Compare commits

...

3 Commits

5 changed files with 24 additions and 21 deletions

View File

@ -78,7 +78,7 @@ def create_app():
app.config.from_object( app.config.from_object(
'imaginaerraum_door_admin.default_app_config.DefaultConfig' 'imaginaerraum_door_admin.default_app_config.DefaultConfig'
) )
app.config.from_envvar('APPLICATION_SETTINGS', silent=True) app.config.from_envvar('APPLICATION_SETTINGS')
token_file = Path(app.config.get('TOKEN_FILE')) token_file = Path(app.config.get('TOKEN_FILE'))
if not token_file.exists(): if not token_file.exists():

View File

@ -2,7 +2,7 @@ from wtforms.fields import StringField, BooleanField
from flask import current_app from flask import current_app
from flask_security import hash_password from flask_security import hash_password
from flask_security.forms import LoginForm, Required, PasswordField from flask_security.forms import LoginForm, Required, PasswordField
from flask_security.utils import find_user from flask_security.utils import lookup_identity
from flask_security.models import fsqla_v2 as fsqla from flask_security.models import fsqla_v2 as fsqla
import ldap3 import ldap3
@ -29,7 +29,7 @@ class ExtendedLoginForm(LoginForm):
def validate(self): def validate(self):
# search for user in the current database # search for user in the current database
user = find_user(self.email.data) user = lookup_identity(self.email.data)
if user is not None: if user is not None:
# if a user is found we check if it is associated with LDAP or with # if a user is found we check if it is associated with LDAP or with
# the local database # the local database

View File

@ -4,7 +4,7 @@ setup(install_requires=[
"bleach", "bleach",
"Flask", "Flask",
"Flask-Mail", "Flask-Mail",
"Flask-Security-Too", "Flask-Security-Too>=5.0.1",
"Flask-SQLAlchemy", "Flask-SQLAlchemy",
"Flask-WTF", "Flask-WTF",
"email_validator", "email_validator",
@ -13,6 +13,6 @@ setup(install_requires=[
"wtforms" "wtforms"
], ],
include_package_data=True, include_package_data=True,
scripts=['bin/launch_webadmin'], scripts=['bin/launch_webadmin.py'],
packages=['imaginaerraum_door_admin'], packages=['imaginaerraum_door_admin'],
zip_safe=False) zip_safe=False)

View File

@ -2,7 +2,7 @@ import datetime
import pytest import pytest
from bs4 import BeautifulSoup from bs4 import BeautifulSoup
from flask_security.utils import find_user from flask_security.utils import lookup_identity
from imaginaerraum_door_admin.door_handle import DoorHandle from imaginaerraum_door_admin.door_handle import DoorHandle
from imaginaerraum_door_admin.auth import ExtendedLoginForm from imaginaerraum_door_admin.auth import ExtendedLoginForm
import re import re
@ -18,9 +18,12 @@ def test_login(browser, live_server):
response = browser.get(f'http://localhost:{live_server.port}/login') response = browser.get(f'http://localhost:{live_server.port}/login')
email_form = browser.find_element('id', 'email').send_keys('gandalf') email_form = browser.find_element_by_xpath('//input[@id="email"]')
password_form = browser.find_element('id', 'password').send_keys('shadowfax') email_form.send_keys('gandalf@shire.me')
submit_button = browser.find_element('id', 'submit').click() password_form = browser.find_element_by_xpath('//input[@id="password"]')
password_form.send_keys('shadowfax')
submit_button = browser.find_element_by_xpath('//input[@id="submit"]')
submit_button.click()
assert 'Tür öffnen' in browser.page_source assert 'Tür öffnen' in browser.page_source
@ -122,7 +125,7 @@ def test_login_ldap(client, temp_user, mocker):
return auth, user_data return auth, user_data
mocker.patch('imaginaerraum_door_admin.auth.ExtendedLoginForm.validate_ldap', mock_validate) mocker.patch('imaginaerraum_door_admin.auth.ExtendedLoginForm.validate_ldap', mock_validate)
user = find_user(temp_user['username']) user = lookup_identity(temp_user['username'])
# remove local role so that ldap authentication is the default # remove local role so that ldap authentication is the default
user.roles.pop(0) user.roles.pop(0)
@ -152,7 +155,7 @@ def test_login_ldap_new_user(client, mocker):
mocker.patch('imaginaerraum_door_admin.auth.ExtendedLoginForm.validate_ldap', mock_validate) mocker.patch('imaginaerraum_door_admin.auth.ExtendedLoginForm.validate_ldap', mock_validate)
# initially, the Balrog user should not exist # initially, the Balrog user should not exist
user = find_user('Balrog') user = lookup_identity('Balrog')
assert user is None assert user is None
# log in temp user using ldap -> this will succeed and create a local user # log in temp user using ldap -> this will succeed and create a local user
@ -161,7 +164,7 @@ def test_login_ldap_new_user(client, mocker):
soup = BeautifulSoup(response.data, 'html.parser') soup = BeautifulSoup(response.data, 'html.parser')
# make sure user is now created locally # make sure user is now created locally
user = find_user('Balrog') user = lookup_identity('Balrog')
assert user is not None assert user is not None
# make sure login succeeded -> Tür öffnen button will appear # make sure login succeeded -> Tür öffnen button will appear
@ -263,7 +266,7 @@ def temp_admin(client_authenticated):
response = client_authenticated.get( response = client_authenticated.get(
f"/promote_admin/{username}", f"/promote_admin/{username}",
follow_redirects=True) follow_redirects=True)
user = find_user(username) user = lookup_identity(username)
assert user.has_role('admin') assert user.has_role('admin')
return {'username': username, return {'username': username,
@ -290,7 +293,7 @@ def test_create_admin(client_authenticated):
response = client_authenticated.get('/logout') response = client_authenticated.get('/logout')
# try to log in new user using the extracted password # try to log in new user using the extracted password
response = headless_login(client_authenticated, user='bilbo', response = headless_login(client_authenticated, user='bilbo@shire.me',
password=password) password=password)
# - see if it works # - see if it works
soup = BeautifulSoup(response.data, 'html.parser') soup = BeautifulSoup(response.data, 'html.parser')
@ -314,7 +317,7 @@ def test_activate_deactivate_user(temp_user, client_authenticated):
f"/admin_toggle_active/{temp_user['username']}", f"/admin_toggle_active/{temp_user['username']}",
follow_redirects=True) follow_redirects=True)
# make sure the user is now inactive # make sure the user is now inactive
user = find_user(temp_user['username']) user = lookup_identity(temp_user['username'])
assert user is not None assert user is not None
assert not user.active assert not user.active
@ -323,7 +326,7 @@ def test_activate_deactivate_user(temp_user, client_authenticated):
follow_redirects=True) follow_redirects=True)
# now the user should be active again # now the user should be active again
user = find_user(temp_user['username']) user = lookup_identity(temp_user['username'])
assert user is not None assert user is not None
assert user.active assert user.active
@ -349,7 +352,7 @@ def test_delete_admin(temp_user, client_authenticated):
# we need to deactivate the user first # we need to deactivate the user first
assert 'Bitte den Benutzer zuerst deaktivieren.' in response.data.decode() assert 'Bitte den Benutzer zuerst deaktivieren.' in response.data.decode()
# make sure the user still exists # make sure the user still exists
user = find_user(temp_user['username']) user = lookup_identity(temp_user['username'])
assert user is not None assert user is not None
# deactivate the user and try deleting it again # deactivate the user and try deleting it again
@ -364,7 +367,7 @@ def test_delete_admin(temp_user, client_authenticated):
assert 'Der eingegebene Nutzername stimmt nicht überein' \ assert 'Der eingegebene Nutzername stimmt nicht überein' \
in response.data.decode() in response.data.decode()
# make sure the user still exists # make sure the user still exists
user = find_user(temp_user['username']) user = lookup_identity(temp_user['username'])
assert user is not None assert user is not None
# now we send the confirmation data with the request # now we send the confirmation data with the request
@ -380,7 +383,7 @@ def test_delete_admin(temp_user, client_authenticated):
assert f"Benutzer {temp_user['username']} wurde gelöscht." in response.data.decode() assert f"Benutzer {temp_user['username']} wurde gelöscht." in response.data.decode()
# make sure the user now is gone # make sure the user now is gone
user = find_user(temp_user['username']) user = lookup_identity(temp_user['username'])
assert user is None assert user is None
@ -391,7 +394,7 @@ def test_promote_user(temp_user, client_authenticated):
follow_redirects=True) follow_redirects=True)
assert 'Ungültiger Nutzer' in response.data.decode() assert 'Ungültiger Nutzer' in response.data.decode()
user = find_user(temp_user['username']) user = lookup_identity(temp_user['username'])
assert user is not None assert user is not None
assert not user.has_role('admin') assert not user.has_role('admin')
# grant admin permissions to test user # grant admin permissions to test user
@ -415,7 +418,7 @@ def test_demote_user(temp_admin, client_authenticated):
follow_redirects=True) follow_redirects=True)
assert 'Ungültiger Nutzer' in response.data.decode() assert 'Ungültiger Nutzer' in response.data.decode()
user = find_user(temp_admin['username']) user = lookup_identity(temp_admin['username'])
assert user.has_role('admin') assert user.has_role('admin')
# try removing admin permissions # try removing admin permissions
response = client_authenticated.get( response = client_authenticated.get(