def testLoginFailWithVerification(self):
email = '*****@*****.**'
password = '******'
# 1. Register client
response = UserUtil.login_user(self.testapp, email, password)
self.assertEqual(response.status_int, constants.STATUS_BAD_REQUEST,
'Login succeeded with empty db: ' + str(response.status_int))
response = UserUtil.register_user(self.testapp, email, password)
self.assertEqual(response.status_int, constants.STATUS_OK,
'Register failed with correct credentials: ' + str(response.status_int))
# 2. Verify client
response = UserUtil.verify_user(self.testapp, self.mail_stub, email)
self.assertEqual(response.status_int, constants.STATUS_OK, 'Verification failed: ' + str(response.status_int))
# 3. Logout
response = UserUtil.logout(self.testapp)
self.assertEqual(response.status_int, constants.STATUS_OK, 'Logout failed: ' + str(response.status_int))
# 4. Login with bad credentials
response = UserUtil.login_user(self.testapp, email, 'password2')
self.assertEqual(response.status_int, constants.STATUS_BAD_REQUEST, 'Login succeeded with bad password.')
response = UserUtil.login_user(self.testapp, email, '')
self.assertEqual(response.status_int, constants.STATUS_BAD_REQUEST, 'Login succeeded with empty password.')
response = UserUtil.login_user(self.testapp, '*****@*****.**', password)
self.assertEqual(response.status_int, constants.STATUS_BAD_REQUEST, 'Login succeeded with bad email.')
def testLoginFailWithoutVerification(self):
email = '*****@*****.**'
password = '******'
response = UserUtil.login_user(self.testapp, email, password)
self.assertEqual(response.status_int, constants.STATUS_BAD_REQUEST,
'Login succeeded with empty db: ' + str(response.status_int))
response = UserUtil.register_user(self.testapp, email, password)
self.assertEqual(response.status_int, constants.STATUS_OK,
'Register failed with correct credentials: ' + str(response.status_int))
response = UserUtil.login_user(self.testapp, email, 'password2')
self.assertEqual(response.status_int, constants.STATUS_BAD_REQUEST,
'Login succeeded with bad password: '******'*****@*****.**', password)
self.assertEqual(response.status_int, constants.STATUS_BAD_REQUEST,
'Login succeeded with bad email: ' + str(response.status_int))
def testRegression1(self):
email = '*****@*****.**'
good_password = '******'
bad_password = '******'
# 1. Register client
response = UserUtil.register_user(self.testapp, email, good_password)
self.assertEqual(response.status_int, constants.STATUS_OK,
'Register failed with correct credentials: ' + str(response.status_int))
# 2. Verify client
response = UserUtil.verify_user(self.testapp, self.mail_stub, email)
self.assertEqual(response.status_int, constants.STATUS_OK, 'Verification failed: ' + str(response.status_int))
# 3. Logout client
response = UserUtil.logout(self.testapp)
self.assertEqual(response.status_int, constants.STATUS_OK, 'Logout failed: ' + str(response.status_int))
# 4. Check logout
response = self.testapp.get('/', expect_errors=True)
self.assertEqual(response.status_int, constants.STATUS_UNAUTHORIZED,
'Users only page should not be served after logout: ' + str(response.status_int))
# 5. Login with remember me turned on and a wrong password
response = UserUtil.login_user(self.testapp, email, bad_password, True)
self.assertEqual(response.status_int, constants.STATUS_BAD_REQUEST,
'Login succeeded with bad password.' + str(response.status_int))
# 6. Acessing secure content (after login and after deleting session data)
response = self.testapp.get('/', expect_errors=True)
self.assertEqual(response.status_int, constants.STATUS_UNAUTHORIZED,
'Users only page must not be served without logging in: ' + str(response.status_int))
def testLoginSuccess(self):
email = '*****@*****.**'
password = '******'
# 1. Register client
response = UserUtil.register_user(self.testapp, email, password)
self.assertEqual(response.status_int, constants.STATUS_OK,
'Register failed with correct credentials: ' + str(response.status_int))
# 2. Access test site - error should arrive
response = self.testapp.get('/', expect_errors=True)
self.assertEqual(response.status_int, constants.STATUS_UNAUTHORIZED,
'Users only page should be served after logging in: ' + str(response.status_int))
# 3. Try to login -> Verification needed first
response = UserUtil.login_user(self.testapp, email, password)
self.assertEqual(response.status_int, constants.STATUS_FORBIDDEN,
'Server should answer 403 for unverified client: ' + str(response.status_int))
# 4. Verify
response = UserUtil.verify_user(self.testapp, self.mail_stub, email)
self.assertEqual(response.status_int, constants.STATUS_OK, 'Verification failed: ' + str(response.status_int))
# 5. Access test site should succeed after verification
response = self.testapp.get('/', expect_errors=True)
self.assertEqual(response.status_int, constants.STATUS_OK,
'Users only page should be served after logging in: ' + str(response.status_int))
# 6. Check login
session = get_current_session()
self.assertEqual(session.get(constants.VAR_NAME_EMAIL), email, 'User email is not correct in session variable: ' + str(
session.get(constants.VAR_NAME_EMAIL)))
self.assertIsNotNone(session.get(constants.SESSION_ID), 'SessionId is none')
# 7. Access test site
response = self.testapp.get('/', expect_errors=True)
self.assertEqual(response.status_int, constants.STATUS_OK,
'Users only page should be served after logging in: ' + str(response.status_int))
# 8. Logout
response = UserUtil.logout(self.testapp)
self.assertEqual(response.status_int, constants.STATUS_OK, 'Logout failed: ' + str(response.status_int))
# 9. SH-26 regression
response = UserUtil.logout(self.testapp)
self.assertEqual(response.status_int, constants.STATUS_OK, 'Logout failed: ' + str(response.status_int))
def testPersistentCookie(self):
email = '*****@*****.**'
password = '******'
# 1. Register client
response = UserUtil.register_user(self.testapp, email, password)
self.assertEqual(response.status_int, constants.STATUS_OK,
'Register failed with correct credentials: ' + str(response.status_int))
# 2. Verify client
response = UserUtil.verify_user(self.testapp, self.mail_stub, email)
self.assertEqual(response.status_int, constants.STATUS_OK, 'Verification failed: ' + str(response.status_int))
# 3. Login with remember me turned off
response = UserUtil.login_user(self.testapp, email, password)
self.assertEqual(response.status_int, constants.STATUS_OK,
'Login failed with verified client: ' + str(response.status_int))
# 4. Acessing secure content (after login and after deleting session data)
response = self.testapp.get('/', expect_errors=True)
self.assertEqual(response.status_int, constants.STATUS_OK,
'Users only page should be served after logging in: ' + str(response.status_int))
session = get_current_session()
session.terminate()
response = self.testapp.get('/', expect_errors=True)
self.assertEqual(response.status_int, constants.STATUS_UNAUTHORIZED,
'Users only page should not be served without providing session data: ' + str(response.status_int))
# 5. Login with remember me turned on
response = UserUtil.login_user(self.testapp, email, password, True)
self.assertEqual(response.status_int, constants.STATUS_OK,
'Login failed with verified client: ' + str(response.status_int))
# 6. Acessing secure content (after login and after deleting session data)
response = self.testapp.get('/', expect_errors=True)
self.assertEqual(response.status_int, constants.STATUS_OK,
'Users only page should be served after logging in: ' + str(response.status_int))
session = get_current_session()
session.terminate()
response = self.testapp.get('/', expect_errors=True)
self.assertEqual(response.status_int, constants.STATUS_OK,
'Users only page should be served after logging in: ' + str(response.status_int))
# Test next login
session = get_current_session()
session.terminate()
response = self.testapp.get('/', expect_errors=True)
self.assertEqual(response.status_int, constants.STATUS_OK,
'Users only page should be served after logging in: ' + str(response.status_int))
# 7. Try to access secure content with modified token
response = self.testapp.get('/', expect_errors=True, headers=dict(Cookie='token='))
self.assertEqual(response.status_int, constants.STATUS_OK,
'Users only page should be served after logging in: ' + str(response.status_int))
# 8. Logout
response = UserUtil.logout(self.testapp)
self.assertEqual(response.status_int, constants.STATUS_OK, 'Logout failed: ' + str(response.status_int))
# 9. Check logout
response = self.testapp.get('/', expect_errors=True)
self.assertEqual(response.status_int, constants.STATUS_UNAUTHORIZED,
'Users only page should not be served after logout: ' + str(response.status_int))