Changeset 1d92bf2 in OpenWorkouts-current for ow/tests

Timestamp:

Dec 16, 2018, 1:07:04 AM (5 years ago)

Author:

borja <borja@…>

Branches:

current, feature/docs, master

Children:

6560b8f

Parents:

929097a

Message:

(#37) Allow login using email address instead of username:

• Use user uids as keys in the root folder for referencing user objects (instead of username)

• Use uids for referencing users all over the place (auth, permissions, traversal urls, etc)

• Replaced the username concept with nickname. This nickname will be used as a shortcut to access "public profile" pages for users

• Reworked lots of basic methods in the OpenWorkouts root object (s/username/nickname, marked as properties some methods like users, emails, etc)

• Added new add_user() and delete_user() helpers to the OpenWorkouts root object

• Modified views to match the new OpenWorkouts root helpers

• Fixed bug in the dashboard redirect view, causing an endless loop if an authenticated user does not exist anymore when loading a page.

• Lots of tests fixes, adaptations and catch up.

Location:

ow/tests

Files:

• models/test_root.py (modified) (5 diffs)
• models/test_workout.py (modified) (1 diff)
• schemas/test_user.py (modified) (4 diffs)
• test_catalog.py (modified) (3 diffs)
• test_security.py (modified) (1 diff)
• views/test_root.py (modified) (5 diffs)
• views/test_user.py (modified) (24 diffs)

ow/tests/models/test_root.py

@@ -1 +1 @@
 import json
+from unittest.mock import Mock
 from datetime import datetime, timedelta, timezone
 
 import pytest
+from repoze.catalog.catalog import Catalog
 
 from ow.models.workout import Workout
@@ -12 +14 @@
 
     @pytest.fixture
-    def root(self):
+    def john(self):
+        user = User(firstname='John', lastname='Doe',
+                    email='john.doe@example.net')
+        user.password = 's3cr3t'
+        return user
+
+    @pytest.fixture
+    def root(self, john):
         root = OpenWorkouts()
-        root['john'] = User(firstname='John', lastname='Doe',
-                            email='john.doe@example.net')
-        root['john'].password = 's3cr3t'
+        root.add_user(john)
         workout = Workout(
             start=datetime(2015, 6, 28, 12, 55, tzinfo=timezone.utc),
@@ -22 +29 @@
             distance=30, sport='cycling'
         )
-        root['john'].add_workout(workout)
+        john.add_workout(workout)
         return root
 
-    def test_all_usernames(self, root):
-        # the method returns an OOBtree object
-        assert [u for u in root.all_usernames()] == ['john']
+    def test__init__(self, root):
+        # a new OpenWorkouts instance has a catalog created automatically
+        assert isinstance(root.catalog, Catalog)
+        assert len(root.catalog) == 2
+        assert 'email' in root.catalog
+        assert 'sport' in root.catalog
 
-    def test_lowercase_usernames(self, root):
-        root.add_user(uid='Jack', firstname='Jack', lastname='Dumb',
-                      email='jack.dumb@example.net')
-        assert root.lowercase_usernames() == ['jack', 'john']
+    def test_add_user_ok(self, root):
+        assert len(root.users) == 1
+        user = User(firstname='New', lastname='For Testing',
+                    email='new.for.testing@example.net')
+        root.add_user(user)
+        assert len(root.users) == 2
+        assert user in root.users
+
+    def test_add_user_invalid(self, root):
+        assert len(root.users) == 1
+        with pytest.raises(AttributeError):
+            root.add_user('faked-user-object')
+
+    def test_del_user_ok(self, root, john):
+        assert len(root.users) == 1
+        root.del_user(john)
+        assert len(root.users) == 0
+
+    def test_del_user_failure(self, root):
+        assert len(root.users) == 1
+        with pytest.raises(AttributeError):
+            root.add_user('faked-user-object')
+
+    def test_get_user_by_uid(self, root, john):
+        # first, get an user that does exist
+        user = root.get_user_by_uid(str(john.uid))
+        assert user == john
+        # now, without converting first to str, works too
+        user = root.get_user_by_uid(john.uid)
+        assert user == john
+        # now, something that is not there
+        new_user = User(firstname='someone', lastname='else',
+                        email='someone.else@example.net')
+        user = root.get_user_by_uid(new_user.uid)
+        assert user is None
+        # now, something that is not an uid
+        user = root.get_user_by_uid('faked-user-uid')
+        assert user is None
+
+    def test_get_user_by_email(self, root, john):
+        # first, get an user that does exist
+        user = root.get_user_by_email(str(john.email))
+        assert user == john
+        # now, something that is not there
+        new_user = User(firstname='someone', lastname='else',
+                        email='someone.else@example.net')
+        user = root.get_user_by_email(new_user.email)
+        assert user is None
+        # now, something that is not an email
+        user = root.get_user_by_email('faked-user-email')
+        assert user is None
+        # passing in None
+        user = root.get_user_by_email(None)
+        assert user is None
+        # passing in something that is not None or a string will break
+        # the query code
+        with pytest.raises(TypeError):
+            user = root.get_user_by_email(False)
+        with pytest.raises(TypeError):
+            user = root.get_user_by_email(Mock())
+
+    def test_users(self, root, john):
+        assert root.users == [john]
+
+    def test_all_nicknames(self, root, john):
+        # the existing user has not a nickname, and empty nicknames are not
+        # added to the list of nicknames
+        assert root.all_nicknames == []
+        # now set one
+        john.nickname = 'MrJohn'
+        assert root.all_nicknames == ['MrJohn']
+
+    def test_lowercase_nicknames(self, root, john):
+        # the existing user has not a nickname
+        assert root.lowercase_nicknames == []
+        # now set one
+        john.nickname = 'MrJohn'
+        assert root.lowercase_nicknames == ['mrjohn']
 
     def test_emails(self, root):
-        assert root.emails() == ['john.doe@example.net']
+        assert root.emails == ['john.doe@example.net']
 
     def test_lowercase_emails(self, root):
-        root.add_user(uid='Jack', firstname='Jack', lastname='Dumb',
-                      email='Jack.Dumb@example.net')
-        assert root.lowercase_emails() == ['jack.dumb@example.net',
-                                           'john.doe@example.net']
+        user = User(firstname='Jack', lastname='Dumb',
+                    email='Jack.Dumb@example.net')
+        root.add_user(user)
+        assert root.lowercase_emails == ['john.doe@example.net',
+                                         'jack.dumb@example.net']
 
-    def test_users(self, root):
-        # the method returns an OOBtree object
-        assert [u for u in root.users()] == [root['john']]
-
-    def test_get_user(self, root):
-        assert root.get_user('john') == root['john']
-        assert root.get_user('jack') is None
-        with pytest.raises(TypeError):
-            root.get_user()
-
-    def test_add_user(self, root):
-        assert len(root.users()) == 1
-        root.add_user(uid='jack', firstname='Jack', lastname='Dumb',
-                      email='jack.dumb@example.net')
-        assert len(root.users()) == 2
-        assert 'jack' in root.all_usernames()
-
-    def test_sports(self, root):
+    def test_sports(self, root, john):
         assert root.sports == ['cycling']
         workout = Workout(
@@ -66 +134 @@
             duration=timedelta(minutes=60),
             distance=10, sport='running')
-        root['john'].add_workout(workout)
+        john.add_workout(workout)
         assert root.sports == ['cycling', 'running']
 
-    def test_sports_json(self, root):
+    def test_sports_json(self, root, john):
         assert root.sports_json == json.dumps(["cycling"])
         workout = Workout(
@@ -75 +143 @@
             duration=timedelta(minutes=60),
             distance=10, sport='running')
-        root['john'].add_workout(workout)
+        john.add_workout(workout)
         assert root.sports_json == json.dumps(["cycling", "running"])

ow/tests/models/test_workout.py

@@ -56 +56 @@
         assert expected == joe['1'].end
         assert 250 == joe['1'].distance * 1000
-
-    def test_add_user(self, root):
-        root.add_user('fred', firstname=u'Fred', lastname=u'Flintstone')
-        assert u'Fred Flintstone' == root['fred'].fullname
 
     def test_workout_id(self, root):

ow/tests/schemas/test_user.py

@@ -4 +4 @@
 
 from ow.models.user import User
-from ow.schemas.user import PasswordMatch, UniqueUsername, UniqueEmail
+from ow.schemas.user import PasswordMatch, UniqueNickname, UniqueEmail
 
 
@@ -27 +27 @@
 
 
-class TestUniqueUsername(object):
+class TestUniqueNickname(object):
 
     @pytest.fixture
@@ -35 +35 @@
 
     def test_validate_python_exists(self, state):
-        validator = UniqueUsername()
+        validator = UniqueNickname()
         with pytest.raises(Invalid):
             validator._validate_python('test', state)
@@ -42 +42 @@
 
     def test_validate_python_not_exists(self, state):
-        validator = UniqueUsername()
+        validator = UniqueNickname()
         res = validator._validate_python('not-existing', state)
         assert res is None

ow/tests/test_catalog.py

@@ -56 +56 @@
         changes = update_indexes(catalog, indexes)
         assert changes['added'] == ['newindex']
-        assert changes['removed'] == ['sport']
+        assert changes['removed'] == ['email', 'sport']
 
     def test_update_indexes_empty(self, root):
@@ -63 +63 @@
         changes = update_indexes(catalog, indexes)
         assert changes['added'] == []
-        assert changes['removed'] == ['sport']
+        assert changes['removed'] == ['email', 'sport']
 
     def test_install_catalog(self):
         root = OpenWorkouts()
+        assert isinstance(getattr(root, 'catalog', None), Catalog)
+        del root.catalog
         assert getattr(root, 'catalog', None) is None
         install_catalog(root)
@@ -78 +80 @@
     def test_get_catalog_not_existing_catalog(self):
         root = OpenWorkouts()
+        assert isinstance(getattr(root, 'catalog', None), Catalog)
+        del root.catalog
         assert getattr(root, 'catalog', None) is None
         catalog = get_catalog(root)

ow/tests/test_security.py

@@ -22 +22 @@
         request.root = root
         # User does exist
-        assert groupfinder('john', request) == ['john']
+        assert groupfinder('john', request) == [str(root['john'].uid)]
         # User does not exist
         assert groupfinder('jack', request) == []

ow/tests/views/test_root.py

@@ -20 +20 @@
 
     @pytest.fixture
-    def root(self):
+    def john(self):
+        user = User(firstname='John', lastname='Doe',
+                    email='john.doe@example.net')
+        user.password = 's3cr3t'
+        return user
+
+    @pytest.fixture
+    def root(self, john):
         root = OpenWorkouts()
-        root['john'] = User(firstname='John', lastname='Doe',
-                            email='john.doe@example.net')
-        root['john'].password = 's3cr3t'
+        root.add_user(john)
         workout = Workout(
             start=datetime(2015, 6, 28, 12, 55, tzinfo=timezone.utc),
@@ -30 +35 @@
             distance=30, sport='cycling'
         )
-        root['john'].add_workout(workout)
+        john.add_workout(workout)
         return root
 
@@ -50 +55 @@
         return request
 
-    def test_user_list(self, get_request):
+    def test_user_list(self, get_request, john):
         request = get_request
         response = user_list(request.root, request)
-        assert list(response['users']) == [request.root['john']]
+        assert list(response['users']) == [john]
 
     def test_add_user_get(self, get_request):
@@ -66 +71 @@
         response = add_user(request.root, request)
         assert 'form' in response
-        # All required fields (4) are marked in the form errors
+        # All required fields (3) are marked in the form errors
         # You can see which fields are required in the schema
         # ow.schemas.user.UserAddSchema
-        assert len(response['form'].form.errors) == 4
+        errors = response['form'].form.errors
+        assert len(errors) == 3
+        assert 'email' in errors
+        assert 'firstname' in errors
+        assert 'lastname' in errors
 
     def test_add_user_post_valid(self, post_request):
         request = post_request
-        request.POST['uid'] = 'addeduser'
+        request.POST['nickname'] = 'addeduser'
         request.POST['email'] = 'addeduser@example.net'
         request.POST['firstname'] = 'added'
@@ -80 +89 @@
         assert isinstance(response, HTTPFound)
         assert response.location.endswith('/userlist')
-        assert len(request.root.all_usernames()) == 2
-        assert 'addeduser' in request.root.all_usernames()
+        # 1 nick name, as the default user has no nickname
+        assert len(request.root.all_nicknames) == 1
+        assert 'addeduser' in request.root.all_nicknames

ow/tests/views/test_user.py

@@ -24 +24 @@
 
     @pytest.fixture
-    def root(self):
+    def john(self):
+        user = User(firstname='John', lastname='Doe',
+                    email='john.doe@example.net')
+        user.password = 's3cr3t'
+        return user
+
+    @pytest.fixture
+    def root(self, john):
         root = OpenWorkouts()
-        root['john'] = User(firstname='John', lastname='Doe',
-                            email='john.doe@example.net')
-        root['john'].password = 's3cr3t'
+        root.add_user(john)
         workout = Workout(
             start=datetime(2015, 6, 28, 12, 55, tzinfo=timezone.utc),
@@ -34 +39 @@
             distance=30
         )
-        root['john'].add_workout(workout)
+        john.add_workout(workout)
         return root
 
@@ -44 +49 @@
 
     @pytest.fixture
-    def profile_post_request(self, root):
+    def profile_post_request(self, root, john):
         """
         This is a valid POST request to update an user profile.
         Form will validate, but nothing will be really updated/changed.
         """
-        user = root['john']
+        user = john
         request = DummyRequest()
         request.root = root
@@ -94 +99 @@
         request.POST = MultiDict({
             'submit': True,
-            'username': 'JackBlack',
+            'nickname': 'JackBlack',
             'email': 'jack.black@example.net',
             'firstname': 'Jack',
@@ -134 +139 @@
         assert response.location == '/dashboard'
 
-    def test_dashboard(self, dummy_request):
+    def test_dashboard(self, dummy_request, john):
         """
         Renders the user dashboard
         """
         request = dummy_request
-        user = request.root['john']
-        response = user_views.dashboard(user, request)
+        response = user_views.dashboard(john, request)
         assert response == {}
 
-    def test_profile(self, dummy_request):
+    def test_profile(self, dummy_request, john):
         """
         Renders the user profile page
         """
         request = dummy_request
-        user = request.root['john']
-        response = user_views.profile(user, request)
+        response = user_views.profile(john, request)
         assert response == {}
 
@@ -159 +162 @@
         response = user_views.login(request.root, request)
         assert response['message'] == ''
-        assert response['username'] == ''
+        assert response['email'] == ''
         assert response['password'] == ''
         assert response['redirect_url'] == request.resource_url(request.root)
 
-    def test_login_get_return_to(self, dummy_request):
+    def test_login_get_return_to(self, dummy_request, john):
         """
         GET request to access the login page, if there is a page set to where
@@ -170 +173 @@
         """
         request = dummy_request
-        workout = request.root['john'].workouts()[0]
+        workout = john.workouts()[0]
         workout_url = request.resource_url(workout)
         request.params['return_to'] = workout_url
@@ -176 +179 @@
         assert response['redirect_url'] == workout_url
 
-    def test_login_post_bad_username(self, dummy_request):
+    def test_login_post_wrong_email(self, dummy_request):
         request = dummy_request
         request.method = 'POST'
         request.POST['submit'] = True
-        request.POST['username'] = 'jack'
+        request.POST['email'] = 'jack@example.net'
         response = user_views.login(request.root, request)
-        assert response['message'] == u'Bad username'
-
-    def test_login_post_bad_password(self, dummy_request):
+        assert response['message'] == u'Wrong email address'
+
+    def test_login_post_wrong_password(self, dummy_request):
         request = dummy_request
         request.method = 'POST'
         request.POST['submit'] = True
-        request.POST['username'] = 'john'
+        request.POST['email'] = 'john.doe@example.net'
         request.POST['password'] = 'badpassword'
         response = user_views.login(request.root, request)
-        assert response['message'] == u'Bad password'
+        assert response['message'] == u'Wrong password'
 
     @patch('ow.views.user.remember')
@@ -198 +201 @@
         request.method = 'POST'
         request.POST['submit'] = True
-        request.POST['username'] = 'john'
+        request.POST['email'] = 'john.doe@example.net'
         request.POST['password'] = 's3cr3t'
         response = user_views.login(request.root, request)
@@ -216 +219 @@
 
     @pytest.mark.parametrize('extension', extensions)
-    def test_profile_picture(self, extension, dummy_request):
+    def test_profile_picture(self, extension, dummy_request, john):
         """
         GET request to get the profile picture of an user.
@@ -222 +225 @@
         request = dummy_request
         # Get the user
-        user = request.root['john']
+        user = john
         # Get the path to the image, then open it and copy it to a new Blob
         # object
@@ -242 +245 @@
         assert response.content_type == 'image'
 
-    def test_edit_profile_get(self, dummy_request):
+    def test_edit_profile_get(self, dummy_request, john):
         """
         GET request to the edit profile page, returns the form ready to
@@ -248 +251 @@
         """
         request = dummy_request
-        user = request.root['john']
+        user = john
         response = user_views.edit_profile(user, request)
         assert isinstance(response['form'], OWFormRenderer)
@@ -261 +264 @@
         assert response['form'].data['email'] == 'john.doe@example.net'
 
-    def test_edit_profile_post_ok(self, profile_post_request):
+    def test_edit_profile_post_ok(self, profile_post_request, john):
         request = profile_post_request
-        user = request.root['john']
+        user = john
         # Update the bio field
         bio = 'Some text about this user'
@@ -272 +275 @@
         assert user.bio == bio
 
-    def test_edit_profile_post_missing_required(self, profile_post_request):
+    def test_edit_profile_post_missing_required(
+            self, profile_post_request, john):
         request = profile_post_request
         request.POST['email'] = ''
-        user = request.root['john']
+        user = john
         response = user_views.edit_profile(user, request)
         assert isinstance(response['form'], OWFormRenderer)
@@ -284 +288 @@
         assert response['form'].errors_for('email') == [error]
 
-    def test_change_password_get(self, dummy_request):
-        request = dummy_request
-        user = request.root['john']
+    def test_change_password_get(self, dummy_request, john):
+        request = dummy_request
+        user = john
         response = user_views.change_password(user, request)
         assert isinstance(response['form'], OWFormRenderer)
@@ -292 +296 @@
         assert response['form'].errorlist() == ''
 
-    def test_change_password_post_ok(self, passwd_post_request):
+    def test_change_password_post_ok(self, passwd_post_request, john):
         request = passwd_post_request
-        user = request.root['john']
+        user = john
         request.POST['old_password'] = 's3cr3t'
         request.POST['password'] = 'h1dd3n s3cr3t'
@@ -305 +309 @@
         assert user.check_password('h1dd3n s3cr3t')
 
-    def test_change_password_post_no_values(self, passwd_post_request):
+    def test_change_password_post_no_values(self, passwd_post_request, john):
         request = passwd_post_request
-        user = request.root['john']
+        user = john
         response = user_views.change_password(user, request)
         assert isinstance(response['form'], OWFormRenderer)
@@ -322 +326 @@
         assert user.check_password('s3cr3t')
 
-    def test_change_password_post_bad_old_password(self, passwd_post_request):
+    def test_change_password_post_bad_old_password(
+            self, passwd_post_request, john):
         request = passwd_post_request
-        user = request.root['john']
+        user = john
         request.POST['old_password'] = 'FAIL PASSWORD'
         request.POST['password'] = 'h1dd3n s3cr3t'
@@ -338 +343 @@
         assert not user.check_password('h1dd3n s3cr3t')
 
-    def test_change_password_post_password_mismatch(self, passwd_post_request):
+    def test_change_password_post_password_mismatch(
+            self, passwd_post_request, john):
         request = passwd_post_request
-        user = request.root['john']
+        user = john
         request.POST['old_password'] = 's3cr3t'
         request.POST['password'] = 'h1dd3n s3cr3ts'
@@ -363 +369 @@
     def test_signup_post_ok(self, signup_post_request):
         request = signup_post_request
-        assert 'JackBlack' not in request.root.all_usernames()
+        assert 'jack.black@example.net' not in request.root.emails
+        assert 'JackBlack' not in request.root.all_nicknames
         response = user_views.signup(request.root, request)
         assert isinstance(response, HTTPFound)
         assert response.location == request.resource_url(request.root)
-        assert 'JackBlack' in request.root.all_usernames()
+        assert 'jack.black@example.net' in request.root.emails
+        assert 'JackBlack' in request.root.all_nicknames
 
     def test_signup_missing_required(self, signup_post_request):
         request = signup_post_request
         request.POST['email'] = ''
-        assert 'JackBlack' not in request.root.all_usernames()
+        assert 'jack.black@example.net' not in request.root.emails
+        assert 'JackBlack' not in request.root.all_nicknames
         response = user_views.signup(request.root, request)
         assert isinstance(response['form'], OWFormRenderer)
@@ -382 +391 @@
         assert errorlist == html_error
         assert response['form'].errors_for('email') == [error]
-        assert 'JackBlack' not in request.root.all_usernames()
-
-    def test_signup_existing_username(self, signup_post_request):
+        assert 'jack.black@example.net' not in request.root.emails
+        assert 'JackBlack' not in request.root.all_nicknames
+
+    def test_signup_existing_nickname(self, signup_post_request, john):
         request = signup_post_request
-        request.POST['username'] = 'john'
-        assert 'JackBlack' not in request.root.all_usernames()
+        # assign john a nickname first
+        john.nickname = 'john'
+        # now set it for the POST request
+        request.POST['nickname'] = 'john'
+        # check jack is not there yet
+        assert 'jack.black@example.net' not in request.root.emails
+        assert 'JackBlack' not in request.root.all_nicknames
+        # now signup as jack, but trying to set the nickname 'john'
         response = user_views.signup(request.root, request)
         assert isinstance(response['form'], OWFormRenderer)
-        error = u'Another user is already registered with the username john'
+        error = u'Another user is already using the nickname john'
         html_error = '<ul class="error">'
         html_error += '<li>' + error + '</li>'
@@ -396 +412 @@
         errorlist = response['form'].errorlist().replace('\n', '')
         assert errorlist == html_error
-        assert response['form'].errors_for('username') == [error]
-        assert 'JackBlack' not in request.root.all_usernames()
+        assert response['form'].errors_for('nickname') == [error]
+        # all the errors, and jack is not there
+        assert 'jack.black@example.net' not in request.root.emails
+        assert 'JackBlack' not in request.root.all_nicknames
 
     def test_signup_existing_email(self, signup_post_request):
         request = signup_post_request
         request.POST['email'] = 'john.doe@example.net'
-        assert 'JackBlack' not in request.root.all_usernames()
+        assert 'jack.black@example.net' not in request.root.emails
+        assert 'JackBlack' not in request.root.all_nicknames
         response = user_views.signup(request.root, request)
         assert isinstance(response['form'], OWFormRenderer)
@@ -413 +432 @@
         assert errorlist == html_error
         assert response['form'].errors_for('email') == [error]
-        assert 'JackBlack' not in request.root.all_usernames()
+        assert 'jack.black@example.net' not in request.root.emails
+        assert 'JackBlack' not in request.root.all_nicknames