def test_reviewer_can_update_nested_comment_fields_draft_registration(self): user = AuthUserFactory() user.system_tags.append(PREREG_ADMIN_TAG) user.save() payload = { "data": { "id": self.prereg_draft_registration._id, "type": "draft_registrations", "attributes": { "registration_metadata": { 'q7': { 'value': { 'question': { 'comments': [{'value': 'Add some clarity here.'}] } } } } } } } url = '/{}nodes/{}/draft_registrations/{}/'.format(API_BASE, self.public_project._id, self.prereg_draft_registration._id) res = self.app.put_json_api(url, payload, auth=user.auth, expect_errors=True) assert_equal(res.status_code, 200) assert_equal(res.json['data']['attributes']['registration_metadata']['q7']['value']['question']['comments'][0]['value'], 'Add some clarity here.')
def test_claim_user_registered_with_correct_password(self): reg_user = AuthUserFactory() reg_user.set_password('killerqueen') reg_user.save() url = self.user.get_claim_url(self.project._primary_key) # Follow to password re-enter page res = self.app.get(url, auth=reg_user.auth).follow(auth=reg_user.auth) # verify that the "Claim Account" form is returned assert_in('Claim Contributor', res.body) form = res.forms['claimContributorForm'] form['password'] = '******' res = form.submit(auth=reg_user.auth).follow(auth=reg_user.auth) self.project.reload() self.user.reload() # user is now a contributor to the project assert_in(reg_user._primary_key, self.project.contributors) # the unregistered user (self.user) is removed as a contributor, and their assert_not_in(self.user._primary_key, self.project.contributors) # unclaimed record for the project has been deleted assert_not_in(self.project._primary_key, self.user.unclaimed_records)
class TestMenbibAuthViews(OsfTestCase): def setUp(self): self.app = TestApp(app) self.user = AuthUserFactory() self.app.authenticate(*self.user.auth) def test_menbib_oauth_start(self): url = api_url_for('menbib_oauth_start_user') res = self.app.get(url) assert_is_redirect(res) @mock.patch('website.addons.menbib.views.auth.finish_auth') def test_menbib_oauth_finish(self, mock_finish): mock_finish.return_value = AuthResult('mytokenabc', 'myrefreshabc', 'cool', '3600') url = api_url_for('menbib_oauth_finish') res = self.app.get(url) assert_is_redirect(res) def test_menbib_oauth_delete_user(self): self.user.add_addon('menbib') user_settings = self.user.get_addon('menbib') user_settings.access_token = '12345abc' assert_true(user_settings.has_auth) self.user.save() url = api_url_for('menbib_oauth_delete_user') res = self.app.delete(url) user_settings.reload() assert_false(user_settings.has_auth)
class TestDataverseRestrictions(DataverseAddonTestCase, OsfTestCase): def setUp(self): super(DataverseAddonTestCase, self).setUp() # Nasty contributor who will try to access content that he shouldn't # have access to self.contrib = AuthUserFactory() self.project.add_contributor(self.contrib, auth=Auth(self.user)) self.project.save() @mock.patch('addons.dataverse.views.client.connect_from_settings') def test_restricted_set_dataset_not_owner(self, mock_connection): mock_connection.return_value = create_mock_connection() # Contributor has dataverse auth, but is not the node authorizer self.contrib.add_addon('dataverse') self.contrib.save() url = api_url_for('dataverse_set_config', pid=self.project._primary_key) params = { 'dataverse': {'alias': 'ALIAS1'}, 'dataset': {'doi': 'doi:12.3456/DVN/00002'}, } res = self.app.post_json(url, params, auth=self.contrib.auth, expect_errors=True) assert_equal(res.status_code, http.FORBIDDEN)
class TestUserSettingsModel(OsfTestCase): def setUp(self): super(TestUserSettingsModel, self).setUp() self.user = AuthUserFactory() self.user.add_addon('badges', override=True) self.usersettings = self.user.get_addon('badges') self.usersettings.save() def test_can_award(self): assert_false(self.usersettings.can_award) create_mock_badge(self.usersettings) assert_true(self.usersettings.can_award) def test_to_openbadge(self): self.user.fullname = 'HoneyBadger' self.user.username = '******' self.user.save() test = {'name': 'HoneyBadger', 'email': '*****@*****.**'} assert_equal(self.usersettings.to_openbadge(), test) def test_badges(self): create_mock_badge(self.usersettings) create_mock_badge(self.usersettings) assert_equal(len(self.usersettings.badges), 2) create_mock_badge(self.usersettings) assert_equal(len(self.usersettings.badges), 3)
def test_revoke_didnt_award(self): badgeid = self.user_settings.badges[0]._id initnum = len(self.project.badgeassertion__awarded) assert_true(self.user_settings.can_award) url = api_url_for('award_badge', pid=self.project._id) ret = self.app.post_json(url, {'badgeid': badgeid}, auth=self.user.auth) self.project.reload() assert_equals(ret.status_int, 200) assert_equals(initnum + 1, len(self.project.badgeassertion__awarded)) assertion = self.project.badgeassertion__awarded[0] revoke = api_url_for('revoke_badge', pid=self.project._id) user2 = AuthUserFactory() user2.add_addon('badges', override=True) user2.save() user2.reload() ret = self.app.post_json(revoke, { 'id': assertion._id, 'reason': '' }, auth=user2.auth, expect_errors=True) self.project.reload() self.user_settings.reload() assertion.reload() assert_equals(ret.status_int, 400) assert_false(assertion.revoked) assert_true(self.project.badgeassertion__awarded[0]._id, assertion._id) assert_false(assertion._id in self.user_settings.revocation_list)
def test_reviewer_cannot_update_nested_value_fields_draft_registration(self): user = AuthUserFactory() user.system_tags.append(PREREG_ADMIN_TAG) user.save() payload = { "data": { "id": self.prereg_draft_registration._id, "type": "draft_registrations", "attributes": { "registration_metadata": { 'q7': { 'value': { 'question': { 'value': 'This is the answer' } } } } } } } url = '/{}nodes/{}/draft_registrations/{}/'.format(API_BASE, self.public_project._id, self.prereg_draft_registration._id) res = self.app.put_json_api(url, payload, auth=user.auth, expect_errors=True) assert_equal(res.status_code, 400) assert_equal(res.json['errors'][0]['detail'], "Additional properties are not allowed (u'value' was unexpected)")
def test_cannnot_make_primary_email_for_another_user(self): user1 = AuthUserFactory() user2 = AuthUserFactory() email = '*****@*****.**' user1.emails.append(email) user1.save() url = api_url_for('update_user') header = { 'id': user1.username, 'emails': [{ 'address': user1.username, 'primary': False, 'confirmed': True }, { 'address': email, 'primary': True, 'confirmed': True }] } res = self.app.put_json(url, header, auth=user2.auth, expect_errors=True) assert_equal(res.status_code, 403)
class TestDataverseRestrictions(DataverseAddonTestCase): def setUp(self): super(DataverseAddonTestCase, self).setUp() # Nasty contributor who will try to access content that he shouldn't # have access to self.contrib = AuthUserFactory() self.project.add_contributor(self.contrib, auth=Auth(self.user)) self.project.save() @mock.patch('website.addons.dataverse.views.config.connect_from_settings') def test_restricted_set_study_not_owner(self, mock_connection): mock_connection.return_value = create_mock_connection() # Contributor has dataverse auth, but is not the node authorizer self.contrib.add_addon('dataverse') self.contrib.save() url = api_url_for('set_dataverse_and_study', pid=self.project._primary_key) params = { 'dataverse': { 'alias': 'ALIAS1' }, 'study': { 'hdl': 'doi:12.3456/DVN/00002' }, } res = self.app.post_json(url, params, auth=self.contrib.auth, expect_errors=True) assert_equal(res.status_code, http.FORBIDDEN)
def setUp(self): self.yesterday = datetime.today() - timedelta(1) self.a_while_ago = datetime.today() - timedelta(2) super(TestUserCount, self).setUp() for i in range(0, 3): u = AuthUserFactory() u.is_registered = True u.password = '******' + str(i) u.date_confirmed = self.yesterday u.save() u = AuthUserFactory() u.is_registered = True u.password = '******' u.date_confirmed = self.a_while_ago u.save() for i in range(0, 2): u = AuthUserFactory() u.date_confirmed = None u.save() u = AuthUserFactory() u.date_disabled = self.yesterday u.save() u = AuthUserFactory() u.date_disabled = self.a_while_ago u.save() modify_user_dates_in_mongo(self.yesterday)
def test_oauth_delete_user_two_osf_user(self, mock_revoke_token, mock_github_user): mock_revoke_token.return_value = True user = mock.Mock() user.id = "testing user id" user.login = "******" mock_github_user.return_value = user views.auth.create_and_attach_oauth(self.user_settings, "testing acess token", "testing token type") user2 = AuthUserFactory() user2.add_addon('github') user2.save() user_settings2 = user2.get_addon('github') views.auth.create_and_attach_oauth(user_settings2, "testing access token", "testing token type") url = api_url_for("github_oauth_delete_user") self.app.delete(url, auth=self.user.auth) self.user_settings.reload() user_settings2.reload() assert_false(self.user_settings.oauth_token_type) assert_false(self.user_settings.oauth_access_token) assert_false(self.user_settings.github_user_name) assert_false(self.user_settings.oauth_settings) assert_true(user_settings2.oauth_settings) assert_equal(user_settings2.oauth_token_type, "testing token type") assert_equal(user_settings2.oauth_access_token, "testing access token") assert_equal(user_settings2.github_user_name, "testing user")
class TestUserSettingsModel(OsfTestCase): def setUp(self): super(TestUserSettingsModel, self).setUp() self.user = AuthUserFactory() self.user.add_addon('badges', override=True) self.usersettings = self.user.get_addon('badges') self.usersettings.save() def test_can_award(self): assert_false(self.usersettings.can_award) create_mock_badge(self.usersettings) assert_true(self.usersettings.can_award) def test_to_openbadge(self): self.user.fullname = 'HoneyBadger' self.user.username = '******' self.user.save() test = { 'name': 'HoneyBadger', 'email': '*****@*****.**' } assert_equal(self.usersettings.to_openbadge(), test) def test_badges(self): create_mock_badge(self.usersettings) create_mock_badge(self.usersettings) assert_equal(len(self.usersettings.badges), 2) create_mock_badge(self.usersettings) assert_equal(len(self.usersettings.badges), 3)
class TestUserGet(AdminTestCase): def setUp(self): super(TestUserGet, self).setUp() User.remove() self.user_1 = AuthUserFactory() self.auth = Auth(user=self.user_1) self.project = ProjectFactory(creator=self.user_1) self.project.add_unregistered_contributor( email='*****@*****.**', fullname='Weezy F. Baby', auth=self.auth ) self.user_3 = AuthUserFactory() self.user_3.date_confirmed = None self.user_3.save() self.user_4 = AuthUserFactory() def test_get_all_user_count(self): time_now = datetime.utcnow() count = get_all_user_count(time_now) nt.assert_equal(count, 4) def test_get_unregistered_users(self): count = get_unregistered_users() nt.assert_equal(count, 1)
def setUp(self): self.yesterday = datetime.today() - timedelta(1) self.a_while_ago = datetime.today() - timedelta(2) super(TestUserCount, self).setUp() for i in range(0, 3): u = AuthUserFactory() u.is_registered = True u.password = '******' + str(i) u.date_confirmed = self.yesterday u.save() # Make one of those 3 a depth user for i in range(LOG_THRESHOLD + 1): NodeLogFactory(action='file_added', user=u) u = AuthUserFactory() u.is_registered = True u.password = '******' u.date_confirmed = self.a_while_ago u.save() for i in range(LOG_THRESHOLD + 1): NodeLogFactory(action='file_added', user=u) for i in range(0, 2): u = AuthUserFactory() u.date_confirmed = None u.save() u = AuthUserFactory() u.date_disabled = self.yesterday u.save() u = AuthUserFactory() u.date_disabled = self.a_while_ago u.save() modify_user_dates_in_mongo(self.yesterday)
def test_revoke_remote_access_not_called(self, mock_decorator, mock_revoke): mock_decorator.return_value = self.user user2 = AuthUserFactory() user2.external_accounts.append(self.external_account) user2.save() self.user_settings.delete() assert_equal(mock_revoke.call_count, 0)
class TestBoxIntegration(OsfTestCase): def setUp(self): super(TestBoxIntegration, self).setUp() self.user = AuthUserFactory() # User is logged in self.app.authenticate(*self.user.auth) def test_cant_start_oauth_if_already_authorized(self): # User already has box authorized self.user.add_addon('box') self.user.save() settings = self.user.get_addon('box') oauth = BoxOAuthSettings(user_id='fa;l', access_token='a;lkjadl;kas') oauth.save() settings.oauth_settings = oauth settings.save() assert_true(self.user.get_addon('box').has_auth) # Tries to start oauth again url = api_url_for('box_oauth_start_user') res = self.app.get(url).follow() # Is redirected back to settings page assert_equal( res.request.path, web_url_for('user_addons') )
class TestUsers(ApiTestCase): def setUp(self): super(TestUsers, self).setUp() self.user_one = AuthUserFactory() self.user_two = AuthUserFactory() def tearDown(self): super(TestUsers, self).tearDown() def test_returns_200(self): res = self.app.get('/{}users/'.format(API_BASE)) assert_equal(res.status_code, 200) assert_equal(res.content_type, 'application/vnd.api+json') def test_find_user_in_users(self): url = "/{}users/".format(API_BASE) res = self.app.get(url) user_son = res.json['data'] ids = [each['id'] for each in user_son] assert_in(self.user_two._id, ids) def test_all_users_in_users(self): url = "/{}users/".format(API_BASE) res = self.app.get(url) user_son = res.json['data'] ids = [each['id'] for each in user_son] assert_in(self.user_one._id, ids) assert_in(self.user_two._id, ids) def test_find_multiple_in_users(self): url = "/{}users/?filter[fullname]=fred".format(API_BASE) res = self.app.get(url) user_json = res.json['data'] ids = [each['id'] for each in user_json] assert_in(self.user_one._id, ids) assert_in(self.user_two._id, ids) def test_find_single_user_in_users(self): url = "/{}users/?filter[fullname]=my".format(API_BASE) self.user_one.fullname = 'My Mom' self.user_one.save() res = self.app.get(url) user_json = res.json['data'] ids = [each['id'] for each in user_json] assert_in(self.user_one._id, ids) assert_not_in(self.user_two._id, ids) def test_find_no_user_in_users(self): url = "/{}users/?filter[fullname]=NotMyMom".format(API_BASE) res = self.app.get(url) user_json = res.json['data'] ids = [each['id'] for each in user_json] assert_not_in(self.user_one._id, ids) assert_not_in(self.user_two._id, ids)
class TestUsers(ApiTestCase): def setUp(self): super(TestUsers, self).setUp() self.user_one = AuthUserFactory() self.user_two = AuthUserFactory() def tearDown(self): super(TestUsers, self).tearDown() def test_returns_200(self): res = self.app.get('/{}users/'.format(API_BASE)) assert_equal(res.status_code, 200) def test_find_user_in_users(self): url = "/{}users/".format(API_BASE) res = self.app.get(url) user_son = res.json['data'] ids = [each['id'] for each in user_son] assert_in(self.user_two._id, ids) def test_all_users_in_users(self): url = "/{}users/".format(API_BASE) res = self.app.get(url) user_son = res.json['data'] ids = [each['id'] for each in user_son] assert_in(self.user_one._id, ids) assert_in(self.user_two._id, ids) def test_find_multiple_in_users(self): url = "/{}users/?filter[fullname]=fred".format(API_BASE) res = self.app.get(url) user_json = res.json['data'] ids = [each['id'] for each in user_json] assert_in(self.user_one._id, ids) assert_in(self.user_two._id, ids) def test_find_single_user_in_users(self): url = "/{}users/?filter[fullname]=my".format(API_BASE) self.user_one.fullname = 'My Mom' self.user_one.save() res = self.app.get(url) user_json = res.json['data'] ids = [each['id'] for each in user_json] assert_in(self.user_one._id, ids) assert_not_in(self.user_two._id, ids) def test_find_no_user_in_users(self): url = "/{}users/?filter[fullname]=NotMyMom".format(API_BASE) res = self.app.get(url) user_json = res.json['data'] ids = [each['id'] for each in user_json] assert_not_in(self.user_one._id, ids) assert_not_in(self.user_two._id, ids)
def test_many_users_each_with_the_same_github(self): user = AuthUserFactory() user.add_addon('github') user.external_accounts.append(self.oauth_settings) user.save() results = AddonSnapshot().get_events() github_res = [res for res in results if res['provider']['name'] == 'github'][0] assert_equal(github_res['users']['total'], 2)
def test_reviewer_cannot_create_draft_registration(self): user = AuthUserFactory() user.system_tags.append(PREREG_ADMIN_TAG) user.save() assert_in(self.read_only_user._id, self.public_project.contributors) res = self.app.post_json_api(self.url, self.payload, auth=user.auth, expect_errors=True) assert_equal(res.status_code, 403)
def test_reviewer_cannot_delete_draft_registration(self): user = AuthUserFactory() user.system_tags.append(PREREG_ADMIN_TAG) user.save() res = self.app.delete_json_api(self.url, auth=user.auth, expect_errors=True) assert_equal(res.status_code, 403) assert_equal(res.json['errors'][0]['detail'], 'You do not have permission to perform this action.')
def test_many_users_each_with_the_same_github_enabled(self): user = AuthUserFactory() user.add_addon("github") user.external_accounts.append(self.external_account) user.save() results = AddonSnapshot().get_events() github_res = [res for res in results if res["provider"]["name"] == "github"][0] assert_equal(github_res["users"]["enabled"], 2)
class TestCheckPreregAuth(OsfTestCase): def setUp(self): super(TestCheckPreregAuth, self).setUp() ensure_schemas() self.prereg_challenge_admin_user = AuthUserFactory() self.prereg_challenge_admin_user.system_tags.append( settings.PREREG_ADMIN_TAG) self.prereg_challenge_admin_user.save() prereg_schema = MetaSchema.find_one( Q('name', 'eq', 'Prereg Challenge') & Q('schema_version', 'eq', 2)) self.user = AuthUserFactory() self.node = factories.ProjectFactory(creator=self.user) self.parent = factories.ProjectFactory() self.child = factories.NodeFactory(parent=self.parent) self.draft_registration = factories.DraftRegistrationFactory( initiator=self.user, registration_schema=prereg_schema, branched_from=self.parent) def test_has_permission_download_prereg_challenge_admin(self): res = views.check_access(self.draft_registration.branched_from, Auth(user=self.prereg_challenge_admin_user), 'download', None) assert_true(res) def test_has_permission_download_on_component_prereg_challenge_admin(self): try: res = views.check_access( self.draft_registration.branched_from.nodes[0], Auth(user=self.prereg_challenge_admin_user), 'download', None) except Exception: self.fail() assert_true(res) def test_has_permission_download_not_prereg_challenge_admin(self): new_user = AuthUserFactory() with assert_raises(HTTPError) as exc_info: views.check_access(self.draft_registration.branched_from, Auth(user=new_user), 'download', None) assert_equal(exc_info.exception.code, http.FORBIDDEN) def test_has_permission_download_prereg_challenge_admin_not_draft(self): with assert_raises(HTTPError) as exc_info: views.check_access(self.node, Auth(user=self.prereg_challenge_admin_user), 'download', None) assert_equal(exc_info.exception.code, http.FORBIDDEN) def test_has_permission_write_prereg_challenge_admin(self): with assert_raises(HTTPError) as exc_info: views.check_access(self.draft_registration.branched_from, Auth(user=self.prereg_challenge_admin_user), 'write', None) assert_equal(exc_info.exception.code, http.FORBIDDEN)
class TestCheckPreregAuth(OsfTestCase): def setUp(self): super(TestCheckPreregAuth, self).setUp() ensure_schemas() self.prereg_challenge_admin_user = AuthUserFactory() self.prereg_challenge_admin_user.system_tags.append(settings.PREREG_ADMIN_TAG) self.prereg_challenge_admin_user.save() prereg_schema = MetaSchema.find_one( Q('name', 'eq', 'Prereg Challenge') & Q('schema_version', 'eq', 2) ) self.user = AuthUserFactory() self.node = factories.ProjectFactory(creator=self.user) self.parent = factories.ProjectFactory() self.child = factories.NodeFactory(parent=self.parent) self.draft_registration = factories.DraftRegistrationFactory( initiator=self.user, registration_schema=prereg_schema, branched_from=self.parent ) def test_has_permission_download_prereg_challenge_admin(self): res = views.check_access(self.draft_registration.branched_from, Auth(user=self.prereg_challenge_admin_user), 'download', None) assert_true(res) def test_has_permission_download_on_component_prereg_challenge_admin(self): try: res = views.check_access(self.draft_registration.branched_from.nodes[0], Auth(user=self.prereg_challenge_admin_user), 'download', None) except Exception: self.fail() assert_true(res) def test_has_permission_download_not_prereg_challenge_admin(self): new_user = AuthUserFactory() with assert_raises(HTTPError) as exc_info: views.check_access(self.draft_registration.branched_from, Auth(user=new_user), 'download', None) assert_equal(exc_info.exception.code, http.FORBIDDEN) def test_has_permission_download_prereg_challenge_admin_not_draft(self): with assert_raises(HTTPError) as exc_info: views.check_access(self.node, Auth(user=self.prereg_challenge_admin_user), 'download', None) assert_equal(exc_info.exception.code, http.FORBIDDEN) def test_has_permission_write_prereg_challenge_admin(self): with assert_raises(HTTPError) as exc_info: views.check_access(self.draft_registration.branched_from, Auth(user=self.prereg_challenge_admin_user), 'write', None) assert_equal(exc_info.exception.code, http.FORBIDDEN)
class TestCommentViews(OsfTestCase): def setUp(self): super(TestCommentViews, self).setUp() self.project = ProjectFactory(is_public=True) self.user = AuthUserFactory() self.project.add_contributor(self.user) self.project.save() self.user.save() def test_view_project_comments_updates_user_comments_view_timestamp(self): url = self.project.api_url_for('update_comments_timestamp') res = self.app.put_json(url, { 'page': 'node', 'rootId': self.project._id }, auth=self.user.auth) self.user.reload() user_timestamp = self.user.comments_viewed_timestamp[self.project._id] view_timestamp = dt.datetime.utcnow() assert_datetime_equal(user_timestamp, view_timestamp) def test_confirm_non_contrib_viewers_dont_have_pid_in_comments_view_timestamp(self): non_contributor = AuthUserFactory() url = self.project.api_url_for('update_comments_timestamp') res = self.app.put_json(url, { 'page': 'node', 'rootId': self.project._id }, auth=self.user.auth) non_contributor.reload() assert_not_in(self.project._id, non_contributor.comments_viewed_timestamp) def test_view_comments_updates_user_comments_view_timestamp_files(self): osfstorage = self.project.get_addon('osfstorage') root_node = osfstorage.get_root() test_file = root_node.append_file('test_file') test_file.create_version(self.user, { 'object': '06d80e', 'service': 'cloud', osfstorage_settings.WATERBUTLER_RESOURCE: 'osf', }, { 'size': 1337, 'contentType': 'img/png' }).save() url = self.project.api_url_for('update_comments_timestamp') res = self.app.put_json(url, { 'page': 'files', 'rootId': test_file._id }, auth=self.user.auth) self.user.reload() user_timestamp = self.user.comments_viewed_timestamp[test_file._id] view_timestamp = dt.datetime.utcnow() assert_datetime_equal(user_timestamp, view_timestamp)
class TestCommentViews(OsfTestCase): def setUp(self): super(TestCommentViews, self).setUp() self.project = ProjectFactory(is_public=True) self.user = AuthUserFactory() self.project.add_contributor(self.user) self.project.save() self.user.save() def test_view_project_comments_updates_user_comments_view_timestamp(self): url = self.project.api_url_for('update_comments_timestamp') res = self.app.put_json(url, { 'page': 'node', 'rootId': self.project._id }, auth=self.user.auth) self.user.reload() user_timestamp = self.user.comments_viewed_timestamp[self.project._id]['node'] view_timestamp = dt.datetime.utcnow() assert_datetime_equal(user_timestamp, view_timestamp) def test_confirm_non_contrib_viewers_dont_have_pid_in_comments_view_timestamp(self): non_contributor = AuthUserFactory() url = self.project.api_url_for('update_comments_timestamp') res = self.app.put_json(url, { 'page': 'node', 'rootId': self.project._id }, auth=self.user.auth) non_contributor.reload() assert_not_in(self.project._id, non_contributor.comments_viewed_timestamp) def test_view_comments_updates_user_comments_view_timestamp_files(self): osfstorage = self.project.get_addon('osfstorage') root_node = osfstorage.get_root() test_file = root_node.append_file('test_file') test_file.create_version(self.user, { 'object': '06d80e', 'service': 'cloud', osfstorage_settings.WATERBUTLER_RESOURCE: 'osf', }, { 'size': 1337, 'contentType': 'img/png' }).save() url = self.project.api_url_for('update_comments_timestamp') res = self.app.put_json(url, { 'page': 'files', 'rootId': test_file._id }, auth=self.user.auth) self.user.reload() user_timestamp = self.user.comments_viewed_timestamp[self.project._id]['files'][test_file._id] view_timestamp = dt.datetime.utcnow() assert_datetime_equal(user_timestamp, view_timestamp)
def test_many_users_each_with_a_different_github(self): user = AuthUserFactory() user.add_addon('github') oauth_settings2 = GitHubAccountFactory(display_name='hmoco2') oauth_settings2.save() user.external_accounts.append(oauth_settings2) user.save() results = AddonSnapshot().get_events() github_res = [res for res in results if res['provider']['name'] == 'github'][0] assert_equal(github_res['users']['total'], 2)
def test_github_enabled_not_linked_or_authorized(self): user = AuthUserFactory() user.add_addon("github") user.external_accounts.append(self.external_account) user.save() results = AddonSnapshot().get_events() github_res = [res for res in results if res["provider"]["name"] == "github"][0] assert_equal(github_res["users"]["enabled"], 2) assert_equal(github_res["users"]["authorized"], 1) assert_equal(github_res["users"]["linked"], 1)
def test_reviewer_can_see_draft_registration(self): user = AuthUserFactory() user.system_tags.append(PREREG_ADMIN_TAG) user.save() res = self.app.get(self.url, auth=user.auth) assert_equal(res.status_code, 200) data = res.json['data'] assert_equal(data['attributes']['registration_supplement'], self.schema._id) assert_equal(data['id'], self.draft_registration._id) assert_equal(data['attributes']['registration_metadata'], {})
def test_github_enabled_not_linked_or_authorized(self): user = AuthUserFactory() user.add_addon('github') user.external_accounts.append(self.external_account) user.save() results = AddonSnapshot().get_events() github_res = [res for res in results if res['provider']['name'] == 'github'][0] assert_equal(github_res['users']['enabled'], 2) assert_equal(github_res['users']['authorized'], 1) assert_equal(github_res['users']['linked'], 1)
def test_many_users_each_with_the_same_github(self): user = AuthUserFactory() user.add_addon('github') user.external_accounts.append(self.oauth_settings) user.save() results = AddonSnapshot().get_events() github_res = [ res for res in results if res['provider']['name'] == 'github' ][0] assert_equal(github_res['users']['total'], 2)
def test_dropbox_get_share_emails_returns_error_if_not_authorizer(self): contrib = AuthUserFactory() contrib.add_addon('dropbox') contrib.save() self.project.add_contributor(contrib, auth=Auth(self.user)) self.project.save() url = api_url_for('dropbox_get_share_emails', pid=self.project._primary_key) # Non-authorizing contributor sends request res = self.app.get(url, auth=contrib.auth, expect_errors=True) assert_equal(res.status_code, httplib.FORBIDDEN)
class TestAuthViews(OsfTestCase): def setUp(self): super(TestAuthViews, self).setUp() self.user = AuthUserFactory() # Log user in self.app.authenticate(*self.user.auth) def test_dropbox_oauth_start(self): url = api_url_for('dropbox_oauth_start_user') res = self.app.get(url) assert_is_redirect(res) assert_in('&force_reapprove=true', res.location) @mock.patch('website.addons.dropbox.views.auth.DropboxOAuth2Flow.finish') @mock.patch('website.addons.dropbox.views.auth.get_client_from_user_settings') def test_dropbox_oauth_finish(self, mock_get, mock_finish): mock_client = mock.MagicMock() mock_client.account_info.return_value = {'display_name': 'Mr. Drop Box'} mock_get.return_value = mock_client mock_finish.return_value = ('mytoken123', 'mydropboxid', 'done') url = api_url_for('dropbox_oauth_finish') res = self.app.get(url) assert_is_redirect(res) @mock.patch('website.addons.dropbox.client.DropboxClient.disable_access_token') def test_dropbox_oauth_delete_user(self, mock_disable_access_token): self.user.add_addon('dropbox') settings = self.user.get_addon('dropbox') settings.access_token = '12345abc' settings.save() assert_true(settings.has_auth) self.user.save() url = api_url_for('dropbox_oauth_delete_user') self.app.delete(url) settings.reload() assert_false(settings.has_auth) @mock.patch('website.addons.dropbox.client.DropboxClient.disable_access_token') def test_dropbox_oauth_delete_user_with_invalid_credentials(self, mock_disable_access_token): self.user.add_addon('dropbox') settings = self.user.get_addon('dropbox') settings.access_token = '12345abc' settings.save() assert_true(settings.has_auth) mock_response = mock.Mock() mock_response.status = 401 mock_disable_access_token.side_effect = ErrorResponse(mock_response, "The given OAuth 2 access token doesn't exist or has expired.") self.user.save() url = api_url_for('dropbox_oauth_delete_user') self.app.delete(url) settings.reload() assert_false(settings.has_auth)
def test_add_provider_with_no_permissions(self): new_user = AuthUserFactory() new_user.save() res = self.app.post_json_api( self.preprint_preprint_providers_url, self.create_payload(self.preprint_provider_one._id), auth=new_user.auth, expect_errors=True, ) assert_equal(res.status_code, 403)
def test_node_with_no_permissions(self): user = AuthUserFactory() user.affiliated_institutions.append(self.institution1) user.save() res = self.app.put_json_api( self.node_institutions_url, self.create_payload([self.institution1._id]), auth=user.auth, expect_errors=True, ) assert_equal(res.status_code, 403)
class TestAuthViews(OsfTestCase): def setUp(self): super(TestAuthViews, self).setUp() self.user = AuthUserFactory() # Log user in self.app.authenticate(*self.user.auth) def test_box_oauth_start(self): url = api_url_for('box_oauth_start_user') res = self.app.get(url) assert_is_redirect(res) @mock.patch('website.addons.box.views.auth.box_oauth_finish') @mock.patch('website.addons.box.views.auth.finish_auth') @mock.patch('website.addons.box.views.auth.BoxClient') def test_box_oauth_finish(self, mock_get, mock_finish, mock_oauth): mock_client = mock.MagicMock() mock_client.get_user_info.return_value = { 'name': 'Mr. Box', 'id': '1234567890' } mock_get.return_value = mock_client mock_finish.return_value = { 'token_type': 'something', 'access_token': 'something', 'refresh_token': 'something' } mock_oauth.return_value = ('mytoken123', 'myboxid', 'done') url = api_url_for('box_oauth_finish') res = self.app.get(url) assert_is_redirect(res) @mock.patch('website.addons.box.views.auth.flash') def test_box_oauth_finish_cancelled(self, mock_flash): url = api_url_for('box_oauth_finish', error='User declined!') res = self.app.get(url) assert_is_redirect(res) mock_flash.assert_called_once() @mock.patch('website.addons.box.model.BoxOAuthSettings.revoke_access_token' ) def test_box_oauth_delete_user(self, mock_disable_access_token): self.user.add_addon('box') settings = self.user.get_addon('box') oauth = BoxOAuthSettings(user_id='fa;l', access_token='a;lkjadl;kas') oauth.save() settings.oauth_settings = oauth settings.save() assert_true(settings.has_auth) self.user.save() url = api_url_for('box_oauth_delete_user') self.app.delete(url) settings.reload() assert_false(settings.has_auth)
def test_correct_view_permissions(self): user = AuthUserFactory() view_permission = Permission.objects.get(codename='view_conference') user.user_permissions.add(view_permission) user.save() request = RequestFactory().get(reverse('meetings:list')) request.user = user response = MeetingListView.as_view()(request) nt.assert_equal(response.status_code, 200)
class TestUserSpamListView(AdminTestCase): def setUp(self): super(TestUserSpamListView, self).setUp() self.project = ProjectFactory(is_public=True) self.user_1 = AuthUserFactory() self.user_2 = AuthUserFactory() self.project.add_contributor(self.user_1) self.project.add_contributor(self.user_2) self.project.save() self.user_1.save() self.user_2.save() self.comment_1 = CommentFactory(node=self.project, user=self.user_1) self.comment_2 = CommentFactory(node=self.project, user=self.user_1) self.comment_3 = CommentFactory(node=self.project, user=self.user_1) self.comment_4 = CommentFactory(node=self.project, user=self.user_1) self.comment_5 = CommentFactory(node=self.project, user=self.user_2) self.comment_6 = CommentFactory(node=self.project, user=self.user_2) self.comment_1.report_abuse(user=self.user_2, save=True, category='spam') self.comment_2.report_abuse(user=self.user_2, save=True, category='spam') self.comment_3.report_abuse(user=self.user_2, save=True, category='spam') self.comment_4.report_abuse(user=self.user_2, save=True, category='spam') self.comment_5.report_abuse(user=self.user_1, save=True, category='spam') self.comment_6.report_abuse(user=self.user_1, save=True, category='spam') self.request = RequestFactory().get('/fake_path') self.view = UserSpamList() self.view = setup_view(self.view, self.request, user_id=self.user_1._id) def test_get_user_spam(self): res = list(self.view.get_queryset()) nt.assert_equal(len(res), 4) def test_get_context_data(self): self.view.object_list = self.view.get_queryset() res = self.view.get_context_data() nt.assert_is_instance(res['spam'], list) nt.assert_is_instance(res['spam'][0], dict) nt.assert_equal(res['status'], '1') nt.assert_equal(res['page_number'], 1) nt.assert_equal(res['user_id'], self.user_1._id)
def test_github_enabled_not_linked_or_authorized(self): user = AuthUserFactory() user.add_addon('github') user.external_accounts.append(self.external_account) user.save() results = AddonSnapshot().get_events() github_res = [ res for res in results if res['provider']['name'] == 'github' ][0] assert_equal(github_res['users']['enabled'], 2) assert_equal(github_res['users']['authorized'], 1) assert_equal(github_res['users']['linked'], 1)
def test_many_users_each_with_a_different_github(self): user = AuthUserFactory() user.add_addon('github') oauth_settings2 = GitHubAccountFactory(display_name='hmoco2') oauth_settings2.save() user.external_accounts.append(oauth_settings2) user.save() results = AddonSnapshot().get_events() github_res = [ res for res in results if res['provider']['name'] == 'github' ][0] assert_equal(github_res['users']['total'], 2)
def test_many_users_each_with_a_different_github(self): user = AuthUserFactory() user.add_addon("github") oauth_settings2 = GitHubAccountFactory(display_name="hmoco2") oauth_settings2.save() user.external_accounts.append(oauth_settings2) user.save() results = AddonSnapshot().get_events() github_res = [res for res in results if res["provider"]["name"] == "github"][0] assert_equal(github_res["users"]["enabled"], 2) assert_equal(github_res["users"]["authorized"], 1) assert_equal(github_res["users"]["linked"], 1)
class TestUserDetail(ApiTestCase): def setUp(self): super(TestUserDetail, self).setUp() self.user_one = AuthUserFactory() self.user_one.social['twitter'] = 'howtopizza' self.user_one.save() self.user_two = AuthUserFactory() def tearDown(self): super(TestUserDetail, self).tearDown() def test_gets_200(self): url = "/{}users/{}/".format(API_BASE, self.user_one._id) res = self.app.get(url) assert_equal(res.status_code, 200) assert_equal(res.content_type, 'application/vnd.api+json') def test_get_correct_pk_user(self): url = "/{}users/{}/".format(API_BASE, self.user_one._id) res = self.app.get(url) user_json = res.json['data'] assert_equal(user_json['attributes']['fullname'], self.user_one.fullname) assert_equal(user_json['attributes']['twitter'], 'howtopizza') def test_get_incorrect_pk_user_logged_in(self): url = "/{}users/{}/".format(API_BASE, self.user_two._id) res = self.app.get(url) user_json = res.json['data'] assert_not_equal(user_json['attributes']['fullname'], self.user_one.fullname) def test_get_incorrect_pk_user_not_logged_in(self): url = "/{}users/{}/".format(API_BASE, self.user_two._id) res = self.app.get(url, auth=self.user_one.auth) user_json = res.json['data'] assert_not_equal(user_json['attributes']['fullname'], self.user_one.fullname) assert_equal(user_json['attributes']['fullname'], self.user_two.fullname) def test_user_detail_takes_profile_image_size_param(self): size = 42 url = "/{}users/{}/?profile_image_size={}".format( API_BASE, self.user_one._id, size) res = self.app.get(url) user_json = res.json['data'] profile_image_url = user_json['attributes']['profile_image_url'] query_dict = urlparse.parse_qs( urlparse.urlparse(profile_image_url).query) assert_equal(int(query_dict.get('size')[0]), size)
def test_cannnot_make_primary_email_for_another_user(self): user1 = AuthUserFactory() user2 = AuthUserFactory() email = '*****@*****.**' user1.emails.append(email) user1.save() url = api_url_for('update_user') header = {'id': user1.username, 'emails': [{'address': user1.username, 'primary': False, 'confirmed': True}, {'address': email, 'primary': True, 'confirmed': True} ]} res = self.app.put_json(url, header, auth=user2.auth, expect_errors=True) assert_equal(res.status_code, 403)
class TestDeactivatedUser(ApiTestCase): def setUp(self): super(TestDeactivatedUser, self).setUp() self.user = AuthUserFactory() def test_deactivated_user_returns_410_response(self): url = '/{}users/{}/'.format(API_BASE, self.user._id) res = self.app.get(url, auth=self.user.auth, expect_errors=False) assert_equal(res.status_code, 200) self.user.is_disabled = True self.user.save() res = self.app.get(url, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 410)