def put(self):
try:
uuid.UUID(self.password_id)
except ValueError:
return invalid_password_id()
password = self._get_password()
if password is None:
return password_not_found()
else:
cleaned_data, errors = validate_password(self.request.body,
self.request.charset)
if errors:
result = {'message': ','.join(errors)}
return HTTPBadRequest(body=json.dumps(result),
charset='utf8',
content_type='application/json')
password.secret = cleaned_data['secret']
password.service = cleaned_data['service']
password.account = cleaned_data['account']
password.expiration = cleaned_data['expiration']
password.notes = cleaned_data['notes']
password.tags = cleaned_data['tags']
Session.add(password)
return {'password': password.as_dict()}
def test_password_collection_get_non_empty(self):
password = Password(service='testing',
secret='s3cr3t',
user_id=self.user_id)
with transaction.manager:
Session.add(password)
Session.flush()
password_id = password.id
res = self.testapp.get('/passwords', headers=self.auth_header)
self.assertEqual(res.status, '200 OK')
self.assertEqual(res.json, {
"passwords": [{
'account': '',
'creation': '2014-02-23T08:00:00',
'modification': '2014-02-23T08:00:00',
'expiration': None,
'id': password_id,
'notes': u'',
'owner': self.user_id,
'user': self.user_id,
'secret': 's3cr3t',
'service': 'testing',
'tags': [],
}],
})
def preferences(request):
schema = UserPreferencesSchema()
button1 = Button('submit', _('Save changes'))
button1.css_class = 'btn-primary'
form = Form(schema, buttons=(button1, ))
user = request.user
if 'submit' in request.POST:
controls = request.POST.items()
try:
appstruct = form.validate(controls)
except ValidationFailure as e:
return {'form': e.render()}
user.update_preferences(appstruct)
Session.add(user)
request.session.flash(
_('The changes were saved successfully'),
'success',
)
return HTTPFound(location=request.route_path('user_preferences'))
return {
'form':
form.render({
'allow_google_analytics':
user.allow_google_analytics,
'send_passwords_periodically':
user.send_passwords_periodically,
})
}
def test_get_accounts_multiple_providers(self):
user = User(email='*****@*****.**', email_verified=True)
identity1 = ExternalIdentity(user=user, provider='twitter',
external_id='1234')
identity2 = ExternalIdentity(user=user, provider='google',
external_id='4321')
password = Password(user=user, secret='secret')
Session.add(user)
Session.add(identity1)
Session.add(identity2)
Session.add(password)
Session.flush()
self.assertEqual(user.get_accounts('google'), [
{'id': user.id,
'is_current': True,
'is_verified': True,
'passwords': 1,
'providers': [{
'name': 'twitter',
'is_current': False,
}, {
'name': 'google',
'is_current': True,
}]}
])
def delete(self):
set_config(self.request.user)
result = Session.query(self.model).get(int(self.request.matchdict['id']))
if result and not result.is_readonly:
Session.delete(result)
return result
raise HTTPNotFound()
def test_get_accounts_multiple_providers(self):
user = User(email='*****@*****.**', email_verified=True)
identity1 = ExternalIdentity(user=user,
provider='twitter',
external_id='1234')
identity2 = ExternalIdentity(user=user,
provider='google',
external_id='4321')
password = Password(user=user, secret='secret')
Session.add(user)
Session.add(identity1)
Session.add(identity2)
Session.add(password)
Session.flush()
self.assertEqual(user.get_accounts('google'), [{
'id':
user.id,
'is_current':
True,
'is_verified':
True,
'passwords':
1,
'providers': [{
'name': 'twitter',
'is_current': False,
}, {
'name': 'google',
'is_current': True,
}]
}])
def verify_email(request):
try:
code = request.params['code']
except KeyError:
return HTTPBadRequest('Missing code parameter')
try:
email = request.params['email']
except KeyError:
return HTTPBadRequest('Missing email parameter')
evc = EmailVerificationCode(code)
user = evc.verify(email)
if user is not None:
request.session.flash(
_('Congratulations, your email has been successfully verified'),
'success',
)
user.verify_email()
Session.add(user)
return {
'verified': True,
}
else:
request.session.flash(
_('Sorry, your verification code is not correct or has expired'),
'error',
)
return {
'verified': False,
}
def main(argv=sys.argv):
# Usage and configuration
if len(argv) != 2:
usage(argv)
config_uri = argv[1]
setup_logging(config_uri)
settings = get_appsettings(config_uri)
config = Configurator(settings=settings)
config.include('pyramid_sqlalchemy')
# Make the database with schema and default data
with transaction.manager:
metadata.create_all()
root = RootFolder(name='',
title='Moonbase Demo',
__acl__=[
['Allow', ['paul'], 'view']
]
)
Session.add(root)
f1 = root['f1'] = Folder(
title='Folder 1',
__acl__=[
['Allow', ['shane'], 'view']
]
)
f1['da'] = Document(title='Document 1A')
def handle_refresh_token(request, client):
if 'refresh_token' not in request.POST:
log.info('refresh_token field missing')
return HTTPBadRequest(InvalidRequest(error_description='refresh_token '
'field required'))
if 'user_id' not in request.POST:
log.info('user_id field missing')
return HTTPBadRequest(InvalidRequest(error_description='user_id '
'field required'))
auth_token = db.query(Oauth2Token).filter_by(
refresh_token=request.POST.get('refresh_token')).first()
if not auth_token:
log.info('invalid refresh_token')
return HTTPUnauthorized(InvalidToken(error_description='Provided '
'refresh_token is not valid.'))
if auth_token.client.client_id != client.client_id:
log.info('invalid client_id')
return HTTPBadRequest(InvalidClient(error_description='Client does '
'not own this refresh_token.'))
if str(auth_token.user_id) != request.POST.get('user_id'):
log.info('invalid user_id')
return HTTPBadRequest(InvalidClient(error_description='The given '
'user_id does not match the given refresh_token.'))
new_token = auth_token.refresh()
db.add(new_token)
db.flush()
return new_token.asJSON(token_type='bearer')
def test_application_edit_unauthorized(self):
create_and_login_user(self.testapp)
app = Application(name='Test Application',
main_url='http://example.com',
callback_url='http://example.com/callback',
authorized_origins=['http://example.com',
'https://example.com'],
production_ready=False,
image_url='http://example.com/image.png',
description='example description')
other_user = User(screen_name='Alice doe',
first_name='Alice',
last_name='Doe',
email='*****@*****.**')
other_user.applications.append(app)
with transaction.manager:
Session.add(other_user)
Session.flush()
app_id = app.id
res = self.testapp.get('/oauth2/applications/%s/edit' % str(app_id),
status=401)
self.assertEqual(res.status, '401 Unauthorized')
def test_application_edit_cancel(self):
user = User(screen_name='John Doe',
first_name='John',
last_name='Doe',
email='*****@*****.**')
app = Application(name='Test Application',
main_url='http://example.com',
callback_url='http://example.com/callback',
authorized_origins=['http://example.com',
'https://example.com'],
production_ready=False,
image_url='http://example.com/image.png',
description='example description')
user.applications.append(app)
with transaction.manager:
Session.add(user)
Session.flush()
app_id = app.id
user_id = user.id
self.testapp.get('/__login/' + str(user_id))
res = self.testapp.post('/oauth2/applications/%s/edit' % str(app_id), {
'cancel': 'Cancel',
})
self.assertEqual(res.status, '302 Found')
self.assertEqual(res.location, 'http://localhost/oauth2/applications')
def test_register_new_user_email_not_verified(self):
self.testapp.post('/__session', {
'next_url': 'http://localhost/foo/bar',
'user_info__provider': 'twitter',
'user_info__external_id': '1234',
'user_info__screen_name': 'John Doe',
'user_info__first_name': 'John',
'user_info__last_name': 'Doe',
'user_info__email': '*****@*****.**',
}, status=302)
# if no email is provided at registration, the email is
# not verified
res = self.testapp.post('/register', {
'first_name': 'John2',
'last_name': 'Doe2',
'email': '',
'submit': 'Register into Yith Library',
}, status=302)
self.assertEqual(res.status, '302 Found')
self.assertEqual(res.location, 'http://localhost/foo/bar')
self.assertEqual(Session.query(User).count(), 1)
user = Session.query(User).filter(User.first_name == 'John2').one()
self.assertEqual(user.first_name, 'John2')
self.assertEqual(user.last_name, 'Doe2')
self.assertEqual(user.email, '')
self.assertEqual(user.email_verified, False)
self.assertEqual(user.send_passwords_periodically, False)
identity = Session.query(ExternalIdentity).filter(
ExternalIdentity.external_id == '1234',
ExternalIdentity.provider == 'twitter',
).one()
self.assertEqual(identity.user, user)
def collection_timestamp(self, collection_id, parent_id, auth=None):
"""Get the highest timestamp of every objects in this `collection_id` for
this `parent_id`.
.. note::
This should take deleted objects into account.
:param str collection_id: the collection id.
:param str parent_id: the collection parent.
:returns: the latest timestamp of the collection.
:rtype: int
"""
tb = Timestamps.__table__
qry = select([label('last_modified', func.max(tb.c.last_modified))]).where(and_(
tb.c.parent_id == parent_id,
tb.c.collection_id == collection_id))
last_modified, = Session.execute(qry).fetchone()
if last_modified is None:
last_modified = datetime.datetime.utcnow()
with transaction.manager:
Session.add(Timestamps(parent_id=parent_id, collection_id=collection_id,
last_modified=last_modified))
return last_modified.replace(tzinfo=datetime.timezone.utc).timestamp()
def collection_timestamp(self, collection_id, parent_id, auth=None):
"""Get the highest timestamp of every objects in this `collection_id` for
this `parent_id`.
.. note::
This should take deleted objects into account.
:param str collection_id: the collection id.
:param str parent_id: the collection parent.
:returns: the latest timestamp of the collection.
:rtype: int
"""
tb = Timestamps.__table__
qry = select([label('last_modified', func.max(tb.c.last_modified))]).where(and_(
tb.c.parent_id == parent_id,
tb.c.collection_id == collection_id))
last_modified, = Session.execute(qry).fetchone()
if last_modified is None:
last_modified = datetime.datetime.utcnow()
with transaction.manager:
Session.add(Timestamps(parent_id=parent_id, collection_id=collection_id,
last_modified=last_modified))
return last_modified.replace(tzinfo=datetime.timezone.utc).timestamp()
def put(self):
try:
uuid.UUID(self.password_id)
except ValueError:
return invalid_password_id()
password = self._get_password()
if password is None:
return password_not_found()
else:
cleaned_data, errors = validate_password(self.request.body,
self.request.charset)
if errors:
result = {'message': ','.join(errors)}
return HTTPBadRequest(body=json.dumps(result),
charset='utf8',
content_type='application/json')
password.secret = cleaned_data['secret']
password.service = cleaned_data['service']
password.account = cleaned_data['account']
password.expiration = cleaned_data['expiration']
password.notes = cleaned_data['notes']
password.tags = cleaned_data['tags']
Session.add(password)
return {'password': password.as_dict()}
def main(argv=sys.argv):
# Usage and configuration
if len(argv) != 2:
usage(argv)
config_uri = argv[1]
setup_logging(config_uri)
settings = get_appsettings(config_uri)
config = Configurator(settings=settings)
config.include('pyramid_sqlalchemy')
# Make the database with schema and default data
with transaction.manager:
metadata.create_all()
for todo in sample_todos:
t = ToDo(title=todo['title'], acl=todo.get('acl'))
Session.add(t)
for user in sample_users:
u = User(id=user['id'],
username=user['username'],
password=user['password'],
first_name=user['first_name'],
last_name=user['last_name'],
groups=user['groups'])
Session.add(u)
def developer_application_delete(request):
app_id = request.matchdict['app']
try:
uuid.UUID(app_id)
except ValueError:
return HTTPBadRequest()
try:
app = Session.query(Application).filter(Application.id == app_id).one()
except NoResultFound:
return HTTPNotFound()
assert_authenticated_user_is_registered(request)
if app.user != request.user:
return HTTPUnauthorized()
if 'submit' in request.POST:
Session.delete(app)
request.session.flash(
_('The application ${app} was deleted successfully',
mapping={'app': app.name}),
'success',
)
return HTTPFound(
location=request.route_path('oauth2_developer_applications'))
return {'app': app}
def filter_objects(cls, objects, first=False, **params):
""" Perform query with :params: on instances sequence :objects:
:param object: Sequence of :cls: instances on which query should be run.
:param params: Query parameters to filter :objects:.
"""
id_name = cls.pk_field()
ids = [getattr(obj, id_name, None) for obj in objects]
ids = [str(id_) for id_ in ids if id_ is not None]
field_obj = getattr(cls, id_name)
query_set = Session().query(cls).filter(field_obj.in_(ids))
if params:
params['query_set'] = query_set.from_self()
query_set = cls.get_collection(**params)
if first:
first_obj = query_set.first()
if not first_obj:
msg = "'{}({})' resource not found".format(
cls.__name__, params)
raise JHTTPNotFound(msg)
return first_obj
return query_set
def _delete_many(cls, items, request=None,
synchronize_session=False):
""" Delete :items: queryset or objects list.
When queryset passed, Query.delete() is used to delete it but
first queryset is re-queried to clean it from explicit
limit/offset/etc.
If some of the methods listed above were called, or :items: is not
a Query instance, one-by-one items update is performed.
`on_bulk_delete` function is called to delete objects from index
and to reindex relationships. This is done explicitly because it is
impossible to get access to deleted objects in signal handler for
'after_bulk_delete' ORM event.
"""
if isinstance(items, Query):
del_queryset = cls._clean_queryset(items)
del_items = del_queryset.all()
del_count = del_queryset.delete(
synchronize_session=synchronize_session)
on_bulk_delete(cls, del_items, request)
return del_count
items_count = len(items)
session = Session()
for item in items:
item._request = request
session.delete(item)
session.flush()
return items_count
def list(cls, empresa_id, offset, limit, sort, order, cliente):
"""
Método para retorno com paginação e ordenação remotas
:param empresa_id: identificação da empresa
:param offset: ponteiro inicial da consulta
:param limit: limite de registros
:param sort: coluna de ordenação
:param order: tipo de ordenação
:param cliente: filtro para a coluna cliente_id (hash_id)
:return:
"""
s = asc('pedidos_' + sort) # joinedload obriga concatenação
if order == 'desc':
s = desc(sort)
# todo: parametro 'q' para lista completa ou lista para select (novo ClienteSelectSchema)
# todo: é necessário um método para filtros dinâmicos de acordo com modelo
if cliente:
decoded_id = get_decoded_id('clientes', cliente, empresa_id)
return Session.query(cls) \
.filter(and_(cls.empresa_id == empresa_id, cls.cliente_id == decoded_id)) \
.options(joinedload(cls.cliente)) \
.order_by(s).limit(limit).offset(offset).all()
else:
return Session.query(cls) \
.filter(cls.empresa_id == empresa_id).order_by(s) \
.options(joinedload(cls.cliente).load_only('nome')) \
.limit(limit).offset(offset).all()
def test_user_get(self):
expiration = datetime.datetime(2014, 2, 23, 9, 0)
access_code = AccessCode(code=self.access_code,
code_type='Bearer',
expiration=expiration,
scope=['read-userinfo'],
user_id=self.user_id,
application_id=self.application_id)
with transaction.manager:
Session.add(access_code)
Session.flush()
auth_header = {'Authorization': 'Bearer %s' % self.access_code}
res = self.testapp.get('/user', headers=auth_header)
self.assertEqual(res.status, '200 OK')
self.assertEqual(res.json, {
'id': self.user_id,
'screen_name': 'John Doe',
'first_name': 'John',
'last_name': 'Doe',
'email': '*****@*****.**',
'email_verified': True,
'allow_google_analytics': True,
'send_passwords_periodically': False,
'creation': '2012-12-12T12:12:00',
'last_login': '******',
})
def test_register_new_user_wants_analytics_cookie(self):
self.testapp.post('/__session', {
'next_url': 'http://localhost/foo/bar',
'user_info__provider': 'google',
'user_info__external_id': '1234',
'user_info__screen_name': 'John Doe',
'user_info__first_name': 'John',
'user_info__last_name': 'Doe',
'user_info__email': '',
USER_ATTR: True,
}, status=302)
# The user want the Google Analytics cookie
res = self.testapp.post('/register', {
'first_name': 'John3',
'last_name': 'Doe3',
'email': '*****@*****.**',
'submit': 'Register into Yith Library',
}, status=302)
self.assertEqual(res.status, '302 Found')
self.assertEqual(res.location, 'http://localhost/foo/bar')
self.assertEqual(Session.query(User).count(), 1)
user = Session.query(User).filter(User.first_name == 'John3').one()
self.assertFalse(user is None)
self.assertEqual(user.first_name, 'John3')
self.assertEqual(user.last_name, 'Doe3')
self.assertEqual(user.email, '*****@*****.**')
self.assertEqual(user.email_verified, False)
self.assertEqual(user.allow_google_analytics, True)
self.assertEqual(user.send_passwords_periodically, False)
identity = Session.query(ExternalIdentity).filter(
ExternalIdentity.external_id == '1234',
ExternalIdentity.provider == 'google',
).one()
self.assertEqual(identity.user, user)
def test_save_bearer_token(self):
rv, request = self._create_request_validator()
token = {
'expires_in': 3600, # seconds
'access_token': 'fghijk',
'token_type': 'Bearer',
'refresh_token': 'lmnopq',
}
request.user = Session.query(User).filter(
User.id == self.user_id).one()
request.scopes = ['read-passwords', 'write-passwords']
request.client = rv.get_client(self.app_id)
rv.save_bearer_token(token, request)
access_code = Session.query(AccessCode).filter(
AccessCode.code == 'fghijk').one()
self.assertEquals(access_code.code, 'fghijk')
self.assertEquals(access_code.code_type, 'Bearer')
self.assertEquals(access_code.scope,
['read-passwords', 'write-passwords'])
self.assertEquals(access_code.refresh_code, 'lmnopq')
expected_expiration = datetime.datetime(2012, 1, 10, 16, 31, 11)
self.assertEquals(access_code.expiration, expected_expiration)
self.assertEquals(access_code.user_id, self.user_id)
self.assertEquals(access_code.application_id, self.app_id)
def revoke_application(request):
app_id = request.matchdict['app']
try:
uuid.UUID(app_id)
except ValueError:
return HTTPBadRequest()
try:
app = Session.query(Application).filter(Application.id == app_id).one()
except NoResultFound:
return HTTPNotFound()
assert_authenticated_user_is_registered(request)
if 'submit' in request.POST:
authorized_apps = Session.query(AuthorizedApplication).filter(
AuthorizedApplication.application == app,
AuthorizedApplication.user == request.user).all()
for authorized_app in authorized_apps:
Session.delete(authorized_app)
request.session.flash(
_('The access to application ${app} has been revoked',
mapping={'app': app.name}),
'success',
)
return HTTPFound(
location=request.route_path('oauth2_authorized_applications'))
return {'app': app}
def delete(self):
"""
Delete an item from a collection; typically occurs with requests like DELETE /users/1
"""
Session.delete(self.context.entity)
Session.flush()
return Response(status=204)
def empty(self):
"""
Empty the collection (delete all items)
"""
entity_class = self.context.model
Session.query(entity_class).delete()
return Response(status=204)
def preferences(request):
schema = UserPreferencesSchema()
button1 = Button('submit', _('Save changes'))
button1.css_class = 'btn-primary'
form = Form(schema, buttons=(button1, ))
user = request.user
if 'submit' in request.POST:
controls = request.POST.items()
try:
appstruct = form.validate(controls)
except ValidationFailure as e:
return {'form': e.render()}
user.update_preferences(appstruct)
Session.add(user)
request.session.flash(
_('The changes were saved successfully'),
'success',
)
return HTTPFound(location=request.route_path('user_preferences'))
return {
'form': form.render({
'allow_google_analytics': user.allow_google_analytics,
'send_passwords_periodically': user.send_passwords_periodically,
})
}
def import_via_hro_view_via_post(request):
from datetime import datetime
from pyramid.httpexceptions import HTTPFound
from pyramid_sqlalchemy import Session
from ..forms import UploadForm
from ..models import NewStudentModel
form = UploadForm(request.POST)
if form.validate():
# 取得資料庫裡面已有的學生資料,藉此資料來實作 "已存在的學生不更動,只新增不存在的學生" 的功能
existed_new_students = { i.signup_number for i in Session.query(NewStudentModel.signup_number) }
file_content = form.file.data.file.read().decode('cp950')
content_lines = file_content.split('\r\n')
for each_line in content_lines:
splitted_line = each_line.split(',')
if not splitted_line[0].isdigit(): continue
if len(splitted_line) != 15: continue
new_student = NewStudentModel()
new_student.signup_number = int(splitted_line[0])
new_student.name = splitted_line[1]
new_student.parent_name = splitted_line[2]
new_student.id_number = splitted_line[3]
new_student.parent_id_number = splitted_line[4]
new_student.birthday = datetime.strptime(splitted_line[5], '%Y/%m/%d')
new_student.move_in_date = datetime.strptime(splitted_line[6], '%Y/%m/%d')
new_student.gender = splitted_line[7]
new_student.village = splitted_line[9]
new_student.neighborhood = splitted_line[10]
new_student.address = splitted_line[11]
new_student.note = splitted_line[14].strip()
if new_student.signup_number not in existed_new_students:
Session.add(new_student)
return HTTPFound(location=request.route_path('home'))
else:
return {'form': form}
def add_view_via_post(request):
import os, shutil
from pkg_resources import resource_filename
from pyramid_sqlalchemy import Session
from pyramid.httpexceptions import HTTPFound
from ..forms import NewStudentForm
from ..models import NewStudentModel
form = NewStudentForm(request.POST)
# 該欄位是文字欄位,可省略不輸入,但我們希望在這情況下塞到資料庫是 NULL,所以這邊強制改成 None
if form.signup_number.data == '': form.signup_number.data = None
if form.validate():
new_student = NewStudentModel()
form.populate_obj(new_student)
if form.picture.data:
# 有上傳大頭照,要存檔,並將資料庫對應的欄位設定
picture_name = form.id_number.data + os.path.splitext(form.picture.data.filename)[-1]
with open(resource_filename('tp_enroll', 'static/pictures/{}'.format(picture_name)), 'wb') as output:
shutil.copyfileobj(form.picture.data.file, output)
new_student.picture_name = picture_name
# 觸發 auto increment
new_student.id = None
# 鄰的欄位,應該要純數字。如果使用者誤填了鄰,要刪掉多餘的文字
if new_student.neighborhood.endswith('鄰'):
new_student.neighborhood = new_student.neighborhood[:-1]
Session.add(new_student)
return HTTPFound(location=request.route_path('home'))
return {'form': form}
def test_add_feature(self):
_group11 = FeatureGroup.get(11)
NAME_FEATURE = 'NAME_FEATURE'
_feature = Feature(n=1, name=NAME_FEATURE, feature_group=[_group11])
Session.add(_feature)
assert _feature.n is not None
assert len(_feature.feature_group) == 1
def delete_all(self, collection_id, parent_id, filters=None,
with_deleted=True, id_field=DEFAULT_ID_FIELD,
modified_field=DEFAULT_MODIFIED_FIELD,
deleted_field=DEFAULT_DELETED_FIELD,
auth=None):
"""Delete all objects in this `collection_id` for this `parent_id`.
:param str collection_id: the collection id.
:param str parent_id: the collection parent.
:param filters: Optionnally filter the objects to delete.
:type filters: list of :class:`cliquet.storage.Filter`
:param bool with_deleted: track deleted records with a tombstone
:returns: the list of deleted objects, with minimal set of attributes.
:rtype: list of dict
"""
qry = Session.query(self.collection).options(load_only('id'))\
.filter(and_(self.collection.parent_id == parent_id,
getattr(self.collection, deleted_field) == False))
for every in filters:
qry = qry.filter(SQLAFilter(self.collection, every)())
rows = [{"id": every.id, "parent_id": parent_id, "collection_id": collection_id,
modified_field: datetime.datetime.utcnow()} for every in qry.all()]
Session.bulk_update_mappings(self.collection,
[{"id": every['id'], deleted_field: True,
modified_field: every[modified_field]} for every in rows])
if with_deleted:
Session.bulk_insert_mappings(Deleted, rows)
return rows
def test_model_sets_n_automatically(self):
_group = FeatureGroup(name='NAME_FEATURE_GROUP')
Session.add(_group)
Session.flush()
assert _group.n is not None
assert _group.parent_n is None
assert _group.name == 'NAME_FEATURE_GROUP'
def test_applications_list_apps_one_app(self):
user = User(screen_name='John Doe',
first_name='John',
last_name='Doe',
email='*****@*****.**')
app = Application(name='Test Application',
main_url='https://example.com',
callback_url='https://example.com/callback',
production_ready=False)
user.applications.append(app)
with transaction.manager:
Session.add(user)
Session.flush()
app_id = app.id
user_id = user.id
self.testapp.get('/__login/' + str(user_id))
res = self.testapp.get('/oauth2/applications')
self.assertEqual(res.status, '200 OK')
res.mustcontain('John')
res.mustcontain('Log out')
res.mustcontain('Developer Applications')
res.mustcontain('Register new application')
res.mustcontain(app_id)
res.mustcontain('Test Application')
res.mustcontain('https://example.com')
def filter_objects(cls, objects, first=False, **params):
""" Perform query with :params: on instances sequence :objects:
:param object: Sequence of :cls: instances on which query should be run.
:param params: Query parameters to filter :objects:.
"""
id_name = cls.pk_field()
ids = [getattr(obj, id_name, None) for obj in objects]
ids = [str(id_) for id_ in ids if id_ is not None]
field_obj = getattr(cls, id_name)
query_set = Session().query(cls).filter(field_obj.in_(ids))
if params:
params['query_set'] = query_set.from_self()
query_set = cls.get_collection(**params)
if first:
first_obj = query_set.first()
if not first_obj:
msg = "'{}({})' resource not found".format(
cls.__name__, params)
raise JHTTPNotFound(msg)
return first_obj
return query_set
def test_application_edit_invalid_change(self):
user = User(screen_name='John Doe',
first_name='John',
last_name='Doe',
email='*****@*****.**')
app = Application(name='Test Application',
main_url='http://example.com',
callback_url='http://example.com/callback',
authorized_origins=['http://example.com',
'https://example.com'],
production_ready=False,
image_url='http://example.com/image.png',
description='example description')
user.applications.append(app)
with transaction.manager:
Session.add(user)
Session.flush()
app_id = app.id
user_id = user.id
self.testapp.get('/__login/' + str(user_id))
res = self.testapp.post('/oauth2/applications/%s/edit' % str(app_id), {
'submit': 'Save changes',
})
self.assertEqual(res.status, '200 OK')
res.mustcontain('There was a problem with your submission')
res.mustcontain('Required')
def test_register_new_user_email_not_verified(self):
self.testapp.post('/__session', {
'next_url': 'http://localhost/foo/bar',
'user_info__provider': 'twitter',
'user_info__external_id': '1234',
'user_info__screen_name': 'John Doe',
'user_info__first_name': 'John',
'user_info__last_name': 'Doe',
'user_info__email': '*****@*****.**',
},
status=302)
# if no email is provided at registration, the email is
# not verified
res = self.testapp.post('/register', {
'first_name': 'John2',
'last_name': 'Doe2',
'email': '',
'submit': 'Register into Yith Library',
},
status=302)
self.assertEqual(res.status, '302 Found')
self.assertEqual(res.location, 'http://localhost/foo/bar')
self.assertEqual(Session.query(User).count(), 1)
user = Session.query(User).filter(User.first_name == 'John2').one()
self.assertEqual(user.first_name, 'John2')
self.assertEqual(user.last_name, 'Doe2')
self.assertEqual(user.email, '')
self.assertEqual(user.email_verified, False)
self.assertEqual(user.send_passwords_periodically, False)
identity = Session.query(ExternalIdentity).filter(
ExternalIdentity.external_id == '1234',
ExternalIdentity.provider == 'twitter',
).one()
self.assertEqual(identity.user, user)
def generate_question(employee_name):
"""
Получение след.вопроса в зависимости от плана и уже отвеченных вопросов
"""
null_question = Question(n=0)
today = date.today()
year = today.year
month = today.month
employee = EmployeeCtrl.find_by_name(employee_name)
plan = PlanCtrl.get_current_plan(employee_name, year, month)
qty_answered = ResultCtrl.count_answered(employee, year,
month) # уже отвечено
if plan.qty_question > qty_answered:
qty_day = plan.qty_question // plan.qty_work + 1 # к-во вопросов в день
# print('qty_day = %s' % (qty_day,))
# print(plan)
params = {'employee_n': employee.n, 'date': today}
results = ResultCtrl.find(params) # отвечено сегодня
# print('results = %s' % (results,))
if len(results) < qty_day: # если план на день еще не выполнен
subquery = Session.query(
Result.question_n).filter(Result.employee_n == employee.n)
q = Session.query(Question).filter(
not_(Question.n.in_(subquery)))
questions = q.all()
# print(questions)
if len(questions) == 0 or questions is None:
return QuestionCtrl.get_repeat(employee)
return questions[0]
else:
return null_question
else:
# План по вопросам сделан
return null_question
def test_user_get(self):
expiration = datetime.datetime(2014, 2, 23, 9, 0)
access_code = AccessCode(code=self.access_code,
code_type='Bearer',
expiration=expiration,
scope=['read-userinfo'],
user_id=self.user_id,
application_id=self.application_id)
with transaction.manager:
Session.add(access_code)
Session.flush()
auth_header = {'Authorization': 'Bearer %s' % self.access_code}
res = self.testapp.get('/user', headers=auth_header)
self.assertEqual(res.status, '200 OK')
self.assertEqual(
res.json, {
'id': self.user_id,
'screen_name': 'John Doe',
'first_name': 'John',
'last_name': 'Doe',
'email': '*****@*****.**',
'email_verified': True,
'allow_google_analytics': True,
'send_passwords_periodically': False,
'creation': '2012-12-12T12:12:00',
'last_login': '******',
})
def clean_access_codes():
result = setup_simple_command(
"clean_access_codes",
"Deletes expired access codes"
)
if isinstance(result, int):
return result
else:
settings, closer, env, args = result
try:
now = datetime.datetime.utcnow()
with transaction.manager:
counter = 0
for access_code in Session.query(AccessCode).filter(
AccessCode.expiration < now
):
Session.delete(access_code)
counter += 1
if counter > 0:
safe_print('%d access codes were cleaned' % counter)
finally:
closer()
def developer_application_delete(request):
app_id = request.matchdict['app']
try:
uuid.UUID(app_id)
except ValueError:
return HTTPBadRequest()
try:
app = Session.query(Application).filter(Application.id == app_id).one()
except NoResultFound:
return HTTPNotFound()
assert_authenticated_user_is_registered(request)
if app.user != request.user:
return HTTPUnauthorized()
if 'submit' in request.POST:
Session.delete(app)
request.session.flash(
_('The application ${app} was deleted successfully',
mapping={'app': app.name}),
'success',
)
return HTTPFound(
location=request.route_path('oauth2_developer_applications'))
return {'app': app}
def fix_many_feature_groups(request, sql_session): Session.add(FeatureGroup(n=1, name='group1')) Session.add(FeatureGroup(n=11, name='group11', parent_n=1)) Session.add(FeatureGroup(n=12, name='group12', parent_n=1)) Session.add(FeatureGroup(n=2, name='group2')) Session.add(FeatureGroup(n=21, name='group21', parent_n=2))
def revoke_application(request):
app_id = request.matchdict['app']
try:
uuid.UUID(app_id)
except ValueError:
return HTTPBadRequest()
try:
app = Session.query(Application).filter(Application.id == app_id).one()
except NoResultFound:
return HTTPNotFound()
assert_authenticated_user_is_registered(request)
if 'submit' in request.POST:
authorized_apps = Session.query(AuthorizedApplication).filter(
AuthorizedApplication.application == app,
AuthorizedApplication.user == request.user
).all()
for authorized_app in authorized_apps:
Session.delete(authorized_app)
request.session.flash(
_('The access to application ${app} has been revoked',
mapping={'app': app.name}),
'success',
)
return HTTPFound(
location=request.route_path('oauth2_authorized_applications'))
return {'app': app}
def delete_all(self, collection_id, parent_id, filters=None,
with_deleted=True, id_field=DEFAULT_ID_FIELD,
modified_field=DEFAULT_MODIFIED_FIELD,
deleted_field=DEFAULT_DELETED_FIELD,
auth=None):
"""Delete all objects in this `collection_id` for this `parent_id`.
:param str collection_id: the collection id.
:param str parent_id: the collection parent.
:param filters: Optionnally filter the objects to delete.
:type filters: list of :class:`cliquet.storage.Filter`
:param bool with_deleted: track deleted records with a tombstone
:returns: the list of deleted objects, with minimal set of attributes.
:rtype: list of dict
"""
qry = Session.query(self.collection).options(load_only('id'))\
.filter(and_(self.collection.parent_id == parent_id,
getattr(self.collection, deleted_field) == False))
for every in filters:
qry = qry.filter(SQLAFilter(self.collection, every)())
rows = [{"id": every.id, "parent_id": parent_id, "collection_id": collection_id,
modified_field: datetime.datetime.utcnow()} for every in qry.all()]
Session.bulk_update_mappings(self.collection,
[{"id": every['id'], deleted_field: True,
modified_field: every[modified_field]} for every in rows])
if with_deleted:
Session.bulk_insert_mappings(Deleted, rows)
return rows
def add_order(request):
"""
Форма заказа
"""
if 'form.submitted' in request.params:
date = request.params['date']
date = date.split("-")
time = request.params['time']
time = time.split(":")
order = Order(name=request.params['name'],
phone=request.params['phone'],
email=request.params['email'],
contact_face=request.params['contact_face'],
event=int(request.params['event']),
date=datetime.date(year=int(date[0]),
month=int(date[1]),
day=int(date[2])),
time=datetime.time(hour=int(time[0]),
minute=int(time[1])),
address=request.params['address'],
count_participants=int(
request.params['count_participants']),
note=request.params['note'])
Session.add(order)
current_order_id = Order.get_last_order().id
next_url = request.route_url('order', id=current_order_id)
return HTTPFound(location=next_url)
return {
"title": "Добавление новой записи",
"save_url": request.route_url('new_order'),
"events": Event.get_events()
}
def create(self, collection_id, parent_id, record, id_generator=None,
unique_fields=None, id_field=DEFAULT_ID_FIELD,
modified_field=DEFAULT_MODIFIED_FIELD,
auth=None):
"""Create the specified `object` in this `collection_id` for this `parent_id`.
Assign the id to the object, using the attribute
:attr:`cliquet.resource.Model.id_field`.
.. note::
This will update the collection timestamp.
:raises: :exc:`cliquet.storage.exceptions.UnicityError`
:param str collection_id: the collection id.
:param str parent_id: the collection parent.
:param dict record: the object to create.
:returns: the newly created object.
:rtype: dict
"""
obj = self.collection.serialize(record)
obj.parent_id = parent_id
setattr(obj, modified_field, datetime.datetime.utcnow())
try:
Session.add(obj)
Session.flush()
except IntegrityError as e:
logger.exception('Object %s for collection %s raised %s', record, self.collection, e)
process_unicity_error(e, Session, self.collection, record)
# TODO: store new timestamps date
return self.collection.deserialize(obj)
def adicional_delete(self):
t = self.context
Session.delete(t)
msg = 'Registro deletado'
res = dumps(dict(data=dict(code=200, message=msg)), ensure_ascii=False)
return HTTPOk(body=res, content_type='application/json; charset=UTF-8')
def verify_email(request):
try:
code = request.params['code']
except KeyError:
return HTTPBadRequest('Missing code parameter')
try:
email = request.params['email']
except KeyError:
return HTTPBadRequest('Missing email parameter')
evc = EmailVerificationCode(code)
user = evc.verify(email)
if user is not None:
request.session.flash(
_('Congratulations, your email has been successfully verified'),
'success',
)
user.verify_email()
Session.add(user)
return {
'verified': True,
}
else:
request.session.flash(
_('Sorry, your verification code is not correct or has expired'),
'error',
)
return {
'verified': False,
}
def create(self, collection_id, parent_id, record, id_generator=None,
unique_fields=None, id_field=DEFAULT_ID_FIELD,
modified_field=DEFAULT_MODIFIED_FIELD,
auth=None):
"""Create the specified `object` in this `collection_id` for this `parent_id`.
Assign the id to the object, using the attribute
:attr:`cliquet.resource.Model.id_field`.
.. note::
This will update the collection timestamp.
:raises: :exc:`cliquet.storage.exceptions.UnicityError`
:param str collection_id: the collection id.
:param str parent_id: the collection parent.
:param dict record: the object to create.
:returns: the newly created object.
:rtype: dict
"""
obj = self.collection.serialize(record)
obj.parent_id = parent_id
setattr(obj, modified_field, datetime.datetime.utcnow())
try:
Session.add(obj)
Session.flush()
except IntegrityError as e:
logger.exception('Object %s for collection %s raised %s', record, self.collection, e)
process_unicity_error(e, Session, self.collection, record)
# TODO: store new timestamps date
return self.collection.deserialize(obj)
def test_valid_request(self):
_, user_id = create_and_login_user(self.testapp)
_, application_id, application_secret = create_client()
# First authorize the app
res = self.testapp.get(
'/oauth2/endpoints/authorization', {
'response_type': 'code',
'client_id': application_id,
'redirect_uri': 'https://example.com/callback',
})
self.assertEqual(res.status, '200 OK')
res = self.testapp.post(
'/oauth2/endpoints/authorization', {
'submit': 'Authorize',
'response_type': 'code',
'client_id': application_id,
'redirect_uri': 'https://example.com/callback',
'scope': 'read-passwords',
})
self.assertEqual(res.status, '302 Found')
grant = Session.query(AuthorizationCode).filter(
AuthorizationCode.application_id == application_id,
AuthorizationCode.user_id == user_id,
).one()
code = grant.code
# now send the token request
headers = {
'Authorization': auth_basic_encode(application_id,
application_secret),
}
res = self.testapp.post('/oauth2/endpoints/token', {
'grant_type': 'authorization_code',
'code': code,
},
headers=headers)
self.assertEqual(res.status, '200 OK')
self.assertEqual(res.headers['Cache-Control'], 'no-store')
self.assertEqual(res.headers['Pragma'], 'no-cache')
# the grant code should be removed
try:
grant = Session.query(AuthorizationCode).filter(
AuthorizationCode.application_id == application_id,
AuthorizationCode.user_id == user_id,
).one()
except NoResultFound:
grant = None
self.assertEqual(grant, None)
# and an access token should be created
self.assertEqual(res.json['token_type'], 'Bearer')
self.assertEqual(res.json['expires_in'], 3600)
access_code = Session.query(AccessCode).filter(
AccessCode.code == res.json['access_token'], ).one()
self.assertNotEqual(access_code, None)
def collection_post(self):
set_config(self.request.user)
if self.model.is_readonly:
raise HTTPBadRequest()
validate_colander_schema(self._schema, self.request)
obj = self.model(**self.request.json_body)
Session.add(obj)
return obj
def sqlalchemy_teardown(context):
transaction.abort()
Session.remove()
metadata.drop_all()
Session.configure(bind=None)
metadata.bind = None
context.engine.dispose()
context.sqlalchemy_patcher.stop()
def test_update_instance():
balloon = BalloonModel(figure=u'Giraffe')
Session.add(balloon)
Session.flush()
request = DummyRequest(matchdict={'id': balloon.id})
resource = BalloonResource(request)
resource.update_from_dict({'figure': u'Elephant'})
assert balloon.figure == u'Elephant'
def create_answer(question, params):
if 'txt' in params and params['txt'] != '':
answer = Answer()
answer.txt = params['txt']
answer.question_n = question.n
Session.add(answer)
Session.flush()
return answer
def sqlalchemy_teardown(context):
transaction.abort()
Session.remove()
metadata.drop_all()
Session.configure(bind=None)
metadata.bind = None
context.engine.dispose()
context.sqlalchemy_patcher.stop()
def addEvent(self):
request = self.request
if 'form.submitted' in request.params:
name = request.params['name']
date = request.params['date']
DBSession.add(Event(EventName=name, EventTime=date))
events = DBSession.query(Event).order_by(Event.id)
return {'events': events}
