def test_login_queries(party_account_fixture, web_fixture):
""""""
context = ExecutionContext.get_context()
config = context.config
user_session = context.session
login_session = LoginSession.for_session(context.session)
system_account = party_account_fixture.system_account
web_fixture.request.scheme = 'https'
context.request.cookies[
config.web.secure_key_name] = user_session.secure_salt
assert config.web.idle_secure_lifetime < config.web.idle_lifetime
assert config.web.idle_lifetime < config.web.idle_lifetime_max
# Case: user logs in
user_session.last_activity = None
login_session.set_as_logged_in(system_account, False)
assert login_session.is_logged_in()
assert login_session.is_logged_in(secured=True)
# Case: user logs out
login_session.log_out()
assert not login_session.is_logged_in()
assert not login_session.is_logged_in(secured=True)
# Case: user activity is older than secure lifetime
assert (config.web.idle_lifetime - config.web.idle_secure_lifetime) > 50
login_session.set_as_logged_in(system_account, False)
user_session.last_activity = datetime.now() - timedelta(
seconds=config.web.idle_secure_lifetime + 50)
assert login_session.is_logged_in()
assert not login_session.is_logged_in(secured=True)
# Case: user activity is older than all lifetimes
assert (config.web.idle_lifetime - config.web.idle_secure_lifetime) > 50
login_session.set_as_logged_in(system_account, False)
user_session.last_activity = datetime.now() - timedelta(
seconds=config.web.idle_lifetime + 50)
assert not login_session.is_logged_in()
assert not login_session.is_logged_in(secured=True)
# Case: user activity is older than non-secure lifetime, but keep_me_logged_in is set
assert (config.web.idle_lifetime - config.web.idle_secure_lifetime) > 50
assert (config.web.idle_lifetime_max - config.web.idle_lifetime) > 50
login_session.set_as_logged_in(system_account, True)
user_session.last_activity = datetime.now() - timedelta(
seconds=config.web.idle_lifetime + 50)
assert login_session.is_logged_in()
assert not login_session.is_logged_in(secured=True)
# Case: user activity is older than non-secure lifetime max, but keep_me_logged_in is set
assert (config.web.idle_lifetime - config.web.idle_secure_lifetime) > 50
assert (config.web.idle_lifetime_max - config.web.idle_lifetime) > 50
login_session.set_as_logged_in(system_account, True)
Session.flush()
user_session.last_activity = datetime.now() - timedelta(
seconds=config.web.idle_lifetime_max + 50)
assert not login_session.is_logged_in()
assert not login_session.is_logged_in(secured=True)
def log_in(self,
browser=None,
session=None,
system_account=None,
stay_logged_in=False):
"""Logs the user into the current webapp without having to navigate to a login page."""
session = session or self.party_account_fixture.session
browser = browser or self.driver_browser
login_session = LoginSession.for_session(session)
login_session.set_as_logged_in(
system_account or self.party_account_fixture.system_account,
stay_logged_in)
self.set_session_cookies(browser, session)
def test_logging_in(reahl_system_fixture, party_account_fixture):
fixture = party_account_fixture
system_account = fixture.system_account
login_session = LoginSession.for_session(
reahl_system_fixture.context.session)
account_management_interface = fixture.account_management_interface
account_management_interface.stay_logged_in = False
# Case: successful email attempt
assert login_session.account is not system_account
account_management_interface.log_in()
assert login_session.account is system_account
# Case: failed email attempts disable the account
login_session.account = None
assert system_account.account_enabled
account_management_interface.email = system_account.email
account_management_interface.password = '******'
for i in list(range(3)):
with expected(InvalidPasswordException, test=assert_is_set_to_commit):
account_management_interface.log_in()
assert system_account.failed_logins == i + 1
assert login_session.account is None
assert not system_account.account_enabled
# Case: Account is locked
system_account.disable()
assert isinstance(system_account.status, AccountDisabled)
with expected(AccountNotActiveException):
account_management_interface.log_in()
assert login_session.account is None
# Case: Account is not activated yet
login_session.account = None
system_account = fixture.new_system_account(email='*****@*****.**',
activated=False)
assert isinstance(system_account.status, AccountNotActivated)
with expected(AccountNotActiveException):
account_management_interface.log_in()
assert login_session.account is None
# Case: Login for nonexistant email name
account_management_interface.email = 'i@do not exist'
account_management_interface.password = '******'
with expected(InvalidPasswordException, test=assert_not_set_to_commit):
account_management_interface.log_in()
assert login_session.account is None
def logging_in(self, fixture):
system_account = fixture.system_account
login_session = LoginSession.for_session(fixture.context.session)
account_management_interface = fixture.account_management_interface
account_management_interface.stay_logged_in = False
# Case: successful email attempt
vassert(login_session.account is not system_account)
account_management_interface.log_in()
vassert(login_session.account is system_account)
# Case: failed email attempts disable the account
login_session.account = None
vassert(system_account.account_enabled)
account_management_interface.email = system_account.email
account_management_interface.password = '******'
for i in list(range(3)):
with expected(InvalidPasswordException,
test=lambda e: vassert(e.commit)):
account_management_interface.log_in()
vassert(system_account.failed_logins == i + 1)
vassert(login_session.account is None)
vassert(not system_account.account_enabled)
# Case: Account is locked
system_account.disable()
vassert(isinstance(system_account.status, AccountDisabled))
with expected(AccountNotActiveException):
account_management_interface.log_in()
vassert(login_session.account is None)
# Case: Account is not activated yet
login_session.account = None
system_account = fixture.new_system_account(email='*****@*****.**',
activated=False)
vassert(isinstance(system_account.status, AccountNotActivated))
with expected(AccountNotActiveException):
account_management_interface.log_in()
vassert(login_session.account is None)
# Case: Login for nonexistant email name
account_management_interface.email = 'i@do not exist'
account_management_interface.password = '******'
with expected(InvalidPasswordException,
test=lambda e: vassert(not e.commit)):
account_management_interface.log_in()
vassert(login_session.account is None)
def log_in(self,
browser=None,
session=None,
system_account=None,
stay_logged_in=False):
session = session or self.session
browser = browser or self.driver_browser
login_session = LoginSession.for_session(session)
login_session.set_as_logged_in(system_account or self.system_account,
stay_logged_in)
# quickly create a response so the fw sets the cookies, which we copy and explicitly set on selenium.
response = Response()
self.session.set_session_key(response)
cookies = http_cookies.BaseCookie(
ascii_as_bytes_or_str(', '.join(
response.headers.getall('set-cookie'))))
for name, morsel in cookies.items():
cookie = {'name': name, 'value': morsel.value}
cookie.update(
dict([(key, value) for key, value in morsel.items() if value]))
browser.create_cookie(cookie)
def log_in(self,
browser=None,
session=None,
system_account=None,
stay_logged_in=False):
"""Logs the user into the current webapp without having to navigate to a login page."""
session = session or self.party_account_fixture.session
browser = browser or self.driver_browser
login_session = LoginSession.for_session(session)
login_session.set_as_logged_in(
system_account or self.party_account_fixture.system_account,
stay_logged_in)
# quickly create a response so the fw sets the cookies, which we copy and explicitly set on selenium.
response = Response()
session.set_session_key(response)
cookies = http.cookies.BaseCookie(', '.join(
response.headers.getall('set-cookie')))
for name, morsel in cookies.items():
cookie = {'name': name, 'value': morsel.value}
cookie.update(
dict([(key, value) for key, value in morsel.items() if value]))
browser.create_cookie(cookie)
def log_in_test_user(self):
session = self.party_account_fixture.session
system_account = self.party_account_fixture.system_account
login_session = LoginSession.for_session(session)
login_session.set_as_logged_in(system_account, True)
def new_session(self, system_account=None):
session = super(TaskQueueZooMixin, self).new_session()
system_account = self.new_system_account(party=self.party)
login_session = LoginSession.for_session(session)
login_session.set_as_logged_in(system_account, True)
return session
def login_queries(self, fixture):
""""""
user_session = fixture.context.session
login_session = LoginSession.for_session(fixture.context.session)
system_account = fixture.system_account
config = fixture.context.config
context = fixture.context
fixture.request.scheme = 'https'
context.request.cookies[
context.config.web.secure_key_name] = user_session.secure_salt
vassert(config.web.idle_secure_lifetime < config.web.idle_lifetime)
vassert(config.web.idle_lifetime < config.web.idle_lifetime_max)
# Case: user logs in
user_session.last_activity = None
login_session.set_as_logged_in(system_account, False)
vassert(login_session.is_logged_in())
vassert(login_session.is_logged_in(secured=True))
# Case: user logs out
login_session.log_out()
vassert(not login_session.is_logged_in())
vassert(not login_session.is_logged_in(secured=True))
# Case: user activity is older than secure lifetime
vassert(
(config.web.idle_lifetime - config.web.idle_secure_lifetime) > 50)
login_session.set_as_logged_in(system_account, False)
user_session.last_activity = datetime.now() - timedelta(
seconds=config.web.idle_secure_lifetime + 50)
vassert(login_session.is_logged_in())
vassert(not login_session.is_logged_in(secured=True))
# Case: user activity is older than all lifetimes
vassert(
(config.web.idle_lifetime - config.web.idle_secure_lifetime) > 50)
login_session.set_as_logged_in(system_account, False)
user_session.last_activity = datetime.now() - timedelta(
seconds=config.web.idle_lifetime + 50)
vassert(not login_session.is_logged_in())
vassert(not login_session.is_logged_in(secured=True))
# Case: user activity is older than non-secure lifetime, but keep_me_logged_in is set
vassert(
(config.web.idle_lifetime - config.web.idle_secure_lifetime) > 50)
vassert((config.web.idle_lifetime_max - config.web.idle_lifetime) > 50)
login_session.set_as_logged_in(system_account, True)
user_session.last_activity = datetime.now() - timedelta(
seconds=config.web.idle_lifetime + 50)
vassert(login_session.is_logged_in())
vassert(not login_session.is_logged_in(secured=True))
# Case: user activity is older than non-secure lifetime max, but keep_me_logged_in is set
vassert(
(config.web.idle_lifetime - config.web.idle_secure_lifetime) > 50)
vassert((config.web.idle_lifetime_max - config.web.idle_lifetime) > 50)
login_session.set_as_logged_in(system_account, True)
Session.flush()
user_session.last_activity = datetime.now() - timedelta(
seconds=config.web.idle_lifetime_max + 50)
vassert(not login_session.is_logged_in())
vassert(not login_session.is_logged_in(secured=True))
