Changeset - d5b837c8b451
Parent rev.
Child rev.
[Not reviewed]
default
0 3 0
Mads Kiilerich - 9 years ago 2016-09-25 17:21:07
madski@unity3d.com
users: use the form URL for POST so the htmlfill error page URL will be the same as the initial form URL.

This also reveals that a test used a GET route for POST - they just happened to
be the same.

These problems can probably be found in many places - there should be a general
cleanup.
3 files changed with 6 insertions and 5 deletions:
kallithea/config/routing.py
1
1
kallithea/templates/admin/users/user_add.html
1
1
kallithea/tests/functional/test_admin_users.py
4
3
0 comments (0 inline, 0 general)
kallithea/config/routing.py
Show inline comments
 
# -*- coding: utf-8 -*-
 
# This program is free software: you can redistribute it and/or modify
 
# it under the terms of the GNU General Public License as published by
 
# the Free Software Foundation, either version 3 of the License, or
 
# (at your option) any later version.
 
#
 
# This program is distributed in the hope that it will be useful,
 
# but WITHOUT ANY WARRANTY; without even the implied warranty of
 
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 
# GNU General Public License for more details.
 
#
 
# You should have received a copy of the GNU General Public License
 
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
"""
 
Routes configuration
 

			




	
	
	
		
 
The more specific and detailed routes should be defined first so they

			




	
	
	
		
 
may take precedent over the more generic routes. For more information

			




	
	
	
		
 
refer to the routes manual at http://routes.groovie.org/docs/

			




	
	
	
		
 
"""

			




	
	
	
		
 

			




	
	
	
		
 
from pylons import request

			




	
	
	
		
 
from routes import Mapper

			




	
	
	
		
 

			




	
	
	
		
 
# prefix for non repository related links needs to be prefixed with `/`

			




	
	
	
		
 
ADMIN_PREFIX = '/_admin'

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def make_map(config):

			




	
	
	
		
 
    """Create, configure and return the routes Mapper"""

			




	
	
	
		
 
    rmap = Mapper(directory=config['pylons.paths']['controllers'],

			




	
	
	
		
 
                  always_scan=config['debug'])

			




	
	
	
		
 
    rmap.minimization = False

			




	
	
	
		
 
    rmap.explicit = False

			




	
	
	
		
 

			




	
	
	
		
 
    from kallithea.lib.utils import (is_valid_repo, is_valid_repo_group,

			




	
	
	
		
 
                                     get_repo_by_id)

			




	
	
	
		
 

			




	
	
	
		
 
    def check_repo(environ, match_dict):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        check for valid repository for proper 404 handling

			




	
	
	
		
 

			




	
	
	
		
 
        :param environ:

			




	
	
	
		
 
        :param match_dict:

			




	
	
	
		
 
        """

			




	
	
	
		
 
        repo_name = match_dict.get('repo_name')

			




	
	
	
		
 

			




	
	
	
		
 
        if match_dict.get('f_path'):

			




	
	
	
		
 
            #fix for multiple initial slashes that causes errors

			




	
	
	
		
 
            match_dict['f_path'] = match_dict['f_path'].lstrip('/')

			




	
	
	
		
 

			




	
	
	
		
 
        by_id_match = get_repo_by_id(repo_name)

			




	
	
	
		
 
        if by_id_match:

			




	
	
	
		
 
            repo_name = by_id_match

			




	
	
	
		
 
            match_dict['repo_name'] = repo_name

			




	
	
	
		
 

			




	
	
	
		
 
        return is_valid_repo(repo_name, config['base_path'])

			




	
	
	
		
 

			




	
	
	
		
 
    def check_group(environ, match_dict):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        check for valid repository group for proper 404 handling

			




	
	
	
		
 

			




	
	
	
		
 
        :param environ:

			




	
	
	
		
 
        :param match_dict:

			




	
	
	
		
 
        """

			




	
	
	
		
 
        repo_group_name = match_dict.get('group_name')

			




	
	
	
		
 
        return is_valid_repo_group(repo_group_name, config['base_path'])

			




	
	
	
		
 

			




	
	
	
		
 
    def check_group_skip_path(environ, match_dict):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        check for valid repository group for proper 404 handling, but skips

			




	
	
	
		
 
        verification of existing path

			




	
	
	
		
 

			




	
	
	
		
 
        :param environ:

			




	
	
	
		
 
        :param match_dict:

			




	
	
	
		
 
        """

			




	
	
	
		
 
        repo_group_name = match_dict.get('group_name')

			




	
	
	
		
 
        return is_valid_repo_group(repo_group_name, config['base_path'],

			




	
	
	
		
 
                                   skip_path_check=True)

			




	
	
	
		
 

			




	
	
	
		
 
    def check_user_group(environ, match_dict):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        check for valid user group for proper 404 handling

			




	
	
	
		
 

			




	
	
	
		
 
        :param environ:

			




	
	
	
		
 
        :param match_dict:

			




	
	
	
		
 
        """

			




	
	
	
		
 
        return True

			




	
	
	
		
 

			




	
	
	
		
 
    def check_int(environ, match_dict):

			




	
	
	
		
 
        return match_dict.get('id').isdigit()

			




	
	
	
		
 

			




	
	
	
		
 
    # The ErrorController route (handles 404/500 error pages); it should

			




	
	
	
		
 
    # likely stay at the top, ensuring it can always be resolved

			




	
	
	
		
 
    rmap.connect('/error/{action}', controller='error')

			




	
	
	
		
 
    rmap.connect('/error/{action}/{id}', controller='error')

			




	
	
	
		
 

			




	
	
	
		
 
    #==========================================================================

			




	
	
	
		
 
    # CUSTOM ROUTES HERE

			




	
	
	
		
 
    #==========================================================================

			




	
	
	
		
 

			




	
	
	
		
 
    #MAIN PAGE

			




	
	
	
		
 
    rmap.connect('home', '/', controller='home', action='index')

			




	
	
	
		
 
    rmap.connect('about', '/about', controller='home', action='about')

			




	
	
	
		
 
    rmap.connect('repo_switcher_data', '/_repos', controller='home',

			




	
	
	
		
 
                 action='repo_switcher_data')

			




	
	
	
		
 

			




	
	
	
		
 
    rmap.connect('rst_help',

			




	
	
	
		
 
                 "http://docutils.sourceforge.net/docs/user/rst/quickref.html",

			




	
	
	
		
 
                 _static=True)

			




	
	
	
		
 
    rmap.connect('kallithea_project_url', "https://kallithea-scm.org/", _static=True)

			




	
	
	
		
 
    rmap.connect('issues_url', 'https://bitbucket.org/conservancy/kallithea/issues', _static=True)

			




	
	
	
		
 

			




	
	
	
		
 
    #ADMIN REPOSITORY ROUTES

			




	
	
	
		
 
    with rmap.submapper(path_prefix=ADMIN_PREFIX,

			




	
	
	
		
 
                        controller='admin/repos') as m:

			




	
	
	
		
 
        m.connect("repos", "/repos",

			




	
	
	
		
 
                  action="create", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("repos", "/repos",

			




	
	
	
		
 
                  action="index", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("new_repo", "/create_repository",

			




	
	
	
		
 
                  action="create_repository", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("update_repo", "/repos/{repo_name:.*?}",

			




	
	
	
		
 
                  action="update", conditions=dict(method=["POST"],

			




	
	
	
		
 
                  function=check_repo))

			




	
	
	
		
 
        m.connect("delete_repo", "/repos/{repo_name:.*?}/delete",

			




	
	
	
		
 
                  action="delete", conditions=dict(method=["POST"]))

			




	
	
	
		
 

			




	
	
	
		
 
    #ADMIN REPOSITORY GROUPS ROUTES

			




	
	
	
		
 
    with rmap.submapper(path_prefix=ADMIN_PREFIX,

			




	
	
	
		
 
                        controller='admin/repo_groups') as m:

			




	
	
	
		
 
        m.connect("repos_groups", "/repo_groups",

			




	
	
	
		
 
                  action="create", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("repos_groups", "/repo_groups",

			




	
	
	
		
 
                  action="index", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("new_repos_group", "/repo_groups/new",

			




	
	
	
		
 
                  action="new", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("update_repos_group", "/repo_groups/{group_name:.*?}",

			




	
	
	
		
 
                  action="update", conditions=dict(method=["POST"],

			




	
	
	
		
 
                                                   function=check_group))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("repos_group", "/repo_groups/{group_name:.*?}",

			




	
	
	
		
 
                  action="show", conditions=dict(method=["GET"],

			




	
	
	
		
 
                                                 function=check_group))

			




	
	
	
		
 

			




	
	
	
		
 
        #EXTRAS REPO GROUP ROUTES

			




	
	
	
		
 
        m.connect("edit_repo_group", "/repo_groups/{group_name:.*?}/edit",

			




	
	
	
		
 
                  action="edit",

			




	
	
	
		
 
                  conditions=dict(method=["GET"], function=check_group))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_repo_group_advanced", "/repo_groups/{group_name:.*?}/edit/advanced",

			




	
	
	
		
 
                  action="edit_repo_group_advanced",

			




	
	
	
		
 
                  conditions=dict(method=["GET"], function=check_group))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_repo_group_perms", "/repo_groups/{group_name:.*?}/edit/permissions",

			




	
	
	
		
 
                  action="edit_repo_group_perms",

			




	
	
	
		
 
                  conditions=dict(method=["GET"], function=check_group))

			




	
	
	
		
 
        m.connect("edit_repo_group_perms_update", "/repo_groups/{group_name:.*?}/edit/permissions",

			




	
	
	
		
 
                  action="update_perms",

			




	
	
	
		
 
                  conditions=dict(method=["POST"], function=check_group))

			




	
	
	
		
 
        m.connect("edit_repo_group_perms_delete", "/repo_groups/{group_name:.*?}/edit/permissions/delete",

			




	
	
	
		
 
                  action="delete_perms",

			




	
	
	
		
 
                  conditions=dict(method=["POST"], function=check_group))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("delete_repo_group", "/repo_groups/{group_name:.*?}/delete",

			




	
	
	
		
 
                  action="delete", conditions=dict(method=["POST"],

			




	
	
	
		
 
                                                   function=check_group_skip_path))

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
    #ADMIN USER ROUTES

			




	
	
	
		
 
    with rmap.submapper(path_prefix=ADMIN_PREFIX,

			




	
	
	
		
 
                        controller='admin/users') as m:

			




	
	
	
		
 
        m.connect("users", "/users",

			




	
	
	
		
 
        m.connect("new_user", "/users/new",

			




	
	
	
		
 
                  action="create", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("users", "/users",

			




	
	
	
		
 
                  action="index", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("formatted_users", "/users.{format}",

			




	
	
	
		
 
                  action="index", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("new_user", "/users/new",

			




	
	
	
		
 
                  action="new", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("update_user", "/users/{id}",

			




	
	
	
		
 
                  action="update", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("delete_user", "/users/{id}/delete",

			




	
	
	
		
 
                  action="delete", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("edit_user", "/users/{id}/edit",

			




	
	
	
		
 
                  action="edit", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        #EXTRAS USER ROUTES

			




	
	
	
		
 
        m.connect("edit_user_advanced", "/users/{id}/edit/advanced",

			




	
	
	
		
 
                  action="edit_advanced", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_user_api_keys", "/users/{id}/edit/api_keys",

			




	
	
	
		
 
                  action="edit_api_keys", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("edit_user_api_keys_update", "/users/{id}/edit/api_keys",

			




	
	
	
		
 
                  action="add_api_key", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("edit_user_api_keys_delete", "/users/{id}/edit/api_keys/delete",

			




	
	
	
		
 
                  action="delete_api_key", conditions=dict(method=["POST"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_user_perms", "/users/{id}/edit/permissions",

			




	
	
	
		
 
                  action="edit_perms", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("edit_user_perms_update", "/users/{id}/edit/permissions",

			




	
	
	
		
 
                  action="update_perms", conditions=dict(method=["POST"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_user_emails", "/users/{id}/edit/emails",

			




	
	
	
		
 
                  action="edit_emails", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("edit_user_emails_update", "/users/{id}/edit/emails",

			




	
	
	
		
 
                  action="add_email", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("edit_user_emails_delete", "/users/{id}/edit/emails/delete",

			




	
	
	
		
 
                  action="delete_email", conditions=dict(method=["POST"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_user_ips", "/users/{id}/edit/ips",

			




	
	
	
		
 
                  action="edit_ips", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("edit_user_ips_update", "/users/{id}/edit/ips",

			




	
	
	
		
 
                  action="add_ip", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("edit_user_ips_delete", "/users/{id}/edit/ips/delete",

			




	
	
	
		
 
                  action="delete_ip", conditions=dict(method=["POST"]))

			




	
	
	
		
 

			




	
	
	
		
 
    #ADMIN USER GROUPS REST ROUTES

			




	
	
	
		
 
    with rmap.submapper(path_prefix=ADMIN_PREFIX,

			




	
	
	
		
 
                        controller='admin/user_groups') as m:

			




	
	
	
		
 
        m.connect("users_groups", "/user_groups",

			




	
	
	
		
 
                  action="create", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("users_groups", "/user_groups",

			




	
	
	
		
 
                  action="index", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("new_users_group", "/user_groups/new",

			




	
	
	
		
 
                  action="new", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("update_users_group", "/user_groups/{id}",

			




	
	
	
		
 
                  action="update", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("delete_users_group", "/user_groups/{id}/delete",

			




	
	
	
		
 
                  action="delete", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("edit_users_group", "/user_groups/{id}/edit",

			




	
	
	
		
 
                  action="edit", conditions=dict(method=["GET"]),

			




	
	
	
		
 
                  function=check_user_group)

			




	
	
	
		
 

			




	
	
	
		
 
        #EXTRAS USER GROUP ROUTES

			




	
	
	
		
 
        m.connect("edit_user_group_default_perms", "/user_groups/{id}/edit/default_perms",

			




	
	
	
		
 
                  action="edit_default_perms", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("edit_user_group_default_perms_update", "/user_groups/{id}/edit/default_perms",

			




	
	
	
		
 
                  action="update_default_perms", conditions=dict(method=["POST"]))

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_user_group_perms", "/user_groups/{id}/edit/perms",

			




	
	
	
		
 
                  action="edit_perms", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("edit_user_group_perms_update", "/user_groups/{id}/edit/perms",

			




	
	
	
		
 
                  action="update_perms", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("edit_user_group_perms_delete", "/user_groups/{id}/edit/perms/delete",

			




	
	
	
		
 
                  action="delete_perms", conditions=dict(method=["POST"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_user_group_advanced", "/user_groups/{id}/edit/advanced",

			




	
	
	
		
 
                  action="edit_advanced", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_user_group_members", "/user_groups/{id}/edit/members",

			




	
	
	
		
 
                  action="edit_members", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
    #ADMIN PERMISSIONS ROUTES

			




	
	
	
		
 
    with rmap.submapper(path_prefix=ADMIN_PREFIX,

			




	
	
	
		
 
                        controller='admin/permissions') as m:

			




	
	
	
		
 
        m.connect("admin_permissions", "/permissions",

			




	
	
	
		
 
                  action="permission_globals", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("admin_permissions", "/permissions",

			




	
	
	
		
 
                  action="permission_globals", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("admin_permissions_ips", "/permissions/ips",

			




	
	
	
		
 
                  action="permission_ips", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("admin_permissions_perms", "/permissions/perms",

			




	
	
	
		
 
                  action="permission_perms", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
    #ADMIN DEFAULTS ROUTES

			




	
	
	
		
 
    with rmap.submapper(path_prefix=ADMIN_PREFIX,

			




	
	
	
		
 
                        controller='admin/defaults') as m:

			




	
	
	
		
 
        m.connect('defaults', 'defaults',

			




	
	
	
		
 
                  action="index")

			




	
	
	
		
 
        m.connect('defaults_update', 'defaults/{id}/update',

			




	
	
	
		
 
                  action="update", conditions=dict(method=["POST"]))

			




	
	
	
		
 

			




	
	
	
		
 
    #ADMIN AUTH SETTINGS

			




	
	
	
		
 
    rmap.connect('auth_settings', '%s/auth' % ADMIN_PREFIX,

			




	
	
	
		
 
                 controller='admin/auth_settings', action='auth_settings',

			




	
	
	
		
 
                 conditions=dict(method=["POST"]))

			




	
	
	
		
 
    rmap.connect('auth_home', '%s/auth' % ADMIN_PREFIX,

			




	
	
	
		
 
                 controller='admin/auth_settings')

			




	
	
	
		
 

			




	
	
	
		
 
    #ADMIN SETTINGS ROUTES

			




	
	
	
		
 
    with rmap.submapper(path_prefix=ADMIN_PREFIX,

			




	
	
	
		
 
                        controller='admin/settings') as m:

			




	
	
	
		
 
        m.connect("admin_settings", "/settings",

			




	
	
	
		
 
                  action="settings_vcs", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("admin_settings", "/settings",

			




	
	
	
		
 
                  action="settings_vcs", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("admin_settings_mapping", "/settings/mapping",

			




	
	
	
		
 
                  action="settings_mapping", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("admin_settings_mapping", "/settings/mapping",

			




	
	
	
		
 
                  action="settings_mapping", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("admin_settings_global", "/settings/global",

			




	
	
	
		
 
                  action="settings_global", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("admin_settings_global", "/settings/global",

			




	
	
	
		
 
                  action="settings_global", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("admin_settings_visual", "/settings/visual",

			




	
	
	
		
 
                  action="settings_visual", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("admin_settings_visual", "/settings/visual",

			




	
	
	
		
 
                  action="settings_visual", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("admin_settings_email", "/settings/email",

			




	
	
	
		
 
                  action="settings_email", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("admin_settings_email", "/settings/email",

			




	
	
	
		
 
                  action="settings_email", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("admin_settings_hooks", "/settings/hooks",

			




	
	
	
		
 
                  action="settings_hooks", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("admin_settings_hooks_delete", "/settings/hooks/delete",

			




	
	
	
		
 
                  action="settings_hooks", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("admin_settings_hooks", "/settings/hooks",

			




	
	
	
		
 
                  action="settings_hooks", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("admin_settings_search", "/settings/search",

			




	
	
	
		
 
                  action="settings_search", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("admin_settings_search", "/settings/search",

			




	
	
	
		
 
                  action="settings_search", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("admin_settings_system", "/settings/system",

			




	
	
	
		
 
                  action="settings_system", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("admin_settings_system", "/settings/system",

			




	
	
	
		
 
                  action="settings_system", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("admin_settings_system_update", "/settings/system/updates",

			




	
	
	
		
 
                  action="settings_system_update", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
    #ADMIN MY ACCOUNT

			




	
	
	
		
 
    with rmap.submapper(path_prefix=ADMIN_PREFIX,

			




	
	
	
		
 
                        controller='admin/my_account') as m:

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("my_account", "/my_account",

			




	
	
	
		
 
                  action="my_account", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("my_account", "/my_account",

			




	
	
	
		
 
                  action="my_account", conditions=dict(method=["POST"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("my_account_password", "/my_account/password",

			




	
	
	
		
 
                  action="my_account_password", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("my_account_password", "/my_account/password",

			




	
	
	
		
 
                  action="my_account_password", conditions=dict(method=["POST"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("my_account_repos", "/my_account/repos",

			




	
	
	
		
 
                  action="my_account_repos", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("my_account_watched", "/my_account/watched",

			




	
	
	
		
 
                  action="my_account_watched", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("my_account_perms", "/my_account/perms",

			




	
	
	
		
 
                  action="my_account_perms", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("my_account_emails", "/my_account/emails",

			




	
	
	
		
 
                  action="my_account_emails", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("my_account_emails", "/my_account/emails",

			




	
	
	
		
 
                  action="my_account_emails_add", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("my_account_emails_delete", "/my_account/emails/delete",

			




	
	
	
		
 
                  action="my_account_emails_delete", conditions=dict(method=["POST"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("my_account_api_keys", "/my_account/api_keys",

			




	
	
	
		
 
                  action="my_account_api_keys", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("my_account_api_keys", "/my_account/api_keys",

			




	
	
	
		
 
                  action="my_account_api_keys_add", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("my_account_api_keys_delete", "/my_account/api_keys/delete",

			




	
	
	
		
 
                  action="my_account_api_keys_delete", conditions=dict(method=["POST"]))

			




	
	
	
		
 

			




	
	
	
		
 
    #NOTIFICATION REST ROUTES

			




	
	
	
		
 
    with rmap.submapper(path_prefix=ADMIN_PREFIX,

			




	
	
	
		
 
                        controller='admin/notifications') as m:

			




	
	
	
		
 
        m.connect("notifications", "/notifications",

			




	
	
	
		
 
                  action="index", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("notifications_mark_all_read", "/notifications/mark_all_read",

			




	
	
	
		
 
                  action="mark_all_read", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("formatted_notifications", "/notifications.{format}",

			




	
	
	
		
 
                  action="index", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("notification_update", "/notifications/{notification_id}/update",

			




	
	
	
		
 
                  action="update", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("notification_delete", "/notifications/{notification_id}/delete",

			




	
	
	
		
 
                  action="delete", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("notification", "/notifications/{notification_id}",

			




	
	
	
		
 
                  action="show", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("formatted_notification", "/notifications/{notification_id}.{format}",

			




	
	
	
		
 
                  action="show", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
    #ADMIN GIST

			




	
	
	
		
 
    with rmap.submapper(path_prefix=ADMIN_PREFIX,

			




	
	
	
		
 
                        controller='admin/gists') as m:

			




	
	
	
		
 
        m.connect("gists", "/gists",

			




	
	
	
		
 
                  action="create", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("gists", "/gists",

			




	
	
	
		
 
                  action="index", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("new_gist", "/gists/new",

			




	
	
	
		
 
                  action="new", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("gist_delete", "/gists/{gist_id}/delete",

			




	
	
	
		
 
                  action="delete", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("edit_gist", "/gists/{gist_id}/edit",

			




	
	
	
		
 
                  action="edit", conditions=dict(method=["GET", "POST"]))

			




	
	
	
		
 
        m.connect("edit_gist_check_revision", "/gists/{gist_id}/edit/check_revision",

			




	
	
	
		
 
                  action="check_revision", conditions=dict(method=["POST"]))

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("gist", "/gists/{gist_id}",

			




	
	
	
		
 
                  action="show", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("gist_rev", "/gists/{gist_id}/{revision}",

			




	
	
	
		
 
                  revision="tip",

			




	
	
	
		
 
                  action="show", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("formatted_gist", "/gists/{gist_id}/{revision}/{format}",

			




	
	
	
		
 
                  revision="tip",

			




	
	
	
		
 
                  action="show", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("formatted_gist_file", "/gists/{gist_id}/{revision}/{format}/{f_path:.*}",

			




	
	
	
		
 
                  revision='tip',

			




	
	
	
		
 
                  action="show", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
    #ADMIN MAIN PAGES

			




	
	
	
		
 
    with rmap.submapper(path_prefix=ADMIN_PREFIX,

			




	
	
	
		
 
                        controller='admin/admin') as m:

			




	
	
	
		
 
        m.connect('admin_home', '', action='index')

			




	
	
	
		
 
        m.connect('admin_add_repo', '/add_repo/{new_repo:[a-z0-9\. _-]*}',

			




	
	
	
		
 
                  action='add_repo')

			




	
	
	
		
 
    #==========================================================================

			




	
	
	
		
 
    # API V2

			




	
	
	
		
 
    #==========================================================================

			




	
	
	
		
 
    with rmap.submapper(path_prefix=ADMIN_PREFIX,

			




	
	
	
		
 
                        controller='api/api') as m:

			




	
	
	
		
 
        m.connect('api', '/api')

			




	
	
	
		
 

			




	
	
	
		
 
    #USER JOURNAL

			




	
	
	
		
 
    rmap.connect('journal', '%s/journal' % ADMIN_PREFIX,

			




	
	
	
		
 
                 controller='journal', action='index')

			




	
	
	
		
 
    rmap.connect('journal_rss', '%s/journal/rss' % ADMIN_PREFIX,

			




	
	
	
		
 
                 controller='journal', action='journal_rss')

			




	
	
	
		
 
    rmap.connect('journal_atom', '%s/journal/atom' % ADMIN_PREFIX,

			




	
	
	
		
 
                 controller='journal', action='journal_atom')

			




	
	
	
		
 

			




	
	
	
		
 
    rmap.connect('public_journal', '%s/public_journal' % ADMIN_PREFIX,

			




	
	
	
		
 
                 controller='journal', action="public_journal")

			




	
	
	
		
 

			




	
	
	
		
 
    rmap.connect('public_journal_rss', '%s/public_journal/rss' % ADMIN_PREFIX,

			




	
	
	
		
 
                 controller='journal', action="public_journal_rss")

			




	
	
	
		
 

			




	
	
	
		
 
    rmap.connect('public_journal_rss_old', '%s/public_journal_rss' % ADMIN_PREFIX,

			




	
	
	
		
 
                 controller='journal', action="public_journal_rss")

			




	
	
	
		
 

			




	
	
	
		
 
    rmap.connect('public_journal_atom',

			




	
	
	
		
 
                 '%s/public_journal/atom' % ADMIN_PREFIX, controller='journal',

			




	
	
	
		
 
                 action="public_journal_atom")

			




	
	
	
		
 

			




	
	
	
		
 
    rmap.connect('public_journal_atom_old',

			




	
	
	
		
 
                 '%s/public_journal_atom' % ADMIN_PREFIX, controller='journal',

			




	
	
	
		
 
                 action="public_journal_atom")

			




	
	
	
		
 

			




	
	
	
		
 
    rmap.connect('toggle_following', '%s/toggle_following' % ADMIN_PREFIX,

			




	
	
	
		
 
                 controller='journal', action='toggle_following',

			




	
	
	
		
 
                 conditions=dict(method=["POST"]))

			




	
	
	
		
 

			




	
	
	
		
 
    #SEARCH

			




	
	
	
		
 
    rmap.connect('search', '%s/search' % ADMIN_PREFIX, controller='search',)

			




	
	
	
		
 
    rmap.connect('search_repo_admin', '%s/search/{repo_name:.*}' % ADMIN_PREFIX,

			




	
	
	
		
 
                 controller='search',

			




	
	
	
		
 
                 conditions=dict(function=check_repo))

			




	
	
	
		
 
    rmap.connect('search_repo', '/{repo_name:.*?}/search',

			




	
	
	
		
 
                 controller='search',

			




	
	
	
		
 
                 conditions=dict(function=check_repo),

			




	
	
	
		
 
                 )

			




	
	
	
		
 

			




	
	
	
		
 
    #LOGIN/LOGOUT/REGISTER/SIGN IN

			




	
	
	
		
 
    rmap.connect('authentication_token', '%s/authentication_token' % ADMIN_PREFIX, controller='login', action='authentication_token')

			




	
	
	
		
 
    rmap.connect('login_home', '%s/login' % ADMIN_PREFIX, controller='login')

			




	
	
	
		
 
    rmap.connect('logout_home', '%s/logout' % ADMIN_PREFIX, controller='login',

			




	
	
	
		
 
                 action='logout')

			




	
	
	
		
 

			




	
	
	
		
 
    rmap.connect('register', '%s/register' % ADMIN_PREFIX, controller='login',

			




	
	
	
		
 
                 action='register')

			




	
	
	
		
 

			




	
	
	
		
 
    rmap.connect('reset_password', '%s/password_reset' % ADMIN_PREFIX,

			




	
	
	
		
 
                 controller='login', action='password_reset')

			




	
	
	
		
 

			




	
	
	
		
 
    rmap.connect('reset_password_confirmation',

			




	
	
	
		
 
                 '%s/password_reset_confirmation' % ADMIN_PREFIX,

			




	
	
	
		
 
                 controller='login', action='password_reset_confirmation')

			




	
	
	
		
 

			




	
	
	
		
 
    #FEEDS

			




	
	
	
		
 
    rmap.connect('rss_feed_home', '/{repo_name:.*?}/feed/rss',

			




	
	
	
		
 
                controller='feed', action='rss',

			




	
	
	
		
 
                conditions=dict(function=check_repo))

			




	
	
	
		
 

			




	
	
	
		
 
    rmap.connect('atom_feed_home', '/{repo_name:.*?}/feed/atom',

			




	
	
	
		
 
                controller='feed', action='atom',

			




	
	
	
		
 
                conditions=dict(function=check_repo))

			




	
	
	
		
 

			




	
	
	
		
 
    #==========================================================================

			




	
	
	
		
 
    # REPOSITORY ROUTES

			




	
	
	
		
 
    #==========================================================================

			




	
	
	
		
 
    rmap.connect('repo_creating_home', '/{repo_name:.*?}/repo_creating',

			




	
	
	
		
 
                controller='admin/repos', action='repo_creating')

			




	
	
	
		
 
    rmap.connect('repo_check_home', '/{repo_name:.*?}/crepo_check',

			




	
	
	
		
 
                controller='admin/repos', action='repo_check')

			




	
	
	
		
 

			




	
	
	
		
 
    rmap.connect('summary_home', '/{repo_name:.*?}',

			




	
	
	
		
 
                controller='summary',

			




	
	
	
		
 
                conditions=dict(function=check_repo))

			




	
	
	
		
 

			




	
	
	
		
 
    # must be here for proper group/repo catching

			




	
	
	
		
 
    rmap.connect('repos_group_home', '/{group_name:.*}',

			




	
	
	
		
 
                controller='admin/repo_groups', action="show_by_name",

			




	
	
	
		
 
                conditions=dict(function=check_group))

			




	
	
	
		
 
    rmap.connect('repo_stats_home', '/{repo_name:.*?}/statistics',

			




	
	
	
		
 
                controller='summary', action='statistics',

			




	
	
	
		
 
                conditions=dict(function=check_repo))

			




	
	
	
		
 

			




	
	
	
		
 
    rmap.connect('repo_size', '/{repo_name:.*?}/repo_size',

			




	
	
	
		
 
                controller='summary', action='repo_size',

			




	
	
	
		
 
                conditions=dict(function=check_repo))

			




	
	
	
		
 

			




	
	
	
		
 
    rmap.connect('repo_refs_data', '/{repo_name:.*?}/refs-data',

			




	
	
	
		
 
                 controller='home', action='repo_refs_data')

			




	
	
	
		
 

			




	
	
	
		
 
    rmap.connect('changeset_home', '/{repo_name:.*?}/changeset/{revision:.*}',

			




	
	
	
		
 
                controller='changeset', revision='tip',

			




	
	
	
		
 
                conditions=dict(function=check_repo))

			




	
	
	
		
 
    rmap.connect('changeset_children', '/{repo_name:.*?}/changeset_children/{revision}',

			




	
	
	
		
 
                controller='changeset', revision='tip', action="changeset_children",

			




	
	
	
		
 
                conditions=dict(function=check_repo))

			




	
	
	
		
 
    rmap.connect('changeset_parents', '/{repo_name:.*?}/changeset_parents/{revision}',

			




	
	
	
		
 
                controller='changeset', revision='tip', action="changeset_parents",

			




	
	
	
		
 
                conditions=dict(function=check_repo))

			




	
	
	
		
 

			




	
	
	
		
 
    # repo edit options

			




	
	
	
		
 
    rmap.connect("edit_repo", "/{repo_name:.*?}/settings",

			




	
	
	
		
 
                 controller='admin/repos', action="edit",

			




	
	
	
		
 
                 conditions=dict(method=["GET"], function=check_repo))

			




	
	
	
		
 

			




	
	
	
		
 
    rmap.connect("edit_repo_perms", "/{repo_name:.*?}/settings/permissions",

			




	
	
	
		
 
                 controller='admin/repos', action="edit_permissions",

			




	
	
	
		
 
                 conditions=dict(method=["GET"], function=check_repo))

			




	
	
	
		
 
    rmap.connect("edit_repo_perms_update", "/{repo_name:.*?}/settings/permissions",

			




	
	
	
		
 
                 controller='admin/repos', action="edit_permissions_update",

			




	
	
	
		
 
                 conditions=dict(method=["POST"], function=check_repo))

			




	
	
	
		
 
    rmap.connect("edit_repo_perms_revoke", "/{repo_name:.*?}/settings/permissions/delete",

			




	
	
	
		
 
                 controller='admin/repos', action="edit_permissions_revoke",

			




	
	
	
		
 
                 conditions=dict(method=["POST"], function=check_repo))

			




	
	
	
		
 

			




	
	
	
		
 
    rmap.connect("edit_repo_fields", "/{repo_name:.*?}/settings/fields",

			




	
	
	
		
 
                 controller='admin/repos', action="edit_fields",

			




	
	
	
		
 
                 conditions=dict(method=["GET"], function=check_repo))

			




	
	
	
		
 
    rmap.connect('create_repo_fields', "/{repo_name:.*?}/settings/fields/new",

			




	
	
	
		
 
                 controller='admin/repos', action="create_repo_field",

			




	
	
	
		
 
                 conditions=dict(method=["POST"], function=check_repo))

			




	
	
	
		
 
    rmap.connect('delete_repo_fields', "/{repo_name:.*?}/settings/fields/{field_id}/delete",

			




	
	
	
		
 
                 controller='admin/repos', action="delete_repo_field",

			




	
	
	
		
 
                 conditions=dict(method=["POST"], function=check_repo))

			




        

    


    
    

    

        

                

                    kallithea/templates/admin/users/user_add.html
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
	
		
 
## -*- coding: utf-8 -*-

			




	
	
	
		
 
<%inherit file="/base/base.html"/>

			




	
	
	
		
 

			




	
	
	
		
 
<%block name="title">

			




	
	
	
		
 
    ${_('Add user')}

			




	
	
	
		
 
</%block>

			




	
	
	
		
 
<%def name="breadcrumbs_links()">

			




	
	
	
		
 
    ${h.link_to(_('Admin'),h.url('admin_home'))}

			




	
	
	
		
 
    &raquo;

			




	
	
	
		
 
    ${h.link_to(_('Users'),h.url('users'))}

			




	
	
	
		
 
    &raquo;

			




	
	
	
		
 
    ${_('Add User')}

			




	
	
	
		
 
</%def>

			




	
	
	
		
 

			




	
	
	
		
 
<%block name="header_menu">

			




	
	
	
		
 
    ${self.menu('admin')}

			




	
	
	
		
 
</%block>

			




	
	
	
		
 

			




	
	
	
		
 
<%def name="main()">

			




	
	
	
		
 
<div class="box">

			




	
	
	
		
 
    <!-- box / title -->

			




	
	
	
		
 
    <div class="title">

			




	
	
	
		
 
        ${self.breadcrumbs()}

			




	
	
	
		
 
    </div>

			




	
	
	
		
 
    <!-- end box / title -->

			




	
	
	
		
 
    ${h.form(url('users'))}

			




	
	
	
		
 
    ${h.form(url('new_user'))}

			




	
	
	
		
 
    <div class="form">

			




	
	
	
		
 
        <!-- fields -->

			




	
	
	
		
 
        <div class="fields">

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label">

			




	
	
	
		
 
                    <label for="username">${_('Username')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="input">

			




	
	
	
		
 
                    ${h.text('username',class_='small')}

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label">

			




	
	
	
		
 
                    <label for="password">${_('Password')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="input">

			




	
	
	
		
 
                    ${h.password('password',class_='small')}

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label">

			




	
	
	
		
 
                    <label for="password_confirmation">${_('Password confirmation')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="input">

			




	
	
	
		
 
                    ${h.password('password_confirmation',class_="small")}

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label">

			




	
	
	
		
 
                    <label for="firstname">${_('First Name')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="input">

			




	
	
	
		
 
                    ${h.text('firstname',class_='small')}

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label">

			




	
	
	
		
 
                    <label for="lastname">${_('Last Name')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="input">

			




	
	
	
		
 
                    ${h.text('lastname',class_='small')}

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label">

			




	
	
	
		
 
                    <label for="email">${_('Email')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="input">

			




	
	
	
		
 
                    ${h.text('email',class_='small')}

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label label-checkbox">

			




	
	
	
		
 
                    <label for="active">${_('Active')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="checkboxes">

			




	
	
	
		
 
                    ${h.checkbox('active',value=True,checked='checked')}

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 

			




	
	
	
		
 
            ${h.hidden('extern_type', c.default_extern_type)}

			




	
	
	
		
 
            ${h.hidden('extern_name', c.default_extern_name)}

			




	
	
	
		
 
            <div class="buttons">

			




	
	
	
		
 
              ${h.submit('save',_('Save'),class_="btn")}

			




	
	
	
		
 
            </div>

			




	
	
	
		
 
        </div>

			




	
	
	
		
 
    </div>

			




	
	
	
		
 
    ${h.end_form()}

			




	
	
	
		
 
</div>

			




	
	
	
		
 

			




	
	
	
		
 
<script>

			




	
	
	
		
 
    $(document).ready(function(){

			




	
	
	
		
 
        $('#username').focus();

			




	
	
	
		
 
    });

			




	
	
	
		
 
</script>

			




	
	
	
		
 
</%def>

			




        

    


    
    

    

        

                

                    kallithea/tests/functional/test_admin_users.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
	
		
 
# -*- coding: utf-8 -*-

			




	
	
	
		
 
# This program is free software: you can redistribute it and/or modify

			




	
	
	
		
 
# it under the terms of the GNU General Public License as published by

			




	
	
	
		
 
# the Free Software Foundation, either version 3 of the License, or

			




	
	
	
		
 
# (at your option) any later version.

			




	
	
	
		
 
#

			




	
	
	
		
 
# This program is distributed in the hope that it will be useful,

			




	
	
	
		
 
# but WITHOUT ANY WARRANTY; without even the implied warranty of

			




	
	
	
		
 
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

			




	
	
	
		
 
# GNU General Public License for more details.

			




	
	
	
		
 
#

			




	
	
	
		
 
# You should have received a copy of the GNU General Public License

			




	
	
	
		
 
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

			




	
	
	
		
 

			




	
	
	
		
 
from sqlalchemy.orm.exc import NoResultFound, ObjectDeletedError

			




	
	
	
		
 

			




	
	
	
		
 
import pytest

			




	
	
	
		
 
from kallithea.tests.base import *

			




	
	
	
		
 
from kallithea.tests.fixture import Fixture

			




	
	
	
		
 
from kallithea.controllers.admin.users import UsersController

			




	
	
	
		
 
from kallithea.model.db import User, Permission, UserIpMap, UserApiKeys

			




	
	
	
		
 
from kallithea.lib.auth import check_password

			




	
	
	
		
 
from kallithea.model.user import UserModel

			




	
	
	
		
 
from kallithea.model import validators

			




	
	
	
		
 
from kallithea.lib import helpers as h

			




	
	
	
		
 
from kallithea.model.meta import Session

			




	
	
	
		
 
from webob.exc import HTTPNotFound

			




	
	
	
		
 

			




	
	
	
		
 
fixture = Fixture()

			




	
	
	
		
 

			




	
	
	
		
 
@pytest.yield_fixture

			




	
	
	
		
 
def user_and_repo_group_fail():

			




	
	
	
		
 
    username = 'repogrouperr'

			




	
	
	
		
 
    groupname = u'repogroup_fail'

			




	
	
	
		
 
    user = fixture.create_user(name=username)

			




	
	
	
		
 
    repo_group = fixture.create_repo_group(name=groupname, cur_user=username)

			




	
	
	
		
 
    yield user, repo_group

			




	
	
	
		
 
    # cleanup

			




	
	
	
		
 
    try:

			




	
	
	
		
 
        fixture.destroy_repo_group(repo_group)

			




	
	
	
		
 
    except ObjectDeletedError:

			




	
	
	
		
 
        # delete already succeeded in test body

			




	
	
	
		
 
        pass

			




	
	
	
		
 

			




	
	
	
		
 
class TestAdminUsersController(TestController):

			




	
	
	
		
 
    test_user_1 = 'testme'

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def teardown_class(cls):

			




	
	
	
		
 
        if User.get_by_username(cls.test_user_1):

			




	
	
	
		
 
            UserModel().delete(cls.test_user_1)

			




	
	
	
		
 
            Session().commit()

			




	
	
	
		
 

			




	
	
	
		
 
    def test_index(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        response = self.app.get(url('users'))

			




	
	
	
		
 
        # Test response...

			




	
	
	
		
 
        # TODO: Test response...

			




	
	
	
		
 

			




	
	
	
		
 
    def test_create(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        username = 'newtestuser'

			




	
	
	
		
 
        password = 'test12'

			




	
	
	
		
 
        password_confirmation = password

			




	
	
	
		
 
        name = u'name'

			




	
	
	
		
 
        lastname = u'lastname'

			




	
	
	
		
 
        email = 'mail@example.com'

			




	
	
	
		
 

			




	
	
	
		
 
        response = self.app.post(url('users'),

			




	
	
	
		
 
        response = self.app.post(url('new_user'),

			




	
	
	
		
 
            {'username': username,

			




	
	
	
		
 
             'password': password,

			




	
	
	
		
 
             'password_confirmation': password_confirmation,

			




	
	
	
		
 
             'firstname': name,

			




	
	
	
		
 
             'active': True,

			




	
	
	
		
 
             'lastname': lastname,

			




	
	
	
		
 
             'extern_name': 'internal',

			




	
	
	
		
 
             'extern_type': 'internal',

			




	
	
	
		
 
             'email': email,

			




	
	
	
		
 
             '_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        # 302 Found

			




	
	
	
		
 
        # The resource was found at http://localhost/_admin/users/5/edit; you should be redirected automatically.

			




	
	
	
		
 

			




	
	
	
		
 
        self.checkSessionFlash(response, '''Created user %s''' % username)

			




	
	
	
		
 

			




	
	
	
		
 
        response = response.follow()

			




	
	
	
		
 
        response.mustcontain("""%s user settings""" % username) # in <title>

			




	
	
	
		
 

			




	
	
	
		
 
        new_user = Session().query(User). \

			




	
	
	
		
 
            filter(User.username == username).one()

			




	
	
	
		
 

			




	
	
	
		
 
        assert new_user.username == username

			




	
	
	
		
 
        assert check_password(password, new_user.password) == True

			




	
	
	
		
 
        assert new_user.name == name

			




	
	
	
		
 
        assert new_user.lastname == lastname

			




	
	
	
		
 
        assert new_user.email == email

			




	
	
	
		
 

			




	
	
	
		
 
    def test_create_err(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        username = 'new_user'

			




	
	
	
		
 
        password = ''

			




	
	
	
		
 
        name = u'name'

			




	
	
	
		
 
        lastname = u'lastname'

			




	
	
	
		
 
        email = 'errmail.example.com'

			




	
	
	
		
 

			




	
	
	
		
 
        response = self.app.post(url('users'), {'username': username,

			




	
	
	
		
 
        response = self.app.post(url('new_user'),

			




	
	
	
		
 
            {'username': username,

			




	
	
	
		
 
                                               'password': password,

			




	
	
	
		
 
                                               'name': name,

			




	
	
	
		
 
                                               'active': False,

			




	
	
	
		
 
                                               'lastname': lastname,

			




	
	
	
		
 
                                               'email': email,

			




	
	
	
		
 
                                               '_authentication_token': self.authentication_token()})

			




	
	
	
		
 

			




	
	
	
		
 
        msg = validators.ValidUsername(False, {})._messages['system_invalid_username']

			




	
	
	
		
 
        msg = h.html_escape(msg % {'username': 'new_user'})

			




	
	
	
		
 
        response.mustcontain("""<span class="error-message">%s</span>""" % msg)

			




	
	
	
		
 
        response.mustcontain("""<span class="error-message">Please enter a value</span>""")

			




	
	
	
		
 
        response.mustcontain("""<span class="error-message">An email address must contain a single @</span>""")

			




	
	
	
		
 

			




	
	
	
		
 
        def get_user():

			




	
	
	
		
 
            Session().query(User).filter(User.username == username).one()

			




	
	
	
		
 

			




	
	
	
		
 
        with pytest.raises(NoResultFound):

			




	
	
	
		
 
            get_user(), 'found user in database'

			




	
	
	
		
 

			




	
	
	
		
 
    def test_new(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        response = self.app.get(url('new_user'))

			




	
	
	
		
 

			




	
	
	
		
 
    @parametrize('name,attrs',

			




	
	
	
		
 
        [('firstname', {'firstname': 'new_username'}),

			




	
	
	
		
 
         ('lastname', {'lastname': 'new_username'}),

			




	
	
	
		
 
         ('admin', {'admin': True}),

			




	
	
	
		
 
         ('admin', {'admin': False}),

			




	
	
	
		
 
         ('extern_type', {'extern_type': 'ldap'}),

			




	
	
	
		
 
         ('extern_type', {'extern_type': None}),

			




	
	
	
		
 
         ('extern_name', {'extern_name': 'test'}),

			




	
	
	
		
 
         ('extern_name', {'extern_name': None}),

			




	
	
	
		
 
         ('active', {'active': False}),

			




	
	
	
		
 
         ('active', {'active': True}),

			




	
	
	
		
 
         ('email', {'email': 'someemail@example.com'}),

			




	
	
	
		
 
        # ('new_password', {'new_password': 'foobar123',

			




	
	
	
		
 
        #                   'password_confirmation': 'foobar123'})

			




	
	
	
		
 
        ])

			




	
	
	
		
 
    def test_update(self, name, attrs):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        usr = fixture.create_user(self.test_user_1, password='qweqwe',

			




	
	
	
		
 
                                  email='testme@example.com',

			




	
	
	
		
 
                                  extern_type='internal',

			




	
	
	
		
 
                                  extern_name=self.test_user_1,

			




	
	
	
		
 
                                  skip_if_exists=True)

			




	
	
	
		
 
        Session().commit()

			




	
	
	
		
 
        params = usr.get_api_data(True)

			




	
	
	
		
 
        params.update({'password_confirmation': ''})

			




	
	
	
		
 
        params.update({'new_password': ''})

			




	
	
	
		
 
        params.update(attrs)

			




	
	
	
		
 
        if name == 'email':

			




	
	
	
		
 
            params['emails'] = [attrs['email']]

			




	
	
	
		
 
        if name == 'extern_type':

			




	
	
	
		
 
            #cannot update this via form, expected value is original one

			




	
	
	
		
 
            params['extern_type'] = "internal"

			




	
	
	
		
 
        if name == 'extern_name':

			




	
	
	
		
 
            #cannot update this via form, expected value is original one

			




	
	
	
		
 
            params['extern_name'] = self.test_user_1

			




	
	
	
		
 
            # special case since this user is not

			




	
	
	
		
 
                                          # logged in yet his data is not filled

			




	
	
	
		
 
                                          # so we use creation data

			




	
	
	
		
 

			




	
	
	
		
 
        params.update({'_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        response = self.app.post(url('update_user', id=usr.user_id), params)

			




	
	
	
		
 
        self.checkSessionFlash(response, 'User updated successfully')

			




	
	
	
		
 
        params.pop('_authentication_token')

			




	
	
	
		
 

			




	
	
	
		
 
        updated_user = User.get_by_username(self.test_user_1)

			




	
	
	
		
 
        updated_params = updated_user.get_api_data(True)

			




	
	
	
		
 
        updated_params.update({'password_confirmation': ''})

			




	
	
	
		
 
        updated_params.update({'new_password': ''})

			




	
	
	
		
 

			




	
	
	
		
 
        assert params == updated_params

			




	
	
	
		
 

			




	
	
	
		
 
    def test_delete(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        username = 'newtestuserdeleteme'

			




	
	
	
		
 

			




	
	
	
		
 
        fixture.create_user(name=username)

			




	
	
	
		
 

			




	
	
	
		
 
        new_user = Session().query(User) \

			




	
	
	
		
 
            .filter(User.username == username).one()

			




	
	
	
		
 
        response = self.app.post(url('delete_user', id=new_user.user_id),

			




	
	
	
		
 
            params={'_authentication_token': self.authentication_token()})

			




	
	
	
		
 

			




	
	
	
		
 
        self.checkSessionFlash(response, 'Successfully deleted user')

			




	
	
	
		
 

			




	
	
	
		
 
    def test_delete_repo_err(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        username = 'repoerr'

			




	
	
	
		
 
        reponame = u'repoerr_fail'

			




	
	
	
		
 

			




	
	
	
		
 
        fixture.create_user(name=username)

			




	
	
	
		
 
        fixture.create_repo(name=reponame, cur_user=username)

			




	
	
	
		
 

			




	
	
	
		
 
        new_user = Session().query(User) \

			




	
	
	
		
 
            .filter(User.username == username).one()

			




	
	
	
		
 
        response = self.app.post(url('delete_user', id=new_user.user_id),

			




	
	
	
		
 
            params={'_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        self.checkSessionFlash(response, 'User "%s" still '

			




	
	
	
		
 
                               'owns 1 repositories and cannot be removed. '

			




	
	
	
		
 
                               'Switch owners or remove those repositories: '

			




	
	
	
		
 
                               '%s' % (username, reponame))

			




	
	
	
		
 

			




	
	
	
		
 
        response = self.app.post(url('delete_repo', repo_name=reponame),

			




	
	
	
		
 
            params={'_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        self.checkSessionFlash(response, 'Deleted repository %s' % reponame)

			




	
	
	
		
 

			




	
	
	
		
 
        response = self.app.post(url('delete_user', id=new_user.user_id),

			




	
	
	
		
 
            params={'_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        self.checkSessionFlash(response, 'Successfully deleted user')

			




	
	
	
		
 

			




	
	
	
		
 
    def test_delete_repo_group_err(self, user_and_repo_group_fail):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        username = 'repogrouperr'

			




	
	
	
		
 
        groupname = u'repogroup_fail'

			




	
	
	
		
 

			




	
	
	
		
 
        new_user = Session().query(User) \

			




	
	
	
		
 
            .filter(User.username == username).one()

			




	
	
	
		
 
        response = self.app.post(url('delete_user', id=new_user.user_id),

			




	
	
	
		
 
            params={'_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        self.checkSessionFlash(response, 'User "%s" still '

			




	
	
	
		
 
                               'owns 1 repository groups and cannot be removed. '

			




	
	
	
		
 
                               'Switch owners or remove those repository groups: '

			




	
	
	
		
 
                               '%s' % (username, groupname))

			




	
	
	
		
 

			




	
	
	
		
 
        # Relevant _if_ the user deletion succeeded to make sure we can render groups without owner

			




	
	
	
		
 
        # rg = RepoGroup.get_by_group_name(group_name=groupname)

			




	
	
	
		
 
        # response = self.app.get(url('repos_groups', id=rg.group_id))

			




	
	
	
		
 

			




	
	
	
		
 
        response = self.app.post(url('delete_repo_group', group_name=groupname),

			




	
	
	
		
 
            params={'_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        self.checkSessionFlash(response, 'Removed repository group %s' % groupname)

			




	
	
	
		
 

			




	
	
	
		
 
        response = self.app.post(url('delete_user', id=new_user.user_id),

			




	
	
	
		
 
            params={'_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        self.checkSessionFlash(response, 'Successfully deleted user')

			




	
	
	
		
 

			




	
	
	
		
 
    def test_delete_user_group_err(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        username = 'usergrouperr'

			




	
	
	
		
 
        groupname = u'usergroup_fail'

			




	
	
	
		
 

			




	
	
	
		
 
        fixture.create_user(name=username)

			




	
	
	
		
 
        ug = fixture.create_user_group(name=groupname, cur_user=username)

			




	
	
	
		
 

			




	
	
	
		
 
        new_user = Session().query(User) \

			




	
	
	
		
 
            .filter(User.username == username).one()

			




	
	
	
		
 
        response = self.app.post(url('delete_user', id=new_user.user_id),

			




	
	
	
		
 
            params={'_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        self.checkSessionFlash(response, 'User "%s" still '

			




	
	
	
		
 
                               'owns 1 user groups and cannot be removed. '

			




	
	
	
		
 
                               'Switch owners or remove those user groups: '

			




	
	
	
		
 
                               '%s' % (username, groupname))

			




	
	
	
		
 

			




	
	
	
		
 
        # TODO: why do this fail?

			




	
	
	
		
 
        #response = self.app.delete(url('delete_users_group', id=groupname))

			




	
	
	
		
 
        #self.checkSessionFlash(response, 'Removed user group %s' % groupname)

			




	
	
	
		
 

			




	
	
	
		
 
        fixture.destroy_user_group(ug.users_group_id)

			




	
	
	
		
 

			




	
	
	
		
 
        response = self.app.post(url('delete_user', id=new_user.user_id),

			




	
	
	
		
 
            params={'_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        self.checkSessionFlash(response, 'Successfully deleted user')

			




	
	
	
		
 

			




	
	
	
		
 
    def test_edit(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        user = User.get_by_username(TEST_USER_ADMIN_LOGIN)

			




	
	
	
		
 
        response = self.app.get(url('edit_user', id=user.user_id))

			




	
	
	
		
 

			




	
	
	
		
 
    def test_add_perm_create_repo(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        perm_none = Permission.get_by_key('hg.create.none')

			




	
	
	
		
 
        perm_create = Permission.get_by_key('hg.create.repository')

			




	
	
	
		
 

			




	
	
	
		
 
        user = UserModel().create_or_update(username='dummy', password='qwe',

			




	
	
	
		
 
                                            email='dummy', firstname=u'a',

			




	
	
	
		
 
                                            lastname=u'b')

			




	
	
	
		
 
        Session().commit()

			




	
	
	
		
 
        uid = user.user_id

			




	
	
	
		
 

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            #User should have None permission on creation repository

			




	
	
	
		
 
            assert UserModel().has_perm(user, perm_none) == False

			




	
	
	
		
 
            assert UserModel().has_perm(user, perm_create) == False

			




	
	
	
		
 

			




	
	
	
		
 
            response = self.app.post(url('edit_user_perms_update', id=uid),

			




	
	
	
		
 
                                     params=dict(create_repo_perm=True,

			




	
	
	
		
 
                                                 _authentication_token=self.authentication_token()))

			




	
	
	
		
 

			




	
	
	
		
 
            perm_none = Permission.get_by_key('hg.create.none')

			




	
	
	
		
 
            perm_create = Permission.get_by_key('hg.create.repository')

			




	
	
	
		
 

			




	
	
	
		
 
            #User should have None permission on creation repository

			




	
	
	
		
 
            assert UserModel().has_perm(uid, perm_none) == False

			




	
	
	
		
 
            assert UserModel().has_perm(uid, perm_create) == True

			




	
	
	
		
 
        finally:

			




	
	
	
		
 
            UserModel().delete(uid)

			




	
	
	
		
 
            Session().commit()

			




	
	
	
		
 

			




	
	
	
		
 
    def test_revoke_perm_create_repo(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        perm_none = Permission.get_by_key('hg.create.none')

			




	
	
	
		
 
        perm_create = Permission.get_by_key('hg.create.repository')

			




	
	
	
		
 

			




	
	
	
		
 
        user = UserModel().create_or_update(username='dummy', password='qwe',

			




	
	
	
		
 
                                            email='dummy', firstname=u'a',

			




	
	
	
		
 
                                            lastname=u'b')

			




	
	
	
		
 
        Session().commit()

			




	
	
	
		
 
        uid = user.user_id

			




	
	
	
		
 

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            #User should have None permission on creation repository

			




	
	
	
		
 
            assert UserModel().has_perm(user, perm_none) == False

			




	
	
	
		
 
            assert UserModel().has_perm(user, perm_create) == False

			




	
	
	
		
 

			




	
	
	
		
 
            response = self.app.post(url('edit_user_perms_update', id=uid),

			




	
	
	
		
 
                                     params=dict(_authentication_token=self.authentication_token()))

			




	
	
	
		
 

			




	
	
	
		
 
            perm_none = Permission.get_by_key('hg.create.none')

			




	
	
	
		
 
            perm_create = Permission.get_by_key('hg.create.repository')

			




	
	
	
		
 

			




	
	
	
		
 
            #User should have None permission on creation repository

			




	
	
	
		
 
            assert UserModel().has_perm(uid, perm_none) == True

			




	
	
	
		
 
            assert UserModel().has_perm(uid, perm_create) == False

			




	
	
	
		
 
        finally:

			




	
	
	
		
 
            UserModel().delete(uid)

			




	
	
	
		
 
            Session().commit()

			




	
	
	
		
 

			




	
	
	
		
 
    def test_add_perm_fork_repo(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        perm_none = Permission.get_by_key('hg.fork.none')

			




	
	
	
		
 
        perm_fork = Permission.get_by_key('hg.fork.repository')

			




	
	
	
		
 

			




	
	
	
		
 
        user = UserModel().create_or_update(username='dummy', password='qwe',

			




	
	
	
		
 
                                            email='dummy', firstname=u'a',

			




	
	
	
		
 
                                            lastname=u'b')

			




	
	
	
		
 
        Session().commit()

			




	
	
	
		
 
        uid = user.user_id

			




	
	
	
		
 

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            #User should have None permission on creation repository

			




	
	
	
		
 
            assert UserModel().has_perm(user, perm_none) == False

			




	
	
	
		
 
            assert UserModel().has_perm(user, perm_fork) == False

			




	
	
	
		
 

			




	
	
	
		
 
            response = self.app.post(url('edit_user_perms_update', id=uid),

			




	
	
	
		
 
                                     params=dict(create_repo_perm=True,

			




	
	
	
		
 
                                                 _authentication_token=self.authentication_token()))

			




	
	
	
		
 

			




	
	
	
		
 
            perm_none = Permission.get_by_key('hg.create.none')

			




	
	
	
		
 
            perm_create = Permission.get_by_key('hg.create.repository')

			




	
	
	
		
 

			




	
	
	
		
 
            #User should have None permission on creation repository

			




	
	
	
		
 
            assert UserModel().has_perm(uid, perm_none) == False

			




	
	
	
		
 
            assert UserModel().has_perm(uid, perm_create) == True

			




	
	
	
		
 
        finally:

			




	
	
	
		
 
            UserModel().delete(uid)

			




	
	
	
		
 
            Session().commit()

			




	
	
	
		
 

			




	
	
	
		
 
    def test_revoke_perm_fork_repo(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        perm_none = Permission.get_by_key('hg.fork.none')

			




	
	
	
		
 
        perm_fork = Permission.get_by_key('hg.fork.repository')

			




	
	
	
		
 

			




	
	
	
		
 
        user = UserModel().create_or_update(username='dummy', password='qwe',

			




	
	
	
		
 
                                            email='dummy', firstname=u'a',

			




	
	
	
		
 
                                            lastname=u'b')

			




	
	
	
		
 
        Session().commit()

			




	
	
	
		
 
        uid = user.user_id

			




	
	
	
		
 

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            #User should have None permission on creation repository

			




	
	
	
		
 
            assert UserModel().has_perm(user, perm_none) == False

			




	
	
	
		
 
            assert UserModel().has_perm(user, perm_fork) == False

			




	
	
	
		
 

			




	
	
	
		
 
            response = self.app.post(url('edit_user_perms_update', id=uid),

			




	
	
	
		
 
                                     params=dict(_authentication_token=self.authentication_token()))

			




	
	
	
		
 

			




	
	
	
		
 
            perm_none = Permission.get_by_key('hg.create.none')

			




	
	
	
		
 
            perm_create = Permission.get_by_key('hg.create.repository')

			




	
	
	
		
 

			




	
	
	
		
 
            #User should have None permission on creation repository

			




	
	
	
		
 
            assert UserModel().has_perm(uid, perm_none) == True

			




	
	
	
		
 
            assert UserModel().has_perm(uid, perm_create) == False

			




	
	
	
		
 
        finally:

			




	
	
	
		
 
            UserModel().delete(uid)

			




	
	
	
		
 
            Session().commit()

			




	
	
	
		
 

			




	
	
	
		
 
    def test_ips(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        user = User.get_by_username(TEST_USER_REGULAR_LOGIN)

			




	
	
	
		
 
        response = self.app.get(url('edit_user_ips', id=user.user_id))

			




	
	
	
		
 
        response.mustcontain('All IP addresses are allowed')

			




	
	
	
		
 

			




	
	
	
		
 
    @parametrize('test_name,ip,ip_range,failure', [

			




	
	
	
		
 
        ('127/24', '127.0.0.1/24', '127.0.0.0 - 127.0.0.255', False),

			




	
	
	
		
 
        ('10/32', '10.0.0.10/32', '10.0.0.10 - 10.0.0.10', False),

			




	
	
	
		
 
        ('0/16', '0.0.0.0/16', '0.0.0.0 - 0.0.255.255', False),

			




	
	
	
		
 
        ('0/8', '0.0.0.0/8', '0.0.0.0 - 0.255.255.255', False),

			




	
	
	
		
 
        ('127_bad_mask', '127.0.0.1/99', '127.0.0.1 - 127.0.0.1', True),

			




	
	
	
		
 
        ('127_bad_ip', 'foobar', 'foobar', True),

			




	
	
	
		
 
    ])

			




	
	
	
		
 
    def test_add_ip(self, test_name, ip, ip_range, failure, auto_clear_ip_permissions):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        user = User.get_by_username(TEST_USER_REGULAR_LOGIN)

			




	
	
	
		
 
        user_id = user.user_id

			




	
	
	
		
 

			




	
	
	
		
 
        response = self.app.post(url('edit_user_ips_update', id=user_id),

			




	
	
	
		
 
                                 params=dict(new_ip=ip, _authentication_token=self.authentication_token()))

			




	
	
	
		
 

			




	
	
	
		
 
        if failure:

			




	
	
	
		
 
            self.checkSessionFlash(response, 'Please enter a valid IPv4 or IPv6 address')

			




	
	
	
		
 
            response = self.app.get(url('edit_user_ips', id=user_id))

			




	
	
	
		
 
            response.mustcontain(no=[ip])

			




	
	
	
		
 
            response.mustcontain(no=[ip_range])

			




	
	
	
		
 

			




	
	
	
		
 
        else:

			




	
	
	
		
 
            response = self.app.get(url('edit_user_ips', id=user_id))

			




	
	
	
		
 
            response.mustcontain(ip)

			




	
	
	
		
 
            response.mustcontain(ip_range)

			




	
	
	
		
 

			




	
	
	
		
 
    def test_delete_ip(self, auto_clear_ip_permissions):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        user = User.get_by_username(TEST_USER_REGULAR_LOGIN)

			




	
	
	
		
 
        user_id = user.user_id

			




	
	
	
		
 
        ip = '127.0.0.1/32'

			




	
	
	
		
 
        ip_range = '127.0.0.1 - 127.0.0.1'

			




	
	
	
		
 
        new_ip = UserModel().add_extra_ip(user_id, ip)

			




	
	
	
		
 
        Session().commit()

			




	
	
	
		
 
        new_ip_id = new_ip.ip_id

			




	
	
	
		
 

			




	
	
	
		
 
        response = self.app.get(url('edit_user_ips', id=user_id))

			




	
	
	
		
 
        response.mustcontain(ip)

			




	
	
	
		
 
        response.mustcontain(ip_range)

			




	
	
	
		
 

			




	
	
	
		
 
        self.app.post(url('edit_user_ips_delete', id=user_id),

			




	
	
	
		
 
                      params=dict(del_ip_id=new_ip_id, _authentication_token=self.authentication_token()))

			




	
	
	
		
 

			




	
	
	
		
 
        response = self.app.get(url('edit_user_ips', id=user_id))

			




	
	
	
		
 
        response.mustcontain('All IP addresses are allowed')

			




	
	
	
		
 
        response.mustcontain(no=[ip])

			




	
	
	
		
 
        response.mustcontain(no=[ip_range])

			




	
	
	
		
 

			




	
	
	
		
 
    def test_api_keys(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 

			




	
	
	
		
 
        user = User.get_by_username(TEST_USER_REGULAR_LOGIN)

			




	
	
	
		
 
        response = self.app.get(url('edit_user_api_keys', id=user.user_id))

			




	
	
	
		
 
        response.mustcontain(user.api_key)

			




	
	
	
		
 
        response.mustcontain('Expires: Never')

			




	
	
	
		
 

			




	
	
	
		
 
    @parametrize('desc,lifetime', [

			




	
	
	
		
 
        ('forever', -1),

			




	
	
	
		
 
        ('5mins', 60*5),

			




	
	
	
		
 
        ('30days', 60*60*24*30),

			




	
	
	
		
 
    ])

			




	
	
	
		
 
    def test_add_api_keys(self, desc, lifetime):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        user = User.get_by_username(TEST_USER_REGULAR_LOGIN)

			




	
	
	
		
 
        user_id = user.user_id

			




	
	
	
		
 

			




	
	
	
		
 
        response = self.app.post(url('edit_user_api_keys_update', id=user_id),

			




	
	
	
		
 
                 {'description': desc, 'lifetime': lifetime, '_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        self.checkSessionFlash(response, 'API key successfully created')

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            response = response.follow()

			




	
	
	
		
 
            user = User.get(user_id)

			




	
	
	
		
 
            for api_key in user.api_keys:

			




	
	
	
		
 
                response.mustcontain(api_key)

			




	
	
	
		
 
        finally:

			




	
	
	
		
 
            for api_key in UserApiKeys.query().filter(UserApiKeys.user_id == user_id).all():

			




	
	
	
		
 
                Session().delete(api_key)

			




	
	
	
		
 
                Session().commit()

			




	
	
	
		
 

			




	
	
	
		
 
    def test_remove_api_key(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        user = User.get_by_username(TEST_USER_REGULAR_LOGIN)

			




	
	
	
		
 
        user_id = user.user_id

			




	
	
	
		
 

			




	
	
	
		
 
        response = self.app.post(url('edit_user_api_keys_update', id=user_id),

			




	
	
	
		
 
                {'description': 'desc', 'lifetime': -1, '_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        self.checkSessionFlash(response, 'API key successfully created')

			




	
	
	
		
 
        response = response.follow()

			




	
	
	
		
 

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.