upstream/kallithea Commit - r2661:09e54a64

1

from sqlalchemy.orm.exc import NoResultFound

1

from sqlalchemy.orm.exc import NoResultFound

2

3

from rhodecode.tests import *

3

from rhodecode.tests import *

4

from rhodecode.model.db import User, Permission

4

from rhodecode.model.db import User, Permission

5

from rhodecode.lib.auth import check_password

5

from rhodecode.lib.auth import check_password

6

from rhodecode.model.user import UserModel

6

from rhodecode.model.user import UserModel

7

from rhodecode.model import validators

7

from rhodecode.model import validators

8

from rhodecode.lib import helpers as h

8

from rhodecode.lib import helpers as h

9

10

11

class TestAdminUsersController(TestController):

11

class TestAdminUsersController(TestController):

12

13

def test_index(self):

13

def test_index(self):

14

self.log_user()

14

self.log_user()

15

response = self.app.get(url('users'))

15

response = self.app.get(url('users'))

16

# Test response...

16

# Test response...

17

18

def test_index_as_xml(self):

18

def test_index_as_xml(self):

19

response = self.app.get(url('formatted_users', format='xml'))

19

response = self.app.get(url('formatted_users', format='xml'))

20

21

def test_create(self):

21

def test_create(self):

22

self.log_user()

22

self.log_user()

23

username = 'newtestuser'

23

username = 'newtestuser'

24

password = 'test12'

24

password = 'test12'

25

password_confirmation = password

25

password_confirmation = password

26

name = 'name'

26

name = 'name'

27

lastname = 'lastname'

27

lastname = 'lastname'

28

email = 'mail@mail.com'

28

email = 'mail@mail.com'

29

30

response = self.app.post(url('users'),

30

response = self.app.post(url('users'),

31

{'username': username,

31

{'username': username,

32

'password': password,

32

'password': password,

33

'password_confirmation': password_confirmation,

33

'password_confirmation': password_confirmation,

34

'firstname': name,

34

'firstname': name,

35

'active': True,

35

'active': True,

36

'lastname': lastname,

36

'lastname': lastname,

37

'email': email})

37

'email': email})

38

39

self.checkSessionFlash(response, '''created user %s''' % (username))

39

self.checkSessionFlash(response, '''created user %s''' % (username))

40

41

new_user = self.Session.query(User).\

41

new_user = self.Session.query(User).\

42

filter(User.username == username).one()

42

filter(User.username == username).one()

43

44

self.assertEqual(new_user.username, username)

44

self.assertEqual(new_user.username, username)

45

self.assertEqual(check_password(password, new_user.password), True)

45

self.assertEqual(check_password(password, new_user.password), True)

46

self.assertEqual(new_user.name, name)

46

self.assertEqual(new_user.name, name)

47

self.assertEqual(new_user.lastname, lastname)

47

self.assertEqual(new_user.lastname, lastname)

48

self.assertEqual(new_user.email, email)

48

self.assertEqual(new_user.email, email)

49

50

response.follow()

50

response.follow()

51

response = response.follow()

51

response = response.follow()

52

response.mustcontain("""~~edit">~~newtestuser~~</a>~~""")

52

response.mustcontain("""newtestuser""")

53

54

def test_create_err(self):

54

def test_create_err(self):

55

self.log_user()

55

self.log_user()

56

username = 'new_user'

56

username = 'new_user'

57

password = ''

57

password = ''

58

name = 'name'

58

name = 'name'

59

lastname = 'lastname'

59

lastname = 'lastname'

60

email = 'errmail.com'

60

email = 'errmail.com'

61

62

response = self.app.post(url('users'), {'username': username,

62

response = self.app.post(url('users'), {'username': username,

63

'password': password,

63

'password': password,

64

'name': name,

64

'name': name,

65

'active': False,

65

'active': False,

66

'lastname': lastname,

66

'lastname': lastname,

67

'email': email})

67

'email': email})

68

69

msg = validators.ValidUsername(False, {})._messages['system_invalid_username']

69

msg = validators.ValidUsername(False, {})._messages['system_invalid_username']

70

msg = h.html_escape(msg % {'username': 'new_user'})

70

msg = h.html_escape(msg % {'username': 'new_user'})

71

response.mustcontain("""%s""" % msg)

71

response.mustcontain("""%s""" % msg)

72

response.mustcontain("""Please enter a value""")

72

response.mustcontain("""Please enter a value""")

73

response.mustcontain("""An email address must contain a single @""")

73

response.mustcontain("""An email address must contain a single @""")

74

75

def get_user():

75

def get_user():

76

self.Session.query(User).filter(User.username == username).one()

76

self.Session.query(User).filter(User.username == username).one()

77

78

self.assertRaises(NoResultFound, get_user), 'found user in database'

78

self.assertRaises(NoResultFound, get_user), 'found user in database'

79

80

def test_new(self):

80

def test_new(self):

81

self.log_user()

81

self.log_user()

82

response = self.app.get(url('new_user'))

82

response = self.app.get(url('new_user'))

83

84

def test_new_as_xml(self):

84

def test_new_as_xml(self):

85

response = self.app.get(url('formatted_new_user', format='xml'))

85

response = self.app.get(url('formatted_new_user', format='xml'))

86

87

@parameterized.expand([('firstname', 'new_username'),

87

@parameterized.expand([('firstname', 'new_username'),

88

('lastname', 'new_username'),

88

('lastname', 'new_username'),

89

('admin', True),

89

('admin', True),

90

('admin', False),

90

('admin', False),

91

('ldap_dn', 'test'),

91

('ldap_dn', 'test'),

92

('ldap_dn', None),

92

('ldap_dn', None),

93

('active', False),

93

('active', False),

94

('active', True),

94

('active', True),

95

('email', 'some@email.com'),

95

('email', 'some@email.com'),

96

])

96

])

97

def test_update(self, name, expected):

97

def test_update(self, name, expected):

98

self.log_user()

98

self.log_user()

99

uname = 'testme'

99

uname = 'testme'

100

usr = UserModel().create_or_update(username=uname, password='qweqwe',

100

usr = UserModel().create_or_update(username=uname, password='qweqwe',

101

email='testme@rhodecod.org')

101

email='testme@rhodecod.org')

102

self.Session().commit()

102

self.Session().commit()

103

params = usr.get_api_data()

103

params = usr.get_api_data()

104

params.update({name: expected})

104

params.update({name: expected})

105

params.update({'password_confirmation': ''})

105

params.update({'password_confirmation': ''})

106

params.update({'new_password': ''})

106

params.update({'new_password': ''})

107

if name == 'email':

107

if name == 'email':

108

params['emails'] = [expected]

108

params['emails'] = [expected]

109

if name == 'ldap_dn':

109

if name == 'ldap_dn':

110

#cannot update this via form

110

#cannot update this via form

111

params['ldap_dn'] = None

111

params['ldap_dn'] = None

112

try:

112

try:

113

response = self.app.put(url('user', id=usr.user_id), params)

113

response = self.app.put(url('user', id=usr.user_id), params)

114

115

self.checkSessionFlash(response, '''User updated successfully''')

115

self.checkSessionFlash(response, '''User updated successfully''')

116

117

updated_user = User.get_by_username(uname)

117

updated_user = User.get_by_username(uname)

118

updated_params = updated_user.get_api_data()

118

updated_params = updated_user.get_api_data()

119

updated_params.update({'password_confirmation': ''})

119

updated_params.update({'password_confirmation': ''})

120

updated_params.update({'new_password': ''})

120

updated_params.update({'new_password': ''})

121

122

self.assertEqual(params, updated_params)

122

self.assertEqual(params, updated_params)

123

124

finally:

124

finally:

125

UserModel().delete('testme')

125

UserModel().delete('testme')

126

127

def test_update_browser_fakeout(self):

127

def test_update_browser_fakeout(self):

128

response = self.app.post(url('user', id=1), params=dict(_method='put'))

128

response = self.app.post(url('user', id=1), params=dict(_method='put'))

129

130

def test_delete(self):

130

def test_delete(self):

131

self.log_user()

131

self.log_user()

132

username = 'newtestuserdeleteme'

132

username = 'newtestuserdeleteme'

133

password = 'test12'

133

password = 'test12'

134

name = 'name'

134

name = 'name'

135

lastname = 'lastname'

135

lastname = 'lastname'

136

email = 'todeletemail@mail.com'

136

email = 'todeletemail@mail.com'

137

138

response = self.app.post(url('users'), {'username': username,

138

response = self.app.post(url('users'), {'username': username,

139

'password': password,

139

'password': password,

140

'password_confirmation': password,

140

'password_confirmation': password,

141

'firstname': name,

141

'firstname': name,

142

'active': True,

142

'active': True,

143

'lastname': lastname,

143

'lastname': lastname,

144

'email': email})

144

'email': email})

145

146

response = response.follow()

146

response = response.follow()

147

148

new_user = self.Session.query(User)\

148

new_user = self.Session.query(User)\

149

.filter(User.username == username).one()

149

.filter(User.username == username).one()

150

response = self.app.delete(url('user', id=new_user.user_id))

150

response = self.app.delete(url('user', id=new_user.user_id))

151

152

self.assertTrue("""successfully deleted user""" in

152

self.assertTrue("""successfully deleted user""" in

153

response.session['flash'][0])

153

response.session['flash'][0])

154

155

def test_delete_browser_fakeout(self):

155

def test_delete_browser_fakeout(self):

156

response = self.app.post(url('user', id=1),

156

response = self.app.post(url('user', id=1),

157

params=dict(_method='delete'))

157

params=dict(_method='delete'))

158

159

def test_show(self):

159

def test_show(self):

160

response = self.app.get(url('user', id=1))

160

response = self.app.get(url('user', id=1))

161

162

def test_show_as_xml(self):

162

def test_show_as_xml(self):

163

response = self.app.get(url('formatted_user', id=1, format='xml'))

163

response = self.app.get(url('formatted_user', id=1, format='xml'))

164

165

def test_edit(self):

165

def test_edit(self):

166

self.log_user()

166

self.log_user()

167

user = User.get_by_username(TEST_USER_ADMIN_LOGIN)

167

user = User.get_by_username(TEST_USER_ADMIN_LOGIN)

168

response = self.app.get(url('edit_user', id=user.user_id))

168

response = self.app.get(url('edit_user', id=user.user_id))

169

170

def test_add_perm_create_repo(self):

170

def test_add_perm_create_repo(self):

171

self.log_user()

171

self.log_user()

172

perm_none = Permission.get_by_key('hg.create.none')

172

perm_none = Permission.get_by_key('hg.create.none')

173

perm_create = Permission.get_by_key('hg.create.repository')

173

perm_create = Permission.get_by_key('hg.create.repository')

174

175

user = User.get_by_username(TEST_USER_REGULAR_LOGIN)

175

user = User.get_by_username(TEST_USER_REGULAR_LOGIN)

176

177

#User should have None permission on creation repository

177

#User should have None permission on creation repository

178

self.assertEqual(UserModel().has_perm(user, perm_none), False)

178

self.assertEqual(UserModel().has_perm(user, perm_none), False)

179

self.assertEqual(UserModel().has_perm(user, perm_create), False)

179

self.assertEqual(UserModel().has_perm(user, perm_create), False)

180

181

response = self.app.post(url('user_perm', id=user.user_id),

181

response = self.app.post(url('user_perm', id=user.user_id),

182

params=dict(_method='put',

182

params=dict(_method='put',

183

create_repo_perm=True))

183

create_repo_perm=True))

184

185

perm_none = Permission.get_by_key('hg.create.none')

185

perm_none = Permission.get_by_key('hg.create.none')

186

perm_create = Permission.get_by_key('hg.create.repository')

186

perm_create = Permission.get_by_key('hg.create.repository')

187

188

user = User.get_by_username(TEST_USER_REGULAR_LOGIN)

188

user = User.get_by_username(TEST_USER_REGULAR_LOGIN)

189

#User should have None permission on creation repository

189

#User should have None permission on creation repository

190

self.assertEqual(UserModel().has_perm(user, perm_none), False)

190

self.assertEqual(UserModel().has_perm(user, perm_none), False)

191

self.assertEqual(UserModel().has_perm(user, perm_create), True)

191

self.assertEqual(UserModel().has_perm(user, perm_create), True)

192

193

def test_revoke_perm_create_repo(self):

193

def test_revoke_perm_create_repo(self):

194

self.log_user()

194

self.log_user()

195

perm_none = Permission.get_by_key('hg.create.none')

195

perm_none = Permission.get_by_key('hg.create.none')

196

perm_create = Permission.get_by_key('hg.create.repository')

196

perm_create = Permission.get_by_key('hg.create.repository')

197

198

user = User.get_by_username(TEST_USER_REGULAR2_LOGIN)

198

user = User.get_by_username(TEST_USER_REGULAR2_LOGIN)

199

200

#User should have None permission on creation repository

200

#User should have None permission on creation repository

201

self.assertEqual(UserModel().has_perm(user, perm_none), False)

201

self.assertEqual(UserModel().has_perm(user, perm_none), False)

202

self.assertEqual(UserModel().has_perm(user, perm_create), False)

202

self.assertEqual(UserModel().has_perm(user, perm_create), False)

203

204

response = self.app.post(url('user_perm', id=user.user_id),

204

response = self.app.post(url('user_perm', id=user.user_id),

205

params=dict(_method='put'))

205

params=dict(_method='put'))

206

207

perm_none = Permission.get_by_key('hg.create.none')

207

perm_none = Permission.get_by_key('hg.create.none')

208

perm_create = Permission.get_by_key('hg.create.repository')

208

perm_create = Permission.get_by_key('hg.create.repository')

209

210

user = User.get_by_username(TEST_USER_REGULAR2_LOGIN)

210

user = User.get_by_username(TEST_USER_REGULAR2_LOGIN)

211

#User should have None permission on creation repository

211

#User should have None permission on creation repository

212

self.assertEqual(UserModel().has_perm(user, perm_none), True)

212

self.assertEqual(UserModel().has_perm(user, perm_none), True)

213

self.assertEqual(UserModel().has_perm(user, perm_create), False)

213

self.assertEqual(UserModel().has_perm(user, perm_create), False)

214

215

def test_edit_as_xml(self):

215

def test_edit_as_xml(self):

216

response = self.app.get(url('formatted_edit_user', id=1, format='xml'))

216

response = self.app.get(url('formatted_edit_user', id=1, format='xml'))

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

             from sqlalchemy.orm.exc import NoResultFound
             from rhodecode.tests import *
             from rhodecode.model.db import User, Permission
             from rhodecode.lib.auth import check_password
             from rhodecode.model.user import UserModel
             from rhodecode.model import validators
             from rhodecode.lib import helpers as h
             class TestAdminUsersController(TestController):
                 def test_index(self):
                     self.log_user()
                     response = self.app.get(url('users'))
                     # Test response...
                 def test_index_as_xml(self):
                     response = self.app.get(url('formatted_users', format='xml'))
                 def test_create(self):
                     self.log_user()
                     username = 'newtestuser'
                     password = 'test12'
                     password_confirmation = password
                     name = 'name'
                     lastname = 'lastname'
                     email = 'mail@mail.com'
                     response = self.app.post(url('users'),
                                          {'username': username,
                                            'password': password,
                                            'password_confirmation': password_confirmation,
                                            'firstname': name,
                                            'active': True,
                                            'lastname': lastname,
                                            'email': email})
                     self.checkSessionFlash(response, '''created user %s''' % (username))
                     new_user = self.Session.query(User).\
                         filter(User.username == username).one()
                     self.assertEqual(new_user.username, username)
                     self.assertEqual(check_password(password, new_user.password), True)
                     self.assertEqual(new_user.name, name)
                     self.assertEqual(new_user.lastname, lastname)
                     self.assertEqual(new_user.email, email)
                     response.follow()
                     response = response.follow()
-                    response.mustcontain("""edit">newtestuser</a>""")
+                    response.mustcontain("""newtestuser""")
                 def test_create_err(self):
                     self.log_user()
                     username = 'new_user'
                     password = ''
                     name = 'name'
                     lastname = 'lastname'
                     email = 'errmail.com'
                     response = self.app.post(url('users'), {'username': username,
                                                            'password': password,
                                                            'name': name,
                                                            'active': False,
                                                            'lastname': lastname,
                                                            'email': email})
                     msg = validators.ValidUsername(False, {})._messages['system_invalid_username']
                     msg = h.html_escape(msg % {'username': 'new_user'})
                     response.mustcontain("""<span class="error-message">%s</span>""" % msg)
                     response.mustcontain("""<span class="error-message">Please enter a value</span>""")
                     response.mustcontain("""<span class="error-message">An email address must contain a single @</span>""")
                     def get_user():
                         self.Session.query(User).filter(User.username == username).one()
                     self.assertRaises(NoResultFound, get_user), 'found user in database'
                 def test_new(self):
                     self.log_user()
                     response = self.app.get(url('new_user'))
                 def test_new_as_xml(self):
                     response = self.app.get(url('formatted_new_user', format='xml'))
                 @parameterized.expand([('firstname', 'new_username'),
                                        ('lastname', 'new_username'),
                                        ('admin', True),
                                        ('admin', False),
                                        ('ldap_dn', 'test'),
                                        ('ldap_dn', None),
                                        ('active', False),
                                        ('active', True),
                                        ('email', 'some@email.com'),
                                        ])
                 def test_update(self, name, expected):
                     self.log_user()
                     uname = 'testme'
                     usr = UserModel().create_or_update(username=uname, password='qweqwe',
                                                        email='testme@rhodecod.org')
                     self.Session().commit()
                     params = usr.get_api_data()
                     params.update({name: expected})
                     params.update({'password_confirmation': ''})
                     params.update({'new_password': ''})
                     if name == 'email':
                         params['emails'] = [expected]
                     if name == 'ldap_dn':
                         #cannot update this via form
                         params['ldap_dn'] = None
                     try:
                         response = self.app.put(url('user', id=usr.user_id), params)
                         self.checkSessionFlash(response, '''User updated successfully''')
                         updated_user = User.get_by_username(uname)
                         updated_params = updated_user.get_api_data()
                         updated_params.update({'password_confirmation': ''})
                         updated_params.update({'new_password': ''})
                         self.assertEqual(params, updated_params)
                     finally:
                         UserModel().delete('testme')
                 def test_update_browser_fakeout(self):
                     response = self.app.post(url('user', id=1), params=dict(_method='put'))
                 def test_delete(self):
                     self.log_user()
                     username = 'newtestuserdeleteme'
                     password = 'test12'
                     name = 'name'
                     lastname = 'lastname'
                     email = 'todeletemail@mail.com'
                     response = self.app.post(url('users'), {'username': username,
                                                            'password': password,
                                                            'password_confirmation': password,
                                                            'firstname': name,
                                                            'active': True,
                                                            'lastname': lastname,
                                                            'email': email})
                     response = response.follow()
                     new_user = self.Session.query(User)\
                         .filter(User.username == username).one()
                     response = self.app.delete(url('user', id=new_user.user_id))
                     self.assertTrue("""successfully deleted user""" in
                                     response.session['flash'][0])
                 def test_delete_browser_fakeout(self):
                     response = self.app.post(url('user', id=1),
                                              params=dict(_method='delete'))
                 def test_show(self):
                     response = self.app.get(url('user', id=1))
                 def test_show_as_xml(self):
                     response = self.app.get(url('formatted_user', id=1, format='xml'))
                 def test_edit(self):
                     self.log_user()
                     user = User.get_by_username(TEST_USER_ADMIN_LOGIN)
                     response = self.app.get(url('edit_user', id=user.user_id))
                 def test_add_perm_create_repo(self):
                     self.log_user()
                     perm_none = Permission.get_by_key('hg.create.none')
                     perm_create = Permission.get_by_key('hg.create.repository')
                     user = User.get_by_username(TEST_USER_REGULAR_LOGIN)
                     #User should have None permission on creation repository
                     self.assertEqual(UserModel().has_perm(user, perm_none), False)
                     self.assertEqual(UserModel().has_perm(user, perm_create), False)
                     response = self.app.post(url('user_perm', id=user.user_id),
                                              params=dict(_method='put',
                                                          create_repo_perm=True))
                     perm_none = Permission.get_by_key('hg.create.none')
                     perm_create = Permission.get_by_key('hg.create.repository')
                     user = User.get_by_username(TEST_USER_REGULAR_LOGIN)
                     #User should have None permission on creation repository
                     self.assertEqual(UserModel().has_perm(user, perm_none), False)
                     self.assertEqual(UserModel().has_perm(user, perm_create), True)
                 def test_revoke_perm_create_repo(self):
                     self.log_user()
                     perm_none = Permission.get_by_key('hg.create.none')
                     perm_create = Permission.get_by_key('hg.create.repository')
                     user = User.get_by_username(TEST_USER_REGULAR2_LOGIN)
                     #User should have None permission on creation repository
                     self.assertEqual(UserModel().has_perm(user, perm_none), False)
                     self.assertEqual(UserModel().has_perm(user, perm_create), False)
                     response = self.app.post(url('user_perm', id=user.user_id),
                                              params=dict(_method='put'))
                     perm_none = Permission.get_by_key('hg.create.none')
                     perm_create = Permission.get_by_key('hg.create.repository')
                     user = User.get_by_username(TEST_USER_REGULAR2_LOGIN)
                     #User should have None permission on creation repository
                     self.assertEqual(UserModel().has_perm(user, perm_none), True)
                     self.assertEqual(UserModel().has_perm(user, perm_create), False)
                 def test_edit_as_xml(self):
                     response = self.app.get(url('formatted_edit_user', id=1, format='xml'))