Changeset - d5b837c8b451
Parent rev.
Child rev.
[Not reviewed]
default
0 3 0
Mads Kiilerich - 9 years ago 2016-09-25 17:21:07
madski@unity3d.com
users: use the form URL for POST so the htmlfill error page URL will be the same as the initial form URL.

This also reveals that a test used a GET route for POST - they just happened to
be the same.

These problems can probably be found in many places - there should be a general
cleanup.
3 files changed with 6 insertions and 5 deletions:
kallithea/config/routing.py
1
1
kallithea/templates/admin/users/user_add.html
1
1
kallithea/tests/functional/test_admin_users.py
4
3
0 comments (0 inline, 0 general)
kallithea/config/routing.py
Show inline comments
 
@@ -77,193 +77,193 @@ def make_map(config):
 
        repo_group_name = match_dict.get('group_name')
 
        return is_valid_repo_group(repo_group_name, config['base_path'],
 
                                   skip_path_check=True)
 

			




	
	
	
		
 
    def check_user_group(environ, match_dict):

			




	
	
	
		
 
        """

			




	
	
	
		
 
        check for valid user group for proper 404 handling

			




	
	
	
		
 

			




	
	
	
		
 
        :param environ:

			




	
	
	
		
 
        :param match_dict:

			




	
	
	
		
 
        """

			




	
	
	
		
 
        return True

			




	
	
	
		
 

			




	
	
	
		
 
    def check_int(environ, match_dict):

			




	
	
	
		
 
        return match_dict.get('id').isdigit()

			




	
	
	
		
 

			




	
	
	
		
 
    # The ErrorController route (handles 404/500 error pages); it should

			




	
	
	
		
 
    # likely stay at the top, ensuring it can always be resolved

			




	
	
	
		
 
    rmap.connect('/error/{action}', controller='error')

			




	
	
	
		
 
    rmap.connect('/error/{action}/{id}', controller='error')

			




	
	
	
		
 

			




	
	
	
		
 
    #==========================================================================

			




	
	
	
		
 
    # CUSTOM ROUTES HERE

			




	
	
	
		
 
    #==========================================================================

			




	
	
	
		
 

			




	
	
	
		
 
    #MAIN PAGE

			




	
	
	
		
 
    rmap.connect('home', '/', controller='home', action='index')

			




	
	
	
		
 
    rmap.connect('about', '/about', controller='home', action='about')

			




	
	
	
		
 
    rmap.connect('repo_switcher_data', '/_repos', controller='home',

			




	
	
	
		
 
                 action='repo_switcher_data')

			




	
	
	
		
 

			




	
	
	
		
 
    rmap.connect('rst_help',

			




	
	
	
		
 
                 "http://docutils.sourceforge.net/docs/user/rst/quickref.html",

			




	
	
	
		
 
                 _static=True)

			




	
	
	
		
 
    rmap.connect('kallithea_project_url', "https://kallithea-scm.org/", _static=True)

			




	
	
	
		
 
    rmap.connect('issues_url', 'https://bitbucket.org/conservancy/kallithea/issues', _static=True)

			




	
	
	
		
 

			




	
	
	
		
 
    #ADMIN REPOSITORY ROUTES

			




	
	
	
		
 
    with rmap.submapper(path_prefix=ADMIN_PREFIX,

			




	
	
	
		
 
                        controller='admin/repos') as m:

			




	
	
	
		
 
        m.connect("repos", "/repos",

			




	
	
	
		
 
                  action="create", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("repos", "/repos",

			




	
	
	
		
 
                  action="index", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("new_repo", "/create_repository",

			




	
	
	
		
 
                  action="create_repository", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("update_repo", "/repos/{repo_name:.*?}",

			




	
	
	
		
 
                  action="update", conditions=dict(method=["POST"],

			




	
	
	
		
 
                  function=check_repo))

			




	
	
	
		
 
        m.connect("delete_repo", "/repos/{repo_name:.*?}/delete",

			




	
	
	
		
 
                  action="delete", conditions=dict(method=["POST"]))

			




	
	
	
		
 

			




	
	
	
		
 
    #ADMIN REPOSITORY GROUPS ROUTES

			




	
	
	
		
 
    with rmap.submapper(path_prefix=ADMIN_PREFIX,

			




	
	
	
		
 
                        controller='admin/repo_groups') as m:

			




	
	
	
		
 
        m.connect("repos_groups", "/repo_groups",

			




	
	
	
		
 
                  action="create", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("repos_groups", "/repo_groups",

			




	
	
	
		
 
                  action="index", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("new_repos_group", "/repo_groups/new",

			




	
	
	
		
 
                  action="new", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("update_repos_group", "/repo_groups/{group_name:.*?}",

			




	
	
	
		
 
                  action="update", conditions=dict(method=["POST"],

			




	
	
	
		
 
                                                   function=check_group))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("repos_group", "/repo_groups/{group_name:.*?}",

			




	
	
	
		
 
                  action="show", conditions=dict(method=["GET"],

			




	
	
	
		
 
                                                 function=check_group))

			




	
	
	
		
 

			




	
	
	
		
 
        #EXTRAS REPO GROUP ROUTES

			




	
	
	
		
 
        m.connect("edit_repo_group", "/repo_groups/{group_name:.*?}/edit",

			




	
	
	
		
 
                  action="edit",

			




	
	
	
		
 
                  conditions=dict(method=["GET"], function=check_group))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_repo_group_advanced", "/repo_groups/{group_name:.*?}/edit/advanced",

			




	
	
	
		
 
                  action="edit_repo_group_advanced",

			




	
	
	
		
 
                  conditions=dict(method=["GET"], function=check_group))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_repo_group_perms", "/repo_groups/{group_name:.*?}/edit/permissions",

			




	
	
	
		
 
                  action="edit_repo_group_perms",

			




	
	
	
		
 
                  conditions=dict(method=["GET"], function=check_group))

			




	
	
	
		
 
        m.connect("edit_repo_group_perms_update", "/repo_groups/{group_name:.*?}/edit/permissions",

			




	
	
	
		
 
                  action="update_perms",

			




	
	
	
		
 
                  conditions=dict(method=["POST"], function=check_group))

			




	
	
	
		
 
        m.connect("edit_repo_group_perms_delete", "/repo_groups/{group_name:.*?}/edit/permissions/delete",

			




	
	
	
		
 
                  action="delete_perms",

			




	
	
	
		
 
                  conditions=dict(method=["POST"], function=check_group))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("delete_repo_group", "/repo_groups/{group_name:.*?}/delete",

			




	
	
	
		
 
                  action="delete", conditions=dict(method=["POST"],

			




	
	
	
		
 
                                                   function=check_group_skip_path))

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
    #ADMIN USER ROUTES

			




	
	
	
		
 
    with rmap.submapper(path_prefix=ADMIN_PREFIX,

			




	
	
	
		
 
                        controller='admin/users') as m:

			




	
	
	
		
 
        m.connect("users", "/users",

			




	
	
	
		
 
        m.connect("new_user", "/users/new",

			




	
	
	
		
 
                  action="create", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("users", "/users",

			




	
	
	
		
 
                  action="index", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("formatted_users", "/users.{format}",

			




	
	
	
		
 
                  action="index", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("new_user", "/users/new",

			




	
	
	
		
 
                  action="new", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("update_user", "/users/{id}",

			




	
	
	
		
 
                  action="update", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("delete_user", "/users/{id}/delete",

			




	
	
	
		
 
                  action="delete", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("edit_user", "/users/{id}/edit",

			




	
	
	
		
 
                  action="edit", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        #EXTRAS USER ROUTES

			




	
	
	
		
 
        m.connect("edit_user_advanced", "/users/{id}/edit/advanced",

			




	
	
	
		
 
                  action="edit_advanced", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_user_api_keys", "/users/{id}/edit/api_keys",

			




	
	
	
		
 
                  action="edit_api_keys", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("edit_user_api_keys_update", "/users/{id}/edit/api_keys",

			




	
	
	
		
 
                  action="add_api_key", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("edit_user_api_keys_delete", "/users/{id}/edit/api_keys/delete",

			




	
	
	
		
 
                  action="delete_api_key", conditions=dict(method=["POST"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_user_perms", "/users/{id}/edit/permissions",

			




	
	
	
		
 
                  action="edit_perms", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("edit_user_perms_update", "/users/{id}/edit/permissions",

			




	
	
	
		
 
                  action="update_perms", conditions=dict(method=["POST"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_user_emails", "/users/{id}/edit/emails",

			




	
	
	
		
 
                  action="edit_emails", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("edit_user_emails_update", "/users/{id}/edit/emails",

			




	
	
	
		
 
                  action="add_email", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("edit_user_emails_delete", "/users/{id}/edit/emails/delete",

			




	
	
	
		
 
                  action="delete_email", conditions=dict(method=["POST"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_user_ips", "/users/{id}/edit/ips",

			




	
	
	
		
 
                  action="edit_ips", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("edit_user_ips_update", "/users/{id}/edit/ips",

			




	
	
	
		
 
                  action="add_ip", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("edit_user_ips_delete", "/users/{id}/edit/ips/delete",

			




	
	
	
		
 
                  action="delete_ip", conditions=dict(method=["POST"]))

			




	
	
	
		
 

			




	
	
	
		
 
    #ADMIN USER GROUPS REST ROUTES

			




	
	
	
		
 
    with rmap.submapper(path_prefix=ADMIN_PREFIX,

			




	
	
	
		
 
                        controller='admin/user_groups') as m:

			




	
	
	
		
 
        m.connect("users_groups", "/user_groups",

			




	
	
	
		
 
                  action="create", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("users_groups", "/user_groups",

			




	
	
	
		
 
                  action="index", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("new_users_group", "/user_groups/new",

			




	
	
	
		
 
                  action="new", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("update_users_group", "/user_groups/{id}",

			




	
	
	
		
 
                  action="update", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("delete_users_group", "/user_groups/{id}/delete",

			




	
	
	
		
 
                  action="delete", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("edit_users_group", "/user_groups/{id}/edit",

			




	
	
	
		
 
                  action="edit", conditions=dict(method=["GET"]),

			




	
	
	
		
 
                  function=check_user_group)

			




	
	
	
		
 

			




	
	
	
		
 
        #EXTRAS USER GROUP ROUTES

			




	
	
	
		
 
        m.connect("edit_user_group_default_perms", "/user_groups/{id}/edit/default_perms",

			




	
	
	
		
 
                  action="edit_default_perms", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("edit_user_group_default_perms_update", "/user_groups/{id}/edit/default_perms",

			




	
	
	
		
 
                  action="update_default_perms", conditions=dict(method=["POST"]))

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_user_group_perms", "/user_groups/{id}/edit/perms",

			




	
	
	
		
 
                  action="edit_perms", conditions=dict(method=["GET"]))

			




	
	
	
		
 
        m.connect("edit_user_group_perms_update", "/user_groups/{id}/edit/perms",

			




	
	
	
		
 
                  action="update_perms", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("edit_user_group_perms_delete", "/user_groups/{id}/edit/perms/delete",

			




	
	
	
		
 
                  action="delete_perms", conditions=dict(method=["POST"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_user_group_advanced", "/user_groups/{id}/edit/advanced",

			




	
	
	
		
 
                  action="edit_advanced", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("edit_user_group_members", "/user_groups/{id}/edit/members",

			




	
	
	
		
 
                  action="edit_members", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
    #ADMIN PERMISSIONS ROUTES

			




	
	
	
		
 
    with rmap.submapper(path_prefix=ADMIN_PREFIX,

			




	
	
	
		
 
                        controller='admin/permissions') as m:

			




	
	
	
		
 
        m.connect("admin_permissions", "/permissions",

			




	
	
	
		
 
                  action="permission_globals", conditions=dict(method=["POST"]))

			




	
	
	
		
 
        m.connect("admin_permissions", "/permissions",

			




	
	
	
		
 
                  action="permission_globals", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("admin_permissions_ips", "/permissions/ips",

			




	
	
	
		
 
                  action="permission_ips", conditions=dict(method=["GET"]))

			




	
	
	
		
 

			




	
	
	
		
 
        m.connect("admin_permissions_perms", "/permissions/perms",

			




	
	
	
		
 
                  action="permission_perms", conditions=dict(method=["GET"]))

			




        

    


    
    

    

        

                

                    kallithea/templates/admin/users/user_add.html
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
	
		
 
## -*- coding: utf-8 -*-

			




	
	
	
		
 
<%inherit file="/base/base.html"/>

			




	
	
	
		
 

			




	
	
	
		
 
<%block name="title">

			




	
	
	
		
 
    ${_('Add user')}

			




	
	
	
		
 
</%block>

			




	
	
	
		
 
<%def name="breadcrumbs_links()">

			




	
	
	
		
 
    ${h.link_to(_('Admin'),h.url('admin_home'))}

			




	
	
	
		
 
    &raquo;

			




	
	
	
		
 
    ${h.link_to(_('Users'),h.url('users'))}

			




	
	
	
		
 
    &raquo;

			




	
	
	
		
 
    ${_('Add User')}

			




	
	
	
		
 
</%def>

			




	
	
	
		
 

			




	
	
	
		
 
<%block name="header_menu">

			




	
	
	
		
 
    ${self.menu('admin')}

			




	
	
	
		
 
</%block>

			




	
	
	
		
 

			




	
	
	
		
 
<%def name="main()">

			




	
	
	
		
 
<div class="box">

			




	
	
	
		
 
    <!-- box / title -->

			




	
	
	
		
 
    <div class="title">

			




	
	
	
		
 
        ${self.breadcrumbs()}

			




	
	
	
		
 
    </div>

			




	
	
	
		
 
    <!-- end box / title -->

			




	
	
	
		
 
    ${h.form(url('users'))}

			




	
	
	
		
 
    ${h.form(url('new_user'))}

			




	
	
	
		
 
    <div class="form">

			




	
	
	
		
 
        <!-- fields -->

			




	
	
	
		
 
        <div class="fields">

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label">

			




	
	
	
		
 
                    <label for="username">${_('Username')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="input">

			




	
	
	
		
 
                    ${h.text('username',class_='small')}

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label">

			




	
	
	
		
 
                    <label for="password">${_('Password')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="input">

			




	
	
	
		
 
                    ${h.password('password',class_='small')}

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label">

			




	
	
	
		
 
                    <label for="password_confirmation">${_('Password confirmation')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="input">

			




	
	
	
		
 
                    ${h.password('password_confirmation',class_="small")}

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label">

			




	
	
	
		
 
                    <label for="firstname">${_('First Name')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="input">

			




	
	
	
		
 
                    ${h.text('firstname',class_='small')}

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label">

			




	
	
	
		
 
                    <label for="lastname">${_('Last Name')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="input">

			




	
	
	
		
 
                    ${h.text('lastname',class_='small')}

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label">

			




	
	
	
		
 
                    <label for="email">${_('Email')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="input">

			




	
	
	
		
 
                    ${h.text('email',class_='small')}

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 

			




	
	
	
		
 
             <div class="field">

			




	
	
	
		
 
                <div class="label label-checkbox">

			




	
	
	
		
 
                    <label for="active">${_('Active')}:</label>

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
                <div class="checkboxes">

			




	
	
	
		
 
                    ${h.checkbox('active',value=True,checked='checked')}

			




	
	
	
		
 
                </div>

			




	
	
	
		
 
             </div>

			




	
	
	
		
 

			




	
	
	
		
 
            ${h.hidden('extern_type', c.default_extern_type)}

			




	
	
	
		
 
            ${h.hidden('extern_name', c.default_extern_name)}

			




	
	
	
		
 
            <div class="buttons">

			




	
	
	
		
 
              ${h.submit('save',_('Save'),class_="btn")}

			




	
	
	
		
 
            </div>

			




	
	
	
		
 
        </div>

			




	
	
	
		
 
    </div>

			




	
	
	
		
 
    ${h.end_form()}

			




	
	
	
		
 
</div>

			




	
	
	
		
 

			




	
	
	
		
 
<script>

			




	
	
	
		
 
    $(document).ready(function(){

			




	
	
	
		
 
        $('#username').focus();

			




	
	
	
		
 
    });

			




	
	
	
		
 
</script>

			




	
	
	
		
 
</%def>

			




        

    


    
    

    

        

                

                    kallithea/tests/functional/test_admin_users.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
	
		
 
# -*- coding: utf-8 -*-

			




	
	
	
		
 
# This program is free software: you can redistribute it and/or modify

			




	
	
	
		
 
# it under the terms of the GNU General Public License as published by

			




	
	
	
		
 
# the Free Software Foundation, either version 3 of the License, or

			




	
	
	
		
 
# (at your option) any later version.

			




	
	
	
		
 
#

			




	
	
	
		
 
# This program is distributed in the hope that it will be useful,

			




	
	
	
		
 
# but WITHOUT ANY WARRANTY; without even the implied warranty of

			




	
	
	
		
 
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

			




	
	
	
		
 
# GNU General Public License for more details.

			




	
	
	
		
 
#

			




	
	
	
		
 
# You should have received a copy of the GNU General Public License

			




	
	
	
		
 
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

			




	
	
	
		
 

			




	
	
	
		
 
from sqlalchemy.orm.exc import NoResultFound, ObjectDeletedError

			




	
	
	
		
 

			




	
	
	
		
 
import pytest

			




	
	
	
		
 
from kallithea.tests.base import *

			




	
	
	
		
 
from kallithea.tests.fixture import Fixture

			




	
	
	
		
 
from kallithea.controllers.admin.users import UsersController

			




	
	
	
		
 
from kallithea.model.db import User, Permission, UserIpMap, UserApiKeys

			




	
	
	
		
 
from kallithea.lib.auth import check_password

			




	
	
	
		
 
from kallithea.model.user import UserModel

			




	
	
	
		
 
from kallithea.model import validators

			




	
	
	
		
 
from kallithea.lib import helpers as h

			




	
	
	
		
 
from kallithea.model.meta import Session

			




	
	
	
		
 
from webob.exc import HTTPNotFound

			




	
	
	
		
 

			




	
	
	
		
 
fixture = Fixture()

			




	
	
	
		
 

			




	
	
	
		
 
@pytest.yield_fixture

			




	
	
	
		
 
def user_and_repo_group_fail():

			




	
	
	
		
 
    username = 'repogrouperr'

			




	
	
	
		
 
    groupname = u'repogroup_fail'

			




	
	
	
		
 
    user = fixture.create_user(name=username)

			




	
	
	
		
 
    repo_group = fixture.create_repo_group(name=groupname, cur_user=username)

			




	
	
	
		
 
    yield user, repo_group

			




	
	
	
		
 
    # cleanup

			




	
	
	
		
 
    try:

			




	
	
	
		
 
        fixture.destroy_repo_group(repo_group)

			




	
	
	
		
 
    except ObjectDeletedError:

			




	
	
	
		
 
        # delete already succeeded in test body

			




	
	
	
		
 
        pass

			




	
	
	
		
 

			




	
	
	
		
 
class TestAdminUsersController(TestController):

			




	
	
	
		
 
    test_user_1 = 'testme'

			




	
	
	
		
 

			




	
	
	
		
 
    @classmethod

			




	
	
	
		
 
    def teardown_class(cls):

			




	
	
	
		
 
        if User.get_by_username(cls.test_user_1):

			




	
	
	
		
 
            UserModel().delete(cls.test_user_1)

			




	
	
	
		
 
            Session().commit()

			




	
	
	
		
 

			




	
	
	
		
 
    def test_index(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        response = self.app.get(url('users'))

			




	
	
	
		
 
        # Test response...

			




	
	
	
		
 
        # TODO: Test response...

			




	
	
	
		
 

			




	
	
	
		
 
    def test_create(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        username = 'newtestuser'

			




	
	
	
		
 
        password = 'test12'

			




	
	
	
		
 
        password_confirmation = password

			




	
	
	
		
 
        name = u'name'

			




	
	
	
		
 
        lastname = u'lastname'

			




	
	
	
		
 
        email = 'mail@example.com'

			




	
	
	
		
 

			




	
	
	
		
 
        response = self.app.post(url('users'),

			




	
	
	
		
 
        response = self.app.post(url('new_user'),

			




	
	
	
		
 
            {'username': username,

			




	
	
	
		
 
             'password': password,

			




	
	
	
		
 
             'password_confirmation': password_confirmation,

			




	
	
	
		
 
             'firstname': name,

			




	
	
	
		
 
             'active': True,

			




	
	
	
		
 
             'lastname': lastname,

			




	
	
	
		
 
             'extern_name': 'internal',

			




	
	
	
		
 
             'extern_type': 'internal',

			




	
	
	
		
 
             'email': email,

			




	
	
	
		
 
             '_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        # 302 Found

			




	
	
	
		
 
        # The resource was found at http://localhost/_admin/users/5/edit; you should be redirected automatically.

			




	
	
	
		
 

			




	
	
	
		
 
        self.checkSessionFlash(response, '''Created user %s''' % username)

			




	
	
	
		
 

			




	
	
	
		
 
        response = response.follow()

			




	
	
	
		
 
        response.mustcontain("""%s user settings""" % username) # in <title>

			




	
	
	
		
 

			




	
	
	
		
 
        new_user = Session().query(User). \

			




	
	
	
		
 
            filter(User.username == username).one()

			




	
	
	
		
 

			




	
	
	
		
 
        assert new_user.username == username

			




	
	
	
		
 
        assert check_password(password, new_user.password) == True

			




	
	
	
		
 
        assert new_user.name == name

			




	
	
	
		
 
        assert new_user.lastname == lastname

			




	
	
	
		
 
        assert new_user.email == email

			




	
	
	
		
 

			




	
	
	
		
 
    def test_create_err(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        username = 'new_user'

			




	
	
	
		
 
        password = ''

			




	
	
	
		
 
        name = u'name'

			




	
	
	
		
 
        lastname = u'lastname'

			




	
	
	
		
 
        email = 'errmail.example.com'

			




	
	
	
		
 

			




	
	
	
		
 
        response = self.app.post(url('users'), {'username': username,

			




	
	
	
		
 
        response = self.app.post(url('new_user'),

			




	
	
	
		
 
            {'username': username,

			




	
	
	
		
 
                                               'password': password,

			




	
	
	
		
 
                                               'name': name,

			




	
	
	
		
 
                                               'active': False,

			




	
	
	
		
 
                                               'lastname': lastname,

			




	
	
	
		
 
                                               'email': email,

			




	
	
	
		
 
                                               '_authentication_token': self.authentication_token()})

			




	
	
	
		
 

			




	
	
	
		
 
        msg = validators.ValidUsername(False, {})._messages['system_invalid_username']

			




	
	
	
		
 
        msg = h.html_escape(msg % {'username': 'new_user'})

			




	
	
	
		
 
        response.mustcontain("""<span class="error-message">%s</span>""" % msg)

			




	
	
	
		
 
        response.mustcontain("""<span class="error-message">Please enter a value</span>""")

			




	
	
	
		
 
        response.mustcontain("""<span class="error-message">An email address must contain a single @</span>""")

			




	
	
	
		
 

			




	
	
	
		
 
        def get_user():

			




	
	
	
		
 
            Session().query(User).filter(User.username == username).one()

			




	
	
	
		
 

			




	
	
	
		
 
        with pytest.raises(NoResultFound):

			




	
	
	
		
 
            get_user(), 'found user in database'

			




	
	
	
		
 

			




	
	
	
		
 
    def test_new(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        response = self.app.get(url('new_user'))

			




	
	
	
		
 

			




	
	
	
		
 
    @parametrize('name,attrs',

			




	
	
	
		
 
        [('firstname', {'firstname': 'new_username'}),

			




	
	
	
		
 
         ('lastname', {'lastname': 'new_username'}),

			




	
	
	
		
 
         ('admin', {'admin': True}),

			




	
	
	
		
 
         ('admin', {'admin': False}),

			




	
	
	
		
 
         ('extern_type', {'extern_type': 'ldap'}),

			




	
	
	
		
 
         ('extern_type', {'extern_type': None}),

			




	
	
	
		
 
         ('extern_name', {'extern_name': 'test'}),

			




	
	
	
		
 
         ('extern_name', {'extern_name': None}),

			




	
	
	
		
 
         ('active', {'active': False}),

			




	
	
	
		
 
         ('active', {'active': True}),

			




	
	
	
		
 
         ('email', {'email': 'someemail@example.com'}),

			




	
	
	
		
 
        # ('new_password', {'new_password': 'foobar123',

			




	
	
	
		
 
        #                   'password_confirmation': 'foobar123'})

			




	
	
	
		
 
        ])

			




	
	
	
		
 
    def test_update(self, name, attrs):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        usr = fixture.create_user(self.test_user_1, password='qweqwe',

			




	
	
	
		
 
                                  email='testme@example.com',

			




	
	
	
		
 
                                  extern_type='internal',

			




	
	
	
		
 
                                  extern_name=self.test_user_1,

			




	
	
	
		
 
                                  skip_if_exists=True)

			




	
	
	
		
 
        Session().commit()

			




	
	
	
		
 
        params = usr.get_api_data(True)

			




	
	
	
		
 
        params.update({'password_confirmation': ''})

			




	
	
	
		
 
        params.update({'new_password': ''})

			




	
	
	
		
 
        params.update(attrs)

			




	
	
	
		
 
        if name == 'email':

			




	
	
	
		
 
            params['emails'] = [attrs['email']]

			




	
	
	
		
 
        if name == 'extern_type':

			




	
	
	
		
 
            #cannot update this via form, expected value is original one

			




	
	
	
		
 
            params['extern_type'] = "internal"

			




	
	
	
		
 
        if name == 'extern_name':

			




	
	
	
		
 
            #cannot update this via form, expected value is original one

			




	
	
	
		
 
            params['extern_name'] = self.test_user_1

			




	
	
	
		
 
            # special case since this user is not

			




	
	
	
		
 
                                          # logged in yet his data is not filled

			




	
	
	
		
 
                                          # so we use creation data

			




	
	
	
		
 

			




	
	
	
		
 
        params.update({'_authentication_token': self.authentication_token()})

			




	
	
	
		
 
        response = self.app.post(url('update_user', id=usr.user_id), params)

			




	
	
	
		
 
        self.checkSessionFlash(response, 'User updated successfully')

			




	
	
	
		
 
        params.pop('_authentication_token')

			




	
	
	
		
 

			




	
	
	
		
 
        updated_user = User.get_by_username(self.test_user_1)

			




	
	
	
		
 
        updated_params = updated_user.get_api_data(True)

			




	
	
	
		
 
        updated_params.update({'password_confirmation': ''})

			




	
	
	
		
 
        updated_params.update({'new_password': ''})

			




	
	
	
		
 

			




	
	
	
		
 
        assert params == updated_params

			




	
	
	
		
 

			




	
	
	
		
 
    def test_delete(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        username = 'newtestuserdeleteme'

			




	
	
	
		
 

			




	
	
	
		
 
        fixture.create_user(name=username)

			




	
	
	
		
 

			




	
	
	
		
 
        new_user = Session().query(User) \

			




	
	
	
		
 
            .filter(User.username == username).one()

			




	
	
	
		
 
        response = self.app.post(url('delete_user', id=new_user.user_id),

			




	
	
	
		
 
            params={'_authentication_token': self.authentication_token()})

			




	
	
	
		
 

			




	
	
	
		
 
        self.checkSessionFlash(response, 'Successfully deleted user')

			




	
	
	
		
 

			




	
	
	
		
 
    def test_delete_repo_err(self):

			




	
	
	
		
 
        self.log_user()

			




	
	
	
		
 
        username = 'repoerr'

			




	
	
	
		
 
        reponame = u'repoerr_fail'

			




	
	
	
		
 

			




	
	
	
		
 
        fixture.create_user(name=username)

			




	
	
	
		
 
        fixture.create_repo(name=reponame, cur_user=username)

			




	
	
	
		
 

			




	
	
	
		
 
        new_user = Session().query(User) \

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.