def test_student_post_doesnt_set_first_last_name(): old_first = "student1i" old_last = "student" params = { "username": "******", "password": "******", "new_first_name": "asdf", "new_last_name": "cheese", } r, data = test_helpers.server_post("/user/student_coll1_1", params) assert r.status == 200 details_dict = User("student_coll1_1").details_dictionary_for( User.create_user("student_coll1_1", "cows")) # restore original data u = User("student_coll1_1") u.set_first_name(old_first) u.set_last_name(old_last) u.save() assert details_dict["first_name"] == old_first assert details_dict["last_name"] == old_last
def test_post_sets_own_password_and_name(): old_password = "******" new_password = '******' old_first = "Blue" old_last = "Shirt" params = { "username": "******", "password": old_password, "new_password": new_password, "new_first_name": 'new_first', "new_last_name": 'new_last', } r, data = test_helpers.server_post("/user/blueshirt", params) assert r.status == 200 assert User("blueshirt")._user.bind(new_password) u = User("blueshirt") first = u.first_name last = u.last_name u.set_password(old_password) u.set_first_name(old_first) u.set_last_name(old_last) u.save() assert first == 'new_first' assert last == 'new_last'
def test_email_change_request(): """ Test that change requests via POST at /user/ are handled correclty. """ username = "******" old_email = User(username).email new_email = "*****@*****.**" params = { "username": "******", "password": "******", "new_email": new_email, } r, data = test_helpers.server_post("/user/student_coll1_1", params) assert r.status == 200, data user = User(username) assert user.email == old_email ps = test_helpers.last_email() toaddr = ps.toaddr assert toaddr == new_email vars = ps.template_vars first_name = user.first_name assert first_name == vars['name'] template = ps.template_name assert template == 'change_email' test_helpers.assert_load_template(template, vars) pe = PendingEmail(username) assert pe.in_db assert pe.new_email == new_email
def test_post_doesnt_set_blank_last_name(): old_last = User("student_coll1_1").last_name params = { "username": "******", "password": "******", "new_last_name": "", } r, data = test_helpers.server_post("/user/student_coll1_1", params) assert r.status == 200 assert User("student_coll1_1").last_name == old_last
def clear_old_registrations(): for pu in PendingUser.ListAll(): # deliberately a larger delta than we restrict against to avoid # accidentally removing vaild entries if pu.age > timedelta(days=3): log_action('expiring registration', pu) pu.delete() expired = User(pu.username) expired.delete() team_leader = User(pu.teacher_username) inform_team_lead_registration_expired(team_leader, expired)
def verify_email(username, code): """ Verifies to the system that an email address exists, and assigns it to a user. Expected to be used only by users clicking links in email-verfication emails. Not part of the documented API. """ change_request = PendingEmail(username) if not change_request.in_db: return "No such change request", 404 if change_request.age > timedelta(days=2): return "Request not valid", 410 if change_request.verify_code != code: return "Invalid verification code", 403 log_action('changing email', user=username, new_email=change_request.new_email) u = User(change_request.username) u.set_email(change_request.new_email) u.save() return "Email address successfully changed", 200
def test_post_by_blueshirt(self): params = {"username": "******", "password": "******"} r, data = test_helpers.server_post( "/send-password-reset/student_coll1_1", params) self.assertEqual(202, r.status, data) user = User('student_coll1_1') ps = test_helpers.last_email() toaddr = ps.toaddr self.assertEqual(user.email, toaddr) vars = ps.template_vars self.assertEqual(user.first_name, vars['name'], "Wrong first name") self.assertEqual('Blue Shirt', vars['requestor_name'], "Wrong requestor name") template = ps.template_name self.assertEqual('password_reset', template, "Wrong email template") test_helpers.assert_load_template(template, vars) ppr = PendingPasswordReset('student_coll1_1') self.assertTrue(ppr.in_db, "{0} should been in the database.".format(ppr)) self.assertEqual('blueshirt', ppr.requestor_username, "Wrong requestor username.") self.assertIn(ppr.verify_code, vars['password_reset_url'], "Wrong verify code")
def test_post_sets_others_password(): old_password = "******" params = { "username": "******", "password": "******", "new_password": "******", } r, data = test_helpers.server_post("/user/student_coll1_1", params) assert r.status == 200 assert User("student_coll1_1")._user.bind("com") u = User("student_coll1_1") u.set_password(old_password) u.save()
def test_team_leader_can_become_student(): # We need to test against another teacher, because team leaders demoting themselves is not allowed u = User("student_coll1_1") u.make_teacher() u.save() params = { "username": "******", "password": "******", "new_type": "student", } r, data = test_helpers.server_post("/user/student_coll1_1", params) assert r.status == 200 assert not User("student_coll1_1").is_teacher
def test_post_any_blueshirt_can_record_student_media_consent(): blueshirt_mcf = srusers.user('blueshirt-mcf') groups = blueshirt_mcf.groups() # Sanity check assert set(groups) == set(['mentors', 'media-consent-admin']) params = { "username": "******", "password": "******", "media_consent": 'true', } r, data = test_helpers.server_post("/user/student_coll1_1", params) assert r.status == 200, (r.status, data) u = User("student_coll1_1") assert u.has_media_consent ps = test_helpers.last_email() toaddr = ps.toaddr expected_addr = u.email assert toaddr == expected_addr vars = ps.template_vars first_name = u.first_name assert first_name == vars['first_name'] template = ps.template_name assert template == 'ticket_available' test_helpers.assert_load_template(template, vars)
def verify_email(username, code): """ Verifies to the system that an email address exists, and assigns it to a user. Expected to be used only by users clicking links in email-verfication emails. Not part of the documented API. """ change_request = PendingEmail(username) if not change_request.in_db: return "No such change request", 404, PLAINTEXT_HEADER email_change_days = config.config.getint('nemesis', 'email_change_days') max_age = timedelta(days=email_change_days) if change_request.age > max_age: return "Request not valid", 410, PLAINTEXT_HEADER if change_request.verify_code != code: return "Invalid verification code", 403, PLAINTEXT_HEADER log_action('changing email', user=username, new_email=change_request.new_email) u = User(change_request.username) u.set_email(change_request.new_email) u.save() return "Email address successfully changed", 200, PLAINTEXT_HEADER
def test_post_sets_own_password(): old_password = "******" new_password = '******' params = { "username": "******", "password": old_password, "new_password": new_password, } r, data = test_helpers.server_post("/user/blueshirt", params) assert r.status == 200 assert User("blueshirt")._user.bind(new_password) u = User("blueshirt") u.set_password(old_password) u.save()
def clear_old_registrations(): # deliberately a larger delta than we restrict against to avoid # accidentally removing vaild entries activation_days = config.getint('nemesis', 'activation_days') activation_days += 0.5 max_age = timedelta(days=activation_days) for pu in PendingUser.ListAll(): if pu.age > max_age: log_action('expiring registration', pu) pu.delete() expired = User(pu.username) expired.delete() inform_competitor_registration_expired(pu.email, expired) team_leader = User(pu.teacher_username) inform_team_lead_registration_expired(team_leader, expired)
def activate_account(username, code): """ Verifies to the system that an email address exists, and that the related account should be made into a full account. Expected to be used only by users clicking links in account-activation emails. Not part of the documented API. """ pu = PendingUser(username) if not pu.in_db: return "No such user account", 404 if pu.age > timedelta(days=2): return "Request not valid", 410 if pu.verify_code != code: return "Invalid verification code", 403 log_action('activating user', pu) from libnemesis import srusers new_pass = srusers.users.GenPasswd() u = User(username) u.set_email(pu.email) u.set_team(pu.team) u.set_college(pu.college) u.set_password(new_pass) u.make_student() u.save() # let the team-leader know rq_user = User.create_user(pu.teacher_username) email_vars = { 'name': rq_user.first_name, 'au_username': username, 'au_first_name': u.first_name, 'au_last_name': u.last_name } mailer.email_template(rq_user.email, 'user_activated_team_leader', email_vars) pu.delete() html = open(PATH + "/templates/activate.html").read() replacements = { 'first_name': u.first_name, 'last_name': u.last_name, 'password': new_pass, 'email': u.email, 'username': username, 'root': url_for('.index') } html = html.format(**replacements) return html, 200
def test_email_change_request_reset_without_change(): """ Test that a change requests to the original value, where there is no actual outstanding request doens't explode""" username = "******" old_email = User(username).email params = { "username": "******", "password": "******", "new_email": old_email, } r, data = test_helpers.server_post("/user/student_coll1_1", params) assert r.status == 200, data user = User(username) assert user.email == old_email test_helpers.assert_no_emails()
def test_verify_success(): username = "******" old_email = User(username).email new_email = "*****@*****.**" setup_new_email('student_coll1_1', new_email, 'bees') r, data = test_helpers.server_get("/verify/" + username + "/bees") status = r.status assert status == 200, data u = User(username) email = u.email # restore the original first u.set_email(old_email) u.save() assert email == new_email
def test_post_student_cant_withdraw_other_student(): params = { "username": "******", "password": "******", "withdrawn": 'true', } r, data = test_helpers.server_post("/user/student_coll1_2", params) assert r.status == 403 assert not User("student_coll1_2").has_withdrawn
def test_student_cant_set_team_leader(): params = { "username": "******", "password": "******", "new_type": "team-leader", } r, data = test_helpers.server_post("/user/student_coll1_1", params) assert r.status == 200 assert not User("student_coll1_1").is_teacher
def test_post_teacher_cant_record_student_media_consent(): params = { "username": "******", "password": "******", "media_consent": 'true', } r, data = test_helpers.server_post("/user/student_coll1_2", params) assert r.status == 200 assert not User("student_coll1_2").has_media_consent
def test_post_teacher_cant_withdraw_self(): params = { "username": "******", "password": "******", "withdrawn": 'true', } r, data = test_helpers.server_post("/user/teacher_coll1", params) assert r.status == 200 assert not User("teacher_coll1").has_withdrawn
def test_team_leader_cant_demote_self(): params = { "username": "******", "password": "******", "new_type": "student", } r, data = test_helpers.server_post("/user/teacher_coll1", params) assert r.status == 200 assert User("teacher_coll1").is_teacher
def test_user_get_checks_same_email(): username = "******" new_email = User(username).email setup_new_email(username, new_email, 'bees') params = {"username": username, "password": "******"} r, data = test_helpers.server_get("/user/student_coll1_1", params) assert r.status == 200, data user_info = json.loads(data) assert not user_info.has_key('new_email'), \ "Should not have a new_email key when the new one and the current one match"
def test_email_change_request_reset(): """ Test that change requests via POST at /user/ are handled correclty. """ username = "******" old_email = User(username).email new_email = "*****@*****.**" setup_new_email(username, new_email, 'bees') params = { "username": "******", "password": "******", "new_email": old_email, } r, data = test_helpers.server_post("/user/student_coll1_1", params) assert r.status == 200, data user = User(username) assert user.email == old_email pe = PendingEmail(username) assert not pe.in_db, 'POST using original email should have cleared request' test_helpers.assert_no_emails()
def test_clear_old_registrations(self): first_name = 'old' last_name = 'user' old_user = srusers.user('old') old_user.cname = first_name old_user.sname = last_name old_user.email = '' old_user.save() old_team_leader = User('teacher_coll1') pu = PendingUser('old') pu.teacher_username = old_team_leader.username pu.college = 'college-1' pu.team = 'team-ABC' pu.email = '*****@*****.**' pu.verify_code = 'bibble-old' pu.save() self._make_old('registrations', 'old') pu = PendingUser('abc') pu.teacher_username = '******' pu.college = 'new-college-1' pu.team = 'team-NEW' pu.email = '*****@*****.**' pu.verify_code = 'bibble' pu.save() helpers.clear_old_registrations() pu = PendingUser('old') assert not pu.in_db pu = PendingUser('abc') assert pu.in_db ps = last_email() toaddr = ps.toaddr team_lead_email = old_team_leader.email assert toaddr == team_lead_email vars = ps.template_vars team_lead_first = old_team_leader.first_name assert team_lead_first == vars['name'] assert first_name == vars['pu_first_name'] assert last_name == vars['pu_last_name'] template = ps.template_name assert template == 'registration_expired'
def test_post_blueshirt_record_student_media_consent_again_no_email(): params = { "username": "******", "password": "******", "media_consent": 'true', } r, data = test_helpers.server_post("/user/student_coll1_1", params) assert r.status == 200, (r.status, data) u = User("student_coll1_1") assert u.has_media_consent test_helpers.assert_no_emails()
def test_post_blueshirt_cant_set_team(): old_team = "team-ABC" new_team = "team-DFE" params = { "username": "******", "password": "******", "new_team": new_team, } r, data = test_helpers.server_post("/user/student_coll1_1", params) assert r.status == 200 u = User("student_coll1_1") teams = [t.name for t in u.teams] assert [old_team] == teams
def test_post_teacher_cant_set_other_team(): old_team = "team-ABC" new_team = "team-QWZ" # exists, but this teacher doesn't own it params = { "username": "******", "password": "******", "new_team": new_team, } r, data = test_helpers.server_post("/user/student_coll1_1", params) assert r.status == 200 u = User("student_coll1_1") teams = [t.name for t in u.teams] assert [old_team] == teams
def test_activate_success(): username = '******' rq_user = User.create_user("teacher_coll1", "facebees") cu = User.create_new_user(rq_user, 'college-1', 'James', 'Activate') assert cu.username == username pu = create_pending_user(username) pu.save() r, data = test_helpers.server_get("/activate/" + username + "/bibble") status = r.status assert status == 200, data u = User(username) email = u.email assert pu.email == email teams = [t.name for t in u.teams] assert pu.team in teams colleges = u.colleges assert pu.college in colleges students = srusers.group('students').members assert username in students pu = PendingUser(username) assert not pu.in_db, "registration DB entry should have been removed" # ensure we sent the team-leader a confirmation ps = test_helpers.last_email() toaddr = ps.toaddr tl_email = rq_user.email assert toaddr == tl_email vars = ps.template_vars tl_name = rq_user.first_name assert tl_name == vars['name'] first_name = cu.first_name assert first_name == vars['au_first_name'] last_name = cu.last_name assert last_name == vars['au_last_name'] assert username == vars['au_username'] template = ps.template_name assert template == 'user_activated_team_leader'
def test_team_leader_can_set_team_leader(): params = { "username": "******", "password": "******", "new_type": "team-leader", } r, data = test_helpers.server_post("/user/student_coll1_1", params) assert r.status == 200 u = User("student_coll1_1") is_teacher = u.is_teacher # Clean up u.make_student() u.save() # now assert (ensures the clean-up occurs) assert is_teacher
def test_post_teacher_sets_team(): old_team = "team-ABC" new_team = "team-DFE" params = { "username": "******", "password": "******", "new_team": new_team, } r, data = test_helpers.server_post("/user/student_coll1_1", params) assert r.status == 200 u = User("student_coll1_1") teams = [t.name for t in u.teams] assert [new_team] == teams u.set_team(old_team) u.save()