def test_has_paper_codes(self):
user = accounts.models.User(
twofa_enabled=True,
)
user.save()
paper_device = models.PaperDevice(
owner=user,
)
paper_device.save()
paper_device.regenerate()
paper_device.activated_at = timezone.now()
paper_device.save()
assert not views._should_generate_paper_codes(user)
def test_returns_other_devices(self):
device = models.TOTPDevice(owner=self.user,
activated_at=timezone.now(),
last_t=0)
device.save()
other_device = models.PaperDevice(owner=self.user,
activated_at=timezone.now())
other_device.save()
inactive_device = models.PaperDevice(owner=self.user)
inactive_device.save()
deleted_device = models.PaperDevice(owner=self.user,
activated_at=timezone.now(),
deleted_at=timezone.now())
deleted_device.save()
got_device, got_other_devices = views._get_verify_device(
self.user, None)
assert got_device == device
assert set(got_other_devices) == {other_device}
def test_404s_with_someone_elses_device(self):
other_user = accounts.models.User.objects.create_user(
username="******", email="*****@*****.**", password="******")
other_user._test_agree_all_tos()
other_user.save()
device = models.PaperDevice(owner=other_user,
activated_at=timezone.now())
device.save()
views._get_verify_device(other_user, device.id)
with pytest.raises(django.http.Http404):
views._get_verify_device(self.user, device.id)
def test_full_login_flow_different_device(self):
self.device = models.PaperDevice(
owner=self.user)
self.device.save()
real_device = models.PaperDevice(
owner=self.user)
real_device.save()
self.other_devices = [real_device]
code = models.PaperCode(
device=real_device, code='aardvark')
code.save()
resp = self.client.get(self.path())
assert self.requested_user == self.user
assert self.requested_device_id is None
assert resp.status_code == 200
self.assertTemplateUsed(resp, 'twofa/verify/base.html')
assert set(resp.context[-1]['other_devices']) == {real_device}
resp = self.client.post(self.path(), {'response': 'aardvark'})
assert resp.status_code == 200
user = django.contrib.auth.get_user(self.client)
assert not user.is_authenticated
self.other_devices = [self.device]
self.device = real_device
resp = self.client.get(self.path(real_device))
assert self.requested_user == self.user
assert self.requested_device_id == str(real_device.id)
assert resp.status_code == 200
resp = self.client.post(self.path(real_device), {'response': 'aardvark'})
assert resp.status_code == 302
user = django.contrib.auth.get_user(self.client)
assert user.is_authenticated
def test_renders_codes(self):
device = models.PaperDevice(owner=self.user)
device.save()
models.PaperCode(device=device, code='12345678').save()
models.PaperCode(device=device, code='1337beef').save()
client = django.test.Client()
self.login(client)
resp = client.get(self.path(device_id=device.pk))
assert resp.status_code == 200
assert set(resp.context[-1]['codes']) == {'12345678', '1337beef'}
assert device not in models.PaperDevice.objects.active_for_user(
self.user)
def setUp(self):
self.user = accounts.models.User.objects.create_user(
username='******',
email='*****@*****.**',
password='******',
email_verified=True,
twofa_enabled=True)
self.other_user = accounts.models.User.objects.create_user(
username='******',
email='*****@*****.**',
password='******',
email_verified=True,
twofa_enabled=True)
self.dead_backup_device = models.PaperDevice(
owner=self.user,
activated_at=timezone.now(),
deleted_at=timezone.now())
self.dead_backup_device.save()
self.backup_device = models.PaperDevice(owner=self.user,
activated_at=timezone.now())
self.backup_device.save()
self.totp_device = models.TOTPDevice(owner=self.user,
activated_at=timezone.now(),
last_t=0)
self.totp_device.save()
self.bobs_totp_device = models.TOTPDevice(owner=self.other_user,
activated_at=timezone.now(),
last_t=0)
self.bobs_totp_device.save()
self.client = django.test.Client()
self.login(self.client)
def test_full_login_flow_default_device(self):
self.device = models.PaperDevice(
owner=self.user)
self.device.save()
assert self.device.last_used_at is None
used_code = models.PaperCode(
device=self.device, code='deadbeef',
used_at=timezone.now())
used_code.save()
code = models.PaperCode(
device=self.device, code='aardvark')
code.save()
resp = self.client.get(self.path())
assert self.requested_user == self.user
assert self.requested_device_id is None
assert resp.status_code == 200
self.assertTemplateUsed(resp, 'twofa/verify/base.html')
resp = self.client.post(self.path(), {'response': 'deadbeef'})
assert resp.status_code == 200
resp = self.client.post(self.path(), {'response': 'aardvark'})
assert resp.status_code == 302
assert resp['Location'] == django.urls.reverse('index')
user = django.contrib.auth.get_user(self.client)
assert user.is_authenticated
code = models.PaperCode.objects.get(id=code.id)
assert code.used_at is not None
device = models.PaperDevice.objects.get(id=self.device.id)
assert device.last_used_at is not None
def test_404s_with_inactive_device(self):
device = models.PaperDevice(owner=self.user)
device.save()
with pytest.raises(django.http.Http404):
views._get_verify_device(self.user, device.id)