Beispiel #1
0
 def test_add_user(self):
     backend = MongoDBRegistrationBackend(self.settings, self.config)
     # Test good, available username, writing it to DB
     struct = {"username":"******", "password":"******", "email":"*****@*****.**"}
     backend.add_user(struct)
     user_doc = self.db.users.find_one({"username":struct["username"]})
     self.assertEquals(user_doc["username"], struct["username"])
     self.assertEquals(user_doc["email"], struct["email"])
     self.assertNotEquals(user_doc["password"], struct["password"])
     # Test that we cannot add the same username again
     self.assertRaises(colander.Invalid, backend.add_user, struct)
Beispiel #2
0
 def test_activate(self, connection_mock):
     conn = connection_mock.instance()
     connection_mock.return_value = conn
     db = conn[self.settings["mongodb.db_name"]]
     backend = MongoDBRegistrationBackend(self.settings, self.config)
     utcnow = datetime.datetime.utcnow()
     with patch('datetime.datetime'):
         datetime.datetime.utcnow.return_value = utcnow
         backend.activate("token")
         db.users.update.assert_called_once_with({"access_tokens.token":"token"},
                 {"$set":{"access_tokens.$.activated_timestamp":utcnow}}, safe=True)
Beispiel #3
0
 def test_activate(self, connection_mock):
     conn = connection_mock.instance()
     connection_mock.return_value = conn
     db = conn[self.settings["mongodb.db_name"]]
     backend = MongoDBRegistrationBackend(self.settings, self.config)
     utcnow = datetime.datetime.utcnow()
     with patch('datetime.datetime'):
         datetime.datetime.utcnow.return_value = utcnow
         backend.activate("token")
         db.users.update.assert_called_once_with(
             {"access_tokens.token": "token"},
             {"$set": {
                 "access_tokens.$.activated_timestamp": utcnow
             }},
             safe=True)
Beispiel #4
0
 def test_add_user(self):
     backend = MongoDBRegistrationBackend(self.settings, self.config)
     # Test good, available username, writing it to DB
     struct = {
         "username": "******",
         "password": "******",
         "email": "*****@*****.**"
     }
     backend.add_user(struct)
     user_doc = self.db.users.find_one({"username": struct["username"]})
     self.assertEquals(user_doc["username"], struct["username"])
     self.assertEquals(user_doc["email"], struct["email"])
     self.assertNotEquals(user_doc["password"], struct["password"])
     # Test that we cannot add the same username again
     self.assertRaises(colander.Invalid, backend.add_user, struct)
Beispiel #5
0
    def test_init(self, connection_mock):
        conn = connection_mock.instance()
        connection_mock.return_value = conn
        backend = MongoDBRegistrationBackend(self.settings, self.config)

        self.assertEquals(self.config.registry.settings["mongodb_conn"], conn)
        self.assertEquals(backend.db, conn[self.settings["mongodb.db_name"]])
Beispiel #6
0
    def test_issue_access_token(self, connection_mock):
        conn = connection_mock.instance()
        connection_mock.return_value = conn
        db = conn[self.settings["mongodb.db_name"]]
        backend = MongoDBRegistrationBackend(self.settings, self.config)

        uid = ObjectId()
        token = "token"
        with patch('pyramid_registration.mongodb._generate_access_token'):
            mongodb._generate_access_token.return_value = token
            def side_effect(*args):
                def second_call(*args):
                    return {"_id":uid}
                mongodb._generate_access_token.side_effect = second_call
                return None
            db.users.find_one.side_effect = side_effect
            backend.issue_access_token(uid)
            db.users.find_one.assert_called_with({"access_tokens.token":token})
Beispiel #7
0
    def test_simple_login(self, connection_mock):
        conn = connection_mock.instance()
        connection_mock.return_value = conn
        db = conn[self.settings["mongodb.db_name"]]
        backend = MongoDBRegistrationBackend(self.settings, self.config)

        password = "******"
        stored_user = {"username":"******",
                "password":_hash_pw("testpassword"),
                "email":"*****@*****.**"}

        # Test situation where user exists and we do password hash comparison
        db.users.find_one.return_value = stored_user
        self.assertTrue(backend.simple_login(stored_user["username"], password))

        # Test situation where user does not exist
        db.users.find_one.return_value = False
        self.assertFalse(backend.simple_login(stored_user["username"], password))
Beispiel #8
0
    def test_activation(self):
        backend = MongoDBRegistrationBackend(self.settings, self.config)
        struct = {
            "username": "******",
            "password": "******",
            "email": "*****@*****.**"
        }
        backend.add_user(struct)
        user_doc = self.db.users.find_one({"username": struct["username"]})
        self.assertEquals(user_doc["username"], struct["username"])
        self.assertEquals(user_doc["email"], struct["email"])
        self.assertNotEquals(user_doc["password"], struct["password"])

        # User has been added - verify it has no activated tokens
        for token in user_doc.get("access_tokens", []):
            self.assertFalse(token.get("activated_timestamp"))

        # Issue a token for this user
        access_token = backend.issue_access_token(user_doc["_id"])

        # Verify user has this access token in their user document
        user_doc = self.db.users.find_one({"username": struct["username"]})
        doc_token = False
        for token in user_doc.get("access_tokens", []):
            if token.get("token") == access_token:
                doc_token = token
                break

        self.assertEquals(doc_token["token"], access_token)
        # Verify this token is not activated
        self.assertFalse(doc_token.get("activated_timestamp"))
        # Ensure verify_access_token on this token returns False

        self.assertFalse(backend.verify_access_token(access_token))
        # Now activate the token, and assert that the token is marked as
        # activated in the database.
        backend.activate(access_token)

        user_doc = self.db.users.find_one({"username": struct["username"]})
        doc_token = False
        for token in user_doc.get("access_tokens", []):
            if token.get("token") == access_token:
                self.assertTrue(token.get("activated_timestamp"))
                break

        # Ensure verify_access_token on this token returns the user_id
        userid = backend.verify_access_token(access_token)
        self.assertEquals(userid, str(user_doc["_id"]))
Beispiel #9
0
    def test_verify_access_token(self, connection_mock):
        conn = connection_mock.instance()
        connection_mock.return_value = conn
        db = conn[self.settings["mongodb.db_name"]]
        backend = MongoDBRegistrationBackend(self.settings, self.config)

        # Test that a non-existant token will not verify
        db.users.find_one.return_value = None
        self.assertFalse(backend.verify_access_token("token"))

        # Test that a matching token will return a stringified ID
        with patch("pyramid_registration.mongodb._purge_old_tokens"):

            oid = ObjectId()
            db.users.find_one.return_value = {"_id":oid}
            self.assertEquals(backend.verify_access_token("token"), str(oid))

            # Test that verify has tried to purge the expired tokens
            mongodb._purge_old_tokens.assert_called_once_with(db, oid)
Beispiel #10
0
    def test_verify_access_token(self, connection_mock):
        conn = connection_mock.instance()
        connection_mock.return_value = conn
        db = conn[self.settings["mongodb.db_name"]]
        backend = MongoDBRegistrationBackend(self.settings, self.config)

        # Test that a non-existant token will not verify
        db.users.find_one.return_value = None
        self.assertFalse(backend.verify_access_token("token"))

        # Test that a matching token will return a stringified ID
        with patch("pyramid_registration.mongodb._purge_old_tokens"):

            oid = ObjectId()
            db.users.find_one.return_value = {"_id": oid}
            self.assertEquals(backend.verify_access_token("token"), str(oid))

            # Test that verify has tried to purge the expired tokens
            mongodb._purge_old_tokens.assert_called_once_with(db, oid)
Beispiel #11
0
    def test_issue_access_token(self, connection_mock):
        conn = connection_mock.instance()
        connection_mock.return_value = conn
        db = conn[self.settings["mongodb.db_name"]]
        backend = MongoDBRegistrationBackend(self.settings, self.config)

        uid = ObjectId()
        token = "token"
        with patch('pyramid_registration.mongodb._generate_access_token'):
            mongodb._generate_access_token.return_value = token

            def side_effect(*args):
                def second_call(*args):
                    return {"_id": uid}

                mongodb._generate_access_token.side_effect = second_call
                return None

            db.users.find_one.side_effect = side_effect
            backend.issue_access_token(uid)
            db.users.find_one.assert_called_with(
                {"access_tokens.token": token})
Beispiel #12
0
    def test_simple_login(self, connection_mock):
        conn = connection_mock.instance()
        connection_mock.return_value = conn
        db = conn[self.settings["mongodb.db_name"]]
        backend = MongoDBRegistrationBackend(self.settings, self.config)

        password = "******"
        stored_user = {
            "username": "******",
            "password": _hash_pw("testpassword"),
            "email": "*****@*****.**"
        }

        # Test situation where user exists and we do password hash comparison
        db.users.find_one.return_value = stored_user
        self.assertTrue(backend.simple_login(stored_user["username"],
                                             password))

        # Test situation where user does not exist
        db.users.find_one.return_value = False
        self.assertFalse(
            backend.simple_login(stored_user["username"], password))
Beispiel #13
0
    def test_activation(self):
        backend = MongoDBRegistrationBackend(self.settings, self.config)
        struct = {"username":"******", "password":"******", "email":"*****@*****.**"}
        backend.add_user(struct)
        user_doc = self.db.users.find_one({"username":struct["username"]})
        self.assertEquals(user_doc["username"], struct["username"])
        self.assertEquals(user_doc["email"], struct["email"])
        self.assertNotEquals(user_doc["password"], struct["password"])

        # User has been added - verify it has no activated tokens
        for token in user_doc.get("access_tokens", []):
            self.assertFalse(token.get("activated_timestamp"))

        # Issue a token for this user
        access_token = backend.issue_access_token(user_doc["_id"])

        # Verify user has this access token in their user document
        user_doc = self.db.users.find_one({"username":struct["username"]})
        doc_token = False
        for token in user_doc.get("access_tokens", []):
            if token.get("token") == access_token:
                doc_token = token
                break

        self.assertEquals(doc_token["token"], access_token)
        # Verify this token is not activated
        self.assertFalse(doc_token.get("activated_timestamp"))
        # Ensure verify_access_token on this token returns False

        self.assertFalse(backend.verify_access_token(access_token))
        # Now activate the token, and assert that the token is marked as
        # activated in the database.
        backend.activate(access_token)

        user_doc = self.db.users.find_one({"username":struct["username"]})
        doc_token = False
        for token in user_doc.get("access_tokens", []):
            if token.get("token") == access_token:
                self.assertTrue(token.get("activated_timestamp"))
                break


        # Ensure verify_access_token on this token returns the user_id
        userid = backend.verify_access_token(access_token)
        self.assertEquals(userid, str(user_doc["_id"]))
Beispiel #14
0
 def test_add_user(self, connection_mock):
     # Test bad username
     struct = {"username":"******"}
     conn = connection_mock.instance()
     connection_mock.return_value = conn
     db = conn[self.settings["mongodb.db_name"]]
     backend = MongoDBRegistrationBackend(self.settings, self.config)
     self.assertRaises(colander.Invalid, backend.add_user, struct)
     # Test good username that already exists in DB
     struct["username"] = "******"
     db.users.find_one.return_value = {"username":struct["username"]}
     self.assertRaises(colander.Invalid, backend.add_user, struct)
     # Test good, available username, writing it to DB
     db.users.find_one.return_value = None
     utcnow = datetime.datetime.utcnow()
     with patch("pyramid_registration.mongodb.make_access_token"):
         with patch("datetime.datetime"):
             testtoken = "testtoken"
             datetime.datetime.utcnow.return_value = utcnow
             mongodb.make_access_token.return_value = testtoken
             
             backend.add_user(struct)
             db.users.insert.assert_called_once_with({"username":struct["username"],
                 "access_tokens":[{"created_timestamp":utcnow,"token":testtoken}]},
                     safe=True)
             # Test writing bcrypted password value to DB
             struct["password"] = "******"
             hashed_pw = _hash_pw(struct["password"])
             # patch bcrypt module to return the hash we just generated
             with patch("pyramid_registration.mongodb.bcrypt.hashpw"):
                 mongodb.bcrypt.hashpw.return_value = hashed_pw
                 backend.add_user(struct)
                 db.users.insert.assert_called_with({"username":struct["username"],"password":hashed_pw,
                     "access_tokens":[{"created_timestamp":utcnow,"token":testtoken}]},
                         safe=True)
             # Test writing email to DB
             struct["email"] = "*****@*****.**"
             del struct["password"]
             backend.add_user(struct)
             db.users.insert.assert_called_with({"username":struct["username"],"email":struct["email"], 
                 "access_tokens":[{"created_timestamp":utcnow,"token":testtoken}]},
                     safe=True)
Beispiel #15
0
 def test_simple_login(self):
     backend = MongoDBRegistrationBackend(self.settings, self.config)
     # Test good, available username, writing it to DB
     password = "******"
     struct = {"username":"******", "password":password, "email":"*****@*****.**"}
     backend.add_user(struct)
     # Now lets verify we can retrieve it correctly with a simple_login
     user_doc = backend.simple_login(struct["username"], struct["password"])
     self.assertEquals(struct["username"], user_doc["username"])
     self.assertEquals(struct["email"], user_doc["email"])
     # Same again but by email not username
     user_doc = backend.simple_login(struct["email"], struct["password"])
     self.assertEquals(struct["username"], user_doc["username"])
     self.assertEquals(struct["email"], user_doc["email"])
     # Failure case: bad password
     user_doc = backend.simple_login(struct["email"], "wrongpassword")
     self.assertFalse(user_doc)
Beispiel #16
0
 def test_simple_login(self):
     backend = MongoDBRegistrationBackend(self.settings, self.config)
     # Test good, available username, writing it to DB
     password = "******"
     struct = {
         "username": "******",
         "password": password,
         "email": "*****@*****.**"
     }
     backend.add_user(struct)
     # Now lets verify we can retrieve it correctly with a simple_login
     user_doc = backend.simple_login(struct["username"], struct["password"])
     self.assertEquals(struct["username"], user_doc["username"])
     self.assertEquals(struct["email"], user_doc["email"])
     # Same again but by email not username
     user_doc = backend.simple_login(struct["email"], struct["password"])
     self.assertEquals(struct["username"], user_doc["username"])
     self.assertEquals(struct["email"], user_doc["email"])
     # Failure case: bad password
     user_doc = backend.simple_login(struct["email"], "wrongpassword")
     self.assertFalse(user_doc)
Beispiel #17
0
    def test_add_user(self, connection_mock):
        # Test bad username
        struct = {"username": "******"}
        conn = connection_mock.instance()
        connection_mock.return_value = conn
        db = conn[self.settings["mongodb.db_name"]]
        backend = MongoDBRegistrationBackend(self.settings, self.config)
        self.assertRaises(colander.Invalid, backend.add_user, struct)
        # Test good username that already exists in DB
        struct["username"] = "******"
        db.users.find_one.return_value = {"username": struct["username"]}
        self.assertRaises(colander.Invalid, backend.add_user, struct)
        # Test good, available username, writing it to DB
        db.users.find_one.return_value = None
        utcnow = datetime.datetime.utcnow()
        with patch("pyramid_registration.mongodb.make_access_token"):
            with patch("datetime.datetime"):
                testtoken = "testtoken"
                datetime.datetime.utcnow.return_value = utcnow
                mongodb.make_access_token.return_value = testtoken

                backend.add_user(struct)
                db.users.insert.assert_called_once_with(
                    {
                        "username":
                        struct["username"],
                        "access_tokens": [{
                            "created_timestamp": utcnow,
                            "token": testtoken
                        }]
                    },
                    safe=True)
                # Test writing bcrypted password value to DB
                struct["password"] = "******"
                hashed_pw = _hash_pw(struct["password"])
                # patch bcrypt module to return the hash we just generated
                with patch("pyramid_registration.mongodb.bcrypt.hashpw"):
                    mongodb.bcrypt.hashpw.return_value = hashed_pw
                    backend.add_user(struct)
                    db.users.insert.assert_called_with(
                        {
                            "username":
                            struct["username"],
                            "password":
                            hashed_pw,
                            "access_tokens": [{
                                "created_timestamp": utcnow,
                                "token": testtoken
                            }]
                        },
                        safe=True)
                # Test writing email to DB
                struct["email"] = "*****@*****.**"
                del struct["password"]
                backend.add_user(struct)
                db.users.insert.assert_called_with(
                    {
                        "username":
                        struct["username"],
                        "email":
                        struct["email"],
                        "access_tokens": [{
                            "created_timestamp": utcnow,
                            "token": testtoken
                        }]
                    },
                    safe=True)