Changeset - d5b837c8b451
Parent rev.
Child rev.
[Not reviewed]
default
0 3 0
Mads Kiilerich - 9 years ago 2016-09-25 17:21:07
madski@unity3d.com
users: use the form URL for POST so the htmlfill error page URL will be the same as the initial form URL.

This also reveals that a test used a GET route for POST - they just happened to
be the same.

These problems can probably be found in many places - there should be a general
cleanup.
3 files changed with 6 insertions and 5 deletions:
kallithea/config/routing.py
1
1
kallithea/templates/admin/users/user_add.html
1
1
kallithea/tests/functional/test_admin_users.py
4
3
0 comments (0 inline, 0 general)
kallithea/config/routing.py
Show inline comments
 
@@ -125,97 +125,97 @@ def make_map(config):
 
                  function=check_repo))
 
        m.connect("delete_repo", "/repos/{repo_name:.*?}/delete",
 
                  action="delete", conditions=dict(method=["POST"]))
 

			




	
	
	
		
 
    #ADMIN REPOSITORY GROUPS ROUTES

			




	
	
	
		
 
    with rmap.submapper(path_prefix=ADMIN_PREFIX,

			




	
	
	
		
 
                        controller='admin/repo_groups') as m:

			




	
	
	
		
 
        m.connect("repos_groups", "/repo_groups",

			




	
	
	
		
 
                  action="create", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("repos_groups", "/repo_groups",

			




	
	
	
		
 
                  action="index", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("new_repos_group", "/repo_groups/new",

			




	
	
	
		
 
                  action="new", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("update_repos_group", "/repo_groups/{group_name:.*?}",

			




	
	
	
		
 
                  action="update", conditions=dict(method=["POST"],

			




	
	
	
		
 
                                                   function=check_group))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("repos_group", "/repo_groups/{group_name:.*?}",

			




	
	
	
		
 
                  action="show", conditions=dict(method=["GET"],

			




	
	
	
		
 
                                                 function=check_group))

			




	
	
	
		
 

			




	
	
	
		
 
        #EXTRAS REPO GROUP ROUTES

			




	
	
	
		
 
        m.connect("edit_repo_group", "/repo_groups/{group_name:.*?}/edit",

			




	
	
	
		
 
                  action="edit",

			




	
	
	
		
 
                  conditions=dict(method=["GET"], function=check_group))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_repo_group_advanced", "/repo_groups/{group_name:.*?}/edit/advanced",

			




	
	
	
		
 
                  action="edit_repo_group_advanced",

			




	
	
	
		
 
                  conditions=dict(method=["GET"], function=check_group))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_repo_group_perms", "/repo_groups/{group_name:.*?}/edit/permissions",

			




	
	
	
		
 
                  action="edit_repo_group_perms",

			




	
	
	
		
 
                  conditions=dict(method=["GET"], function=check_group))

			




	
	
	
		
 
        m.connect("edit_repo_group_perms_update", "/repo_groups/{group_name:.*?}/edit/permissions",

			




	
	
	
		
 
                  action="update_perms",

			




	
	
	
		
 
                  conditions=dict(method=["POST"], function=check_group))

			




	
	
	
		
 
        m.connect("edit_repo_group_perms_delete", "/repo_groups/{group_name:.*?}/edit/permissions/delete",

			




	
	
	
		
 
                  action="delete_perms",

			




	
	
	
		
 
                  conditions=dict(method=["POST"], function=check_group))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("delete_repo_group", "/repo_groups/{group_name:.*?}/delete",

			




	
	
	
		
 
                  action="delete", conditions=dict(method=["POST"],

			




	
	
	
		
 
                                                   function=check_group_skip_path))

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
    #ADMIN USER ROUTES

			




	
	
	
		
 
    with rmap.submapper(path_prefix=ADMIN_PREFIX,

			




	
	
	
		
 
                        controller='admin/users') as m:

			




	
	
	
		
 
        m.connect("users", "/users",

			




	
	
	
		
 
        m.connect("new_user", "/users/new",

			




	
	
	
		
 
                  action="create", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("users", "/users",

			




	
	
	
		
 
                  action="index", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("formatted_users", "/users.{format}",

			




	
	
	
		
 
                  action="index", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("new_user", "/users/new",

			




	
	
	
		
 
                  action="new", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("update_user", "/users/{id}",

			




	
	
	
		
 
                  action="update", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("delete_user", "/users/{id}/delete",

			




	
	
	
		
 
                  action="delete", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("edit_user", "/users/{id}/edit",

			




	
	
	
		
 
                  action="edit", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        #EXTRAS USER ROUTES

			




	
	
	
		
 
        m.connect("edit_user_advanced", "/users/{id}/edit/advanced",

			




	
	
	
		
 
                  action="edit_advanced", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_user_api_keys", "/users/{id}/edit/api_keys",

			




	
	
	
		
 
                  action="edit_api_keys", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("edit_user_api_keys_update", "/users/{id}/edit/api_keys",

			




	
	
	
		
 
                  action="add_api_key", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("edit_user_api_keys_delete", "/users/{id}/edit/api_keys/delete",

			




	
	
	
		
 
                  action="delete_api_key", conditions=dict(method=["POST"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_user_perms", "/users/{id}/edit/permissions",

			




	
	
	
		
 
                  action="edit_perms", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("edit_user_perms_update", "/users/{id}/edit/permissions",

			




	
	
	
		
 
                  action="update_perms", conditions=dict(method=["POST"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_user_emails", "/users/{id}/edit/emails",

			




	
	
	
		
 
                  action="edit_emails", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("edit_user_emails_update", "/users/{id}/edit/emails",

			




	
	
	
		
 
                  action="add_email", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("edit_user_emails_delete", "/users/{id}/edit/emails/delete",

			




	
	
	
		
 
                  action="delete_email", conditions=dict(method=["POST"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_user_ips", "/users/{id}/edit/ips",

			




	
	
	
		
 
                  action="edit_ips", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("edit_user_ips_update", "/users/{id}/edit/ips",

			




	
	
	
		
 
                  action="add_ip", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("edit_user_ips_delete", "/users/{id}/edit/ips/delete",

			




	
	
	
		
 
                  action="delete_ip", conditions=dict(method=["POST"]))

			




	
	
	
		
 

			




	
	
	
		
 
    #ADMIN USER GROUPS REST ROUTES

			




	
	
	
		
 
    with rmap.submapper(path_prefix=ADMIN_PREFIX,

			




	
	
	
		
 
                        controller='admin/user_groups') as m:

			




	
	
	
		
 
        m.connect("users_groups", "/user_groups",

			




        

    


    
    

    

        

                

                    kallithea/templates/admin/users/user_add.html
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
	
		
 
## -*- coding: utf-8 -*-

			




	
	
	
		
 
<%inherit file="/base/base.html"/>

			




	
	
	
		
 

			




	
	
	
		
 
<%block name="title">

			




	
	
	
		
 
    ${_('Add user')}

			




	
	
	
		
 
</%block>

			




	
	
	
		
 
<%def name="breadcrumbs_links()">

			




	
	
	
		
 
    ${h.link_to(_('Admin'),h.url('admin_home'))}

			




	
	
	
		
 
    &raquo;

			




	
	
	
		
 
    ${h.link_to(_('Users'),h.url('users'))}

			




	
	
	
		
 
    &raquo;

			




	
	
	
		
 
    ${_('Add User')}

			




	
	
	
		
 
</%def>

			




	
	
	
		
 

			




	
	
	
		
 
<%block name="header_menu">

			




	
	
	
		
 
    ${self.menu('admin')}

			




	
	
	
		
 
</%block>

			




	
	
	
		
 

			




	
	
	
		
 
<%def name="main()">

			




	
	
	
		
 
<div class="box">

			




	
	
	
		
 
    <!-- box / title -->

			




	
	
	
		
 
    <div class="title">

			




	
	
	
		
 
        ${self.breadcrumbs()}

			




	
	
	
		
 
    </div>

			




	
	
	
		
 
    <!-- end box / title -->

			




	
	
	
		
 
    ${h.form(url('users'))}

			




	
	
	
		
 
    ${h.form(url('new_user'))}

			




	
	
	
		
 
    <div class="form">

			




	
	
	
		
 
        <!-- fields -->

			




	
	
	
		
 
        <div class="fields">

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label">

			




	
	
	
		
 
                    <label for="username">${_('Username')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="input">

			




	
	
	
		
 
                    ${h.text('username',class_='small')}

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label">

			




	
	
	
		
 
                    <label for="password">${_('Password')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="input">

			




	
	
	
		
 
                    ${h.password('password',class_='small')}

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label">

			




	
	
	
		
 
                    <label for="password_confirmation">${_('Password confirmation')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="input">

			




	
	
	
		
 
                    ${h.password('password_confirmation',class_="small")}

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label">

			




	
	
	
		
 
                    <label for="firstname">${_('First Name')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="input">

			




	
	
	
		
 
                    ${h.text('firstname',class_='small')}

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label">

			




	
	
	
		
 
                    <label for="lastname">${_('Last Name')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="input">

			




	
	
	
		
 
                    ${h.text('lastname',class_='small')}

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 

			




        

    


    
    

    

        

                

                    kallithea/tests/functional/test_admin_users.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -9,144 +9,145 @@

			




	
	
	
		
 
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

			




	
	
	
		
 
# GNU General Public License for more details.

			




	
	
	
		
 
#

			




	
	
	
		
 
# You should have received a copy of the GNU General Public License

			




	
	
	
		
 
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

			




	
	
	
		
 

			




	
	
	
		
 
from sqlalchemy.orm.exc import NoResultFound, ObjectDeletedError

			




	
	
	
		
 

			




	
	
	
		
 
import pytest

			




	
	
	
		
 
from kallithea.tests.base import *

			




	
	
	
		
 
from kallithea.tests.fixture import Fixture

			




	
	
	
		
 
from kallithea.controllers.admin.users import UsersController

			




	
	
	
		
 
from kallithea.model.db import User, Permission, UserIpMap, UserApiKeys

			




	
	
	
		
 
from kallithea.lib.auth import check_password

			




	
	
	
		
 
from kallithea.model.user import UserModel

			




	
	
	
		
 
from kallithea.model import validators

			




	
	
	
		
 
from kallithea.lib import helpers as h

			




	
	
	
		
 
from kallithea.model.meta import Session

			




	
	
	
		
 
from webob.exc import HTTPNotFound

			




	
	
	
		
 

			




	
	
	
		
 
fixture = Fixture()

			




	
	
	
		
 

			




	
	
	
		
 
@pytest.yield_fixture

			




	
	
	
		
 
def user_and_repo_group_fail():

			




	
	
	
		
 
    username = 'repogrouperr'

			




	
	
	
		
 
    groupname = u'repogroup_fail'

			




	
	
	
		
 
    user = fixture.create_user(name=username)

			




	
	
	
		
 
    repo_group = fixture.create_repo_group(name=groupname, cur_user=username)

			




	
	
	
		
 
    yield user, repo_group

			




	
	
	
		
 
    # cleanup

			




	
	
	
		
 
    try:

			




	
	
	
		
 
        fixture.destroy_repo_group(repo_group)

			




	
	
	
		
 
    except ObjectDeletedError:

			




	
	
	
		
 
        # delete already succeeded in test body

			




	
	
	
		
 
        pass

			




	
	
	
		
 

			




	
	
	
		
 
class TestAdminUsersController(TestController):

			




	
	
	
		
 
    test_user_1 = 'testme'

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def teardown_class(cls):

			




	
	
	
		
 
        if User.get_by_username(cls.test_user_1):

			




	
	
	
		
 
            UserModel().delete(cls.test_user_1)

			




	
	
	
		
 
            Session().commit()

			




	
	
	
		
 

			




	
	
	
		
 
    def test_index(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        response = self.app.get(url('users'))

			




	
	
	
		
 
        # Test response...

			




	
	
	
		
 
        # TODO: Test response...

			




	
	
	
		
 

			




	
	
	
		
 
    def test_create(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        username = 'newtestuser'

			




	
	
	
		
 
        password = 'test12'

			




	
	
	
		
 
        password_confirmation = password

			




	
	
	
		
 
        name = u'name'

			




	
	
	
		
 
        lastname = u'lastname'

			




	
	
	
		
 
        email = 'mail@example.com'

			




	
	
	
		
 

			




	
	
	
		
 
        response = self.app.post(url('users'),

			




	
	
	
		
 
        response = self.app.post(url('new_user'),

			




	
	
	
		
 
            {'username': username,

			




	
	
	
		
 
             'password': password,

			




	
	
	
		
 
             'password_confirmation': password_confirmation,

			




	
	
	
		
 
             'firstname': name,

			




	
	
	
		
 
             'active': True,

			




	
	
	
		
 
             'lastname': lastname,

			




	
	
	
		
 
             'extern_name': 'internal',

			




	
	
	
		
 
             'extern_type': 'internal',

			




	
	
	
		
 
             'email': email,

			




	
	
	
		
 
             '_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        # 302 Found

			




	
	
	
		
 
        # The resource was found at http://localhost/_admin/users/5/edit; you should be redirected automatically.

			




	
	
	
		
 

			




	
	
	
		
 
        self.checkSessionFlash(response, '''Created user %s''' % username)

			




	
	
	
		
 

			




	
	
	
		
 
        response = response.follow()

			




	
	
	
		
 
        response.mustcontain("""%s user settings""" % username) # in <title>

			




	
	
	
		
 

			




	
	
	
		
 
        new_user = Session().query(User). \

			




	
	
	
		
 
            filter(User.username == username).one()

			




	
	
	
		
 

			




	
	
	
		
 
        assert new_user.username == username

			




	
	
	
		
 
        assert check_password(password, new_user.password) == True

			




	
	
	
		
 
        assert new_user.name == name

			




	
	
	
		
 
        assert new_user.lastname == lastname

			




	
	
	
		
 
        assert new_user.email == email

			




	
	
	
		
 

			




	
	
	
		
 
    def test_create_err(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        username = 'new_user'

			




	
	
	
		
 
        password = ''

			




	
	
	
		
 
        name = u'name'

			




	
	
	
		
 
        lastname = u'lastname'

			




	
	
	
		
 
        email = 'errmail.example.com'

			




	
	
	
		
 

			




	
	
	
		
 
        response = self.app.post(url('users'), {'username': username,

			




	
	
	
		
 
        response = self.app.post(url('new_user'),

			




	
	
	
		
 
            {'username': username,

			




	
	
	
		
 
                                               'password': password,

			




	
	
	
		
 
                                               'name': name,

			




	
	
	
		
 
                                               'active': False,

			




	
	
	
		
 
                                               'lastname': lastname,

			




	
	
	
		
 
                                               'email': email,

			




	
	
	
		
 
                                               '_authentication_token': self.authentication_token()})

			




	
	
	
		
 

			




	
	
	
		
 
        msg = validators.ValidUsername(False, {})._messages['system_invalid_username']

			




	
	
	
		
 
        msg = h.html_escape(msg % {'username': 'new_user'})

			




	
	
	
		
 
        response.mustcontain("""<span class="error-message">%s</span>""" % msg)

			




	
	
	
		
 
        response.mustcontain("""<span class="error-message">Please enter a value</span>""")

			




	
	
	
		
 
        response.mustcontain("""<span class="error-message">An email address must contain a single @</span>""")

			




	
	
	
		
 

			




	
	
	
		
 
        def get_user():

			




	
	
	
		
 
            Session().query(User).filter(User.username == username).one()

			




	
	
	
		
 

			




	
	
	
		
 
        with pytest.raises(NoResultFound):

			




	
	
	
		
 
            get_user(), 'found user in database'

			




	
	
	
		
 

			




	
	
	
		
 
    def test_new(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        response = self.app.get(url('new_user'))

			




	
	
	
		
 

			




	
	
	
		
 
    @parametrize('name,attrs',

			




	
	
	
		
 
        [('firstname', {'firstname': 'new_username'}),

			




	
	
	
		
 
         ('lastname', {'lastname': 'new_username'}),

			




	
	
	
		
 
         ('admin', {'admin': True}),

			




	
	
	
		
 
         ('admin', {'admin': False}),

			




	
	
	
		
 
         ('extern_type', {'extern_type': 'ldap'}),

			




	
	
	
		
 
         ('extern_type', {'extern_type': None}),

			




	
	
	
		
 
         ('extern_name', {'extern_name': 'test'}),

			




	
	
	
		
 
         ('extern_name', {'extern_name': None}),

			




	
	
	
		
 
         ('active', {'active': False}),

			




	
	
	
		
 
         ('active', {'active': True}),

			




	
	
	
		
 
         ('email', {'email': 'someemail@example.com'}),

			




	
	
	
		
 
        # ('new_password', {'new_password': 'foobar123',

			




	
	
	
		
 
        #                   'password_confirmation': 'foobar123'})

			




	
	
	
		
 
        ])

			




	
	
	
		
 
    def test_update(self, name, attrs):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        usr = fixture.create_user(self.test_user_1, password='qweqwe',

			




	
	
	
		
 
                                  email='testme@example.com',

			




	
	
	
		
 
                                  extern_type='internal',

			




	
	
	
		
 
                                  extern_name=self.test_user_1,

			




	
	
	
		
 
                                  skip_if_exists=True)

			




	
	
	
		
 
        Session().commit()

			




	
	
	
		
 
        params = usr.get_api_data(True)

			




	
	
	
		
 
        params.update({'password_confirmation': ''})

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.