def test_get_user_calls_split_user(util):
"""It should call split_user() once with the given userid."""
util.split_user.return_value = {"username": "******", "domain": "hypothes.is"}
accounts.get_user("acct:[email protected]", mock.Mock())
util.split_user.assert_called_once_with("acct:[email protected]")
def test_get_user_calls_get_by_username(util, get_by_username):
"""It should call get_by_username() once with the username."""
request = mock.Mock(auth_domain="hypothes.is")
util.split_user.return_value = {"username": "******", "domain": "hypothes.is"}
accounts.get_user("acct:[email protected]", request)
get_by_username.assert_called_once_with("username")
def test_get_user_calls_split_user(util):
"""It should call split_user() once with the given userid."""
util.user.split_user.return_value = {
'username': '******', 'domain': 'hypothes.is'}
accounts.get_user('acct:[email protected]', mock.Mock())
util.user.split_user.assert_called_once_with('acct:[email protected]')
def test_fetches_user_using_service(self, factories, pyramid_config,
pyramid_request, user_service):
pyramid_config.testing_securitypolicy('userid')
user_service.fetch.return_value = factories.User.build()
accounts.get_user(pyramid_request)
user_service.fetch.assert_called_once_with('userid')
def test_fetches_user_using_service(
self, factories, pyramid_config, pyramid_request, user_service
):
pyramid_config.testing_securitypolicy("userid")
user_service.fetch.return_value = factories.User.build()
accounts.get_user(pyramid_request)
user_service.fetch.assert_called_once_with("userid")
def test_get_user_calls_get_by_username(util, get_by_username):
"""It should call get_by_username() once with the username."""
request = mock.Mock(auth_domain='hypothes.is')
util.user.split_user.return_value = {
'username': '******', 'domain': 'hypothes.is'}
accounts.get_user('acct:[email protected]', request)
get_by_username.assert_called_once_with('username')
def test_get_user_calls_get_by_username(util, get_by_username, pyramid_request):
"""It should call get_by_username() once with the username."""
pyramid_request.auth_domain = 'hypothes.is'
util.user.split_user.return_value = {
'username': '******', 'domain': 'hypothes.is'}
accounts.get_user('acct:[email protected]', pyramid_request)
get_by_username.assert_called_once_with(pyramid_request.db, 'username')
def test_get_user_calls_split_user(util):
"""It should call split_user() once with the given userid."""
util.user.split_user.return_value = {
'username': '******',
'domain': 'hypothes.is'
}
accounts.get_user('acct:[email protected]', mock.Mock())
util.user.split_user.assert_called_once_with('acct:[email protected]')
def test_get_user_calls_get_by_username(util, get_by_username):
"""It should call get_by_username() once with the username."""
request = mock.Mock(auth_domain='hypothes.is')
util.user.split_user.return_value = {
'username': '******',
'domain': 'hypothes.is'
}
accounts.get_user('acct:[email protected]', request)
get_by_username.assert_called_once_with('username')
def test_does_not_invalidate_session_if_not_authenticated(self, pyramid_request):
"""
If authenticated_userid is None it shouldn't invalidate the session.
Even though the user with id None obviously won't exist in the db.
This also tests that it doesn't raise a redirect in this case.
"""
pyramid_request.session.invalidate = mock.Mock()
accounts.get_user(pyramid_request)
assert not pyramid_request.session.invalidate.called
def test_does_not_invalidate_session_if_not_authenticated(
self, pyramid_config, pyramid_request
):
"""
If authenticated_userid is None it shouldn't invalidate the session.
Even though the user with id None obviously won't exist in the db.
This also tests that it doesn't raise a redirect in this case.
"""
pyramid_request.session.invalidate = mock.Mock()
accounts.get_user(pyramid_request)
assert not pyramid_request.session.invalidate.called
def groupfinder(userid, request):
"""
Return the list of additional principals for a user, or None.
If `userid` identifies a valid user in the system, this function will
return the list of additional principals for that user. If `userid` is not
recognised as a valid user in the system, the function will return None.
:param userid: the userid claimed by the request.
:type userid: str
:param request: the request object
:type request: pyramid.request.Request
:returns: additional principals for the user (possibly empty) or None
:rtype: list or None
"""
user = accounts.get_user(userid, request)
if user is None:
return None
principals = set()
if user.admin:
principals.add(role.Admin)
if user.staff:
principals.add(role.Staff)
for group in user.groups:
principals.add('group:{group.pubid}'.format(group=group))
return list(principals)
def effective_principals(userid, request):
"""
Return the list of effective principals for the passed userid.
Usually, we can leave the computation of the full set of effective
principals to the pyramid authentication policy. Sometimes, however, it can
be useful to discover the full set of effective principals for a userid
other than the current authenticated userid. This function replicates the
normal behaviour of a pyramid authentication policy and can be used for
that purpose.
"""
principals = set([security.Everyone])
user = accounts.get_user(userid, request)
if user is None:
return list(principals)
if user.admin:
principals.add(role.Admin)
if user.staff:
principals.add(role.Staff)
principals.update(group_principals(user))
principals.add(security.Authenticated)
principals.add(userid)
return list(principals)
def test_get_user_returns_None_if_domain_does_not_match(util):
request = mock.Mock(auth_domain='hypothes.is')
util.user.split_user.return_value = {
'username': '******',
'domain': 'other'
}
assert accounts.get_user('userid', request) is None
def test_returns_user(self, factories, pyramid_config, pyramid_request,
user_service):
pyramid_config.testing_securitypolicy('userid')
user = user_service.fetch.return_value = factories.User.build()
result = accounts.get_user(pyramid_request)
assert result == user
def test_get_user_returns_user(util, get_by_username):
"""It should return the result from get_by_username()."""
request = mock.Mock(auth_domain='hypothes.is')
util.user.split_user.return_value = {
'username': '******', 'domain': 'hypothes.is'}
assert accounts.get_user('acct:[email protected]', request) == (
get_by_username.return_value)
def test_get_user_returns_user(util, get_by_username, pyramid_request):
"""It should return the result from get_by_username()."""
pyramid_request.auth_domain = 'hypothes.is'
util.user.split_user.return_value = {
'username': '******', 'domain': 'hypothes.is'}
result = accounts.get_user('acct:[email protected]', pyramid_request)
assert result == get_by_username.return_value
def test_returns_user(
self, factories, pyramid_config, pyramid_request, user_service
):
pyramid_config.testing_securitypolicy("userid")
user = user_service.fetch.return_value = factories.User.build()
result = accounts.get_user(pyramid_request)
assert result == user
def test_get_user_returns_user(util, get_by_username):
"""It should return the result from get_by_username()."""
request = mock.Mock(auth_domain='hypothes.is')
util.user.split_user.return_value = {
'username': '******',
'domain': 'hypothes.is'
}
assert accounts.get_user('acct:[email protected]',
request) == (get_by_username.return_value)
def groupfinder(userid, request):
"""
Return the list of additional groups of which userid is a member.
Returns a list of group principals of which the passed userid is a member,
or None if the userid is not known by this application.
"""
principals = set()
user = accounts.get_user(userid, request)
if user is None:
return
if user.admin:
principals.add('group:__admin__')
if user.staff:
principals.add('group:__staff__')
principals.update(groups.group_principals(user))
return list(principals)
def groupfinder(userid, request):
"""
Return the list of additional groups of which userid is a member.
Returns a list of group principals of which the passed userid is a member,
or None if the userid is not known by this application.
"""
principals = set()
user = accounts.get_user(userid, request)
if user is None:
return
if user.admin:
principals.add('group:__admin__')
if user.staff:
principals.add('group:__staff__')
principals.update(groups.group_principals(user))
return list(principals)
def test_get_user_returns_None_if_split_user_raises_ValueError(util):
util.user.split_user.side_effect = ValueError
assert accounts.get_user('userid', mock.Mock()) is None
def test_get_user_returns_None_if_domain_does_not_match(util, pyramid_request):
util.user.split_user.return_value = {
'username': '******', 'domain': 'other'}
assert accounts.get_user('userid', pyramid_request) is None
def test_get_user_returns_None_if_domain_does_not_match(util):
request = mock.Mock(auth_domain="hypothes.is")
util.split_user.return_value = {"username": "******", "domain": "other"}
assert accounts.get_user("userid", request) is None
def test_get_user_returns_None_if_domain_does_not_match(util):
request = mock.Mock(auth_domain='hypothes.is')
util.user.split_user.return_value = {
'username': '******', 'domain': 'other'}
assert accounts.get_user('userid', request) is None
def test_get_user_returns_None_if_split_user_raises_ValueError(util):
util.user.split_user.side_effect = ValueError
assert accounts.get_user('userid', mock.Mock()) is None
def user_fetcher(userid):
return get_user(userid, request)
def test_get_user_returns_user(util, get_by_username):
"""It should return the result from get_by_username()."""
request = mock.Mock(auth_domain="hypothes.is")
util.split_user.return_value = {"username": "******", "domain": "hypothes.is"}
assert accounts.get_user("acct:[email protected]", request) == (get_by_username.return_value)
def get_notification(request, annotation, action):
"""
Check if the passed annotation and action pair should send a notification.
Checks to see if the annotation event represented by the passed annotation
and action should trigger a notification. If it should, this function
returns the relevant :py:class:`~h.notification.reply.Notification` object.
Otherwise, it returns None.
:param request: the current request object
:type request: pyramid.request.Request
:param annotation: the reply annotation
:type annotation: h.api.models.elastic.Annotation or h.models.Annotation
:param action: the event action
:type action: str
:returns: a :py:class:`~h.notification.reply.Notification`, or None
"""
# Only send notifications when new annotations are created
if action != 'create':
return
# If the annotation doesn't have a parent, or we can't find its parent,
# then we can't send a notification email.
parent_id = annotation.parent_id
if parent_id is None:
return
# Now we know we're dealing with a reply
reply = annotation
parent = storage.fetch_annotation(request.db, parent_id)
if parent is None:
return
# If the parent user doesn't exist (anymore), we can't send an email.
parent_user = accounts.get_user(parent.userid, request)
if parent_user is None:
return
# If the reply user doesn't exist (anymore), we can't send an email, but
# this would be super weird, so log a warning.
reply_user = accounts.get_user(reply.userid, request)
if reply_user is None:
log.warn('user who just replied no longer exists: %s', reply.userid)
return
# Do not notify users about their own replies
if parent_user == reply_user:
return
# Don't send reply notifications to the author of the parent annotation if
# the reply was private.
if not reply.shared:
return
# FIXME: we should be retrieving the document from the root annotation, not
# the reply, and dealing with the possibility that we have no document
# metadata.
if reply.document is None:
return
# Bail if there is no active 'reply' subscription for the user being
# replied to.
sub = request.db.query(Subscriptions).filter_by(active=True,
type='reply',
uri=parent.userid).first()
if sub is None:
return
return Notification(reply, reply_user, parent, parent_user, reply.document)
def get_notification(request, annotation, action):
"""
Check if the passed annotation and action pair should send a notification.
Checks to see if the annotation event represented by the passed annotation
and action should trigger a notification. If it should, this function
returns the relevant :py:class:`~h.notification.reply.Notification` object.
Otherwise, it returns None.
:param request: the current request object
:type request: pyramid.request.Request
:param annotation: the reply annotation
:type annotation: h.api.models.elastic.Annotation or h.models.Annotation
:param action: the event action
:type action: str
:returns: a :py:class:`~h.notification.reply.Notification`, or None
"""
# Only send notifications when new annotations are created
if action != 'create':
return
# If the annotation doesn't have a parent, or we can't find its parent,
# then we can't send a notification email.
parent_id = annotation.parent_id
if parent_id is None:
return
# Now we know we're dealing with a reply
reply = annotation
parent = storage.fetch_annotation(request.db, parent_id)
if parent is None:
return
# If the parent user doesn't exist (anymore), we can't send an email.
parent_user = accounts.get_user(parent.userid, request)
if parent_user is None:
return
# If the reply user doesn't exist (anymore), we can't send an email, but
# this would be super weird, so log a warning.
reply_user = accounts.get_user(reply.userid, request)
if reply_user is None:
log.warn('user who just replied no longer exists: %s', reply.userid)
return
# Do not notify users about their own replies
if parent_user == reply_user:
return
# Don't send reply notifications to the author of the parent annotation if
# the reply was private.
if not reply.shared:
return
# FIXME: we should be retrieving the document from the root annotation, not
# the reply, and dealing with the possibility that we have no document
# metadata.
if reply.document is None:
return
# Bail if there is no active 'reply' subscription for the user being
# replied to.
sub = request.db.query(Subscriptions).filter_by(active=True,
type='reply',
uri=parent.userid).first()
if sub is None:
return
return Notification(reply, reply_user, parent, parent_user, reply.document)
