def test__clean_inactive_users(self):
"""
Test the removal of users whose activation time is expired
"""
EXPUSER = '******'
VALUSER = '******'
EXP_CREATION_TIME = server.now_timestamp() - server.USER_ACTIVATION_TIMEOUT - 1
VALID_CREATION_TIME = server.now_timestamp()
server.userdata[EXPUSER] = {server.USER_IS_ACTIVE: False,
server.USER_CREATION_DATA: {server.USER_CREATION_TIME: EXP_CREATION_TIME}
}
server.userdata[VALUSER] = {server.USER_IS_ACTIVE: False,
server.USER_CREATION_DATA: {server.USER_CREATION_TIME: VALID_CREATION_TIME}
}
server.Users._clean_inactive_users()
self.assertNotIn(EXPUSER, server.userdata)
def setUp(self):
setup_test_dir()
server.reset_userdata()
self.app = server.app.test_client()
self.app.testing = True
self.active_user = '******'
self.active_user_pw = pick_rand_pw(8)
_manually_create_user(self.active_user, self.active_user_pw)
self.pending_user = '******'
server.pending_users[self.pending_user] = {'timestamp': server.now_timestamp(),
'activation_code': 'fake-activation-code'}
def test_put_active_user_weak_password(self):
"""
Test put request with weak password and assures user password was not updated on disk
"""
recoverpass_code = 'arbitrarycode'
server.userdata[self.active_user]['recoverpass_data'] = {'recoverpass_code': recoverpass_code,
'timestamp': server.now_timestamp(),
}
test = self.app.put(SERVER_API + 'users/{}'.format(self.active_user),
data={'recoverpass_code': recoverpass_code,
'password': '******'})
self.assertEqual(test.status_code, HTTP_FORBIDDEN)
self.assertNotEqual(server.userdata[self.active_user]['password'], 'weakpass')
def _manually_create_user(username, pw):
"""
Create an user, its server directory, and return its userdata dictionary.
:param username: str
:param pw: str
:return: dict
"""
enc_pass = server._encrypt_password(pw)
# Create user directory with default structure (use the server function)
user_dir_state = server.init_user_directory(username)
single_user_data = user_dir_state
single_user_data[server.PWD] = enc_pass
single_user_data[server.USER_CREATION_TIME] = server.now_timestamp()
server.userdata[username] = single_user_data
return single_user_data
def setUp(self):
setup_test_dir()
server.reset_userdata()
self.app = server.app.test_client()
self.app.testing = True
self.active_user = '******'
self.active_user_pw = '234.Cde'
_manually_create_user(self.active_user, self.active_user_pw)
self.inactive_username = '******'
self.inactive_username_password = '******'
self.inactive_username_activationcode = 'randomactivationcode'
server.userdata[self.inactive_username] = {
server.USER_IS_ACTIVE: False,
server.PWD: self.inactive_username_password,
server.USER_CREATION_DATA: {'creation_timestamp': server.now_timestamp(),
'activation_code': self.inactive_username_activationcode,
},
}
def _create_file(username, user_relpath, content, update_userdata=True):
"""
Create an user file with path <user_relpath> and content <content>
and return it's last modification time (== creation time).
:param username: str
:param user_relpath: str
:param content: str
:return: float
"""
filepath = userpath2serverpath(username, user_relpath)
dirpath = os.path.dirname(filepath)
if not os.path.isdir(dirpath):
os.makedirs(dirpath)
with open(filepath, 'wb') as fp:
fp.write(content)
mtime = server.now_timestamp()
if update_userdata:
server.userdata[username][server.SNAPSHOT][user_relpath] = [mtime,
server.calculate_file_md5(open(filepath, 'rb'))]
return mtime
def test_put_ok(self):
"""
Test the password recovery with correct PUT parameters.
"""
old_password = server.userdata[self.active_user]['password']
# Now we create an arbitrary recoverpass_code,
# normally created by POST in /users/<username>/reset
recoverpass_code = 'arbitrarycode'
server.userdata[self.active_user]['recoverpass_data'] = {
'recoverpass_code': recoverpass_code,
'timestamp': server.now_timestamp(),
}
# then, put with given code and new password
test = self.app.put(SERVER_API + 'users/{}'.format(self.active_user),
data={'recoverpass_code': recoverpass_code,
'password': self.active_user_pw})
self.assertEqual(test.status_code, HTTP_OK)
self.assertNotEqual(old_password, server.userdata[self.active_user]['password'])
