Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: remove social columns. #2019

Merged
merged 5 commits into from
Feb 27, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 26 additions & 0 deletions alembic/versions/31c3c2ff9fab_drop_social_network_logins.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
"""drop social network logins

Revision ID: 31c3c2ff9fab
Revises: a791f9de9ac3
Create Date: 2021-02-27 10:17:17.122501

"""

# revision identifiers, used by Alembic.
revision = '31c3c2ff9fab'
down_revision = 'a791f9de9ac3'

from alembic import op
import sqlalchemy as sa


def upgrade():
op.drop_column('user', 'twitter_user_id')
op.drop_column('user', 'google_user_id')
op.drop_column('user', 'facebook_user_id')


def downgrade():
op.add_column('user', sa.Column('twitter_user_id', sa.BigInteger, unique=True))
op.add_column('user', sa.Column('google_user_id', sa.BigInteger, unique=True))
op.add_column('user', sa.Column('facebook_user_id', sa.BigInteger, unique=True))
8 changes: 2 additions & 6 deletions pybossa/cache/users.py
Original file line number Diff line number Diff line change
Expand Up @@ -46,11 +46,10 @@ def get_user_summary(name, current_user=None):
"""Return user summary."""
sql = text('''
SELECT "user".id, "user".name, "user".fullname, "user".created,
"user".api_key, "user".twitter_user_id, "user".facebook_user_id,
"user".google_user_id, "user".info, "user".admin,
"user".api_key, "user".info, "user".admin,
"user".locale,
"user".email_addr, COUNT(task_run.user_id) AS n_answers,
"user".valid_email, "user".confirmation_email_sent,
"user".valid_email, "user".confirmation_email_sent,
"user".restrict
FROM "user"
LEFT OUTER JOIN task_run ON "user".id=task_run.user_id
Expand All @@ -62,9 +61,6 @@ def get_user_summary(name, current_user=None):
for row in results:
user = dict(id=row.id, name=row.name, fullname=row.fullname,
created=row.created, api_key=row.api_key,
twitter_user_id=row.twitter_user_id,
google_user_id=row.google_user_id,
facebook_user_id=row.facebook_user_id,
info=row.info, admin=row.admin,
locale=row.locale,
email_addr=row.email_addr, n_answers=row.n_answers,
Expand Down
3 changes: 0 additions & 3 deletions pybossa/model/user.py
Original file line number Diff line number Diff line change
Expand Up @@ -55,9 +55,6 @@ class User(db.Model, DomainObject, UserMixin):
restrict = Column(Boolean, default=False, nullable=False)
category = Column(Integer)
flags = Column(Integer)
twitter_user_id = Column(BigInteger, unique=True)
facebook_user_id = Column(BigInteger, unique=True)
google_user_id = Column(String, unique=True)
ckan_api = Column(String, unique=True)
newsletter_prompted = Column(Boolean, default=False)
valid_email = Column(Boolean, default=False)
Expand Down
54 changes: 10 additions & 44 deletions pybossa/view/account.py
Original file line number Diff line number Diff line change
Expand Up @@ -157,20 +157,10 @@ def signin():

if request.method == 'POST' and not form.validate():
flash(gettext('Please correct the errors'), 'error')
auth = {'twitter': False, 'facebook': False, 'google': False}
if current_user.is_anonymous:
# If Twitter is enabled in config, show the Twitter Sign in button
if (isLdap is False):
if ('twitter' in current_app.blueprints): # pragma: no cover
auth['twitter'] = True
if ('facebook' in current_app.blueprints): # pragma: no cover
auth['facebook'] = True
if ('google' in current_app.blueprints): # pragma: no cover
auth['google'] = True
response = dict(template='account/signin.html',
title="Sign in",
form=form,
auth=auth,
next=request.args.get('next'))
return handle_content_type(response)
else:
Expand Down Expand Up @@ -580,8 +570,6 @@ def update_profile(name):
return abort(404)
ensure_authorized_to('update', user)
show_passwd_form = True
if user.twitter_user_id or user.google_user_id or user.facebook_user_id:
show_passwd_form = False
usr = cached_users.get_user_summary(name, current_user)
# Extend the values
user.rank = usr.get('rank')
Expand Down Expand Up @@ -804,38 +792,16 @@ def forgot_password():
if user and user.email_addr:
msg = dict(subject='Account Recovery',
recipients=[user.email_addr])
if user.twitter_user_id:
msg['body'] = render_template(
'/account/email/forgot_password_openid.md',
user=user, account_name='Twitter')
msg['html'] = render_template(
'/account/email/forgot_password_openid.html',
user=user, account_name='Twitter')
elif user.facebook_user_id:
msg['body'] = render_template(
'/account/email/forgot_password_openid.md',
user=user, account_name='Facebook')
msg['html'] = render_template(
'/account/email/forgot_password_openid.html',
user=user, account_name='Facebook')
elif user.google_user_id:
msg['body'] = render_template(
'/account/email/forgot_password_openid.md',
user=user, account_name='Google')
msg['html'] = render_template(
'/account/email/forgot_password_openid.html',
user=user, account_name='Google')
else:
userdict = {'user': user.name, 'password': user.passwd_hash}
key = signer.dumps(userdict, salt='password-reset')
recovery_url = url_for_app_type('.reset_password',
key=key, _external=True)
msg['body'] = render_template(
'/account/email/forgot_password.md',
user=user, recovery_url=recovery_url)
msg['html'] = render_template(
'/account/email/forgot_password.html',
user=user, recovery_url=recovery_url)
userdict = {'user': user.name, 'password': user.passwd_hash}
key = signer.dumps(userdict, salt='password-reset')
recovery_url = url_for_app_type('.reset_password',
key=key, _external=True)
msg['body'] = render_template(
'/account/email/forgot_password.md',
user=user, recovery_url=recovery_url)
msg['html'] = render_template(
'/account/email/forgot_password.html',
user=user, recovery_url=recovery_url)
mail_queue.enqueue(send_mail, msg)
flash(gettext("We've sent you an email with account "
"recovery instructions!"),
Expand Down
4 changes: 1 addition & 3 deletions test/test_cache/test_cache_users.py
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,6 @@ def test_get_user_summary_returns_fields(self):
"""Test CACHE USERS get_user_summary all the fields in the dict"""
UserFactory.create(name='user')
fields = ('id', 'name', 'fullname', 'created', 'api_key',
'twitter_user_id', 'google_user_id', 'facebook_user_id',
'info', 'admin', 'email_addr', 'n_answers', 'rank', 'score',
'total')
user = cached_users.get_user_summary('user')
Expand All @@ -84,8 +83,7 @@ def test_public_get_user_summary_returns_fields(self):
"""Test CACHE USERS public_get_user_summary all the fields in the dict"""
UserFactory.create(name='user')
public_fields = ('name', 'info', 'fullname', 'created', 'rank', 'score')
private_fields = ('id', 'api_key', 'twitter_user_id', 'google_user_id',
'facebook_user_id', 'admin', 'email_addr', 'total')
private_fields = ('id', 'api_key', 'admin', 'email_addr', 'total')
user = cached_users.public_get_user_summary('user')

for field in public_fields:
Expand Down
7 changes: 0 additions & 7 deletions test/test_privacy.py
Original file line number Diff line number Diff line change
Expand Up @@ -232,16 +232,9 @@ def test_07_user_public_profile_json(self):
assert 'confirmation_email_sent' not in data['user'], err_msg
err_msg = 'email_addr should not be public'
assert 'email_addr' not in data['user'], err_msg
err_msg = 'google_user_id should not be public'
assert 'google_user_id' not in data['user'], err_msg
err_msg = 'facebook_user_id should not be public'
assert 'facebook_user_id' not in data['user'], err_msg
err_msg = 'twitter_user_id should not be public'
assert 'twitter_user_id' not in data['user'], err_msg
err_msg = 'valid_email should not be public'
assert 'valid_email' not in data['user'], err_msg
# public projects data
print(data)
project = data['projects'][0]
err_msg = 'info should be public'
assert 'info' in project, err_msg
Expand Down
11 changes: 1 addition & 10 deletions test/test_view/test_blog.py
Original file line number Diff line number Diff line change
Expand Up @@ -84,9 +84,6 @@ def test_json_blogposts_get_all(self):
data = json.loads(res.data)
assert 'api_key' not in list(data['owner'].keys())
assert 'email_addr' not in list(data['owner'].keys())
assert 'google_user_id' not in list(data['owner'].keys())
assert 'facebook_user_id' not in list(data['owner'].keys())
assert 'twitter_user_id' not in list(data['owner'].keys())
assert len(data['blogposts']) == 2
for blogpost in data['blogposts']:
assert blogpost['title'] in ['titleone', 'titletwo']
Expand All @@ -98,24 +95,18 @@ def test_json_blogposts_get_all(self):
data = json.loads(res.data)
assert 'api_key' not in list(data['owner'].keys())
assert 'email_addr' not in list(data['owner'].keys())
assert 'google_user_id' not in list(data['owner'].keys())
assert 'facebook_user_id' not in list(data['owner'].keys())
assert 'twitter_user_id' not in list(data['owner'].keys())
assert len(data['blogposts']) == 2
for blogpost in data['blogposts']:
assert blogpost['title'] in ['titleone', 'titletwo']
self.signout()

# As owner
# As owner
self.signin(email=user.email_addr, password=self.password)
res = self.app_get_json(url, follow_redirects=True)
assert res.status_code == 200, res.status_code
data = json.loads(res.data)
assert 'api_key' in list(data['owner'].keys())
assert 'email_addr' in list(data['owner'].keys())
assert 'google_user_id' in list(data['owner'].keys())
assert 'facebook_user_id' in list(data['owner'].keys())
assert 'twitter_user_id' in list(data['owner'].keys())
assert len(data['blogposts']) == 3
for blogpost in data['blogposts']:
assert blogpost['title'] in ['titleone', 'titletwo', 'titlethree']
Expand Down
93 changes: 4 additions & 89 deletions test/test_web.py
Original file line number Diff line number Diff line change
Expand Up @@ -3444,19 +3444,6 @@ def test_delete_account_json(self, mock):
user = user_repo.filter_by(name='johndoe')[0]
mock.assert_called_with(delete_account, user.id)

@with_context
def test_42_password_link(self):
"""Test WEB visibility of password change link"""
self.register()
res = self.app.get('/account/johndoe/update')
assert "Change your Password" in str(res.data)
user = User.query.get(1)
user.twitter_user_id = 1234
db.session.add(user)
db.session.commit()
res = self.app.get('/account/johndoe/update')
assert "Change your Password" not in str(res.data), res.data

@with_context
def test_43_terms_of_use_and_data(self):
"""Test WEB terms of use is working"""
Expand Down Expand Up @@ -3635,12 +3622,7 @@ def test_45_password_reset_link_json(self, signer, queue, mock_url):
self.register(name='facebook')
user = User.query.get(1)
jane = User.query.get(2)
jane.twitter_user_id = 10
google = User.query.get(3)
google.google_user_id = 103
facebook = User.query.get(4)
facebook.facebook_user_id = 104
db.session.add_all([jane, google, facebook])
db.session.add_all([jane])
db.session.commit()

data = {'password': user.passwd_hash, 'user': user.name}
Expand Down Expand Up @@ -3672,48 +3654,6 @@ def test_45_password_reset_link_json(self, signer, queue, mock_url):

resdata = json.loads(res.data)

enqueue_call = queue.enqueue.call_args_list[1]
assert send_mail == enqueue_call[0][0], "send_mail not called"
assert 'your Twitter account to ' in enqueue_call[0][1]['body']
assert 'your Twitter account to ' in enqueue_call[0][1]['html']
err_msg = "There should be a flash message"
assert resdata.get('flash'), err_msg
assert "sent you an email" in resdata.get('flash'), err_msg

data = {'password': google.passwd_hash, 'user': google.name}
csrf = self.get_csrf('/account/forgot-password')
res = self.app.post('/account/forgot-password',
data=json.dumps({'email_addr': '[email protected]'}),
follow_redirects=False,
content_type="application/json",
headers={'X-CSRFToken': csrf})

resdata = json.loads(res.data)

enqueue_call = queue.enqueue.call_args_list[2]
assert send_mail == enqueue_call[0][0], "send_mail not called"
assert 'your Google account to ' in enqueue_call[0][1]['body']
assert 'your Google account to ' in enqueue_call[0][1]['html']
err_msg = "There should be a flash message"
assert resdata.get('flash'), err_msg
assert "sent you an email" in resdata.get('flash'), err_msg

data = {'password': facebook.passwd_hash, 'user': facebook.name}
csrf = self.get_csrf('/account/forgot-password')
res = self.app.post('/account/forgot-password',
data=json.dumps({'email_addr': '[email protected]'}),
follow_redirects=False,
content_type="application/json",
headers={'X-CSRFToken': csrf})

enqueue_call = queue.enqueue.call_args_list[3]
assert send_mail == enqueue_call[0][0], "send_mail not called"
assert 'your Facebook account to ' in enqueue_call[0][1]['body']
assert 'your Facebook account to ' in enqueue_call[0][1]['html']
err_msg = "There should be a flash message"
assert resdata.get('flash'), err_msg
assert "sent you an email" in resdata.get('flash'), err_msg

# Test with not valid form
csrf = self.get_csrf('/account/forgot-password')
res = self.app.post('/account/forgot-password',
Expand Down Expand Up @@ -3763,16 +3703,9 @@ def test_45_password_reset_link(self, signer, queue):

self.register()
self.register(name='janedoe')
self.register(name='google')
self.register(name='facebook')
user = User.query.get(1)
jane = User.query.get(2)
jane.twitter_user_id = 10
google = User.query.get(3)
google.google_user_id = 103
facebook = User.query.get(4)
facebook.facebook_user_id = 104
db.session.add_all([jane, google, facebook])
db.session.add_all([jane])
db.session.commit()

data = {'password': user.passwd_hash, 'user': user.name}
Expand All @@ -3791,26 +3724,8 @@ def test_45_password_reset_link(self, signer, queue):
follow_redirects=True)
enqueue_call = queue.enqueue.call_args_list[1]
assert send_mail == enqueue_call[0][0], "send_mail not called"
assert 'your Twitter account to ' in enqueue_call[0][1]['body']
assert 'your Twitter account to ' in enqueue_call[0][1]['html']

data = {'password': google.passwd_hash, 'user': google.name}
self.app.post('/account/forgot-password',
data={'email_addr': '[email protected]'},
follow_redirects=True)
enqueue_call = queue.enqueue.call_args_list[2]
assert send_mail == enqueue_call[0][0], "send_mail not called"
assert 'your Google account to ' in enqueue_call[0][1]['body']
assert 'your Google account to ' in enqueue_call[0][1]['html']

data = {'password': facebook.passwd_hash, 'user': facebook.name}
self.app.post('/account/forgot-password',
data={'email_addr': '[email protected]'},
follow_redirects=True)
enqueue_call = queue.enqueue.call_args_list[3]
assert send_mail == enqueue_call[0][0], "send_mail not called"
assert 'your Facebook account to ' in enqueue_call[0][1]['body']
assert 'your Facebook account to ' in enqueue_call[0][1]['html']
assert 'Click here to recover your account' in enqueue_call[0][1]['body']
assert 'To recover your password' in enqueue_call[0][1]['html']

# Test with not valid form
res = self.app.post('/account/forgot-password',
Expand Down