##// END OF EJS Templates
upstream » kallithea
RSS

Clone from https://kallithea-scm.org/repos/kallithea

admin: don't redirect back to the list of users after creating a user...
Mads Kiilerich -
r6118:9b80c2a6 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,446 +1,445 b''
1 1 # -*- coding: utf-8 -*-
2 2 # This program is free software: you can redistribute it and/or modify
3 3 # it under the terms of the GNU General Public License as published by
4 4 # the Free Software Foundation, either version 3 of the License, or
5 5 # (at your option) any later version.
6 6 #
7 7 # This program is distributed in the hope that it will be useful,
8 8 # but WITHOUT ANY WARRANTY; without even the implied warranty of
9 9 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 10 # GNU General Public License for more details.
11 11 #
12 12 # You should have received a copy of the GNU General Public License
13 13 # along with this program. If not, see <http://www.gnu.org/licenses/>.
14 14 """
15 15 kallithea.controllers.admin.users
16 16 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
17 17
18 18 Users crud controller for pylons
19 19
20 20 This file was forked by the Kallithea project in July 2014.
21 21 Original author and date, and relevant copyright and licensing information is below:
22 22 :created_on: Apr 4, 2010
23 23 :author: marcink
24 24 :copyright: (c) 2013 RhodeCode GmbH, and others.
25 25 :license: GPLv3, see LICENSE.md for more details.
26 26 """
27 27
28 28 import logging
29 29 import traceback
30 30 import formencode
31 31
32 32 from formencode import htmlfill
33 33 from pylons import request, tmpl_context as c, url, config
34 34 from pylons.i18n.translation import _
35 35 from sqlalchemy.sql.expression import func
36 36 from webob.exc import HTTPFound, HTTPNotFound
37 37
38 38 import kallithea
39 39 from kallithea.lib.exceptions import DefaultUserException, \
40 40 UserOwnsReposException, UserCreationError
41 41 from kallithea.lib import helpers as h
42 42 from kallithea.lib.auth import LoginRequired, HasPermissionAnyDecorator, \
43 43 AuthUser
44 44 from kallithea.lib import auth_modules
45 45 from kallithea.lib.auth_modules import auth_internal
46 46 from kallithea.lib.base import BaseController, render
47 47 from kallithea.model.api_key import ApiKeyModel
48 48
49 49 from kallithea.model.db import User, UserEmailMap, UserIpMap, UserToPerm
50 50 from kallithea.model.forms import UserForm, CustomDefaultPermissionsForm
51 51 from kallithea.model.user import UserModel
52 52 from kallithea.model.meta import Session
53 53 from kallithea.lib.utils import action_logger
54 54 from kallithea.lib.compat import json
55 55 from kallithea.lib.utils2 import datetime_to_time, safe_int, generate_api_key
56 56
57 57 log = logging.getLogger(__name__)
58 58
59 59
60 60 class UsersController(BaseController):
61 61 """REST Controller styled on the Atom Publishing Protocol"""
62 62
63 63 @LoginRequired()
64 64 @HasPermissionAnyDecorator('hg.admin')
65 65 def __before__(self):
66 66 super(UsersController, self).__before__()
67 67 c.available_permissions = config['available_permissions']
68 68 c.EXTERN_TYPE_INTERNAL = kallithea.EXTERN_TYPE_INTERNAL
69 69
70 70 def index(self, format='html'):
71 71 c.users_list = User.query().order_by(User.username) \
72 72 .filter(User.username != User.DEFAULT_USER) \
73 73 .order_by(func.lower(User.username)) \
74 74 .all()
75 75
76 76 users_data = []
77 77 total_records = len(c.users_list)
78 78 _tmpl_lookup = kallithea.CONFIG['pylons.app_globals'].mako_lookup
79 79 template = _tmpl_lookup.get_template('data_table/_dt_elements.html')
80 80
81 81 grav_tmpl = '<div class="gravatar">%s</div>'
82 82
83 83 username = lambda user_id, username: (
84 84 template.get_def("user_name")
85 85 .render(user_id, username, _=_, h=h, c=c))
86 86
87 87 user_actions = lambda user_id, username: (
88 88 template.get_def("user_actions")
89 89 .render(user_id, username, _=_, h=h, c=c))
90 90
91 91 for user in c.users_list:
92 92 users_data.append({
93 93 "gravatar": grav_tmpl % h.gravatar(user.email, size=20),
94 94 "raw_name": user.username,
95 95 "username": username(user.user_id, user.username),
96 96 "firstname": h.escape(user.name),
97 97 "lastname": h.escape(user.lastname),
98 98 "last_login": h.fmt_date(user.last_login),
99 99 "last_login_raw": datetime_to_time(user.last_login),
100 100 "active": h.boolicon(user.active),
101 101 "admin": h.boolicon(user.admin),
102 102 "extern_type": user.extern_type,
103 103 "extern_name": user.extern_name,
104 104 "action": user_actions(user.user_id, user.username),
105 105 })
106 106
107 107 c.data = json.dumps({
108 108 "totalRecords": total_records,
109 109 "startIndex": 0,
110 110 "sort": None,
111 111 "dir": "asc",
112 112 "records": users_data
113 113 })
114 114
115 115 return render('admin/users/users.html')
116 116
117 117 def create(self):
118 118 c.default_extern_type = auth_internal.KallitheaAuthPlugin.name
119 119 c.default_extern_name = auth_internal.KallitheaAuthPlugin.name
120 120 user_model = UserModel()
121 121 user_form = UserForm()()
122 122 try:
123 123 form_result = user_form.to_python(dict(request.POST))
124 124 user = user_model.create(form_result)
125 usr = form_result['username']
126 action_logger(self.authuser, 'admin_created_user:%s' % usr,
125 action_logger(self.authuser, 'admin_created_user:%s' % user.username,
127 126 None, self.ip_addr, self.sa)
128 h.flash(h.literal(_('Created user %s') % h.link_to(h.escape(usr), url('edit_user', id=user.user_id))),
127 h.flash(_('Created user %s') % user.username,
129 128 category='success')
130 129 Session().commit()
131 130 except formencode.Invalid as errors:
132 131 return htmlfill.render(
133 132 render('admin/users/user_add.html'),
134 133 defaults=errors.value,
135 134 errors=errors.error_dict or {},
136 135 prefix_error=False,
137 136 encoding="UTF-8",
138 137 force_defaults=False)
139 138 except UserCreationError as e:
140 139 h.flash(e, 'error')
141 140 except Exception:
142 141 log.error(traceback.format_exc())
143 142 h.flash(_('Error occurred during creation of user %s') \
144 143 % request.POST.get('username'), category='error')
145 raise HTTPFound(location=url('users'))
144 raise HTTPFound(location=url('edit_user', id=user.user_id))
146 145
147 146 def new(self, format='html'):
148 147 c.default_extern_type = auth_internal.KallitheaAuthPlugin.name
149 148 c.default_extern_name = auth_internal.KallitheaAuthPlugin.name
150 149 return render('admin/users/user_add.html')
151 150
152 151 def update(self, id):
153 152 user_model = UserModel()
154 153 user = user_model.get(id)
155 154 _form = UserForm(edit=True, old_data={'user_id': id,
156 155 'email': user.email})()
157 156 form_result = {}
158 157 try:
159 158 form_result = _form.to_python(dict(request.POST))
160 159 skip_attrs = ['extern_type', 'extern_name',
161 160 ] + auth_modules.get_managed_fields(user)
162 161
163 162 user_model.update(id, form_result, skip_attrs=skip_attrs)
164 163 usr = form_result['username']
165 164 action_logger(self.authuser, 'admin_updated_user:%s' % usr,
166 165 None, self.ip_addr, self.sa)
167 166 h.flash(_('User updated successfully'), category='success')
168 167 Session().commit()
169 168 except formencode.Invalid as errors:
170 169 defaults = errors.value
171 170 e = errors.error_dict or {}
172 171 defaults.update({
173 172 'create_repo_perm': user_model.has_perm(id,
174 173 'hg.create.repository'),
175 174 'fork_repo_perm': user_model.has_perm(id, 'hg.fork.repository'),
176 175 })
177 176 return htmlfill.render(
178 177 self._render_edit_profile(user),
179 178 defaults=defaults,
180 179 errors=e,
181 180 prefix_error=False,
182 181 encoding="UTF-8",
183 182 force_defaults=False)
184 183 except Exception:
185 184 log.error(traceback.format_exc())
186 185 h.flash(_('Error occurred during update of user %s') \
187 186 % form_result.get('username'), category='error')
188 187 raise HTTPFound(location=url('edit_user', id=id))
189 188
190 189 def delete(self, id):
191 190 usr = User.get_or_404(id)
192 191 try:
193 192 UserModel().delete(usr)
194 193 Session().commit()
195 194 h.flash(_('Successfully deleted user'), category='success')
196 195 except (UserOwnsReposException, DefaultUserException) as e:
197 196 h.flash(e, category='warning')
198 197 except Exception:
199 198 log.error(traceback.format_exc())
200 199 h.flash(_('An error occurred during deletion of user'),
201 200 category='error')
202 201 raise HTTPFound(location=url('users'))
203 202
204 203 def _get_user_or_raise_if_default(self, id):
205 204 try:
206 205 return User.get_or_404(id, allow_default=False)
207 206 except DefaultUserException:
208 207 h.flash(_("The default user cannot be edited"), category='warning')
209 208 raise HTTPNotFound
210 209
211 210 def _render_edit_profile(self, user):
212 211 c.user = user
213 212 c.active = 'profile'
214 213 c.perm_user = AuthUser(dbuser=user)
215 214 c.ip_addr = self.ip_addr
216 215 managed_fields = auth_modules.get_managed_fields(user)
217 216 c.readonly = lambda n: 'readonly' if n in managed_fields else None
218 217 return render('admin/users/user_edit.html')
219 218
220 219 def edit(self, id, format='html'):
221 220 user = self._get_user_or_raise_if_default(id)
222 221 defaults = user.get_dict()
223 222
224 223 return htmlfill.render(
225 224 self._render_edit_profile(user),
226 225 defaults=defaults,
227 226 encoding="UTF-8",
228 227 force_defaults=False)
229 228
230 229 def edit_advanced(self, id):
231 230 c.user = self._get_user_or_raise_if_default(id)
232 231 c.active = 'advanced'
233 232 c.perm_user = AuthUser(user_id=id)
234 233 c.ip_addr = self.ip_addr
235 234
236 235 umodel = UserModel()
237 236 defaults = c.user.get_dict()
238 237 defaults.update({
239 238 'create_repo_perm': umodel.has_perm(c.user, 'hg.create.repository'),
240 239 'create_user_group_perm': umodel.has_perm(c.user,
241 240 'hg.usergroup.create.true'),
242 241 'fork_repo_perm': umodel.has_perm(c.user, 'hg.fork.repository'),
243 242 })
244 243 return htmlfill.render(
245 244 render('admin/users/user_edit.html'),
246 245 defaults=defaults,
247 246 encoding="UTF-8",
248 247 force_defaults=False)
249 248
250 249 def edit_api_keys(self, id):
251 250 c.user = self._get_user_or_raise_if_default(id)
252 251 c.active = 'api_keys'
253 252 show_expired = True
254 253 c.lifetime_values = [
255 254 (str(-1), _('Forever')),
256 255 (str(5), _('5 minutes')),
257 256 (str(60), _('1 hour')),
258 257 (str(60 * 24), _('1 day')),
259 258 (str(60 * 24 * 30), _('1 month')),
260 259 ]
261 260 c.lifetime_options = [(c.lifetime_values, _("Lifetime"))]
262 261 c.user_api_keys = ApiKeyModel().get_api_keys(c.user.user_id,
263 262 show_expired=show_expired)
264 263 defaults = c.user.get_dict()
265 264 return htmlfill.render(
266 265 render('admin/users/user_edit.html'),
267 266 defaults=defaults,
268 267 encoding="UTF-8",
269 268 force_defaults=False)
270 269
271 270 def add_api_key(self, id):
272 271 c.user = self._get_user_or_raise_if_default(id)
273 272
274 273 lifetime = safe_int(request.POST.get('lifetime'), -1)
275 274 description = request.POST.get('description')
276 275 ApiKeyModel().create(c.user.user_id, description, lifetime)
277 276 Session().commit()
278 277 h.flash(_("API key successfully created"), category='success')
279 278 raise HTTPFound(location=url('edit_user_api_keys', id=c.user.user_id))
280 279
281 280 def delete_api_key(self, id):
282 281 c.user = self._get_user_or_raise_if_default(id)
283 282
284 283 api_key = request.POST.get('del_api_key')
285 284 if request.POST.get('del_api_key_builtin'):
286 285 user = User.get(c.user.user_id)
287 286 if user is not None:
288 287 user.api_key = generate_api_key()
289 288 Session().add(user)
290 289 Session().commit()
291 290 h.flash(_("API key successfully reset"), category='success')
292 291 elif api_key:
293 292 ApiKeyModel().delete(api_key, c.user.user_id)
294 293 Session().commit()
295 294 h.flash(_("API key successfully deleted"), category='success')
296 295
297 296 raise HTTPFound(location=url('edit_user_api_keys', id=c.user.user_id))
298 297
299 298 def update_account(self, id):
300 299 pass
301 300
302 301 def edit_perms(self, id):
303 302 c.user = self._get_user_or_raise_if_default(id)
304 303 c.active = 'perms'
305 304 c.perm_user = AuthUser(user_id=id)
306 305 c.ip_addr = self.ip_addr
307 306
308 307 umodel = UserModel()
309 308 defaults = c.user.get_dict()
310 309 defaults.update({
311 310 'create_repo_perm': umodel.has_perm(c.user, 'hg.create.repository'),
312 311 'create_user_group_perm': umodel.has_perm(c.user,
313 312 'hg.usergroup.create.true'),
314 313 'fork_repo_perm': umodel.has_perm(c.user, 'hg.fork.repository'),
315 314 })
316 315 return htmlfill.render(
317 316 render('admin/users/user_edit.html'),
318 317 defaults=defaults,
319 318 encoding="UTF-8",
320 319 force_defaults=False)
321 320
322 321 def update_perms(self, id):
323 322 user = self._get_user_or_raise_if_default(id)
324 323
325 324 try:
326 325 form = CustomDefaultPermissionsForm()()
327 326 form_result = form.to_python(request.POST)
328 327
329 328 inherit_perms = form_result['inherit_default_permissions']
330 329 user.inherit_default_permissions = inherit_perms
331 330 Session().add(user)
332 331 user_model = UserModel()
333 332
334 333 defs = UserToPerm.query() \
335 334 .filter(UserToPerm.user == user) \
336 335 .all()
337 336 for ug in defs:
338 337 Session().delete(ug)
339 338
340 339 if form_result['create_repo_perm']:
341 340 user_model.grant_perm(id, 'hg.create.repository')
342 341 else:
343 342 user_model.grant_perm(id, 'hg.create.none')
344 343 if form_result['create_user_group_perm']:
345 344 user_model.grant_perm(id, 'hg.usergroup.create.true')
346 345 else:
347 346 user_model.grant_perm(id, 'hg.usergroup.create.false')
348 347 if form_result['fork_repo_perm']:
349 348 user_model.grant_perm(id, 'hg.fork.repository')
350 349 else:
351 350 user_model.grant_perm(id, 'hg.fork.none')
352 351 h.flash(_("Updated permissions"), category='success')
353 352 Session().commit()
354 353 except Exception:
355 354 log.error(traceback.format_exc())
356 355 h.flash(_('An error occurred during permissions saving'),
357 356 category='error')
358 357 raise HTTPFound(location=url('edit_user_perms', id=id))
359 358
360 359 def edit_emails(self, id):
361 360 c.user = self._get_user_or_raise_if_default(id)
362 361 c.active = 'emails'
363 362 c.user_email_map = UserEmailMap.query() \
364 363 .filter(UserEmailMap.user == c.user).all()
365 364
366 365 defaults = c.user.get_dict()
367 366 return htmlfill.render(
368 367 render('admin/users/user_edit.html'),
369 368 defaults=defaults,
370 369 encoding="UTF-8",
371 370 force_defaults=False)
372 371
373 372 def add_email(self, id):
374 373 user = self._get_user_or_raise_if_default(id)
375 374 email = request.POST.get('new_email')
376 375 user_model = UserModel()
377 376
378 377 try:
379 378 user_model.add_extra_email(id, email)
380 379 Session().commit()
381 380 h.flash(_("Added email %s to user") % email, category='success')
382 381 except formencode.Invalid as error:
383 382 msg = error.error_dict['email']
384 383 h.flash(msg, category='error')
385 384 except Exception:
386 385 log.error(traceback.format_exc())
387 386 h.flash(_('An error occurred during email saving'),
388 387 category='error')
389 388 raise HTTPFound(location=url('edit_user_emails', id=id))
390 389
391 390 def delete_email(self, id):
392 391 user = self._get_user_or_raise_if_default(id)
393 392 email_id = request.POST.get('del_email_id')
394 393 user_model = UserModel()
395 394 user_model.delete_extra_email(id, email_id)
396 395 Session().commit()
397 396 h.flash(_("Removed email from user"), category='success')
398 397 raise HTTPFound(location=url('edit_user_emails', id=id))
399 398
400 399 def edit_ips(self, id):
401 400 c.user = self._get_user_or_raise_if_default(id)
402 401 c.active = 'ips'
403 402 c.user_ip_map = UserIpMap.query() \
404 403 .filter(UserIpMap.user == c.user).all()
405 404
406 405 c.inherit_default_ips = c.user.inherit_default_permissions
407 406 c.default_user_ip_map = UserIpMap.query() \
408 407 .filter(UserIpMap.user == User.get_default_user()).all()
409 408
410 409 defaults = c.user.get_dict()
411 410 return htmlfill.render(
412 411 render('admin/users/user_edit.html'),
413 412 defaults=defaults,
414 413 encoding="UTF-8",
415 414 force_defaults=False)
416 415
417 416 def add_ip(self, id):
418 417 ip = request.POST.get('new_ip')
419 418 user_model = UserModel()
420 419
421 420 try:
422 421 user_model.add_extra_ip(id, ip)
423 422 Session().commit()
424 423 h.flash(_("Added IP address %s to user whitelist") % ip, category='success')
425 424 except formencode.Invalid as error:
426 425 msg = error.error_dict['ip']
427 426 h.flash(msg, category='error')
428 427 except Exception:
429 428 log.error(traceback.format_exc())
430 429 h.flash(_('An error occurred while adding IP address'),
431 430 category='error')
432 431
433 432 if 'default_user' in request.POST:
434 433 raise HTTPFound(location=url('admin_permissions_ips'))
435 434 raise HTTPFound(location=url('edit_user_ips', id=id))
436 435
437 436 def delete_ip(self, id):
438 437 ip_id = request.POST.get('del_ip_id')
439 438 user_model = UserModel()
440 439 user_model.delete_extra_ip(id, ip_id)
441 440 Session().commit()
442 441 h.flash(_("Removed IP address from user whitelist"), category='success')
443 442
444 443 if 'default_user' in request.POST:
445 444 raise HTTPFound(location=url('admin_permissions_ips'))
446 445 raise HTTPFound(location=url('edit_user_ips', id=id))
Show file before | Show file after | Hide comments
@@ -1,602 +1,602 b''
1 1 # -*- coding: utf-8 -*-
2 2 # This program is free software: you can redistribute it and/or modify
3 3 # it under the terms of the GNU General Public License as published by
4 4 # the Free Software Foundation, either version 3 of the License, or
5 5 # (at your option) any later version.
6 6 #
7 7 # This program is distributed in the hope that it will be useful,
8 8 # but WITHOUT ANY WARRANTY; without even the implied warranty of
9 9 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 10 # GNU General Public License for more details.
11 11 #
12 12 # You should have received a copy of the GNU General Public License
13 13 # along with this program. If not, see <http://www.gnu.org/licenses/>.
14 14
15 15 from sqlalchemy.orm.exc import NoResultFound, ObjectDeletedError
16 16
17 17 import pytest
18 18 from kallithea.tests import *
19 19 from kallithea.tests.fixture import Fixture
20 20 from kallithea.controllers.admin.users import UsersController
21 21 from kallithea.model.db import User, Permission, UserIpMap, UserApiKeys
22 22 from kallithea.lib.auth import check_password
23 23 from kallithea.model.user import UserModel
24 24 from kallithea.model import validators
25 25 from kallithea.lib import helpers as h
26 26 from kallithea.model.meta import Session
27 27 from webob.exc import HTTPNotFound
28 28
29 29 fixture = Fixture()
30 30
31 31 @pytest.yield_fixture
32 32 def user_and_repo_group_fail():
33 33 username = 'repogrouperr'
34 34 groupname = u'repogroup_fail'
35 35 user = fixture.create_user(name=username)
36 36 repo_group = fixture.create_repo_group(name=groupname, cur_user=username)
37 37 yield user, repo_group
38 38 # cleanup
39 39 try:
40 40 fixture.destroy_repo_group(repo_group)
41 41 except ObjectDeletedError:
42 42 # delete already succeeded in test body
43 43 pass
44 44
45 45 class TestAdminUsersController(TestController):
46 46 test_user_1 = 'testme'
47 47
48 48 @classmethod
49 49 def teardown_class(cls):
50 50 if User.get_by_username(cls.test_user_1):
51 51 UserModel().delete(cls.test_user_1)
52 52 Session().commit()
53 53
54 54 def test_index(self):
55 55 self.log_user()
56 56 response = self.app.get(url('users'))
57 57 # Test response...
58 58
59 59 def test_create(self):
60 60 self.log_user()
61 61 username = 'newtestuser'
62 62 password = 'test12'
63 63 password_confirmation = password
64 64 name = u'name'
65 65 lastname = u'lastname'
66 66 email = 'mail@example.com'
67 67
68 68 response = self.app.post(url('users'),
69 69 {'username': username,
70 70 'password': password,
71 71 'password_confirmation': password_confirmation,
72 72 'firstname': name,
73 73 'active': True,
74 74 'lastname': lastname,
75 75 'extern_name': 'internal',
76 76 'extern_type': 'internal',
77 77 'email': email,
78 78 '_authentication_token': self.authentication_token()})
79 # 302 Found
80 # The resource was found at http://localhost/_admin/users/5/edit; you should be redirected automatically.
79 81
80 self.checkSessionFlash(response, '''Created user <a href="/_admin/users/''')
81 self.checkSessionFlash(response, '''/edit">%s</a>''' % (username))
82 self.checkSessionFlash(response, '''Created user %s''' % username)
83
84 response = response.follow()
85 response.mustcontain("""%s user settings""" % username) # in <title>
82 86
83 87 new_user = Session().query(User). \
84 88 filter(User.username == username).one()
85 89
86 90 assert new_user.username == username
87 91 assert check_password(password, new_user.password) == True
88 92 assert new_user.name == name
89 93 assert new_user.lastname == lastname
90 94 assert new_user.email == email
91 95
92 response.follow()
93 response = response.follow()
94 response.mustcontain("""newtestuser""")
95
96 96 def test_create_err(self):
97 97 self.log_user()
98 98 username = 'new_user'
99 99 password = ''
100 100 name = u'name'
101 101 lastname = u'lastname'
102 102 email = 'errmail.example.com'
103 103
104 104 response = self.app.post(url('users'), {'username': username,
105 105 'password': password,
106 106 'name': name,
107 107 'active': False,
108 108 'lastname': lastname,
109 109 'email': email,
110 110 '_authentication_token': self.authentication_token()})
111 111
112 112 msg = validators.ValidUsername(False, {})._messages['system_invalid_username']
113 113 msg = h.html_escape(msg % {'username': 'new_user'})
114 114 response.mustcontain("""<span class="error-message">%s</span>""" % msg)
115 115 response.mustcontain("""<span class="error-message">Please enter a value</span>""")
116 116 response.mustcontain("""<span class="error-message">An email address must contain a single @</span>""")
117 117
118 118 def get_user():
119 119 Session().query(User).filter(User.username == username).one()
120 120
121 121 with pytest.raises(NoResultFound):
122 122 get_user(), 'found user in database'
123 123
124 124 def test_new(self):
125 125 self.log_user()
126 126 response = self.app.get(url('new_user'))
127 127
128 128 @parametrize('name,attrs',
129 129 [('firstname', {'firstname': 'new_username'}),
130 130 ('lastname', {'lastname': 'new_username'}),
131 131 ('admin', {'admin': True}),
132 132 ('admin', {'admin': False}),
133 133 ('extern_type', {'extern_type': 'ldap'}),
134 134 ('extern_type', {'extern_type': None}),
135 135 ('extern_name', {'extern_name': 'test'}),
136 136 ('extern_name', {'extern_name': None}),
137 137 ('active', {'active': False}),
138 138 ('active', {'active': True}),
139 139 ('email', {'email': 'someemail@example.com'}),
140 140 # ('new_password', {'new_password': 'foobar123',
141 141 # 'password_confirmation': 'foobar123'})
142 142 ])
143 143 def test_update(self, name, attrs):
144 144 self.log_user()
145 145 usr = fixture.create_user(self.test_user_1, password='qweqwe',
146 146 email='testme@example.com',
147 147 extern_type='internal',
148 148 extern_name=self.test_user_1,
149 149 skip_if_exists=True)
150 150 Session().commit()
151 151 params = usr.get_api_data(True)
152 152 params.update({'password_confirmation': ''})
153 153 params.update({'new_password': ''})
154 154 params.update(attrs)
155 155 if name == 'email':
156 156 params['emails'] = [attrs['email']]
157 157 if name == 'extern_type':
158 158 #cannot update this via form, expected value is original one
159 159 params['extern_type'] = "internal"
160 160 if name == 'extern_name':
161 161 #cannot update this via form, expected value is original one
162 162 params['extern_name'] = self.test_user_1
163 163 # special case since this user is not
164 164 # logged in yet his data is not filled
165 165 # so we use creation data
166 166
167 167 params.update({'_authentication_token': self.authentication_token()})
168 168 response = self.app.post(url('update_user', id=usr.user_id), params)
169 169 self.checkSessionFlash(response, 'User updated successfully')
170 170 params.pop('_authentication_token')
171 171
172 172 updated_user = User.get_by_username(self.test_user_1)
173 173 updated_params = updated_user.get_api_data(True)
174 174 updated_params.update({'password_confirmation': ''})
175 175 updated_params.update({'new_password': ''})
176 176
177 177 assert params == updated_params
178 178
179 179 def test_delete(self):
180 180 self.log_user()
181 181 username = 'newtestuserdeleteme'
182 182
183 183 fixture.create_user(name=username)
184 184
185 185 new_user = Session().query(User) \
186 186 .filter(User.username == username).one()
187 187 response = self.app.post(url('delete_user', id=new_user.user_id),
188 188 params={'_authentication_token': self.authentication_token()})
189 189
190 190 self.checkSessionFlash(response, 'Successfully deleted user')
191 191
192 192 def test_delete_repo_err(self):
193 193 self.log_user()
194 194 username = 'repoerr'
195 195 reponame = u'repoerr_fail'
196 196
197 197 fixture.create_user(name=username)
198 198 fixture.create_repo(name=reponame, cur_user=username)
199 199
200 200 new_user = Session().query(User) \
201 201 .filter(User.username == username).one()
202 202 response = self.app.post(url('delete_user', id=new_user.user_id),
203 203 params={'_authentication_token': self.authentication_token()})
204 204 self.checkSessionFlash(response, 'User "%s" still '
205 205 'owns 1 repositories and cannot be removed. '
206 206 'Switch owners or remove those repositories: '
207 207 '%s' % (username, reponame))
208 208
209 209 response = self.app.post(url('delete_repo', repo_name=reponame),
210 210 params={'_authentication_token': self.authentication_token()})
211 211 self.checkSessionFlash(response, 'Deleted repository %s' % reponame)
212 212
213 213 response = self.app.post(url('delete_user', id=new_user.user_id),
214 214 params={'_authentication_token': self.authentication_token()})
215 215 self.checkSessionFlash(response, 'Successfully deleted user')
216 216
217 217 def test_delete_repo_group_err(self, user_and_repo_group_fail):
218 218 self.log_user()
219 219 username = 'repogrouperr'
220 220 groupname = u'repogroup_fail'
221 221
222 222 new_user = Session().query(User) \
223 223 .filter(User.username == username).one()
224 224 response = self.app.post(url('delete_user', id=new_user.user_id),
225 225 params={'_authentication_token': self.authentication_token()})
226 226 self.checkSessionFlash(response, 'User "%s" still '
227 227 'owns 1 repository groups and cannot be removed. '
228 228 'Switch owners or remove those repository groups: '
229 229 '%s' % (username, groupname))
230 230
231 231 # Relevant _if_ the user deletion succeeded to make sure we can render groups without owner
232 232 # rg = RepoGroup.get_by_group_name(group_name=groupname)
233 233 # response = self.app.get(url('repos_groups', id=rg.group_id))
234 234
235 235 response = self.app.post(url('delete_repo_group', group_name=groupname),
236 236 params={'_authentication_token': self.authentication_token()})
237 237 self.checkSessionFlash(response, 'Removed repository group %s' % groupname)
238 238
239 239 response = self.app.post(url('delete_user', id=new_user.user_id),
240 240 params={'_authentication_token': self.authentication_token()})
241 241 self.checkSessionFlash(response, 'Successfully deleted user')
242 242
243 243 def test_delete_user_group_err(self):
244 244 self.log_user()
245 245 username = 'usergrouperr'
246 246 groupname = u'usergroup_fail'
247 247
248 248 fixture.create_user(name=username)
249 249 ug = fixture.create_user_group(name=groupname, cur_user=username)
250 250
251 251 new_user = Session().query(User) \
252 252 .filter(User.username == username).one()
253 253 response = self.app.post(url('delete_user', id=new_user.user_id),
254 254 params={'_authentication_token': self.authentication_token()})
255 255 self.checkSessionFlash(response, 'User "%s" still '
256 256 'owns 1 user groups and cannot be removed. '
257 257 'Switch owners or remove those user groups: '
258 258 '%s' % (username, groupname))
259 259
260 260 # TODO: why do this fail?
261 261 #response = self.app.delete(url('delete_users_group', id=groupname))
262 262 #self.checkSessionFlash(response, 'Removed user group %s' % groupname)
263 263
264 264 fixture.destroy_user_group(ug.users_group_id)
265 265
266 266 response = self.app.post(url('delete_user', id=new_user.user_id),
267 267 params={'_authentication_token': self.authentication_token()})
268 268 self.checkSessionFlash(response, 'Successfully deleted user')
269 269
270 270 def test_edit(self):
271 271 self.log_user()
272 272 user = User.get_by_username(TEST_USER_ADMIN_LOGIN)
273 273 response = self.app.get(url('edit_user', id=user.user_id))
274 274
275 275 def test_add_perm_create_repo(self):
276 276 self.log_user()
277 277 perm_none = Permission.get_by_key('hg.create.none')
278 278 perm_create = Permission.get_by_key('hg.create.repository')
279 279
280 280 user = UserModel().create_or_update(username='dummy', password='qwe',
281 281 email='dummy', firstname=u'a',
282 282 lastname=u'b')
283 283 Session().commit()
284 284 uid = user.user_id
285 285
286 286 try:
287 287 #User should have None permission on creation repository
288 288 assert UserModel().has_perm(user, perm_none) == False
289 289 assert UserModel().has_perm(user, perm_create) == False
290 290
291 291 response = self.app.post(url('edit_user_perms_update', id=uid),
292 292 params=dict(create_repo_perm=True,
293 293 _authentication_token=self.authentication_token()))
294 294
295 295 perm_none = Permission.get_by_key('hg.create.none')
296 296 perm_create = Permission.get_by_key('hg.create.repository')
297 297
298 298 #User should have None permission on creation repository
299 299 assert UserModel().has_perm(uid, perm_none) == False
300 300 assert UserModel().has_perm(uid, perm_create) == True
301 301 finally:
302 302 UserModel().delete(uid)
303 303 Session().commit()
304 304
305 305 def test_revoke_perm_create_repo(self):
306 306 self.log_user()
307 307 perm_none = Permission.get_by_key('hg.create.none')
308 308 perm_create = Permission.get_by_key('hg.create.repository')
309 309
310 310 user = UserModel().create_or_update(username='dummy', password='qwe',
311 311 email='dummy', firstname=u'a',
312 312 lastname=u'b')
313 313 Session().commit()
314 314 uid = user.user_id
315 315
316 316 try:
317 317 #User should have None permission on creation repository
318 318 assert UserModel().has_perm(user, perm_none) == False
319 319 assert UserModel().has_perm(user, perm_create) == False
320 320
321 321 response = self.app.post(url('edit_user_perms_update', id=uid),
322 322 params=dict(_authentication_token=self.authentication_token()))
323 323
324 324 perm_none = Permission.get_by_key('hg.create.none')
325 325 perm_create = Permission.get_by_key('hg.create.repository')
326 326
327 327 #User should have None permission on creation repository
328 328 assert UserModel().has_perm(uid, perm_none) == True
329 329 assert UserModel().has_perm(uid, perm_create) == False
330 330 finally:
331 331 UserModel().delete(uid)
332 332 Session().commit()
333 333
334 334 def test_add_perm_fork_repo(self):
335 335 self.log_user()
336 336 perm_none = Permission.get_by_key('hg.fork.none')
337 337 perm_fork = Permission.get_by_key('hg.fork.repository')
338 338
339 339 user = UserModel().create_or_update(username='dummy', password='qwe',
340 340 email='dummy', firstname=u'a',
341 341 lastname=u'b')
342 342 Session().commit()
343 343 uid = user.user_id
344 344
345 345 try:
346 346 #User should have None permission on creation repository
347 347 assert UserModel().has_perm(user, perm_none) == False
348 348 assert UserModel().has_perm(user, perm_fork) == False
349 349
350 350 response = self.app.post(url('edit_user_perms_update', id=uid),
351 351 params=dict(create_repo_perm=True,
352 352 _authentication_token=self.authentication_token()))
353 353
354 354 perm_none = Permission.get_by_key('hg.create.none')
355 355 perm_create = Permission.get_by_key('hg.create.repository')
356 356
357 357 #User should have None permission on creation repository
358 358 assert UserModel().has_perm(uid, perm_none) == False
359 359 assert UserModel().has_perm(uid, perm_create) == True
360 360 finally:
361 361 UserModel().delete(uid)
362 362 Session().commit()
363 363
364 364 def test_revoke_perm_fork_repo(self):
365 365 self.log_user()
366 366 perm_none = Permission.get_by_key('hg.fork.none')
367 367 perm_fork = Permission.get_by_key('hg.fork.repository')
368 368
369 369 user = UserModel().create_or_update(username='dummy', password='qwe',
370 370 email='dummy', firstname=u'a',
371 371 lastname=u'b')
372 372 Session().commit()
373 373 uid = user.user_id
374 374
375 375 try:
376 376 #User should have None permission on creation repository
377 377 assert UserModel().has_perm(user, perm_none) == False
378 378 assert UserModel().has_perm(user, perm_fork) == False
379 379
380 380 response = self.app.post(url('edit_user_perms_update', id=uid),
381 381 params=dict(_authentication_token=self.authentication_token()))
382 382
383 383 perm_none = Permission.get_by_key('hg.create.none')
384 384 perm_create = Permission.get_by_key('hg.create.repository')
385 385
386 386 #User should have None permission on creation repository
387 387 assert UserModel().has_perm(uid, perm_none) == True
388 388 assert UserModel().has_perm(uid, perm_create) == False
389 389 finally:
390 390 UserModel().delete(uid)
391 391 Session().commit()
392 392
393 393 def test_ips(self):
394 394 self.log_user()
395 395 user = User.get_by_username(TEST_USER_REGULAR_LOGIN)
396 396 response = self.app.get(url('edit_user_ips', id=user.user_id))
397 397 response.mustcontain('All IP addresses are allowed')
398 398
399 399 @parametrize('test_name,ip,ip_range,failure', [
400 400 ('127/24', '127.0.0.1/24', '127.0.0.0 - 127.0.0.255', False),
401 401 ('10/32', '10.0.0.10/32', '10.0.0.10 - 10.0.0.10', False),
402 402 ('0/16', '0.0.0.0/16', '0.0.0.0 - 0.0.255.255', False),
403 403 ('0/8', '0.0.0.0/8', '0.0.0.0 - 0.255.255.255', False),
404 404 ('127_bad_mask', '127.0.0.1/99', '127.0.0.1 - 127.0.0.1', True),
405 405 ('127_bad_ip', 'foobar', 'foobar', True),
406 406 ])
407 407 def test_add_ip(self, test_name, ip, ip_range, failure, auto_clear_ip_permissions):
408 408 self.log_user()
409 409 user = User.get_by_username(TEST_USER_REGULAR_LOGIN)
410 410 user_id = user.user_id
411 411
412 412 response = self.app.post(url('edit_user_ips_update', id=user_id),
413 413 params=dict(new_ip=ip, _authentication_token=self.authentication_token()))
414 414
415 415 if failure:
416 416 self.checkSessionFlash(response, 'Please enter a valid IPv4 or IPv6 address')
417 417 response = self.app.get(url('edit_user_ips', id=user_id))
418 418 response.mustcontain(no=[ip])
419 419 response.mustcontain(no=[ip_range])
420 420
421 421 else:
422 422 response = self.app.get(url('edit_user_ips', id=user_id))
423 423 response.mustcontain(ip)
424 424 response.mustcontain(ip_range)
425 425
426 426 def test_delete_ip(self, auto_clear_ip_permissions):
427 427 self.log_user()
428 428 user = User.get_by_username(TEST_USER_REGULAR_LOGIN)
429 429 user_id = user.user_id
430 430 ip = '127.0.0.1/32'
431 431 ip_range = '127.0.0.1 - 127.0.0.1'
432 432 new_ip = UserModel().add_extra_ip(user_id, ip)
433 433 Session().commit()
434 434 new_ip_id = new_ip.ip_id
435 435
436 436 response = self.app.get(url('edit_user_ips', id=user_id))
437 437 response.mustcontain(ip)
438 438 response.mustcontain(ip_range)
439 439
440 440 self.app.post(url('edit_user_ips_delete', id=user_id),
441 441 params=dict(del_ip_id=new_ip_id, _authentication_token=self.authentication_token()))
442 442
443 443 response = self.app.get(url('edit_user_ips', id=user_id))
444 444 response.mustcontain('All IP addresses are allowed')
445 445 response.mustcontain(no=[ip])
446 446 response.mustcontain(no=[ip_range])
447 447
448 448 def test_api_keys(self):
449 449 self.log_user()
450 450
451 451 user = User.get_by_username(TEST_USER_REGULAR_LOGIN)
452 452 response = self.app.get(url('edit_user_api_keys', id=user.user_id))
453 453 response.mustcontain(user.api_key)
454 454 response.mustcontain('Expires: Never')
455 455
456 456 @parametrize('desc,lifetime', [
457 457 ('forever', -1),
458 458 ('5mins', 60*5),
459 459 ('30days', 60*60*24*30),
460 460 ])
461 461 def test_add_api_keys(self, desc, lifetime):
462 462 self.log_user()
463 463 user = User.get_by_username(TEST_USER_REGULAR_LOGIN)
464 464 user_id = user.user_id
465 465
466 466 response = self.app.post(url('edit_user_api_keys_update', id=user_id),
467 467 {'description': desc, 'lifetime': lifetime, '_authentication_token': self.authentication_token()})
468 468 self.checkSessionFlash(response, 'API key successfully created')
469 469 try:
470 470 response = response.follow()
471 471 user = User.get(user_id)
472 472 for api_key in user.api_keys:
473 473 response.mustcontain(api_key)
474 474 finally:
475 475 for api_key in UserApiKeys.query().filter(UserApiKeys.user_id == user_id).all():
476 476 Session().delete(api_key)
477 477 Session().commit()
478 478
479 479 def test_remove_api_key(self):
480 480 self.log_user()
481 481 user = User.get_by_username(TEST_USER_REGULAR_LOGIN)
482 482 user_id = user.user_id
483 483
484 484 response = self.app.post(url('edit_user_api_keys_update', id=user_id),
485 485 {'description': 'desc', 'lifetime': -1, '_authentication_token': self.authentication_token()})
486 486 self.checkSessionFlash(response, 'API key successfully created')
487 487 response = response.follow()
488 488
489 489 #now delete our key
490 490 keys = UserApiKeys.query().filter(UserApiKeys.user_id == user_id).all()
491 491 assert 1 == len(keys)
492 492
493 493 response = self.app.post(url('edit_user_api_keys_delete', id=user_id),
494 494 {'del_api_key': keys[0].api_key, '_authentication_token': self.authentication_token()})
495 495 self.checkSessionFlash(response, 'API key successfully deleted')
496 496 keys = UserApiKeys.query().filter(UserApiKeys.user_id == user_id).all()
497 497 assert 0 == len(keys)
498 498
499 499 def test_reset_main_api_key(self):
500 500 self.log_user()
501 501 user = User.get_by_username(TEST_USER_REGULAR_LOGIN)
502 502 user_id = user.user_id
503 503 api_key = user.api_key
504 504 response = self.app.get(url('edit_user_api_keys', id=user_id))
505 505 response.mustcontain(api_key)
506 506 response.mustcontain('Expires: Never')
507 507
508 508 response = self.app.post(url('edit_user_api_keys_delete', id=user_id),
509 509 {'del_api_key_builtin': api_key, '_authentication_token': self.authentication_token()})
510 510 self.checkSessionFlash(response, 'API key successfully reset')
511 511 response = response.follow()
512 512 response.mustcontain(no=[api_key])
513 513
514 514
515 515 class TestAdminUsersController_unittest(object):
516 516 """ Unit tests for the users controller """
517 517
518 518 def test_get_user_or_raise_if_default(self, monkeypatch):
519 519 # flash complains about an non-existing session
520 520 def flash_mock(*args, **kwargs):
521 521 pass
522 522 monkeypatch.setattr(h, 'flash', flash_mock)
523 523
524 524 u = UsersController()
525 525 # a regular user should work correctly
526 526 user = User.get_by_username(TEST_USER_REGULAR_LOGIN)
527 527 assert u._get_user_or_raise_if_default(user.user_id) == user
528 528 # the default user should raise
529 529 with pytest.raises(HTTPNotFound):
530 530 u._get_user_or_raise_if_default(User.get_default_user().user_id)
531 531
532 532
533 533 class TestAdminUsersControllerForDefaultUser(TestController):
534 534 """
535 535 Edit actions on the default user are not allowed.
536 536 Validate that they throw a 404 exception.
537 537 """
538 538 def test_edit_default_user(self):
539 539 self.log_user()
540 540 user = User.get_default_user()
541 541 response = self.app.get(url('edit_user', id=user.user_id), status=404)
542 542
543 543 def test_edit_advanced_default_user(self):
544 544 self.log_user()
545 545 user = User.get_default_user()
546 546 response = self.app.get(url('edit_user_advanced', id=user.user_id), status=404)
547 547
548 548 # API keys
549 549 def test_edit_api_keys_default_user(self):
550 550 self.log_user()
551 551 user = User.get_default_user()
552 552 response = self.app.get(url('edit_user_api_keys', id=user.user_id), status=404)
553 553
554 554 def test_add_api_keys_default_user(self):
555 555 self.log_user()
556 556 user = User.get_default_user()
557 557 response = self.app.post(url('edit_user_api_keys_update', id=user.user_id),
558 558 {'_authentication_token': self.authentication_token()}, status=404)
559 559
560 560 def test_delete_api_keys_default_user(self):
561 561 self.log_user()
562 562 user = User.get_default_user()
563 563 response = self.app.post(url('edit_user_api_keys_delete', id=user.user_id),
564 564 {'_authentication_token': self.authentication_token()}, status=404)
565 565
566 566 # Permissions
567 567 def test_edit_perms_default_user(self):
568 568 self.log_user()
569 569 user = User.get_default_user()
570 570 response = self.app.get(url('edit_user_perms', id=user.user_id), status=404)
571 571
572 572 def test_update_perms_default_user(self):
573 573 self.log_user()
574 574 user = User.get_default_user()
575 575 response = self.app.post(url('edit_user_perms_update', id=user.user_id),
576 576 {'_authentication_token': self.authentication_token()}, status=404)
577 577
578 578 # Emails
579 579 def test_edit_emails_default_user(self):
580 580 self.log_user()
581 581 user = User.get_default_user()
582 582 response = self.app.get(url('edit_user_emails', id=user.user_id), status=404)
583 583
584 584 def test_add_emails_default_user(self):
585 585 self.log_user()
586 586 user = User.get_default_user()
587 587 response = self.app.post(url('edit_user_emails_update', id=user.user_id),
588 588 {'_authentication_token': self.authentication_token()}, status=404)
589 589
590 590 def test_delete_emails_default_user(self):
591 591 self.log_user()
592 592 user = User.get_default_user()
593 593 response = self.app.post(url('edit_user_emails_delete', id=user.user_id),
594 594 {'_authentication_token': self.authentication_token()}, status=404)
595 595
596 596 # IP addresses
597 597 # Add/delete of IP addresses for the default user is used to maintain
598 598 # the global IP whitelist and thus allowed. Only 'edit' is forbidden.
599 599 def test_edit_ip_default_user(self):
600 600 self.log_user()
601 601 user = User.get_default_user()
602 602 response = self.app.get(url('edit_user_ips', id=user.user_id), status=404)
General Comments 0
You need to be logged in to leave comments. Login now