Show More
@@ -1,446 +1,445 b'' | |||||
1 | # -*- coding: utf-8 -*- |
|
1 | # -*- coding: utf-8 -*- | |
2 | # This program is free software: you can redistribute it and/or modify |
|
2 | # This program is free software: you can redistribute it and/or modify | |
3 | # it under the terms of the GNU General Public License as published by |
|
3 | # it under the terms of the GNU General Public License as published by | |
4 | # the Free Software Foundation, either version 3 of the License, or |
|
4 | # the Free Software Foundation, either version 3 of the License, or | |
5 | # (at your option) any later version. |
|
5 | # (at your option) any later version. | |
6 | # |
|
6 | # | |
7 | # This program is distributed in the hope that it will be useful, |
|
7 | # This program is distributed in the hope that it will be useful, | |
8 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
8 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
9 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
9 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
10 | # GNU General Public License for more details. |
|
10 | # GNU General Public License for more details. | |
11 | # |
|
11 | # | |
12 | # You should have received a copy of the GNU General Public License |
|
12 | # You should have received a copy of the GNU General Public License | |
13 | # along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
13 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | |
14 | """ |
|
14 | """ | |
15 | kallithea.controllers.admin.users |
|
15 | kallithea.controllers.admin.users | |
16 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
16 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
17 |
|
17 | |||
18 | Users crud controller for pylons |
|
18 | Users crud controller for pylons | |
19 |
|
19 | |||
20 | This file was forked by the Kallithea project in July 2014. |
|
20 | This file was forked by the Kallithea project in July 2014. | |
21 | Original author and date, and relevant copyright and licensing information is below: |
|
21 | Original author and date, and relevant copyright and licensing information is below: | |
22 | :created_on: Apr 4, 2010 |
|
22 | :created_on: Apr 4, 2010 | |
23 | :author: marcink |
|
23 | :author: marcink | |
24 | :copyright: (c) 2013 RhodeCode GmbH, and others. |
|
24 | :copyright: (c) 2013 RhodeCode GmbH, and others. | |
25 | :license: GPLv3, see LICENSE.md for more details. |
|
25 | :license: GPLv3, see LICENSE.md for more details. | |
26 | """ |
|
26 | """ | |
27 |
|
27 | |||
28 | import logging |
|
28 | import logging | |
29 | import traceback |
|
29 | import traceback | |
30 | import formencode |
|
30 | import formencode | |
31 |
|
31 | |||
32 | from formencode import htmlfill |
|
32 | from formencode import htmlfill | |
33 | from pylons import request, tmpl_context as c, url, config |
|
33 | from pylons import request, tmpl_context as c, url, config | |
34 | from pylons.i18n.translation import _ |
|
34 | from pylons.i18n.translation import _ | |
35 | from sqlalchemy.sql.expression import func |
|
35 | from sqlalchemy.sql.expression import func | |
36 | from webob.exc import HTTPFound, HTTPNotFound |
|
36 | from webob.exc import HTTPFound, HTTPNotFound | |
37 |
|
37 | |||
38 | import kallithea |
|
38 | import kallithea | |
39 | from kallithea.lib.exceptions import DefaultUserException, \ |
|
39 | from kallithea.lib.exceptions import DefaultUserException, \ | |
40 | UserOwnsReposException, UserCreationError |
|
40 | UserOwnsReposException, UserCreationError | |
41 | from kallithea.lib import helpers as h |
|
41 | from kallithea.lib import helpers as h | |
42 | from kallithea.lib.auth import LoginRequired, HasPermissionAnyDecorator, \ |
|
42 | from kallithea.lib.auth import LoginRequired, HasPermissionAnyDecorator, \ | |
43 | AuthUser |
|
43 | AuthUser | |
44 | from kallithea.lib import auth_modules |
|
44 | from kallithea.lib import auth_modules | |
45 | from kallithea.lib.auth_modules import auth_internal |
|
45 | from kallithea.lib.auth_modules import auth_internal | |
46 | from kallithea.lib.base import BaseController, render |
|
46 | from kallithea.lib.base import BaseController, render | |
47 | from kallithea.model.api_key import ApiKeyModel |
|
47 | from kallithea.model.api_key import ApiKeyModel | |
48 |
|
48 | |||
49 | from kallithea.model.db import User, UserEmailMap, UserIpMap, UserToPerm |
|
49 | from kallithea.model.db import User, UserEmailMap, UserIpMap, UserToPerm | |
50 | from kallithea.model.forms import UserForm, CustomDefaultPermissionsForm |
|
50 | from kallithea.model.forms import UserForm, CustomDefaultPermissionsForm | |
51 | from kallithea.model.user import UserModel |
|
51 | from kallithea.model.user import UserModel | |
52 | from kallithea.model.meta import Session |
|
52 | from kallithea.model.meta import Session | |
53 | from kallithea.lib.utils import action_logger |
|
53 | from kallithea.lib.utils import action_logger | |
54 | from kallithea.lib.compat import json |
|
54 | from kallithea.lib.compat import json | |
55 | from kallithea.lib.utils2 import datetime_to_time, safe_int, generate_api_key |
|
55 | from kallithea.lib.utils2 import datetime_to_time, safe_int, generate_api_key | |
56 |
|
56 | |||
57 | log = logging.getLogger(__name__) |
|
57 | log = logging.getLogger(__name__) | |
58 |
|
58 | |||
59 |
|
59 | |||
60 | class UsersController(BaseController): |
|
60 | class UsersController(BaseController): | |
61 | """REST Controller styled on the Atom Publishing Protocol""" |
|
61 | """REST Controller styled on the Atom Publishing Protocol""" | |
62 |
|
62 | |||
63 | @LoginRequired() |
|
63 | @LoginRequired() | |
64 | @HasPermissionAnyDecorator('hg.admin') |
|
64 | @HasPermissionAnyDecorator('hg.admin') | |
65 | def __before__(self): |
|
65 | def __before__(self): | |
66 | super(UsersController, self).__before__() |
|
66 | super(UsersController, self).__before__() | |
67 | c.available_permissions = config['available_permissions'] |
|
67 | c.available_permissions = config['available_permissions'] | |
68 | c.EXTERN_TYPE_INTERNAL = kallithea.EXTERN_TYPE_INTERNAL |
|
68 | c.EXTERN_TYPE_INTERNAL = kallithea.EXTERN_TYPE_INTERNAL | |
69 |
|
69 | |||
70 | def index(self, format='html'): |
|
70 | def index(self, format='html'): | |
71 | c.users_list = User.query().order_by(User.username) \ |
|
71 | c.users_list = User.query().order_by(User.username) \ | |
72 | .filter(User.username != User.DEFAULT_USER) \ |
|
72 | .filter(User.username != User.DEFAULT_USER) \ | |
73 | .order_by(func.lower(User.username)) \ |
|
73 | .order_by(func.lower(User.username)) \ | |
74 | .all() |
|
74 | .all() | |
75 |
|
75 | |||
76 | users_data = [] |
|
76 | users_data = [] | |
77 | total_records = len(c.users_list) |
|
77 | total_records = len(c.users_list) | |
78 | _tmpl_lookup = kallithea.CONFIG['pylons.app_globals'].mako_lookup |
|
78 | _tmpl_lookup = kallithea.CONFIG['pylons.app_globals'].mako_lookup | |
79 | template = _tmpl_lookup.get_template('data_table/_dt_elements.html') |
|
79 | template = _tmpl_lookup.get_template('data_table/_dt_elements.html') | |
80 |
|
80 | |||
81 | grav_tmpl = '<div class="gravatar">%s</div>' |
|
81 | grav_tmpl = '<div class="gravatar">%s</div>' | |
82 |
|
82 | |||
83 | username = lambda user_id, username: ( |
|
83 | username = lambda user_id, username: ( | |
84 | template.get_def("user_name") |
|
84 | template.get_def("user_name") | |
85 | .render(user_id, username, _=_, h=h, c=c)) |
|
85 | .render(user_id, username, _=_, h=h, c=c)) | |
86 |
|
86 | |||
87 | user_actions = lambda user_id, username: ( |
|
87 | user_actions = lambda user_id, username: ( | |
88 | template.get_def("user_actions") |
|
88 | template.get_def("user_actions") | |
89 | .render(user_id, username, _=_, h=h, c=c)) |
|
89 | .render(user_id, username, _=_, h=h, c=c)) | |
90 |
|
90 | |||
91 | for user in c.users_list: |
|
91 | for user in c.users_list: | |
92 | users_data.append({ |
|
92 | users_data.append({ | |
93 | "gravatar": grav_tmpl % h.gravatar(user.email, size=20), |
|
93 | "gravatar": grav_tmpl % h.gravatar(user.email, size=20), | |
94 | "raw_name": user.username, |
|
94 | "raw_name": user.username, | |
95 | "username": username(user.user_id, user.username), |
|
95 | "username": username(user.user_id, user.username), | |
96 | "firstname": h.escape(user.name), |
|
96 | "firstname": h.escape(user.name), | |
97 | "lastname": h.escape(user.lastname), |
|
97 | "lastname": h.escape(user.lastname), | |
98 | "last_login": h.fmt_date(user.last_login), |
|
98 | "last_login": h.fmt_date(user.last_login), | |
99 | "last_login_raw": datetime_to_time(user.last_login), |
|
99 | "last_login_raw": datetime_to_time(user.last_login), | |
100 | "active": h.boolicon(user.active), |
|
100 | "active": h.boolicon(user.active), | |
101 | "admin": h.boolicon(user.admin), |
|
101 | "admin": h.boolicon(user.admin), | |
102 | "extern_type": user.extern_type, |
|
102 | "extern_type": user.extern_type, | |
103 | "extern_name": user.extern_name, |
|
103 | "extern_name": user.extern_name, | |
104 | "action": user_actions(user.user_id, user.username), |
|
104 | "action": user_actions(user.user_id, user.username), | |
105 | }) |
|
105 | }) | |
106 |
|
106 | |||
107 | c.data = json.dumps({ |
|
107 | c.data = json.dumps({ | |
108 | "totalRecords": total_records, |
|
108 | "totalRecords": total_records, | |
109 | "startIndex": 0, |
|
109 | "startIndex": 0, | |
110 | "sort": None, |
|
110 | "sort": None, | |
111 | "dir": "asc", |
|
111 | "dir": "asc", | |
112 | "records": users_data |
|
112 | "records": users_data | |
113 | }) |
|
113 | }) | |
114 |
|
114 | |||
115 | return render('admin/users/users.html') |
|
115 | return render('admin/users/users.html') | |
116 |
|
116 | |||
117 | def create(self): |
|
117 | def create(self): | |
118 | c.default_extern_type = auth_internal.KallitheaAuthPlugin.name |
|
118 | c.default_extern_type = auth_internal.KallitheaAuthPlugin.name | |
119 | c.default_extern_name = auth_internal.KallitheaAuthPlugin.name |
|
119 | c.default_extern_name = auth_internal.KallitheaAuthPlugin.name | |
120 | user_model = UserModel() |
|
120 | user_model = UserModel() | |
121 | user_form = UserForm()() |
|
121 | user_form = UserForm()() | |
122 | try: |
|
122 | try: | |
123 | form_result = user_form.to_python(dict(request.POST)) |
|
123 | form_result = user_form.to_python(dict(request.POST)) | |
124 | user = user_model.create(form_result) |
|
124 | user = user_model.create(form_result) | |
125 | usr = form_result['username'] |
|
125 | action_logger(self.authuser, 'admin_created_user:%s' % user.username, | |
126 | action_logger(self.authuser, 'admin_created_user:%s' % usr, |
|
|||
127 | None, self.ip_addr, self.sa) |
|
126 | None, self.ip_addr, self.sa) | |
128 |
h.flash |
|
127 | h.flash(_('Created user %s') % user.username, | |
129 | category='success') |
|
128 | category='success') | |
130 | Session().commit() |
|
129 | Session().commit() | |
131 | except formencode.Invalid as errors: |
|
130 | except formencode.Invalid as errors: | |
132 | return htmlfill.render( |
|
131 | return htmlfill.render( | |
133 | render('admin/users/user_add.html'), |
|
132 | render('admin/users/user_add.html'), | |
134 | defaults=errors.value, |
|
133 | defaults=errors.value, | |
135 | errors=errors.error_dict or {}, |
|
134 | errors=errors.error_dict or {}, | |
136 | prefix_error=False, |
|
135 | prefix_error=False, | |
137 | encoding="UTF-8", |
|
136 | encoding="UTF-8", | |
138 | force_defaults=False) |
|
137 | force_defaults=False) | |
139 | except UserCreationError as e: |
|
138 | except UserCreationError as e: | |
140 | h.flash(e, 'error') |
|
139 | h.flash(e, 'error') | |
141 | except Exception: |
|
140 | except Exception: | |
142 | log.error(traceback.format_exc()) |
|
141 | log.error(traceback.format_exc()) | |
143 | h.flash(_('Error occurred during creation of user %s') \ |
|
142 | h.flash(_('Error occurred during creation of user %s') \ | |
144 | % request.POST.get('username'), category='error') |
|
143 | % request.POST.get('username'), category='error') | |
145 |
raise HTTPFound(location=url('user |
|
144 | raise HTTPFound(location=url('edit_user', id=user.user_id)) | |
146 |
|
145 | |||
147 | def new(self, format='html'): |
|
146 | def new(self, format='html'): | |
148 | c.default_extern_type = auth_internal.KallitheaAuthPlugin.name |
|
147 | c.default_extern_type = auth_internal.KallitheaAuthPlugin.name | |
149 | c.default_extern_name = auth_internal.KallitheaAuthPlugin.name |
|
148 | c.default_extern_name = auth_internal.KallitheaAuthPlugin.name | |
150 | return render('admin/users/user_add.html') |
|
149 | return render('admin/users/user_add.html') | |
151 |
|
150 | |||
152 | def update(self, id): |
|
151 | def update(self, id): | |
153 | user_model = UserModel() |
|
152 | user_model = UserModel() | |
154 | user = user_model.get(id) |
|
153 | user = user_model.get(id) | |
155 | _form = UserForm(edit=True, old_data={'user_id': id, |
|
154 | _form = UserForm(edit=True, old_data={'user_id': id, | |
156 | 'email': user.email})() |
|
155 | 'email': user.email})() | |
157 | form_result = {} |
|
156 | form_result = {} | |
158 | try: |
|
157 | try: | |
159 | form_result = _form.to_python(dict(request.POST)) |
|
158 | form_result = _form.to_python(dict(request.POST)) | |
160 | skip_attrs = ['extern_type', 'extern_name', |
|
159 | skip_attrs = ['extern_type', 'extern_name', | |
161 | ] + auth_modules.get_managed_fields(user) |
|
160 | ] + auth_modules.get_managed_fields(user) | |
162 |
|
161 | |||
163 | user_model.update(id, form_result, skip_attrs=skip_attrs) |
|
162 | user_model.update(id, form_result, skip_attrs=skip_attrs) | |
164 | usr = form_result['username'] |
|
163 | usr = form_result['username'] | |
165 | action_logger(self.authuser, 'admin_updated_user:%s' % usr, |
|
164 | action_logger(self.authuser, 'admin_updated_user:%s' % usr, | |
166 | None, self.ip_addr, self.sa) |
|
165 | None, self.ip_addr, self.sa) | |
167 | h.flash(_('User updated successfully'), category='success') |
|
166 | h.flash(_('User updated successfully'), category='success') | |
168 | Session().commit() |
|
167 | Session().commit() | |
169 | except formencode.Invalid as errors: |
|
168 | except formencode.Invalid as errors: | |
170 | defaults = errors.value |
|
169 | defaults = errors.value | |
171 | e = errors.error_dict or {} |
|
170 | e = errors.error_dict or {} | |
172 | defaults.update({ |
|
171 | defaults.update({ | |
173 | 'create_repo_perm': user_model.has_perm(id, |
|
172 | 'create_repo_perm': user_model.has_perm(id, | |
174 | 'hg.create.repository'), |
|
173 | 'hg.create.repository'), | |
175 | 'fork_repo_perm': user_model.has_perm(id, 'hg.fork.repository'), |
|
174 | 'fork_repo_perm': user_model.has_perm(id, 'hg.fork.repository'), | |
176 | }) |
|
175 | }) | |
177 | return htmlfill.render( |
|
176 | return htmlfill.render( | |
178 | self._render_edit_profile(user), |
|
177 | self._render_edit_profile(user), | |
179 | defaults=defaults, |
|
178 | defaults=defaults, | |
180 | errors=e, |
|
179 | errors=e, | |
181 | prefix_error=False, |
|
180 | prefix_error=False, | |
182 | encoding="UTF-8", |
|
181 | encoding="UTF-8", | |
183 | force_defaults=False) |
|
182 | force_defaults=False) | |
184 | except Exception: |
|
183 | except Exception: | |
185 | log.error(traceback.format_exc()) |
|
184 | log.error(traceback.format_exc()) | |
186 | h.flash(_('Error occurred during update of user %s') \ |
|
185 | h.flash(_('Error occurred during update of user %s') \ | |
187 | % form_result.get('username'), category='error') |
|
186 | % form_result.get('username'), category='error') | |
188 | raise HTTPFound(location=url('edit_user', id=id)) |
|
187 | raise HTTPFound(location=url('edit_user', id=id)) | |
189 |
|
188 | |||
190 | def delete(self, id): |
|
189 | def delete(self, id): | |
191 | usr = User.get_or_404(id) |
|
190 | usr = User.get_or_404(id) | |
192 | try: |
|
191 | try: | |
193 | UserModel().delete(usr) |
|
192 | UserModel().delete(usr) | |
194 | Session().commit() |
|
193 | Session().commit() | |
195 | h.flash(_('Successfully deleted user'), category='success') |
|
194 | h.flash(_('Successfully deleted user'), category='success') | |
196 | except (UserOwnsReposException, DefaultUserException) as e: |
|
195 | except (UserOwnsReposException, DefaultUserException) as e: | |
197 | h.flash(e, category='warning') |
|
196 | h.flash(e, category='warning') | |
198 | except Exception: |
|
197 | except Exception: | |
199 | log.error(traceback.format_exc()) |
|
198 | log.error(traceback.format_exc()) | |
200 | h.flash(_('An error occurred during deletion of user'), |
|
199 | h.flash(_('An error occurred during deletion of user'), | |
201 | category='error') |
|
200 | category='error') | |
202 | raise HTTPFound(location=url('users')) |
|
201 | raise HTTPFound(location=url('users')) | |
203 |
|
202 | |||
204 | def _get_user_or_raise_if_default(self, id): |
|
203 | def _get_user_or_raise_if_default(self, id): | |
205 | try: |
|
204 | try: | |
206 | return User.get_or_404(id, allow_default=False) |
|
205 | return User.get_or_404(id, allow_default=False) | |
207 | except DefaultUserException: |
|
206 | except DefaultUserException: | |
208 | h.flash(_("The default user cannot be edited"), category='warning') |
|
207 | h.flash(_("The default user cannot be edited"), category='warning') | |
209 | raise HTTPNotFound |
|
208 | raise HTTPNotFound | |
210 |
|
209 | |||
211 | def _render_edit_profile(self, user): |
|
210 | def _render_edit_profile(self, user): | |
212 | c.user = user |
|
211 | c.user = user | |
213 | c.active = 'profile' |
|
212 | c.active = 'profile' | |
214 | c.perm_user = AuthUser(dbuser=user) |
|
213 | c.perm_user = AuthUser(dbuser=user) | |
215 | c.ip_addr = self.ip_addr |
|
214 | c.ip_addr = self.ip_addr | |
216 | managed_fields = auth_modules.get_managed_fields(user) |
|
215 | managed_fields = auth_modules.get_managed_fields(user) | |
217 | c.readonly = lambda n: 'readonly' if n in managed_fields else None |
|
216 | c.readonly = lambda n: 'readonly' if n in managed_fields else None | |
218 | return render('admin/users/user_edit.html') |
|
217 | return render('admin/users/user_edit.html') | |
219 |
|
218 | |||
220 | def edit(self, id, format='html'): |
|
219 | def edit(self, id, format='html'): | |
221 | user = self._get_user_or_raise_if_default(id) |
|
220 | user = self._get_user_or_raise_if_default(id) | |
222 | defaults = user.get_dict() |
|
221 | defaults = user.get_dict() | |
223 |
|
222 | |||
224 | return htmlfill.render( |
|
223 | return htmlfill.render( | |
225 | self._render_edit_profile(user), |
|
224 | self._render_edit_profile(user), | |
226 | defaults=defaults, |
|
225 | defaults=defaults, | |
227 | encoding="UTF-8", |
|
226 | encoding="UTF-8", | |
228 | force_defaults=False) |
|
227 | force_defaults=False) | |
229 |
|
228 | |||
230 | def edit_advanced(self, id): |
|
229 | def edit_advanced(self, id): | |
231 | c.user = self._get_user_or_raise_if_default(id) |
|
230 | c.user = self._get_user_or_raise_if_default(id) | |
232 | c.active = 'advanced' |
|
231 | c.active = 'advanced' | |
233 | c.perm_user = AuthUser(user_id=id) |
|
232 | c.perm_user = AuthUser(user_id=id) | |
234 | c.ip_addr = self.ip_addr |
|
233 | c.ip_addr = self.ip_addr | |
235 |
|
234 | |||
236 | umodel = UserModel() |
|
235 | umodel = UserModel() | |
237 | defaults = c.user.get_dict() |
|
236 | defaults = c.user.get_dict() | |
238 | defaults.update({ |
|
237 | defaults.update({ | |
239 | 'create_repo_perm': umodel.has_perm(c.user, 'hg.create.repository'), |
|
238 | 'create_repo_perm': umodel.has_perm(c.user, 'hg.create.repository'), | |
240 | 'create_user_group_perm': umodel.has_perm(c.user, |
|
239 | 'create_user_group_perm': umodel.has_perm(c.user, | |
241 | 'hg.usergroup.create.true'), |
|
240 | 'hg.usergroup.create.true'), | |
242 | 'fork_repo_perm': umodel.has_perm(c.user, 'hg.fork.repository'), |
|
241 | 'fork_repo_perm': umodel.has_perm(c.user, 'hg.fork.repository'), | |
243 | }) |
|
242 | }) | |
244 | return htmlfill.render( |
|
243 | return htmlfill.render( | |
245 | render('admin/users/user_edit.html'), |
|
244 | render('admin/users/user_edit.html'), | |
246 | defaults=defaults, |
|
245 | defaults=defaults, | |
247 | encoding="UTF-8", |
|
246 | encoding="UTF-8", | |
248 | force_defaults=False) |
|
247 | force_defaults=False) | |
249 |
|
248 | |||
250 | def edit_api_keys(self, id): |
|
249 | def edit_api_keys(self, id): | |
251 | c.user = self._get_user_or_raise_if_default(id) |
|
250 | c.user = self._get_user_or_raise_if_default(id) | |
252 | c.active = 'api_keys' |
|
251 | c.active = 'api_keys' | |
253 | show_expired = True |
|
252 | show_expired = True | |
254 | c.lifetime_values = [ |
|
253 | c.lifetime_values = [ | |
255 | (str(-1), _('Forever')), |
|
254 | (str(-1), _('Forever')), | |
256 | (str(5), _('5 minutes')), |
|
255 | (str(5), _('5 minutes')), | |
257 | (str(60), _('1 hour')), |
|
256 | (str(60), _('1 hour')), | |
258 | (str(60 * 24), _('1 day')), |
|
257 | (str(60 * 24), _('1 day')), | |
259 | (str(60 * 24 * 30), _('1 month')), |
|
258 | (str(60 * 24 * 30), _('1 month')), | |
260 | ] |
|
259 | ] | |
261 | c.lifetime_options = [(c.lifetime_values, _("Lifetime"))] |
|
260 | c.lifetime_options = [(c.lifetime_values, _("Lifetime"))] | |
262 | c.user_api_keys = ApiKeyModel().get_api_keys(c.user.user_id, |
|
261 | c.user_api_keys = ApiKeyModel().get_api_keys(c.user.user_id, | |
263 | show_expired=show_expired) |
|
262 | show_expired=show_expired) | |
264 | defaults = c.user.get_dict() |
|
263 | defaults = c.user.get_dict() | |
265 | return htmlfill.render( |
|
264 | return htmlfill.render( | |
266 | render('admin/users/user_edit.html'), |
|
265 | render('admin/users/user_edit.html'), | |
267 | defaults=defaults, |
|
266 | defaults=defaults, | |
268 | encoding="UTF-8", |
|
267 | encoding="UTF-8", | |
269 | force_defaults=False) |
|
268 | force_defaults=False) | |
270 |
|
269 | |||
271 | def add_api_key(self, id): |
|
270 | def add_api_key(self, id): | |
272 | c.user = self._get_user_or_raise_if_default(id) |
|
271 | c.user = self._get_user_or_raise_if_default(id) | |
273 |
|
272 | |||
274 | lifetime = safe_int(request.POST.get('lifetime'), -1) |
|
273 | lifetime = safe_int(request.POST.get('lifetime'), -1) | |
275 | description = request.POST.get('description') |
|
274 | description = request.POST.get('description') | |
276 | ApiKeyModel().create(c.user.user_id, description, lifetime) |
|
275 | ApiKeyModel().create(c.user.user_id, description, lifetime) | |
277 | Session().commit() |
|
276 | Session().commit() | |
278 | h.flash(_("API key successfully created"), category='success') |
|
277 | h.flash(_("API key successfully created"), category='success') | |
279 | raise HTTPFound(location=url('edit_user_api_keys', id=c.user.user_id)) |
|
278 | raise HTTPFound(location=url('edit_user_api_keys', id=c.user.user_id)) | |
280 |
|
279 | |||
281 | def delete_api_key(self, id): |
|
280 | def delete_api_key(self, id): | |
282 | c.user = self._get_user_or_raise_if_default(id) |
|
281 | c.user = self._get_user_or_raise_if_default(id) | |
283 |
|
282 | |||
284 | api_key = request.POST.get('del_api_key') |
|
283 | api_key = request.POST.get('del_api_key') | |
285 | if request.POST.get('del_api_key_builtin'): |
|
284 | if request.POST.get('del_api_key_builtin'): | |
286 | user = User.get(c.user.user_id) |
|
285 | user = User.get(c.user.user_id) | |
287 | if user is not None: |
|
286 | if user is not None: | |
288 | user.api_key = generate_api_key() |
|
287 | user.api_key = generate_api_key() | |
289 | Session().add(user) |
|
288 | Session().add(user) | |
290 | Session().commit() |
|
289 | Session().commit() | |
291 | h.flash(_("API key successfully reset"), category='success') |
|
290 | h.flash(_("API key successfully reset"), category='success') | |
292 | elif api_key: |
|
291 | elif api_key: | |
293 | ApiKeyModel().delete(api_key, c.user.user_id) |
|
292 | ApiKeyModel().delete(api_key, c.user.user_id) | |
294 | Session().commit() |
|
293 | Session().commit() | |
295 | h.flash(_("API key successfully deleted"), category='success') |
|
294 | h.flash(_("API key successfully deleted"), category='success') | |
296 |
|
295 | |||
297 | raise HTTPFound(location=url('edit_user_api_keys', id=c.user.user_id)) |
|
296 | raise HTTPFound(location=url('edit_user_api_keys', id=c.user.user_id)) | |
298 |
|
297 | |||
299 | def update_account(self, id): |
|
298 | def update_account(self, id): | |
300 | pass |
|
299 | pass | |
301 |
|
300 | |||
302 | def edit_perms(self, id): |
|
301 | def edit_perms(self, id): | |
303 | c.user = self._get_user_or_raise_if_default(id) |
|
302 | c.user = self._get_user_or_raise_if_default(id) | |
304 | c.active = 'perms' |
|
303 | c.active = 'perms' | |
305 | c.perm_user = AuthUser(user_id=id) |
|
304 | c.perm_user = AuthUser(user_id=id) | |
306 | c.ip_addr = self.ip_addr |
|
305 | c.ip_addr = self.ip_addr | |
307 |
|
306 | |||
308 | umodel = UserModel() |
|
307 | umodel = UserModel() | |
309 | defaults = c.user.get_dict() |
|
308 | defaults = c.user.get_dict() | |
310 | defaults.update({ |
|
309 | defaults.update({ | |
311 | 'create_repo_perm': umodel.has_perm(c.user, 'hg.create.repository'), |
|
310 | 'create_repo_perm': umodel.has_perm(c.user, 'hg.create.repository'), | |
312 | 'create_user_group_perm': umodel.has_perm(c.user, |
|
311 | 'create_user_group_perm': umodel.has_perm(c.user, | |
313 | 'hg.usergroup.create.true'), |
|
312 | 'hg.usergroup.create.true'), | |
314 | 'fork_repo_perm': umodel.has_perm(c.user, 'hg.fork.repository'), |
|
313 | 'fork_repo_perm': umodel.has_perm(c.user, 'hg.fork.repository'), | |
315 | }) |
|
314 | }) | |
316 | return htmlfill.render( |
|
315 | return htmlfill.render( | |
317 | render('admin/users/user_edit.html'), |
|
316 | render('admin/users/user_edit.html'), | |
318 | defaults=defaults, |
|
317 | defaults=defaults, | |
319 | encoding="UTF-8", |
|
318 | encoding="UTF-8", | |
320 | force_defaults=False) |
|
319 | force_defaults=False) | |
321 |
|
320 | |||
322 | def update_perms(self, id): |
|
321 | def update_perms(self, id): | |
323 | user = self._get_user_or_raise_if_default(id) |
|
322 | user = self._get_user_or_raise_if_default(id) | |
324 |
|
323 | |||
325 | try: |
|
324 | try: | |
326 | form = CustomDefaultPermissionsForm()() |
|
325 | form = CustomDefaultPermissionsForm()() | |
327 | form_result = form.to_python(request.POST) |
|
326 | form_result = form.to_python(request.POST) | |
328 |
|
327 | |||
329 | inherit_perms = form_result['inherit_default_permissions'] |
|
328 | inherit_perms = form_result['inherit_default_permissions'] | |
330 | user.inherit_default_permissions = inherit_perms |
|
329 | user.inherit_default_permissions = inherit_perms | |
331 | Session().add(user) |
|
330 | Session().add(user) | |
332 | user_model = UserModel() |
|
331 | user_model = UserModel() | |
333 |
|
332 | |||
334 | defs = UserToPerm.query() \ |
|
333 | defs = UserToPerm.query() \ | |
335 | .filter(UserToPerm.user == user) \ |
|
334 | .filter(UserToPerm.user == user) \ | |
336 | .all() |
|
335 | .all() | |
337 | for ug in defs: |
|
336 | for ug in defs: | |
338 | Session().delete(ug) |
|
337 | Session().delete(ug) | |
339 |
|
338 | |||
340 | if form_result['create_repo_perm']: |
|
339 | if form_result['create_repo_perm']: | |
341 | user_model.grant_perm(id, 'hg.create.repository') |
|
340 | user_model.grant_perm(id, 'hg.create.repository') | |
342 | else: |
|
341 | else: | |
343 | user_model.grant_perm(id, 'hg.create.none') |
|
342 | user_model.grant_perm(id, 'hg.create.none') | |
344 | if form_result['create_user_group_perm']: |
|
343 | if form_result['create_user_group_perm']: | |
345 | user_model.grant_perm(id, 'hg.usergroup.create.true') |
|
344 | user_model.grant_perm(id, 'hg.usergroup.create.true') | |
346 | else: |
|
345 | else: | |
347 | user_model.grant_perm(id, 'hg.usergroup.create.false') |
|
346 | user_model.grant_perm(id, 'hg.usergroup.create.false') | |
348 | if form_result['fork_repo_perm']: |
|
347 | if form_result['fork_repo_perm']: | |
349 | user_model.grant_perm(id, 'hg.fork.repository') |
|
348 | user_model.grant_perm(id, 'hg.fork.repository') | |
350 | else: |
|
349 | else: | |
351 | user_model.grant_perm(id, 'hg.fork.none') |
|
350 | user_model.grant_perm(id, 'hg.fork.none') | |
352 | h.flash(_("Updated permissions"), category='success') |
|
351 | h.flash(_("Updated permissions"), category='success') | |
353 | Session().commit() |
|
352 | Session().commit() | |
354 | except Exception: |
|
353 | except Exception: | |
355 | log.error(traceback.format_exc()) |
|
354 | log.error(traceback.format_exc()) | |
356 | h.flash(_('An error occurred during permissions saving'), |
|
355 | h.flash(_('An error occurred during permissions saving'), | |
357 | category='error') |
|
356 | category='error') | |
358 | raise HTTPFound(location=url('edit_user_perms', id=id)) |
|
357 | raise HTTPFound(location=url('edit_user_perms', id=id)) | |
359 |
|
358 | |||
360 | def edit_emails(self, id): |
|
359 | def edit_emails(self, id): | |
361 | c.user = self._get_user_or_raise_if_default(id) |
|
360 | c.user = self._get_user_or_raise_if_default(id) | |
362 | c.active = 'emails' |
|
361 | c.active = 'emails' | |
363 | c.user_email_map = UserEmailMap.query() \ |
|
362 | c.user_email_map = UserEmailMap.query() \ | |
364 | .filter(UserEmailMap.user == c.user).all() |
|
363 | .filter(UserEmailMap.user == c.user).all() | |
365 |
|
364 | |||
366 | defaults = c.user.get_dict() |
|
365 | defaults = c.user.get_dict() | |
367 | return htmlfill.render( |
|
366 | return htmlfill.render( | |
368 | render('admin/users/user_edit.html'), |
|
367 | render('admin/users/user_edit.html'), | |
369 | defaults=defaults, |
|
368 | defaults=defaults, | |
370 | encoding="UTF-8", |
|
369 | encoding="UTF-8", | |
371 | force_defaults=False) |
|
370 | force_defaults=False) | |
372 |
|
371 | |||
373 | def add_email(self, id): |
|
372 | def add_email(self, id): | |
374 | user = self._get_user_or_raise_if_default(id) |
|
373 | user = self._get_user_or_raise_if_default(id) | |
375 | email = request.POST.get('new_email') |
|
374 | email = request.POST.get('new_email') | |
376 | user_model = UserModel() |
|
375 | user_model = UserModel() | |
377 |
|
376 | |||
378 | try: |
|
377 | try: | |
379 | user_model.add_extra_email(id, email) |
|
378 | user_model.add_extra_email(id, email) | |
380 | Session().commit() |
|
379 | Session().commit() | |
381 | h.flash(_("Added email %s to user") % email, category='success') |
|
380 | h.flash(_("Added email %s to user") % email, category='success') | |
382 | except formencode.Invalid as error: |
|
381 | except formencode.Invalid as error: | |
383 | msg = error.error_dict['email'] |
|
382 | msg = error.error_dict['email'] | |
384 | h.flash(msg, category='error') |
|
383 | h.flash(msg, category='error') | |
385 | except Exception: |
|
384 | except Exception: | |
386 | log.error(traceback.format_exc()) |
|
385 | log.error(traceback.format_exc()) | |
387 | h.flash(_('An error occurred during email saving'), |
|
386 | h.flash(_('An error occurred during email saving'), | |
388 | category='error') |
|
387 | category='error') | |
389 | raise HTTPFound(location=url('edit_user_emails', id=id)) |
|
388 | raise HTTPFound(location=url('edit_user_emails', id=id)) | |
390 |
|
389 | |||
391 | def delete_email(self, id): |
|
390 | def delete_email(self, id): | |
392 | user = self._get_user_or_raise_if_default(id) |
|
391 | user = self._get_user_or_raise_if_default(id) | |
393 | email_id = request.POST.get('del_email_id') |
|
392 | email_id = request.POST.get('del_email_id') | |
394 | user_model = UserModel() |
|
393 | user_model = UserModel() | |
395 | user_model.delete_extra_email(id, email_id) |
|
394 | user_model.delete_extra_email(id, email_id) | |
396 | Session().commit() |
|
395 | Session().commit() | |
397 | h.flash(_("Removed email from user"), category='success') |
|
396 | h.flash(_("Removed email from user"), category='success') | |
398 | raise HTTPFound(location=url('edit_user_emails', id=id)) |
|
397 | raise HTTPFound(location=url('edit_user_emails', id=id)) | |
399 |
|
398 | |||
400 | def edit_ips(self, id): |
|
399 | def edit_ips(self, id): | |
401 | c.user = self._get_user_or_raise_if_default(id) |
|
400 | c.user = self._get_user_or_raise_if_default(id) | |
402 | c.active = 'ips' |
|
401 | c.active = 'ips' | |
403 | c.user_ip_map = UserIpMap.query() \ |
|
402 | c.user_ip_map = UserIpMap.query() \ | |
404 | .filter(UserIpMap.user == c.user).all() |
|
403 | .filter(UserIpMap.user == c.user).all() | |
405 |
|
404 | |||
406 | c.inherit_default_ips = c.user.inherit_default_permissions |
|
405 | c.inherit_default_ips = c.user.inherit_default_permissions | |
407 | c.default_user_ip_map = UserIpMap.query() \ |
|
406 | c.default_user_ip_map = UserIpMap.query() \ | |
408 | .filter(UserIpMap.user == User.get_default_user()).all() |
|
407 | .filter(UserIpMap.user == User.get_default_user()).all() | |
409 |
|
408 | |||
410 | defaults = c.user.get_dict() |
|
409 | defaults = c.user.get_dict() | |
411 | return htmlfill.render( |
|
410 | return htmlfill.render( | |
412 | render('admin/users/user_edit.html'), |
|
411 | render('admin/users/user_edit.html'), | |
413 | defaults=defaults, |
|
412 | defaults=defaults, | |
414 | encoding="UTF-8", |
|
413 | encoding="UTF-8", | |
415 | force_defaults=False) |
|
414 | force_defaults=False) | |
416 |
|
415 | |||
417 | def add_ip(self, id): |
|
416 | def add_ip(self, id): | |
418 | ip = request.POST.get('new_ip') |
|
417 | ip = request.POST.get('new_ip') | |
419 | user_model = UserModel() |
|
418 | user_model = UserModel() | |
420 |
|
419 | |||
421 | try: |
|
420 | try: | |
422 | user_model.add_extra_ip(id, ip) |
|
421 | user_model.add_extra_ip(id, ip) | |
423 | Session().commit() |
|
422 | Session().commit() | |
424 | h.flash(_("Added IP address %s to user whitelist") % ip, category='success') |
|
423 | h.flash(_("Added IP address %s to user whitelist") % ip, category='success') | |
425 | except formencode.Invalid as error: |
|
424 | except formencode.Invalid as error: | |
426 | msg = error.error_dict['ip'] |
|
425 | msg = error.error_dict['ip'] | |
427 | h.flash(msg, category='error') |
|
426 | h.flash(msg, category='error') | |
428 | except Exception: |
|
427 | except Exception: | |
429 | log.error(traceback.format_exc()) |
|
428 | log.error(traceback.format_exc()) | |
430 | h.flash(_('An error occurred while adding IP address'), |
|
429 | h.flash(_('An error occurred while adding IP address'), | |
431 | category='error') |
|
430 | category='error') | |
432 |
|
431 | |||
433 | if 'default_user' in request.POST: |
|
432 | if 'default_user' in request.POST: | |
434 | raise HTTPFound(location=url('admin_permissions_ips')) |
|
433 | raise HTTPFound(location=url('admin_permissions_ips')) | |
435 | raise HTTPFound(location=url('edit_user_ips', id=id)) |
|
434 | raise HTTPFound(location=url('edit_user_ips', id=id)) | |
436 |
|
435 | |||
437 | def delete_ip(self, id): |
|
436 | def delete_ip(self, id): | |
438 | ip_id = request.POST.get('del_ip_id') |
|
437 | ip_id = request.POST.get('del_ip_id') | |
439 | user_model = UserModel() |
|
438 | user_model = UserModel() | |
440 | user_model.delete_extra_ip(id, ip_id) |
|
439 | user_model.delete_extra_ip(id, ip_id) | |
441 | Session().commit() |
|
440 | Session().commit() | |
442 | h.flash(_("Removed IP address from user whitelist"), category='success') |
|
441 | h.flash(_("Removed IP address from user whitelist"), category='success') | |
443 |
|
442 | |||
444 | if 'default_user' in request.POST: |
|
443 | if 'default_user' in request.POST: | |
445 | raise HTTPFound(location=url('admin_permissions_ips')) |
|
444 | raise HTTPFound(location=url('admin_permissions_ips')) | |
446 | raise HTTPFound(location=url('edit_user_ips', id=id)) |
|
445 | raise HTTPFound(location=url('edit_user_ips', id=id)) |
@@ -1,602 +1,602 b'' | |||||
1 | # -*- coding: utf-8 -*- |
|
1 | # -*- coding: utf-8 -*- | |
2 | # This program is free software: you can redistribute it and/or modify |
|
2 | # This program is free software: you can redistribute it and/or modify | |
3 | # it under the terms of the GNU General Public License as published by |
|
3 | # it under the terms of the GNU General Public License as published by | |
4 | # the Free Software Foundation, either version 3 of the License, or |
|
4 | # the Free Software Foundation, either version 3 of the License, or | |
5 | # (at your option) any later version. |
|
5 | # (at your option) any later version. | |
6 | # |
|
6 | # | |
7 | # This program is distributed in the hope that it will be useful, |
|
7 | # This program is distributed in the hope that it will be useful, | |
8 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
8 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
9 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
9 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
10 | # GNU General Public License for more details. |
|
10 | # GNU General Public License for more details. | |
11 | # |
|
11 | # | |
12 | # You should have received a copy of the GNU General Public License |
|
12 | # You should have received a copy of the GNU General Public License | |
13 | # along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
13 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | |
14 |
|
14 | |||
15 | from sqlalchemy.orm.exc import NoResultFound, ObjectDeletedError |
|
15 | from sqlalchemy.orm.exc import NoResultFound, ObjectDeletedError | |
16 |
|
16 | |||
17 | import pytest |
|
17 | import pytest | |
18 | from kallithea.tests import * |
|
18 | from kallithea.tests import * | |
19 | from kallithea.tests.fixture import Fixture |
|
19 | from kallithea.tests.fixture import Fixture | |
20 | from kallithea.controllers.admin.users import UsersController |
|
20 | from kallithea.controllers.admin.users import UsersController | |
21 | from kallithea.model.db import User, Permission, UserIpMap, UserApiKeys |
|
21 | from kallithea.model.db import User, Permission, UserIpMap, UserApiKeys | |
22 | from kallithea.lib.auth import check_password |
|
22 | from kallithea.lib.auth import check_password | |
23 | from kallithea.model.user import UserModel |
|
23 | from kallithea.model.user import UserModel | |
24 | from kallithea.model import validators |
|
24 | from kallithea.model import validators | |
25 | from kallithea.lib import helpers as h |
|
25 | from kallithea.lib import helpers as h | |
26 | from kallithea.model.meta import Session |
|
26 | from kallithea.model.meta import Session | |
27 | from webob.exc import HTTPNotFound |
|
27 | from webob.exc import HTTPNotFound | |
28 |
|
28 | |||
29 | fixture = Fixture() |
|
29 | fixture = Fixture() | |
30 |
|
30 | |||
31 | @pytest.yield_fixture |
|
31 | @pytest.yield_fixture | |
32 | def user_and_repo_group_fail(): |
|
32 | def user_and_repo_group_fail(): | |
33 | username = 'repogrouperr' |
|
33 | username = 'repogrouperr' | |
34 | groupname = u'repogroup_fail' |
|
34 | groupname = u'repogroup_fail' | |
35 | user = fixture.create_user(name=username) |
|
35 | user = fixture.create_user(name=username) | |
36 | repo_group = fixture.create_repo_group(name=groupname, cur_user=username) |
|
36 | repo_group = fixture.create_repo_group(name=groupname, cur_user=username) | |
37 | yield user, repo_group |
|
37 | yield user, repo_group | |
38 | # cleanup |
|
38 | # cleanup | |
39 | try: |
|
39 | try: | |
40 | fixture.destroy_repo_group(repo_group) |
|
40 | fixture.destroy_repo_group(repo_group) | |
41 | except ObjectDeletedError: |
|
41 | except ObjectDeletedError: | |
42 | # delete already succeeded in test body |
|
42 | # delete already succeeded in test body | |
43 | pass |
|
43 | pass | |
44 |
|
44 | |||
45 | class TestAdminUsersController(TestController): |
|
45 | class TestAdminUsersController(TestController): | |
46 | test_user_1 = 'testme' |
|
46 | test_user_1 = 'testme' | |
47 |
|
47 | |||
48 | @classmethod |
|
48 | @classmethod | |
49 | def teardown_class(cls): |
|
49 | def teardown_class(cls): | |
50 | if User.get_by_username(cls.test_user_1): |
|
50 | if User.get_by_username(cls.test_user_1): | |
51 | UserModel().delete(cls.test_user_1) |
|
51 | UserModel().delete(cls.test_user_1) | |
52 | Session().commit() |
|
52 | Session().commit() | |
53 |
|
53 | |||
54 | def test_index(self): |
|
54 | def test_index(self): | |
55 | self.log_user() |
|
55 | self.log_user() | |
56 | response = self.app.get(url('users')) |
|
56 | response = self.app.get(url('users')) | |
57 | # Test response... |
|
57 | # Test response... | |
58 |
|
58 | |||
59 | def test_create(self): |
|
59 | def test_create(self): | |
60 | self.log_user() |
|
60 | self.log_user() | |
61 | username = 'newtestuser' |
|
61 | username = 'newtestuser' | |
62 | password = 'test12' |
|
62 | password = 'test12' | |
63 | password_confirmation = password |
|
63 | password_confirmation = password | |
64 | name = u'name' |
|
64 | name = u'name' | |
65 | lastname = u'lastname' |
|
65 | lastname = u'lastname' | |
66 | email = 'mail@example.com' |
|
66 | email = 'mail@example.com' | |
67 |
|
67 | |||
68 | response = self.app.post(url('users'), |
|
68 | response = self.app.post(url('users'), | |
69 | {'username': username, |
|
69 | {'username': username, | |
70 | 'password': password, |
|
70 | 'password': password, | |
71 | 'password_confirmation': password_confirmation, |
|
71 | 'password_confirmation': password_confirmation, | |
72 | 'firstname': name, |
|
72 | 'firstname': name, | |
73 | 'active': True, |
|
73 | 'active': True, | |
74 | 'lastname': lastname, |
|
74 | 'lastname': lastname, | |
75 | 'extern_name': 'internal', |
|
75 | 'extern_name': 'internal', | |
76 | 'extern_type': 'internal', |
|
76 | 'extern_type': 'internal', | |
77 | 'email': email, |
|
77 | 'email': email, | |
78 | '_authentication_token': self.authentication_token()}) |
|
78 | '_authentication_token': self.authentication_token()}) | |
|
79 | # 302 Found | |||
|
80 | # The resource was found at http://localhost/_admin/users/5/edit; you should be redirected automatically. | |||
79 |
|
81 | |||
80 |
self.checkSessionFlash(response, '''Created user |
|
82 | self.checkSessionFlash(response, '''Created user %s''' % username) | |
81 | self.checkSessionFlash(response, '''/edit">%s</a>''' % (username)) |
|
83 | ||
|
84 | response = response.follow() | |||
|
85 | response.mustcontain("""%s user settings""" % username) # in <title> | |||
82 |
|
86 | |||
83 | new_user = Session().query(User). \ |
|
87 | new_user = Session().query(User). \ | |
84 | filter(User.username == username).one() |
|
88 | filter(User.username == username).one() | |
85 |
|
89 | |||
86 | assert new_user.username == username |
|
90 | assert new_user.username == username | |
87 | assert check_password(password, new_user.password) == True |
|
91 | assert check_password(password, new_user.password) == True | |
88 | assert new_user.name == name |
|
92 | assert new_user.name == name | |
89 | assert new_user.lastname == lastname |
|
93 | assert new_user.lastname == lastname | |
90 | assert new_user.email == email |
|
94 | assert new_user.email == email | |
91 |
|
95 | |||
92 | response.follow() |
|
|||
93 | response = response.follow() |
|
|||
94 | response.mustcontain("""newtestuser""") |
|
|||
95 |
|
||||
96 | def test_create_err(self): |
|
96 | def test_create_err(self): | |
97 | self.log_user() |
|
97 | self.log_user() | |
98 | username = 'new_user' |
|
98 | username = 'new_user' | |
99 | password = '' |
|
99 | password = '' | |
100 | name = u'name' |
|
100 | name = u'name' | |
101 | lastname = u'lastname' |
|
101 | lastname = u'lastname' | |
102 | email = 'errmail.example.com' |
|
102 | email = 'errmail.example.com' | |
103 |
|
103 | |||
104 | response = self.app.post(url('users'), {'username': username, |
|
104 | response = self.app.post(url('users'), {'username': username, | |
105 | 'password': password, |
|
105 | 'password': password, | |
106 | 'name': name, |
|
106 | 'name': name, | |
107 | 'active': False, |
|
107 | 'active': False, | |
108 | 'lastname': lastname, |
|
108 | 'lastname': lastname, | |
109 | 'email': email, |
|
109 | 'email': email, | |
110 | '_authentication_token': self.authentication_token()}) |
|
110 | '_authentication_token': self.authentication_token()}) | |
111 |
|
111 | |||
112 | msg = validators.ValidUsername(False, {})._messages['system_invalid_username'] |
|
112 | msg = validators.ValidUsername(False, {})._messages['system_invalid_username'] | |
113 | msg = h.html_escape(msg % {'username': 'new_user'}) |
|
113 | msg = h.html_escape(msg % {'username': 'new_user'}) | |
114 | response.mustcontain("""<span class="error-message">%s</span>""" % msg) |
|
114 | response.mustcontain("""<span class="error-message">%s</span>""" % msg) | |
115 | response.mustcontain("""<span class="error-message">Please enter a value</span>""") |
|
115 | response.mustcontain("""<span class="error-message">Please enter a value</span>""") | |
116 | response.mustcontain("""<span class="error-message">An email address must contain a single @</span>""") |
|
116 | response.mustcontain("""<span class="error-message">An email address must contain a single @</span>""") | |
117 |
|
117 | |||
118 | def get_user(): |
|
118 | def get_user(): | |
119 | Session().query(User).filter(User.username == username).one() |
|
119 | Session().query(User).filter(User.username == username).one() | |
120 |
|
120 | |||
121 | with pytest.raises(NoResultFound): |
|
121 | with pytest.raises(NoResultFound): | |
122 | get_user(), 'found user in database' |
|
122 | get_user(), 'found user in database' | |
123 |
|
123 | |||
124 | def test_new(self): |
|
124 | def test_new(self): | |
125 | self.log_user() |
|
125 | self.log_user() | |
126 | response = self.app.get(url('new_user')) |
|
126 | response = self.app.get(url('new_user')) | |
127 |
|
127 | |||
128 | @parametrize('name,attrs', |
|
128 | @parametrize('name,attrs', | |
129 | [('firstname', {'firstname': 'new_username'}), |
|
129 | [('firstname', {'firstname': 'new_username'}), | |
130 | ('lastname', {'lastname': 'new_username'}), |
|
130 | ('lastname', {'lastname': 'new_username'}), | |
131 | ('admin', {'admin': True}), |
|
131 | ('admin', {'admin': True}), | |
132 | ('admin', {'admin': False}), |
|
132 | ('admin', {'admin': False}), | |
133 | ('extern_type', {'extern_type': 'ldap'}), |
|
133 | ('extern_type', {'extern_type': 'ldap'}), | |
134 | ('extern_type', {'extern_type': None}), |
|
134 | ('extern_type', {'extern_type': None}), | |
135 | ('extern_name', {'extern_name': 'test'}), |
|
135 | ('extern_name', {'extern_name': 'test'}), | |
136 | ('extern_name', {'extern_name': None}), |
|
136 | ('extern_name', {'extern_name': None}), | |
137 | ('active', {'active': False}), |
|
137 | ('active', {'active': False}), | |
138 | ('active', {'active': True}), |
|
138 | ('active', {'active': True}), | |
139 | ('email', {'email': 'someemail@example.com'}), |
|
139 | ('email', {'email': 'someemail@example.com'}), | |
140 | # ('new_password', {'new_password': 'foobar123', |
|
140 | # ('new_password', {'new_password': 'foobar123', | |
141 | # 'password_confirmation': 'foobar123'}) |
|
141 | # 'password_confirmation': 'foobar123'}) | |
142 | ]) |
|
142 | ]) | |
143 | def test_update(self, name, attrs): |
|
143 | def test_update(self, name, attrs): | |
144 | self.log_user() |
|
144 | self.log_user() | |
145 | usr = fixture.create_user(self.test_user_1, password='qweqwe', |
|
145 | usr = fixture.create_user(self.test_user_1, password='qweqwe', | |
146 | email='testme@example.com', |
|
146 | email='testme@example.com', | |
147 | extern_type='internal', |
|
147 | extern_type='internal', | |
148 | extern_name=self.test_user_1, |
|
148 | extern_name=self.test_user_1, | |
149 | skip_if_exists=True) |
|
149 | skip_if_exists=True) | |
150 | Session().commit() |
|
150 | Session().commit() | |
151 | params = usr.get_api_data(True) |
|
151 | params = usr.get_api_data(True) | |
152 | params.update({'password_confirmation': ''}) |
|
152 | params.update({'password_confirmation': ''}) | |
153 | params.update({'new_password': ''}) |
|
153 | params.update({'new_password': ''}) | |
154 | params.update(attrs) |
|
154 | params.update(attrs) | |
155 | if name == 'email': |
|
155 | if name == 'email': | |
156 | params['emails'] = [attrs['email']] |
|
156 | params['emails'] = [attrs['email']] | |
157 | if name == 'extern_type': |
|
157 | if name == 'extern_type': | |
158 | #cannot update this via form, expected value is original one |
|
158 | #cannot update this via form, expected value is original one | |
159 | params['extern_type'] = "internal" |
|
159 | params['extern_type'] = "internal" | |
160 | if name == 'extern_name': |
|
160 | if name == 'extern_name': | |
161 | #cannot update this via form, expected value is original one |
|
161 | #cannot update this via form, expected value is original one | |
162 | params['extern_name'] = self.test_user_1 |
|
162 | params['extern_name'] = self.test_user_1 | |
163 | # special case since this user is not |
|
163 | # special case since this user is not | |
164 | # logged in yet his data is not filled |
|
164 | # logged in yet his data is not filled | |
165 | # so we use creation data |
|
165 | # so we use creation data | |
166 |
|
166 | |||
167 | params.update({'_authentication_token': self.authentication_token()}) |
|
167 | params.update({'_authentication_token': self.authentication_token()}) | |
168 | response = self.app.post(url('update_user', id=usr.user_id), params) |
|
168 | response = self.app.post(url('update_user', id=usr.user_id), params) | |
169 | self.checkSessionFlash(response, 'User updated successfully') |
|
169 | self.checkSessionFlash(response, 'User updated successfully') | |
170 | params.pop('_authentication_token') |
|
170 | params.pop('_authentication_token') | |
171 |
|
171 | |||
172 | updated_user = User.get_by_username(self.test_user_1) |
|
172 | updated_user = User.get_by_username(self.test_user_1) | |
173 | updated_params = updated_user.get_api_data(True) |
|
173 | updated_params = updated_user.get_api_data(True) | |
174 | updated_params.update({'password_confirmation': ''}) |
|
174 | updated_params.update({'password_confirmation': ''}) | |
175 | updated_params.update({'new_password': ''}) |
|
175 | updated_params.update({'new_password': ''}) | |
176 |
|
176 | |||
177 | assert params == updated_params |
|
177 | assert params == updated_params | |
178 |
|
178 | |||
179 | def test_delete(self): |
|
179 | def test_delete(self): | |
180 | self.log_user() |
|
180 | self.log_user() | |
181 | username = 'newtestuserdeleteme' |
|
181 | username = 'newtestuserdeleteme' | |
182 |
|
182 | |||
183 | fixture.create_user(name=username) |
|
183 | fixture.create_user(name=username) | |
184 |
|
184 | |||
185 | new_user = Session().query(User) \ |
|
185 | new_user = Session().query(User) \ | |
186 | .filter(User.username == username).one() |
|
186 | .filter(User.username == username).one() | |
187 | response = self.app.post(url('delete_user', id=new_user.user_id), |
|
187 | response = self.app.post(url('delete_user', id=new_user.user_id), | |
188 | params={'_authentication_token': self.authentication_token()}) |
|
188 | params={'_authentication_token': self.authentication_token()}) | |
189 |
|
189 | |||
190 | self.checkSessionFlash(response, 'Successfully deleted user') |
|
190 | self.checkSessionFlash(response, 'Successfully deleted user') | |
191 |
|
191 | |||
192 | def test_delete_repo_err(self): |
|
192 | def test_delete_repo_err(self): | |
193 | self.log_user() |
|
193 | self.log_user() | |
194 | username = 'repoerr' |
|
194 | username = 'repoerr' | |
195 | reponame = u'repoerr_fail' |
|
195 | reponame = u'repoerr_fail' | |
196 |
|
196 | |||
197 | fixture.create_user(name=username) |
|
197 | fixture.create_user(name=username) | |
198 | fixture.create_repo(name=reponame, cur_user=username) |
|
198 | fixture.create_repo(name=reponame, cur_user=username) | |
199 |
|
199 | |||
200 | new_user = Session().query(User) \ |
|
200 | new_user = Session().query(User) \ | |
201 | .filter(User.username == username).one() |
|
201 | .filter(User.username == username).one() | |
202 | response = self.app.post(url('delete_user', id=new_user.user_id), |
|
202 | response = self.app.post(url('delete_user', id=new_user.user_id), | |
203 | params={'_authentication_token': self.authentication_token()}) |
|
203 | params={'_authentication_token': self.authentication_token()}) | |
204 | self.checkSessionFlash(response, 'User "%s" still ' |
|
204 | self.checkSessionFlash(response, 'User "%s" still ' | |
205 | 'owns 1 repositories and cannot be removed. ' |
|
205 | 'owns 1 repositories and cannot be removed. ' | |
206 | 'Switch owners or remove those repositories: ' |
|
206 | 'Switch owners or remove those repositories: ' | |
207 | '%s' % (username, reponame)) |
|
207 | '%s' % (username, reponame)) | |
208 |
|
208 | |||
209 | response = self.app.post(url('delete_repo', repo_name=reponame), |
|
209 | response = self.app.post(url('delete_repo', repo_name=reponame), | |
210 | params={'_authentication_token': self.authentication_token()}) |
|
210 | params={'_authentication_token': self.authentication_token()}) | |
211 | self.checkSessionFlash(response, 'Deleted repository %s' % reponame) |
|
211 | self.checkSessionFlash(response, 'Deleted repository %s' % reponame) | |
212 |
|
212 | |||
213 | response = self.app.post(url('delete_user', id=new_user.user_id), |
|
213 | response = self.app.post(url('delete_user', id=new_user.user_id), | |
214 | params={'_authentication_token': self.authentication_token()}) |
|
214 | params={'_authentication_token': self.authentication_token()}) | |
215 | self.checkSessionFlash(response, 'Successfully deleted user') |
|
215 | self.checkSessionFlash(response, 'Successfully deleted user') | |
216 |
|
216 | |||
217 | def test_delete_repo_group_err(self, user_and_repo_group_fail): |
|
217 | def test_delete_repo_group_err(self, user_and_repo_group_fail): | |
218 | self.log_user() |
|
218 | self.log_user() | |
219 | username = 'repogrouperr' |
|
219 | username = 'repogrouperr' | |
220 | groupname = u'repogroup_fail' |
|
220 | groupname = u'repogroup_fail' | |
221 |
|
221 | |||
222 | new_user = Session().query(User) \ |
|
222 | new_user = Session().query(User) \ | |
223 | .filter(User.username == username).one() |
|
223 | .filter(User.username == username).one() | |
224 | response = self.app.post(url('delete_user', id=new_user.user_id), |
|
224 | response = self.app.post(url('delete_user', id=new_user.user_id), | |
225 | params={'_authentication_token': self.authentication_token()}) |
|
225 | params={'_authentication_token': self.authentication_token()}) | |
226 | self.checkSessionFlash(response, 'User "%s" still ' |
|
226 | self.checkSessionFlash(response, 'User "%s" still ' | |
227 | 'owns 1 repository groups and cannot be removed. ' |
|
227 | 'owns 1 repository groups and cannot be removed. ' | |
228 | 'Switch owners or remove those repository groups: ' |
|
228 | 'Switch owners or remove those repository groups: ' | |
229 | '%s' % (username, groupname)) |
|
229 | '%s' % (username, groupname)) | |
230 |
|
230 | |||
231 | # Relevant _if_ the user deletion succeeded to make sure we can render groups without owner |
|
231 | # Relevant _if_ the user deletion succeeded to make sure we can render groups without owner | |
232 | # rg = RepoGroup.get_by_group_name(group_name=groupname) |
|
232 | # rg = RepoGroup.get_by_group_name(group_name=groupname) | |
233 | # response = self.app.get(url('repos_groups', id=rg.group_id)) |
|
233 | # response = self.app.get(url('repos_groups', id=rg.group_id)) | |
234 |
|
234 | |||
235 | response = self.app.post(url('delete_repo_group', group_name=groupname), |
|
235 | response = self.app.post(url('delete_repo_group', group_name=groupname), | |
236 | params={'_authentication_token': self.authentication_token()}) |
|
236 | params={'_authentication_token': self.authentication_token()}) | |
237 | self.checkSessionFlash(response, 'Removed repository group %s' % groupname) |
|
237 | self.checkSessionFlash(response, 'Removed repository group %s' % groupname) | |
238 |
|
238 | |||
239 | response = self.app.post(url('delete_user', id=new_user.user_id), |
|
239 | response = self.app.post(url('delete_user', id=new_user.user_id), | |
240 | params={'_authentication_token': self.authentication_token()}) |
|
240 | params={'_authentication_token': self.authentication_token()}) | |
241 | self.checkSessionFlash(response, 'Successfully deleted user') |
|
241 | self.checkSessionFlash(response, 'Successfully deleted user') | |
242 |
|
242 | |||
243 | def test_delete_user_group_err(self): |
|
243 | def test_delete_user_group_err(self): | |
244 | self.log_user() |
|
244 | self.log_user() | |
245 | username = 'usergrouperr' |
|
245 | username = 'usergrouperr' | |
246 | groupname = u'usergroup_fail' |
|
246 | groupname = u'usergroup_fail' | |
247 |
|
247 | |||
248 | fixture.create_user(name=username) |
|
248 | fixture.create_user(name=username) | |
249 | ug = fixture.create_user_group(name=groupname, cur_user=username) |
|
249 | ug = fixture.create_user_group(name=groupname, cur_user=username) | |
250 |
|
250 | |||
251 | new_user = Session().query(User) \ |
|
251 | new_user = Session().query(User) \ | |
252 | .filter(User.username == username).one() |
|
252 | .filter(User.username == username).one() | |
253 | response = self.app.post(url('delete_user', id=new_user.user_id), |
|
253 | response = self.app.post(url('delete_user', id=new_user.user_id), | |
254 | params={'_authentication_token': self.authentication_token()}) |
|
254 | params={'_authentication_token': self.authentication_token()}) | |
255 | self.checkSessionFlash(response, 'User "%s" still ' |
|
255 | self.checkSessionFlash(response, 'User "%s" still ' | |
256 | 'owns 1 user groups and cannot be removed. ' |
|
256 | 'owns 1 user groups and cannot be removed. ' | |
257 | 'Switch owners or remove those user groups: ' |
|
257 | 'Switch owners or remove those user groups: ' | |
258 | '%s' % (username, groupname)) |
|
258 | '%s' % (username, groupname)) | |
259 |
|
259 | |||
260 | # TODO: why do this fail? |
|
260 | # TODO: why do this fail? | |
261 | #response = self.app.delete(url('delete_users_group', id=groupname)) |
|
261 | #response = self.app.delete(url('delete_users_group', id=groupname)) | |
262 | #self.checkSessionFlash(response, 'Removed user group %s' % groupname) |
|
262 | #self.checkSessionFlash(response, 'Removed user group %s' % groupname) | |
263 |
|
263 | |||
264 | fixture.destroy_user_group(ug.users_group_id) |
|
264 | fixture.destroy_user_group(ug.users_group_id) | |
265 |
|
265 | |||
266 | response = self.app.post(url('delete_user', id=new_user.user_id), |
|
266 | response = self.app.post(url('delete_user', id=new_user.user_id), | |
267 | params={'_authentication_token': self.authentication_token()}) |
|
267 | params={'_authentication_token': self.authentication_token()}) | |
268 | self.checkSessionFlash(response, 'Successfully deleted user') |
|
268 | self.checkSessionFlash(response, 'Successfully deleted user') | |
269 |
|
269 | |||
270 | def test_edit(self): |
|
270 | def test_edit(self): | |
271 | self.log_user() |
|
271 | self.log_user() | |
272 | user = User.get_by_username(TEST_USER_ADMIN_LOGIN) |
|
272 | user = User.get_by_username(TEST_USER_ADMIN_LOGIN) | |
273 | response = self.app.get(url('edit_user', id=user.user_id)) |
|
273 | response = self.app.get(url('edit_user', id=user.user_id)) | |
274 |
|
274 | |||
275 | def test_add_perm_create_repo(self): |
|
275 | def test_add_perm_create_repo(self): | |
276 | self.log_user() |
|
276 | self.log_user() | |
277 | perm_none = Permission.get_by_key('hg.create.none') |
|
277 | perm_none = Permission.get_by_key('hg.create.none') | |
278 | perm_create = Permission.get_by_key('hg.create.repository') |
|
278 | perm_create = Permission.get_by_key('hg.create.repository') | |
279 |
|
279 | |||
280 | user = UserModel().create_or_update(username='dummy', password='qwe', |
|
280 | user = UserModel().create_or_update(username='dummy', password='qwe', | |
281 | email='dummy', firstname=u'a', |
|
281 | email='dummy', firstname=u'a', | |
282 | lastname=u'b') |
|
282 | lastname=u'b') | |
283 | Session().commit() |
|
283 | Session().commit() | |
284 | uid = user.user_id |
|
284 | uid = user.user_id | |
285 |
|
285 | |||
286 | try: |
|
286 | try: | |
287 | #User should have None permission on creation repository |
|
287 | #User should have None permission on creation repository | |
288 | assert UserModel().has_perm(user, perm_none) == False |
|
288 | assert UserModel().has_perm(user, perm_none) == False | |
289 | assert UserModel().has_perm(user, perm_create) == False |
|
289 | assert UserModel().has_perm(user, perm_create) == False | |
290 |
|
290 | |||
291 | response = self.app.post(url('edit_user_perms_update', id=uid), |
|
291 | response = self.app.post(url('edit_user_perms_update', id=uid), | |
292 | params=dict(create_repo_perm=True, |
|
292 | params=dict(create_repo_perm=True, | |
293 | _authentication_token=self.authentication_token())) |
|
293 | _authentication_token=self.authentication_token())) | |
294 |
|
294 | |||
295 | perm_none = Permission.get_by_key('hg.create.none') |
|
295 | perm_none = Permission.get_by_key('hg.create.none') | |
296 | perm_create = Permission.get_by_key('hg.create.repository') |
|
296 | perm_create = Permission.get_by_key('hg.create.repository') | |
297 |
|
297 | |||
298 | #User should have None permission on creation repository |
|
298 | #User should have None permission on creation repository | |
299 | assert UserModel().has_perm(uid, perm_none) == False |
|
299 | assert UserModel().has_perm(uid, perm_none) == False | |
300 | assert UserModel().has_perm(uid, perm_create) == True |
|
300 | assert UserModel().has_perm(uid, perm_create) == True | |
301 | finally: |
|
301 | finally: | |
302 | UserModel().delete(uid) |
|
302 | UserModel().delete(uid) | |
303 | Session().commit() |
|
303 | Session().commit() | |
304 |
|
304 | |||
305 | def test_revoke_perm_create_repo(self): |
|
305 | def test_revoke_perm_create_repo(self): | |
306 | self.log_user() |
|
306 | self.log_user() | |
307 | perm_none = Permission.get_by_key('hg.create.none') |
|
307 | perm_none = Permission.get_by_key('hg.create.none') | |
308 | perm_create = Permission.get_by_key('hg.create.repository') |
|
308 | perm_create = Permission.get_by_key('hg.create.repository') | |
309 |
|
309 | |||
310 | user = UserModel().create_or_update(username='dummy', password='qwe', |
|
310 | user = UserModel().create_or_update(username='dummy', password='qwe', | |
311 | email='dummy', firstname=u'a', |
|
311 | email='dummy', firstname=u'a', | |
312 | lastname=u'b') |
|
312 | lastname=u'b') | |
313 | Session().commit() |
|
313 | Session().commit() | |
314 | uid = user.user_id |
|
314 | uid = user.user_id | |
315 |
|
315 | |||
316 | try: |
|
316 | try: | |
317 | #User should have None permission on creation repository |
|
317 | #User should have None permission on creation repository | |
318 | assert UserModel().has_perm(user, perm_none) == False |
|
318 | assert UserModel().has_perm(user, perm_none) == False | |
319 | assert UserModel().has_perm(user, perm_create) == False |
|
319 | assert UserModel().has_perm(user, perm_create) == False | |
320 |
|
320 | |||
321 | response = self.app.post(url('edit_user_perms_update', id=uid), |
|
321 | response = self.app.post(url('edit_user_perms_update', id=uid), | |
322 | params=dict(_authentication_token=self.authentication_token())) |
|
322 | params=dict(_authentication_token=self.authentication_token())) | |
323 |
|
323 | |||
324 | perm_none = Permission.get_by_key('hg.create.none') |
|
324 | perm_none = Permission.get_by_key('hg.create.none') | |
325 | perm_create = Permission.get_by_key('hg.create.repository') |
|
325 | perm_create = Permission.get_by_key('hg.create.repository') | |
326 |
|
326 | |||
327 | #User should have None permission on creation repository |
|
327 | #User should have None permission on creation repository | |
328 | assert UserModel().has_perm(uid, perm_none) == True |
|
328 | assert UserModel().has_perm(uid, perm_none) == True | |
329 | assert UserModel().has_perm(uid, perm_create) == False |
|
329 | assert UserModel().has_perm(uid, perm_create) == False | |
330 | finally: |
|
330 | finally: | |
331 | UserModel().delete(uid) |
|
331 | UserModel().delete(uid) | |
332 | Session().commit() |
|
332 | Session().commit() | |
333 |
|
333 | |||
334 | def test_add_perm_fork_repo(self): |
|
334 | def test_add_perm_fork_repo(self): | |
335 | self.log_user() |
|
335 | self.log_user() | |
336 | perm_none = Permission.get_by_key('hg.fork.none') |
|
336 | perm_none = Permission.get_by_key('hg.fork.none') | |
337 | perm_fork = Permission.get_by_key('hg.fork.repository') |
|
337 | perm_fork = Permission.get_by_key('hg.fork.repository') | |
338 |
|
338 | |||
339 | user = UserModel().create_or_update(username='dummy', password='qwe', |
|
339 | user = UserModel().create_or_update(username='dummy', password='qwe', | |
340 | email='dummy', firstname=u'a', |
|
340 | email='dummy', firstname=u'a', | |
341 | lastname=u'b') |
|
341 | lastname=u'b') | |
342 | Session().commit() |
|
342 | Session().commit() | |
343 | uid = user.user_id |
|
343 | uid = user.user_id | |
344 |
|
344 | |||
345 | try: |
|
345 | try: | |
346 | #User should have None permission on creation repository |
|
346 | #User should have None permission on creation repository | |
347 | assert UserModel().has_perm(user, perm_none) == False |
|
347 | assert UserModel().has_perm(user, perm_none) == False | |
348 | assert UserModel().has_perm(user, perm_fork) == False |
|
348 | assert UserModel().has_perm(user, perm_fork) == False | |
349 |
|
349 | |||
350 | response = self.app.post(url('edit_user_perms_update', id=uid), |
|
350 | response = self.app.post(url('edit_user_perms_update', id=uid), | |
351 | params=dict(create_repo_perm=True, |
|
351 | params=dict(create_repo_perm=True, | |
352 | _authentication_token=self.authentication_token())) |
|
352 | _authentication_token=self.authentication_token())) | |
353 |
|
353 | |||
354 | perm_none = Permission.get_by_key('hg.create.none') |
|
354 | perm_none = Permission.get_by_key('hg.create.none') | |
355 | perm_create = Permission.get_by_key('hg.create.repository') |
|
355 | perm_create = Permission.get_by_key('hg.create.repository') | |
356 |
|
356 | |||
357 | #User should have None permission on creation repository |
|
357 | #User should have None permission on creation repository | |
358 | assert UserModel().has_perm(uid, perm_none) == False |
|
358 | assert UserModel().has_perm(uid, perm_none) == False | |
359 | assert UserModel().has_perm(uid, perm_create) == True |
|
359 | assert UserModel().has_perm(uid, perm_create) == True | |
360 | finally: |
|
360 | finally: | |
361 | UserModel().delete(uid) |
|
361 | UserModel().delete(uid) | |
362 | Session().commit() |
|
362 | Session().commit() | |
363 |
|
363 | |||
364 | def test_revoke_perm_fork_repo(self): |
|
364 | def test_revoke_perm_fork_repo(self): | |
365 | self.log_user() |
|
365 | self.log_user() | |
366 | perm_none = Permission.get_by_key('hg.fork.none') |
|
366 | perm_none = Permission.get_by_key('hg.fork.none') | |
367 | perm_fork = Permission.get_by_key('hg.fork.repository') |
|
367 | perm_fork = Permission.get_by_key('hg.fork.repository') | |
368 |
|
368 | |||
369 | user = UserModel().create_or_update(username='dummy', password='qwe', |
|
369 | user = UserModel().create_or_update(username='dummy', password='qwe', | |
370 | email='dummy', firstname=u'a', |
|
370 | email='dummy', firstname=u'a', | |
371 | lastname=u'b') |
|
371 | lastname=u'b') | |
372 | Session().commit() |
|
372 | Session().commit() | |
373 | uid = user.user_id |
|
373 | uid = user.user_id | |
374 |
|
374 | |||
375 | try: |
|
375 | try: | |
376 | #User should have None permission on creation repository |
|
376 | #User should have None permission on creation repository | |
377 | assert UserModel().has_perm(user, perm_none) == False |
|
377 | assert UserModel().has_perm(user, perm_none) == False | |
378 | assert UserModel().has_perm(user, perm_fork) == False |
|
378 | assert UserModel().has_perm(user, perm_fork) == False | |
379 |
|
379 | |||
380 | response = self.app.post(url('edit_user_perms_update', id=uid), |
|
380 | response = self.app.post(url('edit_user_perms_update', id=uid), | |
381 | params=dict(_authentication_token=self.authentication_token())) |
|
381 | params=dict(_authentication_token=self.authentication_token())) | |
382 |
|
382 | |||
383 | perm_none = Permission.get_by_key('hg.create.none') |
|
383 | perm_none = Permission.get_by_key('hg.create.none') | |
384 | perm_create = Permission.get_by_key('hg.create.repository') |
|
384 | perm_create = Permission.get_by_key('hg.create.repository') | |
385 |
|
385 | |||
386 | #User should have None permission on creation repository |
|
386 | #User should have None permission on creation repository | |
387 | assert UserModel().has_perm(uid, perm_none) == True |
|
387 | assert UserModel().has_perm(uid, perm_none) == True | |
388 | assert UserModel().has_perm(uid, perm_create) == False |
|
388 | assert UserModel().has_perm(uid, perm_create) == False | |
389 | finally: |
|
389 | finally: | |
390 | UserModel().delete(uid) |
|
390 | UserModel().delete(uid) | |
391 | Session().commit() |
|
391 | Session().commit() | |
392 |
|
392 | |||
393 | def test_ips(self): |
|
393 | def test_ips(self): | |
394 | self.log_user() |
|
394 | self.log_user() | |
395 | user = User.get_by_username(TEST_USER_REGULAR_LOGIN) |
|
395 | user = User.get_by_username(TEST_USER_REGULAR_LOGIN) | |
396 | response = self.app.get(url('edit_user_ips', id=user.user_id)) |
|
396 | response = self.app.get(url('edit_user_ips', id=user.user_id)) | |
397 | response.mustcontain('All IP addresses are allowed') |
|
397 | response.mustcontain('All IP addresses are allowed') | |
398 |
|
398 | |||
399 | @parametrize('test_name,ip,ip_range,failure', [ |
|
399 | @parametrize('test_name,ip,ip_range,failure', [ | |
400 | ('127/24', '127.0.0.1/24', '127.0.0.0 - 127.0.0.255', False), |
|
400 | ('127/24', '127.0.0.1/24', '127.0.0.0 - 127.0.0.255', False), | |
401 | ('10/32', '10.0.0.10/32', '10.0.0.10 - 10.0.0.10', False), |
|
401 | ('10/32', '10.0.0.10/32', '10.0.0.10 - 10.0.0.10', False), | |
402 | ('0/16', '0.0.0.0/16', '0.0.0.0 - 0.0.255.255', False), |
|
402 | ('0/16', '0.0.0.0/16', '0.0.0.0 - 0.0.255.255', False), | |
403 | ('0/8', '0.0.0.0/8', '0.0.0.0 - 0.255.255.255', False), |
|
403 | ('0/8', '0.0.0.0/8', '0.0.0.0 - 0.255.255.255', False), | |
404 | ('127_bad_mask', '127.0.0.1/99', '127.0.0.1 - 127.0.0.1', True), |
|
404 | ('127_bad_mask', '127.0.0.1/99', '127.0.0.1 - 127.0.0.1', True), | |
405 | ('127_bad_ip', 'foobar', 'foobar', True), |
|
405 | ('127_bad_ip', 'foobar', 'foobar', True), | |
406 | ]) |
|
406 | ]) | |
407 | def test_add_ip(self, test_name, ip, ip_range, failure, auto_clear_ip_permissions): |
|
407 | def test_add_ip(self, test_name, ip, ip_range, failure, auto_clear_ip_permissions): | |
408 | self.log_user() |
|
408 | self.log_user() | |
409 | user = User.get_by_username(TEST_USER_REGULAR_LOGIN) |
|
409 | user = User.get_by_username(TEST_USER_REGULAR_LOGIN) | |
410 | user_id = user.user_id |
|
410 | user_id = user.user_id | |
411 |
|
411 | |||
412 | response = self.app.post(url('edit_user_ips_update', id=user_id), |
|
412 | response = self.app.post(url('edit_user_ips_update', id=user_id), | |
413 | params=dict(new_ip=ip, _authentication_token=self.authentication_token())) |
|
413 | params=dict(new_ip=ip, _authentication_token=self.authentication_token())) | |
414 |
|
414 | |||
415 | if failure: |
|
415 | if failure: | |
416 | self.checkSessionFlash(response, 'Please enter a valid IPv4 or IPv6 address') |
|
416 | self.checkSessionFlash(response, 'Please enter a valid IPv4 or IPv6 address') | |
417 | response = self.app.get(url('edit_user_ips', id=user_id)) |
|
417 | response = self.app.get(url('edit_user_ips', id=user_id)) | |
418 | response.mustcontain(no=[ip]) |
|
418 | response.mustcontain(no=[ip]) | |
419 | response.mustcontain(no=[ip_range]) |
|
419 | response.mustcontain(no=[ip_range]) | |
420 |
|
420 | |||
421 | else: |
|
421 | else: | |
422 | response = self.app.get(url('edit_user_ips', id=user_id)) |
|
422 | response = self.app.get(url('edit_user_ips', id=user_id)) | |
423 | response.mustcontain(ip) |
|
423 | response.mustcontain(ip) | |
424 | response.mustcontain(ip_range) |
|
424 | response.mustcontain(ip_range) | |
425 |
|
425 | |||
426 | def test_delete_ip(self, auto_clear_ip_permissions): |
|
426 | def test_delete_ip(self, auto_clear_ip_permissions): | |
427 | self.log_user() |
|
427 | self.log_user() | |
428 | user = User.get_by_username(TEST_USER_REGULAR_LOGIN) |
|
428 | user = User.get_by_username(TEST_USER_REGULAR_LOGIN) | |
429 | user_id = user.user_id |
|
429 | user_id = user.user_id | |
430 | ip = '127.0.0.1/32' |
|
430 | ip = '127.0.0.1/32' | |
431 | ip_range = '127.0.0.1 - 127.0.0.1' |
|
431 | ip_range = '127.0.0.1 - 127.0.0.1' | |
432 | new_ip = UserModel().add_extra_ip(user_id, ip) |
|
432 | new_ip = UserModel().add_extra_ip(user_id, ip) | |
433 | Session().commit() |
|
433 | Session().commit() | |
434 | new_ip_id = new_ip.ip_id |
|
434 | new_ip_id = new_ip.ip_id | |
435 |
|
435 | |||
436 | response = self.app.get(url('edit_user_ips', id=user_id)) |
|
436 | response = self.app.get(url('edit_user_ips', id=user_id)) | |
437 | response.mustcontain(ip) |
|
437 | response.mustcontain(ip) | |
438 | response.mustcontain(ip_range) |
|
438 | response.mustcontain(ip_range) | |
439 |
|
439 | |||
440 | self.app.post(url('edit_user_ips_delete', id=user_id), |
|
440 | self.app.post(url('edit_user_ips_delete', id=user_id), | |
441 | params=dict(del_ip_id=new_ip_id, _authentication_token=self.authentication_token())) |
|
441 | params=dict(del_ip_id=new_ip_id, _authentication_token=self.authentication_token())) | |
442 |
|
442 | |||
443 | response = self.app.get(url('edit_user_ips', id=user_id)) |
|
443 | response = self.app.get(url('edit_user_ips', id=user_id)) | |
444 | response.mustcontain('All IP addresses are allowed') |
|
444 | response.mustcontain('All IP addresses are allowed') | |
445 | response.mustcontain(no=[ip]) |
|
445 | response.mustcontain(no=[ip]) | |
446 | response.mustcontain(no=[ip_range]) |
|
446 | response.mustcontain(no=[ip_range]) | |
447 |
|
447 | |||
448 | def test_api_keys(self): |
|
448 | def test_api_keys(self): | |
449 | self.log_user() |
|
449 | self.log_user() | |
450 |
|
450 | |||
451 | user = User.get_by_username(TEST_USER_REGULAR_LOGIN) |
|
451 | user = User.get_by_username(TEST_USER_REGULAR_LOGIN) | |
452 | response = self.app.get(url('edit_user_api_keys', id=user.user_id)) |
|
452 | response = self.app.get(url('edit_user_api_keys', id=user.user_id)) | |
453 | response.mustcontain(user.api_key) |
|
453 | response.mustcontain(user.api_key) | |
454 | response.mustcontain('Expires: Never') |
|
454 | response.mustcontain('Expires: Never') | |
455 |
|
455 | |||
456 | @parametrize('desc,lifetime', [ |
|
456 | @parametrize('desc,lifetime', [ | |
457 | ('forever', -1), |
|
457 | ('forever', -1), | |
458 | ('5mins', 60*5), |
|
458 | ('5mins', 60*5), | |
459 | ('30days', 60*60*24*30), |
|
459 | ('30days', 60*60*24*30), | |
460 | ]) |
|
460 | ]) | |
461 | def test_add_api_keys(self, desc, lifetime): |
|
461 | def test_add_api_keys(self, desc, lifetime): | |
462 | self.log_user() |
|
462 | self.log_user() | |
463 | user = User.get_by_username(TEST_USER_REGULAR_LOGIN) |
|
463 | user = User.get_by_username(TEST_USER_REGULAR_LOGIN) | |
464 | user_id = user.user_id |
|
464 | user_id = user.user_id | |
465 |
|
465 | |||
466 | response = self.app.post(url('edit_user_api_keys_update', id=user_id), |
|
466 | response = self.app.post(url('edit_user_api_keys_update', id=user_id), | |
467 | {'description': desc, 'lifetime': lifetime, '_authentication_token': self.authentication_token()}) |
|
467 | {'description': desc, 'lifetime': lifetime, '_authentication_token': self.authentication_token()}) | |
468 | self.checkSessionFlash(response, 'API key successfully created') |
|
468 | self.checkSessionFlash(response, 'API key successfully created') | |
469 | try: |
|
469 | try: | |
470 | response = response.follow() |
|
470 | response = response.follow() | |
471 | user = User.get(user_id) |
|
471 | user = User.get(user_id) | |
472 | for api_key in user.api_keys: |
|
472 | for api_key in user.api_keys: | |
473 | response.mustcontain(api_key) |
|
473 | response.mustcontain(api_key) | |
474 | finally: |
|
474 | finally: | |
475 | for api_key in UserApiKeys.query().filter(UserApiKeys.user_id == user_id).all(): |
|
475 | for api_key in UserApiKeys.query().filter(UserApiKeys.user_id == user_id).all(): | |
476 | Session().delete(api_key) |
|
476 | Session().delete(api_key) | |
477 | Session().commit() |
|
477 | Session().commit() | |
478 |
|
478 | |||
479 | def test_remove_api_key(self): |
|
479 | def test_remove_api_key(self): | |
480 | self.log_user() |
|
480 | self.log_user() | |
481 | user = User.get_by_username(TEST_USER_REGULAR_LOGIN) |
|
481 | user = User.get_by_username(TEST_USER_REGULAR_LOGIN) | |
482 | user_id = user.user_id |
|
482 | user_id = user.user_id | |
483 |
|
483 | |||
484 | response = self.app.post(url('edit_user_api_keys_update', id=user_id), |
|
484 | response = self.app.post(url('edit_user_api_keys_update', id=user_id), | |
485 | {'description': 'desc', 'lifetime': -1, '_authentication_token': self.authentication_token()}) |
|
485 | {'description': 'desc', 'lifetime': -1, '_authentication_token': self.authentication_token()}) | |
486 | self.checkSessionFlash(response, 'API key successfully created') |
|
486 | self.checkSessionFlash(response, 'API key successfully created') | |
487 | response = response.follow() |
|
487 | response = response.follow() | |
488 |
|
488 | |||
489 | #now delete our key |
|
489 | #now delete our key | |
490 | keys = UserApiKeys.query().filter(UserApiKeys.user_id == user_id).all() |
|
490 | keys = UserApiKeys.query().filter(UserApiKeys.user_id == user_id).all() | |
491 | assert 1 == len(keys) |
|
491 | assert 1 == len(keys) | |
492 |
|
492 | |||
493 | response = self.app.post(url('edit_user_api_keys_delete', id=user_id), |
|
493 | response = self.app.post(url('edit_user_api_keys_delete', id=user_id), | |
494 | {'del_api_key': keys[0].api_key, '_authentication_token': self.authentication_token()}) |
|
494 | {'del_api_key': keys[0].api_key, '_authentication_token': self.authentication_token()}) | |
495 | self.checkSessionFlash(response, 'API key successfully deleted') |
|
495 | self.checkSessionFlash(response, 'API key successfully deleted') | |
496 | keys = UserApiKeys.query().filter(UserApiKeys.user_id == user_id).all() |
|
496 | keys = UserApiKeys.query().filter(UserApiKeys.user_id == user_id).all() | |
497 | assert 0 == len(keys) |
|
497 | assert 0 == len(keys) | |
498 |
|
498 | |||
499 | def test_reset_main_api_key(self): |
|
499 | def test_reset_main_api_key(self): | |
500 | self.log_user() |
|
500 | self.log_user() | |
501 | user = User.get_by_username(TEST_USER_REGULAR_LOGIN) |
|
501 | user = User.get_by_username(TEST_USER_REGULAR_LOGIN) | |
502 | user_id = user.user_id |
|
502 | user_id = user.user_id | |
503 | api_key = user.api_key |
|
503 | api_key = user.api_key | |
504 | response = self.app.get(url('edit_user_api_keys', id=user_id)) |
|
504 | response = self.app.get(url('edit_user_api_keys', id=user_id)) | |
505 | response.mustcontain(api_key) |
|
505 | response.mustcontain(api_key) | |
506 | response.mustcontain('Expires: Never') |
|
506 | response.mustcontain('Expires: Never') | |
507 |
|
507 | |||
508 | response = self.app.post(url('edit_user_api_keys_delete', id=user_id), |
|
508 | response = self.app.post(url('edit_user_api_keys_delete', id=user_id), | |
509 | {'del_api_key_builtin': api_key, '_authentication_token': self.authentication_token()}) |
|
509 | {'del_api_key_builtin': api_key, '_authentication_token': self.authentication_token()}) | |
510 | self.checkSessionFlash(response, 'API key successfully reset') |
|
510 | self.checkSessionFlash(response, 'API key successfully reset') | |
511 | response = response.follow() |
|
511 | response = response.follow() | |
512 | response.mustcontain(no=[api_key]) |
|
512 | response.mustcontain(no=[api_key]) | |
513 |
|
513 | |||
514 |
|
514 | |||
515 | class TestAdminUsersController_unittest(object): |
|
515 | class TestAdminUsersController_unittest(object): | |
516 | """ Unit tests for the users controller """ |
|
516 | """ Unit tests for the users controller """ | |
517 |
|
517 | |||
518 | def test_get_user_or_raise_if_default(self, monkeypatch): |
|
518 | def test_get_user_or_raise_if_default(self, monkeypatch): | |
519 | # flash complains about an non-existing session |
|
519 | # flash complains about an non-existing session | |
520 | def flash_mock(*args, **kwargs): |
|
520 | def flash_mock(*args, **kwargs): | |
521 | pass |
|
521 | pass | |
522 | monkeypatch.setattr(h, 'flash', flash_mock) |
|
522 | monkeypatch.setattr(h, 'flash', flash_mock) | |
523 |
|
523 | |||
524 | u = UsersController() |
|
524 | u = UsersController() | |
525 | # a regular user should work correctly |
|
525 | # a regular user should work correctly | |
526 | user = User.get_by_username(TEST_USER_REGULAR_LOGIN) |
|
526 | user = User.get_by_username(TEST_USER_REGULAR_LOGIN) | |
527 | assert u._get_user_or_raise_if_default(user.user_id) == user |
|
527 | assert u._get_user_or_raise_if_default(user.user_id) == user | |
528 | # the default user should raise |
|
528 | # the default user should raise | |
529 | with pytest.raises(HTTPNotFound): |
|
529 | with pytest.raises(HTTPNotFound): | |
530 | u._get_user_or_raise_if_default(User.get_default_user().user_id) |
|
530 | u._get_user_or_raise_if_default(User.get_default_user().user_id) | |
531 |
|
531 | |||
532 |
|
532 | |||
533 | class TestAdminUsersControllerForDefaultUser(TestController): |
|
533 | class TestAdminUsersControllerForDefaultUser(TestController): | |
534 | """ |
|
534 | """ | |
535 | Edit actions on the default user are not allowed. |
|
535 | Edit actions on the default user are not allowed. | |
536 | Validate that they throw a 404 exception. |
|
536 | Validate that they throw a 404 exception. | |
537 | """ |
|
537 | """ | |
538 | def test_edit_default_user(self): |
|
538 | def test_edit_default_user(self): | |
539 | self.log_user() |
|
539 | self.log_user() | |
540 | user = User.get_default_user() |
|
540 | user = User.get_default_user() | |
541 | response = self.app.get(url('edit_user', id=user.user_id), status=404) |
|
541 | response = self.app.get(url('edit_user', id=user.user_id), status=404) | |
542 |
|
542 | |||
543 | def test_edit_advanced_default_user(self): |
|
543 | def test_edit_advanced_default_user(self): | |
544 | self.log_user() |
|
544 | self.log_user() | |
545 | user = User.get_default_user() |
|
545 | user = User.get_default_user() | |
546 | response = self.app.get(url('edit_user_advanced', id=user.user_id), status=404) |
|
546 | response = self.app.get(url('edit_user_advanced', id=user.user_id), status=404) | |
547 |
|
547 | |||
548 | # API keys |
|
548 | # API keys | |
549 | def test_edit_api_keys_default_user(self): |
|
549 | def test_edit_api_keys_default_user(self): | |
550 | self.log_user() |
|
550 | self.log_user() | |
551 | user = User.get_default_user() |
|
551 | user = User.get_default_user() | |
552 | response = self.app.get(url('edit_user_api_keys', id=user.user_id), status=404) |
|
552 | response = self.app.get(url('edit_user_api_keys', id=user.user_id), status=404) | |
553 |
|
553 | |||
554 | def test_add_api_keys_default_user(self): |
|
554 | def test_add_api_keys_default_user(self): | |
555 | self.log_user() |
|
555 | self.log_user() | |
556 | user = User.get_default_user() |
|
556 | user = User.get_default_user() | |
557 | response = self.app.post(url('edit_user_api_keys_update', id=user.user_id), |
|
557 | response = self.app.post(url('edit_user_api_keys_update', id=user.user_id), | |
558 | {'_authentication_token': self.authentication_token()}, status=404) |
|
558 | {'_authentication_token': self.authentication_token()}, status=404) | |
559 |
|
559 | |||
560 | def test_delete_api_keys_default_user(self): |
|
560 | def test_delete_api_keys_default_user(self): | |
561 | self.log_user() |
|
561 | self.log_user() | |
562 | user = User.get_default_user() |
|
562 | user = User.get_default_user() | |
563 | response = self.app.post(url('edit_user_api_keys_delete', id=user.user_id), |
|
563 | response = self.app.post(url('edit_user_api_keys_delete', id=user.user_id), | |
564 | {'_authentication_token': self.authentication_token()}, status=404) |
|
564 | {'_authentication_token': self.authentication_token()}, status=404) | |
565 |
|
565 | |||
566 | # Permissions |
|
566 | # Permissions | |
567 | def test_edit_perms_default_user(self): |
|
567 | def test_edit_perms_default_user(self): | |
568 | self.log_user() |
|
568 | self.log_user() | |
569 | user = User.get_default_user() |
|
569 | user = User.get_default_user() | |
570 | response = self.app.get(url('edit_user_perms', id=user.user_id), status=404) |
|
570 | response = self.app.get(url('edit_user_perms', id=user.user_id), status=404) | |
571 |
|
571 | |||
572 | def test_update_perms_default_user(self): |
|
572 | def test_update_perms_default_user(self): | |
573 | self.log_user() |
|
573 | self.log_user() | |
574 | user = User.get_default_user() |
|
574 | user = User.get_default_user() | |
575 | response = self.app.post(url('edit_user_perms_update', id=user.user_id), |
|
575 | response = self.app.post(url('edit_user_perms_update', id=user.user_id), | |
576 | {'_authentication_token': self.authentication_token()}, status=404) |
|
576 | {'_authentication_token': self.authentication_token()}, status=404) | |
577 |
|
577 | |||
578 | # Emails |
|
578 | # Emails | |
579 | def test_edit_emails_default_user(self): |
|
579 | def test_edit_emails_default_user(self): | |
580 | self.log_user() |
|
580 | self.log_user() | |
581 | user = User.get_default_user() |
|
581 | user = User.get_default_user() | |
582 | response = self.app.get(url('edit_user_emails', id=user.user_id), status=404) |
|
582 | response = self.app.get(url('edit_user_emails', id=user.user_id), status=404) | |
583 |
|
583 | |||
584 | def test_add_emails_default_user(self): |
|
584 | def test_add_emails_default_user(self): | |
585 | self.log_user() |
|
585 | self.log_user() | |
586 | user = User.get_default_user() |
|
586 | user = User.get_default_user() | |
587 | response = self.app.post(url('edit_user_emails_update', id=user.user_id), |
|
587 | response = self.app.post(url('edit_user_emails_update', id=user.user_id), | |
588 | {'_authentication_token': self.authentication_token()}, status=404) |
|
588 | {'_authentication_token': self.authentication_token()}, status=404) | |
589 |
|
589 | |||
590 | def test_delete_emails_default_user(self): |
|
590 | def test_delete_emails_default_user(self): | |
591 | self.log_user() |
|
591 | self.log_user() | |
592 | user = User.get_default_user() |
|
592 | user = User.get_default_user() | |
593 | response = self.app.post(url('edit_user_emails_delete', id=user.user_id), |
|
593 | response = self.app.post(url('edit_user_emails_delete', id=user.user_id), | |
594 | {'_authentication_token': self.authentication_token()}, status=404) |
|
594 | {'_authentication_token': self.authentication_token()}, status=404) | |
595 |
|
595 | |||
596 | # IP addresses |
|
596 | # IP addresses | |
597 | # Add/delete of IP addresses for the default user is used to maintain |
|
597 | # Add/delete of IP addresses for the default user is used to maintain | |
598 | # the global IP whitelist and thus allowed. Only 'edit' is forbidden. |
|
598 | # the global IP whitelist and thus allowed. Only 'edit' is forbidden. | |
599 | def test_edit_ip_default_user(self): |
|
599 | def test_edit_ip_default_user(self): | |
600 | self.log_user() |
|
600 | self.log_user() | |
601 | user = User.get_default_user() |
|
601 | user = User.get_default_user() | |
602 | response = self.app.get(url('edit_user_ips', id=user.user_id), status=404) |
|
602 | response = self.app.get(url('edit_user_ips', id=user.user_id), status=404) |
General Comments 0
You need to be logged in to leave comments.
Login now