test_project_passwords.py
9.32 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
# -*- coding: utf8 -*-
# This file is part of PyBossa.
#
# Copyright (C) 2015 SciFabric LTD.
#
# PyBossa is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# PyBossa is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with PyBossa. If not, see <http://www.gnu.org/licenses/>.
from default import Test, db, with_context
from factories import ProjectFactory, TaskFactory, UserFactory, BlogpostFactory
from mock import patch
from pybossa.repositories import ProjectRepository
project_repo = ProjectRepository(db)
def configure_mock_current_user_from(user, mock):
def is_anonymous():
return user is None
mock.is_anonymous.return_value = is_anonymous()
mock.admin = user.admin if user != None else None
mock.id = user.id if user != None else None
return mock
class TestProjectPassword(Test):
from pybossa.view.projects import redirect
@patch('pybossa.view.projects.redirect', wraps=redirect)
def test_password_view_func_post(self, redirect):
"""Test when posting to /project/short_name/password and password is correct
the user is redirected to where they came from"""
project = ProjectFactory.create()
task = TaskFactory.create(project=project)
project.set_password('mysecret')
project_repo.update(project)
redirect_url = '/project/%s/task/%s' % (project.short_name, task.id)
url = '/project/%s/password?next=%s' % (project.short_name, redirect_url)
res = self.app.post(url, data={'password': 'mysecret'})
redirect.assert_called_with(redirect_url)
def test_password_view_func_post_wrong_passwd(self):
"""Test when posting to /project/short_name/password and password is incorrect
an error message is flashed"""
project = ProjectFactory.create()
task = TaskFactory.create(project=project)
project.set_password('mysecret')
project_repo.update(project)
url = '/project/%s/password?next=/project/%s/task/%s' % (
project.short_name, project.short_name, task.id)
res = self.app.post(url, data={'password': 'bad_passwd'})
assert 'Sorry, incorrect password' in res.data, "No error message shown"
def test_password_view_func_no_project(self):
"""Test when receiving a request to a non-existing project, return 404"""
get_res = self.app.get('/project/noapp/password')
post_res = self.app.post('/project/noapp/password')
assert get_res.status_code == 404, get_res.status_code
assert post_res.status_code == 404, post_res.status_code
def test_password_required_for_anonymous_contributors(self):
"""Test when an anonymous user wants to contribute to a password
protected project is redirected to the password view"""
project = ProjectFactory.create()
TaskFactory.create(project=project)
project.set_password('mysecret')
project_repo.update(project)
res = self.app.get('/project/%s/newtask' % project.short_name, follow_redirects=True)
assert 'Enter the password to contribute' in res.data
res = self.app.get('/project/%s/task/1' % project.short_name, follow_redirects=True)
assert 'Enter the password to contribute' in res.data
def test_password_not_required_for_anonymous_contributors(self):
"""Test when an anonymous user wants to contribute to a non-password
protected project is able to do it"""
project = ProjectFactory.create()
TaskFactory.create(project=project)
res = self.app.get('/project/%s/newtask' % project.short_name, follow_redirects=True)
assert 'Enter the password to contribute' not in res.data
res = self.app.get('/project/%s/task/1' % project.short_name, follow_redirects=True)
assert 'Enter the password to contribute' not in res.data
@patch('pybossa.password_manager.current_user')
def test_password_required_for_authenticated_contributors(self, mock_user):
"""Test when an authenticated user wants to contribute to a password
protected project is redirected to the password view"""
project = ProjectFactory.create()
TaskFactory.create(project=project)
project.set_password('mysecret')
project_repo.update(project)
user = UserFactory.create()
configure_mock_current_user_from(user, mock_user)
res = self.app.get('/project/%s/newtask' % project.short_name, follow_redirects=True)
assert 'Enter the password to contribute' in res.data
res = self.app.get('/project/%s/task/1' % project.short_name, follow_redirects=True)
assert 'Enter the password to contribute' in res.data
@patch('pybossa.password_manager.current_user')
def test_password_not_required_for_authenticated_contributors(self, mock_user):
"""Test when an authenticated user wants to contribute to a non-password
protected project is able to do it"""
project = ProjectFactory.create()
TaskFactory.create(project=project)
user = UserFactory.create()
configure_mock_current_user_from(user, mock_user)
res = self.app.get('/project/%s/newtask' % project.short_name, follow_redirects=True)
assert 'Enter the password to contribute' not in res.data
res = self.app.get('/project/%s/task/1' % project.short_name, follow_redirects=True)
assert 'Enter the password to contribute' not in res.data
@patch('pybossa.password_manager.current_user')
def test_password_not_required_for_admins(self, mock_user):
"""Test when an admin wants to contribute to a password
protected project is able to do it"""
user = UserFactory.create()
configure_mock_current_user_from(user, mock_user)
assert mock_user.admin
project = ProjectFactory.create()
TaskFactory.create(project=project)
project.set_password('mysecret')
project_repo.update(project)
res = self.app.get('/project/%s/newtask' % project.short_name, follow_redirects=True)
assert 'Enter the password to contribute' not in res.data
res = self.app.get('/project/%s/task/1' % project.short_name, follow_redirects=True)
assert 'Enter the password to contribute' not in res.data
@patch('pybossa.password_manager.current_user')
def test_password_not_required_for_owner(self, mock_user):
"""Test when the owner wants to contribute to a password
protected project is able to do it"""
owner = UserFactory.create_batch(2)[1]
configure_mock_current_user_from(owner, mock_user)
assert owner.admin is False
project = ProjectFactory.create(owner=owner)
assert project.owner.id == owner.id
TaskFactory.create(project=project)
project.set_password('mysecret')
project_repo.update(project)
res = self.app.get('/project/%s/newtask' % project.short_name, follow_redirects=True)
assert 'Enter the password to contribute' not in res.data
res = self.app.get('/project/%s/task/1' % project.short_name, follow_redirects=True)
assert 'Enter the password to contribute' not in res.data
def test_endpoints_with_password_protection(self):
"""Test all the endpoints for "reading" a project use password protection """
endpoints_requiring_password = (
'/', '/tutorial', '/1/results.json',
'/tasks/', '/tasks/browse', '/tasks/export',
'/stats', '/blog', '/1', '/task/1')
project = ProjectFactory.create()
TaskFactory.create(project=project)
BlogpostFactory.create(project=project)
project.set_password('mysecret')
project_repo.update(project)
for endpoint in endpoints_requiring_password:
res = self.app.get('/project/%s%s' % (project.short_name, endpoint),
follow_redirects=True)
assert 'Enter the password to contribute' in res.data, endpoint
@patch('pybossa.view.projects.ensure_authorized_to')
def test_password_protection_overrides_normal_auth(self, fake_authorizer):
"""Test if a project is password protected, that is the only authorization
required for it to be seen"""
project = ProjectFactory.create(published=False)
TaskFactory.create(project=project)
project.set_password('mysecret')
project_repo.update(project)
self.app.get('/project/%s' % project.short_name, follow_redirects=True)
assert fake_authorizer.called == False
@patch('pybossa.view.projects.ensure_authorized_to')
def test_normal_auth_used_if_no_password_protected(self, fake_authorizer):
"""Test if a project is password protected, that is the only authorization
required for it to be seen"""
project = ProjectFactory.create()
TaskFactory.create(project=project)
self.app.get('/project/%s' % project.short_name, follow_redirects=True)
assert fake_authorizer.called == True