the Broker. Thanks for being patient with the security process--" "we appreciate your interest and look forward to working with you." "<br /><br/>" "If you have any questions or haven't received a follow-up e-mail " "within one business day, please get in touch with the Help Desk at " "[EMAIL]." "<br /><br />" "The DATA Act Implementation Team <br />" "[EMAIL]") userDb.loadEmailTemplate("DATA Act Broker - Registration", template, "account_creation_user") InterfaceHolder.closeOne(userDb)
def setUpClass(cls): """Set up resources to be shared within a test class""" # TODO: refactor into a pytest class fixtures and inject as necessary # update application's db config options so unittests # run against test databases suite = cls.__name__.lower() config = dataactcore.config.CONFIG_DB cls.num = randint(1, 9999) config["error_db_name"] = "unittest{}_{}_error_data".format(cls.num, suite) config["job_db_name"] = "unittest{}_{}_job_tracker".format(cls.num, suite) config["user_db_name"] = "unittest{}_{}_user_manager".format(cls.num, suite) config["validator_db_name"] = "unittest{}_{}_validator".format(cls.num, suite) config["staging_db_name"] = "unittest{}_{}_staging".format(cls.num, suite) dataactcore.config.CONFIG_DB = config # suppress INFO-level logging from Alembic migrations logging.disable(logging.WARN) # create test user db setupUserDB() # create test job db setupJobTrackerDB() # create test error db setupErrorDB() # load e-mail templates setupEmails() # reset logging defaults logging.disable(logging.NOTSET) # get test users try: with open("test.json") as test_users_file: test_users = json.load(test_users_file) test_users = test_users except: # if no test.json, provide some default e-mail accounts for tests test_users = {} test_users["admin_email"] = "*****@*****.**" test_users["change_user_email"] = "*****@*****.**" test_users["password_reset_email"] = "*****@*****.**" test_users["inactive_email"] = "*****@*****.**" if "approved_email" not in test_users: test_users["approved_email"] = "*****@*****.**" if "submission_email" not in test_users: test_users["submission_email"] = "*****@*****.**" user_password = "******" admin_password = "******" # setup test users userEmails = [ "*****@*****.**", "*****@*****.**", "*****@*****.**", "*****@*****.**", "*****@*****.**", test_users["admin_email"], test_users["approved_email"], "*****@*****.**", ] userStatus = [ "awaiting_confirmation", "email_confirmed", "awaiting_approval", "awaiting_approval", "awaiting_approval", "approved", "approved", "denied", ] userPermissions = [ 0, AccountType.AGENCY_USER, AccountType.AGENCY_USER, AccountType.AGENCY_USER, AccountType.AGENCY_USER, AccountType.WEBSITE_ADMIN + AccountType.AGENCY_USER, AccountType.AGENCY_USER, AccountType.AGENCY_USER, ] # Add new users userDb = UserHandler() userDb.createUserWithPassword(test_users["submission_email"], user_password, Bcrypt()) userDb.createUserWithPassword(test_users["change_user_email"], user_password, Bcrypt()) userDb.createUserWithPassword(test_users["password_reset_email"], user_password, Bcrypt()) userDb.createUserWithPassword(test_users["inactive_email"], user_password, Bcrypt()) # Create users for status testing for index in range(len(userEmails)): email = userEmails[index] userDb.addUnconfirmedEmail(email) user = userDb.getUserByEmail(email) userDb.changeStatus(user, userStatus[index]) userDb.setPermission(user, userPermissions[index]) # set up approved user user = userDb.getUserByEmail(test_users["approved_email"]) user.username = "******" userDb.setPassword(user, user_password, Bcrypt()) cls.approved_user_id = user.user_id # set up admin user admin = userDb.getUserByEmail(test_users["admin_email"]) userDb.setPassword(admin, admin_password, Bcrypt()) admin.name = "Mr. Manager" admin.agency = "Unknown" userDb.session.commit() # set up status changed user statusChangedUser = userDb.getUserByEmail(test_users["change_user_email"]) cls.status_change_user_id = statusChangedUser.user_id statusChangedUser.name = "Test User" statusChangedUser.user_status_id = userDb.getUserStatusId("email_confirmed") userDb.session.commit() # set up deactivated user user = userDb.getUserByEmail(test_users["inactive_email"]) user.last_login_date = time.strftime("%c") user.is_active = False userDb.session.commit() # set up info needed by the individual test classes cls.test_users = test_users cls.user_password = user_password cls.admin_password = admin_password cls.interfaces = InterfaceHolder() cls.jobTracker = cls.interfaces.jobDb cls.errorDatabase = cls.interfaces.errorDb cls.userDb = cls.interfaces.userDb cls.local = CONFIG_BROKER["local"]
def setUpClass(cls): """Set up resources to be shared within a test class""" #TODO: refactor into a pytest class fixtures and inject as necessary # update application's db config options so unittests # run against test databases suite = cls.__name__.lower() config = dataactcore.config.CONFIG_DB cls.num = randint(1, 9999) config['error_db_name'] = 'unittest{}_{}_error_data'.format( cls.num, suite) config['job_db_name'] = 'unittest{}_{}_job_tracker'.format( cls.num, suite) config['user_db_name'] = 'unittest{}_{}_user_manager'.format( cls.num, suite) config['validator_db_name'] = 'unittest{}_{}_validator'.format( cls.num, suite) config['staging_db_name'] = 'unittest{}_{}_staging'.format( cls.num, suite) dataactcore.config.CONFIG_DB = config # suppress INFO-level logging from Alembic migrations logging.disable(logging.WARN) # create test user db setupUserDB() # create test job db setupJobTrackerDB() # create test error db setupErrorDB() # load e-mail templates setupEmails() # reset logging defaults logging.disable(logging.NOTSET) #get test users try: with open('test.json') as test_users_file: test_users = json.load(test_users_file) test_users = test_users except: #if no test.json, provide some default e-mail accounts for tests test_users = {} test_users['admin_email'] = '*****@*****.**' test_users['change_user_email'] = '*****@*****.**' test_users['password_reset_email'] = '*****@*****.**' test_users['inactive_email'] = '*****@*****.**' if 'approved_email' not in test_users: test_users['approved_email'] = '*****@*****.**' if 'submission_email' not in test_users: test_users['submission_email'] = '*****@*****.**' user_password = '******' admin_password = '******' #setup test users userEmails = [ "*****@*****.**", "*****@*****.**", "*****@*****.**", "*****@*****.**", "*****@*****.**", test_users["admin_email"], test_users["approved_email"], "*****@*****.**" ] userStatus = [ "awaiting_confirmation", "email_confirmed", "awaiting_approval", "awaiting_approval", "awaiting_approval", "approved", "approved", "denied" ] userPermissions = [ 0, AccountType.AGENCY_USER, AccountType.AGENCY_USER, AccountType.AGENCY_USER, AccountType.AGENCY_USER, AccountType.WEBSITE_ADMIN + AccountType.AGENCY_USER, AccountType.AGENCY_USER, AccountType.AGENCY_USER ] # Add new users userDb = UserHandler() userDb.createUserWithPassword(test_users["submission_email"], user_password, Bcrypt()) userDb.createUserWithPassword(test_users["change_user_email"], user_password, Bcrypt()) userDb.createUserWithPassword(test_users["password_reset_email"], user_password, Bcrypt()) userDb.createUserWithPassword(test_users["inactive_email"], user_password, Bcrypt()) # Create users for status testing for index in range(len(userEmails)): email = userEmails[index] userDb.addUnconfirmedEmail(email) user = userDb.getUserByEmail(email) userDb.changeStatus(user, userStatus[index]) userDb.setPermission(user, userPermissions[index]) #set up approved user user = userDb.getUserByEmail(test_users['approved_email']) user.username = "******" userDb.setPassword(user, user_password, Bcrypt()) cls.approved_user_id = user.user_id #set up admin user admin = userDb.getUserByEmail(test_users['admin_email']) userDb.setPassword(admin, admin_password, Bcrypt()) admin.name = "Mr. Manager" admin.agency = "Unknown" userDb.session.commit() #set up status changed user statusChangedUser = userDb.getUserByEmail( test_users["change_user_email"]) cls.status_change_user_id = statusChangedUser.user_id statusChangedUser.name = "Test User" statusChangedUser.user_status_id = userDb.getUserStatusId( "email_confirmed") userDb.session.commit() #set up deactivated user user = userDb.getUserByEmail(test_users["inactive_email"]) user.last_login_date = time.strftime("%c") user.is_active = False userDb.session.commit() #set up info needed by the individual test classes cls.test_users = test_users cls.user_password = user_password cls.admin_password = admin_password cls.interfaces = InterfaceHolder() cls.jobTracker = cls.interfaces.jobDb cls.errorDatabase = cls.interfaces.errorDb cls.userDb = cls.interfaces.userDb cls.local = CONFIG_BROKER['local']
def setUpClass(cls): """Set up resources to be shared within a test class""" #TODO: refactor into a pytest class fixtures and inject as necessary # Create an empty session ID cls.session_id = "" # update application's db config options so unittests # run against test databases suite = cls.__name__.lower() config = dataactcore.config.CONFIG_DB cls.num = randint(1, 9999) config['error_db_name'] = 'unittest{}_{}_error_data'.format( cls.num, suite) config['job_db_name'] = 'unittest{}_{}_job_tracker'.format( cls.num, suite) config['user_db_name'] = 'unittest{}_{}_user_manager'.format( cls.num, suite) config['validator_db_name'] = 'unittest{}_{}_validator'.format( cls.num, suite) config['staging_db_name'] = 'unittest{}_{}_staging'.format( cls.num, suite) dataactcore.config.CONFIG_DB = config # drop and re-create test user db/tables setupUserDB() # drop and re-create test job db/tables setupJobTrackerDB() # drop and re-create test error db/tables setupErrorDB() # drop and re-create test validation db/tables setupValidationDB() # load e-mail templates setupEmails() #get test users try: with open('test.json') as test_users_file: test_users = json.load(test_users_file) test_users = test_users except: #if no test.json, provide some default e-mail accounts for tests test_users = {} test_users['admin_email'] = '*****@*****.**' test_users['change_user_email'] = '*****@*****.**' test_users['password_reset_email'] = '*****@*****.**' test_users['inactive_email'] = '*****@*****.**' test_users['password_lock_email'] = '*****@*****.**' test_users['expired_lock_email'] = '*****@*****.**' test_users['agency_admin_email'] = '*****@*****.**' # This email is for a regular agency_user email that is to be used for testing functionality # expected by a normal, base user test_users['agency_user'] = '******' if 'approved_email' not in test_users: test_users['approved_email'] = '*****@*****.**' if 'submission_email' not in test_users: test_users['submission_email'] = '*****@*****.**' user_password = '******' admin_password = '******' #setup test users userEmails = ["*****@*****.**", "*****@*****.**", "*****@*****.**", "*****@*****.**", "*****@*****.**", test_users["admin_email"], test_users["approved_email"], "*****@*****.**"] userStatus = ["awaiting_confirmation", "email_confirmed", "awaiting_approval", "awaiting_approval", "awaiting_approval", "approved", "approved", "denied"] userPermissions = [0, AccountType.AGENCY_USER, AccountType.AGENCY_USER, AccountType.AGENCY_USER, AccountType.AGENCY_USER, AccountType.WEBSITE_ADMIN+AccountType.AGENCY_USER, AccountType.AGENCY_USER, AccountType.AGENCY_USER] # Add new users userDb = UserHandler() userDb.createUserWithPassword( test_users["submission_email"], user_password, Bcrypt()) userDb.createUserWithPassword( test_users["change_user_email"], user_password, Bcrypt()) userDb.createUserWithPassword( test_users["password_reset_email"], user_password, Bcrypt()) userDb.createUserWithPassword( test_users["inactive_email"], user_password, Bcrypt()) userDb.createUserWithPassword( test_users["password_lock_email"], user_password, Bcrypt()) userDb.createUserWithPassword( test_users['expired_lock_email'], user_password, Bcrypt()) userDb.createUserWithPassword( test_users['agency_admin_email'], admin_password, Bcrypt(), permission=4) userDb.createUserWithPassword( test_users['agency_user'], user_password, Bcrypt()) # Set the Agency for the agency user agencyUser = userDb.getUserByEmail(test_users['agency_user']) userDb.session.commit() cls.agency_user_id = agencyUser.user_id # Set the specified account to be expired expiredUser = userDb.getUserByEmail(test_users['expired_lock_email']) today = parse(time.strftime("%c")) expiredUser.last_login_date = (today-timedelta(days=120)).strftime("%c") userDb.session.commit() # Create users for status testing for index in range(len(userEmails)): email = userEmails[index] userDb.addUnconfirmedEmail(email) user = userDb.getUserByEmail(email) userDb.changeStatus(user, userStatus[index]) userDb.setPermission(user, userPermissions[index]) #set up approved user user = userDb.getUserByEmail(test_users['approved_email']) user.username = "******" userDb.setPassword(user, user_password, Bcrypt()) cls.approved_user_id = user.user_id #set up admin user admin = userDb.getUserByEmail(test_users['admin_email']) userDb.setPassword(admin, admin_password, Bcrypt()) admin.name = "Mr. Manager" admin.cgac_code = "SYS" userDb.session.commit() #set up status changed user statusChangedUser = userDb.getUserByEmail( test_users["change_user_email"]) cls.status_change_user_id = statusChangedUser.user_id statusChangedUser.name = "Test User" statusChangedUser.user_status_id = userDb.getUserStatusId( "email_confirmed") userDb.session.commit() #set up deactivated user user = userDb.getUserByEmail(test_users["inactive_email"]) user.last_login_date = time.strftime("%c") user.is_active = False userDb.session.commit() #set up info needed by the individual test classes cls.test_users = test_users cls.user_password = user_password cls.admin_password = admin_password cls.interfaces = InterfaceHolder() cls.jobTracker = cls.interfaces.jobDb cls.errorDatabase = cls.interfaces.errorDb cls.userDb = cls.interfaces.userDb cls.local = CONFIG_BROKER['local']
def __init__(self): """ Create the interfaces """ self.jobDb = JobHandler() self.errorDb = ErrorHandler() self.userDb = UserHandler()
def max_login(self, session): """ Logs a user in if their password matches arguments: session -- (Session) object from flask return the reponse object """ try: safeDictionary = RequestDictionary(self.request) # Obtain POST content ticket = safeDictionary.getValue("ticket") service = safeDictionary.getValue('service') parent_group = CONFIG_BROKER['parent_group'] # Call MAX's serviceValidate endpoint and retrieve the response max_dict = self.get_max_dict(ticket, service) if not 'cas:authenticationSuccess' in max_dict[ 'cas:serviceResponse']: raise ValueError( "You have failed to login successfully with MAX") # Grab the email and list of groups from MAX's response email = max_dict['cas:serviceResponse'][ 'cas:authenticationSuccess']['cas:attributes'][ 'maxAttribute:Email-Address'] group_list_all = max_dict['cas:serviceResponse'][ 'cas:authenticationSuccess']['cas:attributes'][ 'maxAttribute:GroupList'].split(',') group_list = [ g for g in group_list_all if g.startswith(parent_group) ] # Deny access if not in the parent group aka they're not allowed to access the website all together if not parent_group in group_list: raise ValueError( "You have logged in with MAX but do not have permission to access the broker. Please " "contact [email protected] to obtain access.") cgac_group = [ g for g in group_list if len(g) == len(parent_group + "-CGAC_") + 3 ] # Deny access if they are not aligned with an agency if not cgac_group: raise ValueError( "You have logged in with MAX but do not have permission to access the broker. Please " "contact [email protected] to obtain access.") try: sess = GlobalDB.db().session user = sess.query(User).filter( func.lower(User.email) == func.lower(email)).one_or_none() # If the user does not exist, create them since they are allowed to access the site because they got # past the above group membership checks if user is None: user = User() first_name = max_dict["cas:serviceResponse"][ 'cas:authenticationSuccess']['cas:attributes'][ 'maxAttribute:First-Name'] middle_name = max_dict["cas:serviceResponse"][ 'cas:authenticationSuccess']['cas:attributes'][ 'maxAttribute:Middle-Name'] last_name = max_dict["cas:serviceResponse"][ 'cas:authenticationSuccess']['cas:attributes'][ 'maxAttribute:Last-Name'] user.email = email # Check for None first so the condition can short-circuit without # having to worry about calling strip() on a None object if middle_name is None or middle_name.strip() == '': user.name = first_name + " " + last_name else: user.name = first_name + " " + middle_name[ 0] + ". " + last_name user.user_status_id = user.user_status_id = USER_STATUS_DICT[ 'approved'] # If part of the SYS agency, use that as the cgac otherwise use the first agency provided if [g for g in cgac_group if g.endswith("SYS")]: user.cgac_code = "SYS" # website admin permissions UserHandler().grantPermission(user, 'website_admin') else: user.cgac_code = cgac_group[0][-3:] # regular user permissions UserHandler().grantPermission(user, 'agency_user') sess.add(user) sess.commit() except MultipleResultsFound: raise ValueError("An error occurred during login.") return self.create_session_and_response(session, user) except (TypeError, KeyError, NotImplementedError) as e: # Return a 400 with appropriate message return JsonResponse.error(e, StatusCode.CLIENT_ERROR) except ValueError as e: # Return a 401 for login denied return JsonResponse.error(e, StatusCode.LOGIN_REQUIRED) except Exception as e: # Return 500 return JsonResponse.error(e, StatusCode.INTERNAL_ERROR) return self.response
def setupEmails(): """Create email templates from model metadata.""" userDb = UserHandler() # insert email template types typeList = [('validate_email', ''), ('account_approved', ''), ('account_rejected', ''), ('reset_password', ''), ('account_creation', ''), ('account_creation_user', ''), ('unlock_account', '')] for t in typeList: emailId = userDb.session.query( EmailTemplateType.email_template_type_id).filter( EmailTemplateType.name == t[0]).one_or_none() if not emailId: type = EmailTemplateType(name=t[0], description=t[1]) userDb.session.add(type) # insert email templates #Confirm template = "This email address was just used to create a user account with the DATA Act Broker. To continue the registration process, please click <a href='[URL]'>here</a>. The link will expire in 24 hours. <br /> <br /> If you did not initiate this process, you may disregard this email.<br /><br />The DATA Act Broker Helpdesk<br />[email protected] " userDb.loadEmailTemplate("DATA Act Broker - Registration", template, "validate_email") #Approve template = "Thank you for registering for a user account with the DATA Act Broker. Your request has been approved by the DATA Act Broker Help Desk. You may now log into the Data Broker portal, using the password you created at registration, by clicking <a href='[URL]'>here</a>.<br /><br /> If you have any questions, please contact the DATA Act Broker Help Desk at [EMAIL].<br /><br />DATA Act Broker Helpdesk<br />[email protected]" userDb.loadEmailTemplate("DATA Act Broker - Access Approved", template, "account_approved") #Reject template = "Thank you for requesting log-in credentials for the DATA Act Broker. Your attempt to register has been denied. If you believe this determination was made in error, please contact the DATA Act Broker Helpdesk at [email protected].<br /><br />DATA Act Broker Helpdesk<br />[email protected]" userDb.loadEmailTemplate("DATA Act Broker - Access Denied", template, "account_rejected") #Password Reset template = "You have requested your password to be reset for your account. Please click the following link <a href='[URL]'>here</a> to start the processs. The link will expire in 24 hours. <br/> <br/> If you did not request this password reset, please notify the DATA Act Broker Helpdesk ([email protected]) <br /><br />DATA Act Broker Helpdesk<br /><br />[email protected]" userDb.loadEmailTemplate("DATA Act Broker - Password Reset", template, "reset_password") #Admin Email template = "This email is to notify you that the following person has requested an account for the DATA Act Broker:<br /><br />Name: [REG_NAME]<br /><br />Title: [REG_TITLE]<br /><br />Agency Name: [REG_AGENCY_NAME]<br /><br />CGAC Code: [REG_CGAC_CODE]<br /><br />Email: [REG_EMAIL]<br /><br /><br /><br />To approve or deny this user for access to the Data Broker, please click <a href='[URL]'>here</a>.<br /><br />This action must be taken within 24 hours. <br /><br />Thank you for your prompt attention.<br /><br />DATA Act Broker Helpdesk<br />[email protected]" userDb.loadEmailTemplate("New Data Broker registration - Action Required", template, "account_creation") #User Email When finished submitting template = ( "Thank you for registering a DATA Act Broker user account. " "The final registration step is for the Help Desk to review your " "request. You should receive an e-mail update from them within one " "business day, saying whether they've approved or denied your access." "<br /><br />" "Until the Help Desk approves your request, you won't be able to log " "into the Broker. Thanks for being patient with the security process--" "we appreciate your interest and look forward to working with you." "<br /><br/>" "If you have any questions or haven't received a follow-up e-mail " "within one business day, please get in touch with the Help Desk at " "[EMAIL]." "<br /><br />" "The DATA Act Implementation Team <br />" "[EMAIL]") userDb.loadEmailTemplate("DATA Act Broker - Registration", template, "account_creation_user") #Unlock account email template = "Your account has been unlocked and requires your password to be reset. Please click the following link <a href='[URL]'>here</a> to start the processs. The link will expire in 24 hours. <br/> <br/> If you did not request your account to be unlocked, please notify the DATA Act Broker Helpdesk ([email protected]) <br /><br />DATA Act Broker Helpdesk<br /><br />[email protected]" userDb.loadEmailTemplate("DATA Act Broker - Password Reset", template, "unlock_account") InterfaceHolder.closeOne(userDb)
def setUpClass(cls): """Set up resources to be shared within a test class""" #TODO: refactor into a pytest class fixtures and inject as necessary # Create an empty session ID cls.session_id = "" # update application's db config options so unittests # run against test databases suite = cls.__name__.lower() config = dataactcore.config.CONFIG_DB cls.num = randint(1, 9999) config['error_db_name'] = 'unittest{}_{}_error_data'.format( cls.num, suite) config['job_db_name'] = 'unittest{}_{}_job_tracker'.format( cls.num, suite) config['user_db_name'] = 'unittest{}_{}_user_manager'.format( cls.num, suite) config['validator_db_name'] = 'unittest{}_{}_validator'.format( cls.num, suite) config['staging_db_name'] = 'unittest{}_{}_staging'.format( cls.num, suite) dataactcore.config.CONFIG_DB = config # drop and re-create test user db/tables setupUserDB() # drop and re-create test job db/tables setupJobTrackerDB() # drop and re-create test error db/tables setupErrorDB() # drop and re-create test validation db/tables setupValidationDB() # load e-mail templates setupEmails() #get test users try: with open('test.json') as test_users_file: test_users = json.load(test_users_file) test_users = test_users except: #if no test.json, provide some default e-mail accounts for tests test_users = {} test_users['admin_email'] = '*****@*****.**' test_users['change_user_email'] = '*****@*****.**' test_users['password_reset_email'] = '*****@*****.**' test_users['inactive_email'] = '*****@*****.**' test_users['password_lock_email'] = '*****@*****.**' test_users['expired_lock_email'] = '*****@*****.**' test_users['agency_admin_email'] = '*****@*****.**' # This email is for a regular agency_user email that is to be used for testing functionality # expected by a normal, base user test_users['agency_user'] = '******' if 'approved_email' not in test_users: test_users['approved_email'] = '*****@*****.**' if 'submission_email' not in test_users: test_users['submission_email'] = '*****@*****.**' user_password = '******' admin_password = '******' #setup test users userEmails = [ "*****@*****.**", "*****@*****.**", "*****@*****.**", "*****@*****.**", "*****@*****.**", test_users["admin_email"], test_users["approved_email"], "*****@*****.**" ] userStatus = [ "awaiting_confirmation", "email_confirmed", "awaiting_approval", "awaiting_approval", "awaiting_approval", "approved", "approved", "denied" ] userPermissions = [ 0, AccountType.AGENCY_USER, AccountType.AGENCY_USER, AccountType.AGENCY_USER, AccountType.AGENCY_USER, AccountType.WEBSITE_ADMIN + AccountType.AGENCY_USER, AccountType.AGENCY_USER, AccountType.AGENCY_USER ] # Add new users userDb = UserHandler() userDb.createUserWithPassword(test_users["submission_email"], user_password, Bcrypt()) userDb.createUserWithPassword(test_users["change_user_email"], user_password, Bcrypt()) userDb.createUserWithPassword(test_users["password_reset_email"], user_password, Bcrypt()) userDb.createUserWithPassword(test_users["inactive_email"], user_password, Bcrypt()) userDb.createUserWithPassword(test_users["password_lock_email"], user_password, Bcrypt()) userDb.createUserWithPassword(test_users['expired_lock_email'], user_password, Bcrypt()) userDb.createUserWithPassword(test_users['agency_admin_email'], admin_password, Bcrypt(), permission=4) userDb.createUserWithPassword(test_users['agency_user'], user_password, Bcrypt()) # Set the Agency for the agency user agencyUser = userDb.getUserByEmail(test_users['agency_user']) userDb.session.commit() cls.agency_user_id = agencyUser.user_id # Set the specified account to be expired expiredUser = userDb.getUserByEmail(test_users['expired_lock_email']) today = parse(time.strftime("%c")) expiredUser.last_login_date = (today - timedelta(days=120)).strftime("%c") userDb.session.commit() # Create users for status testing for index in range(len(userEmails)): email = userEmails[index] userDb.addUnconfirmedEmail(email) user = userDb.getUserByEmail(email) userDb.changeStatus(user, userStatus[index]) userDb.setPermission(user, userPermissions[index]) #set up approved user user = userDb.getUserByEmail(test_users['approved_email']) user.username = "******" userDb.setPassword(user, user_password, Bcrypt()) cls.approved_user_id = user.user_id #set up admin user admin = userDb.getUserByEmail(test_users['admin_email']) userDb.setPassword(admin, admin_password, Bcrypt()) admin.name = "Mr. Manager" admin.cgac_code = "SYS" userDb.session.commit() #set up status changed user statusChangedUser = userDb.getUserByEmail( test_users["change_user_email"]) cls.status_change_user_id = statusChangedUser.user_id statusChangedUser.name = "Test User" statusChangedUser.user_status_id = userDb.getUserStatusId( "email_confirmed") userDb.session.commit() #set up deactivated user user = userDb.getUserByEmail(test_users["inactive_email"]) user.last_login_date = time.strftime("%c") user.is_active = False userDb.session.commit() #set up info needed by the individual test classes cls.test_users = test_users cls.user_password = user_password cls.admin_password = admin_password cls.interfaces = InterfaceHolder() cls.jobTracker = cls.interfaces.jobDb cls.errorDatabase = cls.interfaces.errorDb cls.userDb = cls.interfaces.userDb cls.local = CONFIG_BROKER['local']