def test_login_on_confirm(self): user = self._create_user() email = EmailAddress.objects.create(user=user, email='*****@*****.**', verified=False, primary=True) key = EmailConfirmationHMAC(email).key receiver_mock = Mock() # we've logged if signal was called user_logged_in.connect(receiver_mock) # fake post-signup account_user stash session = self.client.session session['account_user'] = user_pk_to_url_str(user) session.save() resp = self.client.post(reverse('account_confirm_email', args=[key])) email = EmailAddress.objects.get(pk=email.pk) self.assertTrue(email.verified) receiver_mock.assert_called_once_with( sender=get_user_model(), request=resp.wsgi_request, response=resp, user=get_user_model().objects.get(username='******'), signal=user_logged_in, ) user_logged_in.disconnect(receiver_mock)
def test_login_inactive_account(self): """ Tests login behavior with inactive accounts. Inactive user accounts should be prevented from performing any actions, regardless of their verified state. """ # Inactive and verified user account user = get_user_model().objects.create(username='******', is_active=False) user.set_password('doe') user.save() EmailAddress.objects.create(user=user, email='*****@*****.**', primary=True, verified=True) resp = self.client.post(reverse('account_login'), { 'login': '******', 'password': '******' }) self.assertRedirects(resp, reverse('account_inactive')) # Inactive and unverified user account user = get_user_model().objects.create(username='******', is_active=False) user.set_password('john') user.save() EmailAddress.objects.create(user=user, email="*****@*****.**", primary=True, verified=False) resp = self.client.post(reverse('account_login'), { 'login': '******', 'password': '******' }) self.assertRedirects(resp, reverse('account_inactive'))
def test_ajax_password_reset(self): get_user_model().objects.create(username='******', email="*****@*****.**", is_active=True) resp = self.client.post(reverse('account_reset_password'), data={'email': '*****@*****.**'}, HTTP_X_REQUESTED_WITH='XMLHttpRequest') self.assertEqual(len(mail.outbox), 1) self.assertEqual(mail.outbox[0].to, ["*****@*****.**"]) self.assertEqual(resp['content-type'], 'application/json')
def setUp(self): user = get_user_model().objects.create(is_active=True, email='*****@*****.**', username='******') user.set_password(user.username) user.save() self.user = user
def populate_user(self,request,sociallogin,data): socialaccount = sociallogin.account username = data.get('username') first_name = data.get('first_name') last_name = data.get('last_name') email = data.get('email') name = data.get('name') user = sociallogin.account.user user_model = get_user_model() try: query = {"username" + '__iexact': username} user_model.objects.get(**query) user_username(user,generate_unique_username([first_name,last_name,email,'user'])) except Exception as e: if username == None: user_username(user,generate_unique_username([first_name,last_name,email,'user'])) else: user_username(user,username.replace(".","")) user_email(user, valid_email_or_none(email) or '') name_parts = (name or '').partition(' ') user_field(user, 'first_name', first_name or name_parts[0]) user_field(user, 'last_name', last_name or name_parts[2]) return user
def _get_user(self, uidb36): User = get_user_model() try: pk = url_str_to_user_pk(uidb36) return User.objects.get(pk=pk) except (ValueError, User.DoesNotExist): return None
def get_users_with_multiple_primary_email(self): user_pks = [] for email_address_dict in EmailAddress.objects.filter( primary=True).values('user').annotate( Count('user')).filter(user__count__gt=1): user_pks.append(email_address_dict['user']) return get_user_model().objects.filter(pk__in=user_pks)
def _get_user(self, uidb36): User = get_user_model() try: pk = url_str_to_user_pk(uidb36) return User.objects.get(pk=pk) except (ValueError, User.DoesNotExist): return None
def clean(self): super(SignupForm, self).clean() # `password` cannot be of type `SetPasswordField`, as we don't # have a `User` yet. So, let's populate a dummy user to be used # for password validaton. dummy_user = get_user_model() user_username(dummy_user, self.cleaned_data.get("username")) user_email(dummy_user, self.cleaned_data.get("email")) password = self.cleaned_data.get('password1') if password: try: get_adapter().clean_password( password, user=dummy_user) except forms.ValidationError as e: self.add_error('password1', e) if app_settings.SIGNUP_PASSWORD_ENTER_TWICE \ and "password1" in self.cleaned_data \ and "password2" in self.cleaned_data: if self.cleaned_data["password1"] \ != self.cleaned_data["password2"]: self.add_error( 'password2', _("You must type the same password each time.")) return self.cleaned_data
def clean(self) -> None: user = get_user_model() if self.cleaned_data.get("new_user", None): if self.cleaned_data.get("user", None): # The user selected both an existing user and provided a name to create a new one self.add_error( "new_user", _("You cannot set a new username when also selecting an existing user." ), ) elif user.objects.filter( username=self.cleaned_data["new_user"]).exists(): # The user tried to create a new user with the name of an existing user self.add_error("new_user", _("This username is already in use.")) else: # Create new User object and assign to form field for existing user new_user_obj = user.objects.create_user( self.cleaned_data["new_user"], self.instance.email, first_name=self.instance.first_name, last_name=self.instance.last_name, ) self.cleaned_data["user"] = new_user_obj
def _logout_view(self, method): c = Client() user = get_user_model().objects.create(username='******', is_active=True) user.set_password('doe') user.save() c = Client() c.login(username='******', password='******') return c, getattr(c, method)(reverse('account_logout'))
def _create_user(self, username='******', password='******'): user = get_user_model().objects.create(username=username, is_active=True) if password: user.set_password(password) else: user.set_unusable_password() user.save() return user
def test_email_verification_mandatory(self): c = Client() # Signup resp = c.post(reverse('account_signup'), { 'username': '******', 'email': '*****@*****.**', 'password1': 'johndoe', 'password2': 'johndoe' }, follow=True) self.assertEqual(resp.status_code, 200) self.assertEqual(mail.outbox[0].to, ['*****@*****.**']) self.assertGreater(mail.outbox[0].body.find('https://'), 0) self.assertEqual(len(mail.outbox), 1) self.assertTemplateUsed( resp, 'account/verification_sent.%s' % app_settings.TEMPLATE_EXTENSION) # Attempt to login, unverified for attempt in [1, 2]: resp = c.post(reverse('account_login'), { 'login': '******', 'password': '******' }, follow=True) # is_active is controlled by the admin to manually disable # users. I don't want this flag to flip automatically whenever # users verify their email adresses. self.assertTrue(get_user_model().objects.filter( username='******', is_active=True).exists()) self.assertTemplateUsed( resp, 'account/verification_sent.' + app_settings.TEMPLATE_EXTENSION) # Attempt 1: no mail is sent due to cool-down , # but there was already a mail in the outbox. self.assertEqual(len(mail.outbox), attempt) self.assertEqual( EmailConfirmation.objects.filter( email_address__email='*****@*****.**').count(), attempt) # Wait for cooldown EmailConfirmation.objects.update(sent=now() - timedelta(days=1)) # Verify, and re-attempt to login. confirmation = EmailConfirmation \ .objects \ .filter(email_address__user__username='******')[:1] \ .get() resp = c.get(reverse('account_confirm_email', args=[confirmation.key])) self.assertTemplateUsed( resp, 'account/email_confirm.%s' % app_settings.TEMPLATE_EXTENSION) c.post(reverse('account_confirm_email', args=[confirmation.key])) resp = c.post(reverse('account_login'), { 'login': '******', 'password': '******' }) self.assertRedirects(resp, settings.LOGIN_REDIRECT_URL, fetch_redirect_response=False)
def test_email_escaping(self): site = Site.objects.get_current() site.name = '<enc&"test>' site.save() u = get_user_model().objects.create(username='******', email="*****@*****.**") request = RequestFactory().get('/') EmailAddress.objects.add_email(request, u, u.email, confirm=True) self.assertTrue(mail.outbox[0].subject[1:].startswith(site.name))
def test_logout_view_on_post(self): c, resp = self._logout_view('get') self.assertTemplateUsed( resp, 'account/logout.%s' % app_settings.TEMPLATE_EXTENSION) receiver_mock = Mock() user_logged_out.connect(receiver_mock) resp = c.post(reverse('account_logout')) self.assertTemplateUsed(resp, 'account/messages/logged_out.txt') receiver_mock.assert_called_once_with( sender=get_user_model(), request=resp.wsgi_request, user=get_user_model().objects.get(username='******'), signal=user_logged_out, ) user_logged_out.disconnect(receiver_mock)
def test_user_display(self): user = get_user_model()(username='******') expected_name = 'john<br/>doe' templates = [ '{% load account %}{% user_display user %}', '{% load account %}{% user_display user as x %}{{ x }}' ] for template in templates: t = Template(template) content = t.render(Context({'user': user})) self.assertEqual(content, expected_name)
def _request_new_password(self): user = get_user_model().objects.create(username='******', email="*****@*****.**", is_active=True) user.set_password('doe') user.save() self.client.post(reverse('account_reset_password'), data={'email': '*****@*****.**'}) self.assertEqual(len(mail.outbox), 1) self.assertEqual(mail.outbox[0].to, ["*****@*****.**"]) return user
def test_ajax_login_success(self): user = get_user_model().objects.create(username='******', is_active=True) user.set_password('doe') user.save() resp = self.client.post(reverse('account_login'), { 'login': '******', 'password': '******' }, HTTP_X_REQUESTED_WITH='XMLHttpRequest') self.assertEqual(resp.status_code, 200) data = json.loads(resp.content.decode('utf8')) self.assertEqual(data['location'], '/accounts/profile/')
def test_login_unverified_account_mandatory(self): """Tests login behavior when email verification is mandatory.""" user = get_user_model().objects.create(username='******') user.set_password('doe') user.save() EmailAddress.objects.create(user=user, email="*****@*****.**", primary=True, verified=False) resp = self.client.post(reverse('account_login'), { 'login': '******', 'password': '******' }) self.assertRedirects(resp, reverse('account_email_verification_sent'))
def test_username_containing_at(self): user = get_user_model().objects.create(username='******') user.set_password('psst') user.save() EmailAddress.objects.create(user=user, email="*****@*****.**", primary=True, verified=True) resp = self.client.post(reverse('account_login'), { 'login': '******', 'password': '******' }) self.assertRedirects(resp, settings.LOGIN_REDIRECT_URL, fetch_redirect_response=False)
def _authenticate_by_username(self, **credentials): username_field = app_settings.USER_MODEL_USERNAME_FIELD username = credentials.get('username') password = credentials.get('password') User = get_user_model() if not username_field or username is None or password is None: return None try: # Username query is case insensitive user = filter_users_by_username(username).get() if self._check_password(user, password): return user except User.DoesNotExist: return None
def test_login_unverified_account_optional(self): """Tests login behavior when email verification is optional.""" user = get_user_model().objects.create(username='******') user.set_password('doe') user.save() EmailAddress.objects.create(user=user, email="*****@*****.**", primary=True, verified=False) resp = self.client.post(reverse('account_login'), { 'login': '******', 'password': '******' }) self.assertRedirects(resp, settings.LOGIN_REDIRECT_URL, fetch_redirect_response=False)
def setUp(self): User = get_user_model() self.user = User.objects.create(username='******', email="*****@*****.**") self.user.set_password('doe') self.user.save() self.email_address = EmailAddress.objects.create(user=self.user, email=self.user.email, verified=True, primary=True) self.email_address2 = EmailAddress.objects.create( user=self.user, email="*****@*****.**", verified=False, primary=False) self.client.login(username='******', password='******')
def USERNAME_VALIDATORS(self): from django.core.exceptions import ImproperlyConfigured from allauth.account.utils import import_attribute from allauth.account.utils import get_user_model path = self._setting('USERNAME_VALIDATORS', None) if path: ret = import_attribute(path) if not isinstance(ret, list): raise ImproperlyConfigured( 'ACCOUNT_USERNAME_VALIDATORS is expected to be a list') else: if self.USER_MODEL_USERNAME_FIELD is not None: ret = get_user_model()._meta.get_field( self.USER_MODEL_USERNAME_FIELD).validators else: ret = [] return ret
def test_signup_email_twice(self): request = RequestFactory().post( reverse('account_signup'), { 'username': '******', 'email': '*****@*****.**', 'email2': '*****@*****.**', 'password1': 'johndoe', 'password2': 'johndoe' }) from django.contrib.messages.middleware import MessageMiddleware from django.contrib.sessions.middleware import SessionMiddleware SessionMiddleware().process_request(request) MessageMiddleware().process_request(request) request.user = AnonymousUser() from .views import signup signup(request) user = get_user_model().objects.get(username='******') self.assertEqual(user.email, "*****@*****.**")
def clean(self): super(AccountRegisterForm, self).clean() dummy_user = get_user_model() password = self.cleaned_data.get("password1") if password: try: get_adapter().clean_password(password, user=dummy_user) except forms.ValidationError as e: self.add_error("password1", e) if (settings.SIGNUP_PASSWORD_ENTER_TWICE and "password1" in self.cleaned_data and "password2" in self.cleaned_data): if self.cleaned_data["password1"] != self.cleaned_data["password2"]: self.add_error( "password2", _("You must type the same password each time."), ) return self.cleaned_data
def clean(self): super(MySignupForm, self).clean() # `password` cannot be of type `SetPasswordField`, as we don't # have a `User` yet. So, let's populate a dummy user to be used # for password validaton. dummy_user = get_user_model() user_username(dummy_user, self.cleaned_data.get("username")) user_email(dummy_user, self.cleaned_data.get("email")) password = self.cleaned_data.get('password1') logger.debug("新しいパスワード確認:{}".format(password)) self.random_password = password if password: try: get_adapter().clean_password(password, user=dummy_user) except forms.ValidationError as e: self.add_error('email', e) # パスワードfieldが自動生成するので、エラーを出力しないはず return self.cleaned_data
def test_login_failed_attempts_exceeded(self): user = get_user_model().objects.create(username='******') user.set_password('doe') user.save() EmailAddress.objects.create(user=user, email="*****@*****.**", primary=True, verified=False) for i in range(5): is_valid_attempt = (i == 4) is_locked = (i >= 3) resp = self.client.post( reverse('account_login'), { 'login': '******', 'password': ('doe' if is_valid_attempt else 'wrong') }) self.assertFormError( resp, 'form', None, 'Too many failed login attempts. Try again later.' if is_locked else 'The username and/or password you specified are not correct.')
def _test_signup_email_verified_externally(self, signup_email, verified_email): username = '******' request = RequestFactory().post( reverse('account_signup'), { 'username': username, 'email': signup_email, 'password1': 'johndoe', 'password2': 'johndoe' }) # Fake stash_verified_email from django.contrib.messages.middleware import MessageMiddleware from django.contrib.sessions.middleware import SessionMiddleware SessionMiddleware().process_request(request) MessageMiddleware().process_request(request) request.user = AnonymousUser() request.session['account_verified_email'] = verified_email from .views import signup resp = signup(request) self.assertEqual(resp.status_code, 302) self.assertEqual(resp['location'], get_adapter().get_login_redirect_url(request)) self.assertEqual(len(mail.outbox), 0) return get_user_model().objects.get(username=username)
def test_username_lower_cased(self): user = get_user_model()() user_username(user, 'CamelCase') self.assertEqual(user_username(user), 'camelcase') # TODO: Actually test something filter_users_by_username('CamelCase', 'FooBar')
def test_username_case_preserved(self): user = get_user_model()() user_username(user, 'CamelCase') self.assertEqual(user_username(user), 'CamelCase') # TODO: Actually test something filter_users_by_username('camelcase', 'foobar')
def test_password_reset_flow(self): """ Tests the password reset flow: requesting a new password, receiving the reset link via email and finally resetting the password to a new value. """ # Request new password user = self._request_new_password() body = mail.outbox[0].body self.assertGreater(body.find('https://'), 0) # Extract URL for `password_reset_from_key` view and access it url = body[body.find('/password/reset/'):].split()[0] resp = self.client.get(url) # Follow the redirect the actual password reset page with the key # hidden. url = resp.url resp = self.client.get(url) self.assertTemplateUsed( resp, 'account/password_reset_from_key.%s' % app_settings.TEMPLATE_EXTENSION) self.assertFalse('token_fail' in resp.context_data) # Reset the password resp = self.client.post(url, { 'password1': 'newpass123', 'password2': 'newpass123' }) self.assertRedirects(resp, reverse('account_reset_password_from_key_done')) # Check the new password is in effect user = get_user_model().objects.get(pk=user.pk) self.assertTrue(user.check_password('newpass123')) # Trying to reset the password against the same URL (or any other # invalid/obsolete URL) returns a bad token response resp = self.client.post(url, { 'password1': 'newpass123', 'password2': 'newpass123' }) self.assertTemplateUsed( resp, 'account/password_reset_from_key.%s' % app_settings.TEMPLATE_EXTENSION) self.assertTrue(resp.context_data['token_fail']) # Same should happen when accessing the page directly response = self.client.get(url) self.assertTemplateUsed( response, 'account/password_reset_from_key.%s' % app_settings.TEMPLATE_EXTENSION) self.assertTrue(response.context_data['token_fail']) # When in XHR views, it should respond with a 400 bad request # code, and the response body should contain the JSON-encoded # error from the adapter response = self.client.post(url, { 'password1': 'newpass123', 'password2': 'newpass123' }, HTTP_X_REQUESTED_WITH='XMLHttpRequest') self.assertEqual(response.status_code, 400) data = json.loads(response.content.decode('utf8')) assert 'invalid' in data['form']['errors'][0]