def test_empty_password(self): self.log("should be able to create a user with no password") user = self.user_manager.create(email='*****@*****.**', username='******') self.assertIsNotNone(user.id) self.assertIsNotNone(user.password) # should not be able to login with a null or empty password self.assertFalse(check_password("", user.password)) self.assertFalse(check_password(None, user.password))
def test_change_password(self): self.log("should be able to change password") user2 = self.user_manager.create(**user2_data) encoded_id = self.app.security.encode_id(user2.id) self.assertIsInstance(user2, model.User) self.assertIsNotNone(user2.id) self.assertEqual(user2.email, user2_data["email"]) self.assertTrue(check_password(default_password, user2.password)) user, message = self.user_manager.change_password(self.trans) self.assertEqual(message, "Please provide a token or a user and password.") user, message = self.user_manager.change_password( self.trans, id=encoded_id, current=changed_password) self.assertEqual(message, "Invalid current password.") user, message = self.user_manager.change_password( self.trans, id=encoded_id, current=default_password, password=changed_password, confirm=default_password) self.assertEqual(message, "Passwords do not match.") user, message = self.user_manager.change_password( self.trans, id=encoded_id, current=default_password, password=default_password, confirm=changed_password) self.assertEqual(message, "Passwords do not match.") user, message = self.user_manager.change_password( self.trans, id=encoded_id, current=default_password, password=changed_password, confirm=changed_password) self.assertFalse(check_password(default_password, user2.password)) self.assertTrue(check_password(changed_password, user2.password)) reset_user, prt = self.user_manager.get_reset_token( self.trans, user2.email) user, message = self.user_manager.change_password( self.trans, token=prt.token, password=default_password, confirm=default_password) self.assertTrue(check_password(default_password, user2.password)) self.assertFalse(check_password(changed_password, user2.password)) prt.expiration_time = datetime.utcnow() user, message = self.user_manager.change_password( self.trans, token=prt.token, password=default_password, confirm=default_password) self.assertEqual( message, "Invalid or expired password reset token, please request a new one." )
def test_hash_consistent(): # Make sure hashes created for earlier Galaxies continue to work in the future. simple_pass = "******" complex_pass = "******" # Check hashes built in Python 2 for 18.05. simple_pass_hash = 'PBKDF2$sha256$10000$LlkhoImT15LZAcFB$/afKJrFX9GXt6VEpB+omae19A2S4kBEY' complex_pass_hash = 'PBKDF2$sha256$10000$rg2gPThkJycziB0s$/BJ7AfuaYjpo5hhUvCMhf4TTrhsrOIH1' # Check hashes built in Python 3 for 18.05. simple_pass_hash_2 = 'PBKDF2$sha256$10000$vOIv7wGXS2/rGhDu$wS/5NwGSZm1ECv/vSEZb7jKjYSzXWZDL' complex_pass_hash_2 = 'PBKDF2$sha256$10000$q1av/Clyujm5Fdc6$Dh7o1KTMn/YQYc5NurN+aVaF3uaI8iOv' # Check older sha1 passwords that may still be the database as well. simple_pass_hash_old = '58f17339ffdb71050734d2fbdd41b870423fe433' complex_pass_hash_old = 'b567602039213afc0db026eedd72bd3ee2e57092' assert passwords.check_password(simple_pass, simple_pass_hash) assert passwords.check_password(complex_pass, complex_pass_hash) assert passwords.check_password(simple_pass, simple_pass_hash_2) assert passwords.check_password(complex_pass, complex_pass_hash_2) assert passwords.check_password(simple_pass, simple_pass_hash_old) assert passwords.check_password(complex_pass, complex_pass_hash_old) assert not passwords.check_password(complex_pass, simple_pass_hash_old) assert not passwords.check_password(simple_pass, complex_pass_hash_old)
def test_hash_consistent(): # Make sure hashes created for earlier Galaxies continue to work in the future. simple_pass = "******" complex_pass = u"à strange ünicode ڃtring" # Check hashes built in Python 2 for 18.05. simple_pass_hash = 'PBKDF2$sha256$10000$LlkhoImT15LZAcFB$/afKJrFX9GXt6VEpB+omae19A2S4kBEY' complex_pass_hash = 'PBKDF2$sha256$10000$rg2gPThkJycziB0s$/BJ7AfuaYjpo5hhUvCMhf4TTrhsrOIH1' # Check hashes built in Python 3 for 18.05. simple_pass_hash_2 = 'PBKDF2$sha256$10000$vOIv7wGXS2/rGhDu$wS/5NwGSZm1ECv/vSEZb7jKjYSzXWZDL' complex_pass_hash_2 = 'PBKDF2$sha256$10000$q1av/Clyujm5Fdc6$Dh7o1KTMn/YQYc5NurN+aVaF3uaI8iOv' # Check older sha1 passwords that may still be the database as well. simple_pass_hash_old = '58f17339ffdb71050734d2fbdd41b870423fe433' complex_pass_hash_old = 'b567602039213afc0db026eedd72bd3ee2e57092' assert passwords.check_password(simple_pass, simple_pass_hash) assert passwords.check_password(complex_pass, complex_pass_hash) assert passwords.check_password(simple_pass, simple_pass_hash_2) assert passwords.check_password(complex_pass, complex_pass_hash_2) assert passwords.check_password(simple_pass, simple_pass_hash_old) assert passwords.check_password(complex_pass, complex_pass_hash_old) assert not passwords.check_password(complex_pass, simple_pass_hash_old) assert not passwords.check_password(simple_pass, complex_pass_hash_old)
def test_base(self): self.log("should be able to create a user") user2 = self.user_manager.create(**user2_data) self.assertIsInstance(user2, model.User) self.assertIsNotNone(user2.id) self.assertEqual(user2.email, user2_data['email']) self.assertTrue(check_password(default_password, user2.password)) user3 = self.user_manager.create(**user3_data) self.log("should be able to query") users = self.trans.sa_session.query(model.User).all() self.assertEqual(self.user_manager.list(), users) self.assertEqual(self.user_manager.by_id(user2.id), user2) self.assertEqual(self.user_manager.by_ids([user3.id, user2.id]), [user3, user2]) self.log("should be able to limit and offset") self.assertEqual(self.user_manager.list(limit=1), users[0:1]) self.assertEqual(self.user_manager.list(offset=1), users[1:]) self.assertEqual(self.user_manager.list(limit=1, offset=1), users[1:2]) self.assertEqual(self.user_manager.list(limit=0), []) self.assertEqual(self.user_manager.list(offset=3), []) self.log("should be able to order") self.assertEqual( self.user_manager.list(order_by=(desc(model.User.create_time))), [user3, user2, self.admin_user])
def test_login(self): self.log("should be able to validate user credentials") user2 = self.user_manager.create(**user2_data) self.app.security.encode_id(user2.id) self.assertIsInstance(user2, model.User) self.assertIsNotNone(user2.id) self.assertEqual(user2.email, user2_data["email"]) self.assertTrue(check_password(default_password, user2.password))
def test_hash_and_check(): simple_pass = "******" complex_pass = "******" not_pass_simple = "not simple pass" not_pass_complex = "à strange ün ڃtring" simple_pass_hash = passwords.hash_password(simple_pass) complex_pass_hash = passwords.hash_password(complex_pass) assert passwords.check_password(simple_pass, simple_pass_hash) assert passwords.check_password(complex_pass, complex_pass_hash) assert not passwords.check_password(complex_pass, simple_pass_hash) assert not passwords.check_password(not_pass_complex, simple_pass_hash) assert not passwords.check_password(not_pass_simple, simple_pass_hash) assert not passwords.check_password(simple_pass, complex_pass_hash) assert not passwords.check_password(not_pass_complex, complex_pass_hash) assert not passwords.check_password(not_pass_simple, complex_pass_hash)
def test_hash_and_check(): simple_pass = "******" complex_pass = u"à strange ünicode ڃtring" not_pass_simple = "not simple pass" not_pass_complex = u"à strange ün ڃtring" simple_pass_hash = passwords.hash_password(simple_pass) complex_pass_hash = passwords.hash_password(complex_pass) assert passwords.check_password(simple_pass, simple_pass_hash) assert passwords.check_password(complex_pass, complex_pass_hash) assert not passwords.check_password(complex_pass, simple_pass_hash) assert not passwords.check_password(not_pass_complex, simple_pass_hash) assert not passwords.check_password(not_pass_simple, simple_pass_hash) assert not passwords.check_password(simple_pass, complex_pass_hash) assert not passwords.check_password(not_pass_complex, complex_pass_hash) assert not passwords.check_password(not_pass_simple, complex_pass_hash)
def test_login(self): self.log("should be able to validate user credentials") user2 = self.user_manager.create(**user2_data) self.app.security.encode_id(user2.id) self.assertIsInstance(user2, model.User) self.assertIsNotNone(user2.id) self.assertEqual(user2.email, user2_data["email"]) self.assertTrue(check_password(default_password, user2.password)) controller = User(self.app) response = json.loads(controller.login(self.trans)) self.assertEqual(response["err_msg"], "Please specify a username and password.") response = json.loads( controller.login(self.trans, payload={ "login": user2.email, "password": changed_password })) self.assertEqual(response["err_msg"], "Invalid password.") response = json.loads( controller.login(self.trans, payload={ "login": user2.username, "password": changed_password })) self.assertEqual(response["err_msg"], "Invalid password.") user2.deleted = True response = json.loads( controller.login(self.trans, payload={ "login": user2.username, "password": default_password })) self.assertEqual( response["err_msg"], "This account has been marked deleted, contact your local Galaxy administrator to restore the account. Contact: [email protected]." ) user2.deleted = False user2.external = True response = json.loads( controller.login(self.trans, payload={ "login": user2.username, "password": default_password })) self.assertEqual( response["err_msg"], "This account was created for use with an external authentication method, contact your local Galaxy administrator to activate it. Contact: [email protected]." ) user2.external = False self.trans.app.config.password_expiration_period = timedelta(days=1) user2.last_password_change = datetime.today() - timedelta(days=1) response = json.loads( controller.login(self.trans, payload={ "login": user2.username, "password": default_password })) self.assertEqual( response["message"], "Your password has expired. Please reset or change it to access Galaxy." ) self.assertEqual(response["expired_user"], self.trans.security.encode_id(user2.id)) self.trans.app.config.password_expiration_period = timedelta(days=10) response = json.loads( controller.login(self.trans, payload={ "login": user2.username, "password": default_password })) self.assertEqual(response["message"], "Your password will expire in 11 day(s).") self.trans.app.config.password_expiration_period = timedelta(days=100) response = json.loads( controller.login(self.trans, payload={ "login": user2.username, "password": default_password })) self.assertEqual(response["message"], "Success.")