def setUp(self): 'Prepare database' # Prepare people people = [] personPacks = [ ('test_person1', model.hashString('test_person1'), u'test_person1', '*****@*****.**'), ('test_person2', model.hashString('test_person2'), u'test_person2', '*****@*****.**'), ] for personPack in personPacks: person = Session.query(model.Person).filter_by(username=personPack[0]).first() if not person: person = model.Person(*personPack) Session.add(person) people.append(person) Session.commit() self.person1Key, self.person2Key = [x.key for x in people] # Prepare features features = [] featurePacks = [ (people[0].id, geoalchemy.WKTSpatialElement('LINESTRING(3 4,10 50,20 25)')), (people[1].id, geoalchemy.WKTSpatialElement('POLYGON((1 1,5 1,5 5,1 5,1 1),(2 2,2 3,3 3,3 2,2 2))')), ] for featurePack in featurePacks: feature = model.Feature() feature.owner_id = featurePack[0] feature.geometry = featurePack[1] Session.add(feature) features.append(feature) Session.commit() self.feature1ID, self.feature2ID = [x.id for x in features]
def test_reset(self): """ Make sure that resetting the password works Trying to reset an email that does not exist should return an error Make sure that resetting the password does not immediately change the password Make sure that reset confirmation works """ # Initialize urlName = 'person_reset' # Reset an unfamiliar email self.assertEqualJSON(self.app.post(url(urlName), dict(email=email)), 0) # Add person Session.add( model.Person(username, model.hashString(password), nickname, email)) Session.commit() # Reset password self.assertEqualJSON(self.app.post(url(urlName), dict(email=email)), 1) # Make sure the candidate exists self.assertEqual( Session.query( model.PersonCandidate).filter_by(email=email).count(), 1) # Activate candidate self.app.get( url('person_confirm', ticket=Session.query(model.PersonCandidate.ticket).filter_by( email=email).first()[0])) # Make sure the password has changed self.assertEqual( Session.query(model.Person).filter_by( password_hash=model.hashString(password)).count(), 0)
def setUp(self): 'Prepare database' # Prepare people people = [] personPacks = [ ('test_person1', model.hashString('test_person1'), u'test_person1', '*****@*****.**'), ('test_person2', model.hashString('test_person2'), u'test_person2', '*****@*****.**'), ] for personPack in personPacks: person = Session.query(model.Person).filter_by(username=personPack[0]).first() if not person: person = model.Person(*personPack) Session.add(person) people.append(person) Session.commit() self.person1Key, self.person2Key = [x.key for x in people] # Prepare tags tags = [] self.tagTexts = [ u'tag with features that are public', u'tag with features that are private to person1', u'tag with features that are private to person2', ] for tagText in self.tagTexts: tag = Session.query(model.Tag).filter_by(text=tagText).first() if not tag: tag = model.Tag(tagText) Session.add(tag) tags.append(tag) Session.commit() tag1Public, tag1Private, tag2Private = tags # Prepare features features = [] featurePacks = [ (people[0].id, geoalchemy.WKTSpatialElement('MULTIPOINT (-90.2307590000000062 15.7834710000000005, 126.9779692000000040 37.5665350000000018, -0.1963060000000000 5.5557169999999996, -91.5219589999999954 14.8361560000000008)'), model.scopePublic, {'description': 'Santa Eulalia; Seoul; Accra; Xela'}), (people[0].id, geoalchemy.WKTSpatialElement('LINESTRING (-87.6297981999999962 41.8781135999999989, -84.3879823999999985 33.7489953999999983, -122.4194154999999995 37.7749294999999989)'), model.scopePrivate, {'description': 'Chicago; Atlanta; San Francisco'}), (people[1].id, geoalchemy.WKTSpatialElement('LINESTRING (-74.0059731 40.7143528, -90.5352778 14.6133333)'), model.scopePrivate, {'passenger': u'Hélène'}), ] for featurePack in featurePacks: feature = model.Feature() feature.owner_id, feature.geometry, feature.scope, feature.properties = featurePack Session.add(feature) features.append(feature) feature1Public, feature1Private, feature2Private = features feature1Public.tags = [tag1Public] feature1Private.tags = [tag1Private] feature2Private.tags = [tag2Private] Session.commit() self.feature1ID = feature1Public.id
def setUp(self): 'Prepare database' # Prepare people people = [] personPacks = [ ('test_person1', model.hashString('test_person1'), u'test_person1', '*****@*****.**'), ('test_person2', model.hashString('test_person2'), u'test_person2', '*****@*****.**'), ] for personPack in personPacks: person = Session.query(model.Person).filter_by(username=personPack[0]).first() if not person: person = model.Person(*personPack) Session.add(person) people.append(person) Session.commit() self.person1Key, self.person2Key = [x.key for x in people] # Prepare tags tags = [] self.tagTexts = [ u'tag with features that are public', u'tag with features that are private to person1', u'tag with features that are private to person2', ] for tagText in self.tagTexts: tag = Session.query(model.Tag).filter_by(text=tagText).first() if not tag: tag = model.Tag(tagText) Session.add(tag) tags.append(tag) Session.commit() tag1Public, tag1Private, tag2Private = tags # Prepare features features = [] featurePacks = [ (people[0].id, geoalchemy.WKTSpatialElement('POINT(6 10)'), model.scopePublic), (people[0].id, geoalchemy.WKTSpatialElement('LINESTRING(3 4,10 50,20 25)'), model.scopePrivate), (people[1].id, geoalchemy.WKTSpatialElement('POLYGON((1 1,5 1,5 5,1 5,1 1),(2 2,2 3,3 3,3 2,2 2))'), model.scopePrivate), ] for featurePack in featurePacks: feature = model.Feature() feature.owner_id, feature.geometry, feature.scope = featurePack Session.add(feature) features.append(feature) feature1Public, feature1Private, feature2Private = features feature1Public.tags = [tag1Public] feature1Private.tags = [tag1Private] feature2Private.tags = [tag2Private] Session.commit()
def test_login(self): """ Make sure that logging in works Ensure that the login page shows Ensure that bad credentials result in an error message Ensure that good credentials result in a proper redirect """ # Initialize urlName = 'person_login' exampleURL = url('person_update') # Assert that the login page shows and stores url self.assert_('Login' in self.app.get(url(urlName, url=exampleURL))) # Add person Session.add( model.Person(username, model.hashString(password), nickname, email)) Session.commit() # Log in using bad credentials self.assertEqualJSON( self.app.post(url(urlName), dict(username=username, password=password + 'x')), 0) # Log in using good credentials self.assertEqualJSON( self.app.post(url(urlName), dict(username=username, password=password)), 1)
def test_registration(self): "Make sure that registration works" # Initialize urlName = "person_register" # Make sure the registration page appears properly self.assert_("Registration" in self.app.get(url(urlName))) # Register self.app.post(url(urlName), dict(username=username, password=password, nickname=nickname, email=email)) # Register with the same username but with different case self.app.post( url(urlName), dict(username=username.upper(), password=password, nickname=nickname + "x", email=email + "x") ) # Register with the same nickname but with different case self.app.post( url(urlName), dict(username=username + "x", password=password, nickname=nickname.upper(), email=email + "x") ) # Register with the same email but with different case self.app.post( url(urlName), dict(username=username + "x", password=password, nickname=nickname + "x", email=email.upper()) ) # Confirm registration self.app.get( url("person_confirm", ticket=Session.query(model.PersonCandidate.ticket).filter_by(email=email).first()[0]) ) # Make sure the person exists self.assertEqual(Session.query(model.Person).filter_by(email=email).count(), 1) # Make sure that conflicting registrations have been deleted self.assertEqual( Session.query(model.PersonCandidate).filter_by(password_hash=model.hashString(password)).count(), 0 )
def test_logout(self): """ Make sure that logging out works If the person is logged in, make sure the person gets logged out and is redirected properly. If the person is already logged out, return the user to the page before the user tried to log out. """ # Initialize urlName = 'person_logout' exampleURL = url('person_index') # Add person Session.add( model.Person(username, model.hashString(password), nickname, email)) Session.commit() # Logging out should redirect back self.assert_(exampleURL in self.app.get(url(urlName, url=exampleURL))) # Log in self.assert_( 'Login' in self.app.get(url('person_login', url=exampleURL))) self.assertEqualJSON( self.app.post(url('person_login'), dict(username=username, password=password)), 1) # Logging out should redirect back self.assert_(exampleURL in self.app.get(url(urlName, url=exampleURL)))
def test_index(self): "Assert that the index page shows how many accounts are on file" # Initialize urlName = "person_index" # Make sure that we begin with 0 people self.assert_("0 people" in self.app.get(url(urlName))) # Add person Session.add(model.Person(username, model.hashString(password), nickname, email)) Session.commit() # Make sure that we now have 1 person self.assert_("1 people" in self.app.get(url(urlName)))
def test_index(self): 'Assert that the index page shows how many accounts are on file' # Initialize urlName = 'person_index' # Make sure that we begin with 0 people self.assert_('0 people' in self.app.get(url(urlName))) # Add person Session.add( model.Person(username, model.hashString(password), nickname, email)) Session.commit() # Make sure that we now have 1 person self.assert_('1 people' in self.app.get(url(urlName)))
def setUp(self): 'Prepare database' # Prepare people people = [] personPacks = [ ('test_person1', model.hashString('test_person1'), u'test_person1', '*****@*****.**'), ('test_person2', model.hashString('test_person2'), u'test_person2', '*****@*****.**'), ] for personPack in personPacks: person = Session.query( model.Person).filter_by(username=personPack[0]).first() if not person: person = model.Person(*personPack) Session.add(person) people.append(person) Session.commit() self.person1Key, self.person2Key = [x.key for x in people] # Prepare features features = [] featurePacks = [ (people[0].id, geoalchemy.WKTSpatialElement('LINESTRING(3 4,10 50,20 25)')), (people[1].id, geoalchemy.WKTSpatialElement( 'POLYGON((1 1,5 1,5 5,1 5,1 1),(2 2,2 3,3 3,3 2,2 2))')), ] for featurePack in featurePacks: feature = model.Feature() feature.owner_id = featurePack[0] feature.geometry = featurePack[1] Session.add(feature) features.append(feature) Session.commit() self.feature1ID, self.feature2ID = [x.id for x in features]
def test_reset(self): """ Make sure that resetting the password works Trying to reset an email that does not exist should return an error Make sure that resetting the password does not immediately change the password Make sure that reset confirmation works """ # Initialize urlName = "person_reset" # Reset an unfamiliar email self.assertEqualJSON(self.app.post(url(urlName), dict(email=email)), 0) # Add person Session.add(model.Person(username, model.hashString(password), nickname, email)) Session.commit() # Reset password self.assertEqualJSON(self.app.post(url(urlName), dict(email=email)), 1) # Make sure the candidate exists self.assertEqual(Session.query(model.PersonCandidate).filter_by(email=email).count(), 1) # Activate candidate self.app.get( url("person_confirm", ticket=Session.query(model.PersonCandidate.ticket).filter_by(email=email).first()[0]) ) # Make sure the password has changed self.assertEqual(Session.query(model.Person).filter_by(password_hash=model.hashString(password)).count(), 0)
def test_registration(self): 'Make sure that registration works' # Initialize urlName = 'person_register' # Make sure the registration page appears properly self.assert_('Registration' in self.app.get(url(urlName))) # Register self.app.post( url(urlName), dict(username=username, password=password, nickname=nickname, email=email)) # Register with the same username but with different case self.app.post( url(urlName), dict(username=username.upper(), password=password, nickname=nickname + 'x', email=email + 'x')) # Register with the same nickname but with different case self.app.post( url(urlName), dict(username=username + 'x', password=password, nickname=nickname.upper(), email=email + 'x')) # Register with the same email but with different case self.app.post( url(urlName), dict(username=username + 'x', password=password, nickname=nickname + 'x', email=email.upper())) # Confirm registration self.app.get( url('person_confirm', ticket=Session.query(model.PersonCandidate.ticket).filter_by( email=email).first()[0])) # Make sure the person exists self.assertEqual( Session.query(model.Person).filter_by(email=email).count(), 1) # Make sure that conflicting registrations have been deleted self.assertEqual( Session.query(model.PersonCandidate).filter_by( password_hash=model.hashString(password)).count(), 0)
def login_(self): 'Process login credentials' # Check username username = str(request.POST.get('username', '')) person = Session.query( model.Person).filter_by(username=username).first() # If the username does not exist, if not person: return dict(isOk=0) # Check password password_hash = model.hashString(str(request.POST.get('password', ''))) # If the password is incorrect, if password_hash != StringIO.StringIO(person.password_hash).read(): # Increase and return rejection_count without a requery rejection_count = person.rejection_count = person.rejection_count + 1 Session.commit() return dict(isOk=0, rejection_count=rejection_count) # If there have been too many rejections, if person.rejection_count >= parameter.REJECTION_LIMIT: # Expect recaptcha response recaptchaChallenge = request.POST.get('recaptcha_challenge_field', '') recaptchaResponse = request.POST.get('recaptcha_response_field', '') recaptchaPrivateKey = config.get('recaptcha.private', '') # Validate result = captcha.submit(recaptchaChallenge, recaptchaResponse, recaptchaPrivateKey, h.getRemoteIP()) # If the response is not valid, if not result.is_valid: return dict(isOk=0, rejection_count=person.rejection_count) # Get minutesOffset from UTC minutesOffset = h.getMinutesOffset() # Save session session['minutesOffset'] = minutesOffset session['personID'] = person.id session['nickname'] = person.nickname session['is_super'] = person.is_super session.save() # Save person person.minutes_offset = minutesOffset person.rejection_count = 0 Session.commit() # Return return dict(isOk=1)
def test_login(self): """ Make sure that logging in works Ensure that the login page shows Ensure that bad credentials result in an error message Ensure that good credentials result in a proper redirect """ # Initialize urlName = "person_login" exampleURL = url("person_update") # Assert that the login page shows and stores url self.assert_("Login" in self.app.get(url(urlName, url=exampleURL))) # Add person Session.add(model.Person(username, model.hashString(password), nickname, email)) Session.commit() # Log in using bad credentials self.assertEqualJSON(self.app.post(url(urlName), dict(username=username, password=password + "x")), 0) # Log in using good credentials self.assertEqualJSON(self.app.post(url(urlName), dict(username=username, password=password)), 1)
def test_logout(self): """ Make sure that logging out works If the person is logged in, make sure the person gets logged out and is redirected properly. If the person is already logged out, return the user to the page before the user tried to log out. """ # Initialize urlName = "person_logout" exampleURL = url("person_index") # Add person Session.add(model.Person(username, model.hashString(password), nickname, email)) Session.commit() # Logging out should redirect back self.assert_(exampleURL in self.app.get(url(urlName, url=exampleURL))) # Log in self.assert_("Login" in self.app.get(url("person_login", url=exampleURL))) self.assertEqualJSON(self.app.post(url("person_login"), dict(username=username, password=password)), 1) # Logging out should redirect back self.assert_(exampleURL in self.app.get(url(urlName, url=exampleURL)))
def login_(self): 'Process login credentials' # Check username username = str(request.POST.get('username', '')) person = Session.query(model.Person).filter_by(username=username).first() # If the username does not exist, if not person: return dict(isOk=0) # Check password password_hash = model.hashString(str(request.POST.get('password', ''))) # If the password is incorrect, if password_hash != StringIO.StringIO(person.password_hash).read(): # Increase and return rejection_count without a requery rejection_count = person.rejection_count = person.rejection_count + 1 Session.commit() return dict(isOk=0, rejection_count=rejection_count) # If there have been too many rejections, if person.rejection_count >= parameter.REJECTION_LIMIT: # Expect recaptcha response recaptchaChallenge = request.POST.get('recaptcha_challenge_field', '') recaptchaResponse = request.POST.get('recaptcha_response_field', '') recaptchaPrivateKey = config.get('recaptcha.private', '') # Validate result = captcha.submit(recaptchaChallenge, recaptchaResponse, recaptchaPrivateKey, h.getRemoteIP()) # If the response is not valid, if not result.is_valid: return dict(isOk=0, rejection_count=person.rejection_count) # Get minutesOffset from UTC minutesOffset = h.getMinutesOffset() # Save session session['minutesOffset'] = minutesOffset session['personID'] = person.id session['nickname'] = person.nickname session['is_super'] = person.is_super session.save() # Save person person.minutes_offset = minutesOffset person.rejection_count = 0 Session.commit() # Return return dict(isOk=1)
def test_update(self): """ Make sure that updating credentials works Make sure the update page only appears when the user is logged in Make sure the update form is filled with the user's credentials Make sure that update_ only works when the user is logged in Make sure that update confirmation works Make sure that update_ for SMS only works when the user is the owner """ # Initialize urlName = "person_update" # Assert that we are redirected to the login page if the person is not logged in self.assert_(url("person_login", url=url(urlName)) in self.app.get(url(urlName))) # Assert that we get rejected if we try to post without logging in self.assertEqualJSON(self.app.post(url(urlName)), 0) # Add people Session.add(model.Person(username, model.hashString(password), nickname, email)) Session.add(model.Person(username + "x", model.hashString(password), nickname + "x", email + "x")) Session.commit() # Log in self.app.post(url("person_login"), dict(username=username, password=password)) # Assert that the update form is filled with the user's credentials responseBody = self.app.get(url(urlName)).body self.assert_(username in responseBody) self.assert_(nickname in responseBody) self.assert_(email in responseBody) # Update credentials username_ = store.makeRandomString(parameter.USERNAME_LENGTH_MAXIMUM) password_ = store.makeRandomAlphaNumericString(parameter.PASSWORD_LENGTH_AVERAGE) nickname_ = unicode(store.makeRandomString(parameter.NICKNAME_LENGTH_MAXIMUM)) email_ = re.sub(r".*@", store.makeRandomString(16) + "@", email) self.assertEqualJSON( self.app.post(url(urlName), dict(username=username_, password=password_, nickname=nickname_, email=email_)), 1, ) # Make sure the credentials have not changed yet self.assertEqual( Session.query(model.Person) .filter_by(username=username_, password_hash=model.hashString(password_), nickname=nickname_, email=email_) .count(), 0, ) # Activate candidate self.app.get( url("person_confirm", ticket=Session.query(model.PersonCandidate.ticket).filter_by(email=email_).first()[0]) ) # Make sure the credentials have changed self.assertEqual( Session.query(model.Person) .filter_by(username=username_, password_hash=model.hashString(password_), nickname=nickname_, email=email_) .count(), 1, ) # Load people person1 = ( Session.query(model.Person) .filter_by(username=username_, password_hash=model.hashString(password_), nickname=nickname_, email=email_) .first() ) person2 = Session.query(model.Person).filter_by(username=username + "x").first() # Add SMSAddress smsAddress = model.SMSAddress(emailSMS, person2.id) Session.add(smsAddress) Session.commit() smsAddressID = smsAddress.id # Make sure that only the owner can update SMS information self.app.post(url("person_login"), dict(username=username, password=password)) self.assertEqualJSON(self.app.post(url(urlName), dict(smsAddressID=smsAddressID, action="activate")), 0) self.assertEqualJSON(self.app.post(url(urlName), dict(smsAddressID=smsAddressID, action="deactivate")), 0) self.assertEqualJSON(self.app.post(url(urlName), dict(smsAddressID=smsAddressID, action="remove")), 0) self.app.post(url("person_login"), dict(username=username + "x", password=password)) self.assertEqualJSON(self.app.post(url(urlName), dict(smsAddressID=smsAddressID, action="activate")), 1) self.assertEqualJSON(self.app.post(url(urlName), dict(smsAddressID=smsAddressID, action="deactivate")), 1) self.assertEqualJSON(self.app.post(url(urlName), dict(smsAddressID=smsAddressID, action="remove")), 1)
# Reset account c.password = store.makeRandomAlphaNumericString(parameter.PASSWORD_LENGTH_AVERAGE) return changePerson(dict(username=person.username, password=c.password, nickname=person.nickname, email=person.email), 'reset', person) # Helpers def changePerson(valueByName, action, person=None): 'Validate values and send confirmation email if values are okay' # Validate form try: form = PersonForm().to_python(valueByName, person) except formencode.Invalid, error: return dict(isOk=0, errorByID=error.unpack_errors()) # Prepare candidate candidate = model.PersonCandidate(form['username'], model.hashString(form['password']), form['nickname'], form['email']) candidate.person_id = person.id if person else None candidate.ticket = store.makeRandomUniqueTicket(parameter.TICKET_LENGTH, Session.query(model.PersonCandidate)) candidate.when_expired = datetime.datetime.utcnow() + datetime.timedelta(days=parameter.TICKET_LIFESPAN_IN_DAYS) Session.add(candidate) Session.commit() # Send confirmation toByValue = dict(nickname=form['nickname'], email=form['email']) subject = '[%s] Confirm %s' % (parameter.SITE_NAME, action) c.candidate = candidate c.username = form['username'] c.action = action body = render('/people/confirm.mako') try: smtp.sendMessage(dict(email=config['error_email_from'], smtp=config['smtp_server'], username=config.get('smtp_username', ''), password=config.get('smtp_password', ''), nickname=parameter.SITE_NAME + ' Support'), toByValue, subject, body) except smtp.SMTPError:
abort(400, 'Must specify a valid responseFormat: json') # Authenticate via personID or key personID = h.getPersonIDViaKey() # Load srid srid = request.params.get('srid', '') try: proj4 = model.validateSRID(srid) except model.GeoRegistryError, error: abort(400, str(error)) # Load tags try: tags = model.getTags(request.params.get('tags', '')) except model.GeoRegistryError, error: abort(400, str(error)) # Load query string queryStringHash = model.hashString(request.query_string) # Load cached map cachedMap = Session.query( model.Map).filter_by(query_hash=queryStringHash).first() # If we do not have a cached map or the cached map is not current, if not cachedMap or not cachedMap.when_updated or cachedMap.when_updated < max( x.when_updated for x in tags): # Load bboxFormat bboxFormat = request.params.get('bboxFormat', 'yxyx') if bboxFormat not in ['yxyx', 'xyxy']: abort(400, 'Must specify a valid bboxFormat: yxyx, xyxy') # Load bounding box bbox = request.params.get('bbox', '') # If a bounding box is specified, if bbox: # Expand
def setUp(self): 'Prepare database' # Prepare people people = [] personPacks = [ ('test_person1', model.hashString('test_person1'), u'test_person1', '*****@*****.**'), ('test_person2', model.hashString('test_person2'), u'test_person2', '*****@*****.**'), ] for personPack in personPacks: person = Session.query( model.Person).filter_by(username=personPack[0]).first() if not person: person = model.Person(*personPack) Session.add(person) people.append(person) Session.commit() self.person1Key, self.person2Key = [x.key for x in people] # Prepare tags tags = [] self.tagTexts = [ u'tag with features that are public', u'tag with features that are private to person1', u'tag with features that are private to person2', ] for tagText in self.tagTexts: tag = Session.query(model.Tag).filter_by(text=tagText).first() if not tag: tag = model.Tag(tagText) Session.add(tag) tags.append(tag) Session.commit() tag1Public, tag1Private, tag2Private = tags # Prepare features features = [] featurePacks = [ (people[0].id, geoalchemy.WKTSpatialElement( 'MULTIPOINT (-90.2307590000000062 15.7834710000000005, 126.9779692000000040 37.5665350000000018, -0.1963060000000000 5.5557169999999996, -91.5219589999999954 14.8361560000000008)' ), model.scopePublic, { 'description': 'Santa Eulalia; Seoul; Accra; Xela' }), (people[0].id, geoalchemy.WKTSpatialElement( 'LINESTRING (-87.6297981999999962 41.8781135999999989, -84.3879823999999985 33.7489953999999983, -122.4194154999999995 37.7749294999999989)' ), model.scopePrivate, { 'description': 'Chicago; Atlanta; San Francisco' }), (people[1].id, geoalchemy.WKTSpatialElement( 'LINESTRING (-74.0059731 40.7143528, -90.5352778 14.6133333)' ), model.scopePrivate, { 'passenger': u'Hélène' }), ] for featurePack in featurePacks: feature = model.Feature() feature.owner_id, feature.geometry, feature.scope, feature.properties = featurePack Session.add(feature) features.append(feature) feature1Public, feature1Private, feature2Private = features feature1Public.tags = [tag1Public] feature1Private.tags = [tag1Private] feature2Private.tags = [tag2Private] Session.commit() self.feature1ID = feature1Public.id
email=person.email), 'reset', person) # Helpers def changePerson(valueByName, action, person=None): 'Validate values and send confirmation email if values are okay' # Validate form try: form = PersonForm().to_python(valueByName, person) except formencode.Invalid, error: return dict(isOk=0, errorByID=error.unpack_errors()) # Prepare candidate candidate = model.PersonCandidate(form['username'], model.hashString(form['password']), form['nickname'], form['email']) candidate.person_id = person.id if person else None candidate.ticket = store.makeRandomUniqueTicket( parameter.TICKET_LENGTH, Session.query(model.PersonCandidate)) candidate.when_expired = datetime.datetime.utcnow() + datetime.timedelta( days=parameter.TICKET_LIFESPAN_IN_DAYS) Session.add(candidate) Session.commit() # Send confirmation toByValue = dict(nickname=form['nickname'], email=form['email']) subject = '[%s] Confirm %s' % (parameter.SITE_NAME, action) c.candidate = candidate c.username = form['username'] c.action = action body = render('/people/confirm.mako')
abort(400, 'Must specify a valid responseFormat: json') # Authenticate via personID or key personID = h.getPersonIDViaKey() # Load srid srid = request.params.get('srid', '') try: proj4 = model.validateSRID(srid) except model.GeoRegistryError, error: abort(400, str(error)) # Load tags try: tags = model.getTags(request.params.get('tags', '')) except model.GeoRegistryError, error: abort(400, str(error)) # Load query string queryStringHash = model.hashString(request.query_string) # Load cached map cachedMap = Session.query(model.Map).filter_by(query_hash=queryStringHash).first() # If we do not have a cached map or the cached map is not current, if not cachedMap or not cachedMap.when_updated or cachedMap.when_updated < max(x.when_updated for x in tags): # Load bboxFormat bboxFormat = request.params.get('bboxFormat', 'yxyx') if bboxFormat not in ['yxyx', 'xyxy']: abort(400, 'Must specify a valid bboxFormat: yxyx, xyxy') # Load bounding box bbox = request.params.get('bbox', '') # If a bounding box is specified, if bbox: # Expand try: terms = [float(x) for x in bbox.split(',')]
def setup_app(command, conf, vars): """Place any commands to setup georegistry here""" # If we are not in a testing environment, if not pylons.test.pylonsapp: load_environment(conf.global_conf, conf.local_conf) # Create the tables if they don't already exist Base.metadata.create_all(bind=Session.bind) # If we are not in a testing environment and users do not exist, if not pylons.test.pylonsapp and not Session.query(model.Person).all(): # Show feedback print 'Please create an administrator account.' # Prepare passwordDefault = store.makeRandomString(parameter.PASSWORD_LENGTH_AVERAGE) # Create person = model.Person(raw_input('Username (administrator): ') or 'administrator', model.hashString(getpass.getpass('Password (%s): ' % passwordDefault) or passwordDefault), raw_input('Nickname (Administrator): ') or u'Administrator', raw_input('Email ([email protected]): ') or '*****@*****.**') person.is_super = True Session.add(person) Session.commit()
def test_update(self): """ Make sure that updating credentials works Make sure the update page only appears when the user is logged in Make sure the update form is filled with the user's credentials Make sure that update_ only works when the user is logged in Make sure that update confirmation works Make sure that update_ for SMS only works when the user is the owner """ # Initialize urlName = 'person_update' # Assert that we are redirected to the login page if the person is not logged in self.assert_( url('person_login', url=url(urlName)) in self.app.get(url( urlName))) # Assert that we get rejected if we try to post without logging in self.assertEqualJSON(self.app.post(url(urlName)), 0) # Add people Session.add( model.Person(username, model.hashString(password), nickname, email)) Session.add( model.Person(username + 'x', model.hashString(password), nickname + 'x', email + 'x')) Session.commit() # Log in self.app.post(url('person_login'), dict(username=username, password=password)) # Assert that the update form is filled with the user's credentials responseBody = self.app.get(url(urlName)).body self.assert_(username in responseBody) self.assert_(nickname in responseBody) self.assert_(email in responseBody) # Update credentials username_ = store.makeRandomString(parameter.USERNAME_LENGTH_MAXIMUM) password_ = store.makeRandomAlphaNumericString( parameter.PASSWORD_LENGTH_AVERAGE) nickname_ = unicode( store.makeRandomString(parameter.NICKNAME_LENGTH_MAXIMUM)) email_ = re.sub(r'.*@', store.makeRandomString(16) + '@', email) self.assertEqualJSON( self.app.post( url(urlName), dict(username=username_, password=password_, nickname=nickname_, email=email_)), 1) # Make sure the credentials have not changed yet self.assertEqual( Session.query(model.Person).filter_by( username=username_, password_hash=model.hashString(password_), nickname=nickname_, email=email_).count(), 0) # Activate candidate self.app.get( url('person_confirm', ticket=Session.query(model.PersonCandidate.ticket).filter_by( email=email_).first()[0])) # Make sure the credentials have changed self.assertEqual( Session.query(model.Person).filter_by( username=username_, password_hash=model.hashString(password_), nickname=nickname_, email=email_).count(), 1) # Load people person1 = Session.query(model.Person).filter_by( username=username_, password_hash=model.hashString(password_), nickname=nickname_, email=email_).first() person2 = Session.query(model.Person).filter_by(username=username + 'x').first() # Add SMSAddress smsAddress = model.SMSAddress(emailSMS, person2.id) Session.add(smsAddress) Session.commit() smsAddressID = smsAddress.id # Make sure that only the owner can update SMS information self.app.post(url('person_login'), dict(username=username, password=password)) self.assertEqualJSON( self.app.post(url(urlName), dict(smsAddressID=smsAddressID, action='activate')), 0) self.assertEqualJSON( self.app.post(url(urlName), dict(smsAddressID=smsAddressID, action='deactivate')), 0) self.assertEqualJSON( self.app.post(url(urlName), dict(smsAddressID=smsAddressID, action='remove')), 0) self.app.post(url('person_login'), dict(username=username + 'x', password=password)) self.assertEqualJSON( self.app.post(url(urlName), dict(smsAddressID=smsAddressID, action='activate')), 1) self.assertEqualJSON( self.app.post(url(urlName), dict(smsAddressID=smsAddressID, action='deactivate')), 1) self.assertEqualJSON( self.app.post(url(urlName), dict(smsAddressID=smsAddressID, action='remove')), 1)