def post(self):
schema = UserCreateSchema(context={"request": self.request})
data = schema.load(self.request.unsafe_json_body).data
user = User()
self.shared.populate_instance(user, data)
user.persist(flush=True, db_session=self.request.dbsession)
return schema.dump(user).data
def post(self):
schema = UserCreateSchema(context={'request': self.request})
data = schema.load(self.request.unsafe_json_body).data
user = User()
self.shared.populate_instance(user, data)
user.persist(flush=True, db_session=self.request.dbsession)
return schema.dump(user).data
def test_get_found(self, sqla_session):
from testscaffold.views.api.users import UserAPIView
from testscaffold.models.user import User
with tmp_session_context(sqla_session) as session:
request = dummy_request(session)
user = User(id=5, email='foo', user_name='bar')
user.persist(flush=True, db_session=request.dbsession)
request.matchdict['object_id'] = 5
result = UserAPIView(request).get()
assert result['id'] == 5
def test_get_found(self, sqla_session):
from testscaffold.views.api.users import UserAPIView
from testscaffold.models.user import User
with tmp_session_context(sqla_session) as session:
request = dummy_request(session)
user = User(id=5, email="foo", user_name="bar")
user.persist(flush=True, db_session=request.dbsession)
request.matchdict["object_id"] = 5
result = UserAPIView(request).get()
assert result["id"] == 5
def main(argv=sys.argv):
if len(argv) < 2:
usage(argv)
config_uri = argv[1]
options = parse_vars(argv[2:])
setup_logging(config_uri)
settings = get_appsettings(config_uri,
name='testscaffold',
options=options)
engine = get_engine(settings)
session_factory = get_session_factory(engine)
dbsession = get_tm_session(session_factory, transaction.manager)
with transaction.manager:
user = User(user_name="admin", email='foo@localhost')
user.set_password('admin')
admin_object = Group(group_name='Administrators')
group_permission = GroupPermission(perm_name='root_administration')
dbsession.add(admin_object)
admin_object.permissions.append(group_permission)
admin_object.users.append(user)
test_group = Group(group_name='Other group')
dbsession.add(test_group)
for x in range(1, 25):
user = User(user_name="test{}".format(x),
email='foo{}@localhost'.format(x))
user.set_password('test')
test_group.users.append(user)
def test_patch_found_valid(self, sqla_session):
from testscaffold.views.api.users import UserAPIView
from testscaffold.models.user import User
with tmp_session_context(sqla_session) as session:
request = dummy_request(session)
request.json_body = {"user_name": "changed", "email": "*****@*****.**"}
user = User(id=1, email="foo", user_name="bar")
user.persist(flush=True, db_session=request.dbsession)
request.matchdict["object_id"] = 1
result = UserAPIView(request).patch()
assert result["user_name"] == "changed"
assert result["email"] == "*****@*****.**"
def lost_password_generate(self):
"""
Shows new password form - perform time check and set new password for user
"""
request = self.request
user = User.by_user_name_and_security_code(
request.params.get('user_name'),
request.params.get('security_code'),
db_session=request.dbsession)
delta = 0
if user:
delta = datetime.utcnow() - user.security_code_date
if user and delta.total_seconds() < 600:
form = UserNewPasswordForm(request.POST,
context={'context': request})
if request.method == "POST" and form.validate():
user.set_password(form.password.data)
msg = {
'msg':
self.translate(
_('You can sign in with your new password.')),
'level':
'success'
}
request.session.flash(msg)
return HTTPFound(location=request.route_url('register'))
else:
return {"update_password_form": form}
else:
return Response('Security code expired')
def test_patch_found_valid(self, sqla_session):
from testscaffold.views.api.users import UserAPIView
from testscaffold.models.user import User
with tmp_session_context(sqla_session) as session:
request = dummy_request(session)
request.json_body = {
'user_name': 'changed',
'email': '*****@*****.**',
}
user = User(id=1, email='foo', user_name='bar')
user.persist(flush=True, db_session=request.dbsession)
request.matchdict['object_id'] = 1
result = UserAPIView(request).patch()
assert result['user_name'] == 'changed'
assert result['email'] == '*****@*****.**'
def post(self):
request = self.request
user_form = UserAdminCreateForm(request.POST, context={"request": request})
if request.method == "POST" and user_form.validate():
user = User()
self.shared.populate_instance(user, user_form.data)
user.persist(flush=True, db_session=request.dbsession)
log.info(
"users_post", extra={"user_id": user.id, "user_name": user.user_name}
)
request.session.flash(
{"msg": self.translate(_("User created.")), "level": "success"}
)
location = request.route_url("admin_objects", object="users", verb="GET")
return pyramid.httpexceptions.HTTPFound(location=location)
return {"user_form": user_form}
def post(self):
request = self.request
user_form = UserAdminCreateForm(request.POST,
context={'request': request})
if request.method == "POST" and user_form.validate():
user = User()
self.shared.populate_instance(user, user_form.data)
user.persist(flush=True, db_session=request.dbsession)
log.info('users_post',
extra={
'user_id': user.id,
'user_name': user.user_name
})
request.session.flash({
'msg': self.translate(_('User created.')),
'level': 'success'
})
location = request.route_url('admin_objects',
object='users',
verb='GET')
return pyramid.httpexceptions.HTTPFound(location=location)
return {"user_form": user_form}
def lost_password(self):
"""
Presents lost password page - sends password reset link to
specified email address.
This link is valid only for 10 minutes
"""
request = self.request
form = UserLostPasswordForm(request.POST, context={'request': request})
if request.method == 'POST' and form.validate():
user = User.by_email(form.email.data, db_session=request.dbsession)
if user:
user.regenerate_security_code()
user.security_code_date = datetime.utcnow()
title = self.translate(
_('${project} :: New password request',
mapping={'project': 'testscaffold'}))
email_vars = {
'user': user,
'request': request,
'email_title': title
}
ev = EmailEvent(
request,
recipients=[user.email],
tmpl_vars=email_vars,
tmpl_loc=
'testscaffold:templates/emails/lost_password.jinja2')
request.registry.notify(ev)
msg = {
'msg':
self.translate(
_('Password reset email had been sent. '
'Please check your mailbox for further instructions.'
'If you can\'t see the message please check '
'your spam box.')),
'level':
'success'
}
request.session.flash(msg)
return HTTPFound(location=request.route_url('lost_password'))
else:
msg = {'msg': 'Email not found', 'level': 'warning'}
request.session.flash(msg)
return {"lost_password_form": form}
def register(self):
"""
Render register page with form
Also handles oAuth flow for registration
"""
request = self.request
login_url = request.route_url("ziggurat.routes.sign_in")
login_form = UserLoginForm(request.POST, context={"request": request})
# some logic to handle came_from variable that we can use
# to redirect user that tried to access forbidden resource
if request.query_string:
query_string = "?%s" % request.query_string
else:
query_string = ""
referrer = "%s%s" % (request.path, query_string)
for url in [login_url, "/register"]:
if url in referrer:
# never use the login form itself as came_from
# or we may end up with a redirect loop
referrer = "/"
break
registration_form = UserCreateForm(request.POST, context={"request": request})
# populate form from oAuth session data returned by velruse
social_data = request.session.get("zigg.social_auth")
if request.method != "POST" and social_data:
log.info("social_auth", extra={"social_data": social_data})
form_data = {
"email": social_data["user"].get("email"),
"user_password": str(uuid.uuid4()),
}
# repopulate form this time from oauth data
registration_form = UserCreateForm(
context={"request": request}, **form_data
)
if request.method == "POST" and registration_form.validate():
# insert new user here
new_user = User()
registration_form.populate_obj(new_user)
new_user.regenerate_security_code()
new_user.status = 1
new_user.set_password(new_user.password)
new_user.registration_ip = request.environ.get("REMOTE_ADDR")
new_user.persist(flush=True, db_session=request.dbsession)
log.info(
"register",
extra={"new_user": new_user.user_name, "user_id": new_user.id},
)
# bind 3rd party identity
if social_data:
request.registry.notify(SocialAuthEvent(request, new_user, social_data))
title = _(
"${project} :: Start information", mapping={"project": "testscaffold"}
)
email_vars = {"user": new_user, "email_title": self.translate(title)}
ev = EmailEvent(
request,
recipients=[new_user.email],
tmpl_vars=email_vars,
tmpl_loc="testscaffold:" "templates/emails/registered.jinja2",
)
request.registry.notify(ev)
request.session.flash(
{
"msg": self.translate(_("You have successfully registered.")),
"level": "success",
}
)
headers = remember(request, new_user.id)
return HTTPFound(location=request.route_url("/"), headers=headers)
return {"registration_form": registration_form, "login_form": login_form}
def test_cleanup(self, sqla_session):
from testscaffold.models.user import User
with session_context(sqla_session) as session:
user = User(id=1, email='foasfsfao', user_name='barafsf')
user.persist(flush=True, db_session=session)
def register(self):
"""
Render register page with form
Also handles oAuth flow for registration
"""
request = self.request
login_url = request.route_url('ziggurat.routes.sign_in')
login_form = UserLoginForm(request.POST, context={'request': request})
# some logic to handle came_from variable that we can use
# to redirect user that tried to access forbidden resource
if request.query_string:
query_string = '?%s' % request.query_string
else:
query_string = ''
referrer = '%s%s' % (request.path, query_string)
for url in [login_url, '/register']:
if url in referrer:
# never use the login form itself as came_from
# or we may end up with a redirect loop
referrer = '/'
break
registration_form = UserCreateForm(request.POST,
context={'request': request})
# populate form from oAuth session data returned by velruse
social_data = request.session.get('zigg.social_auth')
if request.method != 'POST' and social_data:
log.info('social_auth', extra={'social_data': social_data})
form_data = {'email': social_data['user'].get('email')}
form_data['user_password'] = str(uuid.uuid4())
# repopulate form this time from oauth data
registration_form = UserCreateForm(context={'request': request},
**form_data)
if request.method == "POST" and registration_form.validate():
# insert new user here
new_user = User()
registration_form.populate_obj(new_user)
new_user.persist(flush=True, db_session=request.dbsession)
new_user.regenerate_security_code()
new_user.status = 1
new_user.set_password(new_user.password)
new_user.registration_ip = request.environ.get('REMOTE_ADDR')
log.info('register', extra={'new_user': new_user.user_name})
# bind 3rd party identity
if social_data:
request.registry.notify(
SocialAuthEvent(request, new_user, social_data))
title = _("${project} :: Start information",
mapping={'project': 'testscaffold'})
email_vars = {
'user': new_user,
'email_title': self.translate(title)
}
ev = EmailEvent(request,
recipients=[new_user.email],
tmpl_vars=email_vars,
tmpl_loc='testscaffold:'
'templates/emails/registered.jinja2')
request.registry.notify(ev)
request.session.flash({
'msg':
self.translate(_('You have successfully registered.')),
'level':
'success'
})
headers = remember(request, new_user.id)
return HTTPFound(location=request.route_url('/'), headers=headers)
return {
"registration_form": registration_form,
'login_form': login_form
}
def test_cleanup(self, sqla_session):
from testscaffold.models.user import User
with session_context(sqla_session) as session:
user = User(id=1, email="foasfsfao", user_name="barafsf")
user.persist(flush=True, db_session=session)