def test_user_matches(app, db, es, test_users):
with db.session.begin_nested():
actor = RecordUserActor(name='test',
originator=test_users.u1,
path='/creator-id')
db.session.add(actor)
# does not match anyone without a record
assert not actor.user_matches(test_users.u1,
{'system_roles': [authenticated_user]})
assert not actor.user_matches(test_users.u2,
{'system_roles': [authenticated_user]})
assert not actor.user_matches(test_users.u3,
{'system_roles': [authenticated_user]})
assert not actor.user_matches(AnonymousUser(),
{'system_roles': [any_user]})
# with a record, the correct user should match
assert not actor.user_matches(test_users.u1,
{'system_roles': [authenticated_user]},
record={'creator-id': [test_users.u2.id]})
assert actor.user_matches(test_users.u2,
{'system_roles': [authenticated_user]},
record={'creator-id': [test_users.u2.id]})
assert not actor.user_matches(test_users.u3,
{'system_roles': [authenticated_user]},
record={'creator-id': [test_users.u2.id]})
assert not actor.user_matches(AnonymousUser(),
{'system_roles': [any_user]},
record={'creator-id': [test_users.u2.id]})
def test_get_elasticsearch_query(app, db, es, test_users):
with db.session.begin_nested():
actor = RecordUserActor(name='test',
originator=test_users.u1,
path='/creator-id')
db.session.add(actor)
assert Term(_invenio_explicit_acls__user=test_users.u3.id) == \
actor.get_elasticsearch_query(test_users.u3, {'system_roles': [authenticated_user]})
assert actor.get_elasticsearch_query(AnonymousUser(),
{'system_roles': [any_user]}) is None
def test_user_matches(app, db, es, test_users):
with db.session.begin_nested():
actor = RecordRoleActor(name='test', originator=test_users.u1, path='/roles')
db.session.add(actor)
assert not actor.user_matches(test_users.u1, {'system_roles': [authenticated_user]})
assert not actor.user_matches(test_users.u2, {'system_roles': [authenticated_user]})
assert not actor.user_matches(test_users.u3, {'system_roles': [authenticated_user]})
assert not actor.user_matches(AnonymousUser(), {'system_roles': [any_user]})
assert actor.user_matches(test_users.u1, {'system_roles': [authenticated_user]}, record={
'roles': test_users.r1.id
})
assert actor.user_matches(test_users.u2, {'system_roles': [authenticated_user]}, record={
'roles': test_users.r1.id
})
assert not actor.user_matches(test_users.u3, {'system_roles': [authenticated_user]}, record={
'roles': test_users.r1.id
})
assert not actor.user_matches(AnonymousUser(), {'system_roles': [any_user]}, record={
'roles': test_users.r1.id
})
def test_user_matches(app, db, es, test_users):
with db.session.begin_nested():
actor = UserActor(name='test',
originator=test_users.u1,
users=[test_users.u2])
db.session.add(actor)
assert not actor.user_matches(test_users.u1,
{'system_roles': [authenticated_user]})
assert actor.user_matches(test_users.u2,
{'system_roles': [authenticated_user]})
assert not actor.user_matches(test_users.u3,
{'system_roles': [authenticated_user]})
assert not actor.user_matches(AnonymousUser(),
{'system_roles': [any_user]})
def test_get_elasticsearch_query(app, db, es, test_users):
with db.session.begin_nested():
actor = RoleActor(name='test',
originator=test_users.u1,
roles=[test_users.r1])
db.session.add(actor)
assert Terms(_invenio_explicit_acls__role=[test_users.r1.id]) == \
actor.get_elasticsearch_query(test_users.u1, {'system_roles': [authenticated_user]})
assert Terms(_invenio_explicit_acls__role=[test_users.r1.id, test_users.r2.id]) == \
actor.get_elasticsearch_query(test_users.u2, {'system_roles': [authenticated_user]})
assert Terms(_invenio_explicit_acls__role=[test_users.r2.id]) == \
actor.get_elasticsearch_query(test_users.u3, {'system_roles': [authenticated_user]})
assert actor.get_elasticsearch_query(AnonymousUser(),
{'system_roles': [any_user]}) is None
def test_search_meta(app, db, community):
# check that cached property work
assert NRRecordsSearch.Meta is NRRecordsSearch.Meta
# check that Meta is correstly inherited
assert issubclass(NRRecordsSearch.Meta, NRRecordsSearch.ActualMeta)
# check that the owner class is set
assert NRRecordsSearch.Meta.outer_class is NRRecordsSearch
# get default_filter_factory
with app.app_context():
with app.test_request_context('/'):
request.view_args = {'community_id': 'nr'}
login_user(AnonymousUser())
set_identity(AnonymousIdentity())
q = NRRecordsSearch.Meta.default_filter_factory()
assert q.to_dict() == {
"bool": {
"must": [
{
"term": {
"_administration.state": "published"
}
},
{
"bool": {
"should": [
{
"term": {
"_primary_community": "nr"
}
},
{
"terms": {
"_communities.keyword": [
"nr"
]
}
}
],
"minimum_should_match": 1
}
}
]
}
}
def louwi(app, manager):
"""
Create a test user.
Louwi has no account, but is an active anonymous user.
"""
@app.login_manager.request_loader
def load_user_from_request(request):
utl.init_session()
session["current_schedule"] = schd.Schedule(
manager.get_default_project_id(), label="LOUWI'S SCHEDULE")
return None
yield AnonymousUser()
@app.login_manager.request_loader
def load_user_from_request(request):
return None
def test_get_elasticsearch_query(app, db, es, test_users):
with current_app.test_request_context():
assert Term(_invenio_explicit_acls__system_role='any_user'
) == SystemRoleActor.get_elasticsearch_query(
AnonymousUser(), {})
set_identity(test_users.u1)
assert Terms(_invenio_explicit_acls__system_role=['any_user',
'authenticated_user']) == \
SystemRoleActor.get_elasticsearch_query(test_users.u1, {})
# faked user - different identity in flask.g than user
with pytest.raises(
AttributeError,
message='user whose id does not match Identity in flask.g'):
SystemRoleActor.get_elasticsearch_query(test_users.u2, {})
set_identity(test_users.u2)
assert Terms(_invenio_explicit_acls__system_role=['any_user', 'authenticated_user']) == \
SystemRoleActor.get_elasticsearch_query(test_users.u2, {})
def test_user_matches(app, db, es, test_users):
with db.session.begin_nested():
actor = SystemRoleActor(name='test',
originator=test_users.u1,
system_role='authenticated_user')
db.session.add(actor)
with current_app.test_request_context():
assert not actor.user_matches(AnonymousUser(),
{'system_roles': [any_user]})
set_identity(test_users.u1)
assert actor.user_matches(test_users.u1, {})
# faked user - different identity in flask.g than user
set_identity(test_users.u1)
with pytest.raises(AttributeError):
actor.user_matches(test_users.u2, {})
set_identity(test_users.u2)
assert actor.user_matches(test_users.u2, {})
set_identity(test_users.u3)
assert actor.user_matches(test_users.u3, {})
def __init__(self):
AnonymousUser.__init__(self)
def test_anonymous_user_has_no_roles():
user = AnonymousUser()
assert not user.has_role('admin')
def test_anonymous_user_has_no_roles(self):
au = AnonymousUser()
self.assertEqual(0, len(au.roles))
self.assertFalse(au.has_role('admin'))
def test_anonymous_user_has_no_roles(self):
au = AnonymousUser()
self.assertEqual(0, len(au.roles))
self.assertFalse(au.has_role('admin'))
from flask_security.forms import (
ConfirmRegisterForm,
RegisterFormMixin,
ForgotPasswordForm,
password_length,
Required,
email_validator,
unique_user_email,
)
from art17.auth.common import get_ldap_user_info
from art17.auth.common import check_dates
from art17.auth.forms import Art17RegisterFormBase, CustomEmailStringField
from art17 import models
current_user = LocalProxy(lambda: AnonymousUser()
if not hasattr(c_user, "id") else c_user)
flask_security.core.current_user = current_user
flask_security.forms.current_user = current_user
flask_security.decorators.current_user = current_user
flask_security.views.current_user = current_user
flask_security.views.logout_user = lambda: None
flask_security.views.login_user = lambda new_user: None
flask_security.views.register = check_dates(flask_security.views.register)
password_length.min = 1
# ldap uses ldap-style SSHA passwords
# flask_security.core._allowed_password_hash_schemes = ['ldap_salted_sha1']
def encrypt_password(password):
def test_anonymous_user_has_no_roles():
user = AnonymousUser()
assert not user.has_role('admin')
