Beispiel #1
0
 def test_login_unregistered_user(self):
     user = UnregUserFactory()
     user.set_password('killerqueen')
     user.save()
     with assert_raises(auth.LoginNotAllowedError):
         # password is correct, but user is unregistered
         auth.login(user.username, 'killerqueen')
Beispiel #2
0
 def test_login_unregistered_user(self):
     user = UnregUserFactory()
     user.set_password('killerqueen')
     user.save()
     with assert_raises(auth.LoginNotAllowedError):
         # password is correct, but user is unregistered
         auth.login(user.username, 'killerqueen')
Beispiel #3
0
    def test_login_disabled_user(self):
        """Logging in to a disabled account fails"""
        user = UserFactory()
        user.set_password('Leeloo')
        user.is_disabled = True
        user.save()

        with assert_raises(auth.LoginDisabledError):
            auth.login(user.username, 'Leeloo')
Beispiel #4
0
    def test_login_disabled_user(self):
        """Logging in to a disabled account fails"""
        user = UserFactory()
        user.set_password('Leeloo')
        user.is_disabled = True
        user.save()

        with assert_raises(auth.LoginDisabledError):
            auth.login(user.username, 'Leeloo')
Beispiel #5
0
 def post(self, request, *args, **kwargs):
     error = ''
     data = request.POST
     employee_id = data.get('employee_id')
     password = data.get('password')
     user = auth.authenticate(employee_id=employee_id, password=password)
     if user:
         auth.login(request, user)
         return HttpResponseRedirect(reverse('framework:index'))
     else:
         employee_id = employee_id
         password = ''
         error = True
         return render(request, 'framework/login.html', {
             'employee_id': employee_id,
             'error': error
         })
Beispiel #6
0
 def test_login_success_authenticates_user(self):
     user = UserFactory.build(date_last_login=datetime.datetime.utcnow())
     user.set_password('killerqueen')
     user.save()
     # need request context because login returns a rsponse
     res = auth.login(user.username, 'killerqueen')
     assert_true(isinstance(res, BaseResponse))
     assert_equal(res.status_code, 302)
Beispiel #7
0
 def test_login_success_authenticates_user(self):
     user = UserFactory.build(date_last_login=datetime.datetime.utcnow())
     user.set_password('killerqueen')
     user.save()
     # need request context because login returns a rsponse
     res = auth.login(user.username, 'killerqueen')
     assert_true(isinstance(res, BaseResponse))
     assert_equal(res.status_code, 302)
Beispiel #8
0
def auth_login(auth, registration_form=None, forgot_password_form=None, **kwargs):
    """If GET request, show login page. If POST, attempt to log user in if
    login form passsed; else send forgot password email.

    """
    if auth.logged_in:
        if not request.args.get('logout'):
            return redirect('/dashboard/')
        logout()
    direct_call = registration_form or forgot_password_form
    if request.method == 'POST' and not direct_call:
        form = SignInForm(request.form)
        if form.validate():
            twofactor_code = None
            if 'twofactor' in website.settings.ADDONS_REQUESTED:
                twofactor_code = form.two_factor.data
            try:
                response = login(
                    form.username.data,
                    form.password.data,
                    twofactor_code
                )
                return response
            except exceptions.LoginDisabledError:
                status.push_status_message(language.DISABLED, 'error')
            except exceptions.LoginNotAllowedError:
                status.push_status_message(language.UNCONFIRMED, 'warning')
                # Don't go anywhere
                return {'next_url': ''}
            except exceptions.PasswordIncorrectError:
                status.push_status_message(language.LOGIN_FAILED)
            except exceptions.TwoFactorValidationError:
                status.push_status_message(language.TWO_FACTOR_FAILED)
        forms.push_errors_to_status(form.errors)

    if kwargs.get('first', False):
        status.push_status_message('You may now log in')

    # Get next URL from GET / POST data
    next_url = request.args.get(
        'next',
        request.form.get(
            'next_url',
            ''
        )
    )
    status_message = request.args.get('status', '')
    if status_message == 'expired':
        status.push_status_message('The private link you used is expired.')

    code = http.OK
    if next_url:
        status.push_status_message(language.MUST_LOGIN)
        # Don't raise error if user is being logged out
        if not request.args.get('logout'):
            code = http.UNAUTHORIZED
    return {'next_url': next_url}, code
Beispiel #9
0
def auth_login(auth,
               registration_form=None,
               forgot_password_form=None,
               **kwargs):
    """If GET request, show login page. If POST, attempt to log user in if
    login form passsed; else send forgot password email.

    """
    if auth.logged_in:
        if not request.args.get('logout'):
            return redirect('/dashboard/')
        logout()
    direct_call = registration_form or forgot_password_form
    if request.method == 'POST' and not direct_call:
        form = SignInForm(request.form)
        if form.validate():
            twofactor_code = None
            if 'twofactor' in website.settings.ADDONS_REQUESTED:
                twofactor_code = form.two_factor.data
            try:
                response = login(form.username.data, form.password.data,
                                 twofactor_code)
                return response
            except exceptions.LoginDisabledError:
                status.push_status_message(language.DISABLED, 'error')
            except exceptions.LoginNotAllowedError:
                status.push_status_message(language.UNCONFIRMED, 'warning')
                # Don't go anywhere
                return {'next_url': ''}
            except exceptions.PasswordIncorrectError:
                status.push_status_message(language.LOGIN_FAILED)
            except exceptions.TwoFactorValidationError:
                status.push_status_message(language.TWO_FACTOR_FAILED)
        forms.push_errors_to_status(form.errors)

    if kwargs.get('first', False):
        status.push_status_message('You may now log in')

    # Get next URL from GET / POST data
    next_url = request.args.get('next', request.form.get('next_url', ''))
    status_message = request.args.get('status', '')
    if status_message == 'expired':
        status.push_status_message('The private link you used is expired.')

    code = http.OK
    if next_url:
        status.push_status_message(language.MUST_LOGIN)
        # Don't raise error if user is being logged out
        if not request.args.get('logout'):
            code = http.UNAUTHORIZED
    return {'next_url': next_url}, code
Beispiel #10
0
 def test_login_with_incorrect_password_returns_false(self):
     user = UserFactory.build()
     user.set_password('rhapsody')
     user.save()
     with assert_raises(auth.PasswordIncorrectError):
         auth.login(user.username, 'wrongpassword')
Beispiel #11
0
 def test_login_with_incorrect_password_returns_false(self):
     user = UserFactory.build()
     user.set_password('rhapsody')
     user.save()
     with assert_raises(auth.PasswordIncorrectError):
         auth.login(user.username, 'wrongpassword')
Beispiel #12
0
 def test_login_valid_code_invalid_password(self):
     with assert_raises(PasswordIncorrectError):
         login(username=self.user.username,
               password='******',
               two_factor=_valid_code(self.user_settings.totp_secret))
Beispiel #13
0
 def test_login_invalid_code(self):
     with assert_raises(TwoFactorValidationError):
         login(username=self.user.username,
               password='******',
               two_factor='000000')
Beispiel #14
0
 def test_login_valid(self):
     res = login(username=self.user.username,
                 password='******',
                 two_factor=_valid_code(self.user_settings.totp_secret))
     assert_true(isinstance(res, BaseResponse))
     assert_equal(res.status_code, 302)