def activate_account(username, code): """ Verifies to the system that an email address exists, and that the related account should be made into a full account. Expected to be used only by users clicking links in account-activation emails. Not part of the documented API. """ pu = PendingUser(username) if not pu.in_db: return "No such user account", 404 if pu.age > timedelta(days=2): return "Request not valid", 410 if pu.verify_code != code: return "Invalid verification code", 403 log_action('activating user', pu) from libnemesis import srusers new_pass = srusers.users.GenPasswd() u = User(username) u.set_email(pu.email) u.set_team(pu.team) u.set_college(pu.college) u.set_password(new_pass) u.make_student() u.save() # let the team-leader know rq_user = User.create_user(pu.teacher_username) email_vars = { 'name': rq_user.first_name, 'au_username': username, 'au_first_name': u.first_name, 'au_last_name': u.last_name } mailer.email_template(rq_user.email, 'user_activated_team_leader', email_vars) pu.delete() html = open(PATH + "/templates/activate.html").read() replacements = { 'first_name': u.first_name, 'last_name': u.last_name, 'password': new_pass, 'email': u.email, 'username': username, 'root': url_for('.index') } html = html.format(**replacements) return html, 200
def test_none_listed_after_removal(): test_creation() all_list = PendingUser.ListAll() for pu in all_list: pu.delete() all_list = PendingUser.ListAll() assert len(all_list) == 0
def test_delete(): test_creation() pu = PendingUser("abc") pu.delete() assert not pu.in_db pu = PendingUser("abc") assert not pu.in_db
def register_user(requesting_user): if not requesting_user.can_register_users: return json.dumps({"error":"YOU_CANT_REGISTER_USERS"}), 403 teacher_username = requesting_user.username college_group = request.form["college"].strip() first_name = request.form["first_name"].strip() last_name = request.form["last_name"].strip() email = request.form["email"].strip() team = request.form["team"].strip() if College(college_group) not in requesting_user.colleges: return json.dumps({"error":"BAD_COLLEGE"}), 403 if team not in [t.name for t in College(college_group).teams]: return json.dumps({"error":"BAD_TEAM"}), 403 if not helpers.is_email_valid(email): return json.dumps({"error":"BAD_EMAIL"}), 403 if not helpers.is_name_valid(first_name): return json.dumps({"error":"BAD_FIRST_NAME"}), 403 if not helpers.is_name_valid(last_name): return json.dumps({"error":"BAD_LAST_NAME"}), 403 if User.name_used(first_name, last_name) or helpers.email_used(email): return json.dumps({"error":"DETAILS_ALREADY_USED"}), 403 u = User.create_new_user(requesting_user, college_group, first_name, last_name) verify_code = helpers.create_verify_code(u.username, email) pu = PendingUser(u.username) pu.teacher_username = teacher_username pu.college = college_group pu.email = email pu.team = team pu.verify_code = verify_code pu.save() log_action('registering user', pu) url = url_for('activate_account', username=u.username, code=verify_code, _external=True) pu.send_welcome_email(first_name, url) rqu_email_vars = { 'name': requesting_user.first_name, 'activation_days': ACTIVATION_DAYS, 'pu_first_name': first_name, 'pu_last_name': last_name, 'pu_username': pu.username, 'pu_college': College(pu.college).name, 'pu_email': pu.email, 'pu_team': pu.team } mailer.email_template(requesting_user.email, 'user_requested', rqu_email_vars) return "{}", 202
def test_update(): test_creation() new_team = "team-XYZ" pu = PendingUser("abc") pu.team = new_team pu.save() pu = PendingUser("abc") assert pu.team == new_team
def activate_account(username, code): """ Verifies to the system that an email address exists, and that the related account should be made into a full account. Expected to be used only by users clicking links in account-activation emails. Not part of the documented API. """ pu = PendingUser(username) if not pu.in_db: return "No such user account", 404 if pu.age > timedelta(days = 2): return "Request not valid", 410 if pu.verify_code != code: return "Invalid verification code", 403 log_action('activating user', pu) from libnemesis import srusers new_pass = srusers.users.GenPasswd() u = User(username) u.set_email(pu.email) u.set_team(pu.team) u.set_college(pu.college) u.set_password(new_pass) u.make_student() u.save() # let the team-leader know rq_user = User.create_user(pu.teacher_username) email_vars = { 'name': rq_user.first_name, 'au_username': username, 'au_first_name': u.first_name, 'au_last_name': u.last_name } mailer.email_template(rq_user.email, 'user_activated_team_leader', email_vars) pu.delete() html = open(PATH + "/templates/activate.html").read() replacements = { 'first_name': u.first_name , 'last_name': u.last_name , 'password': new_pass , 'email': u.email , 'username': username , 'root': url_for('.index') } html = html.format(**replacements) return html, 200
def register_user(): ah = AuthHelper(request) if ah.auth_will_succeed: requesting_user = ah.user if requesting_user.can_register_users: teacher_username = requesting_user.username college_group = request.form["college"].strip() first_name = request.form["first_name"].strip() last_name = request.form["last_name"].strip() email = request.form["email"].strip() team = request.form["team"].strip() if College(college_group) not in requesting_user.colleges: return json.dumps({"error":"BAD_COLLEGE"}), 403 if team not in [t.name for t in College(college_group).teams]: return json.dumps({"error":"BAD_TEAM"}), 403 if User.name_used(first_name, last_name) or helpers.email_used(email): return json.dumps({"error":"DETAILS_ALREADY_USED"}), 403 u = User.create_new_user(requesting_user, college_group, first_name, last_name) verify_code = helpers.create_verify_code(u.username, email) pu = PendingUser(u.username) pu.teacher_username = teacher_username pu.college = college_group pu.email = email pu.team = team pu.verify_code = verify_code pu.save() url = url_for('activate_account', username=u.username, code=verify_code, _external=True) pu.send_welcome_email(first_name, url) rqu_email_vars = { 'name': requesting_user.first_name, 'pu_first_name': first_name, 'pu_last_name': last_name, 'pu_username': pu.username, 'pu_college': College(pu.college).name, 'pu_email': pu.email, 'pu_team': pu.team } mailer.email_template(requesting_user.email, 'user_requested', rqu_email_vars) return "{}", 202 else: return json.dumps({"error":"YOU_CANT_REGISTER_USERS"}),403 else: return ah.auth_error_json, 403
def test_is_email_used_pending_user(self): email = '*****@*****.**' pu = PendingUser('pu') pu.college = 'c' pu.team = 't' pu.teacher_username = '******' pu.verify_code = 'vc' pu.email = email pu.save() used = helpers.email_used(email) assert used == True
def test_registration_rq_from_student(): test_helpers.delete_db() params = {"username":"******", "password":"******", "first_name":"register", "last_name":"this.user", "email":"*****@*****.**", "team":"team-ABC", "college":"college-1"} r,data = test_helpers.server_post("/registrations", params) status = r.status assert status == 403 assert 'YOU_CANT_REGISTER_USERS' in data assert len(test_helpers.get_registrations()) == 0 try: created = User.create_user('2_rt1') assert False, "Should not have created user" except: pass pending = PendingUser('2_rt1') assert not pending.in_db test_helpers.assert_no_emails()
def test_registration_email_in_use(): params = {"username":"******", "password":"******", "first_name":NEW_USER_FNAME, "last_name":NEW_USER_LNAME, "email":"*****@*****.**", # student_coll2_2 "team":"team-ABC", "college":"college-1"} r,data = test_helpers.server_post("/registrations", params) assert r.status == 403 assert 'DETAILS_ALREADY_USED' in data assert len(test_helpers.get_registrations()) == 0 try: created = User.create_user('1_rt1') assert False, "Should not have created user" except: pass pending = PendingUser('1_rt1') assert not pending.in_db test_helpers.assert_no_emails()
def test_registration_bad_frist_name(): params = {"username":"******", "password":"******", "first_name":NEW_USER_FNAME, "last_name":'2'+NEW_USER_LNAME, "email":"*****@*****.**", "team":"team-ABC", "college":"college-1"} r,data = test_helpers.server_post("/registrations", params) assert r.status == 403 assert 'BAD_LAST_NAME' in data assert len(test_helpers.get_registrations()) == 0 try: created = User.create_user('1_rt1') assert False, "Should not have created user" except: pass pending = PendingUser('1_rt1') assert not pending.in_db test_helpers.assert_no_emails()
def test_empty_at_start(): pu = PendingUser('abc') assert pu.in_db == False assert pu.teacher_username is None assert pu.college is None assert pu.email is None assert pu.team is None assert pu.verify_code is None
def form_helper(rq_user, rq_pass, new_fname, new_lname): new_email = "*****@*****.**" params = { "username": rq_user, "password": rq_pass, "first_name": new_fname, "last_name": new_lname, "email": new_email, "team": "team-ABC", "college": "college-1" } r, data = test_helpers.server_post("/registrations", params) status = r.status assert status == 202, data created = User.create_user('1_rt1') assert created.email == '' pending = PendingUser('1_rt1') assert pending.email == "*****@*****.**" assert pending.team == "team-ABC" assert pending.college == "college-1" email_datas = test_helpers.last_n_emails(2) student_ps = email_datas[0] template = student_ps.template_name assert template == 'new_user' to = student_ps.toaddr assert to == new_email vars = student_ps.template_vars assert new_fname == vars['name'] vcode = pending.verify_code assert vcode in vars['activation_url'] test_helpers.assert_load_template(template, vars) teacher = User.create_user(rq_user) teacher_ps = email_datas[1] template = teacher_ps.template_name assert template == 'user_requested' to = teacher_ps.toaddr assert to == teacher.email vars = teacher_ps.template_vars assert new_fname == vars['pu_first_name'] assert new_lname == vars['pu_last_name'] assert new_email == vars['pu_email'] assert '1_rt1' == vars['pu_username'] assert 'team-ABC' == vars['pu_team'] assert 'college the first' == vars['pu_college'] vars_str = teacher_ps.template_vars_json assert vcode not in vars_str, "Should not contain the verification code." test_helpers.assert_load_template(template, vars)
def create_pending_user(name='abc'): pu = PendingUser(name) pu.teacher_username = '******' pu.college = 'college-1' pu.team = 'team-ABC' pu.email = name + '@srobo.org' pu.verify_code = 'bibble' return pu
def email_used(email): if User.email_used(email): return True if any(pe.new_email == email for pe in PendingEmail.ListAll()): return True if any(pu.email == email for pu in PendingUser.ListAll()): return True return False
def test_update(): test_creation() new_team = 'team-XYZ' pu = PendingUser('abc') pu.team = new_team pu.save() pu = PendingUser('abc') assert pu.team == new_team
def clear_old_registrations(): for pu in PendingUser.ListAll(): # deliberately a larger delta than we restrict against to avoid # accidentally removing vaild entries if pu.age > timedelta(days=3): log_action('expiring registration', pu) pu.delete() expired = User(pu.username) expired.delete() team_leader = User(pu.teacher_username) inform_team_lead_registration_expired(team_leader, expired)
def create_pending_user(name = 'abc'): pu = PendingUser(name) pu.teacher_username = '******' pu.college = 'college-1' pu.team = 'team-ABC' pu.email = name + '@srobo.org' pu.verify_code = 'bibble' return pu
def test_delete(): test_creation() pu = PendingUser('abc') pu.delete() assert not pu.in_db pu = PendingUser('abc') assert not pu.in_db
def test_creation(): pu = PendingUser("abc") pu.teacher_username = "******" pu.college = "college-1" pu.team = "team-ABC" pu.email = "*****@*****.**" pu.verify_code = "bibble" pu.save() assert pu.in_db pu = PendingUser("abc") assert pu.in_db assert pu.username == "abc" assert pu.teacher_username == "jim" assert pu.college == "college-1" assert pu.team == "team-ABC" assert pu.email == "*****@*****.**" assert pu.verify_code == "bibble" assert pu.age > timedelta() assert pu.age < timedelta(minutes=1)
def test_one_listed(): test_creation() all_list = PendingUser.ListAll() assert len(all_list) == 1 pu = all_list[0] assert type(pu) == PendingUser assert pu.in_db assert pu.username == 'abc' assert pu.teacher_username == 'jim' assert pu.college == 'college-1' assert pu.team == 'team-ABC' assert pu.email == '*****@*****.**' assert pu.verify_code == 'bibble'
def clear_old_registrations(): # deliberately a larger delta than we restrict against to avoid # accidentally removing vaild entries activation_days = config.getint('nemesis', 'activation_days') activation_days += 0.5 max_age = timedelta(days=activation_days) for pu in PendingUser.ListAll(): if pu.age > max_age: log_action('expiring registration', pu) pu.delete() expired = User(pu.username) expired.delete() inform_competitor_registration_expired(pu.email, expired) team_leader = User(pu.teacher_username) inform_team_lead_registration_expired(team_leader, expired)
def test_properties(): pu = PendingUser('abc') pu.teacher_username = '******' pu.college = 'college-1' pu.team = 'team-ABC' pu.email = '*****@*****.**' pu.verify_code = 'bibble' assert pu.username == 'abc' assert pu.teacher_username == 'jim' assert pu.college == 'college-1' assert pu.team == 'team-ABC' assert pu.email == '*****@*****.**' assert pu.verify_code == 'bibble' assert pu.age == timedelta()
def test_str(): pu = PendingUser('abc') pu.teacher_username = '******' pu.college = 'college-1' pu.team = 'team-ABC' pu.email = '*****@*****.**' pu.verify_code = 'bibble' as_str = str(pu) assert 'PendingUser' in as_str assert 'abc' in as_str assert 'jim' in as_str assert 'college-1' in as_str assert 'team-ABC' in as_str assert '*****@*****.**' in as_str assert 'bibble' in as_str
def test_activate_success(): username = '******' rq_user = User.create_user("teacher_coll1", "facebees") cu = User.create_new_user(rq_user, 'college-1', 'James', 'Activate') assert cu.username == username pu = create_pending_user(username) pu.save() r, data = test_helpers.server_get("/activate/" + username + "/bibble") status = r.status assert status == 200, data u = User(username) email = u.email assert pu.email == email teams = [t.name for t in u.teams] assert pu.team in teams colleges = u.colleges assert pu.college in colleges students = srusers.group('students').members assert username in students pu = PendingUser(username) assert not pu.in_db, "registration DB entry should have been removed" # ensure we sent the team-leader a confirmation ps = test_helpers.last_email() toaddr = ps.toaddr tl_email = rq_user.email assert toaddr == tl_email vars = ps.template_vars tl_name = rq_user.first_name assert tl_name == vars['name'] first_name = cu.first_name assert first_name == vars['au_first_name'] last_name = cu.last_name assert last_name == vars['au_last_name'] assert username == vars['au_username'] template = ps.template_name assert template == 'user_activated_team_leader'
def test_properties(): pu = PendingUser("abc") pu.teacher_username = "******" pu.college = "college-1" pu.team = "team-ABC" pu.email = "*****@*****.**" pu.verify_code = "bibble" assert pu.username == "abc" assert pu.teacher_username == "jim" assert pu.college == "college-1" assert pu.team == "team-ABC" assert pu.email == "*****@*****.**" assert pu.verify_code == "bibble" assert pu.age == timedelta()
def test_str(): pu = PendingUser("abc") pu.teacher_username = "******" pu.college = "college-1" pu.team = "team-ABC" pu.email = "*****@*****.**" pu.verify_code = "bibble" as_str = str(pu) assert "PendingUser" in as_str assert "abc" in as_str assert "jim" in as_str assert "college-1" in as_str assert "team-ABC" in as_str assert "*****@*****.**" in as_str assert "bibble" in as_str
def test_clear_old_registrations(self): first_name = 'old' last_name = 'user' old_user = srusers.user('old') old_user.cname = first_name old_user.sname = last_name old_user.email = '' # match what libnemesis does when registering users old_user.save() old_team_leader = User('teacher_coll1') pu = PendingUser('old') email = '*****@*****.**' pu.teacher_username = old_team_leader.username pu.college = 'college-1' pu.team = 'team-ABC' pu.email = email pu.verify_code = 'bibble-old' pu.save() self._make_old('registrations', 'old') pu = PendingUser('abc') pu.teacher_username = '******' pu.college = 'new-college-1' pu.team = 'team-NEW' pu.email = '*****@*****.**' pu.verify_code = 'bibble' pu.save() helpers.clear_old_registrations() pu = PendingUser('old') assert not pu.in_db pu = PendingUser('abc') assert pu.in_db emails = last_n_emails(2) # Check we emailed the competitor ps = emails[0] toaddr = ps.toaddr assert email == toaddr vars = ps.template_vars assert first_name == vars['name'] template = ps.template_name assert template == 'registration_expired' assert_load_template(template, vars) # Check we emailed the team leader ps = emails[1] toaddr = ps.toaddr team_lead_email = old_team_leader.email assert toaddr == team_lead_email vars = ps.template_vars team_lead_first = old_team_leader.first_name assert team_lead_first == vars['name'] assert first_name == vars['pu_first_name'] assert last_name == vars['pu_last_name'] template = ps.template_name assert template == 'registration_expired_team_leader' assert_load_template(template, vars)
def test_none_listed_at_start(): all_list = PendingUser.ListAll() assert len(all_list) == 0
def test_invalid_property(): pu = PendingUser('abc') print(pu.bacon)
def test_creation(): pu = PendingUser('abc') pu.teacher_username = '******' pu.college = 'college-1' pu.team = 'team-ABC' pu.email = '*****@*****.**' pu.verify_code = 'bibble' pu.save() assert pu.in_db pu = PendingUser('abc') assert pu.in_db assert pu.username == 'abc' assert pu.teacher_username == 'jim' assert pu.college == 'college-1' assert pu.team == 'team-ABC' assert pu.email == '*****@*****.**' assert pu.verify_code == 'bibble' assert pu.age > timedelta() assert pu.age < timedelta(minutes=1)
def test_clear_old_registrations(self): first_name = 'old' last_name = 'user' old_user = srusers.user('old') old_user.cname = first_name old_user.sname = last_name old_user.email = '' old_user.save() old_team_leader = User('teacher_coll1') pu = PendingUser('old') pu.teacher_username = old_team_leader.username pu.college = 'college-1' pu.team = 'team-ABC' pu.email = '*****@*****.**' pu.verify_code = 'bibble-old' pu.save() self._make_old('registrations', 'old') pu = PendingUser('abc') pu.teacher_username = '******' pu.college = 'new-college-1' pu.team = 'team-NEW' pu.email = '*****@*****.**' pu.verify_code = 'bibble' pu.save() helpers.clear_old_registrations() pu = PendingUser('old') assert not pu.in_db pu = PendingUser('abc') assert pu.in_db ps = last_email() toaddr = ps.toaddr team_lead_email = old_team_leader.email assert toaddr == team_lead_email vars = ps.template_vars team_lead_first = old_team_leader.first_name assert team_lead_first == vars['name'] assert first_name == vars['pu_first_name'] assert last_name == vars['pu_last_name'] template = ps.template_name assert template == 'registration_expired'
def register_user(): ah = AuthHelper(request) if not ah.auth_will_succeed: return ah.auth_error_json, 403 requesting_user = ah.user if not requesting_user.can_register_users: return json.dumps({"error": "YOU_CANT_REGISTER_USERS"}), 403 teacher_username = requesting_user.username college_group = request.form["college"].strip() first_name = request.form["first_name"].strip() last_name = request.form["last_name"].strip() email = request.form["email"].strip() team = request.form["team"].strip() if College(college_group) not in requesting_user.colleges: return json.dumps({"error": "BAD_COLLEGE"}), 403 if team not in [t.name for t in College(college_group).teams]: return json.dumps({"error": "BAD_TEAM"}), 403 if not helpers.is_email_valid(email): return json.dumps({"error": "BAD_EMAIL"}), 403 if not helpers.is_name_valid(first_name): return json.dumps({"error": "BAD_FIRST_NAME"}), 403 if not helpers.is_name_valid(last_name): return json.dumps({"error": "BAD_LAST_NAME"}), 403 if User.name_used(first_name, last_name) or helpers.email_used(email): return json.dumps({"error": "DETAILS_ALREADY_USED"}), 403 u = User.create_new_user(requesting_user, college_group, first_name, last_name) verify_code = helpers.create_verify_code(u.username, email) pu = PendingUser(u.username) pu.teacher_username = teacher_username pu.college = college_group pu.email = email pu.team = team pu.verify_code = verify_code pu.save() log_action('registering user', pu) url = url_for('activate_account', username=u.username, code=verify_code, _external=True) pu.send_welcome_email(first_name, url) rqu_email_vars = { 'name': requesting_user.first_name, 'pu_first_name': first_name, 'pu_last_name': last_name, 'pu_username': pu.username, 'pu_college': College(pu.college).name, 'pu_email': pu.email, 'pu_team': pu.team } mailer.email_template(requesting_user.email, 'user_requested', rqu_email_vars) return "{}", 202