def test_success(self): "User can delete itself" self.add_user_root() user = self.makeUser('thruflo', 'Password') Session.add(user) self.authenticate() # Attempt to delete user res = self.app.get('/users/thruflo/delete_user') # Verify confirmation message self.assertTrue('Are you really sure' in res.body) # Verify that the user has not yet been deleted self.assertTrue(get_existing_user(username='******') is not None) # Delete the user res = self.app.post('/users/thruflo/delete_user') # Verify that the user has now been deleted self.assertTrue(get_existing_user(username='******') is None) # User should be logged out self.assertTrue(len(res.headers['Set-Cookie']) < 200)
def test_signup(self): """Signup saves a user and their email address.""" # Sanity check there isn't an existing user. existing = get_existing_user(username="******") self.assertTrue(existing is None) # Signup. post_data = {"username": "******", "email": "*****@*****.**", "password": "******", "confirm": "Password"} res = self.app.post("/auth/signup", post_data, status=302) assert res # to satisfy pyflakes # Now there is a user. existing = get_existing_user(username="******") self.assertTrue(existing is not None) # And their email address is... self.assertTrue(existing.emails[0].address == "*****@*****.**")
def test_signup(self): """Signup saves a user and their email address.""" # Sanity check there isn't an existing user. existing = get_existing_user(username='******') self.assertTrue(existing is None) # Signup. post_data = { 'username': '******', 'email': '*****@*****.**', 'password': '******', 'confirm': 'Password' } res = self.app.post('/auth/signup', post_data, status=302) assert res # to satisfy pyflakes # Now there is a user. existing = get_existing_user(username='******') self.assertTrue(existing is not None) # And their email address is... self.assertTrue(existing.emails[0].address == '*****@*****.**')
def test_success(self): """User can NOT delete itself. We have rules for what delete means.""" self.add_user_root() user = self.makeUser('thruflo', 'Password') Session.add(user) self.authenticate() # Attempt to delete user res = self.app.post('/users/thruflo/delete_user', status=404) # Verify that the user was not deleted. self.assertIsNotNone(get_existing_user(username='******'))
def test_other_user(self): "Non-admin user cannot delete other user" self.add_user_root() # User to delete self.makeUser('alice', 'Password') # Login as other user bob = self.makeUser('bob', 'Password') model.save(bob) transaction.commit() self.authenticate(username='******', password='******') # Try to delete user res = self.app.post('/users/alice/delete_user', status=403) # Verify that the user has not been deleted self.assertTrue(get_existing_user(username='******') is not None) # User should still be logged in self.assertTrue(len(res.headers['Set-Cookie']) > 250)
def test_admin(self): "Admin should be allowed to delete any user" self.add_user_root() # User to delete self.makeUser('alice', 'Password') # Login as admin admin = self.makeUser('admin', 'Password') admin.roles.append(model.Role(name='admin')) model.save(admin) transaction.commit() self.authenticate(username='******', password='******') # Delete user res = self.app.post('/users/alice/delete_user') # Verify that user has been successfully deleted self.assertTrue(get_existing_user(username='******') is None) # Admin should still be logged in self.assertTrue(len(res.headers['Set-Cookie']) > 250)
def get_operator_user(request, registry=None): """We have a special user in our db representing the operator user. Here We look them up by username, constructed from the client server name. The operator should be the one to receive e-mails that target the website / administration. """ if registry == None: # Unpack. settings = request.registry.settings else: settings = registry.settings # Get the user, which depends on the server. server = os.environ.get('INI_site__title', '') if server.lower() == 'opendesk': username = u'opendesk_operator' elif server.lower() == 'fabhub': username = u'fabhub_operator' else: raise Exception('Operator user not configured.') return get_existing_user(username=username)