Beispiel #1
0
def test_change_password(logger, mongodb):
    """The the single call to change a users password.
    """
    username = '******'
    plain_pw = '1234567890'
    confirm_plain_pw = '1234567890'
    new_plain_pw = '0987654321'

    assert user.count() == 0
    assert user.find(username=username) == []

    with pytest.raises(user.UserNotFoundError):
        # The user isn't present to recover
        user.change_password(
            username,
            plain_pw,
            confirm_plain_pw,
            new_plain_pw
        )

    # Add the user:
    user_dict = dict(
        username=username,
        password=plain_pw,
        display_name='Bob Sprocket',
        email='*****@*****.**',
    )
    item1 = user.add(**user_dict)
    is_valid = pwtools.validate_password(plain_pw, item1['password_hash'])
    assert is_valid is True

    # Now change the password
    user.change_password(
        username,
        plain_pw,
        confirm_plain_pw,
        new_plain_pw
    )

    item2 = user.get(username)

    # old password is not valid:
    is_valid = pwtools.validate_password(plain_pw, item2['password_hash'])
    assert is_valid is False

    is_valid = pwtools.validate_password(
        new_plain_pw, item2['password_hash']
    )
    assert is_valid is True
def user_add(request):
    """Add a new user to the system when the data is PUT to the server.

    The user dict that's posted must validate against
    userdata.creation_required_fields(user_data).

    """
    log = get_log("user_add")

    user_data = request.json_body
    log.debug(
        "Validating new user<{}>: {!r}".format(type(user_data), user_data)
    )

    user_data = userdata.creation_required_fields(user_data)

    rc = user.add(**user_data)

    return rc
Beispiel #3
0
def test_unicode_fields(logger, mongodb):
    """Test the entry of unicode username, email, display name.
    """
    username = u'andrés.bolívar'

    assert user.count() == 0
    assert user.find(username=username) == []

    plain_pw = u'í12345í67890é'

    user_dict = dict(
        username=username,
        password=plain_pw,
        display_name=u'Andrés Plácido Bolívar',
        email=u'andrés.bolí[email protected]',
        phone=u''
    )
    item1 = user.add(**user_dict)

    # Check the password is converted into a hashed password correctly:
    is_validate = pwtools.validate_password(
        plain_pw, item1['password_hash']
    )
    assert is_validate is True

    # Try recoving by username, display_name, etc
    #
    for field in user_dict:
        if field == "password":
            # skip, no such thing as find via password.
            continue

        items = user.find(**{field: user_dict[field]})
        assert items == [item1]
        item1 = items[0]
        assert item1['username'] == user_dict['username']
        assert item1['display_name'] == user_dict['display_name']
        assert item1['email'] == user_dict['email']
        assert item1['phone'] == user_dict['phone']
Beispiel #4
0
def testBasicCRUD(logger, mongodb):
    """Test the basic add and get method
    """
    username = '******'

    assert user.count() == 0

    assert user.find(username=username) == []

    # Test I cannot add a user if I don't provide either a
    # password or a password_hash
    #
    user_dict = dict(
        username=username,
        # Not provied password or password hash
        #password='******',
    )
    with pytest.raises(user.UserAddError):
        user.add(**user_dict)

    plain_pw = '1234567890'

    user_dict = dict(
        username=username,
        password=plain_pw,
        display_name='Bob Sprocket',
        email='*****@*****.**',
        phone='9876543210'
    )
    item1 = user.add(**user_dict)

    # The password is hashed and then stored as password_hash. The password
    # it removed and never stored.
    assert "password" not in item1

    # Check the password is converted into a hashed password correctly:
    is_validate = pwtools.validate_password(
        plain_pw, item1['password_hash']
    )
    assert is_validate is True

    # Make sure I cannot add the same username again:
    with pytest.raises(user.UserPresentError):
        user.add(**user_dict)

    assert user.find(username=username) == [item1]
    assert user.has(username) is True
    assert user.count() == 1

    item2 = user.get(username)

    assert item2["username"] == user_dict['username']
    assert item2['display_name'] == user_dict['display_name']
    assert item2['email'] == user_dict['email']
    assert item2['phone'] == user_dict['phone']

    user.remove(item2['username'])

    assert user.count() == 0

    assert user.has(item2['username']) is False

    with pytest.raises(user.UserRemoveError):
        user.remove(item2['username'])
Beispiel #5
0
def testExtraField(logger, mongodb):
    """Test the arbitrary dic that can be used to store useful fields
    per user.
    """
    username = '******'
    plain_pw = '1234567890'

    assert user.count() == 0
    assert user.find(username=username) == []

    user_dict = dict(
        username=username,
        password=plain_pw,
        display_name='Bob Sprocket',
        email='*****@*****.**',
        phone='9876543210'
    )
    item1 = user.add(**user_dict)

    # Make sure I cannot add the same username again:
    with pytest.raises(user.UserPresentError):
        user.add(**user_dict)

    assert user.find(username=username) == [item1]
    assert user.has(username) is True
    assert user.count() == 1

    item2 = user.get(username)

    assert item2['username'] == user_dict['username']
    assert item2['display_name'] == user_dict['display_name']
    is_validate = pwtools.validate_password(
        plain_pw, item1['password_hash']
    )
    assert is_validate is True
    is_validate = pwtools.validate_password(
        "not the right one", item1['password_hash']
    )
    assert is_validate is False
    assert item2['email'] == user_dict['email']
    assert item2['phone'] == user_dict['phone']

    # Now update all the user fields that can be changed
    # and add some extra data to the arbitrary fields:
    #
    oauth_tokens = dict(
        # Some pretend googleservice oauth data:
        googleauth=dict(
            request_token="1234567890",
        )
    )

    user_dict = dict(
        username=username,
        # change the password. new_password will be hashed and
        # its has stored as password_hash:
        new_password="******",
        display_name='Bobby',
        email='*****@*****.**',
        phone='12121212',
        oauth_tokens=oauth_tokens,
        cats='big',
        teatime=1,
    )

    user.update(**user_dict)
    item2 = user.get(username)

    assert item2['username'] == user_dict['username']
    assert item2['display_name'] == user_dict['display_name']
    is_validate = pwtools.validate_password(
        "ifidexmemwb", item2['password_hash']
    )
    assert is_validate is True
    is_validate = pwtools.validate_password(
        plain_pw, item2['password_hash']
    )
    assert is_validate is False
    is_validate = pwtools.validate_password(
        "not the right one", item1['password_hash']
    )
    assert is_validate is False
    assert item2['email'] == user_dict['email']
    assert item2['phone'] == user_dict['phone']
    assert item2['oauth_tokens'] == oauth_tokens
    assert item2['cats'] == 'big'
    assert item2['teatime'] == 1