示例#1
0
    def test_new_theme_version_with_69_properties(self):
        core.set_user(user_factory())

        addon = addon_factory(
            type=amo.ADDON_STATICTHEME, version_kw={'version': '1.0'})
        old_version = addon.current_version
        old_file_path = old_version.all_files[0].current_file_path
        amo.storage_utils.copy_stored_file(self.file_obj_dep, old_file_path)
        assert os.path.isfile(old_file_path)

        new_version = new_theme_version_with_69_properties(old_version)
        assert addon.versions.all().count() == 2
        assert addon.current_version == new_version

        new_file_path = new_version.all_files[0].current_file_path
        with zipfile.ZipFile(self.file_obj_dep, 'r') as old_xpi:
            with zipfile.ZipFile(new_file_path, 'r') as new_xpi:
                assert len(old_xpi.infolist()) == len(new_xpi.infolist())
                for entry in old_xpi.infolist():
                    file_ = entry.filename
                    if file_ == 'manifest.json':
                        old_manifest = json.loads(old_xpi.read(file_))
                        new_manifest = json.loads(new_xpi.read(file_))
                        assert old_manifest != new_manifest
                        # need to pop the version as it's been bumped
                        old_ver_num = old_manifest.pop('version')
                        new_ver_num = new_manifest.pop('version')
                        assert old_ver_num != new_ver_num
                        assert new_manifest == (
                            new_69_theme_properties_from_old(old_manifest))

                    else:
                        assert old_xpi.read(file_) == new_xpi.read(file_)
示例#2
0
 def setUp(self):
     super(TestActivityLog, self).setUp()
     self.user = UserProfile.objects.create(
         username='******', display_name='Yolo')
     self.request = Mock()
     self.request.user = self.user
     core.set_user(self.user)
示例#3
0
    def test_ban(self):
        ban_url = reverse('admin:users_userprofile_ban', args=(self.user.pk, ))
        wrong_ban_url = reverse(
            'admin:users_userprofile_ban', args=(self.user.pk + 42, ))
        user = user_factory()
        self.grant_permission(user, 'Admin:Tools')
        self.client.login(email=user.email)
        core.set_user(user)
        response = self.client.post(ban_url, follow=True)
        assert response.status_code == 403
        self.grant_permission(user, 'Users:Edit')
        response = self.client.get(ban_url, follow=True)
        assert response.status_code == 405  # Wrong http method.
        response = self.client.post(wrong_ban_url, follow=True)
        assert response.status_code == 404  # Wrong pk.

        self.user.reload()
        assert not self.user.deleted

        response = self.client.post(ban_url, follow=True)
        assert response.status_code == 200
        assert response.redirect_chain[-1][0].endswith(self.detail_url)
        assert response.redirect_chain[-1][1] == 302
        self.user.reload()
        assert self.user.deleted
        assert self.user.email
        alog = ActivityLog.objects.latest('pk')
        assert alog.action == amo.LOG.ADMIN_USER_BANNED.id
        assert alog.arguments == [self.user]
示例#4
0
 def setUp(self):
     super(TestActivityLogCount, self).setUp()
     now = datetime.now()
     bom = datetime(now.year, now.month, 1)
     self.lm = bom - timedelta(days=1)
     self.user = UserProfile.objects.get()
     core.set_user(self.user)
示例#5
0
    def test_last_known_activity_time(self):
        someone_else = user_factory(username='******')
        addon = addon_factory()

        model_admin = UserAdmin(UserProfile, admin.site)
        assert six.text_type(
            model_admin.last_known_activity_time(self.user)) == ''

        # Add various activities. They will be attached to whatever user is
        # set in the thread global at the time, so set that in advance.
        core.set_user(self.user)
        expected_date = self.days_ago(1)
        activity = ActivityLog.create(amo.LOG.CREATE_ADDON, addon)
        activity.update(created=self.days_ago(2))
        activity.userlog_set.update(created=self.days_ago(2))

        activity = ActivityLog.create(amo.LOG.EDIT_PROPERTIES, addon)
        activity.update(created=expected_date)
        activity.userlog_set.update(created=expected_date)

        assert activity.reload().created == expected_date

        # Create another activity, more recent, attached to a different user.
        core.set_user(someone_else)
        activity = ActivityLog.create(amo.LOG.EDIT_PROPERTIES, addon)

        expected_result = DateFormat(expected_date).format(
            settings.DATETIME_FORMAT)

        assert (
            six.text_type(model_admin.last_known_activity_time(self.user)) ==
            expected_result)
示例#6
0
    def test_delete_picture(self, delete_picture_mock):
        delete_picture_url = reverse(
            'admin:users_userprofile_delete_picture', args=(self.user.pk, ))
        wrong_delete_picture_url = reverse(
            'admin:users_userprofile_delete_picture',
            args=(self.user.pk + 42, ))
        user = user_factory()
        self.grant_permission(user, 'Admin:Tools')
        self.client.login(email=user.email)
        core.set_user(user)
        response = self.client.post(delete_picture_url, follow=True)
        assert response.status_code == 403
        self.grant_permission(user, 'Users:Edit')
        response = self.client.get(delete_picture_url, follow=True)
        assert response.status_code == 405  # Wrong http method.
        response = self.client.post(wrong_delete_picture_url, follow=True)
        assert response.status_code == 404  # Wrong pk.

        assert delete_picture_mock.call_count == 0

        response = self.client.post(delete_picture_url, follow=True)
        assert response.status_code == 200
        assert response.redirect_chain[-1][0].endswith(self.detail_url)
        assert response.redirect_chain[-1][1] == 302

        assert delete_picture_mock.call_count == 1

        alog = ActivityLog.objects.latest('pk')
        assert alog.action == amo.LOG.ADMIN_USER_PICTURE_DELETED.id
        assert alog.arguments == [self.user]
    def authenticate_credentials(self, payload):
        """
        Return a non-deleted user that matches the payload's user id.

        Mimic what our UserAndAddrMiddleware and django's get_user() do when
        authenticating, because otherwise that behaviour would be missing in
        the API since API auth happens after the middleware process request
        phase.
        """
        if 'user_id' not in payload:
            log.info('No user_id in token payload {}'.format(payload))
            raise exceptions.AuthenticationFailed()
        try:
            user = UserProfile.objects.filter(deleted=False).get(
                pk=payload['user_id'])
        except UserProfile.DoesNotExist:
            log.info('User not found from token payload {}'.format(payload))
            raise exceptions.AuthenticationFailed()

        # Check get_session_auth_hash like django's get_user() does.
        session_auth_hash = user.get_session_auth_hash()
        payload_auth_hash = payload.get('auth_hash', '')
        if not constant_time_compare(payload_auth_hash, session_auth_hash):
            log.info('User tried to authenticate with invalid auth hash in'
                     'payload {}'.format(payload))
            raise exceptions.AuthenticationFailed()

        # Set user in thread like UserAndAddrMiddleware does.
        core.set_user(user)
        return user
示例#8
0
 def test_version_delete_logs(self):
     user = UserProfile.objects.get(pk=55021)
     core.set_user(user)
     # The transform don't know bout my users.
     version = Version.objects.get(pk=81551)
     assert ActivityLog.objects.count() == 0
     version.delete()
     assert ActivityLog.objects.count() == 2
示例#9
0
 def wrapper(*args, **kw):
     old_user = core.get_user()
     core.set_user(get_task_user())
     try:
         result = f(*args, **kw)
     finally:
         core.set_user(old_user)
     return result
示例#10
0
 def test_version_delete_logs(self):
     user = UserProfile.objects.get(pk=55021)
     core.set_user(user)
     # The transform don't know bout my users.
     version = Version.objects.get(pk=81551)
     assert ActivityLog.objects.count() == 0
     version.delete()
     assert ActivityLog.objects.count() == 2
示例#11
0
    def test_can_delete_with_related_objects_with_admin_advanced_permission(
            self):
        # Add related instances...
        addon = addon_factory()
        addon_with_other_authors = addon_factory()
        AddonUser.objects.create(addon=addon_with_other_authors,
                                 user=user_factory())
        relations_that_should_be_deleted = [
            AddonUser.objects.create(addon=addon_with_other_authors,
                                     user=self.user),
            Rating.objects.create(addon=addon_factory(),
                                  rating=5,
                                  user=self.user),
            addon,  # Has no other author, should be deleted.
            collection_factory(author=self.user)
        ]
        relations_that_should_survive = [
            AbuseReport.objects.create(reporter=self.user),
            AbuseReport.objects.create(user=self.user),
            ActivityLog.create(user=self.user, action=amo.LOG.USER_EDITED),
            ReviewerScore.objects.create(user=self.user, score=42),
            addon_with_other_authors,  # Has other authors, should be kept.

            # Bit of a weird case, but because the user was the only author of
            # this add-on, the addonuser relation is kept, and both the add-on
            # and the user are soft-deleted. This is in contrast with the case
            # where the user is *not* the only author, in which case the
            # addonuser relation is deleted, but the add-on is left intact.
            AddonUser.objects.create(addon=addon, user=self.user),
        ]

        # Now test as normal.
        user = user_factory()
        assert not self.user.deleted
        self.grant_permission(user, 'Admin:Tools')
        self.grant_permission(user, 'Admin:Advanced')
        self.client.login(email=user.email)
        core.set_user(user)
        response = self.client.get(self.delete_url, follow=True)
        assert response.status_code == 200
        assert b'Cannot delete user' not in response.content
        response = self.client.post(self.delete_url, {'post': 'yes'},
                                    follow=True)
        assert response.status_code == 200
        self.user.reload()
        assert self.user.deleted
        assert self.user.email is None
        alog = ActivityLog.objects.filter(
            action=amo.LOG.ADMIN_USER_ANONYMIZED.id).get()
        assert alog.arguments == [self.user]

        # Test the related instances we created earlier.
        for obj in relations_that_should_be_deleted:
            assert not obj.__class__.objects.filter(pk=obj.pk).exists()

        for obj in relations_that_should_survive:
            assert obj.__class__.objects.filter(pk=obj.pk).exists()
示例#12
0
    def test_set_task_user(self):
        @decorators.set_task_user
        def some_func():
            return core.get_user()

        core.set_user(UserProfile.objects.get(username='******'))
        assert core.get_user().pk == 999
        assert some_func().pk == int(settings.TASK_USER_ID)
        assert core.get_user().pk == 999
示例#13
0
    def test_set_task_user(self):
        @decorators.set_task_user
        def some_func():
            return core.get_user()

        core.set_user(UserProfile.objects.get(username='******'))
        assert core.get_user().pk == 999
        assert some_func().pk == int(settings.TASK_USER_ID)
        assert core.get_user().pk == 999
示例#14
0
    def test_can_delete_with_related_objects_with_admin_advanced_permission(
            self):
        # Add related instances...
        addon = addon_factory()
        addon_with_other_authors = addon_factory()
        AddonUser.objects.create(
            addon=addon_with_other_authors, user=user_factory())
        relations_that_should_be_deleted = [
            AddonUser.objects.create(
                addon=addon_with_other_authors, user=self.user),
            Rating.objects.create(
                addon=addon_factory(), rating=5, user=self.user),
            addon,  # Has no other author, should be deleted.
            collection_factory(author=self.user)
        ]
        relations_that_should_survive = [
            AbuseReport.objects.create(reporter=self.user),
            AbuseReport.objects.create(user=self.user),
            ActivityLog.create(user=self.user, action=amo.LOG.USER_EDITED),
            ReviewerScore.objects.create(user=self.user, score=42),
            addon_with_other_authors,  # Has other authors, should be kept.

            # Bit of a weird case, but because the user was the only author of
            # this add-on, the addonuser relation is kept, and both the add-on
            # and the user are soft-deleted. This is in contrast with the case
            # where the user is *not* the only author, in which case the
            # addonuser relation is deleted, but the add-on is left intact.
            AddonUser.objects.create(addon=addon, user=self.user),
        ]

        # Now test as normal.
        user = user_factory()
        assert not self.user.deleted
        self.grant_permission(user, 'Admin:Tools')
        self.grant_permission(user, 'Admin:Advanced')
        self.client.login(email=user.email)
        core.set_user(user)
        response = self.client.get(self.delete_url, follow=True)
        assert response.status_code == 200
        assert b'Cannot delete user' not in response.content
        response = self.client.post(self.delete_url, {'post': 'yes'},
                                    follow=True)
        assert response.status_code == 200
        self.user.reload()
        assert self.user.deleted
        assert self.user.email is None
        alog = ActivityLog.objects.filter(
            action=amo.LOG.ADMIN_USER_ANONYMIZED.id).get()
        assert alog.arguments == [self.user]

        # Test the related instances we created earlier.
        for obj in relations_that_should_be_deleted:
            assert not obj.__class__.objects.filter(pk=obj.pk).exists()

        for obj in relations_that_should_survive:
            assert obj.__class__.objects.filter(pk=obj.pk).exists()
示例#15
0
    def process_request(self, request):
        """Attach authentication/permission helpers to request, and persist
        user and remote addr in current thread."""
        request.check_ownership = partial(acl.check_ownership, request)

        # Persist the user and remote addr in the thread to make it accessible
        # in log() statements etc.
        if request.user.is_authenticated():
            core.set_user(request.user)
        core.set_remote_addr(request.META.get('REMOTE_ADDR'))
示例#16
0
    def test_unreviewed_addon(self):
        u = UserProfile.objects.get(email='*****@*****.**')
        addon = Addon.objects.all()[0]
        addon.status = amo.STATUS_NOMINATED
        c = u.favorites_collection()
        core.set_user(u)
        c.add_addon(addon)

        self.client.login(email='*****@*****.**')
        response = self.client.get(c.get_url_path())
        assert list(response.context['addons'].object_list) == [addon]
示例#17
0
    def setUp(self):
        super(TestAdditionalDetailsForm, self).setUp()
        self.addon = Addon.objects.get(pk=3615)

        self.data = {
            'default_locale': 'en-US',
            'homepage': str(self.addon.homepage),
        }

        self.user = self.addon.authors.all()[0]
        core.set_user(self.user)
        self.request = req_factory_factory('/')
示例#18
0
    def setUp(self):
        super().setUp()
        self.addon = Addon.objects.get(pk=3615)

        self.data = {
            'default_locale': 'en-US',
            'homepage': str(self.addon.homepage),
        }

        self.user = self.addon.authors.all()[0]
        core.set_user(self.user)
        self.request = req_factory_factory('/')
示例#19
0
 def test_user_approve_reviews(self):
     self.add_approve_logs(3)
     other = UserProfile.objects.create(email='*****@*****.**', username='******')
     core.set_user(other)
     self.add_approve_logs(2)
     result = ActivityLog.objects.user_approve_reviews(self.user).count()
     assert result == 3
     result = ActivityLog.objects.user_approve_reviews(other).count()
     assert result == 2
     another = UserProfile.objects.create(email='*****@*****.**', username='******')
     result = ActivityLog.objects.user_approve_reviews(another).count()
     assert result == 0
示例#20
0
 def test_user_approve_reviews(self):
     self.add_approve_logs(3)
     other = UserProfile.objects.create(email="*****@*****.**", username="******")
     core.set_user(other)
     self.add_approve_logs(2)
     result = ActivityLog.objects.user_approve_reviews(self.user).count()
     assert result == 3
     result = ActivityLog.objects.user_approve_reviews(other).count()
     assert result == 2
     another = UserProfile.objects.create(
         email="*****@*****.**", username="******")
     result = ActivityLog.objects.user_approve_reviews(another).count()
     assert result == 0
示例#21
0
def test_pre_setup(request, tmpdir, settings):
    from django.core.cache import caches
    from django.utils import translation
    from olympia import amo, core
    from olympia.translations.hold import clean_translations

    caches['default'].clear()

    translation.trans_real.deactivate()
    # Django fails to clear this cache.
    translation.trans_real._translations = {}
    translation.trans_real.activate(settings.LANGUAGE_CODE)

    def _path(*args):
        path = str(os.path.join(*args))
        if not os.path.exists(path):
            os.makedirs(path)
        return path

    settings.STORAGE_ROOT = storage_root = _path(tmpdir.mkdir('storage'))
    settings.SHARED_STORAGE = shared_storage = _path(
        storage_root, 'shared_storage')

    settings.ADDONS_PATH = _path(storage_root, 'files')
    settings.GUARDED_ADDONS_PATH = _path(storage_root, 'guarded-addons')
    settings.GIT_FILE_STORAGE_PATH = _path(storage_root, 'git-storage')
    settings.MEDIA_ROOT = _path(shared_storage, 'uploads')
    settings.TMP_PATH = _path(shared_storage, 'tmp')

    # Reset the prefixer and urlconf after updating media root
    default_prefixer(settings)

    from django.urls import clear_url_caches, set_urlconf

    def _clear_urlconf():
        clear_url_caches()
        set_urlconf(None)

    _clear_urlconf()

    request.addfinalizer(_clear_urlconf)

    yield

    core.set_user(None)
    clean_translations(None)  # Make sure queued translations are removed.

    # Make sure we revert everything we might have changed to prefixers.
    amo.urlresolvers.clean_url_prefixes()
示例#22
0
def update_maxversions(version_pks, job_pk, data, **kw):
    log.info('[%s@%s] Updating max version for job %s.'
             % (len(version_pks), update_maxversions.rate_limit, job_pk))
    job = ValidationJob.objects.get(pk=job_pk)
    core.set_user(get_task_user())
    dry_run = data['preview_only']
    app_id = job.target_version.application
    stats = collections.defaultdict(int)
    stats['processed'] = 0
    stats['is_dry_run'] = int(dry_run)
    for version in Version.objects.filter(pk__in=version_pks):
        stats['processed'] += 1
        file_pks = version.files.values_list('pk', flat=True)
        errors = (ValidationResult.objects.filter(validation_job=job,
                                                  file__pk__in=file_pks)
                                          .values_list('errors', flat=True))
        if any(errors):
            stats['invalid'] += 1
            log.info('Version %s for addon %s not updated, '
                     'one of the files did not pass validation'
                     % (version.pk, version.addon.pk))
            continue

        for app in version.apps.filter(
                application=job.curr_max_version.application,
                max__version_int__gte=job.curr_max_version.version_int,
                max__version_int__lt=job.target_version.version_int):
            stats['bumped'] += 1
            log.info('Updating version %s%s for addon %s from version %s '
                     'to version %s'
                     % (version.pk,
                        ' [DRY RUN]' if dry_run else '',
                        version.addon.pk,
                        job.curr_max_version.version,
                        job.target_version.version))
            app.max = job.target_version
            if not dry_run:
                app.save()
                ActivityLog.create(
                    amo.LOG.MAX_APPVERSION_UPDATED,
                    version.addon, version,
                    details={'version': version.version,
                             'target': job.target_version.version,
                             'application': app_id})

    log.info('[%s@%s] bulk update stats for job %s: {%s}'
             % (len(version_pks), update_maxversions.rate_limit, job_pk,
                ', '.join('%s: %s' % (k, stats[k])
                          for k in sorted(stats.keys()))))
示例#23
0
def test_pre_setup(request, tmpdir, settings):
    from django.core.cache import caches
    from django.utils import translation
    from olympia import amo, core
    from olympia.translations.hold import clean_translations

    caches['default'].clear()

    translation.trans_real.deactivate()
    # Django fails to clear this cache.
    translation.trans_real._translations = {}
    translation.trans_real.activate(settings.LANGUAGE_CODE)

    def _path(*args):
        path = str(os.path.join(*args))
        if not os.path.exists(path):
            os.makedirs(path)
        return path

    settings.STORAGE_ROOT = storage_root = _path(tmpdir.mkdir('storage'))
    settings.SHARED_STORAGE = shared_storage = _path(storage_root,
                                                     'shared_storage')

    settings.ADDONS_PATH = _path(storage_root, 'files')
    settings.GUARDED_ADDONS_PATH = _path(storage_root, 'guarded-addons')
    settings.GIT_FILE_STORAGE_PATH = _path(storage_root, 'git-storage')
    settings.MEDIA_ROOT = _path(shared_storage, 'uploads')
    settings.TMP_PATH = _path(shared_storage, 'tmp')

    # Reset the prefixer and urlconf after updating media root
    default_prefixer(settings)

    from django.urls import clear_url_caches, set_urlconf

    def _clear_urlconf():
        clear_url_caches()
        set_urlconf(None)

    _clear_urlconf()

    request.addfinalizer(_clear_urlconf)

    yield

    core.set_user(None)
    clean_translations(None)  # Make sure queued translations are removed.

    # Make sure we revert everything we might have changed to prefixers.
    amo.urlresolvers.clean_url_prefixes()
示例#24
0
    def setUp(self):
        super(TestAdditionalDetailsForm, self).setUp()
        self.addon = Addon.objects.get(pk=3615)
        category = Category.objects.get(pk=22)
        category.db_name = 'test'
        category.save()

        self.data = {
            'default_locale': 'en-US',
            'homepage': str(self.addon.homepage),
        }

        self.user = self.addon.authors.all()[0]
        core.set_user(self.user)
        self.request = req_factory_factory('/')
示例#25
0
    def test_activity(self):
        addon = addon_factory()
        core.set_user(self.user)
        ActivityLog.create(amo.LOG.CREATE_ADDON, addon)
        ActivityLog.create(amo.LOG.EDIT_PROPERTIES, addon)

        # Create another activity attached to a different user.
        someone_else = user_factory()
        core.set_user(someone_else)
        ActivityLog.create(amo.LOG.EDIT_PROPERTIES, addon)
        url, text = self._call_related_content_method('activity')
        expected_url = (reverse('admin:activity_activitylog_changelist') +
                        '?user=%d' % self.user.pk)
        assert url == expected_url
        assert text == '2'
示例#26
0
    def test_git_extract_action(self):
        addon1 = addon_factory()
        addon2 = addon_factory()

        addons = Addon.objects.filter(pk__in=(addon1.pk, addon2.pk))
        addon_admin = AddonAdmin(Addon, admin.site)
        request = RequestFactory().get('/')
        request.user = user_factory()
        core.set_user(request.user)
        request._messages = default_messages_storage(request)
        addon_admin.git_extract_action(request, addons)

        assert len(GitExtractionEntry.objects.all()) == 2
        assert GitExtractionEntry.objects.filter(addon=addon1).exists()
        assert GitExtractionEntry.objects.filter(addon=addon2).exists()
示例#27
0
    def setUp(self):
        super(TestTagsForm, self).setUp()
        self.addon = Addon.objects.get(pk=3615)
        category = Category.objects.get(pk=22)
        category.db_name = 'test'
        category.save()

        self.data = {
            'summary': str(self.addon.summary),
            'name': str(self.addon.name),
            'slug': self.addon.slug,
        }

        self.user = self.addon.authors.all()[0]
        core.set_user(self.user)
        self.request = req_factory_factory('/')
示例#28
0
    def setUp(self):
        super(TestTagsForm, self).setUp()
        self.addon = Addon.objects.get(pk=3615)
        category = Category.objects.get(pk=22)
        category.db_name = 'test'
        category.save()

        self.data = {
            'summary': str(self.addon.summary),
            'name': str(self.addon.name),
            'slug': self.addon.slug,
        }

        self.user = self.addon.authors.all()[0]
        core.set_user(self.user)
        self.request = req_factory_factory('/')
示例#29
0
    def test_activity(self):
        addon = addon_factory()
        core.set_user(self.user)
        ActivityLog.create(amo.LOG.CREATE_ADDON, addon)
        ActivityLog.create(amo.LOG.EDIT_PROPERTIES, addon)

        # Create another activity attached to a different user.
        someone_else = user_factory()
        core.set_user(someone_else)
        ActivityLog.create(amo.LOG.EDIT_PROPERTIES, addon)
        url, text = self._call_related_content_method('activity')
        expected_url = (
            reverse('admin:activity_activitylog_changelist') +
            '?user=%d' % self.user.pk)
        assert url == expected_url
        assert text == '2'
示例#30
0
 def test_can_edit_with_users_edit_permission(self):
     old_username = self.user.username
     user = user_factory(email='*****@*****.**')
     self.grant_permission(user, 'Users:Edit')
     self.client.login(email=user.email)
     core.set_user(user)
     response = self.client.get(self.detail_url, follow=True)
     assert response.status_code == 200
     response = self.client.post(
         self.detail_url, {'username': '******', 'email': self.user.email},
         follow=True)
     assert response.status_code == 200
     assert self.user.reload().username == 'foo'
     alog = ActivityLog.objects.latest('pk')
     assert alog.action == amo.LOG.ADMIN_USER_EDITED.id
     assert alog.arguments == [self.user]
     assert alog.details == {'username': [old_username, 'foo']}
示例#31
0
 def test_can_edit_with_users_edit_permission(self):
     old_username = self.user.username
     user = user_factory()
     self.grant_permission(user, 'Admin:Tools')
     self.grant_permission(user, 'Users:Edit')
     self.client.login(email=user.email)
     core.set_user(user)
     response = self.client.get(self.detail_url, follow=True)
     assert response.status_code == 200
     response = self.client.post(
         self.detail_url, {'username': '******', 'email': self.user.email},
         follow=True)
     assert response.status_code == 200
     assert self.user.reload().username == 'foo'
     alog = ActivityLog.objects.latest('pk')
     assert alog.action == amo.LOG.ADMIN_USER_EDITED.id
     assert alog.arguments == [self.user]
     assert alog.details == {'username': [old_username, 'foo']}
示例#32
0
    def test_mine(self):
        u = UserProfile.objects.get(email='*****@*****.**')
        addon = addon = Addon.objects.all()[0]
        c = u.favorites_collection()
        core.set_user(u)
        c.add_addon(addon)

        assert self.client.login(email='*****@*****.**')

        # My Collections.
        response = self.client.get('/en-US/firefox/collections/mine/')
        assert response.context['author'] == (
            UserProfile.objects.get(email='*****@*****.**'))

        # My Favorites.
        response = self.client.get(reverse('collections.detail',
                                           args=['mine', 'favorites']))
        assert response.status_code == 200
        assert list(response.context['addons'].object_list) == [addon]
示例#33
0
 def test_can_delete_with_admin_advanced_permission(
         self, _delete_related_content_mock):
     user = user_factory(email='*****@*****.**')
     self.grant_permission(user, 'Admin:Advanced')
     assert not self.user.deleted
     self.client.login(email=user.email)
     core.set_user(user)
     response = self.client.get(self.delete_url, follow=True)
     assert response.status_code == 200
     assert b'Cannot delete user' not in response.content
     response = self.client.post(self.delete_url, {'post': 'yes'},
                                 follow=True)
     assert response.status_code == 200
     self.user.reload()
     assert self.user.deleted
     assert self.user.email
     assert _delete_related_content_mock.call_count == 1
     alog = ActivityLog.objects.latest('pk')
     assert alog.action == amo.LOG.ADMIN_USER_ANONYMIZED.id
     assert alog.arguments == [self.user]
示例#34
0
    def authenticate_credentials(self, request, token):
        # initialize session with the key from the token rather than the cookie like
        # SessionMiddleware does.
        del request.session._session_cache
        request.session._session_key = token

        # call get_user to validate the session information is good - it returns safely
        user = get_user(request)
        if not user or user.is_anonymous or user.deleted:
            log.info('User or session not found.')
            msg = {
                'detail':
                gettext(
                    'Valid user session not found matching the provided session key.'
                ),
                'code':
                'ERROR_AUTHENTICATION_EXPIRED',
            }
            raise exceptions.AuthenticationFailed(msg)

        try:
            check_and_update_fxa_access_token(request)
        except IdentificationError:
            log.info(
                'User access token refresh failed; user needs to login to FxA again'
            )
            msg = {
                'detail':
                gettext(
                    'Access token refresh failed; user needs to login to FxA again.'
                ),
                'code':
                'ERROR_AUTHENTICATION_EXPIRED',
            }
            raise exceptions.AuthenticationFailed(msg)

        # Set user in thread like UserAndAddrMiddleware does.
        core.set_user(user)

        return (user, token)
示例#35
0
def test_pre_setup(request, tmpdir, settings):
    from django.core.cache import caches
    from django.utils import translation
    from olympia import amo, core
    from olympia.translations.hold import clean_translations

    caches['default'].clear()

    translation.trans_real.deactivate()
    # Django fails to clear this cache.
    translation.trans_real._translations = {}
    translation.trans_real.activate(settings.LANGUAGE_CODE)

    settings.MEDIA_ROOT = str(tmpdir.mkdir('media'))
    settings.TMP_PATH = str(tmpdir.mkdir('tmp'))
    settings.STATIC_ROOT = str(tmpdir.mkdir('site-static'))
    settings.NETAPP_STORAGE = settings.TMP_PATH
    settings.GIT_FILE_STORAGE_PATH = str(tmpdir.mkdir('git-storage'))

    # Reset the prefixer and urlconf after updating media root
    default_prefixer(settings)

    from django.urls import clear_url_caches, set_urlconf

    def _clear_urlconf():
        clear_url_caches()
        set_urlconf(None)

    _clear_urlconf()

    request.addfinalizer(_clear_urlconf)

    yield

    core.set_user(None)
    clean_translations(None)  # Make sure queued translations are removed.

    # Make sure we revert everything we might have changed to prefixers.
    amo.urlresolvers.clean_url_prefixes()
示例#36
0
    def test_reset_api_key_action(self):
        another_user = user_factory()
        a_third_user = user_factory()

        APIKey.objects.create(user=self.user, is_active=True, key='foo')
        APIKeyConfirmation.objects.create(user=self.user)

        APIKeyConfirmation.objects.create(user=another_user)

        APIKey.objects.create(user=a_third_user, is_active=True, key='bar')
        APIKeyConfirmation.objects.create(user=a_third_user)

        users = UserProfile.objects.filter(pk__in=(another_user.pk,
                                                   self.user.pk))
        user_admin = UserAdmin(UserProfile, admin.site)
        request = RequestFactory().get('/')
        request.user = user_factory()
        core.set_user(request.user)
        request._messages = default_messages_storage(request)
        user_admin.reset_api_key_action(request, users)
        # APIKeys should have been deactivated, APIKeyConfirmation deleted.
        assert self.user.api_keys.exists()
        assert not self.user.api_keys.filter(is_active=True).exists()
        assert not APIKeyConfirmation.objects.filter(user=self.user).exists()

        # This user didn't have api keys before, it shouldn't matter.
        assert not another_user.api_keys.exists()
        assert not another_user.api_keys.filter(is_active=True).exists()
        assert not APIKeyConfirmation.objects.filter(
            user=another_user).exists()

        # The 3rd user should be unaffected.
        assert a_third_user.api_keys.exists()
        assert a_third_user.api_keys.filter(is_active=True).exists()
        assert APIKeyConfirmation.objects.filter(user=a_third_user).exists()

        # We should see 2 activity logs.
        assert (ActivityLog.objects.filter(
            action=amo.LOG.ADMIN_API_KEY_RESET.id).count() == 2)
示例#37
0
def test_pre_setup(request, tmpdir, settings):
    from django.core.cache import caches
    from django.utils import translation
    from olympia import amo, core
    from olympia.translations.hold import clean_translations

    caches['default'].clear()

    translation.trans_real.deactivate()
    # Django fails to clear this cache.
    translation.trans_real._translations = {}
    translation.trans_real.activate(settings.LANGUAGE_CODE)

    settings.MEDIA_ROOT = str(tmpdir.mkdir('media'))
    settings.TMP_PATH = str(tmpdir.mkdir('tmp'))
    settings.STATIC_ROOT = str(tmpdir.mkdir('site-static'))
    settings.NETAPP_STORAGE = settings.TMP_PATH

    # Reset the prefixer and urlconf after updating media root
    default_prefixer(settings)

    from django.core.urlresolvers import clear_url_caches, set_urlconf

    def _clear_urlconf():
        clear_url_caches()
        set_urlconf(None)

    _clear_urlconf()

    request.addfinalizer(_clear_urlconf)

    yield

    core.set_user(None)
    clean_translations(None)  # Make sure queued translations are removed.

    # Make sure we revert everything we might have changed to prefixers.
    amo.urlresolvers.clean_url_prefixes()
示例#38
0
 def test_can_delete_with_admin_advanced_permission(
         self, delete_or_disable_related_content_mock):
     user = user_factory()
     assert not self.user.deleted
     self.grant_permission(user, 'Admin:Tools')
     self.grant_permission(user, 'Admin:Advanced')
     self.client.login(email=user.email)
     core.set_user(user)
     response = self.client.get(self.delete_url, follow=True)
     assert response.status_code == 200
     response = self.client.post(self.delete_url, {'post': 'yes'},
                                 follow=True)
     assert response.status_code == 200
     self.user.reload()
     assert self.user.deleted
     assert self.user.email is None
     assert delete_or_disable_related_content_mock.call_count == 1
     assert (delete_or_disable_related_content_mock.call_args[1] == {
         'delete': True
     })
     alog = ActivityLog.objects.latest('pk')
     assert alog.action == amo.LOG.ADMIN_USER_ANONYMIZED.id
     assert alog.arguments == [self.user]
示例#39
0
    def test_reset_session_action(self):
        assert self.user.auth_id
        another_user = user_factory()
        assert another_user.auth_id
        a_third_user = user_factory()
        assert a_third_user.auth_id
        old_auth_id = a_third_user.auth_id

        users = UserProfile.objects.filter(pk__in=(another_user.pk,
                                                   self.user.pk))
        user_admin = UserAdmin(UserProfile, admin.site)
        request = RequestFactory().get('/')
        request.user = user_factory()
        core.set_user(request.user)
        request._messages = default_messages_storage(request)
        user_admin.reset_session_action(request, users)

        self.user.reload()
        assert self.user.auth_id is None
        another_user.reload()
        assert another_user.auth_id is None
        a_third_user.reload()
        assert a_third_user.auth_id == old_auth_id
示例#40
0
    def test_approve_for_addon(self, mock_sign_file):
        core.set_user(user_factory())
        task_user = user_factory(id=settings.TASK_USER_ID)
        promo = PromotedAddon.objects.create(
            addon=addon_factory(version_kw={'version': '0.123a'}),
            group_id=promoted.SPOTLIGHT.id,
        )
        file_ = promo.addon.current_version.all_files[0]
        file_.update(filename='webextension.xpi')
        with amo.tests.copy_file(
                'src/olympia/files/fixtures/files/webextension.xpi',
                file_.file_path):
            # SPOTLIGHT doesnt have special signing states so won't be resigned
            promo.addon.reload()
            promo.addon.promoted_group() == promoted.NOT_PROMOTED
            promo.approve_for_addon()
            promo.addon.reload()
            promo.addon.promoted_group() == promoted.SPOTLIGHT
            assert promo.addon.current_version.version == '0.123a'
            mock_sign_file.assert_not_called()

            # VERIFIED does though.
            promo.update(group_id=promoted.VERIFIED.id)
            promo.addon.reload()
            promo.addon.promoted_group() == promoted.NOT_PROMOTED
            promo.approve_for_addon()
            promo.addon.reload()
            promo.addon.promoted_group() == promoted.VERIFIED
            assert promo.addon.current_version.version == '0.123a.1-signed'
            mock_sign_file.assert_called_with(file_)
            assert (ActivityLog.objects.for_addons((promo.addon, )).filter(
                action=amo.LOG.VERSION_RESIGNED.id).exists())
            alog = ActivityLog.objects.filter(
                action=amo.LOG.VERSION_RESIGNED.id).get()
            assert alog.user == task_user
            assert '0.123a.1-signed</a> re-signed (previously 0.123a)' in (
                str(alog))
示例#41
0
 def test_can_delete_with_admin_advanced_permission(
         self, delete_or_disable_related_content_mock):
     user = user_factory()
     assert not self.user.deleted
     self.grant_permission(user, 'Admin:Tools')
     self.grant_permission(user, 'Admin:Advanced')
     self.client.login(email=user.email)
     core.set_user(user)
     response = self.client.get(self.delete_url, follow=True)
     assert response.status_code == 200
     assert b'Cannot delete user' not in response.content
     response = self.client.post(self.delete_url, {'post': 'yes'},
                                 follow=True)
     assert response.status_code == 200
     self.user.reload()
     assert self.user.deleted
     assert self.user.email is None
     assert delete_or_disable_related_content_mock.call_count == 1
     assert (
         delete_or_disable_related_content_mock.call_args[1] ==
         {'delete': True})
     alog = ActivityLog.objects.latest('pk')
     assert alog.action == amo.LOG.ADMIN_USER_ANONYMIZED.id
     assert alog.arguments == [self.user]
示例#42
0
    def test_ban_action(self):
        another_user = user_factory()
        a_third_user = user_factory()
        users = UserProfile.objects.filter(
            pk__in=(another_user.pk, self.user.pk))
        user_admin = UserAdmin(UserProfile, admin.site)
        request = RequestFactory().get('/')
        request.user = user_factory()
        core.set_user(request.user)
        request._messages = default_messages_storage(request)
        user_admin.ban_action(request, users)
        # Both users should be banned.
        another_user.reload()
        self.user.reload()
        assert another_user.deleted
        assert another_user.email
        assert self.user.deleted
        assert self.user.email
        # The 3rd user should be unaffected.
        assert not a_third_user.reload().deleted

        # We should see 2 activity logs for banning.
        assert ActivityLog.objects.filter(
            action=amo.LOG.ADMIN_USER_BANNED.id).count() == 2
示例#43
0
    def test_reset_api_key(self):
        APIKey.objects.create(user=self.user, is_active=True, key='foo')
        APIKeyConfirmation.objects.create(user=self.user)

        reset_api_key_url = reverse(
            'admin:users_userprofile_reset_api_key', args=(self.user.pk, ))
        wrong_reset_api_key_url = reverse(
            'admin:users_userprofile_reset_api_key', args=(self.user.pk + 9, ))
        user = user_factory()
        self.grant_permission(user, 'Admin:Tools')
        self.client.login(email=user.email)
        core.set_user(user)
        response = self.client.post(reset_api_key_url, follow=True)
        assert response.status_code == 403
        self.grant_permission(user, 'Users:Edit')
        response = self.client.get(reset_api_key_url, follow=True)
        assert response.status_code == 405  # Wrong http method.
        response = self.client.post(wrong_reset_api_key_url, follow=True)
        assert response.status_code == 404  # Wrong pk.

        assert self.user.api_keys.filter(is_active=True).exists()
        assert APIKeyConfirmation.objects.filter(user=self.user).exists()

        response = self.client.post(reset_api_key_url, follow=True)
        assert response.status_code == 200
        assert response.redirect_chain[-1][0].endswith(self.detail_url)
        assert response.redirect_chain[-1][1] == 302

        alog = ActivityLog.objects.latest('pk')
        assert alog.action == amo.LOG.ADMIN_API_KEY_RESET.id
        assert alog.arguments == [self.user]

        # APIKeys should have been deactivated, APIKeyConfirmation deleted.
        assert self.user.api_keys.exists()
        assert not self.user.api_keys.filter(is_active=True).exists()
        assert not APIKeyConfirmation.objects.filter(user=self.user).exists()
    def authenticate_credentials(self, payload):
        """
        Returns a verified AMO user who is active and allowed to make API
        requests.
        """
        if 'orig_iat' in payload:
            msg = ("API key based tokens are not refreshable, don't include "
                   "`orig_iat` in their payload.")
            raise exceptions.AuthenticationFailed(msg)
        try:
            api_key = APIKey.get_jwt_key(key=payload['iss'])
        except APIKey.DoesNotExist:
            msg = 'Invalid API Key.'
            raise exceptions.AuthenticationFailed(msg)

        if api_key.user.deleted:
            msg = 'User account is disabled.'
            raise exceptions.AuthenticationFailed(msg)
        if not api_key.user.read_dev_agreement:
            msg = 'User has not read developer agreement.'
            raise exceptions.AuthenticationFailed(msg)

        core.set_user(api_key.user)
        return api_key.user
示例#45
0
    def authenticate_credentials(self, payload):
        """
        Returns a verified AMO user who is active and allowed to make API
        requests.
        """
        if 'orig_iat' in payload:
            msg = ("API key based tokens are not refreshable, don't include "
                   '`orig_iat` in their payload.')
            raise exceptions.AuthenticationFailed(msg)
        try:
            api_key = APIKey.get_jwt_key(key=payload['iss'])
        except APIKey.DoesNotExist:
            msg = 'Invalid API Key.'
            raise exceptions.AuthenticationFailed(msg)

        if api_key.user.deleted:
            msg = 'User account is disabled.'
            raise exceptions.AuthenticationFailed(msg)
        if not api_key.user.read_dev_agreement:
            msg = 'User has not read developer agreement.'
            raise exceptions.AuthenticationFailed(msg)

        core.set_user(api_key.user)
        return api_key.user
示例#46
0
    def test_ban_action(self):
        another_user = user_factory()
        a_third_user = user_factory()
        users = UserProfile.objects.filter(pk__in=(another_user.pk,
                                                   self.user.pk))
        user_admin = UserAdmin(UserProfile, admin.site)
        request = RequestFactory().get('/')
        request.user = user_factory()
        core.set_user(request.user)
        request._messages = default_messages_storage(request)
        user_admin.ban_action(request, users)
        # Both users should be banned.
        another_user.reload()
        self.user.reload()
        assert another_user.deleted
        assert another_user.email
        assert self.user.deleted
        assert self.user.email
        # The 3rd user should be unaffected.
        assert not a_third_user.reload().deleted

        # We should see 2 activity logs for banning.
        assert (ActivityLog.objects.filter(
            action=amo.LOG.ADMIN_USER_BANNED.id).count() == 2)
示例#47
0
def test_pre_setup(request, tmpdir, settings):
    caches['default'].clear()
    caches['filesystem'].clear()
    # Override django-cache-machine caching.base.TIMEOUT because it's
    # computed too early, before settings_test.py is imported.
    caching.base.TIMEOUT = settings.CACHE_COUNT_TIMEOUT

    translation.trans_real.deactivate()
    # Django fails to clear this cache.
    translation.trans_real._translations = {}
    translation.trans_real.activate(settings.LANGUAGE_CODE)

    settings.MEDIA_ROOT = str(tmpdir.mkdir('media'))
    settings.TMP_PATH = str(tmpdir.mkdir('tmp'))
    settings.NETAPP_STORAGE = settings.TMP_PATH

    # Reset the prefixer and urlconf after updating media root
    default_prefixer(settings)

    from django.core.urlresolvers import clear_url_caches, set_urlconf

    def _clear_urlconf():
        clear_url_caches()
        set_urlconf(None)

    _clear_urlconf()

    request.addfinalizer(_clear_urlconf)

    yield

    core.set_user(None)
    clean_translations(None)  # Make sure queued translations are removed.

    # Make sure we revert everything we might have changed to prefixers.
    amo.urlresolvers.clean_url_prefixes()
示例#48
0
def test_pre_setup(request, tmpdir, settings):
    caches['default'].clear()
    caches['filesystem'].clear()
    # Override django-cache-machine caching.base.TIMEOUT because it's
    # computed too early, before settings_test.py is imported.
    caching.base.TIMEOUT = settings.CACHE_COUNT_TIMEOUT

    translation.trans_real.deactivate()
    # Django fails to clear this cache.
    translation.trans_real._translations = {}
    translation.trans_real.activate(settings.LANGUAGE_CODE)

    settings.MEDIA_ROOT = str(tmpdir.mkdir('media'))
    settings.TMP_PATH = str(tmpdir.mkdir('tmp'))
    settings.NETAPP_STORAGE = settings.TMP_PATH

    # Reset the prefixer and urlconf after updating media root
    default_prefixer(settings)

    from django.core.urlresolvers import clear_url_caches, set_urlconf

    def _clear_urlconf():
        clear_url_caches()
        set_urlconf(None)

    _clear_urlconf()

    request.addfinalizer(_clear_urlconf)

    yield

    core.set_user(None)
    clean_translations(None)  # Make sure queued translations are removed.

    # Make sure we revert everything we might have changed to prefixers.
    amo.urlresolvers.clean_url_prefixes()
示例#49
0
def test_set_get_user_anonymous():
    core.set_user(AnonymousUser())
    assert core.get_user() is None

    user = UserProfile()
    core.set_user(user)
    assert core.get_user() == user

    core.set_user(None)
    assert core.get_user() is None
示例#50
0
 def setUp(self):
     super(TestActivityLog, self).setUp()
     u = UserProfile.objects.create(username='******')
     self.request = Mock()
     self.request.user = self.user = u
     core.set_user(u)
示例#51
0
 def test_no_user(self):
     core.set_user(None)
     count = ActivityLog.objects.count()
     ActivityLog.create(amo.LOG.CUSTOM_TEXT, 'hi')
     assert count == ActivityLog.objects.count()
示例#52
0
 def process_exception(self, request, exception):
     core.set_user(None)
     core.set_remote_addr(None)
示例#53
0
 def process_response(self, request, response):
     core.set_user(None)
     core.set_remote_addr(None)
     return response
示例#54
0
 def setUp(self):
     super(LogTest, self).setUp()
     u = UserProfile.objects.create(username='******')
     core.set_user(u)
 def setUp(self):
     super(TestCollections, self).setUp()
     self.user = UserProfile.objects.create(username='******', email='uh@hh')
     self.other = UserProfile.objects.exclude(id=self.user.id)[0]
     core.set_user(self.user)
示例#56
0
 def test_no_user(self):
     core.set_user(None)
     count = ActivityLog.objects.count()
     ActivityLog.create(amo.LOG.CUSTOM_TEXT, 'hi')
     assert count == ActivityLog.objects.count()
示例#57
0
 def tearDown(self):
     core.set_user(None)
     super(TestActivityLog, self).tearDown()
示例#58
0
 def tearDown(self):
     core.set_user(None)
     super(TestActivityLog, self).tearDown()
示例#59
0
 def setUp(self):
     """Start with one user, two add-ons."""
     super(TestActivity, self).setUp()
     self.clone_addon(2)
     core.set_user(self.user_profile)
     self.addon, self.addon2 = list(self.user_profile.addons.all())