Beispiel #1
0
    def testRegression1(self):
        email = '*****@*****.**'
        good_password = '******'
        bad_password = '******'

        # 1. Register client
        response = UserUtil.register_user(self.testapp, email, good_password)
        self.assertEqual(response.status_int, constants.STATUS_OK,
                         'Register failed with correct credentials: ' + str(response.status_int))

        # 2. Verify client
        response = UserUtil.verify_user(self.testapp, self.mail_stub, email)
        self.assertEqual(response.status_int, constants.STATUS_OK, 'Verification failed: ' + str(response.status_int))

        # 3. Logout client
        response = UserUtil.logout(self.testapp)
        self.assertEqual(response.status_int, constants.STATUS_OK, 'Logout failed: ' + str(response.status_int))

        # 4. Check logout
        response = self.testapp.get('/', expect_errors=True)
        self.assertEqual(response.status_int, constants.STATUS_UNAUTHORIZED,
                         'Users only page should not be served after logout: ' + str(response.status_int))

        # 5. Login with remember me turned on and a wrong password
        response = UserUtil.login_user(self.testapp, email, bad_password, True)
        self.assertEqual(response.status_int, constants.STATUS_BAD_REQUEST,
                         'Login succeeded with bad password.' + str(response.status_int))

        # 6. Acessing secure content (after login and after deleting session data)
        response = self.testapp.get('/', expect_errors=True)
        self.assertEqual(response.status_int, constants.STATUS_UNAUTHORIZED,
                         'Users only page must not be served without logging in: ' + str(response.status_int))
Beispiel #2
0
    def testLoginFailWithVerification(self):
        email = '*****@*****.**'
        password = '******'

        # 1. Register client
        response = UserUtil.login_user(self.testapp, email, password)
        self.assertEqual(response.status_int, constants.STATUS_BAD_REQUEST,
                         'Login succeeded with empty db: ' + str(response.status_int))
        response = UserUtil.register_user(self.testapp, email, password)
        self.assertEqual(response.status_int, constants.STATUS_OK,
                         'Register failed with correct credentials: ' + str(response.status_int))

        # 2. Verify client
        response = UserUtil.verify_user(self.testapp, self.mail_stub, email)
        self.assertEqual(response.status_int, constants.STATUS_OK, 'Verification failed: ' + str(response.status_int))

        # 3. Logout
        response = UserUtil.logout(self.testapp)
        self.assertEqual(response.status_int, constants.STATUS_OK, 'Logout failed: ' + str(response.status_int))

        # 4. Login with bad credentials
        response = UserUtil.login_user(self.testapp, email, 'password2')
        self.assertEqual(response.status_int, constants.STATUS_BAD_REQUEST, 'Login succeeded with bad password.')
        response = UserUtil.login_user(self.testapp, email, '')
        self.assertEqual(response.status_int, constants.STATUS_BAD_REQUEST, 'Login succeeded with empty password.')
        response = UserUtil.login_user(self.testapp, '*****@*****.**', password)
        self.assertEqual(response.status_int, constants.STATUS_BAD_REQUEST, 'Login succeeded with bad email.')
Beispiel #3
0
    def testLoginSuccess(self):
        email = '*****@*****.**'
        password = '******'
        # 1. Register client
        response = UserUtil.register_user(self.testapp, email, password)
        self.assertEqual(response.status_int, constants.STATUS_OK,
                         'Register failed with correct credentials: ' + str(response.status_int))

        # 2. Access test site - error should arrive
        response = self.testapp.get('/', expect_errors=True)
        self.assertEqual(response.status_int, constants.STATUS_UNAUTHORIZED,
                         'Users only page should be served after logging in: ' + str(response.status_int))

        # 3. Try to login -> Verification needed first
        response = UserUtil.login_user(self.testapp, email, password)
        self.assertEqual(response.status_int, constants.STATUS_FORBIDDEN,
                         'Server should answer 403 for unverified client: ' + str(response.status_int))

        # 4. Verify
        response = UserUtil.verify_user(self.testapp, self.mail_stub, email)
        self.assertEqual(response.status_int, constants.STATUS_OK, 'Verification failed: ' + str(response.status_int))

        # 5. Access test site should succeed after verification
        response = self.testapp.get('/', expect_errors=True)
        self.assertEqual(response.status_int, constants.STATUS_OK,
                         'Users only page should be served after logging in: ' + str(response.status_int))

        # 6. Check login
        session = get_current_session()
        self.assertEqual(session.get(constants.VAR_NAME_EMAIL), email, 'User email is not correct in session variable: ' + str(
            session.get(constants.VAR_NAME_EMAIL)))
        self.assertIsNotNone(session.get(constants.SESSION_ID), 'SessionId is none')

        # 7. Access test site
        response = self.testapp.get('/', expect_errors=True)
        self.assertEqual(response.status_int, constants.STATUS_OK,
                         'Users only page should be served after logging in: ' + str(response.status_int))

        # 8. Logout
        response = UserUtil.logout(self.testapp)
        self.assertEqual(response.status_int, constants.STATUS_OK, 'Logout failed: ' + str(response.status_int))

        # 9. SH-26 regression
        response = UserUtil.logout(self.testapp)
        self.assertEqual(response.status_int, constants.STATUS_OK, 'Logout failed: ' + str(response.status_int))
Beispiel #4
0
    def testPersistentCookie(self):
        email = '*****@*****.**'
        password = '******'

        # 1. Register client
        response = UserUtil.register_user(self.testapp, email, password)
        self.assertEqual(response.status_int, constants.STATUS_OK,
                         'Register failed with correct credentials: ' + str(response.status_int))

        # 2. Verify client
        response = UserUtil.verify_user(self.testapp, self.mail_stub, email)
        self.assertEqual(response.status_int, constants.STATUS_OK, 'Verification failed: ' + str(response.status_int))

        # 3. Login with remember me turned off
        response = UserUtil.login_user(self.testapp, email, password)
        self.assertEqual(response.status_int, constants.STATUS_OK,
                         'Login failed with verified client: ' + str(response.status_int))

        # 4. Acessing secure content (after login and after deleting session data)
        response = self.testapp.get('/', expect_errors=True)
        self.assertEqual(response.status_int, constants.STATUS_OK,
                         'Users only page should be served after logging in: ' + str(response.status_int))
        session = get_current_session()
        session.terminate()
        response = self.testapp.get('/', expect_errors=True)
        self.assertEqual(response.status_int, constants.STATUS_UNAUTHORIZED,
                         'Users only page should not be served without providing session data: ' + str(response.status_int))

        # 5. Login with remember me turned on
        response = UserUtil.login_user(self.testapp, email, password, True)
        self.assertEqual(response.status_int, constants.STATUS_OK,
                         'Login failed with verified client: ' + str(response.status_int))

        # 6. Acessing secure content (after login and after deleting session data)
        response = self.testapp.get('/', expect_errors=True)
        self.assertEqual(response.status_int, constants.STATUS_OK,
                         'Users only page should be served after logging in: ' + str(response.status_int))
        session = get_current_session()
        session.terminate()
        response = self.testapp.get('/', expect_errors=True)
        self.assertEqual(response.status_int, constants.STATUS_OK,
                         'Users only page should be served after logging in: ' + str(response.status_int))

        # Test next login
        session = get_current_session()
        session.terminate()
        response = self.testapp.get('/', expect_errors=True)
        self.assertEqual(response.status_int, constants.STATUS_OK,
                         'Users only page should be served after logging in: ' + str(response.status_int))

        # 7. Try to access secure content with modified token
        response = self.testapp.get('/', expect_errors=True, headers=dict(Cookie='token='))
        self.assertEqual(response.status_int, constants.STATUS_OK,
                         'Users only page should be served after logging in: ' + str(response.status_int))

        # 8. Logout
        response = UserUtil.logout(self.testapp)
        self.assertEqual(response.status_int, constants.STATUS_OK, 'Logout failed: ' + str(response.status_int))

        # 9. Check logout
        response = self.testapp.get('/', expect_errors=True)
        self.assertEqual(response.status_int, constants.STATUS_UNAUTHORIZED,
                         'Users only page should not be served after logout: ' + str(response.status_int))