Merge branch 'release/0.7.2'

README.rst

@@ -156,6 +156,19 @@ The latest application build can be built and run using Docker for testing purpo
 All Flask command-line tools are accessed by optional input argument to the container, e.g.
 ``flask shell -> docker run -it ...ahl/auth shell``, ``flask db -> docker run -it ...ahl/auth db``.
 
+Docker images built by Jenkins can be tried out locally by executing the following steps ::
+
+    docker run -itp 5000:5000 --rm --name xl_auth mblomdahl/xl_auth:next
+    # Above command does not detach, so, in another terminal:
+    docker exec -it xl_auth /usr/local/bin/flask create_user -e [email protected] -p 1234 --force \
+        --is-admin --is-active
+    # Now open localhost:5000 in the browser and login as [email protected]
+
+
+To import users, collections and permissions into the Docker container, run ::
+
+    docker exec -it xl_auth /usr/local/bin/flask import_data [email protected]
+
 
 Project Notes
 =============
@@ -182,6 +195,17 @@ DB Models
 Changelog
 =========
 
+v. 0.7.2
+--------
+
+* Added support for creating new users directly from register/edit permission views
+  (`#140 <https://github.com/libris/xl_auth/issues/140>`_)
+* UX enhancements (`#142 <https://github.com/libris/xl_auth/issues/142>`_,
+  `#133 <https://github.com/libris/xl_auth/issues/133>`_)
+* Link to Permissions' overview removed from navbar
+* Ignoring/discarding permissions on inactive collections
+
+
 v. 0.7.1
 --------
 

ansible/deployment.yml

@@ -1,6 +1,6 @@
 ---
 
-- name: provision stuff for alpha roll-out
+- name: provision stuff for beta roll-out
   hosts: all
   become: True
   roles:

ansible/roles/xl_auth/tasks/main.yml

@@ -1,5 +1,11 @@
 ---
 
+- name: read data for creating xl_auth secret
+  shell: "cat /etc/pki/tls/private/{{ inventory_hostname }}.key"
+  changed_when: no
+  register: ssh_key_contents
+  tags: xl_auth
+
 - name: start postgres
   docker_container:
     name: postgres
@@ -31,12 +37,13 @@
       - 5000:5000
     env:
       SERVER_NAME: "{{ inventory_hostname }}"
+      XL_AUTH_SECRET: "{{ ssh_key_contents.stdout | hash('md5') }}"
       PREFERRED_URL_SCHEME: https
       FLASK_DEBUG: 0
       SQLALCHEMY_DATABASE_URI: postgresql://xl_auth:xl_auth@postgres/prod
       OAUTH2_PROVIDER_TOKEN_EXPIRES_IN: 3600
-  tags: xl_auth
   register: start_xl_auth
+  tags: xl_auth
 
 - name: run 'flask db upgrade'
   docker_container:

package.json

@@ -1,6 +1,6 @@
 {
   "name": "xl_auth",
-  "version": "0.7.1",
+  "version": "0.7.2",
   "author": "National Library of Sweden",
   "license": "Apache-2.0",
   "description": "Authorization and OAuth2 provider for LibrisXL",

tests/end2end/test_permission_deleting.py

@@ -22,8 +22,9 @@ def test_superuser_can_delete_existing_permission(superuser, permission, testapp
     form['password'] = 'myPrecious'
     # Submits
     res = form.submit().follow()
-    # Clicks Permissions button
-    res = res.click(_('Permissions'))
+    assert res.status_code == 200
+    # Goes to Permissions' overview
+    res = testapp.get(url_for('permission.home'))
     # Clicks Delete button on a permission
     permission_user_email = permission.user.email
     permission_collection_code = permission.collection.code

tests/end2end/test_permission_editing.py

@@ -8,8 +8,9 @@
 from jinja2 import escape
 
 from xl_auth.permission.models import Permission
+from xl_auth.user.models import User
 
-from ..factories import CollectionFactory, PermissionFactory, UserFactory
+from ..factories import CollectionFactory, PermissionFactory
 
 
 def test_superuser_can_edit_existing_permission(superuser, permission, testapp):
@@ -24,8 +25,9 @@ def test_superuser_can_edit_existing_permission(superuser, permission, testapp):
     form['password'] = 'myPrecious'
     # Submits
     res = form.submit().follow()
-    # Clicks Permissions button
-    res = res.click(_('Permissions'))
+    assert res.status_code == 200
+    # Goes to Permissions' overview
+    res = testapp.get(url_for('permission.home'))
     # Clicks Edit button on a permission
     res = res.click(href=url_for('permission.edit', permission_id=permission.id))
     # Fills out the form
@@ -92,7 +94,6 @@ def test_cataloging_admin_can_edit_permission_from_user_view(user, permission, s
     PermissionFactory(user=user, collection=permission.collection,
                       cataloging_admin=True).save_as(superuser)
     initial_permission_user_id = permission.user.id
-    other_user = UserFactory().save_as(superuser)
     old_permission_count = len(Permission.query.all())
     # Goes to homepage
     res = testapp.get('/')
@@ -108,7 +109,21 @@ def test_cataloging_admin_can_edit_permission_from_user_view(user, permission, s
     res = res.click(href=url_for('user.view', user_id=permission.user_id))
     # Clicks Edit on a permission on the user view
     res = res.click(href=url_for('permission.edit', permission_id=permission.id))
-    # Fills out the form, by changing to another user
+    # Finds that the intended user doesn't exist
+    res = res.click(_('New User'))
+    # Fills out the user registration form
+    register_user_form = res.forms['registerUserForm']
+    register_user_form['username'] = '[email protected]'
+    register_user_form['full_name'] = 'Other User'
+    register_user_form['send_password_reset_email'].checked = False
+    res = register_user_form.submit()
+    assert res.status_code == 302
+    assert url_for('permission.edit', permission_id=permission.id) in res.location
+    other_user = User.get_by_email('[email protected]')
+    # Fills out the form to grant 'other_user' permissions on 'collection'
+    res = res.follow()
+    assert res.status_code == 200
+    # Fills out the form, by changing to 'other_user''
     form = res.forms['editPermissionForm']
     # Defaults are kept, setting ``form['collection_id'] = permission.collection.id`` is redundant
     form['user_id'] = other_user.id
@@ -138,8 +153,9 @@ def test_superuser_sees_error_if_permission_is_already_registered(superuser, per
     form['password'] = 'myPrecious'
     # Submits
     res = form.submit().follow()
-    # Clicks Permissions button
-    res = res.click(_('Permissions'))
+    assert res.status_code == 200
+    # Goes to Permissions' overview
+    res = testapp.get(url_for('permission.home'))
     # Clicks Edit button on 'permission'
     res = res.click(href=url_for('permission.edit', permission_id=permission.id))
     # Fills out the form with same user ID and collection ID as 'other_permission'

tests/end2end/test_permission_registering.py

@@ -8,8 +8,9 @@
 from jinja2 import escape
 
 from xl_auth.permission.models import Permission
+from xl_auth.user.models import User
 
-from ..factories import PermissionFactory, UserFactory
+from ..factories import PermissionFactory
 
 
 def test_superuser_can_register_new_permission(superuser, collection, testapp):
@@ -23,8 +24,9 @@ def test_superuser_can_register_new_permission(superuser, collection, testapp):
     form['password'] = 'myPrecious'
     # Submits
     res = form.submit().follow()
-    # Clicks Permissions button
-    res = res.click(_('Permissions'))
+    assert res.status_code == 200
+    # Goes to Permissions' overview
+    res = testapp.get(url_for('permission.home'))
     # Clicks Register New Permission button
     res = res.click(_('New Permission'))
     # Fills out the form
@@ -49,28 +51,40 @@ def test_cataloging_admin_can_register_permission_from_collection_view(user, col
                                                                        testapp):
     """Register new permission from collection view as cataloging admin."""
     PermissionFactory(user=user, collection=collection, cataloging_admin=True).save_as(superuser)
-    other_user = UserFactory().save_as(superuser)
     old_permission_count = len(Permission.query.all())
     # Goes to homepage
     res = testapp.get('/')
     # Fills out login form
-    form = res.forms['loginForm']
-    form['username'] = user.email
-    form['password'] = 'myPrecious'
+    login_form = res.forms['loginForm']
+    login_form['username'] = user.email
+    login_form['password'] = 'myPrecious'
     # Submits
-    res = form.submit().follow()
+    res = login_form.submit().follow()
     # Clicks to View Collection from profile
     res = res.click(href=url_for('collection.view', collection_code=collection.code))
     # Clicks Register New Permission
     res = res.click(_('New Permission'))
+    # Finds that the intended user doesn't exist
+    res = res.click(_('New User'))
+    # Fills out the user registration form
+    register_user_form = res.forms['registerUserForm']
+    register_user_form['username'] = '[email protected]'
+    register_user_form['full_name'] = 'Registrant'
+    register_user_form['send_password_reset_email'].checked = False
+    res = register_user_form.submit()
+    assert res.status_code == 302
+    assert url_for('permission.register', collection_id=collection.id) in res.location
+    other_user = User.get_by_email('[email protected]')
     # Fills out the form to grant 'other_user' permissions on 'collection'
-    form = res.forms['registerPermissionForm']
-    form['user_id'] = other_user.id
-    # Defaults are kept, setting ``form['collection_id'] = collection.id`` is redundant
-    form['registrant'].checked = True
-    form['cataloger'].checked = True
+    res = res.follow()
+    assert res.status_code == 200
+    register_permission_form = res.forms['registerPermissionForm']
+    register_permission_form['user_id'] = other_user.id
+    # Defaults are kept, ``register_permission_form['collection_id'] = collection.id`` is redundant
+    register_permission_form['registrant'].checked = True
+    register_permission_form['cataloger'].checked = True
     # Submits
-    res = form.submit()
+    res = register_permission_form.submit()
     assert res.status_code == 302
     assert url_for('collection.view', collection_code=collection.code) in res.location
     res = res.follow()
@@ -139,8 +153,9 @@ def test_superuser_sees_error_if_permission_is_already_registered(superuser, per
     form['password'] = 'myPrecious'
     # Submits
     res = form.submit().follow()
-    # Clicks Permissions button
-    res = res.click(_('Permissions'))
+    assert res.status_code == 200
+    # Goes to Permissions' overview
+    res = testapp.get(url_for('permission.home'))
     # Clicks Register New Permission button
     res = res.click(_('New Permission'))
     # Fills out the form with same user ID and collection ID as (existing) 'permission'

tests/end2end/test_user_editing.py

@@ -33,17 +33,21 @@ def test_superuser_can_administer_existing_user(superuser, user, testapp):
     form['full_name'] = 'A new name'
     form['is_active'].checked = not user.is_active
     # Submits.
-    res = form.submit().follow()
-    assert res.status_code == 200
+    res = form.submit()
+    # Redirected back to users' overview.
+    assert res.status_code == 302
+    assert res.location.endswith(url_for('user.home'))
     # The user was edited.
     edited_user = User.get_by_email(user.email)
     assert edited_user.full_name == form['full_name'].value
     assert edited_user.is_active == form['is_active'].checked
     assert edited_user.is_admin == form['is_admin'].checked
-    # 'modified_by' is updated to reflect change, with 'created_by' intact
+    # 'modified_by' is updated to reflect change, with 'created_by' intact.
     assert edited_user.created_by == user_creator
     assert edited_user.modified_by == superuser
-
+    # Redirect succeeds.
+    res = res.follow()
+    assert res.status_code == 200
     # The edited user is listed under existing users.
     assert len(res.lxml.xpath("//td[contains(., '{0}')]".format(form['username'].value))) == 1
     assert len(res.lxml.xpath("//td[contains(., '{0}')]".format(form['full_name'].value))) == 1
@@ -79,16 +83,21 @@ def test_superuser_can_change_password_for_existing_user(superuser, user, testap
     form['password'] = 'newSecrets13'
     form['confirm'] = 'newSecrets13'
     # Submits.
-    res = form.submit().follow()
-    assert res.status_code == 200
+    res = form.submit()
+    # Redirected back to users' overview.
+    assert res.status_code == 302
+    assert res.location.endswith(url_for('user.home'))
     # The user was edited.
     edited_user = User.query.filter(User.email == user.email).first()
     # Verify the new password is considered valid, not the old one.
     assert edited_user.check_password('myPrecious') is False
     assert edited_user.check_password('newSecrets13') is True
-    # 'modified_by' is updated to reflect change, with 'created_by' intact
+    # 'modified_by' is updated to reflect change, with 'created_by' intact.
     assert edited_user.created_by == user_creator
     assert edited_user.modified_by == superuser
+    # Redirect succeeds.
+    res = res.follow()
+    assert res.status_code == 200
 
 
 def test_superuser_sees_error_message_if_username_is_changed_from_administer(superuser, testapp):
@@ -220,25 +229,27 @@ def test_user_can_edit_own_details(user, testapp):
     form['username'] = user.email
     form['password'] = 'myPrecious'
     # Submits.
-    res = form.submit().follow()
-
+    res = form.submit()
+    assert res.status_code == 302
+    assert res.location.endswith(url_for('user.profile'))
     old_name = user.full_name
-
-    # Make sure we're on the profile page
-    assert len(res.lxml.xpath("//h1[contains(., '{0} {1}')]".format(_('Welcome'), old_name))) == 1
-
+    res = res.follow()
     # Click on 'Edit' button
     res = res.click(_('Edit'))
-
     # Change name
     form = res.forms['editDetailsForm']
     form['full_name'] = 'New Name'
-    res = form.submit().follow()
+    res = form.submit()
+    # Redirected back to profile page.
+    assert res.status_code == 302
+    assert res.location.endswith(url_for('user.profile'))
     # 'modified_by' is updated to reflect change, with 'created_by' intact.
     edited_user = User.get_by_email(user.email)
     assert edited_user.created_by == user_creator
     assert edited_user.modified_by == user
-
+    # Redirect succeeds.
+    res = res.follow()
+    assert res.status_code == 200
     # Make sure name has been updated
-    assert len(res.lxml.xpath("//h1[contains(., '{0} {1}')]".format(_('Welcome'), old_name))) == 0
-    assert len(res.lxml.xpath("//h1[contains(., '{0} New Name')]".format(_('Welcome')))) == 1
+    assert len(res.lxml.xpath("//h1[contains(., '{0}')]".format(old_name))) == 0
+    assert len(res.lxml.xpath("//h1[contains(., 'New Name')]")) == 1