def setUp(self): super(TestNodeRelationshipInstitutions, self).setUp() self.institution2 = InstitutionFactory() self.institution1 = InstitutionFactory() self.user = AuthUserFactory() self.user.affiliated_institutions.append(self.institution1) self.user.affiliated_institutions.append(self.institution2) self.user.save() self.read_write_contributor = AuthUserFactory() self.read_write_contributor_institution = InstitutionFactory() self.read_write_contributor.affiliated_institutions.append(self.read_write_contributor_institution) self.read_write_contributor.save() self.read_only_contributor = AuthUserFactory() self.read_only_contributor_institution = InstitutionFactory() self.read_only_contributor.affiliated_institutions.append(self.read_only_contributor_institution) self.read_only_contributor.save() self.node = NodeFactory(creator=self.user) self.node.add_contributor(self.read_write_contributor, permissions=[permissions.WRITE]) self.node.add_contributor(self.read_only_contributor, permissions=[permissions.READ]) self.node.save() self.node_institutions_url = '/{0}nodes/{1}/relationships/institutions/'.format(API_BASE, self.node._id)
def test_set_user_config_fail(self, mock_connection): mock_connection.return_value = create_mock_connection('wrong', 'info') # Create a user with no settings user = AuthUserFactory() user.add_addon('dataverse') user_settings = user.get_addon('dataverse') url = api_url_for('dataverse_set_user_config') params = {'dataverse_username': '******', 'dataverse_password': '******'} # Post incorrect credentials to existing user res = self.app.post_json(url, params, auth=self.user.auth, expect_errors=True) self.user_settings.reload() # Original user's info has not changed assert_equal(res.status_code, http.UNAUTHORIZED) assert_equal(self.user_settings.dataverse_username, 'snowman') assert_equal(self.user_settings.dataverse_password, 'frosty') # Post incorrect credentials to new user res = self.app.post_json(url, params, auth=user.auth, expect_errors=True) user_settings.reload() # New user's incorrect credentials were not saved assert_equal(res.status_code, http.UNAUTHORIZED) assert_equal(user_settings.dataverse_username, None) assert_equal(user_settings.dataverse_password, None)
class TestUserSettingsModel(OsfTestCase): def setUp(self): super(TestUserSettingsModel, self).setUp() self.user = AuthUserFactory() self.user.add_addon('badges', override=True) self.usersettings = self.user.get_addon('badges') self.usersettings.save() def test_can_award(self): assert_false(self.usersettings.can_award) create_mock_badge(self.usersettings) assert_true(self.usersettings.can_award) def test_to_openbadge(self): self.user.fullname = 'HoneyBadger' self.user.username = '******' self.user.save() test = { 'name': 'HoneyBadger', 'email': '*****@*****.**' } assert_equal(self.usersettings.to_openbadge(), test) def test_badges(self): create_mock_badge(self.usersettings) create_mock_badge(self.usersettings) assert_equal(len(self.usersettings.badges), 2) create_mock_badge(self.usersettings) assert_equal(len(self.usersettings.badges), 3)
def test_set_user_config_fail(self, mock_connection): mock_connection.side_effect = UnauthorizedError('Bad credentials!') # Create a user with no settings user = AuthUserFactory() user.add_addon('dataverse') user_settings = user.get_addon('dataverse') url = api_url_for('dataverse_set_user_config') params = {'api_token': 'wrong-info'} # Post incorrect credentials to existing user res = self.app.post_json(url, params, auth=self.user.auth, expect_errors=True) self.user_settings.reload() # Original user's info has not changed assert_equal(res.status_code, http.UNAUTHORIZED) assert_equal(self.user_settings.api_token, 'snowman-frosty') # Post incorrect credentials to new user res = self.app.post_json(url, params, auth=user.auth, expect_errors=True) user_settings.reload() # New user's incorrect credentials were not saved assert_equal(res.status_code, http.UNAUTHORIZED) assert_equal(user_settings.api_token, None)
class TestAssertion(OsfTestCase): def setUp(self): super(TestAssertion, self).setUp() self.user = AuthUserFactory() self.user.add_addon('badges', override=True) self.usersettings = self.user.get_addon('badges', self.user.auth) self.usersettings.save() self.project = ProjectFactory() self.node_settings = self.project.get_addon('badges') create_mock_badge(self.usersettings) self.badge = self.usersettings.badges[0] def test_parent(self): assertion = BadgeAssertion.create(self.badge, self.project) assert_equals(assertion.badge, self.badge) def test_recipient(self): assertion = BadgeAssertion.create(self.badge, self.project) test_data = { 'idenity': self.project._id, 'type': 'osfnode', 'hashed': False } assert_equals(assertion.recipient, test_data) def test_awarder(self): assertion = BadgeAssertion.create(self.badge, self.project) assert_equals(assertion.awarder, self.usersettings)
def test_reviewer_can_update_nested_comment_fields_draft_registration(self): user = AuthUserFactory() user.system_tags.append(PREREG_ADMIN_TAG) user.save() payload = { "data": { "id": self.prereg_draft_registration._id, "type": "draft_registrations", "attributes": { "registration_metadata": { 'q7': { 'value': { 'question': { 'comments': [{'value': 'Add some clarity here.'}] } } } } } } } url = '/{}nodes/{}/draft_registrations/{}/'.format(API_BASE, self.public_project._id, self.prereg_draft_registration._id) res = self.app.put_json_api(url, payload, auth=user.auth, expect_errors=True) assert_equal(res.status_code, 200) assert_equal(res.json['data']['attributes']['registration_metadata']['q7']['value']['question']['comments'][0]['value'], 'Add some clarity here.')
def test_reviewer_cannot_update_nested_value_fields_draft_registration(self): user = AuthUserFactory() user.system_tags.append(PREREG_ADMIN_TAG) user.save() payload = { "data": { "id": self.prereg_draft_registration._id, "type": "draft_registrations", "attributes": { "registration_metadata": { 'q7': { 'value': { 'question': { 'value': 'This is the answer' } } } } } } } url = '/{}nodes/{}/draft_registrations/{}/'.format(API_BASE, self.public_project._id, self.prereg_draft_registration._id) res = self.app.put_json_api(url, payload, auth=user.auth, expect_errors=True) assert_equal(res.status_code, 400) assert_equal(res.json['errors'][0]['detail'], "Additional properties are not allowed (u'value' was unexpected)")
class TestUserGet(AdminTestCase): def setUp(self): super(TestUserGet, self).setUp() User.remove() self.user_1 = AuthUserFactory() self.auth = Auth(user=self.user_1) self.project = ProjectFactory(creator=self.user_1) self.project.add_unregistered_contributor( email='*****@*****.**', fullname='Weezy F. Baby', auth=self.auth ) self.user_3 = AuthUserFactory() self.user_3.date_confirmed = None self.user_3.save() self.user_4 = AuthUserFactory() def test_get_all_user_count(self): time_now = datetime.utcnow() count = get_all_user_count(time_now) nt.assert_equal(count, 4) def test_get_unregistered_users(self): count = get_unregistered_users() nt.assert_equal(count, 1)
class TestMenbibAuthViews(OsfTestCase): def setUp(self): self.app = TestApp(app) self.user = AuthUserFactory() self.app.authenticate(*self.user.auth) def test_menbib_oauth_start(self): url = api_url_for('menbib_oauth_start_user') res = self.app.get(url) assert_is_redirect(res) @mock.patch('website.addons.menbib.views.auth.finish_auth') def test_menbib_oauth_finish(self, mock_finish): mock_finish.return_value = AuthResult('mytokenabc', 'myrefreshabc', 'cool', '3600') url = api_url_for('menbib_oauth_finish') res = self.app.get(url) assert_is_redirect(res) def test_menbib_oauth_delete_user(self): self.user.add_addon('menbib') user_settings = self.user.get_addon('menbib') user_settings.access_token = '12345abc' assert_true(user_settings.has_auth) self.user.save() url = api_url_for('menbib_oauth_delete_user') res = self.app.delete(url) user_settings.reload() assert_false(user_settings.has_auth)
def setUp(self): super(TestSpamListView, self).setUp() Comment.remove() self.project = ProjectFactory(is_public=True) self.user_1 = AuthUserFactory() self.user_2 = AuthUserFactory() self.project.add_contributor(self.user_1) self.project.add_contributor(self.user_2) self.project.save() self.user_1.save() self.user_2.save() date = datetime.utcnow() self.comment_1 = CommentFactory(node=self.project, user=self.user_1) self.comment_2 = CommentFactory(node=self.project, user=self.user_1) self.comment_3 = CommentFactory(node=self.project, user=self.user_1) self.comment_4 = CommentFactory(node=self.project, user=self.user_1) self.comment_5 = CommentFactory(node=self.project, user=self.user_2) self.comment_6 = CommentFactory(node=self.project, user=self.user_2) self.comment_1.report_abuse(user=self.user_2, save=True, category="spam", date=date - timedelta(seconds=5)) self.comment_2.report_abuse(user=self.user_2, save=True, category="spam", date=date - timedelta(seconds=4)) self.comment_3.report_abuse(user=self.user_2, save=True, category="spam", date=date - timedelta(seconds=3)) self.comment_4.report_abuse(user=self.user_2, save=True, category="spam", date=date - timedelta(seconds=2)) self.comment_5.report_abuse(user=self.user_1, save=True, category="spam", date=date - timedelta(seconds=1)) self.comment_6.report_abuse(user=self.user_1, save=True, category="spam") self.request = RequestFactory().get("/fake_path") self.view = SpamList() self.view = setup_view(self.view, self.request, user_id=self.user_1._id)
class TestDataverseRestrictions(DataverseAddonTestCase, OsfTestCase): def setUp(self): super(DataverseAddonTestCase, self).setUp() # Nasty contributor who will try to access content that he shouldn't # have access to self.contrib = AuthUserFactory() self.project.add_contributor(self.contrib, auth=Auth(self.user)) self.project.save() @mock.patch('addons.dataverse.views.client.connect_from_settings') def test_restricted_set_dataset_not_owner(self, mock_connection): mock_connection.return_value = create_mock_connection() # Contributor has dataverse auth, but is not the node authorizer self.contrib.add_addon('dataverse') self.contrib.save() url = api_url_for('dataverse_set_config', pid=self.project._primary_key) params = { 'dataverse': {'alias': 'ALIAS1'}, 'dataset': {'doi': 'doi:12.3456/DVN/00002'}, } res = self.app.post_json(url, params, auth=self.contrib.auth, expect_errors=True) assert_equal(res.status_code, http.FORBIDDEN)
class TestGoogleDriveHgridViews(OsfTestCase): def setUp(self): super(TestGoogleDriveHgridViews, self).setUp() self.user = AuthUserFactory() self.user.add_addon('googledrive') self.project = ProjectFactory(creator=self.user) self.project.add_addon('googledrive', Auth(self.user)) self.node_settings = self.project.get_addon('googledrive') self.user_settings = self.user.get_addon('googledrive') self.node_settings.user_settings = self.user_settings self.user_settings.save() self.node_settings.save() # Log user in self.app.authenticate(*self.user.auth) @mock.patch('website.addons.googledrive.views.hgrid.GoogleDriveClient.folders') def test_googledrive_folders(self, mock_drive_client_folders): folderId = '12345' mock_drive_client_folders.return_value = mock_folders['items'] url = api_url_for('googledrive_folders', pid=self.project._primary_key, folderId=folderId) res = self.app.get(url, auth=self.user.auth) assert_equal(res.status_code, 200) assert_equal(len(res.json), len(mock_folders['items'])) @mock.patch('website.addons.googledrive.views.hgrid.GoogleDriveClient.about') def test_googledrive_folders_returns_only_root(self, mock_about): mock_about.return_value = {'rootFolderId': '24601'} url = self.project.api_url_for('googledrive_folders') res = self.app.get(url, auth=self.user.auth) assert_equal(len(res.json), 1) assert_equal(res.status_code, 200) assert_equal(res.json[0]['id'], '24601')
def test_set_config_not_owner(self, mock_metadata): mock_metadata.return_value = { 'data': { 'name': 'Fake Folder' } } user = AuthUserFactory() user.add_addon('zotero') self.project.add_contributor(user) self.project.save() res = self.app.put_json( self.project.api_url_for('zotero_set_config'), { 'external_account_id': self.account._id, 'external_list_id': 'list', }, auth=user.auth, ) self.node_addon.reload() assert_equal(self.user_addon, self.node_addon.user_settings) serializer = ZoteroSerializer(node_settings=self.node_addon, user_settings=None) result = { 'result': serializer.serialized_node_settings } assert_equal(res.json, result)
def test_confirm_non_contrib_viewers_dont_have_pid_in_comments_view_timestamp(self): non_contributor = AuthUserFactory() url = self.project.api_url_for("update_comments_timestamp") res = self.app.put_json(url, {"page": "node", "rootId": self.project._id}, auth=self.user.auth) non_contributor.reload() assert_not_in(self.project._id, non_contributor.comments_viewed_timestamp)
def test_revoke_remote_access_not_called(self, mock_decorator, mock_revoke): mock_decorator.return_value = self.user user2 = AuthUserFactory() user2.external_accounts.append(self.external_account) user2.save() self.user_settings.delete() assert_equal(mock_revoke.call_count, 0)
def test_claim_user_registered_with_correct_password(self): reg_user = AuthUserFactory() reg_user.set_password('killerqueen') reg_user.save() url = self.user.get_claim_url(self.project._primary_key) # Follow to password re-enter page res = self.app.get(url, auth=reg_user.auth).follow(auth=reg_user.auth) # verify that the "Claim Account" form is returned assert_in('Claim Contributor', res.body) form = res.forms['claimContributorForm'] form['password'] = '******' res = form.submit(auth=reg_user.auth).follow(auth=reg_user.auth) self.project.reload() self.user.reload() # user is now a contributor to the project assert_in(reg_user._primary_key, self.project.contributors) # the unregistered user (self.user) is removed as a contributor, and their assert_not_in(self.user._primary_key, self.project.contributors) # unclaimed record for the project has been deleted assert_not_in(self.project._primary_key, self.user.unclaimed_records)
class TestAuthViews(OsfTestCase): def setUp(self): self.app = TestApp(app) self.user = AuthUserFactory() self.app.authenticate(*self.user.auth) def test_mendeley_oauth_start(self): self.user.add_addon('mendeley') settings = self.user.get_addon('mendeley') settings.access_token = '12345abc' print settings.has_auth settings.save() # assert_true(settings.has_auth) url = views.mendeley_oauth_start(self) print url def test_mendeley_oauth_delete_user(self): pass def test_mendeley_oauth_delete_node(self): pass def test_mendeley_oauth_callback(self): pass
class TestUsers(ApiTestCase): def setUp(self): super(TestUsers, self).setUp() self.user_one = AuthUserFactory() self.user_two = AuthUserFactory() def tearDown(self): super(TestUsers, self).tearDown() def test_returns_200(self): res = self.app.get('/{}users/'.format(API_BASE)) assert_equal(res.status_code, 200) assert_equal(res.content_type, 'application/vnd.api+json') def test_find_user_in_users(self): url = "/{}users/".format(API_BASE) res = self.app.get(url) user_son = res.json['data'] ids = [each['id'] for each in user_son] assert_in(self.user_two._id, ids) def test_all_users_in_users(self): url = "/{}users/".format(API_BASE) res = self.app.get(url) user_son = res.json['data'] ids = [each['id'] for each in user_son] assert_in(self.user_one._id, ids) assert_in(self.user_two._id, ids) def test_find_multiple_in_users(self): url = "/{}users/?filter[fullname]=fred".format(API_BASE) res = self.app.get(url) user_json = res.json['data'] ids = [each['id'] for each in user_json] assert_in(self.user_one._id, ids) assert_in(self.user_two._id, ids) def test_find_single_user_in_users(self): url = "/{}users/?filter[fullname]=my".format(API_BASE) self.user_one.fullname = 'My Mom' self.user_one.save() res = self.app.get(url) user_json = res.json['data'] ids = [each['id'] for each in user_json] assert_in(self.user_one._id, ids) assert_not_in(self.user_two._id, ids) def test_find_no_user_in_users(self): url = "/{}users/?filter[fullname]=NotMyMom".format(API_BASE) res = self.app.get(url) user_json = res.json['data'] ids = [each['id'] for each in user_json] assert_not_in(self.user_one._id, ids) assert_not_in(self.user_two._id, ids)
def setUp(self): super(TestUserSpamListView, self).setUp() self.project = ProjectFactory(is_public=True) self.user_1 = AuthUserFactory() self.user_2 = AuthUserFactory() self.project.add_contributor(self.user_1) self.project.add_contributor(self.user_2) self.project.save() self.user_2.save() self.user_1.save() self.comment_1 = CommentFactory(node=self.project, user=self.user_1) self.comment_2 = CommentFactory(node=self.project, user=self.user_1) self.comment_3 = CommentFactory(node=self.project, user=self.user_1) self.comment_4 = CommentFactory(node=self.project, user=self.user_1) self.comment_5 = CommentFactory(node=self.project, user=self.user_2) self.comment_6 = CommentFactory(node=self.project, user=self.user_2) self.comment_1.report_abuse(user=self.user_2, save=True, category='spam') self.comment_2.report_abuse(user=self.user_2, save=True, category='spam') self.comment_3.report_abuse(user=self.user_2, save=True, category='spam') self.comment_4.report_abuse(user=self.user_2, save=True, category='spam') self.comment_5.report_abuse(user=self.user_1, save=True, category='spam') self.comment_6.report_abuse(user=self.user_1, save=True, category='spam')
def setUp(self): super(TestUserSpamListView, self).setUp() self.project = ProjectFactory(is_public=True) self.user_1 = AuthUserFactory() self.user_2 = AuthUserFactory() self.project.add_contributor(self.user_1) self.project.add_contributor(self.user_2) self.project.save() self.user_1.save() self.user_2.save() self.comment_1 = CommentFactory(node=self.project, user=self.user_1) self.comment_2 = CommentFactory(node=self.project, user=self.user_1) self.comment_3 = CommentFactory(node=self.project, user=self.user_1) self.comment_4 = CommentFactory(node=self.project, user=self.user_1) self.comment_5 = CommentFactory(node=self.project, user=self.user_2) self.comment_6 = CommentFactory(node=self.project, user=self.user_2) self.comment_1.report_abuse(user=self.user_2, save=True, category="spam") self.comment_2.report_abuse(user=self.user_2, save=True, category="spam") self.comment_3.report_abuse(user=self.user_2, save=True, category="spam") self.comment_4.report_abuse(user=self.user_2, save=True, category="spam") self.comment_5.report_abuse(user=self.user_1, save=True, category="spam") self.comment_6.report_abuse(user=self.user_1, save=True, category="spam") self.request = RequestFactory().get("/fake_path") self.view = UserSpamList() self.view = setup_view(self.view, self.request, user_id=self.user_1._id)
class TestBadge(OsfTestCase): def setUp(self): super(TestBadge, self).setUp() self.user = AuthUserFactory() self.user.add_addon('badges', override=True) self.usersettings = self.user.get_addon('badges', self.user.auth) self.usersettings.save() def test_fields(self): badgedata = create_badge_dict() create_mock_badge(self.usersettings, badge_data=badgedata) badge = self.usersettings.badges[0] assert_equals(badge.name, badgedata['badgeName']) assert_equals(badge.description, badgedata['description']) assert_equals(badge.image, 'temp.png') assert_equals(badge.criteria, badgedata['criteria']) def test_system_badge(self): create_mock_badge(self.usersettings) badge = self.usersettings.badges[0] badge.make_system_badge() assert_true(badge.is_system_badge) assert_equals(badge, Badge.get_system_badges()[0]) def test_assertions(self): create_mock_badge(self.usersettings) badge = self.usersettings.badges[0] assert_equals(len(badge.assertions), 0) for n in xrange(4): BadgeAssertion.create(badge, None) assert_equals(len(badge.assertions), n + 1)
def test_many_users_each_with_the_same_github(self): user = AuthUserFactory() user.add_addon('github') user.external_accounts.append(self.oauth_settings) user.save() results = AddonSnapshot().get_events() github_res = [res for res in results if res['provider']['name'] == 'github'][0] assert_equal(github_res['users']['total'], 2)
def test_reviewer_cannot_delete_draft_registration(self): user = AuthUserFactory() user.system_tags.append(PREREG_ADMIN_TAG) user.save() res = self.app.delete_json_api(self.url, auth=user.auth, expect_errors=True) assert_equal(res.status_code, 403) assert_equal(res.json['errors'][0]['detail'], 'You do not have permission to perform this action.')
def test_user_settings_when_user_does_not_have_addon(self, _): user = AuthUserFactory() url = self.project.api_url_for("s3_post_user_settings") self.app.post_json(url, {"access_key": "ABCDEFG", "secret_key": "We are the champions"}, auth=user.auth) user.reload() user_settings = user.get_addon("s3") assert_equals(user_settings.access_key, "ABCDEFG") assert_equals(user_settings.secret_key, "We are the champions")
def test_many_users_each_with_the_same_github_enabled(self): user = AuthUserFactory() user.add_addon("github") user.external_accounts.append(self.external_account) user.save() results = AddonSnapshot().get_events() github_res = [res for res in results if res["provider"]["name"] == "github"][0] assert_equal(github_res["users"]["enabled"], 2)
def test_s3_set_bucket_no_auth(self): user = AuthUserFactory() user.add_addon("s3") self.project.add_contributor(user, save=True) url = self.project.api_url_for("s3_post_node_settings") res = self.app.post_json(url, {"s3_bucket": "hammertofall"}, auth=user.auth, expect_errors=True) assert_equal(res.status_code, http.BAD_REQUEST)
def test_reviewer_cannot_create_draft_registration(self): user = AuthUserFactory() user.system_tags.append(PREREG_ADMIN_TAG) user.save() assert_in(self.read_only_user._id, self.public_project.contributors) res = self.app.post_json_api(self.url, self.payload, auth=user.auth, expect_errors=True) assert_equal(res.status_code, 403)
class TestGoogleDriveUtils(OsfTestCase): def setUp(self): super(TestGoogleDriveUtils, self).setUp() self.user = AuthUserFactory() self.user.add_addon('googledrive') self.project = ProjectFactory(creator=self.user) self.project.add_addon('googledrive', Auth(self.user)) self.node_settings = self.project.get_addon('googledrive') self.user_settings = self.user.get_addon('googledrive') oauth_settings = GoogleDriveOAuthSettingsFactory() self.user_settings.oauth_settings = oauth_settings self.node_settings.user_settings = self.user_settings self.node_settings.folder_id = '09120912' self.node_settings.folder_path = 'foo/bar' self.user_settings.save() self.node_settings.save() # Log user in self.app.authenticate(*self.user.auth) def test_serialize_settings_helper_returns_correct_urls(self): result = serialize_settings(self.node_settings, self.user) urls = result['urls'] assert_equal(urls['files'], self.project.web_url_for('collect_file_trees')) assert_equal(urls['config'], self.project.api_url_for('googledrive_config_put')) assert_equal(urls['deauthorize'], self.project.api_url_for('googledrive_deauthorize')) assert_equal(urls['importAuth'], self.project.api_url_for('googledrive_import_user_auth')) # Includes endpoint for fetching folders only # NOTE: Querystring params are in camelCase assert_equal(urls['get_folders'], self.project.api_url_for('googledrive_folders')) def test_serialize_settings_helper_returns_correct_auth_info(self): self.user_settings.access_token = 'abc123' result = serialize_settings(self.node_settings, self.user) assert_equal(result['nodeHasAuth'], self.node_settings.has_auth) assert_true(result['userHasAuth']) assert_true(result['userIsOwner']) def test_serialize_settings_for_user_no_auth(self): no_addon_user = AuthUserFactory() result = serialize_settings(self.node_settings, no_addon_user) assert_false(result['userIsOwner']) assert_false(result['userHasAuth']) def test_googledrive_import_user_auth_returns_serialized_settings(self): self.node_settings.user_settings = None self.node_settings.save() url = api_url_for('googledrive_import_user_auth', pid=self.project._primary_key) res = self.app.put(url, auth=self.user.auth) self.project.reload() self.node_settings.reload() expected_result = serialize_settings(self.node_settings, self.user) result = res.json['result'] assert_equal(result, expected_result)
class TestCheckPreregAuth(OsfTestCase): def setUp(self): super(TestCheckPreregAuth, self).setUp() ensure_schemas() self.prereg_challenge_admin_user = AuthUserFactory() self.prereg_challenge_admin_user.system_tags.append(settings.PREREG_ADMIN_TAG) self.prereg_challenge_admin_user.save() prereg_schema = MetaSchema.find_one( Q('name', 'eq', 'Prereg Challenge') & Q('schema_version', 'eq', 2) ) self.user = AuthUserFactory() self.node = factories.ProjectFactory(creator=self.user) self.parent = factories.ProjectFactory() self.child = factories.NodeFactory(parent=self.parent) self.draft_registration = factories.DraftRegistrationFactory( initiator=self.user, registration_schema=prereg_schema, branched_from=self.parent ) def test_has_permission_download_prereg_challenge_admin(self): res = views.check_access(self.draft_registration.branched_from, Auth(user=self.prereg_challenge_admin_user), 'download', None) assert_true(res) def test_has_permission_download_on_component_prereg_challenge_admin(self): try: res = views.check_access(self.draft_registration.branched_from.nodes[0], Auth(user=self.prereg_challenge_admin_user), 'download', None) except Exception: self.fail() assert_true(res) def test_has_permission_download_not_prereg_challenge_admin(self): new_user = AuthUserFactory() with assert_raises(HTTPError) as exc_info: views.check_access(self.draft_registration.branched_from, Auth(user=new_user), 'download', None) assert_equal(exc_info.exception.code, http.FORBIDDEN) def test_has_permission_download_prereg_challenge_admin_not_draft(self): with assert_raises(HTTPError) as exc_info: views.check_access(self.node, Auth(user=self.prereg_challenge_admin_user), 'download', None) assert_equal(exc_info.exception.code, http.FORBIDDEN) def test_has_permission_write_prereg_challenge_admin(self): with assert_raises(HTTPError) as exc_info: views.check_access(self.draft_registration.branched_from, Auth(user=self.prereg_challenge_admin_user), 'write', None) assert_equal(exc_info.exception.code, http.FORBIDDEN)
def test_dropbox_get_share_emails_returns_error_if_not_authorizer(self): contrib = AuthUserFactory() contrib.add_addon('dropbox') contrib.save() self.project.add_contributor(contrib, auth=Auth(self.user)) self.project.save() url = api_url_for('dropbox_get_share_emails', pid=self.project._primary_key) # Non-authorizing contributor sends request res = self.app.get(url, auth=contrib.auth, expect_errors=True) assert_equal(res.status_code, httplib.FORBIDDEN)
def test_GET_disapprove_with_wrong_admins_token_returns_HTTPBad_Request( self): user2 = AuthUserFactory() self.registration.contributors.append(user2) self.registration.add_permission(user2, 'admin', save=True) self.registration.retract_registration(self.user) self.registration.save() assert_true(self.registration.pending_retraction) assert_equal(len(self.registration.retraction.approval_state), 2) wrong_disapproval_token = self.registration.retraction.approval_state[ user2._id]['disapproval_token'] res = self.app.get(self.registration.web_url_for( 'node_registration_retraction_disapprove', token=wrong_disapproval_token), auth=self.auth, expect_errors=True) assert_true(self.registration.pending_retraction) assert_equal(res.status_code, 400)
def setUp(self): super(MendeleyViewsTestCase, self).setUp() self.account = MendeleyAccountFactory() self.user = AuthUserFactory(external_accounts=[self.account]) self.account.display_name = self.user.fullname self.account.save() self.user_addon = MendeleyUserSettingsFactory(owner=self.user, external_account=self.account) self.project = ProjectFactory(creator=self.user) self.node_addon = MendeleyNodeSettingsFactory(owner=self.project) self.node_addon.set_auth(external_account=self.account, user=self.user) #self.user_addon.grant_oauth_access(self.node_addon, self.account, metadata={'lists': 'list'}) self.node = MockNode() self.node.addon = self.node_addon self.id_patcher = mock.patch('website.addons.mendeley.model.Mendeley.client_id') self.secret_patcher = mock.patch('website.addons.mendeley.model.Mendeley.client_secret') self.id_patcher.__get__ = mock.Mock(return_value='1234567890asdf') self.secret_patcher.__get__ = mock.Mock(return_value='1234567890asdf') self.id_patcher.start() self.secret_patcher.start()
def setUp(self): super(AddonSerializerTestSuiteMixin, self).setUp() self.user = AuthUserFactory() self.node = ProjectFactory(creator=self.user) self.set_user_settings(self.user) assert_is_not_none( getattr(self, 'user_settings'), "'set_user_settings' should set the 'user_settings' attribute of the instance to an instance of the appropriate user settings model." ) self.set_node_settings(self.user_settings) assert_is_not_none( getattr(self, 'node_settings'), "'set_node_settings' should set the 'user_settings' attribute of the instance to an instance of the appropriate node settings model." ) self.ser = self.Serializer( user_settings=self.user_settings, node_settings=self.node_settings )
def test_must_be_self(self): user = AuthUserFactory() self.file.checkout = self.user self.file.save() res = self.app.put_json_api( '/{}files/{}/'.format(API_BASE, self.file._id), { 'id': self.file._id, 'type': 'files', 'attributes': { 'checkout': user._id } }, auth=user.auth, expect_errors=True, ) self.file.reload() assert_equal(res.status_code, 403) assert_equal(self.file.checkout, self.user)
def setUp(self): super(TestDraftListView, self).setUp() self.user = AuthUserFactory() schema = utils.draft_reg_util() self.dr1 = DraftRegistrationFactory( initiator=self.user, registration_schema=schema, registration_metadata=utils.SCHEMA_DATA ) self.dr1.submit_for_review(self.user, {}, save=True) self.dr2 = DraftRegistrationFactory( initiator=self.user, registration_schema=schema, registration_metadata=utils.SCHEMA_DATA ) self.dr2.submit_for_review(self.user, {}, save=True) self.request = RequestFactory().get('/fake_path') self.view = DraftListView() self.view = setup_view(self.view, self.request)
def setUp(self): super(TestApplicationReset, self).setUp() self.user1 = AuthUserFactory() self.user1_app = ApiOAuth2ApplicationFactory(owner=self.user1) self.user1_reset_url = _get_application_reset_route(self.user1_app) self.correct = { 'data': { 'id': self.user1_app.client_id, 'type': 'applications', 'attributes': { 'name': 'A shiny new application', 'home_url': 'http://osf.io', 'callback_url': 'https://cos.io' } } }
def test_dataverse_data_contents_state_on_dashboard( self, mock_request, mock_connection): mock_connection.return_value = create_mock_connection() mock_request.referrer = 'some_url/' mock_request.args = {} self.project.set_privacy('public') self.project.save() url = api_url_for('dataverse_hgrid_data_contents', pid=self.project._primary_key) # All users get released version res = self.app.get(url, auth=self.user.auth) assert_equal(res.json['data'][0]['name'], 'released.txt') user2 = AuthUserFactory() res = self.app.get(url, auth=user2.auth) assert_equal(res.json['data'][0]['name'], 'released.txt')
def test_dataverse_data_contents_state_on_file_page( self, mock_request, mock_connection): mock_connection.return_value = create_mock_connection() mock_request.referrer = 'some_url/files/' self.project.set_privacy('public') self.project.save() url = api_url_for('dataverse_hgrid_data_contents', pid=self.project._primary_key) # Creator posts, gets draft version res = self.app.get(url, auth=self.user.auth) assert_equal(res.json['data'][0]['name'], 'file.txt') # Noncontributor posts, gets released version user2 = AuthUserFactory() res = self.app.get(url, auth=user2.auth) assert_equal(res.json['data'][0]['name'], 'released.txt')
def test_serialize_settings_non_authorizer(self): #"""dict: a serialized version of user-specific addon settings""" non_authorizing_user = AuthUserFactory() self.project.add_contributor(non_authorizing_user, save=True) res = self.app.get( self.project.api_url_for('mendeley_get_config'), auth=non_authorizing_user.auth, ) assert_true(res.json['nodeHasAuth']) assert_false(res.json['userHasAuth']) assert_false(res.json['userIsOwner']) assert_equal(res.json['folder'], '') assert_equal(res.json['ownerName'], self.user.fullname) assert_true(res.json['urls']['auth']) assert_true(res.json['urls']['config']) assert_true(res.json['urls']['deauthorize']) assert_true(res.json['urls']['folders']) assert_true(res.json['urls']['importAuth']) assert_true(res.json['urls']['settings'])
def test_non_contributor_GET_approval_returns_HTTPError(self): non_contributor = AuthUserFactory() self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) self.registration.save() assert_true(self.registration.is_pending_embargo) approval_token = self.registration.embargo.approval_state[ self.user._id]['approval_token'] approval_url = self.registration.web_url_for('view_project', token=approval_token) res = self.app.get(approval_url, auth=non_contributor.auth, expect_errors=True) assert_equal(http.FORBIDDEN, res.status_code) assert_true(self.registration.is_pending_embargo) assert_true(self.registration.embargo_end_date)
def test_has_permission_decommissioned_scope_no_error(self): component_admin = AuthUserFactory() component = ProjectFactory(creator=component_admin, is_public=False, parent=self.node) cas_resp = cas.CasResponse(authenticated=True, status=None, user=self.user._id, attributes={ 'accessTokenScope': { 'decommissioned.scope+write', 'osf.nodes.data_read', } }) assert_false(component.has_permission(self.user, 'write')) res = views.check_access(component, Auth(user=self.user), 'download', cas_resp) assert_true(res)
def setUp(self): super(TestFileVersionView, self).setUp() self.user = AuthUserFactory() self.node = ProjectFactory(creator=self.user) self.osfstorage = self.node.get_addon('osfstorage') self.root_node = self.osfstorage.get_root() self.file = self.root_node.append_file('test_file') self.file.create_version( self.user, { 'object': '06d80e', 'service': 'cloud', osfstorage_settings.WATERBUTLER_RESOURCE: 'osf', }, { 'size': 1337, 'contentType': 'img/png' }).save()
def test_many_users_each_with_a_different_github(self): user = AuthUserFactory() user.add_addon('github') oauth_settings2 = GitHubAccountFactory(display_name='hmoco2') oauth_settings2.save() user.external_accounts.append(oauth_settings2) user.save() results = AddonSnapshot().get_events() github_res = [ res for res in results if res['provider']['name'] == 'github' ][0] assert_equal(github_res['users']['enabled'], 2) assert_equal(github_res['users']['authorized'], 1) assert_equal(github_res['users']['linked'], 1)
def setUp(self): super(TestDraftFormView, self).setUp() self.user = AuthUserFactory() self.dr1 = DraftRegistrationFactory( initiator=self.user, registration_schema=utils.draft_reg_util(), registration_metadata=utils.SCHEMA_DATA) self.dr1.submit_for_review(self.user, {}, save=True) self.dr1.flags # sets flags if there aren't any yet. self.request = RequestFactory().get('/fake_path') self.view = DraftFormView() self.view = setup_view(self.view, self.request, draft_pk=self.dr1._id) self.post = RequestFactory().post('/fake_path') self.post.user = UserFactory() self.post_view = DraftFormView() self.form_data = { 'notes': 'Far between', 'proof_of_publication': 'approved', }
def test_read_contrib_cannot_checkout(self): user = AuthUserFactory() self.node.add_contributor(user, permissions=['read']) self.node.save() assert_false(self.node.can_edit(user=user)) res = self.app.put_json_api(self.file_url, { 'data': { 'id': self.file._id, 'type': 'files', 'attributes': { 'checkout': None } } }, auth=user.auth, expect_errors=True) self.file.reload() assert_equal(res.status_code, 403) assert_equal(self.file.checkout, None) assert self.node.logs[-1].action != NodeLog.CHECKED_OUT
def test_dataverse_root_not_published(self, mock_files, mock_connection): mock_connection.return_value = create_mock_connection() mock_files.return_value = [] self.project.set_privacy('public') self.project.save() url = api_url_for('dataverse_root_folder_public', pid=self.project._primary_key) # Contributor gets draft, no options res = self.app.get(url, auth=self.user.auth) assert_true(res.json[0]['permissions']['edit']) assert_false(res.json[0]['hasPublishedFiles']) assert_equal(res.json[0]['version'], 'latest') # Non-contributor gets nothing user2 = AuthUserFactory() res = self.app.get(url, auth=user2.auth) assert_equal(res.json, [])
def setUp(self): super(TestNodeLinkedNodes, self).setUp() self.user = AuthUserFactory() self.auth = Auth(self.user) self.linking_node_source = NodeFactory(creator=self.user) self.linked_node = NodeFactory(creator=self.user) self.linked_node2 = NodeFactory(creator=self.user) self.public_node = NodeFactory(is_public=True, creator=self.user) self.linking_node_source.add_pointer(self.linked_node, auth=self.auth) self.linking_node_source.add_pointer(self.linked_node2, auth=self.auth) self.linking_node_source.add_pointer(self.public_node, auth=self.auth) self.linking_node_source.save() self.linking_node = RegistrationFactory( project=self.linking_node_source, creator=self.user) self.url = '/{}registrations/{}/linked_nodes/'.format( API_BASE, self.linking_node._id) self.node_ids = [ pointer.node._id for pointer in self.linking_node.nodes_pointer ]
def setUp(self): super(RegistrationRetractionApprovalDisapprovalViewsTestCase, self).setUp() self.user = AuthUserFactory() self.registered_from = ProjectFactory(is_public=True, creator=self.user) self.registration = RegistrationFactory(is_public=True, project=self.registered_from) self.registration.retract_registration(self.user) self.registration.save() self.approval_token = self.registration.retraction.approval_state[ self.user._id]['approval_token'] self.rejection_token = self.registration.retraction.approval_state[ self.user._id]['rejection_token'] self.corrupt_token = fake.sentence() self.token_without_sanction = tokens.encode({ 'action': 'approve_retraction', 'user_id': self.user._id, 'sanction_id': 'invalid id' })
def setUp(self): super(TestEmailFormView, self).setUp() self.comment = CommentFactory() self.comment.report_abuse(user=AuthUserFactory(), save=True, category='spam') self.request = RequestFactory().post('/fake_path') self.request.user = UserFactory() self.view = EmailFormView() self.form = EmailForm( data={ 'author': 'Nemo', 'message': 'A message for spammers.', 'subject': 'stop spamming', 'email': ('*****@*****.**', '*****@*****.**') }) self.view = setup_form_view(self.view, self.request, self.form, spam_id=self.comment._id)
def setUp(self): super(TestPreprintFiltering, self).setUp() self.user = AuthUserFactory() self.provider = PreprintProviderFactory(name='wwe') self.preprint = PreprintFactory(creator=self.user, providers=[self.provider]) self.preprint.add_tag('nature boy', Auth(self.user), save=False) self.preprint.add_tag('ric flair', Auth(self.user), save=False) self.preprint.save() self.provider_two = PreprintProviderFactory(name='wcw') self.preprint_two = PreprintFactory(creator=self.user, filename='woo.txt', providers=[self.provider_two]) self.preprint_two.add_tag('nature boy', Auth(self.user), save=False) self.preprint_two.add_tag('woo', Auth(self.user), save=False) self.preprint_two.save() self.preprint_three = PreprintFactory(creator=self.user, filename='stonecold.txt', providers=[self.provider]) self.preprint_three.add_tag('stone', Auth(self.user), save=False) self.preprint_two.add_tag('cold', Auth(self.user), save=False) self.preprint_three.save()
def test_googledrive_oauth_finish(self, mock_session, mock_auth_client_finish, mock_auth_client_userinfo): user_no_addon = AuthUserFactory() nid = self.project._primary_key state = '1234' mock_session.data = { 'googledrive_auth_nid': nid, 'googledrive_auth_state': state, } mock_auth_client_finish.return_value = { 'access_token': '1111', 'refresh_token': '2222', 'expires_at': time.time() + 3600, } mock_auth_client_userinfo.return_value = { 'sub': 'unique id', 'name': 'test-user', } url = api_url_for('googledrive_oauth_finish', user_no_addon.auth, nid=self.project._primary_key, code='1234', state=state) res = self.app.get(url) assert_is_redirect(res)
def setUp(self): super(TestCommentRepliesFiltering, self).setUp() self.user = AuthUserFactory() self.project = ProjectFactory(creator=self.user) self.comment = CommentFactory(node=self.project, user=self.user) self.reply = CommentFactory(node=self.project, target=self.comment, user=self.user) self.deleted_reply = CommentFactory(node=self.project, target=self.comment, user=self.user, is_deleted=True) self.base_url = '/{}comments/{}/replies/'.format( API_BASE, self.comment._id) self.formatted_date_created = self.reply.date_created.strftime( '%Y-%m-%dT%H:%M:%S.%f') self.reply.edit('Edited comment', auth=core.Auth(self.user), save=True) self.formatted_date_modified = self.reply.date_modified.strftime( '%Y-%m-%dT%H:%M:%S.%f')
class TestGoogleDriveHgridViews(OsfTestCase): def setUp(self): super(TestGoogleDriveHgridViews, self).setUp() self.account = GoogleDriveAccountFactory() self.user = AuthUserFactory(external_accounts=[self.account]) self.user_settings = self.user.get_or_add_addon('googledrive') self.project = ProjectFactory(creator=self.user) self.project.add_addon('googledrive', Auth(self.user)) self.node_settings = self.project.get_addon('googledrive') self.node_settings.user_settings = self.user_settings self.user_settings.save() self.node_settings.save() # Log user in self.app.authenticate(*self.user.auth) @mock.patch.object(GoogleDriveClient, 'folders') def test_googledrive_folders(self, mock_drive_client_folders): folderId = '12345' self.node_settings.set_auth(external_account=self.account, user=self.user) self.node_settings.save() mock_drive_client_folders.return_value = sample_folder_data['items'] url = self.project.api_url_for('googledrive_folders', folderId=folderId) res = self.app.get(url) assert_equal(res.status_code, 200) assert_equal(len(res.json), len(sample_folder_data['items'])) @mock.patch( 'website.addons.googledrive.views.hgrid.GoogleDriveClient.about') def test_googledrive_folders_returns_only_root(self, mock_about): mock_about.return_value = {'rootFolderId': '24601'} self.node_settings.set_auth(external_account=self.account, user=self.user) self.node_settings.save() url = self.project.api_url_for('googledrive_folders') res = self.app.get(url, auth=self.user.auth) assert_equal(len(res.json), 1) assert_equal(res.status_code, 200) assert_equal(res.json[0]['id'], '24601')
def setUp(self): super(RegistrationWithChildNodesEmbargoModelTestCase, self).setUp() self.user = AuthUserFactory() self.auth = self.user.auth self.valid_embargo_end_date = datetime.datetime.utcnow( ) + datetime.timedelta(days=3) self.project = ProjectFactory(title='Root', is_public=False, creator=self.user) self.component = NodeFactory(creator=self.user, parent=self.project, title='Component') self.subproject = ProjectFactory(creator=self.user, parent=self.project, title='Subproject') self.subproject_component = NodeFactory(creator=self.user, parent=self.subproject, title='Subcomponent') self.registration = RegistrationFactory(project=self.project) # Reload the registration; else tests won't catch failures to save self.registration.reload()
def setUp(self): super(TestIdentifierDetail, self).setUp() self.user = AuthUserFactory() self.registration = RegistrationFactory(creator=self.user, is_public=True) self.registration_identifier = IdentifierFactory( referent=self.registration) self.registration_url = '/{}identifiers/{}/'.format( API_BASE, self.registration_identifier._id) self.node = NodeFactory(creator=self.user, is_public=True) self.node_identifier = IdentifierFactory(referent=self.node) self.node_url = '/{}identifiers/{}/'.format(API_BASE, self.node_identifier._id) self.registration_res = self.app.get(self.registration_url) self.registration_data = self.registration_res.json['data'] self.node_res = self.app.get(self.node_url) self.node_data = self.node_res.json['data']
def setUp(self): super(TestSearchSerializer, self).setUp() self.user = AuthUserFactory() self.project = ProjectFactory(creator=self.user, is_public=True) self.component = NodeFactory(parent=self.project, creator=self.user, is_public=True) self.file = utils.create_test_file(self.component, self.user) ensure_schemas() self.schema = MetaSchema.find_one( Q('name', 'eq', 'Replication Recipe (Brandt et al., 2013): Post-Completion') & Q('schema_version', 'eq', LATEST_SCHEMA_VERSION)) with mock_archive(self.project, autocomplete=True, autoapprove=True, schema=self.schema) as registration: self.registration = registration
def test_redirect_when_viewing_private_project_file_through_view_only_link( self): project = ProjectFactory() test_file = OsfStorageFile.create( is_file=True, node=project, path='/test', name='test', materialized_path='/test', ) test_file.save() guid = test_file.get_guid(create=True) view_only_link = self._add_private_link(project) url = '/{}guids/{}/?view_only={}'.format(API_BASE, guid._id, view_only_link.key) res = self.app.get(url, auth=AuthUserFactory().auth) redirect_url = '{}{}files/{}/?view_only={}'.format( API_DOMAIN, API_BASE, test_file._id, view_only_link.key) assert_equal(res.status_code, 302) assert_equal(res.location, redirect_url)
def setUp(self): super(TestCampaignsAuthViews, self).setUp() self.campaigns = { 'prereg': { 'title_register': 'Preregistration Challenge', 'title_landing': 'Welcome to the Prereg Challenge!' }, 'erpc': { 'title_register': 'Election Research Preacceptance Competition', 'title_landing': 'Welcome to the Election Research Preacceptance Competition!' }, } for key, value in self.campaigns.items(): value.update( {'url_login': web_url_for('auth_login', campaign=key)}) value.update( {'url_register': web_url_for('auth_register', campaign=key)}) value.update({'url_landing': campaigns.campaign_url_for(key)}) self.user = AuthUserFactory()
def test_import_auth_cant_write_node(self): ea = self.ExternalAccountFactory() user = AuthUserFactory() user.add_addon(self.ADDON_SHORT_NAME, auth=Auth(user)) user.external_accounts.append(ea) user.save() node = ProjectFactory(creator=self.user) node.add_contributor(user, permissions=[permissions.READ], auth=self.auth, save=True) node.add_addon(self.ADDON_SHORT_NAME, auth=self.auth) node.save() url = node.api_url_for('{0}_import_auth'.format(self.ADDON_SHORT_NAME)) res = self.app.put_json(url, { 'external_account_id': ea._id }, auth=user.auth, expect_errors=True) assert_equal(res.status_code, http.FORBIDDEN)
def test_linked_nodes_only_return_viewable_nodes(self): user = AuthUserFactory() new_linking_node = NodeFactory(creator=user) self.linked_node.add_contributor(user, auth=self.auth, save=True) self.linked_node2.add_contributor(user, auth=self.auth, save=True) self.public_node.add_contributor(user, auth=self.auth, save=True) new_linking_node.add_pointer(self.linked_node, auth=Auth(user)) new_linking_node.add_pointer(self.linked_node2, auth=Auth(user)) new_linking_node.add_pointer(self.public_node, auth=Auth(user)) new_linking_node.save() new_linking_registration = RegistrationFactory( project=new_linking_node, creator=self.user) res = self.app.get('/{}registrations/{}/linked_nodes/'.format( API_BASE, new_linking_registration._id), auth=user.auth) assert_equal(res.status_code, 200) nodes_returned = [ linked_node['id'] for linked_node in res.json['data'] ] assert_equal(len(nodes_returned), len(self.node_ids)) for node_id in self.node_ids: assert_in(node_id, nodes_returned) self.linked_node2.remove_contributor(user, auth=self.auth) self.public_node.remove_contributor(user, auth=self.auth) res = self.app.get('/{}registrations/{}/linked_nodes/'.format( API_BASE, new_linking_registration._id), auth=user.auth) nodes_returned = [ linked_node['id'] for linked_node in res.json['data'] ] assert_equal(len(nodes_returned), len(self.node_ids) - 1) assert_in(self.linked_node._id, nodes_returned) assert_in(self.public_node._id, nodes_returned) assert_not_in(self.linked_node2._id, nodes_returned)