async def test_registration_with_confirmation(client, capsys): db = cfg.STORAGE url = url_for('auth_registration') r = await client.get(url) r = await client.post(url, data={ 'email': EMAIL, 'password': PASSWORD, 'confirm': PASSWORD, 'csrf_token': await get_csrf(r), }) assert r.status == 200 assert r.url_obj.path == str(url_for('auth_registration_requested')) user = await db.get_user({'email': EMAIL}) assert user['status'] == 'confirmation' out, err = capsys.readouterr() link = parse_link(out) r = await client.get(link) assert r.url_obj.path == str(url_for(cfg.LOGIN_REDIRECT)) assert cfg.MSG_ACTIVATED in await r.text() assert cfg.MSG_LOGGED_IN in await r.text() user = await db.get_user({'email': EMAIL}) assert user['status'] == 'active' user = await db.get_user({'email': EMAIL}) await db.delete_user(user)
async def test_success(client): url = url_for('auth_change_password') login_url = url_for('auth_login') r = await client.get(url) async with LoggedUser(client) as user: r = await client.post(url, data={ 'cur_password': user['raw_password'], 'new_password': NEW_PASSWORD, 'confirm': NEW_PASSWORD, 'csrf_token': await get_csrf(r), }) assert r.url_obj.path == url.path assert r.status == 200 assert cfg.MSG_PASSWORD_CHANGED in await r.text() r = await client.get(url_for('auth_logout')) assert r.status == 200 assert r.url_obj.path == login_url.path r = await client.post(login_url, data={ 'email': user['email'], 'password': NEW_PASSWORD, 'csrf_token': await get_csrf(r), }) assert r.status == 200 assert r.url_obj.path == url_for(cfg.LOGIN_REDIRECT).path assert cfg.MSG_LOGGED_IN in await r.text()
async def log_client_in(client, user_data=None): user = await create_user(user_data) url = url_for('auth_login') r = await client.get(url) assert r.status == 200 r = await client.post(url, data={ 'email': user['email'], 'password': user['raw_password'], 'csrf_token': await get_csrf(r), }) assert cfg.MSG_LOGGED_IN in await r.text() assert r.url_obj.path == url_for(cfg.LOGIN_REDIRECT).path return user
async def test_registration_without_confirmation(client, monkeypatch): monkeypatch.setitem(cfg, 'REGISTRATION_CONFIRMATION_REQUIRED', False) db = cfg.STORAGE url = url_for('auth_registration') r = await client.get(url) r = await client.post(url, data={ 'email': EMAIL, 'password': PASSWORD, 'confirm': PASSWORD, 'csrf_token': await get_csrf(r), }) assert r.status == 200 assert r.url_obj.path == str(url_for(cfg.LOGIN_REDIRECT)) assert cfg.MSG_LOGGED_IN in await r.text() user = await db.get_user({'email': EMAIL}) await db.delete_user(user)
async def test_registration_with_expired_confirmation(client, monkeypatch): monkeypatch.setitem(cfg, 'REGISTRATION_CONFIRMATION_LIFETIME', -1) db = cfg.STORAGE url = url_for('auth_registration') r = await client.get(url) async with NewUser({'status': 'confirmation'}) as user: confirmation = await db.create_confirmation(user, 'registration') r = await client.post(url, data={ 'email': user['email'], 'password': user['raw_password'], 'confirm': user['raw_password'], 'csrf_token': await get_csrf(r), }) await db.delete_confirmation(confirmation) assert r.status == 200 assert r.url_obj.path == str(url_for('auth_registration_requested'))
async def test_logout(client): login_url = url_for('auth_login') change_email_url = url_for('auth_change_email') user = await log_client_in(client) # try to access protected page r = await client.get(change_email_url) assert r.url_obj.path == change_email_url.path # logout r = await client.get(url_for('auth_logout')) assert r.status == 200 assert r.url_obj.path == login_url.path # and try again r = await client.get(change_email_url) assert r.url_obj.path == login_url.path await cfg.STORAGE.delete_user(user)
async def test_unknown_email(client): url = url_for('auth_reset_password') r = await client.get(url) assert r.url_obj.path == url.path assert cfg.MSG_UNKNOWN_EMAIL not in await r.text() r = await client.post(url, data={ 'email': EMAIL, 'csrf_token': await get_csrf(r), }) assert r.status == 200 assert r.url_obj.path == url.path assert cfg.MSG_UNKNOWN_EMAIL in await r.text()
async def test_wrong_current_password(client): url = url_for('auth_change_password') r = await client.get(url) async with LoggedUser(client): r = await client.post(url, data={ 'cur_password': '******', 'new_password': NEW_PASSWORD, 'confirm': NEW_PASSWORD, 'csrf_token': await get_csrf(r), }) assert r.url_obj.path == url.path assert r.status == 200 assert cfg.MSG_WRONG_PASSWORD in await r.text()
async def test_inactive_user(client): url = url_for('auth_reset_password') r = await client.get(url) assert cfg.MSG_ACTIVATION_REQUIRED not in await r.text() async with NewUser({'status': 'confirmation'}) as user: r = await client.post(url, data={ 'email': user['email'], 'csrf_token': await get_csrf(r), }) assert r.status == 200 assert r.url_obj.path == url.path assert cfg.MSG_ACTIVATION_REQUIRED in await r.text()
async def test_cnange_and_confirm(client, capsys): url = url_for('auth_change_email') login_url = url_for('auth_login') r = await client.get(url) async with LoggedUser(client) as user: r = await client.post(url, data={ 'email': NEW_EMAIL, 'csrf_token': await get_csrf(r), }) assert r.status == 200 assert r.url_obj.path == url.path assert cfg.MSG_CHANGE_EMAIL_REQUESTED in await r.text() out, err = capsys.readouterr() link = parse_link(out) r = await client.get(link) assert r.status == 200 assert r.url_obj.path == url.path assert cfg.MSG_EMAIL_CHANGED in await r.text() r = await client.get(url_for('auth_logout')) assert r.status == 200 assert r.url_obj.path == login_url.path r = await client.post(login_url, data={ 'email': NEW_EMAIL, 'password': user['raw_password'], 'csrf_token': await get_csrf(r), }) assert r.status == 200 assert r.url_obj.path == url_for(cfg.LOGIN_REDIRECT).path assert cfg.MSG_LOGGED_IN in await r.text()
async def test_banned_user(client): url = url_for('auth_reset_password') r = await client.get(url) assert r.url_obj.path == url.path assert cfg.MSG_USER_BANNED not in await r.text() async with NewUser({'status': 'banned'}) as user: r = await client.post(url, data={ 'email': user['email'], 'csrf_token': await get_csrf(r), }) assert r.status == 200 assert r.url_obj.path == url.path assert cfg.MSG_USER_BANNED in await r.text()
async def test_registration_with_existing_email(client): url = url_for('auth_registration') r = await client.get(url) assert cfg.MSG_EMAIL_EXISTS not in await r.text() async with NewUser() as user: r = await client.post(url, data={ 'email': user['email'], 'password': user['raw_password'], 'confirm': user['raw_password'], 'csrf_token': await get_csrf(r), }) assert r.status == 200 assert r.url_obj.path == url.path assert cfg.MSG_EMAIL_EXISTS in await r.text()
async def test_csrf(client): reset_url = url_for('auth_reset_password') r = await client.post(reset_url, data={ 'email': EMAIL, }) assert r.url_obj.path == reset_url.path assert r.status == 200 assert 'CSRF token missing' in await r.text() r = await client.post(reset_url, data={ 'email': EMAIL, 'csrf_token': '##wrong', }) assert r.url_obj.path == reset_url.path assert r.status == 200 assert 'CSRF failed' in await r.text()
async def test_too_often(client): db = cfg.STORAGE url = url_for('auth_reset_password') r = await client.get(url) assert cfg.MSG_OFTEN_RESET_PASSWORD not in await r.text() async with NewUser() as user: confirmation = await db.create_confirmation(user, 'reset_password') r = await client.post(url, data={ 'email': user['email'], 'csrf_token': await get_csrf(r), }) await db.delete_confirmation(confirmation) assert r.status == 200 assert r.url_obj.path == url.path assert cfg.MSG_OFTEN_RESET_PASSWORD in await r.text()
async def test_csrf(client): url = url_for('auth_change_email') async with LoggedUser(client): r = await client.post(url, data={ 'email': NEW_EMAIL, }) assert r.url_obj.path == url.path assert r.status == 200 assert 'CSRF token missing' in await r.text() r = await client.post(url, data={ 'email': NEW_EMAIL, 'csrf_token': '##wrong', }) assert r.url_obj.path == url.path assert r.status == 200 assert 'CSRF failed' in await r.text()
async def test_regitration_csrf(client): url = url_for('auth_registration') r = await client.post(url, data={ 'email': EMAIL, 'password': PASSWORD, 'confirm': PASSWORD, }) assert r.status == 200 assert 'CSRF token missing' in await r.text() r = await client.post(url, data={ 'email': EMAIL, 'password': PASSWORD, 'confirm': PASSWORD, 'csrf_token': '##wrong', }) assert r.status == 200 assert 'CSRF failed' in await r.text()
async def test_csrf(client): url = url_for('auth_change_password') async with LoggedUser(client) as user: r = await client.post(url, data={ 'cur_password': user['raw_password'], 'new_password': NEW_PASSWORD, 'confirm': NEW_PASSWORD, }) assert r.url_obj.path == url.path assert r.status == 200 assert 'CSRF token missing' in await r.text() r = await client.post(url, data={ 'cur_password': user['raw_password'], 'new_password': NEW_PASSWORD, 'confirm': NEW_PASSWORD, 'csrf_token': '##wrong', }) assert r.url_obj.path == url.path assert r.status == 200 assert 'CSRF failed' in await r.text()
async def test_reset_and_confirm(client, capsys): url = url_for('auth_reset_password') login_url = url_for('auth_login') r = await client.get(url) async with NewUser() as user: r = await client.post(url, data={ 'email': user['email'], 'csrf_token': await get_csrf(r), }) assert r.status == 200 assert r.url_obj.path == url_for('auth_reset_password_requested').path out, err = capsys.readouterr() confirmation_url = parse_link(out) r = await client.get(confirmation_url) assert r.status == 200 new_password = get_random_string(10) r = await client.post(confirmation_url, data={ 'password': new_password, 'confirm': new_password, 'csrf_token': await get_csrf(r), }) assert r.status == 200 assert r.url_obj.path == url_for(cfg.LOGIN_REDIRECT).path assert cfg.MSG_PASSWORD_CHANGED in await r.text() assert cfg.MSG_LOGGED_IN in await r.text() r = await client.get(url_for('auth_logout')) assert r.status == 200 assert r.url_obj.path == login_url.path r = await client.post(login_url, data={ 'email': user['email'], 'password': new_password, 'csrf_token': await get_csrf(r), }) assert r.status == 200 assert r.url_obj.path == url_for(cfg.LOGIN_REDIRECT).path assert cfg.MSG_LOGGED_IN in await r.text()
async def test_form_availibility(client): url = url_for('auth_change_email') async with LoggedUser(client): r = await client.get(url) assert r.status == 200 assert r.url_obj.path == url.path
async def test_form_availibility(client): reset_url = url_for('auth_reset_password') r = await client.get(reset_url) assert r.status == 200 assert r.url_obj.path == reset_url.path
async def test_regitration_availibility(client): r = await client.get(url_for('auth_registration')) assert r.status == 200
async def test_guest_access(client): r = await client.get(url_for('auth_change_email')) assert r.status == 200 assert r.url_obj.path == url_for('auth_login').path