def test_new_theme_version_with_69_properties(self):
core.set_user(user_factory())
addon = addon_factory(
type=amo.ADDON_STATICTHEME, version_kw={'version': '1.0'})
old_version = addon.current_version
old_file_path = old_version.all_files[0].current_file_path
amo.storage_utils.copy_stored_file(self.file_obj_dep, old_file_path)
assert os.path.isfile(old_file_path)
new_version = new_theme_version_with_69_properties(old_version)
assert addon.versions.all().count() == 2
assert addon.current_version == new_version
new_file_path = new_version.all_files[0].current_file_path
with zipfile.ZipFile(self.file_obj_dep, 'r') as old_xpi:
with zipfile.ZipFile(new_file_path, 'r') as new_xpi:
assert len(old_xpi.infolist()) == len(new_xpi.infolist())
for entry in old_xpi.infolist():
file_ = entry.filename
if file_ == 'manifest.json':
old_manifest = json.loads(old_xpi.read(file_))
new_manifest = json.loads(new_xpi.read(file_))
assert old_manifest != new_manifest
# need to pop the version as it's been bumped
old_ver_num = old_manifest.pop('version')
new_ver_num = new_manifest.pop('version')
assert old_ver_num != new_ver_num
assert new_manifest == (
new_69_theme_properties_from_old(old_manifest))
else:
assert old_xpi.read(file_) == new_xpi.read(file_)
def setUp(self):
super(TestActivityLog, self).setUp()
self.user = UserProfile.objects.create(
username='******', display_name='Yolo')
self.request = Mock()
self.request.user = self.user
core.set_user(self.user)
def test_ban(self):
ban_url = reverse('admin:users_userprofile_ban', args=(self.user.pk, ))
wrong_ban_url = reverse(
'admin:users_userprofile_ban', args=(self.user.pk + 42, ))
user = user_factory()
self.grant_permission(user, 'Admin:Tools')
self.client.login(email=user.email)
core.set_user(user)
response = self.client.post(ban_url, follow=True)
assert response.status_code == 403
self.grant_permission(user, 'Users:Edit')
response = self.client.get(ban_url, follow=True)
assert response.status_code == 405 # Wrong http method.
response = self.client.post(wrong_ban_url, follow=True)
assert response.status_code == 404 # Wrong pk.
self.user.reload()
assert not self.user.deleted
response = self.client.post(ban_url, follow=True)
assert response.status_code == 200
assert response.redirect_chain[-1][0].endswith(self.detail_url)
assert response.redirect_chain[-1][1] == 302
self.user.reload()
assert self.user.deleted
assert self.user.email
alog = ActivityLog.objects.latest('pk')
assert alog.action == amo.LOG.ADMIN_USER_BANNED.id
assert alog.arguments == [self.user]
def setUp(self):
super(TestActivityLogCount, self).setUp()
now = datetime.now()
bom = datetime(now.year, now.month, 1)
self.lm = bom - timedelta(days=1)
self.user = UserProfile.objects.get()
core.set_user(self.user)
def test_last_known_activity_time(self):
someone_else = user_factory(username='******')
addon = addon_factory()
model_admin = UserAdmin(UserProfile, admin.site)
assert six.text_type(
model_admin.last_known_activity_time(self.user)) == ''
# Add various activities. They will be attached to whatever user is
# set in the thread global at the time, so set that in advance.
core.set_user(self.user)
expected_date = self.days_ago(1)
activity = ActivityLog.create(amo.LOG.CREATE_ADDON, addon)
activity.update(created=self.days_ago(2))
activity.userlog_set.update(created=self.days_ago(2))
activity = ActivityLog.create(amo.LOG.EDIT_PROPERTIES, addon)
activity.update(created=expected_date)
activity.userlog_set.update(created=expected_date)
assert activity.reload().created == expected_date
# Create another activity, more recent, attached to a different user.
core.set_user(someone_else)
activity = ActivityLog.create(amo.LOG.EDIT_PROPERTIES, addon)
expected_result = DateFormat(expected_date).format(
settings.DATETIME_FORMAT)
assert (
six.text_type(model_admin.last_known_activity_time(self.user)) ==
expected_result)
def test_delete_picture(self, delete_picture_mock):
delete_picture_url = reverse(
'admin:users_userprofile_delete_picture', args=(self.user.pk, ))
wrong_delete_picture_url = reverse(
'admin:users_userprofile_delete_picture',
args=(self.user.pk + 42, ))
user = user_factory()
self.grant_permission(user, 'Admin:Tools')
self.client.login(email=user.email)
core.set_user(user)
response = self.client.post(delete_picture_url, follow=True)
assert response.status_code == 403
self.grant_permission(user, 'Users:Edit')
response = self.client.get(delete_picture_url, follow=True)
assert response.status_code == 405 # Wrong http method.
response = self.client.post(wrong_delete_picture_url, follow=True)
assert response.status_code == 404 # Wrong pk.
assert delete_picture_mock.call_count == 0
response = self.client.post(delete_picture_url, follow=True)
assert response.status_code == 200
assert response.redirect_chain[-1][0].endswith(self.detail_url)
assert response.redirect_chain[-1][1] == 302
assert delete_picture_mock.call_count == 1
alog = ActivityLog.objects.latest('pk')
assert alog.action == amo.LOG.ADMIN_USER_PICTURE_DELETED.id
assert alog.arguments == [self.user]
def authenticate_credentials(self, payload):
"""
Return a non-deleted user that matches the payload's user id.
Mimic what our UserAndAddrMiddleware and django's get_user() do when
authenticating, because otherwise that behaviour would be missing in
the API since API auth happens after the middleware process request
phase.
"""
if 'user_id' not in payload:
log.info('No user_id in token payload {}'.format(payload))
raise exceptions.AuthenticationFailed()
try:
user = UserProfile.objects.filter(deleted=False).get(
pk=payload['user_id'])
except UserProfile.DoesNotExist:
log.info('User not found from token payload {}'.format(payload))
raise exceptions.AuthenticationFailed()
# Check get_session_auth_hash like django's get_user() does.
session_auth_hash = user.get_session_auth_hash()
payload_auth_hash = payload.get('auth_hash', '')
if not constant_time_compare(payload_auth_hash, session_auth_hash):
log.info('User tried to authenticate with invalid auth hash in'
'payload {}'.format(payload))
raise exceptions.AuthenticationFailed()
# Set user in thread like UserAndAddrMiddleware does.
core.set_user(user)
return user
def test_version_delete_logs(self):
user = UserProfile.objects.get(pk=55021)
core.set_user(user)
# The transform don't know bout my users.
version = Version.objects.get(pk=81551)
assert ActivityLog.objects.count() == 0
version.delete()
assert ActivityLog.objects.count() == 2
def wrapper(*args, **kw):
old_user = core.get_user()
core.set_user(get_task_user())
try:
result = f(*args, **kw)
finally:
core.set_user(old_user)
return result
def test_version_delete_logs(self):
user = UserProfile.objects.get(pk=55021)
core.set_user(user)
# The transform don't know bout my users.
version = Version.objects.get(pk=81551)
assert ActivityLog.objects.count() == 0
version.delete()
assert ActivityLog.objects.count() == 2
def test_can_delete_with_related_objects_with_admin_advanced_permission(
self):
# Add related instances...
addon = addon_factory()
addon_with_other_authors = addon_factory()
AddonUser.objects.create(addon=addon_with_other_authors,
user=user_factory())
relations_that_should_be_deleted = [
AddonUser.objects.create(addon=addon_with_other_authors,
user=self.user),
Rating.objects.create(addon=addon_factory(),
rating=5,
user=self.user),
addon, # Has no other author, should be deleted.
collection_factory(author=self.user)
]
relations_that_should_survive = [
AbuseReport.objects.create(reporter=self.user),
AbuseReport.objects.create(user=self.user),
ActivityLog.create(user=self.user, action=amo.LOG.USER_EDITED),
ReviewerScore.objects.create(user=self.user, score=42),
addon_with_other_authors, # Has other authors, should be kept.
# Bit of a weird case, but because the user was the only author of
# this add-on, the addonuser relation is kept, and both the add-on
# and the user are soft-deleted. This is in contrast with the case
# where the user is *not* the only author, in which case the
# addonuser relation is deleted, but the add-on is left intact.
AddonUser.objects.create(addon=addon, user=self.user),
]
# Now test as normal.
user = user_factory()
assert not self.user.deleted
self.grant_permission(user, 'Admin:Tools')
self.grant_permission(user, 'Admin:Advanced')
self.client.login(email=user.email)
core.set_user(user)
response = self.client.get(self.delete_url, follow=True)
assert response.status_code == 200
assert b'Cannot delete user' not in response.content
response = self.client.post(self.delete_url, {'post': 'yes'},
follow=True)
assert response.status_code == 200
self.user.reload()
assert self.user.deleted
assert self.user.email is None
alog = ActivityLog.objects.filter(
action=amo.LOG.ADMIN_USER_ANONYMIZED.id).get()
assert alog.arguments == [self.user]
# Test the related instances we created earlier.
for obj in relations_that_should_be_deleted:
assert not obj.__class__.objects.filter(pk=obj.pk).exists()
for obj in relations_that_should_survive:
assert obj.__class__.objects.filter(pk=obj.pk).exists()
def test_set_task_user(self):
@decorators.set_task_user
def some_func():
return core.get_user()
core.set_user(UserProfile.objects.get(username='******'))
assert core.get_user().pk == 999
assert some_func().pk == int(settings.TASK_USER_ID)
assert core.get_user().pk == 999
def test_set_task_user(self):
@decorators.set_task_user
def some_func():
return core.get_user()
core.set_user(UserProfile.objects.get(username='******'))
assert core.get_user().pk == 999
assert some_func().pk == int(settings.TASK_USER_ID)
assert core.get_user().pk == 999
def test_can_delete_with_related_objects_with_admin_advanced_permission(
self):
# Add related instances...
addon = addon_factory()
addon_with_other_authors = addon_factory()
AddonUser.objects.create(
addon=addon_with_other_authors, user=user_factory())
relations_that_should_be_deleted = [
AddonUser.objects.create(
addon=addon_with_other_authors, user=self.user),
Rating.objects.create(
addon=addon_factory(), rating=5, user=self.user),
addon, # Has no other author, should be deleted.
collection_factory(author=self.user)
]
relations_that_should_survive = [
AbuseReport.objects.create(reporter=self.user),
AbuseReport.objects.create(user=self.user),
ActivityLog.create(user=self.user, action=amo.LOG.USER_EDITED),
ReviewerScore.objects.create(user=self.user, score=42),
addon_with_other_authors, # Has other authors, should be kept.
# Bit of a weird case, but because the user was the only author of
# this add-on, the addonuser relation is kept, and both the add-on
# and the user are soft-deleted. This is in contrast with the case
# where the user is *not* the only author, in which case the
# addonuser relation is deleted, but the add-on is left intact.
AddonUser.objects.create(addon=addon, user=self.user),
]
# Now test as normal.
user = user_factory()
assert not self.user.deleted
self.grant_permission(user, 'Admin:Tools')
self.grant_permission(user, 'Admin:Advanced')
self.client.login(email=user.email)
core.set_user(user)
response = self.client.get(self.delete_url, follow=True)
assert response.status_code == 200
assert b'Cannot delete user' not in response.content
response = self.client.post(self.delete_url, {'post': 'yes'},
follow=True)
assert response.status_code == 200
self.user.reload()
assert self.user.deleted
assert self.user.email is None
alog = ActivityLog.objects.filter(
action=amo.LOG.ADMIN_USER_ANONYMIZED.id).get()
assert alog.arguments == [self.user]
# Test the related instances we created earlier.
for obj in relations_that_should_be_deleted:
assert not obj.__class__.objects.filter(pk=obj.pk).exists()
for obj in relations_that_should_survive:
assert obj.__class__.objects.filter(pk=obj.pk).exists()
def process_request(self, request):
"""Attach authentication/permission helpers to request, and persist
user and remote addr in current thread."""
request.check_ownership = partial(acl.check_ownership, request)
# Persist the user and remote addr in the thread to make it accessible
# in log() statements etc.
if request.user.is_authenticated():
core.set_user(request.user)
core.set_remote_addr(request.META.get('REMOTE_ADDR'))
def test_unreviewed_addon(self):
u = UserProfile.objects.get(email='*****@*****.**')
addon = Addon.objects.all()[0]
addon.status = amo.STATUS_NOMINATED
c = u.favorites_collection()
core.set_user(u)
c.add_addon(addon)
self.client.login(email='*****@*****.**')
response = self.client.get(c.get_url_path())
assert list(response.context['addons'].object_list) == [addon]
def setUp(self):
super(TestAdditionalDetailsForm, self).setUp()
self.addon = Addon.objects.get(pk=3615)
self.data = {
'default_locale': 'en-US',
'homepage': str(self.addon.homepage),
}
self.user = self.addon.authors.all()[0]
core.set_user(self.user)
self.request = req_factory_factory('/')
def setUp(self):
super().setUp()
self.addon = Addon.objects.get(pk=3615)
self.data = {
'default_locale': 'en-US',
'homepage': str(self.addon.homepage),
}
self.user = self.addon.authors.all()[0]
core.set_user(self.user)
self.request = req_factory_factory('/')
def test_user_approve_reviews(self):
self.add_approve_logs(3)
other = UserProfile.objects.create(email='*****@*****.**', username='******')
core.set_user(other)
self.add_approve_logs(2)
result = ActivityLog.objects.user_approve_reviews(self.user).count()
assert result == 3
result = ActivityLog.objects.user_approve_reviews(other).count()
assert result == 2
another = UserProfile.objects.create(email='*****@*****.**', username='******')
result = ActivityLog.objects.user_approve_reviews(another).count()
assert result == 0
def test_user_approve_reviews(self):
self.add_approve_logs(3)
other = UserProfile.objects.create(email="*****@*****.**", username="******")
core.set_user(other)
self.add_approve_logs(2)
result = ActivityLog.objects.user_approve_reviews(self.user).count()
assert result == 3
result = ActivityLog.objects.user_approve_reviews(other).count()
assert result == 2
another = UserProfile.objects.create(
email="*****@*****.**", username="******")
result = ActivityLog.objects.user_approve_reviews(another).count()
assert result == 0
def test_pre_setup(request, tmpdir, settings):
from django.core.cache import caches
from django.utils import translation
from olympia import amo, core
from olympia.translations.hold import clean_translations
caches['default'].clear()
translation.trans_real.deactivate()
# Django fails to clear this cache.
translation.trans_real._translations = {}
translation.trans_real.activate(settings.LANGUAGE_CODE)
def _path(*args):
path = str(os.path.join(*args))
if not os.path.exists(path):
os.makedirs(path)
return path
settings.STORAGE_ROOT = storage_root = _path(tmpdir.mkdir('storage'))
settings.SHARED_STORAGE = shared_storage = _path(
storage_root, 'shared_storage')
settings.ADDONS_PATH = _path(storage_root, 'files')
settings.GUARDED_ADDONS_PATH = _path(storage_root, 'guarded-addons')
settings.GIT_FILE_STORAGE_PATH = _path(storage_root, 'git-storage')
settings.MEDIA_ROOT = _path(shared_storage, 'uploads')
settings.TMP_PATH = _path(shared_storage, 'tmp')
# Reset the prefixer and urlconf after updating media root
default_prefixer(settings)
from django.urls import clear_url_caches, set_urlconf
def _clear_urlconf():
clear_url_caches()
set_urlconf(None)
_clear_urlconf()
request.addfinalizer(_clear_urlconf)
yield
core.set_user(None)
clean_translations(None) # Make sure queued translations are removed.
# Make sure we revert everything we might have changed to prefixers.
amo.urlresolvers.clean_url_prefixes()
def update_maxversions(version_pks, job_pk, data, **kw):
log.info('[%s@%s] Updating max version for job %s.'
% (len(version_pks), update_maxversions.rate_limit, job_pk))
job = ValidationJob.objects.get(pk=job_pk)
core.set_user(get_task_user())
dry_run = data['preview_only']
app_id = job.target_version.application
stats = collections.defaultdict(int)
stats['processed'] = 0
stats['is_dry_run'] = int(dry_run)
for version in Version.objects.filter(pk__in=version_pks):
stats['processed'] += 1
file_pks = version.files.values_list('pk', flat=True)
errors = (ValidationResult.objects.filter(validation_job=job,
file__pk__in=file_pks)
.values_list('errors', flat=True))
if any(errors):
stats['invalid'] += 1
log.info('Version %s for addon %s not updated, '
'one of the files did not pass validation'
% (version.pk, version.addon.pk))
continue
for app in version.apps.filter(
application=job.curr_max_version.application,
max__version_int__gte=job.curr_max_version.version_int,
max__version_int__lt=job.target_version.version_int):
stats['bumped'] += 1
log.info('Updating version %s%s for addon %s from version %s '
'to version %s'
% (version.pk,
' [DRY RUN]' if dry_run else '',
version.addon.pk,
job.curr_max_version.version,
job.target_version.version))
app.max = job.target_version
if not dry_run:
app.save()
ActivityLog.create(
amo.LOG.MAX_APPVERSION_UPDATED,
version.addon, version,
details={'version': version.version,
'target': job.target_version.version,
'application': app_id})
log.info('[%s@%s] bulk update stats for job %s: {%s}'
% (len(version_pks), update_maxversions.rate_limit, job_pk,
', '.join('%s: %s' % (k, stats[k])
for k in sorted(stats.keys()))))
def test_pre_setup(request, tmpdir, settings):
from django.core.cache import caches
from django.utils import translation
from olympia import amo, core
from olympia.translations.hold import clean_translations
caches['default'].clear()
translation.trans_real.deactivate()
# Django fails to clear this cache.
translation.trans_real._translations = {}
translation.trans_real.activate(settings.LANGUAGE_CODE)
def _path(*args):
path = str(os.path.join(*args))
if not os.path.exists(path):
os.makedirs(path)
return path
settings.STORAGE_ROOT = storage_root = _path(tmpdir.mkdir('storage'))
settings.SHARED_STORAGE = shared_storage = _path(storage_root,
'shared_storage')
settings.ADDONS_PATH = _path(storage_root, 'files')
settings.GUARDED_ADDONS_PATH = _path(storage_root, 'guarded-addons')
settings.GIT_FILE_STORAGE_PATH = _path(storage_root, 'git-storage')
settings.MEDIA_ROOT = _path(shared_storage, 'uploads')
settings.TMP_PATH = _path(shared_storage, 'tmp')
# Reset the prefixer and urlconf after updating media root
default_prefixer(settings)
from django.urls import clear_url_caches, set_urlconf
def _clear_urlconf():
clear_url_caches()
set_urlconf(None)
_clear_urlconf()
request.addfinalizer(_clear_urlconf)
yield
core.set_user(None)
clean_translations(None) # Make sure queued translations are removed.
# Make sure we revert everything we might have changed to prefixers.
amo.urlresolvers.clean_url_prefixes()
def setUp(self):
super(TestAdditionalDetailsForm, self).setUp()
self.addon = Addon.objects.get(pk=3615)
category = Category.objects.get(pk=22)
category.db_name = 'test'
category.save()
self.data = {
'default_locale': 'en-US',
'homepage': str(self.addon.homepage),
}
self.user = self.addon.authors.all()[0]
core.set_user(self.user)
self.request = req_factory_factory('/')
def test_activity(self):
addon = addon_factory()
core.set_user(self.user)
ActivityLog.create(amo.LOG.CREATE_ADDON, addon)
ActivityLog.create(amo.LOG.EDIT_PROPERTIES, addon)
# Create another activity attached to a different user.
someone_else = user_factory()
core.set_user(someone_else)
ActivityLog.create(amo.LOG.EDIT_PROPERTIES, addon)
url, text = self._call_related_content_method('activity')
expected_url = (reverse('admin:activity_activitylog_changelist') +
'?user=%d' % self.user.pk)
assert url == expected_url
assert text == '2'
def test_git_extract_action(self):
addon1 = addon_factory()
addon2 = addon_factory()
addons = Addon.objects.filter(pk__in=(addon1.pk, addon2.pk))
addon_admin = AddonAdmin(Addon, admin.site)
request = RequestFactory().get('/')
request.user = user_factory()
core.set_user(request.user)
request._messages = default_messages_storage(request)
addon_admin.git_extract_action(request, addons)
assert len(GitExtractionEntry.objects.all()) == 2
assert GitExtractionEntry.objects.filter(addon=addon1).exists()
assert GitExtractionEntry.objects.filter(addon=addon2).exists()
def setUp(self):
super(TestTagsForm, self).setUp()
self.addon = Addon.objects.get(pk=3615)
category = Category.objects.get(pk=22)
category.db_name = 'test'
category.save()
self.data = {
'summary': str(self.addon.summary),
'name': str(self.addon.name),
'slug': self.addon.slug,
}
self.user = self.addon.authors.all()[0]
core.set_user(self.user)
self.request = req_factory_factory('/')
def setUp(self):
super(TestTagsForm, self).setUp()
self.addon = Addon.objects.get(pk=3615)
category = Category.objects.get(pk=22)
category.db_name = 'test'
category.save()
self.data = {
'summary': str(self.addon.summary),
'name': str(self.addon.name),
'slug': self.addon.slug,
}
self.user = self.addon.authors.all()[0]
core.set_user(self.user)
self.request = req_factory_factory('/')
def test_activity(self):
addon = addon_factory()
core.set_user(self.user)
ActivityLog.create(amo.LOG.CREATE_ADDON, addon)
ActivityLog.create(amo.LOG.EDIT_PROPERTIES, addon)
# Create another activity attached to a different user.
someone_else = user_factory()
core.set_user(someone_else)
ActivityLog.create(amo.LOG.EDIT_PROPERTIES, addon)
url, text = self._call_related_content_method('activity')
expected_url = (
reverse('admin:activity_activitylog_changelist') +
'?user=%d' % self.user.pk)
assert url == expected_url
assert text == '2'
def test_can_edit_with_users_edit_permission(self):
old_username = self.user.username
user = user_factory(email='*****@*****.**')
self.grant_permission(user, 'Users:Edit')
self.client.login(email=user.email)
core.set_user(user)
response = self.client.get(self.detail_url, follow=True)
assert response.status_code == 200
response = self.client.post(
self.detail_url, {'username': '******', 'email': self.user.email},
follow=True)
assert response.status_code == 200
assert self.user.reload().username == 'foo'
alog = ActivityLog.objects.latest('pk')
assert alog.action == amo.LOG.ADMIN_USER_EDITED.id
assert alog.arguments == [self.user]
assert alog.details == {'username': [old_username, 'foo']}
def test_can_edit_with_users_edit_permission(self):
old_username = self.user.username
user = user_factory()
self.grant_permission(user, 'Admin:Tools')
self.grant_permission(user, 'Users:Edit')
self.client.login(email=user.email)
core.set_user(user)
response = self.client.get(self.detail_url, follow=True)
assert response.status_code == 200
response = self.client.post(
self.detail_url, {'username': '******', 'email': self.user.email},
follow=True)
assert response.status_code == 200
assert self.user.reload().username == 'foo'
alog = ActivityLog.objects.latest('pk')
assert alog.action == amo.LOG.ADMIN_USER_EDITED.id
assert alog.arguments == [self.user]
assert alog.details == {'username': [old_username, 'foo']}
def test_mine(self):
u = UserProfile.objects.get(email='*****@*****.**')
addon = addon = Addon.objects.all()[0]
c = u.favorites_collection()
core.set_user(u)
c.add_addon(addon)
assert self.client.login(email='*****@*****.**')
# My Collections.
response = self.client.get('/en-US/firefox/collections/mine/')
assert response.context['author'] == (
UserProfile.objects.get(email='*****@*****.**'))
# My Favorites.
response = self.client.get(reverse('collections.detail',
args=['mine', 'favorites']))
assert response.status_code == 200
assert list(response.context['addons'].object_list) == [addon]
def test_can_delete_with_admin_advanced_permission(
self, _delete_related_content_mock):
user = user_factory(email='*****@*****.**')
self.grant_permission(user, 'Admin:Advanced')
assert not self.user.deleted
self.client.login(email=user.email)
core.set_user(user)
response = self.client.get(self.delete_url, follow=True)
assert response.status_code == 200
assert b'Cannot delete user' not in response.content
response = self.client.post(self.delete_url, {'post': 'yes'},
follow=True)
assert response.status_code == 200
self.user.reload()
assert self.user.deleted
assert self.user.email
assert _delete_related_content_mock.call_count == 1
alog = ActivityLog.objects.latest('pk')
assert alog.action == amo.LOG.ADMIN_USER_ANONYMIZED.id
assert alog.arguments == [self.user]
def authenticate_credentials(self, request, token):
# initialize session with the key from the token rather than the cookie like
# SessionMiddleware does.
del request.session._session_cache
request.session._session_key = token
# call get_user to validate the session information is good - it returns safely
user = get_user(request)
if not user or user.is_anonymous or user.deleted:
log.info('User or session not found.')
msg = {
'detail':
gettext(
'Valid user session not found matching the provided session key.'
),
'code':
'ERROR_AUTHENTICATION_EXPIRED',
}
raise exceptions.AuthenticationFailed(msg)
try:
check_and_update_fxa_access_token(request)
except IdentificationError:
log.info(
'User access token refresh failed; user needs to login to FxA again'
)
msg = {
'detail':
gettext(
'Access token refresh failed; user needs to login to FxA again.'
),
'code':
'ERROR_AUTHENTICATION_EXPIRED',
}
raise exceptions.AuthenticationFailed(msg)
# Set user in thread like UserAndAddrMiddleware does.
core.set_user(user)
return (user, token)
def test_pre_setup(request, tmpdir, settings):
from django.core.cache import caches
from django.utils import translation
from olympia import amo, core
from olympia.translations.hold import clean_translations
caches['default'].clear()
translation.trans_real.deactivate()
# Django fails to clear this cache.
translation.trans_real._translations = {}
translation.trans_real.activate(settings.LANGUAGE_CODE)
settings.MEDIA_ROOT = str(tmpdir.mkdir('media'))
settings.TMP_PATH = str(tmpdir.mkdir('tmp'))
settings.STATIC_ROOT = str(tmpdir.mkdir('site-static'))
settings.NETAPP_STORAGE = settings.TMP_PATH
settings.GIT_FILE_STORAGE_PATH = str(tmpdir.mkdir('git-storage'))
# Reset the prefixer and urlconf after updating media root
default_prefixer(settings)
from django.urls import clear_url_caches, set_urlconf
def _clear_urlconf():
clear_url_caches()
set_urlconf(None)
_clear_urlconf()
request.addfinalizer(_clear_urlconf)
yield
core.set_user(None)
clean_translations(None) # Make sure queued translations are removed.
# Make sure we revert everything we might have changed to prefixers.
amo.urlresolvers.clean_url_prefixes()
def test_reset_api_key_action(self):
another_user = user_factory()
a_third_user = user_factory()
APIKey.objects.create(user=self.user, is_active=True, key='foo')
APIKeyConfirmation.objects.create(user=self.user)
APIKeyConfirmation.objects.create(user=another_user)
APIKey.objects.create(user=a_third_user, is_active=True, key='bar')
APIKeyConfirmation.objects.create(user=a_third_user)
users = UserProfile.objects.filter(pk__in=(another_user.pk,
self.user.pk))
user_admin = UserAdmin(UserProfile, admin.site)
request = RequestFactory().get('/')
request.user = user_factory()
core.set_user(request.user)
request._messages = default_messages_storage(request)
user_admin.reset_api_key_action(request, users)
# APIKeys should have been deactivated, APIKeyConfirmation deleted.
assert self.user.api_keys.exists()
assert not self.user.api_keys.filter(is_active=True).exists()
assert not APIKeyConfirmation.objects.filter(user=self.user).exists()
# This user didn't have api keys before, it shouldn't matter.
assert not another_user.api_keys.exists()
assert not another_user.api_keys.filter(is_active=True).exists()
assert not APIKeyConfirmation.objects.filter(
user=another_user).exists()
# The 3rd user should be unaffected.
assert a_third_user.api_keys.exists()
assert a_third_user.api_keys.filter(is_active=True).exists()
assert APIKeyConfirmation.objects.filter(user=a_third_user).exists()
# We should see 2 activity logs.
assert (ActivityLog.objects.filter(
action=amo.LOG.ADMIN_API_KEY_RESET.id).count() == 2)
def test_pre_setup(request, tmpdir, settings):
from django.core.cache import caches
from django.utils import translation
from olympia import amo, core
from olympia.translations.hold import clean_translations
caches['default'].clear()
translation.trans_real.deactivate()
# Django fails to clear this cache.
translation.trans_real._translations = {}
translation.trans_real.activate(settings.LANGUAGE_CODE)
settings.MEDIA_ROOT = str(tmpdir.mkdir('media'))
settings.TMP_PATH = str(tmpdir.mkdir('tmp'))
settings.STATIC_ROOT = str(tmpdir.mkdir('site-static'))
settings.NETAPP_STORAGE = settings.TMP_PATH
# Reset the prefixer and urlconf after updating media root
default_prefixer(settings)
from django.core.urlresolvers import clear_url_caches, set_urlconf
def _clear_urlconf():
clear_url_caches()
set_urlconf(None)
_clear_urlconf()
request.addfinalizer(_clear_urlconf)
yield
core.set_user(None)
clean_translations(None) # Make sure queued translations are removed.
# Make sure we revert everything we might have changed to prefixers.
amo.urlresolvers.clean_url_prefixes()
def test_can_delete_with_admin_advanced_permission(
self, delete_or_disable_related_content_mock):
user = user_factory()
assert not self.user.deleted
self.grant_permission(user, 'Admin:Tools')
self.grant_permission(user, 'Admin:Advanced')
self.client.login(email=user.email)
core.set_user(user)
response = self.client.get(self.delete_url, follow=True)
assert response.status_code == 200
response = self.client.post(self.delete_url, {'post': 'yes'},
follow=True)
assert response.status_code == 200
self.user.reload()
assert self.user.deleted
assert self.user.email is None
assert delete_or_disable_related_content_mock.call_count == 1
assert (delete_or_disable_related_content_mock.call_args[1] == {
'delete': True
})
alog = ActivityLog.objects.latest('pk')
assert alog.action == amo.LOG.ADMIN_USER_ANONYMIZED.id
assert alog.arguments == [self.user]
def test_reset_session_action(self):
assert self.user.auth_id
another_user = user_factory()
assert another_user.auth_id
a_third_user = user_factory()
assert a_third_user.auth_id
old_auth_id = a_third_user.auth_id
users = UserProfile.objects.filter(pk__in=(another_user.pk,
self.user.pk))
user_admin = UserAdmin(UserProfile, admin.site)
request = RequestFactory().get('/')
request.user = user_factory()
core.set_user(request.user)
request._messages = default_messages_storage(request)
user_admin.reset_session_action(request, users)
self.user.reload()
assert self.user.auth_id is None
another_user.reload()
assert another_user.auth_id is None
a_third_user.reload()
assert a_third_user.auth_id == old_auth_id
def test_approve_for_addon(self, mock_sign_file):
core.set_user(user_factory())
task_user = user_factory(id=settings.TASK_USER_ID)
promo = PromotedAddon.objects.create(
addon=addon_factory(version_kw={'version': '0.123a'}),
group_id=promoted.SPOTLIGHT.id,
)
file_ = promo.addon.current_version.all_files[0]
file_.update(filename='webextension.xpi')
with amo.tests.copy_file(
'src/olympia/files/fixtures/files/webextension.xpi',
file_.file_path):
# SPOTLIGHT doesnt have special signing states so won't be resigned
promo.addon.reload()
promo.addon.promoted_group() == promoted.NOT_PROMOTED
promo.approve_for_addon()
promo.addon.reload()
promo.addon.promoted_group() == promoted.SPOTLIGHT
assert promo.addon.current_version.version == '0.123a'
mock_sign_file.assert_not_called()
# VERIFIED does though.
promo.update(group_id=promoted.VERIFIED.id)
promo.addon.reload()
promo.addon.promoted_group() == promoted.NOT_PROMOTED
promo.approve_for_addon()
promo.addon.reload()
promo.addon.promoted_group() == promoted.VERIFIED
assert promo.addon.current_version.version == '0.123a.1-signed'
mock_sign_file.assert_called_with(file_)
assert (ActivityLog.objects.for_addons((promo.addon, )).filter(
action=amo.LOG.VERSION_RESIGNED.id).exists())
alog = ActivityLog.objects.filter(
action=amo.LOG.VERSION_RESIGNED.id).get()
assert alog.user == task_user
assert '0.123a.1-signed</a> re-signed (previously 0.123a)' in (
str(alog))
def test_can_delete_with_admin_advanced_permission(
self, delete_or_disable_related_content_mock):
user = user_factory()
assert not self.user.deleted
self.grant_permission(user, 'Admin:Tools')
self.grant_permission(user, 'Admin:Advanced')
self.client.login(email=user.email)
core.set_user(user)
response = self.client.get(self.delete_url, follow=True)
assert response.status_code == 200
assert b'Cannot delete user' not in response.content
response = self.client.post(self.delete_url, {'post': 'yes'},
follow=True)
assert response.status_code == 200
self.user.reload()
assert self.user.deleted
assert self.user.email is None
assert delete_or_disable_related_content_mock.call_count == 1
assert (
delete_or_disable_related_content_mock.call_args[1] ==
{'delete': True})
alog = ActivityLog.objects.latest('pk')
assert alog.action == amo.LOG.ADMIN_USER_ANONYMIZED.id
assert alog.arguments == [self.user]
def test_ban_action(self):
another_user = user_factory()
a_third_user = user_factory()
users = UserProfile.objects.filter(
pk__in=(another_user.pk, self.user.pk))
user_admin = UserAdmin(UserProfile, admin.site)
request = RequestFactory().get('/')
request.user = user_factory()
core.set_user(request.user)
request._messages = default_messages_storage(request)
user_admin.ban_action(request, users)
# Both users should be banned.
another_user.reload()
self.user.reload()
assert another_user.deleted
assert another_user.email
assert self.user.deleted
assert self.user.email
# The 3rd user should be unaffected.
assert not a_third_user.reload().deleted
# We should see 2 activity logs for banning.
assert ActivityLog.objects.filter(
action=amo.LOG.ADMIN_USER_BANNED.id).count() == 2
def test_reset_api_key(self):
APIKey.objects.create(user=self.user, is_active=True, key='foo')
APIKeyConfirmation.objects.create(user=self.user)
reset_api_key_url = reverse(
'admin:users_userprofile_reset_api_key', args=(self.user.pk, ))
wrong_reset_api_key_url = reverse(
'admin:users_userprofile_reset_api_key', args=(self.user.pk + 9, ))
user = user_factory()
self.grant_permission(user, 'Admin:Tools')
self.client.login(email=user.email)
core.set_user(user)
response = self.client.post(reset_api_key_url, follow=True)
assert response.status_code == 403
self.grant_permission(user, 'Users:Edit')
response = self.client.get(reset_api_key_url, follow=True)
assert response.status_code == 405 # Wrong http method.
response = self.client.post(wrong_reset_api_key_url, follow=True)
assert response.status_code == 404 # Wrong pk.
assert self.user.api_keys.filter(is_active=True).exists()
assert APIKeyConfirmation.objects.filter(user=self.user).exists()
response = self.client.post(reset_api_key_url, follow=True)
assert response.status_code == 200
assert response.redirect_chain[-1][0].endswith(self.detail_url)
assert response.redirect_chain[-1][1] == 302
alog = ActivityLog.objects.latest('pk')
assert alog.action == amo.LOG.ADMIN_API_KEY_RESET.id
assert alog.arguments == [self.user]
# APIKeys should have been deactivated, APIKeyConfirmation deleted.
assert self.user.api_keys.exists()
assert not self.user.api_keys.filter(is_active=True).exists()
assert not APIKeyConfirmation.objects.filter(user=self.user).exists()
def authenticate_credentials(self, payload):
"""
Returns a verified AMO user who is active and allowed to make API
requests.
"""
if 'orig_iat' in payload:
msg = ("API key based tokens are not refreshable, don't include "
"`orig_iat` in their payload.")
raise exceptions.AuthenticationFailed(msg)
try:
api_key = APIKey.get_jwt_key(key=payload['iss'])
except APIKey.DoesNotExist:
msg = 'Invalid API Key.'
raise exceptions.AuthenticationFailed(msg)
if api_key.user.deleted:
msg = 'User account is disabled.'
raise exceptions.AuthenticationFailed(msg)
if not api_key.user.read_dev_agreement:
msg = 'User has not read developer agreement.'
raise exceptions.AuthenticationFailed(msg)
core.set_user(api_key.user)
return api_key.user
def authenticate_credentials(self, payload):
"""
Returns a verified AMO user who is active and allowed to make API
requests.
"""
if 'orig_iat' in payload:
msg = ("API key based tokens are not refreshable, don't include "
'`orig_iat` in their payload.')
raise exceptions.AuthenticationFailed(msg)
try:
api_key = APIKey.get_jwt_key(key=payload['iss'])
except APIKey.DoesNotExist:
msg = 'Invalid API Key.'
raise exceptions.AuthenticationFailed(msg)
if api_key.user.deleted:
msg = 'User account is disabled.'
raise exceptions.AuthenticationFailed(msg)
if not api_key.user.read_dev_agreement:
msg = 'User has not read developer agreement.'
raise exceptions.AuthenticationFailed(msg)
core.set_user(api_key.user)
return api_key.user
def test_ban_action(self):
another_user = user_factory()
a_third_user = user_factory()
users = UserProfile.objects.filter(pk__in=(another_user.pk,
self.user.pk))
user_admin = UserAdmin(UserProfile, admin.site)
request = RequestFactory().get('/')
request.user = user_factory()
core.set_user(request.user)
request._messages = default_messages_storage(request)
user_admin.ban_action(request, users)
# Both users should be banned.
another_user.reload()
self.user.reload()
assert another_user.deleted
assert another_user.email
assert self.user.deleted
assert self.user.email
# The 3rd user should be unaffected.
assert not a_third_user.reload().deleted
# We should see 2 activity logs for banning.
assert (ActivityLog.objects.filter(
action=amo.LOG.ADMIN_USER_BANNED.id).count() == 2)
def test_pre_setup(request, tmpdir, settings):
caches['default'].clear()
caches['filesystem'].clear()
# Override django-cache-machine caching.base.TIMEOUT because it's
# computed too early, before settings_test.py is imported.
caching.base.TIMEOUT = settings.CACHE_COUNT_TIMEOUT
translation.trans_real.deactivate()
# Django fails to clear this cache.
translation.trans_real._translations = {}
translation.trans_real.activate(settings.LANGUAGE_CODE)
settings.MEDIA_ROOT = str(tmpdir.mkdir('media'))
settings.TMP_PATH = str(tmpdir.mkdir('tmp'))
settings.NETAPP_STORAGE = settings.TMP_PATH
# Reset the prefixer and urlconf after updating media root
default_prefixer(settings)
from django.core.urlresolvers import clear_url_caches, set_urlconf
def _clear_urlconf():
clear_url_caches()
set_urlconf(None)
_clear_urlconf()
request.addfinalizer(_clear_urlconf)
yield
core.set_user(None)
clean_translations(None) # Make sure queued translations are removed.
# Make sure we revert everything we might have changed to prefixers.
amo.urlresolvers.clean_url_prefixes()
def test_pre_setup(request, tmpdir, settings):
caches['default'].clear()
caches['filesystem'].clear()
# Override django-cache-machine caching.base.TIMEOUT because it's
# computed too early, before settings_test.py is imported.
caching.base.TIMEOUT = settings.CACHE_COUNT_TIMEOUT
translation.trans_real.deactivate()
# Django fails to clear this cache.
translation.trans_real._translations = {}
translation.trans_real.activate(settings.LANGUAGE_CODE)
settings.MEDIA_ROOT = str(tmpdir.mkdir('media'))
settings.TMP_PATH = str(tmpdir.mkdir('tmp'))
settings.NETAPP_STORAGE = settings.TMP_PATH
# Reset the prefixer and urlconf after updating media root
default_prefixer(settings)
from django.core.urlresolvers import clear_url_caches, set_urlconf
def _clear_urlconf():
clear_url_caches()
set_urlconf(None)
_clear_urlconf()
request.addfinalizer(_clear_urlconf)
yield
core.set_user(None)
clean_translations(None) # Make sure queued translations are removed.
# Make sure we revert everything we might have changed to prefixers.
amo.urlresolvers.clean_url_prefixes()
def test_set_get_user_anonymous():
core.set_user(AnonymousUser())
assert core.get_user() is None
user = UserProfile()
core.set_user(user)
assert core.get_user() == user
core.set_user(None)
assert core.get_user() is None
def setUp(self):
super(TestActivityLog, self).setUp()
u = UserProfile.objects.create(username='******')
self.request = Mock()
self.request.user = self.user = u
core.set_user(u)
def test_no_user(self):
core.set_user(None)
count = ActivityLog.objects.count()
ActivityLog.create(amo.LOG.CUSTOM_TEXT, 'hi')
assert count == ActivityLog.objects.count()
def process_exception(self, request, exception):
core.set_user(None)
core.set_remote_addr(None)
def process_response(self, request, response):
core.set_user(None)
core.set_remote_addr(None)
return response
def setUp(self):
super(LogTest, self).setUp()
u = UserProfile.objects.create(username='******')
core.set_user(u)
def setUp(self):
super(TestCollections, self).setUp()
self.user = UserProfile.objects.create(username='******', email='uh@hh')
self.other = UserProfile.objects.exclude(id=self.user.id)[0]
core.set_user(self.user)
def test_no_user(self):
core.set_user(None)
count = ActivityLog.objects.count()
ActivityLog.create(amo.LOG.CUSTOM_TEXT, 'hi')
assert count == ActivityLog.objects.count()
def tearDown(self):
core.set_user(None)
super(TestActivityLog, self).tearDown()
def tearDown(self):
core.set_user(None)
super(TestActivityLog, self).tearDown()
def setUp(self):
"""Start with one user, two add-ons."""
super(TestActivity, self).setUp()
self.clone_addon(2)
core.set_user(self.user_profile)
self.addon, self.addon2 = list(self.user_profile.addons.all())
