def test_activate_invalid_user(self):
from horus.views import RegisterController
from pyramid_mailer.interfaces import IMailer
from pyramid_mailer.mailer import DummyMailer
from horus.interfaces import IUserClass
from horus.tests.models import User
from horus.interfaces import IActivationClass
from horus.tests.models import Activation
self.config.registry.registerUtility(Activation, IActivationClass)
self.config.registry.registerUtility(User, IUserClass)
self.config.include('horus')
self.config.add_route('index', '/')
self.config.registry.registerUtility(DummyMailer(), IMailer)
bad_act = Activation()
user = User(username='******', email='*****@*****.**')
user.activation = Activation()
user.password = '******'
user2 = User(username='******', email='*****@*****.**')
user2.activation = bad_act
user2.password = '******'
self.session.add(user)
self.session.add(user2)
self.session.flush()
request = testing.DummyRequest()
request.matchdict = Mock()
def get(val, ret):
if val == 'code':
return bad_act.code
elif val == 'user_id':
return user.id
request.matchdict.get = get
controller = RegisterController(request)
response = controller.activate()
new_user1 = User.get_by_username(request, 'sontek')
new_user2 = User.get_by_username(request, 'jessie')
assert not new_user1.is_activated
assert not new_user2.is_activated
assert response.status_int == 404
def test_inactive_login(self):
"""Make sure inactive users can't sign in."""
from horus.tests.models import User
from horus.tests.models import Activation
admin = User(username='******', email='*****@*****.**')
admin.activation = Activation()
admin.password = '******'
self.session.add(admin)
self.session.flush()
res = self.app.get('/login')
csrf = res.form.fields['csrf_token'][0].value
if six.PY3:
csrf = clean_byte_string(csrf)
res = self.app.post(
str('/login'), {
'submit': True,
'username': '******',
'password': '******',
'csrf_token': csrf
})
assert b'Your account is not active, please check your e-mail.' \
in res.body
def test_get_all_users(self):
from horus.tests.models import User
user = User(username='******', email='*****@*****.**')
user.password = '******'
user2 = User(username='******', email='*****@*****.**')
user2.password = '******'
self.session.add(user)
self.session.add(user2)
self.session.commit()
request = testing.DummyRequest()
users = User.get_all(request)
assert len(users.all()) == 2
def test_forgot_password_invalid_password(self):
from horus.views import ForgotPasswordController
from pyramid_mailer.interfaces import IMailer
from pyramid_mailer.mailer import DummyMailer
from horus.interfaces import IUserClass
from horus.tests.models import User
self.config.registry.registerUtility(User, IUserClass)
self.config.add_route('index', '/')
self.config.include('horus')
self.config.registry.registerUtility(DummyMailer(), IMailer)
user = User(username='******', password='******',
email='*****@*****.**')
user.password = '******'
self.session.add(user)
self.session.flush()
request = self.get_csrf_request(post={
'email': 'sontek'
}, request_method='POST')
request.user = None
view = ForgotPasswordController(request)
response = view.forgot_password()
assert len(response['errors']) == 1
def test_forgot_password_valid_user(self):
from horus.views import ForgotPasswordController
from pyramid_mailer.interfaces import IMailer
from pyramid_mailer.mailer import DummyMailer
from horus.interfaces import IUserClass
from horus.tests.models import User
self.config.registry.registerUtility(User, IUserClass)
self.config.add_route('index', '/')
self.config.include('horus')
self.config.registry.registerUtility(DummyMailer(), IMailer)
user = User(username='******', password='******',
email='*****@*****.**')
user.password = '******'
self.session.add(user)
self.session.flush()
request = self.get_csrf_request(post={
'email': '*****@*****.**'
}, request_method='POST')
request.user = None
view = ForgotPasswordController(request)
with patch('horus.views.FlashMessage') as FlashMessage:
response = view.forgot_password()
FlashMessage.assert_called_with(request,
view.Str.reset_password_email_sent, kind="success")
assert response.status_int == 302
def test_activate_invalid(self):
from horus.views import RegisterController
from pyramid_mailer.interfaces import IMailer
from pyramid_mailer.mailer import DummyMailer
from horus.interfaces import IUserClass
from horus.tests.models import User
from horus.interfaces import IActivationClass
from horus.tests.models import Activation
self.config.registry.registerUtility(Activation, IActivationClass)
self.config.registry.registerUtility(User, IUserClass)
self.config.include('horus')
self.config.add_route('index', '/')
self.config.registry.registerUtility(DummyMailer(), IMailer)
user = User(username='******', email='*****@*****.**')
user.password = '******'
user.activation = Activation()
self.session.add(user)
self.session.flush()
request = testing.DummyRequest()
request.matchdict = Mock()
get = Mock()
get.return_value = 'invalid'
request.matchdict.get = get
controller = RegisterController(request)
response = controller.activate()
user = User.get_by_username(request, 'sontek')
assert not user.is_activated
assert response.status_int == 404
def test_register_existing_user(self):
from horus.views import RegisterController
from pyramid_mailer.mailer import DummyMailer
from pyramid_mailer.interfaces import IMailer
from horus.interfaces import IUserClass
from horus.tests.models import User
from horus.interfaces import IActivationClass
from horus.tests.models import Activation
self.config.registry.registerUtility(Activation, IActivationClass)
self.config.registry.registerUtility(User, IUserClass)
self.config.include('horus')
self.config.registry.registerUtility(DummyMailer(), IMailer)
self.config.add_route('index', '/')
admin = User(username='******', email='*****@*****.**')
admin.password = '******'
self.session.add(admin)
self.session.flush()
request = self.get_csrf_request(post={
'username': '******',
'password': {
'password': '******',
'password-confirm': 'test123',
},
'email': '*****@*****.**'
}, request_method='POST')
view = RegisterController(request)
adict = view.register()
assert isinstance(adict, dict)
assert adict['errors']
def test_inactive_login_fails(self):
"""Make sure we can't log in with an inactive user."""
from horus.tests.models import User
from horus.interfaces import IUserClass
from horus.interfaces import IActivationClass
from horus.tests.models import Activation
self.config.registry.registerUtility(Activation, IActivationClass)
self.config.registry.registerUtility(User, IUserClass)
user = User(username='******', email='*****@*****.**')
user.password = '******'
user.activation = Activation()
self.session.add(user)
self.session.flush()
from horus.views import AuthController
self.config.add_route('index', '/')
self.config.include('horus')
self.config.registry.settings['horus.login_redirect'] = 'index'
self.config.registry.settings['horus.logout_redirect'] = 'index'
request = self.get_csrf_request(post={
'submit': True,
'username': '******',
'password': '******',
}, request_method='POST')
view = AuthController(request)
with patch('horus.views.FlashMessage') as FlashMessage:
view.login()
FlashMessage.assert_called_with(request,
'Your account is not active, please check your e-mail.',
kind='error')
def test_login_succeeds(self):
"""Make sure we can log in."""
from horus.tests.models import User
from horus.interfaces import IUserClass
from horus.interfaces import IActivationClass
from horus.tests.models import Activation
self.config.registry.registerUtility(Activation, IActivationClass)
self.config.registry.registerUtility(User, IUserClass)
self.config.registry.settings['horus.login_redirect'] = 'index'
self.config.registry.settings['horus.logout_redirect'] = 'index'
admin = User(username='******', email='*****@*****.**')
admin.password = '******'
self.session.add(admin)
self.session.flush()
from horus.views import AuthController
self.config.add_route('index', '/')
self.config.include('horus')
request = self.get_csrf_request(post={
'submit': True,
'username': '******',
'password': '******',
}, request_method='POST')
view = AuthController(request)
response = view.login()
assert response.status_int == 302
def test_profile_update_profile_invalid(self):
from horus.views import ProfileController
from horus.interfaces import IUserClass
from horus.interfaces import IActivationClass
from horus.interfaces import IProfileSchema
from horus.tests.models import User
from horus.tests.models import Activation
from horus.tests.schemas import ProfileSchema
self.config.registry.registerUtility(Activation, IActivationClass)
self.config.registry.registerUtility(User, IUserClass)
self.config.registry.registerUtility(ProfileSchema,
IProfileSchema)
self.config.add_route('index', '/')
self.config.include('horus')
user = User(username='******', email='*****@*****.**')
user.password = '******'
self.session.add(user)
self.session.flush()
request = self.get_csrf_request(request_method='POST')
request.context = user
request.matchdict = Mock()
get = Mock()
get.return_value = user.id
request.matchdict.get = get
view = ProfileController(request)
response = view.edit_profile()
assert len(response['errors']) == 3
def test_profile_bad_id(self):
from horus.views import ProfileController
from horus.interfaces import IUserClass
from horus.interfaces import IActivationClass
from horus.tests.models import User
from horus.tests.models import Activation
self.config.registry.registerUtility(User, IUserClass)
self.config.registry.registerUtility(Activation, IActivationClass)
self.config.add_route('index', '/')
self.config.include('horus')
user = User(username='******', email='*****@*****.**')
user.password = '******'
self.session.add(user)
self.session.flush()
request = testing.DummyRequest()
request.user = Mock()
request.matchdict = Mock()
get = Mock()
get.return_value = 99
request.matchdict.get = get
view = ProfileController(request)
response = view.profile()
assert response.status_int == 404
def test_activate_multiple_users(self):
from horus.views import RegisterController
from pyramid_mailer.interfaces import IMailer
from pyramid_mailer.mailer import DummyMailer
from horus.interfaces import IUserClass
from horus.tests.models import User
from horus.interfaces import IActivationClass
from horus.tests.models import Activation
self.config.registry.registerUtility(Activation, IActivationClass)
self.config.registry.registerUtility(User, IUserClass)
self.config.include('horus')
self.config.add_route('index', '/')
self.config.registry.registerUtility(DummyMailer(), IMailer)
user = User(username='******', email='*****@*****.**')
user.activation = Activation()
user.password = '******'
user1 = User(username='******', email='*****@*****.**')
user1.activation = Activation()
user1.password = '******'
self.session.add(user)
self.session.add(user1)
self.session.flush()
request = testing.DummyRequest()
request.matchdict = Mock()
def get(key, default):
if key == 'code':
return user1.activation.code
else:
return user1.id
request.matchdict.get = get
controller = RegisterController(request)
response = controller.activate()
user = User.get_by_username(request, 'sontek1')
activations = Activation.get_all(request)
assert len(activations.all()) == 1
assert user.is_activated
assert response.status_int == 302
def test_password_hashing(self):
from horus.tests.models import User
user1 = User(username='******', email='*****@*****.**')
user1.password = '******'
self.session.add(user1)
self.session.flush()
assert user1.password != 'password'
assert user1.salt is not None
def test_acl(self):
from horus.tests.models import User
from pyramid.security import Allow
user1 = User(username='******', email='*****@*****.**')
user1.password = '******'
self.session.add(user1)
self.session.flush()
assert user1.__acl__ == [(Allow, 'user:%s' % user1.id, 'access_user')]
def test_get_user_by_activation_with_multiple_users(self):
from horus.tests.models import User
from horus.tests.models import Activation
user1 = User(username='******', email='*****@*****.**')
user2 = User(username='******', email='*****@*****.**')
user1.password = '******'
user2.password = '******'
activation = Activation()
user2.activation = activation
self.session.add(user1)
self.session.add(user2)
self.session.commit()
request = testing.DummyRequest()
new_user = User.get_by_activation(request, activation)
assert new_user == user2
def test_profile_update_password(self):
from horus.views import ProfileController
from hem.interfaces import IDBSession
from horus.events import ProfileUpdatedEvent
from horus.models import crypt
from horus.interfaces import IUserClass
from horus.tests.models import User
from horus.interfaces import IActivationClass
from horus.tests.models import Activation
self.config.registry.registerUtility(Activation, IActivationClass)
self.config.registry.registerUtility(User, IUserClass)
self.config.add_route('index', '/')
self.config.include('horus')
user = User(username='******', email='*****@*****.**')
user.password = '******'
self.session.add(user)
self.session.flush()
def handle_profile_updated(event):
request = event.request
session = request.registry.getUtility(IDBSession)
session.commit()
self.config.add_subscriber(handle_profile_updated,
ProfileUpdatedEvent)
request = self.get_csrf_request(post={
'email': '*****@*****.**',
'password': {
'password': '******',
'password-confirm': 'test123',
},
}, request_method='POST')
request.context = user
request.matchdict = Mock()
get = Mock()
get.return_value = user.id
request.matchdict.get = get
view = ProfileController(request)
view.edit_profile()
new_user = User.get_by_id(request, user.id)
assert new_user.email == '*****@*****.**'
assert not crypt.check(user.password, 'temp' + user.salt)
def test_reset_password_valid_user(self):
from horus.views import ForgotPasswordController
from hem.interfaces import IDBSession
from horus.events import PasswordResetEvent
from pyramid_mailer.interfaces import IMailer
from pyramid_mailer.mailer import DummyMailer
from horus.models import crypt
from horus.interfaces import IUserClass
from horus.interfaces import IActivationClass
from horus.tests.models import User
from horus.tests.models import Activation
self.config.registry.registerUtility(User, IUserClass)
self.config.registry.registerUtility(Activation, IActivationClass)
self.config.add_route('index', '/')
self.config.include('horus')
self.config.registry.registerUtility(DummyMailer(), IMailer)
user = User(username='******', email='*****@*****.**')
user.password = '******'
user.activation = Activation()
self.session.add(user)
self.session.flush()
request = self.get_csrf_request(post={
'password': {
'password': '******',
'password-confirm': 'test123',
},
}, request_method='POST')
request.matchdict = Mock()
get = Mock()
get.return_value = user.activation.code
request.matchdict.get = get
request.user = None
def handle_password_reset(event):
request = event.request
session = request.registry.getUtility(IDBSession)
session.commit()
self.config.add_subscriber(handle_password_reset, PasswordResetEvent)
view = ForgotPasswordController(request)
response = view.reset_password()
assert not crypt.check(user.password, 'temp' + user.salt)
assert response.status_int == 302
def test_get_user_by_invalid_email(self):
from horus.tests.models import User
user = User(username='******', email='*****@*****.**')
user.password = '******'
self.session.add(user)
self.session.commit()
request = testing.DummyRequest()
new_user = User.get_by_email(request, '*****@*****.**')
assert new_user == None
def test_get_user_by_id(self):
from horus.tests.models import User
user = User(username='******', email='*****@*****.**')
user.password = '******'
self.session.add(user)
self.session.commit()
request = testing.DummyRequest()
new_user = User.get_by_id(request, user.id)
assert new_user == user
def test_get_valid_user_by_security_code(self):
from horus.tests.models import User
user = User(username='******', email='*****@*****.**')
user.password = '******'
self.session.add(user)
self.session.commit()
request = testing.DummyRequest()
new_user = User.get_by_security_code(request, user.security_code)
assert user == new_user
def test_get_user_activation(self):
from horus.tests.models import Activation
from horus.tests.models import User
user1 = User(username='******', email='*****@*****.**')
user2 = User(username='******', email='*****@*****.**')
user1.password = '******'
user2.password = '******'
activation = Activation()
user2.activation = activation
self.session.add(user1)
self.session.add(user2)
self.session.commit()
request = testing.DummyRequest()
new_user = User.get_by_username(request, 'sontek2')
new_activation = Activation.get_by_code(request, activation.code)
assert activation == new_activation
assert new_user.activation == new_activation
def test_group_finder_no_groups(self):
from horus import groupfinder
from horus.tests.models import User
from horus.tests.models import Group
group = Group(name='foo', description='bar')
user1 = User(username='******', email='*****@*****.**')
user2 = User(username='******', email='*****@*****.**')
user1.password = '******'
user2.password = '******'
group.users.append(user1)
self.session.add(group)
self.session.add(user1)
self.session.add(user2)
self.session.flush()
request = Mock()
request.user = user2
results = groupfinder(2, request)
assert len(results) == 1
assert 'user:%s' % (user2.id) in results
def test_get_user_by_activation(self):
from horus.tests.models import User
from horus.tests.models import Activation
user = User(username='******', email='*****@*****.**')
user.password = '******'
activation = Activation()
user.activation = activation
self.session.add(user)
self.session.commit()
request = testing.DummyRequest()
new_user = User.get_by_activation(request, activation)
assert new_user == user
def test_get_all(self):
from horus.tests.models import Group
from horus.tests.models import User
user = User(username='******', email='*****@*****.**')
user.password = '******'
self.session.add(user)
group = Group(name='admin', description='group for admins')
group.users.append(user)
self.session.add(group)
self.session.commit()
request = testing.DummyRequest()
groups = Group.get_all(request)
assert len(groups.all()) == 1
def test_user_factory(self):
from horus.resources import UserFactory
from horus.tests.models import User
from horus.interfaces import IUserClass
self.config.registry.registerUtility(User, IUserClass)
user = User(username='******', email='*****@*****.**')
user.password = '******'
self.session.add(user)
self.session.commit()
request = testing.DummyRequest()
factory = UserFactory(request)
fact_user = factory[user.id]
assert factory.request == request
assert user == fact_user
def test_reset_password_invalid_password(self):
from horus.views import ForgotPasswordController
from pyramid_mailer.interfaces import IMailer
from pyramid_mailer.mailer import DummyMailer
from horus.interfaces import IUserClass
from horus.interfaces import IActivationClass
from horus.tests.models import User
from horus.tests.models import Activation
self.config.registry.registerUtility(User, IUserClass)
self.config.registry.registerUtility(Activation, IActivationClass)
self.config.add_route('index', '/')
self.config.include('horus')
self.config.registry.registerUtility(DummyMailer(), IMailer)
user = User(username='******', password='******',
email='*****@*****.**')
user.password = '******'
user.activation = Activation()
self.session.add(user)
self.session.flush()
request = self.get_csrf_request(post={
'Password': {
'Password': '******',
'Password-confirm': 't',
},
}, request_method='POST')
request.matchdict = Mock()
get = Mock()
get.return_value = user.activation.code
request.matchdict.get = get
request.user = None
view = ForgotPasswordController(request)
response = view.reset_password()
assert len(response['errors']) == 1
def test_reset_password_loads(self):
from horus.views import ForgotPasswordController
from pyramid_mailer.interfaces import IMailer
from pyramid_mailer.mailer import DummyMailer
from horus.interfaces import IUserClass
from horus.tests.models import User
from horus.tests.models import Activation
from horus.interfaces import IActivationClass
self.config.registry.registerUtility(User, IUserClass)
self.config.registry.registerUtility(Activation, IActivationClass)
self.config.add_route('index', '/')
self.config.include('horus')
self.config.registry.registerUtility(DummyMailer(), IMailer)
user = User(username='******', password='******',
email='*****@*****.**')
user.password = '******'
user.activation = Activation()
self.session.add(user)
self.session.flush()
request = testing.DummyRequest()
request.matchdict = Mock()
get = Mock()
get.return_value = user.activation.code
request.matchdict.get = get
request.user = None
view = ForgotPasswordController(request)
response = view.reset_password()
assert response.get('form', None)
assert 'sontek' in response['form']
def test_valid_login(self):
""" Call the login view, make sure routes are working """
from horus.tests.models import User
admin = User(username='******', email='*****@*****.**')
admin.password = '******'
self.session.add(admin)
self.session.flush()
res = self.app.get('/login')
csrf = res.form.fields['csrf_token'][0].value
if six.PY3:
csrf = clean_byte_string(csrf)
res = self.app.post(
str('/login'), {
'submit': True,
'username': '******',
'password': '******',
'csrf_token': csrf
})
assert res.status_int == 302
