def test_change_restricted_context_to_susbcribed_maintain_write_veto(self): """ Create a write restricted context, admin subscribes the user to context, but he cannot write. Admin also adds a persistent "don't write" veto to this user. Change the context to write subscribed, and user still can't write. """ from .mockers import create_context from .mockers import subscribe_context from .mockers import user_status_context url_hash = sha1(create_context["url"]).hexdigest() username = "******" self.create_user(username) self.create_context( create_context, permissions=dict(read="subscribed", write="restricted", subscribe="restricted", invite="restricted"), ) self.admin_subscribe_user_to_context(username, subscribe_context, expect=201) permission = "write" res = self.testapp.delete( "/contexts/%s/permissions/%s/%s?permanent=1" % (url_hash, username, permission), "", oauth2Header(test_manager), status=201, ) data = json.dumps({"permissions": {"write": "subscribed"}}) res = self.testapp.put("/contexts/%s" % url_hash, data, oauth2Header(test_manager), status=200) self.assertEqual(res.json["permissions"]["read"], "subscribed") self.assertEqual(res.json["permissions"]["write"], "subscribed") res = self.create_activity(username, user_status_context, expect=403)
def test_get_message_file_as_non_participant(self): """ Given i'm nota regular user And i'm not a conversation participant When i try to view a file attachment Then i get a Forbidden Exception """ from max.tests.mockers import message from max.tests.mockers import message_with_file sender = 'messi' recipient = 'xavi' recipient2 = 'shakira' self.create_user(sender) self.create_user(recipient) self.create_user(recipient2) res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) cid = res.json['contexts'][0]['id'] thefile = open(os.path.join(self.conf_dir, "map.pdf"), "rb") files = [('file', 'map.pdf', thefile.read(), 'application/pdf')] res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) cid = str(res.json['contexts'][0]['id']) message_id = self.testapp.post('/conversations/%s/messages' % cid, dict(json_data=json.dumps(message_with_file)), oauth2Header(sender), upload_files=files, status=201).json['id'] self.testapp.get('/messages/%s/file/download' % (message_id), headers=oauth2Header(recipient2), status=403)
def test_post_message_with_image_to_an_already_existing_conversation(self): from .mockers import message, message_with_image sender = 'messi' recipient = 'xavi' self.create_user(sender) self.create_user(recipient) thefile = open(os.path.join(os.path.dirname(__file__), "avatar.png"), "rb") files = [('file', 'avatar.png', thefile.read(), 'image/png')] res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) cid = str(res.json['contexts'][0]['id']) self.testapp.post('/conversations/%s/messages' % cid, dict(json_data=json.dumps(message_with_image)), oauth2Header(sender), upload_files=files, status=201) res = self.testapp.get('/conversations/%s/messages' % cid, "", oauth2Header(sender), status=200) result = json.loads(res.text) self.assertEqual(len(result), 2) self.assertEqual(result[0].get("contexts", None)[0].get("id", None), cid) self.assertEqual(result[0].get("contexts", None)[0].get("objectType", None), "conversation") self.assertEqual(result[0].get("objectType", None), "message") self.assertEqual(result[1]['object'].get('fullURL'), u'/messages/{}/image/full'.format(result[1]['id'])) self.assertEqual(result[1]['object'].get('thumbURL'), u'/messages/{}/image/thumb'.format(result[1]['id'])) full_url = result[1]['object'].get('fullURL') res = self.testapp.get(full_url, '', oauth2Header(sender), status=200)
def test_unfavorite_activity_get_other_favorites(self): """ Given a plain user and a regular context When i post an activity in a context And varius users favorite it And someone unfavorite it Then someone who unfavorite this activity and the rest of favorites remains """ from .mockers import user_status_context from .mockers import subscribe_context, create_context username = '******' username_not_me = 'xavi' self.create_user(username) self.create_user(username_not_me) self.create_context(create_context) self.admin_subscribe_user_to_context(username, subscribe_context) self.admin_subscribe_user_to_context(username_not_me, subscribe_context) res = self.create_activity(username, user_status_context) activity_id = res.json['id'] res = self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username_not_me), status=201) res = self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username), status=201) res = self.testapp.delete('/activities/%s/favorites/%s' % (activity_id, username_not_me), '', oauth2Header(username_not_me), status=200) self.assertEqual(res.json['object']['favorites'][0]['username'], username) self.assertEqual(res.json['object']['favorited'], False) self.assertEqual(res.json['object']['favoritesCount'], 1)
def test_unflag_flagged_activity_subscribed_no_flag_permission(self): """ Given i'm a regular user And i'm subscribed to the activity context And i don't have the flag permission on the context When I try to unflag a flagged activity Then I get a Forbidden Exception """ from max.tests.mockers import user_status_context from max.tests.mockers import subscribe_context, create_context from hashlib import sha1 username = "******" username_not_me = "penny" self.create_user(username) self.create_user(username_not_me) self.create_context(create_context) chash = sha1(create_context["url"]).hexdigest() self.admin_subscribe_user_to_context(username, subscribe_context) self.admin_subscribe_user_to_context(username_not_me, subscribe_context) self.grant_permission(chash, username, "flag") res = self.create_activity(username, user_status_context) activity_id = res.json["id"] res = self.testapp.post("/activities/%s/flag" % activity_id, "", oauth2Header(username), status=201) res = self.testapp.delete("/activities/%s/flag" % activity_id, "", oauth2Header(username_not_me), status=403)
def test_get_message_image_as_participant(self): """ Given i'm a regular user And i'm a conversation participant When i try to view a message image attachment Then i succeed """ from max.tests.mockers import message from max.tests.mockers import message_with_image sender = 'messi' recipient = 'xavi' self.create_user(sender) self.create_user(recipient) res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) cid = res.json['contexts'][0]['id'] thefile = open(os.path.join(self.conf_dir, "avatar.png"), "rb") files = [('file', 'avatar.png', thefile.read(), 'image/png')] res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) cid = str(res.json['contexts'][0]['id']) message_id = self.testapp.post('/conversations/%s/messages' % cid, dict(json_data=json.dumps(message_with_image)), oauth2Header(sender), upload_files=files, status=201).json['id'] self.testapp.get('/messages/%s/image' % (message_id), headers=oauth2Header(recipient), status=200)
def test_change_public_context_to_restricted_preserve_granted_write_permission(self): """ Create a public context, user subscribes to context. Extra grant write permission to the user Change the context to write=restricted, and user still have the write permission """ from .mockers import create_context from .mockers import subscribe_context from .mockers import user_status_context url_hash = sha1(create_context["url"]).hexdigest() username = "******" self.create_user(username) self.create_context( create_context, permissions=dict(read="subscribed", write="subscribed", subscribe="public", invite="restricted"), ) self.user_subscribe_user_to_context(username, subscribe_context, expect=201) permission = "write" res = self.testapp.put( "/contexts/%s/permissions/%s/%s?permanent=1" % (url_hash, username, permission), "", oauth2Header(test_manager), status=201, ) data = json.dumps({"permissions": {"write": "restricted"}}) res = self.testapp.put("/contexts/%s" % url_hash, data, oauth2Header(test_manager), status=200) self.assertEqual(res.json["permissions"]["read"], "subscribed") self.assertEqual(res.json["permissions"]["write"], "restricted") res = self.create_activity(username, user_status_context, expect=201)
def test_delete_device_token(self): username = '******' token = {'platform': 'ios', 'token': '12345678901234567890123456789012'} self.create_user(username) self.testapp.post('/tokens', json.dumps(token), oauth2Header(username), status=201) self.testapp.delete('/tokens/%s' % (token['token']), "", oauth2Header(username), status=204)
def test_maintenance_subscriptions(self): from .mockers import create_context from .mockers import subscribe_context, user_status_context from hashlib import sha1 username = '******' self.create_user(username) self.create_context(create_context, permissions=dict(read='subscribed', write='subscribed', subscribe='restricted', invite='restricted')) chash = sha1(create_context['url']).hexdigest() self.admin_subscribe_user_to_context(username, subscribe_context) self.create_activity(username, user_status_context) # Hard modify context directly on mongo to simulate changed permissions, displayName and tags contexts = self.exec_mongo_query('contexts', 'find', {'hash': chash}) context = contexts[0] context['permissions']['write'] = 'restricted' context['displayName'] = 'Changed Name' context['tags'].append('new tag') self.exec_mongo_query('contexts', 'update', {'_id': context['_id']}, context) self.testapp.post('/admin/maintenance/subscriptions', "", oauth2Header(test_manager), status=200) # Check user subscription is updated res = self.testapp.get('/people/{}'.format(username), "", oauth2Header(username), status=200) self.assertEqual(res.json['subscribedTo'][0]['displayName'], 'Changed Name') self.assertListEqual(res.json['subscribedTo'][0]['tags'], ['Assignatura', 'new tag']) self.assertListEqual(res.json['subscribedTo'][0]['permissions'], ['read']) # Check user activity is updated res = self.testapp.get('/people/{}/timeline'.format(username), "", oauth2Header(username), status=200) self.assertEqual(res.json[0]['contexts'][0]['displayName'], 'Changed Name') self.assertListEqual(res.json[0]['contexts'][0]['tags'], ['Assignatura', 'new tag'])
def test_get_pushtokens_for_given_conversations(self): """ doctest .. http:get:: /conversations/{id}/tokens """ from .mockers import message sender = 'messi' recipient = 'xavi' self.create_user(sender) self.create_user(recipient) platform = 'ios' token_sender = '12345678901234567890123456789012' token_recipient = '12345678901234567890123456789013' self.testapp.post('/people/%s/device/%s/%s' % (sender, platform, token_sender), "", oauth2Header(sender), status=201) self.testapp.post('/people/%s/device/%s/%s' % (recipient, platform, token_recipient), "", oauth2Header(recipient), status=201) res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) conversation_id = res.json['contexts'][0]['id'] res = self.testapp.get('/conversations/%s/tokens' % (conversation_id), '', oauth2Header(test_manager), status=200) self.assertEqual(res.json[0]['platform'], u'ios') self.assertEqual(res.json[0]['token'], u'12345678901234567890123456789013') self.assertEqual(res.json[0]['username'], u'xavi') self.assertEqual(res.json[1]['platform'], u'ios') self.assertEqual(res.json[1]['token'], u'12345678901234567890123456789012') self.assertEqual(res.json[1]['username'], u'messi') self.assertEqual(len(res.json), 2)
def test_security_remove_user_from_role_check_security_reloaded(self): test_manager2 = 'messi' self.create_user(test_manager2) self.testapp.post('/admin/security/roles/%s/users/%s' % ('Manager', test_manager2), "", oauth2Header(test_manager), status=201) self.testapp.get('/activities', "", oauth2Header(test_manager2), status=200) self.testapp.delete('/admin/security/roles/%s/users/%s' % ('Manager', test_manager2), "", oauth2Header(test_manager), status=204) self.testapp.get('/activities', "", oauth2Header(test_manager2), status=403)
def test_remove_context_tag(self): from hashlib import sha1 from .mockers import create_context self.create_context(create_context) url_hash = sha1(create_context['url']).hexdigest() self.testapp.put('/contexts/%s/tags' % url_hash, json.dumps(['prova']), oauth2Header(test_manager), status=200) self.testapp.delete('/contexts/%s/tags/%s' % (url_hash, 'Assignatura'), "", oauth2Header(test_manager), status=204)
def test_rename_context_url(self): from .mockers import create_context from .mockers import subscribe_context, user_status_context from hashlib import sha1 username = '******' self.create_user(username) self.create_context(create_context, permissions=dict(read='subscribed', write='subscribed', subscribe='restricted', invite='restricted')) self.admin_subscribe_user_to_context(username, subscribe_context) activity = self.create_activity(username, user_status_context) url_hash = sha1(create_context['url']).hexdigest() res = self.testapp.put('/contexts/%s' % url_hash, json.dumps({"url": "http://new.url"}), oauth2Header(test_manager), status=200) # Test context is updated new_url_hash = sha1('http://new.url').hexdigest() res = self.testapp.get('/contexts/%s' % new_url_hash, "", oauth2Header(test_manager), status=200) self.assertEqual(res.json['url'], 'http://new.url') self.assertEqual(res.json['hash'], new_url_hash) # Test user subscription is updated res = self.testapp.get('/people/%s' % username, "", oauth2Header(test_manager), status=200) self.assertEqual(res.json['subscribedTo'][0]['url'], 'http://new.url') self.assertEqual(res.json['subscribedTo'][0]['hash'], new_url_hash) # Test user original subscription activity is updated subscription_activity = self.exec_mongo_query('activity', 'find', {'object.hash': new_url_hash, 'object.url': "http://new.url", 'actor.username': username}) self.assertNotEqual(subscription_activity, []) self.assertEqual(subscription_activity[0]['object']['hash'], new_url_hash) self.assertEqual(subscription_activity[0]['object']['url'], 'http://new.url') # Test user activity is updated res = self.testapp.get('/activities/%s' % activity.json['id'], "", oauth2Header(test_manager), status=200) self.assertEqual(res.json['contexts'][0]['url'], 'http://new.url') self.assertEqual(res.json['contexts'][0]['hash'], new_url_hash)
def test_like_activity_by_various(self): """ Given a plain user and a regular context When i post an activity in a context Then someone else can like this activity and i also can like it """ from .mockers import user_status_context from .mockers import subscribe_context, create_context username = '******' username_not_me = 'xavi' self.create_user(username) self.create_user(username_not_me) self.create_context(create_context) self.admin_subscribe_user_to_context(username, subscribe_context) self.admin_subscribe_user_to_context(username_not_me, subscribe_context) res = self.create_activity(username, user_status_context) activity_id = res.json['id'] res = self.testapp.post('/activities/%s/likes' % activity_id, '', oauth2Header(username_not_me), status=201) res = self.testapp.post('/activities/%s/likes' % activity_id, '', oauth2Header(username), status=201) self.assertEqual(res.json['object']['likes'][0]['username'], username_not_me) self.assertEqual(res.json['object']['likes'][1]['username'], username) self.assertEqual(res.json['object']['liked'], True) self.assertEqual(res.json['object']['likesCount'], 2)
def test_unfavorite_activity(self): """ Given a plain user and a regular context When i post an activity in a context Then someone else can remove previously favorite mark from this activity """ from .mockers import user_status_context from .mockers import subscribe_context, create_context username = '******' username_not_me = 'xavi' self.create_user(username) self.create_user(username_not_me) self.create_context(create_context) self.admin_subscribe_user_to_context(username, subscribe_context) self.admin_subscribe_user_to_context(username_not_me, subscribe_context) res = self.create_activity(username, user_status_context) activity_id = res.json['id'] res = self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username_not_me), status=201) res = self.testapp.delete('/activities/%s/favorites/%s' % (activity_id, username_not_me), '', oauth2Header(username_not_me), status=200) activity = self.testapp.get('/activities/%s' % activity_id, '', oauth2Header(username), status=200) self.assertEqual(res.json['object']['favorites'], []) self.assertEqual(res.json['object']['favorited'], False) self.assertEqual(res.json['object']['favoritesCount'], 0) self.assertEqual(activity.json['favorites'], []) self.assertEqual(activity.json['favorited'], False) self.assertEqual(activity.json['favoritesCount'], 0)
def test_favorite_already_favorited_activity(self): """ Given a plain user and a regular context When i post an activity in a context And someone favorites this activity Then this someone else can't favorite twice this activity """ from .mockers import user_status_context from .mockers import subscribe_context, create_context username = '******' username_not_me = 'xavi' self.create_user(username) self.create_user(username_not_me) self.create_context(create_context) self.admin_subscribe_user_to_context(username, subscribe_context) self.admin_subscribe_user_to_context(username_not_me, subscribe_context) res = self.create_activity(username, user_status_context) activity_id = res.json['id'] res = self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username_not_me), status=201) res = self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username_not_me), status=200) self.assertEqual(res.json['object']['favorites'][0]['username'], username_not_me) self.assertEqual(res.json['object']['favorited'], True) self.assertEqual(res.json['object']['favoritesCount'], 1)
def test_user_activities_stats_without_activity(self): username = '******' self.create_user(username) res = self.testapp.get('/people/%s/activities' % username, '', oauth2Header(username), status=200) self.assertEqual(len(res.json), 0) res = self.testapp.head('/people/%s/activities' % username, oauth2Header(username), status=200) self.assertEqual(res.headers.get('X-totalItems'), '0')
def test_create_context_that_already_exists(self): """ doctest .. http:get:: /contexts/{hash} """ from hashlib import sha1 from .mockers import create_context url_hash = sha1(create_context['url']).hexdigest() self.testapp.post('/contexts', json.dumps(create_context), oauth2Header(test_manager), status=201) res = self.testapp.post('/contexts', json.dumps(create_context), oauth2Header(test_manager), status=200) self.assertEqual(res.json.get('hash', None), url_hash)
def test_deleted_context_is_really_deleted(self): from hashlib import sha1 from .mockers import create_context url_hash = sha1(create_context['url']).hexdigest() self.create_context(create_context) self.testapp.delete('/contexts/%s' % url_hash, "", oauth2Header(test_manager), status=204) res = self.testapp.get('/contexts/%s' % url_hash, "", oauth2Header(test_manager), status=404) result = json.loads(res.text) self.assertEqual(result.get('error', None), 'ObjectNotFound')
def test_access_to_security_settings(self): """ Given i'm a Manager user When i try to interact with security endpoints Then i suceed """ self.testapp.get('/admin/security', headers=oauth2Header(test_manager), status=200) self.testapp.get('/admin/security/users', headers=oauth2Header(test_manager), status=200) self.testapp.get('/admin/security/roles/Manager/users/test_manager', headers=oauth2Header(test_manager), status=200) self.testapp.post('/admin/security/roles/Manager/users/test_manager', headers=oauth2Header(test_manager), status=200) self.testapp.delete('/admin/security/roles/Manager/users/test_manager', headers=oauth2Header(test_manager), status=204)
def test_user_activities_stats(self): from .mockers import user_status username = '******' self.create_user(username) for i in range(11): self.create_activity(username, user_status, note=str(i)) res = self.testapp.get('/people/%s/activities' % username, '', oauth2Header(username), status=200) self.assertEqual(len(res.json), 10) res = self.testapp.head('/people/%s/activities' % username, oauth2Header(username), status=200) self.assertEqual(res.headers.get('X-totalItems'), '11')
def test_global_comments_stats(self): from .mockers import user_status, user_comment username = '******' self.create_user(username) for i in range(11): res = self.create_activity(username, user_status, note=str(i)) self.testapp.post('/activities/%s/comments' % res.json['id'], json.dumps(user_comment), oauth2Header(username), status=201) res = self.testapp.get('/activities', '', oauth2Header(test_manager), status=200) self.assertEqual(len(res.json), 10) res = self.testapp.head('/activities/comments', oauth2Header(test_manager), status=200) self.assertEqual(res.headers.get('X-totalItems'), '11')
def test_delete_only_deleted_specified_context(self): from hashlib import sha1 from .mockers import create_context, create_contextA self.create_context(create_context) self.create_context(create_contextA) url_hash = sha1(create_context['url']).hexdigest() url_hashA = sha1(create_contextA['url']).hexdigest() self.testapp.delete('/contexts/%s' % url_hash, "", oauth2Header(test_manager), status=204) res = self.testapp.get('/contexts/%s' % url_hashA, "", oauth2Header(test_manager), status=200) result = json.loads(res.text) self.assertEqual(result.get('hash', None), url_hashA)
def test_update_context_tags_updates_existing_subscription_tags(self): from hashlib import sha1 from .mockers import create_context, subscribe_context, user_status_context username = '******' self.create_user(username) self.create_context(create_context) url_hash = sha1(create_context['url']).hexdigest() self.admin_subscribe_user_to_context(username, subscribe_context) self.create_activity(username, user_status_context) self.testapp.put('/contexts/%s/tags' % url_hash, json.dumps(['prova']), oauth2Header(test_manager), status=200) res = self.testapp.get('/people/%s' % username, "", oauth2Header(username), status=200) self.assertEqual(res.json['subscribedTo'][0]['tags'], ['Assignatura', 'prova'])
def test_get_all_users_with_regex(self): username = "******" self.create_user(username) query = {"username": "******"} res = self.testapp.get("/people", query, oauth2Header(username), status=200) result = json.loads(res.text) self.assertEqual(result[0].get("username", ""), username) query = {"username": "******"} res = self.testapp.get("/people", query, oauth2Header(username), status=200) result = json.loads(res.text) self.assertEqual(result[0].get("username", ""), username)
def test_maintenance_users(self): username = '******' self.create_user(username) # Hard modify user directly on mongo to simulate wrong owner and check is wrong self.exec_mongo_query('users', 'update', {'username': username}, {'$set': {'_owner': 'test_manager'}}) res = self.testapp.get('/people/{}'.format(username), "", oauth2Header(test_manager), status=200) self.assertEqual(res.json['owner'], 'test_manager') self.testapp.post('/admin/maintenance/users', "", oauth2Header(test_manager), status=200) res = self.testapp.get('/people/{}'.format(username), "", oauth2Header(test_manager), status=200) self.assertEqual(res.json['owner'], username)
def test_create_activity_check_not_duplicate_activity(self): """ Given a admin user When I post an activity in the name of someone else And I try to post the same content twice in less than a minute Then the activity is posted only once """ from .mockers import user_status as activity username = '******' self.create_user(username) self.testapp.post('/people/%s/activities' % username, json.dumps(activity), oauth2Header(test_manager), status=201) self.testapp.post('/people/%s/activities' % username, json.dumps(activity), oauth2Header(test_manager), status=200)
def test_forbidden_access_to_security_settings(self): """ Given i'm a regular user When i try to interact with security endpoints Then i get a Forbidden Exception """ username = '******' self.testapp.get('/admin/security', headers=oauth2Header(username), status=403) self.testapp.get('/admin/security/users', headers=oauth2Header(username), status=403) self.testapp.get('/admin/security/roles/Manager/users/test_manager', headers=oauth2Header(username), status=403) self.testapp.post('/admin/security/roles/Manager/users/test_manager', headers=oauth2Header(username), status=403) self.testapp.delete('/admin/security/roles/Manager/users/test_manager', headers=oauth2Header(username), status=403)
def test_delete_token(self): """ Given i'm a regular user When i try to add delete a device token I succeed """ from max.tests.mockers import token username = '******' self.create_user(username) self.testapp.post('/tokens', json.dumps(token), headers=oauth2Header(username), status=201) self.testapp.delete('/tokens/{}'.format(token['token']), '', headers=oauth2Header(username), status=204)
def test_search_with_invalid_parameters(self): """ Given a plain user When I do a search with invalid parameters Then I get a Bad Request Error """ username = '******' self.create_user(username) fake_id = '519200000000000000000000' self.testapp.get('/people?limit=a', '', oauth2Header(username), status=400) self.testapp.get('/people?after=0', '', oauth2Header(username), status=400) self.testapp.get('/people?before=0', '', oauth2Header(username), status=400) self.testapp.get('/people?before={0}&after={0}'.format(fake_id), '', oauth2Header(username), status=400)