def test_admin_can_ban_email_domain(client, user_info):
register_user(client, user_info)
promote_user_to_admin(client, user_info)
rv = client.get(url_for('admin.domains', domain_type='email'))
rv = client.post(url_for('do.ban_domain', domain_type='email'),
data=dict(csrf_token=csrf_token(rv.data),
domain='spam4u.com'),
follow_redirects=True)
reply = json.loads(rv.data.decode('utf-8'))
assert reply['status'] == 'ok'
log_out_current_user(client)
rv = client.get(url_for('auth.register'))
with mail.record_messages() as outbox:
data = dict(csrf_token=csrf_token(rv.data),
username='******',
password='******',
confirm='Safe123#$@lolnot',
email_required='*****@*****.**',
invitecode='',
accept_tos=True,
captcha='xyzzy')
rv = client.post(url_for('auth.register'),
data=data,
follow_redirects=True)
assert len(outbox) == 0
assert b'do not accept emails' in rv.data
assert b'Register' in rv.data
assert b'Log out' not in rv.data
def test_reset_password(client, user_info):
"""A user can reset their password using a link sent to their email."""
new_password = '******'
assert new_password != user_info['password']
register_user(client, user_info)
log_out_current_user(client)
with mail.record_messages() as outbox:
rv = client.get(url_for('user.password_recovery'))
rv = client.post(url_for('user.password_recovery'),
data=dict(csrf_token=csrf_token(rv.data),
email=user_info['email'],
captcha='xyzzy'))
message = outbox.pop()
assert message.send_to == {user_info['email']}
soup = BeautifulSoup(message.html, 'html.parser')
token = soup.a['href'].split('/')[-1]
rv = client.get(url_for('user.password_reset', token=token),
follow_redirects=True)
rv = client.post(url_for('do.reset'),
data=dict(csrf_token=csrf_token(rv.data),
user=get_value(rv.data, 'user'),
key=get_value(rv.data, 'key'),
password=new_password,
confirm=new_password))
log_out_current_user(client)
user_info['password'] = new_password
log_in_user(client, user_info, expect_success=True)
def test_post_existing(client):
"""Can we POST a new resource properly?"""
client.post('/artist/',
data=json.dumps({
'Name': 'Jeff Knupp',
}),
headers={'Content-type': 'application/json'})
response = client.post('/artist/',
data=json.dumps({
'Name': 'Jeff Knupp',
}),
headers={'Content-type': 'application/json'})
assert response.status_code == 204
def test_post_existing(client):
"""Can we POST a new resource properly?"""
client.post(
'/artist/',
data=json.dumps({
'Name': 'Jeff Knupp',
}),
headers={'Content-type': 'application/json'})
response = client.post(
'/artist/',
data=json.dumps({
'Name': 'Jeff Knupp',
}),
headers={'Content-type': 'application/json'})
assert response.status_code == 204
def test_post_create_user(client):
user = {'name': 'User Name', 'type': 'email', 'contact': '*****@*****.**'}
response = client.post('user',
data=json.dumps(user),
content_type='application/json')
assert re.compile('[0-9]+').match(str(response.json))
assert response.status_code == 200
def test_post_send_message(client):
message = {'uid': '123456', 'message': 'test'}
response = client.post('send',
data=json.dumps(message),
content_type='application/json')
assert re.compile('[0-9]+').match(str(response.json))
assert response.status_code == 200
def test_registration_login(client):
"""The registration page logs a user in if they register correctly."""
rv = client.get(url_for('auth.register'))
with mail.record_messages() as outbox:
data = dict(csrf_token=csrf_token(rv.data),
username='******',
password='******',
confirm='Safe123#$@lolnot',
invitecode='',
accept_tos=True,
captcha='xyzzy')
if email_validation_is_required():
data['email_required'] = '*****@*****.**'
else:
data['email_optional'] = '*****@*****.**'
rv = client.post(url_for('auth.register'),
data=data,
follow_redirects=True)
if email_validation_is_required():
assert b'spam' in rv.data # Telling user to go check it.
message = outbox[-1]
soup = BeautifulSoup(message.html, 'html.parser')
token = soup.a['href'].split('/')[-1]
rv = client.get(url_for('auth.login_with_token', token=token),
follow_redirects=True)
assert auth_provider.get_user_by_email(
'*****@*****.**').name == 'supertester'
assert b'Log out' in rv.data
def test_reregister(client, user_info, user2_info):
"A user account which is unconfirmed after two days can be re-registered."
rv = client.get(url_for('auth.register'))
data = dict(csrf_token=csrf_token(rv.data),
username=user_info['username'],
password=user_info['password'],
confirm=user_info['password'],
invitecode='',
accept_tos=True,
email_required=user_info['email'],
captcha='xyzzy')
rv = client.post(url_for('auth.register'),
data=data,
follow_redirects=True)
new_user = User.get(User.name == user_info['username'])
assert new_user.status == UserStatus.PROBATION
new_user.joindate -= timedelta(days=3)
new_user.save()
rv = client.get(url_for('auth.register'))
with mail.record_messages() as outbox:
data = dict(
csrf_token=csrf_token(rv.data),
username=user_info['username'],
password=user_info['password'],
confirm=user_info['password'],
invitecode='',
email_required=user2_info['email'],
accept_tos=True,
)
rv = client.post(url_for('auth.register'),
data=data,
follow_redirects=True)
assert b'spam' in rv.data # Telling user to go check it.
message = outbox[-1]
assert message.send_to == {user2_info['email']}
soup = BeautifulSoup(message.html, 'html.parser')
token = soup.a['href'].split('/')[-1]
rv = client.get(url_for('auth.login_with_token', token=token),
follow_redirects=True)
assert b'Log out' in rv.data
assert auth_provider.get_user_by_email(user_info['email']) == None
assert (auth_provider.get_user_by_email(
user2_info['email']).name == user_info['username'])
def test_post_missing_field(client):
"""Do we reject a POST with a missing required field?"""
response = client.post('/album/',
data=json.dumps({
'ArtistId': 1,
}),
headers={'Content-type': 'application/json'})
assert response.status_code == 400
def test_post_missing_field(client):
"""Do we reject a POST with a missing required field?"""
response = client.post(
'/album/',
data=json.dumps({
'ArtistId': 1,
}),
headers={'Content-type': 'application/json'})
assert response.status_code == 400
def test_post_unknown_field(client):
"""Do we properly reject a POST with an unknown field?"""
response = client.post(
'/artist/',
data=json.dumps({'foo': 'bar', 'Name': 'Jeff Knupp'}),
headers={'Content-type': 'application/json'}
)
assert response.status_code == 400
json_response = json.loads(response.get_data(as_text=True))
assert json_response == {'message': 'Unknown field [foo]'}
def test_post(client):
"""Can we POST a new resource properly?"""
response = client.post('/album/',
data=json.dumps({
'Title': 'Some Title',
'ArtistId': 1,
}),
headers={'Content-type': 'application/json'})
assert response.status_code == 201
assert json.loads(response.get_data(as_text=True)) == NEW_ALBUM
def test_post_unknown_field(client):
"""Do we properly reject a POST with an unknown field?"""
response = client.post(
'/artist/',
data=json.dumps({'foo': 'bar', 'Name': 'Jeff Knupp'}),
headers={'Content-type': 'application/json'}
)
assert response.status_code == 400
json_response = json.loads(response.get_data(as_text=True))
assert json_response == {'message': 'Unknown field [foo]'}
def test_validate_post_existing_resource(client):
"""Do we get back an error message when making a POST request on a resource that already exists?"""
response = client.post('/user/',
data=json.dumps({
'name': 'Jeff Knupp',
'email': '*****@*****.**',
}),
headers={'Content-Type': 'application/json'})
assert response.status_code == 400
assert response.json['message'] == INVALID_ACTION_MESSAGE
def test_post(client):
"""Can we POST a new resource properly?"""
response = client.post(
'/album/',
data=json.dumps({
'Title': 'Some Title',
'ArtistId': 1,
}),
headers={'Content-type': 'application/json'})
assert response.status_code == 201
assert json.loads(response.get_data(as_text=True)) == NEW_ALBUM
def test_validate_post(client):
"""Do we get back an error message when making a POST request that fails
validation?"""
response = client.post('/user',
data=json.dumps({
'name': 'Jeff Knupp',
'email': '*****@*****.**',
}),
headers={'Content-Type': 'application/json'})
assert response.status_code == 400
assert response.json['message'] == INVALID_ACTION_MESSAGE
def test_flask_app(client):
"""Does Emily run successfully as a Flask web server?"""
response = client.get('/get_session')
assert response.status_code == 200
session_id = response.get_data(as_text=True)
response = client.post('/chat',
data={
'message': 'hello',
'session_id': session_id
})
assert response.status_code == 200
json_response = json.loads(response.get_data(as_text=True))
assert json_response['response'] == 'world'
response = client.post('/chat',
data={
'message': 'quit',
'session_id': session_id
})
# The Emily thread closes if no more sessions are left, but pytest runs through these tests too quickly for Emily to make that check in time.
time.sleep(0.1)
def test_validate_post_existing_resource(client):
"""Do we get back an error message when making a POST request on a resource that already exists?"""
response = client.post(
'/user/',
data=json.dumps({
'name': 'Jeff Knupp',
'email': '*****@*****.**',
}),
headers={'Content-Type': 'application/json'}
)
assert response.status_code == 400
assert response.json['message'] == INVALID_ACTION_MESSAGE
def test_validate_post(client):
"""Do we get back an error message when making a POST request that fails
validation?"""
response = client.post(
'/user',
data=json.dumps({
'name': 'Jeff Knupp',
'email': '*****@*****.**',
}),
headers={'Content-Type': 'application/json'}
)
assert response.status_code == 400
assert response.json['message'] == INVALID_ACTION_MESSAGE
def test_delete_account(client, user_info):
"""A user can delete their account."""
register_user(client, user_info)
# The password has to be right.
rv = client.get(url_for('user.delete_account'))
rv = client.post(url_for('do.delete_user'),
data=dict(csrf_token=csrf_token(rv.data),
password='******',
consent='YES'),
follow_redirects=True)
reply = json.loads(rv.data.decode('utf-8'))
assert reply['status'] == 'error'
# The consent must be given.
rv = client.get(url_for('user.delete_account'))
rv = client.post(url_for('do.delete_user'),
data=dict(csrf_token=csrf_token(rv.data),
password='******',
consent='NO'),
follow_redirects=True)
reply = json.loads(rv.data.decode('utf-8'))
assert reply['status'] == 'error'
rv = client.get(url_for('user.delete_account'))
rv = client.post(url_for('do.delete_user'),
data=dict(csrf_token=csrf_token(rv.data),
password=user_info['password'],
consent='YES'),
follow_redirects=True)
reply = json.loads(rv.data.decode('utf-8'))
assert reply['status'] == 'ok'
# Deleting your account should log you out.
rv = client.get(url_for('home.index'))
assert b'Log in' in rv.data
# Try to log in to the deleted account.
log_in_user(client, user_info, expect_success=False)
def test_login_before_confirming_email(client, user_info):
"""Registered users with unconfirmed emails can't log in."""
rv = client.get(url_for('auth.register'))
with mail.record_messages() as outbox:
data = dict(csrf_token=csrf_token(rv.data),
username=user_info['username'],
password=user_info['password'],
confirm=user_info['password'],
email_required=user_info['email'],
invitecode='',
accept_tos=True,
captcha='xyzzy')
rv = client.post(url_for('auth.register'),
data=data,
follow_redirects=True)
assert b'spam' in rv.data # Telling user to go check it.
message = outbox.pop()
rv = client.get(url_for('auth.login'))
rv = client.post(url_for('auth.login'),
data=dict(csrf_token=csrf_token(rv.data),
username=user_info['username'],
password=user_info['password']),
follow_redirects=True)
assert b'Resend account confirmation instructions' in rv.data
rv = client.post(url_for('auth.resend_confirmation_email'),
data=dict(csrf_token=csrf_token(rv.data),
email=user_info['email']),
follow_redirects=True)
assert b'spam' in rv.data # Telling user to go check it.
message = outbox.pop()
soup = BeautifulSoup(message.html, 'html.parser')
token = soup.a['href'].split('/')[-1]
rv = client.get(url_for('auth.login_with_token', token=token),
follow_redirects=True)
assert b'Log out' in rv.data
def test_password_required_to_change_recovery_email(client, user_info):
"""Changing the password recovery requires the correct password."""
register_user(client, user_info)
wrong_password = '******'
new_email = '*****@*****.**'
assert wrong_password != user_info['password']
assert new_email != user_info['email']
rv = client.get(url_for('user.edit_account'))
data = dict(csrf_token=csrf_token(rv.data),
email_required=new_email,
oldpassword=wrong_password,
password='',
confirm='')
# No confirmation email should be sent.
with mail.record_messages() as outbox:
rv = client.post(url_for('do.edit_account'),
data=data,
follow_redirects=True)
assert len(outbox) == 0
log_out_current_user(client)
# Verify password recovery email goes to the right place.
with mail.record_messages() as outbox:
rv = client.get(url_for('user.password_recovery'))
rv = client.post(url_for('user.password_recovery'),
data=dict(csrf_token=csrf_token(rv.data),
email=new_email,
captcha='xyzzy'))
assert len(outbox) == 0
rv = client.get(url_for('user.password_recovery'))
rv = client.post(url_for('user.password_recovery'),
data=dict(csrf_token=csrf_token(rv.data),
email=user_info['email'],
captcha='xyzzy'))
assert len(outbox) == 1
def test_admin_can_ban_and_unban_user(client, user_info, user2_info):
register_user(client, user_info)
register_user(client, user2_info)
promote_user_to_admin(client, user2_info)
username = user_info['username']
rv = client.get(url_for('user.view', user=username))
rv = client.post(url_for('do.ban_user', username=username),
data=dict(csrf_token=csrf_token(rv.data)),
follow_redirects=True)
# For now, banning makes you unable to log in.
log_out_current_user(client)
log_in_user(client, user_info, expect_success=False)
log_in_user(client, user2_info, expect_success=True)
rv = client.get(url_for('user.view', user=username))
rv = client.post(url_for('do.unban_user', username=username),
data=dict(csrf_token=csrf_token(rv.data)),
follow_redirects=True)
log_out_current_user(client)
log_in_user(client, user_info, expect_success=True)
def test_post(self, client, mdm_group):
res = client.put(url_for('api_app.mdmgroupresource'), data=mdm_group)
data = json.loads(res.data)
mdm_group['group_name'] = 'something else'
res = client.post(url_for('api_app.mdmgroupresource', id=data['id']), data=mdm_group)
assert self.assert_success(res)
res = client.get(url_for('api_app.mdmgroupresource', id=data['id']))
assert self.assert_json(res.headers)
assert self.assert_success(res)
data = json.loads(res.data)
mdm_group['id'] = data['id']
assert data == mdm_group
def test_post(self, client, device):
res = client.put(url_for('api_app.deviceresource'), data=device)
data = json.loads(res.data)
device['udid'] = str(uuid.uuid4())
device['serial_number'] = '12131415'
res = client.post(url_for('api_app.deviceresource', id=data['id']), data=device)
assert self.assert_success(res)
res = client.get(url_for('api_app.deviceresource', id=data['id']))
assert self.assert_json(res.headers)
assert self.assert_success(res)
data = json.loads(res.data)
device['id'] = data['id']
assert data == device
def test_post(self, client, profile):
res = client.put(url_for('api_app.profileresource'), data=profile)
data = json.loads(res.data)
profile['profile_data'] = 'something else'
res = client.post(url_for('api_app.profileresource', id=data['id']), data=profile)
assert self.assert_success(res)
res = client.get(url_for('api_app.profileresource', id=data['id']))
assert self.assert_json(res.headers)
assert self.assert_success(res)
data = json.loads(res.data)
assert data['identifier'] == profile['identifier']
assert data['uuid'] == profile['uuid']
assert data['status'] == profile['status'].value
def test_email_required_for_registration(client, user_info):
"If emails are required, trying to register without one will fail."
rv = client.get(url_for('auth.register'))
with mail.record_messages() as outbox:
data = dict(csrf_token=csrf_token(rv.data),
username='******',
password='******',
confirm='Safe123#$@lolnot',
email_required='',
invitecode='',
accept_tos=True,
captcha='xyzzy')
rv = client.post(url_for('auth.register'),
data=data,
follow_redirects=True)
assert len(outbox) == 0
assert b'Error' in rv.data
assert b'Register' in rv.data
assert b'Log out' not in rv.data
def test_change_password(client, user_info):
"""A user can change their password and log in with the new password."""
register_user(client, user_info)
new_password = '******' + '\N{PARTIAL DIFFERENTIAL}'
assert new_password != user_info['password']
rv = client.get(url_for('user.edit_account'))
rv = client.post(url_for('do.edit_account'),
data=dict(csrf_token=csrf_token(rv.data),
oldpassword=user_info['password'],
password=new_password,
confirm=new_password),
follow_redirects=True)
reply = json.loads(rv.data.decode('utf-8'))
assert reply['status'] == 'ok'
log_out_current_user(client)
# Try to log in with the old password
log_in_user(client, user_info, expect_success=False)
new_info = dict(user_info)
new_info.update(password=new_password)
log_in_user(client, new_info, expect_success=True)
def test_change_password_recovery_email(client, user_info):
"""The user can change their password recovery email."""
register_user(client, user_info)
new_email = '*****@*****.**'
assert new_email != user_info['email']
rv = client.get(url_for('user.edit_account'))
data = dict(csrf_token=csrf_token(rv.data),
oldpassword=user_info['password'],
password='',
confirm='')
if email_validation_is_required():
data['email_required'] = new_email
else:
data['email_optional'] = new_email
with mail.record_messages() as outbox:
rv = client.post(url_for('do.edit_account'),
data=data,
follow_redirects=True)
log_out_current_user(client)
if email_validation_is_required():
message = outbox.pop()
# Make sure that password recovery emails go to the former address
# if the new one has not yet been confirmed.
rv = client.get(url_for('user.password_recovery'))
rv = client.post(url_for('user.password_recovery'),
data=dict(csrf_token=csrf_token(rv.data),
email=new_email,
captcha='xyzzy'))
assert len(outbox) == 0
rv = client.get(url_for('user.password_recovery'))
rv = client.post(url_for('user.password_recovery'),
data=dict(csrf_token=csrf_token(rv.data),
email=user_info['email'],
captcha='xyzzy'))
assert outbox.pop().send_to == {user_info['email']}
# Now click the confirm link.
assert message.send_to == {new_email}
soup = BeautifulSoup(message.html, 'html.parser')
token = soup.a['href'].split('/')[-1]
rv = client.get(url_for('user.confirm_email_change', token=token),
follow_redirects=True)
else:
assert len(outbox) == 0
# Verify password recovery email goes to the right place.
with mail.record_messages() as outbox:
rv = client.get(url_for('user.password_recovery'))
rv = client.post(url_for('user.password_recovery'),
data=dict(csrf_token=csrf_token(rv.data),
email=user_info['email'],
captcha='xyzzy'))
assert len(outbox) == 0
rv = client.get(url_for('user.password_recovery'))
rv = client.post(url_for('user.password_recovery'),
data=dict(csrf_token=csrf_token(rv.data),
email=new_email,
captcha='xyzzy'))
assert outbox.pop().send_to == {new_email}
def test_post_no_data(client):
"""Do we properly reject a POST with no JSON data?"""
response = client.post('/artist/')
json_response = json.loads(response.get_data(as_text=True))
assert json_response == {'message': 'No data received from request'}
def test_invite_code_required_for_registration(client, user_info, user2_info):
"If invite codes are required, trying to register without one will fail."
register_user(client, user_info)
promote_user_to_admin(client, user_info)
# Enable invite codes.
rv = client.get(url_for('admin.invitecodes'))
data = dict(csrf_token=csrf_token(rv.data),
enableinvitecode=True,
minlevel=3,
maxcodes=10)
rv = client.post(url_for('do.use_invite_code'),
data=data,
follow_redirects=True)
reply = json.loads(rv.data.decode('utf-8'))
assert reply['status'] == 'ok'
# Create an invite code.
rv = client.get(url_for('admin.invitecodes'))
data = dict(csrf_token=csrf_token(rv.data),
code="abcde",
uses=10,
expires='')
rv = client.post(url_for('admin.invitecodes'),
data=data,
follow_redirects=True)
log_out_current_user(client)
# Now try to register a new user without an invite code.
rv = client.get(url_for('auth.register'))
data = dict(csrf_token=csrf_token(rv.data),
username=user2_info['username'],
password=user2_info['password'],
confirm=user2_info['password'],
invitecode='',
email_optional=user2_info['email'],
accept_tos=True,
captcha='xyzzy')
rv = client.post(url_for('auth.register'),
data=data,
follow_redirects=True)
assert b'Invalid invite code' in rv.data
# Now try to register a new user with an incorrect invite code.
rv = client.get(url_for('auth.register'))
data = dict(csrf_token=csrf_token(rv.data),
username=user2_info['username'],
password=user2_info['password'],
confirm=user2_info['password'],
invitecode='xyzzy',
email_optional=user2_info['email'],
accept_tos=True,
captcha='xyzzy')
rv = client.post(url_for('auth.register'),
data=data,
follow_redirects=True)
assert b'Invalid invite code' in rv.data
# Now try to register a new user with a valid invite code.
rv = client.get(url_for('auth.register'))
data = dict(csrf_token=csrf_token(rv.data),
username=user2_info['username'],
password=user2_info['password'],
confirm=user2_info['password'],
invitecode='abcde',
email_optional=user2_info['email'],
accept_tos=True,
captcha='xyzzy')
rv = client.post(url_for('auth.register'),
data=data,
follow_redirects=True)
assert b'Log out' in rv.data
def test_post_no_data(client):
"""Do we properly reject a POST with no JSON data?"""
response = client.post('/artist/')
json_response = json.loads(response.get_data(as_text=True))
assert json_response == {'message': 'No data received from request'}