def unregistered_user_can_register_with_facebook_in_the_middle_of_login_procedure_of_a_served_application(self):
if config.skipFacebookTests:
return
driver = self.driver
self._gotoOauthPage(driver)
self.switchToTab('registration')
driver.find_element_by_id("Facebook_registration_button").click()
time.sleep(1)
self.master = driver.current_window_handle
timeCount = 1;
while (len(driver.window_handles) == 1 ):
time
timeCount += 1
if ( timeCount > 50 ):
break;
for handle in driver.window_handles:
if handle!=self.master:
driver.switch_to.window(handle)
driver.find_element_by_id("pass").clear()
driver.find_element_by_id("pass").send_keys(config.fbpassword2)
driver.find_element_by_id("email").clear()
driver.find_element_by_id("email").send_keys(config.fbuser2)
driver.find_element_by_id("u_0_2").click()
driver.switch_to.window(self.master)
time.sleep(5)
self.assertTrue(driver.current_url.startswith(self.redirect_uri.lower()))
self.user = User.getByEmail(config.fbuser2)
Credential.getByUser(self.user, "facebook").rm()
self.user.rm()
def you_can_login_using_facebook(self):
if config.skipFacebookTests:
return
self.user = self.createUserWithCredentials("facebook", config.fbuserid, None, config.fbuser)
self.user.activate()
driver = self.driver
driver.get(self.base_url+"/static/login.html")
self.switchToTab("login")
driver.find_element_by_id("Facebook_login_button").click()
time.sleep(1)
self._switchWindow(driver)
driver.find_element_by_id("pass").clear()
driver.find_element_by_id("pass").send_keys(config.fbpassword)
driver.find_element_by_id("email").clear()
driver.find_element_by_id("email").send_keys(config.fbuser)
driver.find_element_by_id("u_0_2").click()
driver.switch_to.window(self.master)
time.sleep(1)
self.assertEqual(self.base_url + "/static/login.html", driver.current_url)
body = driver.find_element_by_id("message").text
self.assertEqual("", body)
body = driver.find_element_by_id("userdata").text
self.assertTrue("*****@*****.**"in body)
Credential.getByUser(self.user, "facebook").rm()
self.user.rm()
def test_password_reset_creates_password_if_it_does_not_exists(self):
form = self.createPasswordResetFormWithSecret()
user = User.getByEmail(self.userCreationEmail)
passcred = Credential.getByUser(user, "password")
passcred.rm()
self.controller.doPasswordReset(form)
newPassCred = Credential.getByUser(user, "password")
self.assertEqual(newPassCred.secret, CredentialManager.protect_secret(self.newPassword))
def doConfirmChangeEmail(self, secret=None, confirm=True, useverifysecret=False):
self.controller.emailChangeInit(self.newEmailAddress, self.user)
if secret is None:
if useverifysecret:
secret = Credential.getByUser(self.user, 'changeemailandverify').secret
else:
secret = Credential.getByUser(self.user, 'changeemail').secret
return self.controller.confirmEmailChange(FakeForm(dict(confirm=confirm, secret=secret)))
def removeFbuser(self,user=None):
if user is None:
user = config.facebookUser2
self.user = User.getByEmail(user.email)
if self.user:
Credential.getByUser(self.user, "facebook").rm()
for appMap in AppMap.getForUser(self.user):
appMap.rm()
self.user.rm()
def your_credentials_are_deleted_in_deregistration(self):
with app.test_client() as c:
self.login(c)
user = User.getByEmail(self.usercreation_email)
creds = Credential.getByUser(user)
self.assertTrue(len(creds) > 0)
data = dict(
csrf_token = self.getCSRF(c),
credentialType= "password",
identifier= self.usercreation_userid,
secret = self.usercreation_password
)
c.post(config.base_url+'/deregister', data=data)
user = User.getByEmail(self.usercreation_email)
creds = Credential.getByUser(user)
self.assertTrue(len(creds) == 0)
def doPasswordResetWithNewPassword(self, password):
self.goToLoginPage()
emailAddress = TE.assurerUser.email # @UndefinedVariable
self.initiatePasswordReset(emailAddress)
cred = Credential.getByUser(TE.assurerUser, "email_for_password_reset")
passwordResetLink = TE.pwresetUrl + "?secret=" + cred.secret
self.clickPasswordResetLink(password, passwordResetLink)
def test_the_emailcheck_secret_is_not_shown_in_the_registration_answer(self):
form = self.prepareLoginForm()
resp = self.controller.doRegistration(form)
text = self.getResponseText(resp)
current_user = self.controller.getCurrentUser()
cred = Credential.getByUser(current_user, 'emailcheck')
self.assertTrue(not cred.secret in text)
def facebook_login_needs_facebook_credentials_as_registered(self):
cred = Credential.getByUser(self.user, "facebook")
cred.rm()
with self.assertRaises(ReportedError) as e:
self.controller.do_login(self.request_data)
self.assertEqual(e.exception.status, 403)
self.assertEqual(e.exception.descriptor,["You have to register first"])
def test_registration_email_contains_registration_uri_with_secret(self):
msg = self._registerAndGetEmail()
self.assertTrue(msg)
current_user = self.controller.getCurrentUser()
cred = Credential.getByUser(current_user, 'emailcheck')
base_url = self.controller.getConfig('BASE_URL')
uri = "{0}/v1/verify_email/{1}".format(base_url,cred.secret)
self.assertEmailContains(uri, msg)
def test_email_validation_gives_emailverification_assurance(self):
self.setupRandom()
with app.test_client():
email = self.registerAndObtainValidationUri()
self.assertTrue(self.validateUri.startswith(config.BASE_URL + "/v1/verify_email"))
with app.test_client() as client:
user = User.getByEmail(email)
creds = Credential.getByUser(user)
assurances = Assurance.getByUser(user)
self.assertTrue(emailVerification not in assurances)
resp = client.get(self.validateUri)
self.assertEqual(resp.status_code, 200)
self.assertEqual(user.email, email)
newcreds = Credential.getByUser(user)
self.assertEqual(len(creds) - 1 , len(newcreds))
assurances = Assurance.getByUser(user)
self.assertTrue(assurances[emailVerification] is not None)
user.rm()
def assertEmailChangeIsInitiated(self, resp):
text = self.getResponseText(resp)
self.assertEqual(200, resp.status_code)
self.assertEqual(emailChangeEmailSent, json.loads(text)['message'])
user = User.getByEmail(self.userCreationEmail)
self.userid=user.userid
tempCredential = Credential.getByUser(user, "changeemail")
self.secret = tempCredential.secret
self.assertEqual(self.newEmail, tempCredential.getAdditionalInfo())
def do_password_reset(self, form):
cred = Credential.get(passwordResetCredentialType, form.secret.data)
if cred is None or (float(cred.secret) < time.time()):
Credential.deleteExpired(passwordResetCredentialType)
raise ReportedError(['The secret has expired'], 404)
passcred = Credential.getByUser(cred.user, 'password')
passcred.secret = CredentialManager.protect_secret(form.password.data)
cred.rm()
return self.simple_response('Password successfully changed')
def _getDeregistrationSecret(self):
self._loginAndDeregister()
user = self.cred.user
if self.addAppMapToUser==True:
app = Application.query.first() # @UndefinedVariable
AppMap.new(app, user)
deregistrationCredential = Credential.getByUser(user, 'deregister')
secret = deregistrationCredential.secret
return secret
def doChangePassword(self, form):
user = self.getCurrentUser()
cred = Credential.getByUser(user, 'password')
oldSecret = CredentialManager.protect_secret(form.oldPassword.data)
if cred.secret != oldSecret:
raise ReportedError([oldPasswordDoesNotMatch])
secret = CredentialManager.protect_secret(form.newPassword.data)
cred.secret = secret
cred.save()
return self.simple_response(passwordChangedSuccessfully)
def successful_password_reset_sets_the_password(self):
password = self.mkRandomPassword()
secret = unicode(uuid4())
user = User.getByEmail(self.usercreation_email)
Credential.new(user, 'email_for_password_reset', secret, time.time()+3600)
with app.test_client() as c:
data = dict(password=password, secret=secret)
c.post("/v1/password_reset", data = data)
cred = Credential.getByUser(user, "password")
self.assertEquals(cred.secret, CredentialManager.protect_secret(password))
def do_change_password(self, form):
user = self.getCurrentUser()
cred = Credential.getByUser(user, 'password')
oldSecret = CredentialManager.protect_secret(form.oldPassword.data)
if cred.secret != oldSecret:
raise ReportedError(["old password does not match"])
secret = CredentialManager.protect_secret(form.newPassword.data)
cred.secret = secret
cred.save()
return self.simple_response('password changed succesfully')
def test_email_verification_after_expiry_will_fail(self):
self.setupRandom()
email = self.registerAndObtainValidationUri()
with app.test_client() as client:
user = User.getByEmail(email)
creds = Credential.getByUser(user)
for cred in creds:
if cred.credentialType == 'emailcheck':
cred.identifier = str(time.time()- 1)
resp = client.get(self.validateUri)
self.assertEqual(400, resp.status_code)
self.assertEqual('{"errors": ["expired token"]}', self.getResponseText(resp))
def email_validation_gives_emailverification_assurance(self):
self.setupRandom()
with app.test_client() as c:
resp, outbox = self.register(c)
email = self.registered_email
logout_user()
self.assertUserResponse(resp)
self.validateUri=re.search('href="([^"]*)',outbox[0].body).group(1)
self.assertTrue(self.validateUri.startswith(config.base_url + "/v1/verify_email/"))
with app.test_client() as c:
user = User.getByEmail(email)
creds = Credential.getByUser(user)
assurances = Assurance.getByUser(user)
self.assertTrue(assurances.has_key(emailVerification) is False)
resp = c.get(self.validateUri)
self.assertEqual(user.email, email)
newcreds = Credential.getByUser(user)
self.assertEquals(len(creds) - 1 , len(newcreds))
assurances = Assurance.getByUser(user)
self.assertTrue(assurances[emailVerification] is not None)
user.rm()
def it_is_possible_to_register_with_facebook(self):
if config.skipFacebookTests:
return
driver = self.driver
driver.get(self.base_url+"/static/login.html")
self.switchToTab('registration')
driver.find_element_by_id("Facebook_registration_button").click()
time.sleep(1)
self._switchWindow(driver)
driver.find_element_by_id("pass").clear()
driver.find_element_by_id("pass").send_keys(config.fbpassword2)
driver.find_element_by_id("email").clear()
driver.find_element_by_id("email").send_keys(config.fbuser2)
driver.find_element_by_id("u_0_2").click()
driver.switch_to.window(self.master)
self.assertEqual(self.base_url + "/static/login.html", driver.current_url)
time.sleep(5)
body = driver.find_element_by_id("userdata").text
self.assertTrue("*****@*****.**"in body)
self.user = User.getByEmail(config.fbuser2)
Credential.getByUser(self.user, "facebook").rm()
self.user.rm()
def do_deregister(self,form):
if not self.isLoginCredentials(form):
raise ReportedError(["You should use your login credentials to deregister"], 400)
cred = Credential.get(form.credentialType.data, form.identifier.data)
user = cred.user
creds = Credential.getByUser(user)
for cred in creds:
cred.rm()
assurances = Assurance.listByUser(user)
for assurance in assurances:
assurance.rm()
user.rm()
return self.simple_response('deregistered')
def getCredentialFromForm(cls, form):
cred = Credential.get('password', form.identifier.data)
if cred is None:
user = User.getByEmail(form.identifier.data)
if user is None:
return None
cred = Credential.getByUser(user, "password")
if cred is None:
return None
hashed = cls.protect_secret(form.password.data)
if cred.secret == hashed:
return cred
return None
def doPasswordReset(self, form):
Credential.deleteExpired(self.passwordResetCredentialType)
cred = Credential.getBySecret(
self.passwordResetCredentialType, form.secret.data)
if cred is None or (cred.getExpirationTime() < time.time()):
raise ReportedError([theSecretHasExpired], 404)
passcred = Credential.getByUser(cred.user, 'password')
protectedSecret = CredentialManager.protect_secret(form.password.data)
if not passcred:
passcred = Credential.new(cred.user, "password", cred.user.email, protectedSecret)
else:
passcred.secret = protectedSecret
cred.rm()
return self.simple_response(passwordSuccessfullyChanged)
def doPasswordReset(self, form):
Credential.deleteExpired(self.passwordResetCredentialType)
cred = Credential.getBySecret(
self.passwordResetCredentialType, form.secret.data)
if cred is None or (cred.getExpirationTime() < time.time()):
raise ReportedError([theSecretHasExpired], 404)
passcred = Credential.getByUser(cred.user, 'password')
protectedSecret = CredentialManager.protect_secret(form.password.data)
if not passcred:
passcred = Credential.new(cred.user, "password", cred.user.email, protectedSecret)
else:
passcred.secret = protectedSecret
cred.rm()
return self.simple_response(passwordSuccessfullyChanged)
def email_verification_after_expiry_will_fail(self):
self.setupRandom()
with app.test_client() as c:
resp, outbox = self.register(c) # @UnusedVariable
email = self.registered_email
logout_user()
self.validateUri=re.search('href="([^"]*)',outbox[0].body).group(1)
with app.test_client() as c:
user = User.getByEmail(email)
creds = Credential.getByUser(user)
for cred in creds:
if cred.credentialType == 'emailcheck':
cred.identifier = unicode(time.time()- 1)
resp = c.get(self.validateUri)
self.assertEqual(400, resp.status_code)
self.assertEqual('{"errors": ["expired token"]}', self.getResponseText(resp))
def test_password_reset_email_body_contains_secret(self):
self.mailer.sendPasswordResetMail(self.user)
cred = Credential.getByUser(self.user,"email_for_password_reset")
self.assertGotAnEmailContaining(cred.secret)
def removeTemporaryEmailCredentials(self, cred):
user = cred.user
Credential.getByUser(user, "changeemail").rm()
Credential.getByUser(user, "changeemailandverify").rm()
def test_your_credentials_are_deleted_in_deregistration(self):
self._doDeregistrationDoit()
user = User.getByEmail(self.userCreationEmail)
creds = Credential.getByUser(user)
self.assertTrue(len(creds) == 0)
def _assureHaveCredentialsAndAssurances(self, user):
creds = Credential.getByUser(user)
self.assertTrue(len(creds) > 0)
assurances = Assurance.getByUser(user)
self.assertTrue(len(assurances) > 0)
def test_password_reset_email_body_contains_secret(self):
self.mailer.sendPasswordResetMail(self.user)
cred = Credential.getByUser(self.user, "email_for_password_reset")
self.assertGotAnEmailContaining(cred.secret)
def removeTemporaryEmailCredentials(self, cred):
user = cred.user
Credential.getByUser(user, "changeemail").rm()
Credential.getByUser(user, "changeemailandverify").rm()
def test_email_validation_email_can_be_resent(self):
with app.test_client() as client:
self.login(client)
client.get(config.BASE_URL + "/v1/send_verify_email")
user=User.get(self.userid)
self.assertEqual(self.userCreationEmail, Credential.getByUser(user, "emailcheck").user.email)
def deleteUser(self, user):
for cred in Credential.getByUser(user):
cred.rm()
user.rm()
def test_deregistration_email_body_contains_secret(self):
self.mailer.sendDeregisterMail(self.user)
cred = Credential.getByUser(self.user, "deregister")
self.assertGotAnEmailContaining(cred.secret)
def deleteUser(self, user):
for cred in Credential.getByUser(user):
cred.rm()
user.rm()
def removeCredentials(self, user):
creds = Credential.getByUser(user)
for cred in creds:
cred.rm()
def test_password_verification_email_body_contains_secret(self):
self.mailer.sendPasswordVerificationEmail(self.user)
cred = Credential.getByUser(self.user,"emailcheck")
self.assertGotAnEmailContaining(cred.secret)
def test_deregistration_email_body_contains_secret(self):
self.mailer.sendDeregisterMail(self.user)
cred = Credential.getByUser(self.user,"deregister")
self.assertGotAnEmailContaining(cred.secret)
def test_password_verification_email_body_contains_secret(self):
self.mailer.sendPasswordVerificationEmail(self.user)
cred = Credential.getByUser(self.user, "emailcheck")
self.assertGotAnEmailContaining(cred.secret)
def doPasswordReset(self):
form = self.createPasswordResetFormWithSecret()
self.controller.doPasswordReset(form)
self.user = User.getByEmail(self.userCreationEmail)
self.cred = Credential.getByUser(self.user, "password")
def test_on_registration_a_temporary_email_verification_credential_is_registered(self):
form = self.prepareLoginForm()
self.controller.doRegistration(form)
current_user = self.controller.getCurrentUser()
cred = Credential.getByUser(current_user, 'emailcheck')
self.assertTrue(cred)