def test_user_get_wrong_user():
params = {"username":"******",
"password":"******",
}
r,data = test_helpers.server_get("/user/student_coll1_1", params)
assert r.status == 403
def test_activate_wrong_code():
pu = create_pending_user()
pu.save()
r,data = test_helpers.server_get("/activate/abc/bees")
status = r.status
assert status == 403, data
def test_user_get_valid_teacher_body(self):
resp = helpers.server_get("/user/student_coll1_1", {"token":self.auth_hash})
body = resp.read()
print body
hash = json.loads(body)
self.assertEqual(hash["full_name"], "student1 student")
self.assertEqual(hash["email"], "*****@*****.**")
def test_colleges_blueshirt():
params = {"username": "******", "password": "******"}
r, data = test_helpers.server_get("/colleges", params)
print r.status
print data
assert r.status == 200
assert len(json.loads(data)["colleges"]) == 2
def test_college_403_bad_creds():
params = {"username":"******",
"password":"******"}
r, data = test_helpers.server_get("/colleges/college-1", params)
assert r.status == 403
def test_colleges_no_user():
params = {}
r, data = test_helpers.server_get("/colleges", params)
print r, data
assert r.status == 403
def test_activate_wrong_code():
pu = create_pending_user()
pu.save()
r, data = test_helpers.server_get("/activate/abc/bees")
status = r.status
assert status == 403, data
def test_user_get_blueshirt_wrong_password():
params = {"username":"******",
"password":"******",
}
r,data = test_helpers.server_get("/user/blueshirt", params)
assert r.status == 403
def test_college_blueshirt_can_see_any_college():
params = {"username": "******", "password": "******"}
r, data = test_helpers.server_get("/colleges/college-2", params)
assert r.status == 200
resp = json.loads(data)
assert "users" not in resp.keys()
def test_user_get_other_can_view():
params = {"username":"******",
"password":"******",
}
r,data = test_helpers.server_get("/user/student_coll1_1", params)
assert r.status == 200
assert data.find("student_coll1_1") != -1
def test_user_get_wrong_user():
params = {
"username": "******",
"password": "******",
}
r, data = test_helpers.server_get("/user/student_coll1_1", params)
assert r.status == 403
def test_colleges_blueshirt():
params = {"username": "******", "password": "******"}
r, data = test_helpers.server_get("/colleges", params)
print(r.status)
print(data)
assert r.status == 200
colleges = sorted(json.loads(data)["colleges"])
assert colleges == ["college-1", "college-2"]
def test_user_get_blueshirt_wrong_password():
params = {
"username": "******",
"password": "******",
}
r, data = test_helpers.server_get("/user/blueshirt", params)
assert r.status == 403
def test_college_blueshirt_can_see_any_college():
params = {"username":"******",
"password":"******"}
r, data = test_helpers.server_get("/colleges/college-2", params)
assert r.status == 200
resp = json.loads(data)
assert "users" not in resp.keys()
def test_user_colleges():
params = {"username":"******",
"password":"******",
}
r,data = test_helpers.server_get("/user/blueshirt", params)
data = json.loads(data)
assert r.status == 200
assert "college-1" in data[u"colleges"]
def test_user_withdrawn_false():
params = {"username":"******",
"password":"******",
}
r,data = test_helpers.server_get("/user/teacher_coll2", params)
data = json.loads(data)
assert r.status == 200
assert not data['has_withdrawn']
def test_user_post_set_email_email(self):
args_hash = {}
args_hash["token"] = self.auth_hash
args_hash["email"] = "sam@sam" + str(random.randint(0,10000)) + ".com"
resp = helpers.server_post("/user/student_coll2_2", args_hash)
self.assertEqual(resp.status, 200)
resp = helpers.server_get("/user/student_coll2_2", {"token":self.auth_hash})
body = json.loads(resp.read())
self.assertEqual(body["email"], args_hash["email"])
def test_user_get_self_wrong_case():
"""
Tests that when a user auths with the wrong case,
and requests the wrong case of username in the url,
we still respond with the correctly cased data.
"""
params = {"username": "******", "password": "******"}
r, data = test_helpers.server_get("/user/studenT_coll1_1", params)
assert r.status == 200
assert data.find("student_coll1_1") != -1
def test_user_teams():
params = {"username":"******",
"password":"******",
}
r,data = test_helpers.server_get("/user/student_coll1_1", params)
data = json.loads(data)
assert r.status == 200
assert ["team-ABC"] == data[u"teams"]
def test_college_teacher_cant_see_blueshirt():
params = {"username": "******", "password": "******"}
r, data = test_helpers.server_get("/colleges/college-1", params)
assert r.status == 200
resp = json.loads(data)
assert resp["name"] == "college the first"
assert "blueshirt" not in set(resp["users"])
def test_user_colleges():
params = {
"username": "******",
"password": "******",
}
r, data = test_helpers.server_get("/user/blueshirt", params)
data = json.loads(data)
assert r.status == 200
assert "college-1" in data[u"colleges"]
def test_get_college_body(self):
resp = helpers.server_get("/college", {"token":self.auth_hash})
obj = json.loads(resp.read())
self.assertTrue(obj.has_key("userids"))
self.assertTrue("teacher_coll1" in obj["userids"])
self.assertTrue("student_coll1_1" in obj["userids"])
self.assertTrue("student_coll1_2" in obj["userids"])
self.assertEqual(obj["college_name"], "college the first")
self.assertTrue("team-ABC" in obj["teams"])
self.assertTrue("team-DFE" in obj["teams"])
def test_user_withdrawn_false():
params = {
"username": "******",
"password": "******",
}
r, data = test_helpers.server_get("/user/teacher_coll2", params)
data = json.loads(data)
assert r.status == 200
assert not data['has_withdrawn']
def test_user_get_self_wrong_case():
"""
Tests that when a user auths with the wrong case,
and requests the wrong case of username in the url,
we still respond with the correctly cased data.
"""
params = {"username":"******",
"password":"******"}
r,data = test_helpers.server_get("/user/studenT_coll1_1", params)
assert r.status == 200
assert data.find("student_coll1_1") != -1
def test_user_teams():
params = {
"username": "******",
"password": "******",
}
r, data = test_helpers.server_get("/user/student_coll1_1", params)
data = json.loads(data)
assert r.status == 200
assert ["team-ABC"] == data[u"teams"]
def test_verify_outdated_request(self):
with sqlite_connect() as conn:
cur = conn.cursor()
statement = "INSERT INTO password_resets (username, requestor_username, request_time, verify_code) VALUES (?,?,?, ?)"
days = config.getint('nemesis', 'password_reset_days')
old = datetime.datetime.now() - datetime.timedelta(days = days + 2)
arguments = ('abc', 'blueshirt', old.strftime('%Y-%m-%d %H:%M:%S'), 'bees')
cur.execute(statement, arguments)
conn.commit()
r, data = test_helpers.server_get("/reset_password/abc/bees")
self.assertEqual(410, r.status, data)
def test_college_teacher_can_see_students_and_self():
params = {"username": "******", "password": "******"}
r, data = test_helpers.server_get("/colleges/college-1", params)
assert r.status == 200
resp = json.loads(data)
assert resp["name"] == "college the first"
assert "teacher_coll1" in set(resp["users"])
assert "student_coll1_1" in set(resp["users"])
assert "student_coll1_2" in set(resp["users"])
def test_user_properties_student():
params = {"username":"******",
"password":"******",
}
r,data = test_helpers.server_get("/user/student_coll1_1", params)
data = json.loads(data)
assert r.status == 200
assert data['is_student']
assert not data['is_team_leader']
assert not data['is_blueshirt']
def test_user_get_checks_same_email():
username = "******"
new_email = User(username).email
setup_new_email(username, new_email, 'bees')
params = {"username": username, "password": "******"}
r, data = test_helpers.server_get("/user/student_coll1_1", params)
assert r.status == 200, data
user_info = json.loads(data)
assert not user_info.has_key('new_email'), \
"Should not have a new_email key when the new one and the current one match"
def test_verify_outdated_request():
conn = test_helpers.sqlite_connect()
cur = conn.cursor()
statement = "INSERT INTO email_changes (username, new_email, request_time, verify_code) VALUES (?,?,?, ?)"
old = datetime.datetime.now() - datetime.timedelta(days = 4)
arguments = ('abc', '*****@*****.**', old.strftime('%Y-%m-%d %H:%M:%S'), 'bees')
cur.execute(statement, arguments)
conn.commit()
r,data = test_helpers.server_get("/verify/abc/bees")
status = r.status
assert status == 410, data
def test_college_teacher_cant_see_blueshirt():
params = {"username":"******",
"password":"******"}
r, data = test_helpers.server_get("/colleges/college-1", params)
assert r.status == 200
resp = json.loads(data)
assert resp["name"] == "college the first"
assert "blueshirt" not in set(resp["users"])
def test_college_teacher_can_see_students_and_self():
params = {"username":"******",
"password":"******"}
r, data = test_helpers.server_get("/colleges/college-1", params)
assert r.status == 200
resp = json.loads(data)
assert resp["name"] == "college the first"
assert "teacher_coll1" in set(resp["users"])
assert "student_coll1_1" in set(resp["users"])
assert "student_coll1_2" in set(resp["users"])
def test_user_get_checks_same_email():
username = "******"
new_email = User(username).email
setup_new_email(username, new_email, 'bees')
params = {"username":username,
"password":"******"}
r,data = test_helpers.server_get("/user/student_coll1_1", params)
assert r.status == 200, data
user_info = json.loads(data)
assert not user_info.has_key('new_email'), \
"Should not have a new_email key when the new one and the current one match"
def test_college_valid_user():
params = {"username": "******", "password": "******"}
r, data = test_helpers.server_get("/colleges/college-1", params)
assert r.status == 200
resp = json.loads(data)
assert resp["name"] == "college the first"
assert len(resp["users"]) == 1
assert resp["users"][0] == "student_coll1_1"
assert len(resp["teams"]) == 2
assert sorted(resp["teams"]) == sorted(["team-ABC", "team-DFE"])
def test_user_properties_blueshirt():
params = {
"username": "******",
"password": "******",
}
r, data = test_helpers.server_get("/user/blueshirt", params)
data = json.loads(data)
assert r.status == 200
assert data['is_blueshirt']
assert not data['is_student']
assert not data['is_team_leader']
def test_email_changed_in_user_get():
username = "******"
new_email = '*****@*****.**'
setup_new_email(username, new_email, 'bees')
params = {"username": username, "password": "******"}
r, data = test_helpers.server_get("/user/student_coll1_1", params)
assert r.status == 200, data
user_info = json.loads(data)
user_new_email = user_info['new_email']
assert user_new_email == new_email
def test_verify_outdated_request(self):
with sqlite_connect() as conn:
cur = conn.cursor()
statement = "INSERT INTO password_resets (username, requestor_username, request_time, verify_code) VALUES (?,?,?, ?)"
days = config.getint('nemesis', 'password_reset_days')
old = datetime.datetime.now() - datetime.timedelta(days=days + 2)
arguments = ('abc', 'blueshirt', old.strftime('%Y-%m-%d %H:%M:%S'),
'bees')
cur.execute(statement, arguments)
conn.commit()
r, data = test_helpers.server_get("/reset_password/abc/bees")
self.assertEqual(410, r.status, data)
def test_verify_outdated_request():
conn = sqlite_connect()
cur = conn.cursor()
statement = "INSERT INTO email_changes (username, new_email, request_time, verify_code) VALUES (?,?,?, ?)"
days = config.getint('nemesis', 'email_change_days')
old = datetime.datetime.now() - datetime.timedelta(days=days + 2)
arguments = ('abc', '*****@*****.**', old.strftime('%Y-%m-%d %H:%M:%S'),
'bees')
cur.execute(statement, arguments)
conn.commit()
r, data = test_helpers.server_get("/verify/abc/bees")
status = r.status
assert status == 410, data
def test_college_valid_user():
params = {"username":"******",
"password":"******"}
r, data = test_helpers.server_get("/colleges/college-1", params)
assert r.status == 200
resp = json.loads(data)
assert resp["name"] == "college the first"
assert len(resp["users"]) == 1
assert resp["users"][0] == "student_coll1_1"
assert len(resp["teams"]) == 2
assert sorted(resp["teams"]) == sorted(["team-ABC", "team-DFE"])
def test_email_changed_in_user_get():
username = "******"
new_email = '*****@*****.**'
setup_new_email(username, new_email, 'bees')
params = {"username":username,
"password":"******"}
r,data = test_helpers.server_get("/user/student_coll1_1", params)
assert r.status == 200, data
user_info = json.loads(data)
user_new_email = user_info['new_email']
assert user_new_email == new_email
def test_user_get_other_can_view():
# Set up a pending email for the student
pe = PendingEmail('student_coll1_1')
pe.new_email = '*****@*****.**'
pe.verify_code = 'bibble'
pe.save()
params = {"username":"******",
"password":"******",
}
r,data = test_helpers.server_get("/user/student_coll1_1", params)
assert r.status == 200
assert data.find("student_coll1_1") != -1
assert 'email' not in data
assert 'new_email' not in data
def test_email_changed_in_user_get_wrong_case():
"""
Tests that when the user is requested with the wrong case,
we still return the correct information about their pending email.
"""
new_email = '*****@*****.**'
setup_new_email("student_coll1_1", new_email, 'bees')
params = {"username": "******", "password": "******"}
r, data = test_helpers.server_get("/user/Student_Coll1_1", params)
assert r.status == 200, data
user_info = json.loads(data)
user_new_email = user_info['new_email']
assert user_new_email == new_email
def test_user_get_other_can_view():
# Set up a pending email for the student
pe = PendingEmail('student_coll1_1')
pe.new_email = '*****@*****.**'
pe.verify_code = 'bibble'
pe.save()
params = {
"username": "******",
"password": "******",
}
r, data = test_helpers.server_get("/user/student_coll1_1", params)
assert r.status == 200
assert data.find("student_coll1_1") != -1
assert 'email' not in data
assert 'new_email' not in data
def test_email_changed_in_user_get_wrong_case():
"""
Tests that when the user is requested with the wrong case,
we still return the correct information about their pending email.
"""
new_email = '*****@*****.**'
setup_new_email("student_coll1_1", new_email, 'bees')
params = {"username":"******",
"password":"******"}
r,data = test_helpers.server_get("/user/Student_Coll1_1", params)
assert r.status == 200, data
user_info = json.loads(data)
user_new_email = user_info['new_email']
assert user_new_email == new_email
def test_activate_success():
username = '******'
rq_user = User.create_user("teacher_coll1", "facebees")
cu = User.create_new_user(rq_user, 'college-1', 'James', 'Activate')
assert cu.username == username
pu = create_pending_user(username)
pu.save()
r, data = test_helpers.server_get("/activate/" + username + "/bibble")
status = r.status
assert status == 200, data
u = User(username)
email = u.email
assert pu.email == email
teams = [t.name for t in u.teams]
assert pu.team in teams
colleges = u.colleges
assert pu.college in colleges
students = srusers.group('students').members
assert username in students
pu = PendingUser(username)
assert not pu.in_db, "registration DB entry should have been removed"
# ensure we sent the team-leader a confirmation
ps = test_helpers.last_email()
toaddr = ps.toaddr
tl_email = rq_user.email
assert toaddr == tl_email
vars = ps.template_vars
tl_name = rq_user.first_name
assert tl_name == vars['name']
first_name = cu.first_name
assert first_name == vars['au_first_name']
last_name = cu.last_name
assert last_name == vars['au_last_name']
assert username == vars['au_username']
template = ps.template_name
assert template == 'user_activated_team_leader'
def test_activate_success():
username = '******'
rq_user = User.create_user("teacher_coll1", "facebees")
cu = User.create_new_user(rq_user, 'college-1', 'James', 'Activate')
assert cu.username == username
pu = create_pending_user(username)
pu.save()
r,data = test_helpers.server_get("/activate/" + username + "/bibble")
status = r.status
assert status == 200, data
u = User(username)
email = u.email
assert pu.email == email
teams = [t.name for t in u.teams]
assert pu.team in teams
colleges = u.colleges
assert pu.college in colleges
students = srusers.group('students').members
assert username in students
pu = PendingUser(username)
assert not pu.in_db, "registration DB entry should have been removed"
# ensure we sent the team-leader a confirmation
ps = test_helpers.last_email()
toaddr = ps.toaddr
tl_email = rq_user.email
assert toaddr == tl_email
vars = ps.template_vars
tl_name = rq_user.first_name
assert tl_name == vars['name']
first_name = cu.first_name
assert first_name == vars['au_first_name']
last_name = cu.last_name
assert last_name == vars['au_last_name']
assert username == vars['au_username']
template = ps.template_name
assert template == 'user_activated_team_leader'
def test_verify_success():
username = "******"
old_email = User(username).email
new_email = "*****@*****.**"
setup_new_email('student_coll1_1', new_email, 'bees')
r, data = test_helpers.server_get("/verify/" + username + "/bees")
status = r.status
assert status == 200, data
u = User(username)
email = u.email
# restore the original first
u.set_email(old_email)
u.save()
assert email == new_email
def test_verify_success():
username = "******"
old_email = User(username).email
new_email = "*****@*****.**"
setup_new_email('student_coll1_1', new_email, 'bees')
r,data = test_helpers.server_get("/verify/" + username + "/bees")
status = r.status
assert status == 200, data
u = User(username)
email = u.email
# restore the original first
u.set_email(old_email)
u.save()
assert email == new_email
def test_verify_success(self):
username = "******"
setup_password_reset(username, 'bees')
r, data = test_helpers.server_get("/reset_password/" + username + "/bees")
self.assertEqual(200, r.status, data)
try:
match = re.search(r'"password": "******"]+)"', data)
self.assertTrue(match, "Failed to extract password")
new_password = match.group(1)
user = User.create_user(username, new_password)
self.assertTrue(user.is_authenticated, "Wrong password ({0}) found in page!".format(new_password))
finally:
User(username).set_password('cows')
ppr = PendingPasswordReset('student_coll1_1')
self.assertFalse(ppr.in_db, "{0} should no longer in the database.".format(ppr))
def test_user_withdrawn_true():
username = '******'
sru = srusers.user(username)
sru.cname = 'to'
sru.sname = 'consent'
sru.email = ''
sru.save()
for gid in ['students', 'withdrawn', 'college-2']:
g = srusers.group(gid)
g.user_add(sru)
g.save()
params = {"username":"******",
"password":"******",
}
r,data = test_helpers.server_get("/user/to-withdraw", params)
data = json.loads(data)
assert r.status == 200
assert data['has_withdrawn']
def test_user_withdrawn_true():
username = '******'
sru = srusers.user(username)
sru.cname = 'to'
sru.sname = 'consent'
sru.email = ''
sru.save()
for gid in ['students', 'withdrawn', 'college-2']:
g = srusers.group(gid)
g.user_add(sru)
g.save()
params = {
"username": "******",
"password": "******",
}
r, data = test_helpers.server_get("/user/to-withdraw", params)
data = json.loads(data)
assert r.status == 200
assert data['has_withdrawn']
def test_verify_success(self):
username = "******"
setup_password_reset(username, 'bees')
r, data = test_helpers.server_get("/reset_password/" + username +
"/bees")
self.assertEqual(200, r.status, data)
try:
match = re.search(r'"password": "******"]+)"', data)
self.assertTrue(match, "Failed to extract password")
new_password = match.group(1)
user = User.create_user(username, new_password)
self.assertTrue(
user.is_authenticated,
"Wrong password ({0}) found in page!".format(new_password))
finally:
User(username).set_password('cows')
ppr = PendingPasswordReset('student_coll1_1')
self.assertFalse(ppr.in_db,
"{0} should no longer in the database.".format(ppr))
def test_activate_needs_registration():
r, data = test_helpers.server_get("/activate/nope/bees")
status = r.status
assert status == 404, data
def test_colleges_student_cant_access():
params = {"username": "******", "password": "******"}
r, data = test_helpers.server_get("/colleges", params)
assert r.status == 403
def test_colleges_teacher_cant_access():
params = {"username": "******", "password": "******"}
r, data = test_helpers.server_get("/colleges", params)
assert r.status == 403
def test_colleges_no_password():
params = {"username": "******"}
r, data = test_helpers.server_get("/colleges", params)
assert r.status == 403
def test_college_no_user():
params = {}
r, data = test_helpers.server_get("/colleges/college-1", params)
data = json.loads(data)
assert r.status == 403
