def test_login_inactive_account(self):
"""
Tests login behavior with inactive accounts.
Inactive user accounts should be prevented from performing any actions,
regardless of their verified state.
"""
# Inactive and verified user account
user = get_user_model().objects.create(username='******', is_active=False)
user.set_password('doe')
user.save()
EmailAddress.objects.create(user=user,
email='*****@*****.**',
primary=True,
verified=True)
resp = self.client.post(reverse('account_login'),
{'login': '******',
'password': '******'})
self.assertRedirects(resp, reverse('account_inactive'))
# Inactive and unverified user account
user = get_user_model().objects.create(username='******', is_active=False)
user.set_password('john')
user.save()
EmailAddress.objects.create(user=user,
email='*****@*****.**',
primary=True,
verified=False)
resp = self.client.post(reverse('account_login'),
{'login': '******',
'password': '******'})
self.assertRedirects(resp, reverse('account_inactive'))
def test_ajax_password_reset(self):
get_user_model().objects.create(
username='******', email='*****@*****.**', is_active=True)
resp = self.client.post(
reverse('account_reset_password'),
data={'email': '*****@*****.**'},
HTTP_X_REQUESTED_WITH='XMLHttpRequest')
self.assertEqual(len(mail.outbox), 1)
self.assertEqual(mail.outbox[0].to, ['*****@*****.**'])
self.assertEqual(resp['content-type'], 'application/json')
def test_login(self):
with patch('users.socialaccount.providers.persona.views'
'.requests') as requests_mock:
requests_mock.post.return_value.json.return_value = {
'status': 'okay',
'email': '*****@*****.**'
}
resp = self.client.post(reverse('persona_login'),
dict(assertion='dummy'))
self.assertEqual('http://testserver/accounts/profile/',
resp['location'])
get_user_model().objects.get(email='*****@*****.**')
def get_users_with_multiple_primary_email(self):
user_pks = []
for email_address_dict in EmailAddress.objects.filter(
primary=True).values('user').annotate(
Count('user')).filter(user__count__gt=1):
user_pks.append(email_address_dict['user'])
return get_user_model().objects.filter(pk__in=user_pks)
def _logout_view(self, method):
c = Client()
user = get_user_model().objects.create(username='******', is_active=True)
user.set_password('doe')
user.save()
c = Client()
c.login(username='******', password='******')
return c, getattr(c, method)(reverse('account_logout'))
def setUp(self):
user = get_user_model().objects.create(
is_active=True,
email='*****@*****.**',
username='******')
user.set_password(user.username)
user.save()
self.user = user
def test_email_escaping(self):
site = get_current_site()
site.name = '<enc&"test>'
site.save()
u = get_user_model().objects.create(
username='******',
email='*****@*****.**')
request = RequestFactory().get('/')
EmailAddress.objects.add_email(request, u, u.email, confirm=True)
self.assertTrue(mail.outbox[0].subject[1:].startswith(site.name))
def test_ajax_login_success(self):
user = get_user_model().objects.create(username='******', is_active=True)
user.set_password('doe')
user.save()
resp = self.client.post(reverse('account_login'),
{'login': '******',
'password': '******'},
HTTP_X_REQUESTED_WITH='XMLHttpRequest')
self.assertEqual(resp.status_code, 200)
data = json.loads(resp.content.decode('utf8'))
self.assertEqual(data['location'], '/accounts/profile/')
def test_email_verification_mandatory(self):
c = Client()
# Signup
resp = c.post(reverse('account_signup'),
{'username': '******',
'email': '*****@*****.**',
'password1': 'johndoe',
'password2': 'johndoe'},
follow=True)
self.assertEqual(resp.status_code, 200)
self.assertEqual(mail.outbox[0].to, ['*****@*****.**'])
self.assertGreater(mail.outbox[0].body.find('https://'), 0)
self.assertEqual(len(mail.outbox), 1)
self.assertTemplateUsed(resp,
'account/verification_sent.html')
# Attempt to login, unverified
for attempt in [1, 2]:
resp = c.post(reverse('account_login'),
{'login': '******',
'password': '******'},
follow=True)
# is_active is controlled by the admin to manually disable
# users. I don't want this flag to flip automatically whenever
# users verify their email adresses.
self.assertTrue(get_user_model().objects.filter(
username='******', is_active=True).exists())
self.assertTemplateUsed(resp,
'account/verification_sent.html')
# Attempt 1: no mail is sent due to cool-down ,
# but there was already a mail in the outbox.
self.assertEqual(len(mail.outbox), attempt)
self.assertEqual(
EmailConfirmation.objects.filter(
email_address__email='*****@*****.**').count(),
attempt)
# Wait for cooldown
EmailConfirmation.objects.update(sent=now()
- timedelta(days=1))
# Verify, and re-attempt to login.
confirmation = EmailConfirmation \
.objects \
.filter(email_address__user__username='******')[:1] \
.get()
resp = c.get(reverse('account_confirm_email',
args=[confirmation.key]))
self.assertTemplateUsed(resp, 'account/email_confirm.html')
c.post(reverse('account_confirm_email',
args=[confirmation.key]))
resp = c.post(reverse('account_login'),
{'login': '******',
'password': '******'})
self.assertEqual(resp['location'],
'http://testserver'+settings.LOGIN_REDIRECT_URL)
def _request_new_password(self):
user = get_user_model().objects.create(
username='******', email='*****@*****.**', is_active=True)
user.set_password('doe')
user.save()
self.client.post(
reverse('account_reset_password'),
data={'email': '*****@*****.**'})
self.assertEqual(len(mail.outbox), 1)
self.assertEqual(mail.outbox[0].to, ['*****@*****.**'])
return user
def test_username_containing_at(self):
user = get_user_model().objects.create(username='******')
user.set_password('psst')
user.save()
EmailAddress.objects.create(user=user,
email='*****@*****.**',
primary=True,
verified=True)
resp = self.client.post(reverse('account_login'),
{'login': '******',
'password': '******'})
self.assertEqual(resp['location'],
'http://testserver'+settings.LOGIN_REDIRECT_URL)
def test_password_reset_flow(self):
"""
Tests the password reset flow: requesting a new password,
receiving the reset link via email and finally resetting the
password to a new value.
"""
# Request new password
user = self._request_new_password()
body = mail.outbox[0].body
self.assertGreater(body.find('https://'), 0)
# Extract URL for `password_reset_from_key` view and access it
url = body[body.find('/password/reset/'):].split()[0]
resp = self.client.get(url)
self.assertTemplateUsed(resp, 'account/password_reset_from_key.html')
self.assertFalse('token_fail' in resp.context_data)
# Reset the password
resp = self.client.post(url,
{'password1': 'newpass123',
'password2': 'newpass123'})
self.assertRedirects(resp, reverse('account_reset_password_from_key_done'))
# Check the new password is in effect
user = get_user_model().objects.get(pk=user.pk)
self.assertTrue(user.check_password('newpass123'))
# Trying to reset the password against the same URL (or any other
# invalid/obsolete URL) returns a bad token response
resp = self.client.post(url,
{'password1': 'newpass123',
'password2': 'newpass123'})
self.assertTemplateUsed(resp, 'account/password_reset_from_key.html')
self.assertTrue(resp.context_data['token_fail'])
# Same should happen when accessing the page directly
response = self.client.get(url)
self.assertTemplateUsed(response, 'account/password_reset_from_key.html')
self.assertTrue(response.context_data['token_fail'])
# When in XHR views, it should respond with a 400 bad request
# code, and the response body should contain the JSON-encoded
# error from the adapter
response = self.client.post(url,
{'password1': 'newpass123',
'password2': 'newpass123'},
HTTP_X_REQUESTED_WITH='XMLHttpRequest')
self.assertEqual(response.status_code, 400)
data = json.loads(response.content.decode('utf8'))
self.assertTrue('form_errors' in data)
self.assertTrue('__all__' in data['form_errors'])
def test_login_unverified_account_optional(self):
"""Tests login behavior when email verification is optional."""
user = get_user_model().objects.create(username='******')
user.set_password('doe')
user.save()
EmailAddress.objects.create(user=user,
email='*****@*****.**',
primary=True,
verified=False)
resp = self.client.post(reverse('account_login'),
{'login': '******',
'password': '******'})
self.assertEqual(resp['location'],
'http://testserver'+settings.LOGIN_REDIRECT_URL)
def test_login_unverified_account_mandatory(self):
"""Tests login behavior when email verification is mandatory."""
user = get_user_model().objects.create(username='******')
user.set_password('doe')
user.save()
EmailAddress.objects.create(user=user,
email='*****@*****.**',
primary=True,
verified=False)
resp = self.client.post(reverse('account_login'),
{'login': '******',
'password': '******'})
self.assertRedirects(resp, reverse('account_email_verification_sent'))
self.assertEqual(resp['location'],
'http://testserver' + reverse('account_email_verification_sent'))
def setUp(self):
User = get_user_model()
self.user = User.objects.create(username='******',
email='*****@*****.**')
self.user.set_password('doe')
self.user.save()
self.email_address = EmailAddress.objects.create(
user=self.user,
email=self.user.email,
verified=True,
primary=True)
self.email_address2 = EmailAddress.objects.create(
user=self.user,
email='*****@*****.**',
verified=False,
primary=False)
self.client.login(username='******', password='******')
def deserialize(cls, data):
account = deserialize_instance(SocialAccount, data['account'])
user = deserialize_instance(get_user_model(), data['user'])
if 'token' in data:
token = deserialize_instance(SocialToken, data['token'])
else:
token = None
email_addresses = []
for ea in data['email_addresses']:
# email_address = deserialize_instance(EmailAddress, ea)
email_address = deserialize_instance(user.email, ea)
email_addresses.append(email_address)
ret = SocialLogin()
ret.token = token
ret.account = account
ret.user = user
ret.email_addresses = email_addresses
ret.state = data['state']
return ret
def _test_signup_email_verified_externally(self, signup_email,
verified_email):
username = '******'
request = RequestFactory().post(reverse('account_signup'),
{'username': username,
'email': signup_email,
'password1': 'johndoe',
'password2': 'johndoe'})
# Fake stash_verified_email
from django.contrib.messages.middleware import MessageMiddleware
from django.contrib.sessions.middleware import SessionMiddleware
SessionMiddleware().process_request(request)
MessageMiddleware().process_request(request)
request.user = AnonymousUser()
request.session['account_verified_email'] = verified_email
from .views import signup
resp = signup(request)
self.assertEqual(resp.status_code, 302)
self.assertEqual(resp['location'],
get_adapter().get_login_redirect_url(request))
self.assertEqual(len(mail.outbox), 0)
return get_user_model().objects.get(username=username)
def test_username_conflict(self):
User = get_user_model()
User.objects.create(username='******')
self.login(self.get_mocked_response())
socialaccount = SocialAccount.objects.get(uid='630595557')
self.assertEqual(socialaccount.user.username, 'raymond')
def _create_user_and_login(self):
user = get_user_model().objects.create(username='******', is_active=True)
user.set_password('doe')
user.save()
self.client.login(username='******', password='******')
return user