def test_auth_owns_pretend(self): u, p = self._create_ad_user() rando = fh.create_user() u2 = fh.create_user() adm = fh.create_user(is_admin=True) assert auth_owns_fn_user(u, p) assert auth_owns_fn_actual_user(u, p) assert auth_enforce_owns_fn(u, p) assert auth_owns_fn_user(adm, p) assert self.throws_exception(lambda: auth_owns_fn_user(u2, p)).code == FORBIDDEN assert self.throws_exception(lambda: auth_enforce_owns_fn(u2, p)).code == FORBIDDEN
def test_bool(self): u2 = fh.create_user(is_admin=True) self.flush() self.login(u2) r = self.client_async(self.url,{'abool': 'on'}) assert r.results.abool == True
def test_api_prologue_exception(self): """ Verifies that an ApiPrologueException is handled properly """ user = fh.create_user() self.flush() self.login(user) # The bad version in this url will force an ApiPrologueException in the dispatcher bad_url = '/api/vA/user/set_pref' params = {'key': 'asd', 'value': 'omgwow'} response = self.client_async(bad_url, params, status=501, assert_success=False) assert 'Invalid version' in response.results.errors[0].message # no function! url = '/api/v1/user/meow' params = {} response = self.client_async(url, params, status=501, assert_success=False) assert 'user.meow not implemented' in response.results.errors[0].message # no module! url = '/api/v1/rawr/meow' params = {} response = self.client_async(url, params, status=501, assert_success=False) assert 'rawr.meow not implemented' in response.results.errors[0].message
def test_auth(self): # not an admin u = fh.create_user() self.flush() self.login(u) r = self.client_async(self.url,{}, status=403, assert_success=False) assert r.errors[0].code == FORBIDDEN
def test_value_error(self): """ Verifies that a ValueError is handled properly """ # we cant create a new user because of the rollback when there is an error. user = fh.create_user(is_admin=True) self.flush() self.login(user) # Force a ValueError with a bad budget value params = {'anint': 'not an int'} response = self.client_async(self.url, params, status=500, assert_success=False) assert 'int()' in response.results.errors[0].message
def test_timer_proxy(self): u = fh.create_user() self.flush() self.login(u) response = self.post(self.form_url, {"a_number": 32, "a_string": "aodij"}) assert response.tmpl_context.show_debug == False assert response.tmpl_context.queries == "" u = fh.create_user(is_admin=True) self.flush() self.login(u) response = self.post(self.form_url, {"a_number": 32, "a_string": "aodij"}) assert response.tmpl_context.show_debug == True assert len(response.tmpl_context.queries) == 3 assert response.tmpl_context.querie_time > 0.0 for q, t in response.tmpl_context.queries: assert q assert t > 0.0
def test_edit(self): own = fh.create_user() rando = fh.create_user() a = fh.create_user(is_admin=True) self.flush() u = api.user.edit(own, own, own, first_name='omgwow', default_timezone=0, is_active='f', role='admin') assert u.id == own.id assert u.first_name == 'omgwow' assert u.is_active == True assert u.role == 'user' assert 'London' in u.default_timezone u = api.user.edit(a, a, own, last_name='yeah') assert u.id == own.id u = api.user.edit(a, a, own, is_active='f', role='admin') assert u.id == own.id assert u.is_active == False assert u.role == 'admin' assert self.throws_exception(lambda: api.user.edit(rando, rando, own, first_name='m')).code == NOT_FOUND assert self.throws_exception(lambda: api.user.edit(a, a, None, first_name='s')).code == NOT_FOUND
def test_field_editor(self): u = fh.create_user() adm = fh.create_user(is_admin=True) class SomeForm(formencode.Schema): things = fv.Number(not_empty=False, min=0) yo_mammas = fv.Int(not_empty=False, min=0) admin_only = fv.Int(not_empty=False, min=0) error_1 = fv.UnicodeString(not_empty=False) error_2 = fv.UnicodeString(not_empty=False) edit_fields = ['things', 'yo_mammas', 'error_1', 'error_2'] admin_edit_fields = ['admin_only'] class Editor(FieldEditor): def __init__(self): super(Editor, self).__init__(edit_fields, admin_edit_fields, SomeForm) def edit_error_1(self, actual_user, user, obj, key, value): raise ClientException('error_1') def edit_error_2(self, actual_user, user, obj, key, value): raise ClientException('error_2') def edit_things(self, actual_user, user, obj, key, value): assert actual_user assert user assert key == 'things' obj['things'] = value def edit_random(self, actual_user, user, obj, key, value): obj['random'] = value def edit_admin_only(self, actual_user, user, obj, key, value): assert key == 'admin_only' obj['admin_only'] = value #not defining yo_mammas intentionally editor = Editor() #basic case, non admin obj = {} editor.edit(u, u, obj, things='3.0') assert obj['things'] == 3.0 obj = {} editor.edit(u, u, obj, key='things', value='4.0') assert obj['things'] == 4.0 #basic case, admin, multiple fields obj = {} editor.edit(adm, u, obj, things='5.0', admin_only=34) assert obj['things'] == 5.0 assert obj['admin_only'] == 34 #FAIL case, non-admin. will not edit admin! obj = {} editor.edit(u, u, obj, things='5.0', admin_only=34) assert obj['things'] == 5.0 assert 'admin_only' not in obj # should not run the validator on the admin_only field editor.edit(u, u, obj, things='5.0', admin_only='dont breaK!') assert obj['things'] == 5.0 assert 'admin_only' not in obj ce = (ClientException,) #FAIL case, empty assert self.throws_exception(lambda: editor.edit(u, u, obj), types=ce).code == INCOMPLETE #FAIL case, dont edit random stuff we dont care about obj = {} assert self.throws_exception(lambda: editor.edit(u, u, obj, random='poo'), types=ce).code == INCOMPLETE assert not obj assert self.throws_exception(lambda: editor.edit(u, u, obj, admin_only='poo'), types=ce).code == INCOMPLETE assert not obj editor.edit(u, u, obj, things=4.5, random='poo') assert 'things' in obj assert 'random' not in obj editor.edit(u, u, obj, things=4.5, random_foo='poo') assert 'things' in obj assert 'random_foo' not in obj #this cant call the function cause it isnt defined obj = {} assert self.throws_exception(lambda: editor.edit(u, u, obj, yo_mammas='2'), types=(AppException,)).code == INCOMPLETE exc = self.throws_exception(lambda: editor.edit(u, u, obj, error_1='blah', error_2='blah'), types=(CompoundException,)) assert exc.has_exceptions assert len(exc.exceptions) == 2 assert 'error_1' in [e.msg for e in exc.exceptions] assert 'error_2' in [e.msg for e in exc.exceptions] ## #validation! ## i = (formencode.validators.Invalid,) exc = self.throws_exception(lambda: editor.edit(u, u, obj, things='asd', yo_mammas='qw'), types=i) assert exc assert len(exc.error_dict.keys()) == 2 assert 'things' in exc.error_dict.keys() assert 'yo_mammas' in exc.error_dict.keys()
def test_auth_admin(self): u = fh.create_user() adm = fh.create_user(is_admin=True) assert auth_admin_fn(adm) assert self.throws_exception(lambda: auth_admin_fn(u)).code == FORBIDDEN
def _create_ad_user(self, make_admin=False): u = make_admin and fh.create_user(is_admin=True) or fh.create_user() p = u.set_preference(u'omg', u'wow') return u, p