Ejemplo n.º 1
0
class TestAuthView(TestCase):
    def setUp(self):
        super().setUp()

        d = Domain(name="example.com")
        DBSession.add(d)
        DBSession.flush()

        self.user = User(username="******")
        self.user.set_password("pw")
        DBSession.add(self.user)

        self.duser = User(username="******", enabled=False)
        self.duser.set_password("pw")
        DBSession.add(self.duser)

        self.luser = User(username="******")
        self.luser.password = False
        DBSession.add(self.luser)

        self.address = Address(domain_id=d.id, local_part="test")
        self.address.set_password("pw")
        DBSession.add(self.address)

        DBSession.flush()

    def test_auth_get(self):
        r = views.auth(DummyRequest())
        self.assertEqual(r, {})

    def test_auth_redirect(self):
        r = views.auth(DummyRequest(user=self.user))
        self.assertIsInstance(r, HTTPSeeOther)

    def test_auth_as_user(self):
        request = DummyRequest(post=dict(username="******", password="******"))
        r = views.auth_post(request)
        self.assertIsInstance(r, HTTPSeeOther)
        self.assertEqual(request.session["auth_type"], "User")
        self.assertEqual(request.session["auth_id"], self.user.id)

        request = DummyRequest(session=dict(auth_type="User", auth_id=42, keep="me"))
        r = views.logout(request)
        self.assertIsInstance(r, HTTPSeeOther)
        self.assertNotIn("auth_type", request.session)
        self.assertNotIn("auth_id", request.session)
        self.assertIn("keep", request.session)
        self.assertEqual(request.session["keep"], "me")

    def test_auth_as_address(self):
        request = DummyRequest(post=dict(username="******", password="******"))
        r = views.auth_post(request)
        self.assertIsInstance(r, HTTPSeeOther)
        self.assertEqual(request.session["auth_type"], "Address")
        self.assertEqual(request.session["auth_id"], self.address.id)

    def test_auth_fail(self):
        request = DummyRequest(post=dict(username="******", password="******"))
        r = views.auth_post(request)
        self.assertIsInstance(r, HTTPSeeOther)
        self.assertNotIn("auth_type", request.session)
        self.assertNotIn("auth_id", request.session)

    def test_auth_disabled(self):
        request = DummyRequest(post=dict(username="******", password="******"))
        r = views.auth_post(request)
        self.assertIsInstance(r, HTTPSeeOther)
        self.assertNotIn("auth_type", request.session)
        self.assertNotIn("auth_id", request.session)

        request = DummyRequest(post=dict(username="******", password=""))
        r = views.auth_post(request)
        self.assertIsInstance(r, HTTPSeeOther)
        self.assertNotIn("auth_type", request.session)
        self.assertNotIn("auth_id", request.session)
Ejemplo n.º 2
0
class TestConfigQuery(TestCase):
    def setUp(self):
        super().setUp()

        self.domain = d = Domain(name='example.com', catchall='catchall')
        DBSession.add(d)
        DBSession.flush()

        self.mailbox = Address(domain_id=d.id, local_part='mb')
        self.mailbox.set_password('pw')
        self.redirect = Address(domain_id=d.id, local_part='alias',
                                redirect='redirect@test')
        self.redirect.set_password('pw')
        DBSession.add_all([self.mailbox, self.redirect])
        DBSession.flush()


    def run_postfix_domains_query(self, domain):
        sql = config.postfix_domains_query
        sql = sql.replace('%s', domain)
        return list(self.conn.execute(sql))

    def run_postfix_mailboxes_query(self, address):
        sql = config.postfix_aliases_query
        sql = sql.replace('%s', address.address)
        sql = sql.replace('%u', address.local_part)
        sql = sql.replace('%d', address.domain.name)
        return list(self.conn.execute(sql))


    def test_dovecot_query(self):
        def query(address):
            sql = config.dovecot_query
            sql = sql.replace('%u', address.address)
            sql = sql.replace('%n', address.local_part)
            sql = sql.replace('%d', address.domain.name)
            return list(self.conn.execute(sql))

        result = query(self.mailbox)
        self.assertEqual(len(result), 1)
        self.assertEqual(len(result[0]), 2)
        self.assertEqual(result[0], (self.mailbox.address, self.mailbox.password))

        result = query(self.redirect)
        self.assertEqual(len(result), 1)
        self.assertEqual(len(result[0]), 2)
        self.assertEqual(result[0], (self.redirect.address, self.redirect.password))

        not_found = Address(domain=self.domain, local_part='aaaaaa')
        result = query(not_found)
        self.assertEqual(len(result), 0)

    def test_postfix_aliases_query(self):
        def query(address):
            sql = config.postfix_aliases_query
            sql = sql.replace('%s', address.address)
            sql = sql.replace('%u', address.local_part)
            sql = sql.replace('%d', address.domain.name)
            return list(self.conn.execute(sql))

        result = query(self.mailbox)
        self.assertEqual(len(result), 1)
        self.assertEqual(len(result[0]), 1)
        self.assertIsNone(result[0][0])

        result = query(self.redirect)
        self.assertEqual(len(result), 1)
        self.assertEqual(len(result[0]), 1)
        self.assertEqual(result[0][0], self.redirect.redirect)

        not_found = Address(domain=self.domain, local_part='aaaaaa')
        result = query(not_found)
        self.assertEqual(len(result), 1)
        self.assertEqual(len(result[0]), 1)
        self.assertEqual(result[0][0], self.domain.catchall)

    def test_postfix_mailboxes_query(self):
        def query(address):
            sql = config.postfix_mailboxes_query
            sql = sql.replace('%s', address.address)
            sql = sql.replace('%u', address.local_part)
            sql = sql.replace('%d', address.domain.name)
            return list(self.conn.execute(sql))

        result = query(self.mailbox)
        path = self.mailbox.domain.name + '/' + self.mailbox.local_part
        self.assertEqual(len(result), 1)
        self.assertEqual(len(result[0]), 1)
        self.assertEqual(result[0][0], path)

        result = query(self.redirect)
        self.assertEqual(len(result), 0)

        not_found = Address(domain=self.domain, local_part='aaaaaa')
        result = query(not_found)
        self.assertEqual(len(result), 0)

    def test_postfix_domains_query(self):
        def query(domain_name):
            sql = config.postfix_domains_query
            sql = sql.replace('%s', domain_name)
            return list(self.conn.execute(sql))

        result = query(self.mailbox.domain.name)
        self.assertEqual(len(result), 1)
        self.assertEqual(len(result[0]), 1)
        self.assertEqual(result[0][0], self.mailbox.domain.name)

        result = query('not-example.com')
        self.assertEqual(len(result), 0)
Ejemplo n.º 3
0
class TestResetView(TestCase):
    def setUp(self):
        super().setUp()

        d = Domain(name="example.com")
        DBSession.add(d)
        DBSession.flush()

        self.address = Address(domain_id=d.id, local_part="test")
        self.address.set_password("pw")
        DBSession.add(self.address)
        DBSession.flush()

        self.valid_token = PwResetToken(address_id=self.address.id)
        self.expired_token = PwResetToken(address_id=self.address.id)
        self.expired_token.create_date = datetime.now() - timedelta(days=10)

        DBSession.add_all([self.valid_token, self.expired_token])

        DBSession.flush()

    def test_not_found(self):
        request = DummyRequest(matchdict=dict(token="invalid"))
        r = views.reset(request)
        self.assertIsInstance(r, HTTPNotFound)

    def test_form(self):
        request = DummyRequest(matchdict=dict(token=self.valid_token.token))
        r = views.reset(request)
        self.assertIsInstance(r, dict)
        self.assertIn("address", r)
        self.assertEqual(r["address"], self.address)

    def test_expired(self):
        request = DummyRequest(matchdict=dict(token=self.expired_token.token))
        r = views.reset(request)
        self.assertIsInstance(r, HTTPSeeOther)

    def test_reset(self):
        # Wrong input, should not be changed
        request = DummyRequest(matchdict=dict(token=self.valid_token.token), post=dict(password="******"))
        r = views.reset(request)
        self.assertIsInstance(r, HTTPSeeOther)
        self.assertFalse(self.address.check_password("newpw"))

        # Wrong input, should not be changed
        request = DummyRequest(
            matchdict=dict(token=self.valid_token.token), post=dict(password="******", password2="NOTnewpw")
        )
        r = views.reset(request)
        self.assertIsInstance(r, HTTPSeeOther)
        self.assertFalse(self.address.check_password("newpw"))

        # Valid input, should be changed
        request = DummyRequest(
            matchdict=dict(token=self.valid_token.token), post=dict(password="******", password2="newpw")
        )
        r = views.reset(request)
        self.assertIsInstance(r, HTTPSeeOther)
        self.assertTrue(self.address.check_password("newpw"))

        # Already used token, should not be changed
        request = DummyRequest(
            matchdict=dict(token=self.valid_token.token), post=dict(password="******", password2="lastpw")
        )
        r = views.reset(request)
        self.assertIsInstance(r, HTTPNotFound)
        self.assertTrue(self.address.check_password("newpw"))