| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
This removes some 'u' prefixes and converts simple format() calls to f-strings.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Signed-off-by: Loic Dachary <loic@dachary.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes a lot of the issues with the LocalUser changes that were
merged recently. There was a problem where the attributes of LocalUser
were not being eagerly loaded and because the Session was detached an
exception was being raised when they were accessed.
This also fixes some typo's which were introduced.
Finally this adds a temporary fix for a potential SQLAlchemy bug, this
is a bug where doing:
User.query.filter(LocalUser.username == "some_username").first()
does NOT yeild a user with the username "some_username" but all users
on the site. The temp fix is to just query the LocalUser, this should
be resolved when bug is confirmed and fixed upstream.
|
| |
|
|
|
|
|
| |
The code base had many references to User.username and other
specific to LocalUser attributes as that was the way it use to exist.
This updates those to query on the generic User model but filtering
by attributes on the LocalUser.
|
| | |
|
| |
|
|
| |
Added unit tests for lowercasify username on login.
|
| |
|
|
| |
(forgot to commit earlier)
|
| |
|
|
| |
I will be switch to use ``from __future__ import unicode_literals`` later.
|
| | |
|
| |\
| |
| |
| |
| |
| |
| | |
Conflicts:
mediagoblin/templates/mediagoblin/user_pages/user.html
mediagoblin/tests/test_auth.py
mediagoblin/tests/test_submission.py
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
User table columns (is_admin, status, email_verified) and making sure that
their functionality is instead completely handled by privileges. I also worked
on the meta pages which I hope to finish soon. I set up migrations to ensure
the default privileges are given to users that should have them. Lastly, I made
it so that banned users can log out.
===============================================================================
Made Sure the Vestigial Columns of the User Table were not being Used
===============================================================================
--\ mediagoblin/auth/views.py
--\ mediagoblin/db/models.py
--\ mediagoblin/templates/mediagoblin/base.html
--\ mediagoblin/templates/mediagoblin/moderation/user.html
--\ mediagoblin/templates/mediagoblin/user_pages/collection_lis$
--\ mediagoblin/templates/mediagoblin/user_pages/user.html
--\ mediagoblin/tests/test_auth.py
--\ mediagoblin/tests/test_persona.py
--\ mediagoblin/user_pages/views.py
===============================================================================
Wrote the Migrations to Set up the Default Privileges
===============================================================================
--\ mediagoblin/db/migrations.py
--\ mediagoblin/gmg_commands/users.py
===============================================================================
Work on the Meta Pages
===============================================================================
--\ mediagoblin/meta/routing.py
--\ mediagoblin/meta/views.py
--\ mediagoblin/static/css/base.css
--\ mediagoblin/templates/mediagoblin/meta/terms_of_service.html
===============================================================================
Small Changes
===============================================================================
--\ mediagoblin/templates/mediagoblin/base.html
--| Benevolently made it so that banned users can log out
===============================================================================
X X X X X X X X X X X X X X X X X X X X
===============================================================================
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
that most of my functions do indeed have effective docstrings. I also changed
the decorators so that they imply eachother in a logical way. I also modified
the one decorator get_media_comment_by_id to be more usable with the variable
urls of mediagoblin.user_pages.views:file_a_report. I also noticed a few tests
had broken, so I went through them and fixed them up, finding that mostly there
were problems in my actual writing of the tests. I also did a few other small
tasks such as creating a new User method to check whether or not a User is ban-
-ned.
===============================================================================
Added in documentation
===============================================================================
--\ mediagoblin/db/models.py
--\ mediagoblin/decorators.py
--\ mediagoblin/moderation/forms.py
--\ mediagoblin/moderation/tools.py
--\ mediagoblin/moderation/views.py
--\ mediagoblin/user_pages/lib.py
===============================================================================
Rearranged decorators to be more efficient
===============================================================================
--\ mediagoblin/decorators.py
--| Made it so that user_not_banned is encapsulated in require_active_login
--| Made it so that require_active_login is encapsulated in user_has_privilege
--| Changed get_media_comment_by_id into get_optional_media_comment_by_id. It
| now returns valid code if the MediaComment id is absent. This makes it pos-
| -sible to use this decorator for the function:
| mediagoblin.user_pages.views:file_a_report
--\ mediagoblin/user_pages/views.py
--| Replaced the mediagoblin.user_pages.views:file_a_comment_report with the
| decorator mentioned above
--\ mediagoblin/user_pages/routing.py
-----------------------------------------------------------
| took out unnecessary @user_not_banned decorators |
-----------------------------------------------------------
--\ mediagoblin/submit/views.py
--\ mediagoblin/user_pages/views.py
===============================================================================
Fixed broken tests
===============================================================================
--\ mediagoblin/tests/test_auth.py
--\ mediagoblin/tests/test_privileges.py
--\ mediagoblin/tests/test_submission.py
===============================================================================
Fixed broken code
===============================================================================
--\ mediagoblin/tools/response.py
===============================================================================
Other Tasks
===============================================================================
--\ mediagoblin/db/models.py
--| Added in User.is_banned() method
--\ mediagoblin/decorators.py
--| Utitilized User.is_banned() method in the user_not_banned decorator
--\ mediagoblin/moderation/views.py
--| Made it impossible for an admin to ban themself.
--| Got rid of a vestigial print statement
--\ mediagoblin/templates/mediagoblin/base.html
--| Made it so the top panel does not show up for users that are banned.
--\ mediagoblin/templates/mediagoblin/moderation/user.html
--| Rearranged the javascript slightly
===============================================================================
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
did a few things. I wrote many many many new tests, either in old test files or
in the three new test files I made. I also did some code-keeping work, deleting
trailing whitespace and deleting vestigial code. Lastly, I fixed the parts of
the code which I realized were broken thru the process of running tests.
===============================================================================
Deleted trailing whitespace:
===============================================================================
--\ mediagoblin/decorators.py
--\ mediagoblin/auth/tools.py
--\ mediagoblin/db/migrations.py
--\ mediagoblin/db/models.py
--\ mediagoblin/gmg_commands/users.py
--\ mediagoblin/moderation/forms.py
--\ mediagoblin/moderation/tools.py
--\ mediagoblin/moderation/views.py
--\ mediagoblin/templates/mediagoblin/moderation/media_panel.html
--\ mediagoblin/templates/mediagoblin/moderation/report.html
--\ mediagoblin/templates/mediagoblin/moderation/report_panel.html
--\ mediagoblin/templates/mediagoblin/moderation/user.html
--\ mediagoblin/templates/mediagoblin/moderation/user_panel.html
--\ mediagoblin/templates/mediagoblin/user_pages/report.html
--\ mediagoblin/templates/mediagoblin/utils/report.html
--\ mediagoblin/user_pages/lib.py
--\ mediagoblin/user_pages/views.py
===============================================================================
Deleted Vestigial Code
===============================================================================
--\ mediagoblin/db/util.py
--\ mediagoblin/tests/test_notifications.py
===============================================================================
Modified the Code:
===============================================================================
--\ mediagoblin/moderation/tools.py
--| Encapsulated the code around giving/taking away privileges into two
| funtions.
--\ mediagoblin/moderation/views.py
--| Imported and used the give/take away privilege functions
--| Replaced 'require_admin_or_moderator_login' with
|'user_has_privilege(u"admin")' for adding/taking away privileges, only
| admins are allowed to do this.
--\ mediagoblin/templates/mediagoblin/banned.html
--| Added relevant translation tags
--| Added ability to display indefinite banning
--\ mediagoblin/templates/mediagoblin/user_pages/media.html
--| Made sure the add comments button was only visible for users with the
| `commenter` privilege
--\ mediagoblin/tests/test_submission.py
--| Paroneayea fixed a DetachedInstanceError I was having with the our_user
| function
--\ mediagoblin/tests/tools.py
--| Added a fixture_add_comment_report function for testing.
--\ mediagoblin/tools/response.py
--| Fixed a minor error where a necessary return statement was missing
--| Fit the code within 80 columns
--\ mediagoblin/user_pages/views.py
--| Added a necessary decorator to ensure that only users with the 'commenter'
| privilege can post comments
===============================================================================
Wrote new tests for an old test file:
===============================================================================
--\ mediagoblin/tests/test_auth.py
--| Added a new test to make sure privilege granting on registration happens
| correctly
--\ mediagoblin/tests/test_modelmethods.py*
--| Added a test to ensure the User method has_privilege works properly
===============================================================================
Wrote entirely new files full of tests:
===============================================================================
--\ mediagoblin/tests/test_moderation.py
--\ mediagoblin/tests/test_privileges.py
--\ mediagoblin/tests/test_reporting.py
===============================================================================
===============================================================================
NOTE: Any files I've marked with a * in this commit report, were actually subm-
itted in my last commit. I made that committ to fix an error I was having, so
they weren't properly documented in that report.
===============================================================================
===============================================================================
|
| | |
| |
| |
| | |
make sure that all of the previous tests work fine.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
other problems. I started looking at the tests in this update. This update I
spent fixing the tests to work with my new code.
--\ mediagoblin/db/migration_tools.py
--| Merging from ticket 679
--\ mediagoblin/db/migrations.py
--| Added unique constraint to Privilege.privilege_name
--\ mediagoblin/db/models.py
--| Deleted vestigial Privilege.is_admin_or_moderator method
--\ mediagoblin/templates/mediagoblin/moderation/user.html
--| Add a `Ban User` / `UnBan User` for admin
--\ mediagoblin/test/test_api.py
--| Fixed test with my new changes
--\ mediagoblin/test/test_auth.py
--| Try to fix test, still having problems
--\ mediagoblin/test/test_modelmethods.py
--| Wrote my first test for the User.has_privilege method
--\ mediagoblin/test/test_modelmethods.py
--| Fixed test with my new changes
--\ mediagoblin/test/test_sqlmigrations.py
--| Merging from ticket 679
--\ mediagoblin/test/tools.py
--| Editted add_fixture_user to allow for privileges rather than active column
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- We've now broken out user.html and user_nonactive.html but the
tests didn't reflect it
- the location of one of the module imports broke, but I didn't
notice because of .pyc files ;)
This commit sponsored by Tiberiu C. Turbureanu (ceata.org).
Thank you!
|
| |/
|
|
| |
forgot pass
|
| |
|
|
| |
.one calls over to SQLAlchemy queries
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
basic_auth branch that openid is forked from
Commits squashed together (in reverse chronological order):
- do the label thing only for boolean fields
- made edit_account to autofocus on the first field
- added feature to render_divs where if field.label == '' then it
will render form.description the same a render_label
- added allow_registration check
- refactored create_user
- removed verification_key from create_user
- removed get_user from openid
- cleanup after removing openid from template_env.globals
- fix for werkzueg 0.9.1
- cleanup after merge
- more tests
- restored openid extra_validation just for safety
- tests for openid
- deleted openid extra_validation
- passed next parameter in session for openid
- fixed a bug that was deleting the messages
- implemented openid store using sqlalchemy
- ask openid provider for 'nickname' to prefill username in registration form
- refactored delete openid url to work with generic urls such as
google and to not allow a user to delete a url if it is there only
one and they don't have a pw
- refactored login to register user workflow, which fixed a problem
where the 'or register with a password link' wasn't showing up when
the finish_login view called the register view because there wasn't
any redirect.
- added the ability to remove openid's
- added the ability to add openids to an existing account
- refactored start_login and finish_login views
- modified edit_account.html to use render_divs
- modified gmg/edit/views to behave appropriatly if no password
authentication is enabled. moved the update email stuff to it's own
funtion to make edit_account view cleaner. edit_account now
modifies the form depending on the plugins.
- minor typos
- added retrieving email from openid provider
- moved allow_registration check to a decorator
- moved check if auth is enabled to a decorator
- changed openid user registration to go through login first
- cleanup after merge
- modified verification emails to use itsdangerous tokens
- added error handling on bad token, fixed route, and added tests
- added support for user to change email address
- added link to login view openid/password in login template
- updated openid get_user function
- modified get_user function to take kwargs instead of username
- no need for user might be email kwarg in check_login_simple
- added gen_password_hash and check_password functions to auth/__init__
- added focus to form input
- made imports fully qualified
- modified basic_auth.check_login to check that the user has a pw_hash first
- changed occurances of form.data['whatever'] to form.whatever.data
- convert tabs to spaces in register template, remove unsed
templates, and fixed trans tags in templates
- in process of openid login. it works, but needs major imporvements
- make password field required in basic_auth form
- check if password field present in basic_auth create_user
- modified openid create_user function
- modified models based on Elronds suggestions
- changed register form action to a variable to be passed in by the
view using the template
- openid plugin v0, still need to authenticate via openid.
- added a register_user function to be able to use in a plugin's
register view, and modified auth/views.register to redirect to
openid/register if appropriate.
- Modified basic_auth plugin to work with modified auth plugin
hooks. Added context variables. Removed basic_auth/tools which was
previously renamed to basic_auth/lib.
- modified auth/__init__ hooks to work better with multiple
plugins. Removed auth/lib.py. And added a basic_extra_verification
function that all plugins will use.
- added models and migrations for openid plugin
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
mediagoblin/app.py
mediagoblin/auth/forms.py
mediagoblin/auth/tools.py
mediagoblin/db/migrations.py
mediagoblin/db/models.py
mediagoblin/edit/views.py
mediagoblin/plugins/basic_auth/tools.py
mediagoblin/tests/test_edit.py
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| |/ |
|
| |
|
|
|
|
| |
Revert "Always activate testing in every test module ever."
This reverts commit 0536306048daa0970d2e43411ba2a9bf073e570e.
|
| |
|
|
| |
Kind of a dorky way to implement this, but...
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
By doing this, we can take advantage of py.test's ability to create
temporary directories that are then cleaned up later during testing.
This helps for sandboxing things.
This also involves a ton of changes:
- Changing the get_app stuff appropriately, getting rid of the
setup_fresh_app decorator
- Making said fixture
- Switching over a billion tests to use it
|
| |
|
|
|
|
|
|
| |
py3 does not have dict.has_key any more. You have to use
"key in dict" instead. As that works in python2 as well,
let's use that.
Also some small bits of pep8.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1) Remove mongo limitations (no 'or' when querying for either username
or email).
2) Lost password function revealed if an user name or email address
is registered, which can be considered a data leak.
Leaking user names is OK, they are public anyway, but don't reveal
lookup success in case the lookup happened by email address.
Simply respond: "If you have an account here, we have send you
your email"?
3) username and email search was case sensitive. Made username search
case insensitive (they are always stored lowercase in the db).
Keep email-address search case sensitive for now. This might need
further discussion
4) Remove a whole bunch of indention in the style of:
if no error:
...
if no error:
...
if no error:
actually do something in the regular case
by restructuring the function.
5) Outsource the sanity checking for username and email fields into the
validator function. This way, we get automatic case sanity checking
and sanitizing for all required fields.
6) Require 5-char password and fix tests
Originally, the Change password form required a password between 6-30
chars while the registration and login form did not require anything
special. This commit introduces a common minimum limit for all forms
which breaks the test suite which uses a 5 char password by
default. :-). As 5 chars seem sensible enough to enforce (people
should be picking much longer ones anyway), just reduce the limit to
5 chars, thereby making all tests pass.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
|
| |
|
|
|
|
|
| |
nosetests runs everything that even vaguely looks like a
test case... even our get_test_app. And as it is imported
everywhere... it is run everywhere as a test case. Renaming
it saves us about 10+ tests and a few seconds of time.
|
| |
|
|
| |
Save test runtime by not dumping the databases when not needed.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
webob's 404 status is "404 NOT FOUND" while werkzeug's is
"404 Not Found". Our test suite was checking the upper case string
for equality. Just test the status error code "404" rather than the
full string which might change at some points/versions and should
not need to be tested.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We were refering to model._id in most of the code base as this is
what Mongo uses. However, each use of _id required a) fixup of queries:
e.g. what we did in our find() and find_one() functions moving all
'_id' to 'id'. It also required using AliasFields to make the ._id
attribute available. This all means lots of superfluous fixing and
transitioning in a SQL world.
It will also not work in the long run. Much newer code already refers
to the objects by model.id (e.g. in the oauth plugin), which will break
with Mongo. So let's be honest, rip out the _id mongoism and live with
.id as the one canonical way to address objects.
This commit modifies all users and providers of model._id to use
model.id instead. This patch works with or without Mongo removed first,
but will break Mongo usage (even more than before)
I have not bothered to fixup db.mongo.* and db.sql.convert
(which converts from Mongo to SQL)
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
empty find() queries would not work anymore with the simplified .find
compatability code, so remove these and use proper sqlalchemy in the
tests.
The storage test failed because my virtualenv environment ran
mediagoblin/local/mediagoblin/tests/test_storage.py and somehow decided
the 2 classes are different objects. Just test against the full class name.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
|
| | |
|
| |
|
|
| |
This might not be needed, but it helped at one point.
|
| | |
|
| |
|
|
|
|
|
|
| |
After changing the password, the login page is now shown.
It contains a message. (we can't test for that easily
currently. There is a bug open on this problem.)
At least for the login page being shown now.
|
| |
|
|
|
|
| |
- Fixed broken test_auth test
- Fixed error handling on submission, it now raises the exception
if it is not explicitly relevant to file submission.
|
