Beispiel #1
0
def test_create_new_user(configure_model, pymongo_connection, freeze_time):
    login = pytest.faux.gen_alpha()
    password = pytest.faux.gen_alphanumeric()
    email = pytest.faux.gen_email()
    full_name = pytest.faux.gen_alphanumeric()
    role_id = pytest.faux.gen_uuid()

    new_user = user.UserModel.make_user(login, password, email, full_name,
                                        role_id)
    db_user = pymongo_connection.db.user.find_one({"_id": new_user._id})

    assert db_user
    assert new_user.login == db_user["login"]
    assert new_user.email == db_user["email"]
    assert new_user.password_hash == db_user["password_hash"]
    assert new_user.full_name == db_user["full_name"]
    assert new_user.role_id == db_user["role_id"]
    assert new_user.model_id == db_user["model_id"]
    assert new_user.initiator_id == db_user["initiator_id"]
    assert new_user.version == db_user["version"]
    assert new_user.initiator_id == db_user["initiator_id"]
    assert new_user.time_created == db_user["time_created"]
    assert new_user.time_deleted == db_user["time_deleted"]
    assert new_user._id != new_user.model_id
    assert not new_user.time_deleted

    for value in db_user.values():
        assert password != value
    for value in new_user.__dict__.values():
        assert password != value

    assert passwords.compare_passwords(password, new_user.password_hash)
Beispiel #2
0
    def authenticate(self, user_name, password):
        user_model = self.require_user_model(user_name)
        if not passwords.compare_passwords(password, user_model.password_hash):
            LOG.warning("Password mismatch for user with login %s", user_name)
            raise exceptions.Unauthorized

        token_model = token.TokenModel.create(user_model.model_id)

        return token_model
Beispiel #3
0
def authenticate(user_name, password):
    """Authenticate user by username/password pair. Return a token if OK."""

    user_model = user.UserModel.find_by_login(user_name)
    if not user_model:
        LOG.warning("Cannot find not deleted user with login %s", user_name)
        raise exceptions.Unauthorized

    if not passwords.compare_passwords(password, user_model.password_hash):
        LOG.warning("Password mismatch for user with login %s", user_name)
        raise exceptions.Unauthorized

    token_model = token.TokenModel.create(user_model.model_id)

    return token_model
Beispiel #4
0
def test_create_new_user(
    pymongo_connection, email, new_password_message, sudo_client_v1,
    freeze_time, valid_post_request
):
    response = sudo_client_v1.post("/v1/user/", data=valid_post_request)
    db_user = pymongo_connection.db.user.find(
        {"login": valid_post_request["login"]}
    )
    assert db_user.count() == 1

    db_user = db_user[0]

    assert response.status_code == 200

    data = response.json

    assert data["id"] == db_user["model_id"]
    assert data["model"] == "user"
    assert data["version"] == db_user["version"]
    assert data["version"] == 1
    assert data["time_updated"] == db_user["time_created"]
    assert data["time_updated"] == int(freeze_time.return_value)
    assert data["time_deleted"] == db_user["time_deleted"]
    assert data["time_deleted"] == 0
    assert data["initiator_id"] == db_user["initiator_id"]
    assert data["data"]["login"] == db_user["login"]
    assert data["data"]["login"] == valid_post_request["login"]
    assert data["data"]["email"] == db_user["email"]
    assert data["data"]["email"] == valid_post_request["email"]
    assert data["data"]["full_name"] == valid_post_request["full_name"]
    assert data["data"]["full_name"] == db_user["full_name"]
    assert data["data"]["role_id"] == valid_post_request["role_id"]
    assert data["data"]["role_id"] == db_user["role_id"]

    assert len(email.sendmail.mock_calls) == 1
    to, cc, password = email.sendmail.call_args[0][-1]

    assert to == [db_user["email"]]
    assert cc == []
    assert passwords.compare_passwords(password, db_user["password_hash"])
    assert password not in db_user.values()
Beispiel #5
0
def test_update_password(reset_token):
    new_password = pytest.faux.gen_alphanumeric()
    reset_token.consume(new_password)

    new_user = user.UserModel.find_by_model_id(reset_token.user_id)
    assert passwords.compare_passwords(new_password, new_user.password_hash)
Beispiel #6
0
def test_password_hashing(password):
    hashed = passwords.hash_password(password)

    assert passwords.compare_passwords(password, hashed)