def test_logout(self):
from horus.strings import UIStringsBase as Str
from horus.views import AuthController
from horus.tests.models import User
from horus.interfaces import IUserClass
from horus.interfaces import IActivationClass
from horus.tests.models import Activation
self.config.registry.registerUtility(Activation, IActivationClass)
self.config.registry.registerUtility(User, IUserClass)
self.config.add_route('index', '/')
self.config.include('horus')
self.config.registry.settings['horus.login_redirect'] = 'index'
self.config.registry.settings['horus.logout_redirect'] = 'index'
request = testing.DummyRequest()
invalidate = Mock()
request.user = Mock()
request.session = Mock()
request.session.invalidate = invalidate
view = AuthController(request)
with patch('horus.views.forget') as forget:
with patch('horus.views.HTTPFound') as HTTPFound:
with patch('horus.views.FlashMessage') as FlashMessage:
view.logout()
FlashMessage.assert_called_with(request,
Str.logout, kind="success")
forget.assert_called_with(request)
assert invalidate.called
assert HTTPFound.called
def test_inactive_login_fails(self):
"""Make sure we can't log in with an inactive user."""
from horus.tests.models import User
from horus.interfaces import IUserClass
from horus.interfaces import IActivationClass
from horus.tests.models import Activation
self.config.registry.registerUtility(Activation, IActivationClass)
self.config.registry.registerUtility(User, IUserClass)
user = User(username='******', email='*****@*****.**')
user.password = '******'
user.activation = Activation()
self.session.add(user)
self.session.flush()
from horus.views import AuthController
self.config.add_route('index', '/')
self.config.include('horus')
self.config.registry.settings['horus.login_redirect'] = 'index'
self.config.registry.settings['horus.logout_redirect'] = 'index'
request = self.get_csrf_request(post={
'submit': True,
'username': '******',
'password': '******',
}, request_method='POST')
view = AuthController(request)
with patch('horus.views.FlashMessage') as FlashMessage:
view.login()
FlashMessage.assert_called_with(request,
'Your account is not active, please check your e-mail.',
kind='danger')
def test_login_fails_empty(self):
"""Make sure we can't log in with empty credentials."""
from horus.views import AuthController
from horus.interfaces import IUserClass
from horus.tests.models import User
from horus.interfaces import IActivationClass
from horus.tests.models import Activation
self.config.registry.registerUtility(Activation, IActivationClass)
self.config.registry.registerUtility(User, IUserClass)
self.config.add_route('index', '/')
self.config.include('horus')
self.config.registry.settings['horus.login_redirect'] = 'index'
self.config.registry.settings['horus.logout_redirect'] = 'index'
request = testing.DummyRequest(post={
'submit': True,
}, request_method='POST')
view = AuthController(request)
response = view.login()
errors = response['errors']
assert errors[0].node.name == 'csrf_token'
assert errors[0].msg == 'Required'
assert errors[1].node.name == 'username'
assert errors[1].msg == 'Required'
assert errors[2].node.name == 'password'
assert errors[2].msg == 'Required'
def test_csrf_invalid_fails(self):
""" Make sure we can't login with a bad csrf """
from horus.views import AuthController
from horus.interfaces import IUserClass
from horus.tests.models import User
from horus.interfaces import IActivationClass
from horus.tests.models import Activation
self.config.registry.registerUtility(Activation, IActivationClass)
self.config.registry.registerUtility(User, IUserClass)
self.config.add_route('index', '/')
self.config.include('horus')
self.config.registry.settings['horus.login_redirect'] = 'index'
self.config.registry.settings['horus.logout_redirect'] = 'index'
request = self.get_csrf_request(post={
'submit': True,
'login': '******',
'password': '******',
'csrf_token': 'abc2'
}, request_method='POST')
view = AuthController(request)
response = view.login()
errors = response['errors']
assert errors[0].node.name == 'csrf_token'
assert errors[0].msg == 'Invalid cross-site scripting token'
def test_login_fails_bad_credentials(self):
""" Make sure we can't login with bad credentials"""
from horus.views import AuthController
from horus.interfaces import IUserClass
from horus.tests.models import User
from horus.interfaces import IActivationClass
from horus.tests.models import Activation
self.config.registry.registerUtility(Activation, IActivationClass)
self.config.registry.registerUtility(User, IUserClass)
self.config.add_route('index', '/')
self.config.include('horus')
request = self.get_csrf_request(post={
'submit': True,
'username': '******',
'password': '******',
}, request_method='POST')
flash = Mock()
request.session.flash = flash
view = AuthController(request)
view.login()
flash.assert_called_with('Invalid username or password.', 'error')
def test_logout(self):
from horus.views import AuthController
from horus.tests.models import User
from horus.interfaces import IUserClass
from horus.interfaces import IActivationClass
from horus.tests.models import Activation
self.config.registry.registerUtility(Activation, IActivationClass)
self.config.registry.registerUtility(User, IUserClass)
self.config.add_route('index', '/')
self.config.include('horus')
request = testing.DummyRequest()
flash = Mock()
invalidate = Mock()
request.user = Mock()
request.session = Mock()
request.session.invalidate = invalidate
request.session.flash = flash
view = AuthController(request)
with patch('horus.views.forget') as forget:
with patch('horus.views.HTTPFound') as HTTPFound:
view.logout()
flash.assert_called_with('Logged out successfully.',
'success')
forget.assert_called_with(request)
assert invalidate.called
assert HTTPFound.called
def test_login_fails_empty(self):
"""Make sure we can't log in with empty credentials."""
from horus.views import AuthController
from horus.interfaces import IUserClass
from horus.tests.models import User
from horus.interfaces import IActivationClass
from horus.tests.models import Activation
self.config.registry.registerUtility(Activation, IActivationClass)
self.config.registry.registerUtility(User, IUserClass)
self.config.add_route('index', '/')
self.config.include('horus')
self.config.registry.settings['horus.login_redirect'] = 'index'
self.config.registry.settings['horus.logout_redirect'] = 'index'
request = testing.DummyRequest(post={
'submit': True,
}, request_method='POST')
view = AuthController(request)
response = view.login()
errors = response['errors']
assert errors[0].node.name == 'csrf_token'
assert errors[0].msg == 'Required'
assert errors[1].node.name == 'username'
assert errors[1].msg == 'Required'
assert errors[2].node.name == 'password'
assert errors[2].msg == 'Required'
def test_csrf_invalid_fails(self):
""" Make sure we can't login with a bad csrf """
from horus.views import AuthController
from horus.interfaces import IUserClass
from horus.tests.models import User
from horus.interfaces import IActivationClass
from horus.tests.models import Activation
self.config.registry.registerUtility(Activation, IActivationClass)
self.config.registry.registerUtility(User, IUserClass)
self.config.add_route('index', '/')
self.config.include('horus')
self.config.registry.settings['horus.login_redirect'] = 'index'
self.config.registry.settings['horus.logout_redirect'] = 'index'
request = self.get_csrf_request(post={
'submit': True,
'login': '******',
'password': '******',
'csrf_token': 'abc2'
}, request_method='POST')
view = AuthController(request)
response = view.login()
errors = response['errors']
assert errors[0].node.name == 'csrf_token'
assert errors[0].msg == 'Invalid cross-site scripting token'
def test_logout(self):
from horus.strings import UIStringsBase as Str
from horus.views import AuthController
from horus.tests.models import User
from horus.interfaces import IUserClass
from horus.interfaces import IActivationClass
from horus.tests.models import Activation
self.config.registry.registerUtility(Activation, IActivationClass)
self.config.registry.registerUtility(User, IUserClass)
self.config.add_route('index', '/')
self.config.include('horus')
self.config.registry.settings['horus.login_redirect'] = 'index'
self.config.registry.settings['horus.logout_redirect'] = 'index'
request = testing.DummyRequest()
invalidate = Mock()
request.user = Mock()
request.session = Mock()
request.session.invalidate = invalidate
view = AuthController(request)
with patch('horus.views.forget') as forget:
with patch('horus.views.HTTPFound') as HTTPFound:
with patch('horus.views.FlashMessage') as FlashMessage:
view.logout()
FlashMessage.assert_called_with(request,
Str.logout, kind="success")
forget.assert_called_with(request)
assert invalidate.called
assert HTTPFound.called
def persona(self):
request = self.request
schema = schemas.PersonaSchema().bind(request=request)
form = deform.Form(
schema,
formid='persona',
use_ajax=True,
ajax_options=self.ajax_options
)
lm = request.layout_manager
lm.layout.add_form(form)
try:
if request.POST.get('__formid__', '') == 'persona':
persona = form.validate(request.POST.items())
if persona.get('id', None) == -1:
controller = AuthController(request)
return controller.logout()
else:
# TODO: multiple personas
persona = None
except deform.exception.ValidationFailure as e:
return dict(persona={'form': e.render()})
else:
persona = dict(id=0 if request.user else -1)
return dict(persona={'form': form.render(persona)})
def test_inactive_login_fails(self):
"""Make sure we can't log in with an inactive user."""
from horus.tests.models import User
from horus.interfaces import IUserClass
from horus.interfaces import IActivationClass
from horus.tests.models import Activation
self.config.registry.registerUtility(Activation, IActivationClass)
self.config.registry.registerUtility(User, IUserClass)
user = User(username='******', email='*****@*****.**')
user.password = '******'
user.activation = Activation()
self.session.add(user)
self.session.flush()
from horus.views import AuthController
self.config.add_route('index', '/')
self.config.include('horus')
self.config.registry.settings['horus.login_redirect'] = 'index'
self.config.registry.settings['horus.logout_redirect'] = 'index'
request = self.get_csrf_request(post={
'submit': True,
'username': '******',
'password': '******',
}, request_method='POST')
view = AuthController(request)
with patch('horus.views.FlashMessage') as FlashMessage:
view.login()
FlashMessage.assert_called_with(request,
'Your account is not active, please check your e-mail.',
kind='error')
def test_login_succeeds(self):
"""Make sure we can log in."""
from horus.tests.models import User
from horus.interfaces import IUserClass
from horus.interfaces import IActivationClass
from horus.tests.models import Activation
self.config.registry.registerUtility(Activation, IActivationClass)
self.config.registry.registerUtility(User, IUserClass)
self.config.registry.settings['horus.login_redirect'] = 'index'
self.config.registry.settings['horus.logout_redirect'] = 'index'
admin = User(username='******', email='*****@*****.**')
admin.password = '******'
self.session.add(admin)
self.session.flush()
from horus.views import AuthController
self.config.add_route('index', '/')
self.config.include('horus')
request = self.get_csrf_request(post={
'submit': True,
'username': '******',
'password': '******',
}, request_method='POST')
view = AuthController(request)
response = view.login()
assert response.status_int == 302
def test_login_fails_bad_credentials(self):
""" Make sure we can't login with bad credentials"""
from horus.views import AuthController
from horus.interfaces import IUserClass
from horus.tests.models import User
from horus.interfaces import IActivationClass
from horus.tests.models import Activation
self.config.registry.registerUtility(Activation, IActivationClass)
self.config.registry.registerUtility(User, IUserClass)
self.config.add_route('index', '/')
self.config.include('horus')
self.config.registry.settings['horus.login_redirect'] = 'index'
self.config.registry.settings['horus.logout_redirect'] = 'index'
request = self.get_csrf_request(post={
'submit': True,
'username': '******',
'password': '******',
}, request_method='POST')
view = AuthController(request)
with patch('horus.views.FlashMessage') as FlashMessage:
view.login()
FlashMessage.assert_called_with(request,
"Invalid username or password.", kind="error")
def test_login_succeeds(self):
"""Make sure we can log in."""
from horus.tests.models import User
from horus.interfaces import IUserClass
from horus.interfaces import IActivationClass
from horus.tests.models import Activation
self.config.registry.registerUtility(Activation, IActivationClass)
self.config.registry.registerUtility(User, IUserClass)
self.config.registry.settings['horus.login_redirect'] = 'index'
self.config.registry.settings['horus.logout_redirect'] = 'index'
admin = User(username='******', email='*****@*****.**')
admin.password = '******'
self.session.add(admin)
self.session.flush()
from horus.views import AuthController
self.config.add_route('index', '/')
self.config.include('horus')
request = self.get_csrf_request(post={
'submit': True,
'username': '******',
'password': '******',
}, request_method='POST')
view = AuthController(request)
response = view.login()
assert response.status_int == 302
def test_inactive_login_fails(self):
""" Make sure we can't login with an inactive user """
from horus.tests.models import User
from horus.interfaces import IHorusUserClass
from horus.interfaces import IHorusActivationClass
from horus.tests.models import Activation
self.config.registry.registerUtility(Activation, IHorusActivationClass)
self.config.registry.registerUtility(User, IHorusUserClass)
user = User(username='******', email='*****@*****.**')
user.set_password('foo')
user.activation = Activation()
self.session.add(user)
self.session.flush()
from horus.views import AuthController
self.config.add_route('index', '/')
self.config.include('horus')
request = self.get_csrf_request(post={
'submit': True,
'Username': '******',
'Password': '******',
}, request_method='POST')
flash = Mock()
request.session.flash = flash
view = AuthController(request)
view.login()
flash.assert_called_with(u'Your account is not active, please check your e-mail.',
'error')
def test_login_fails_bad_credentials(self):
""" Make sure we can't login with bad credentials"""
from horus.views import AuthController
from horus.interfaces import IUserClass
from horus.tests.models import User
from horus.interfaces import IActivationClass
from horus.tests.models import Activation
self.config.registry.registerUtility(Activation, IActivationClass)
self.config.registry.registerUtility(User, IUserClass)
self.config.add_route('index', '/')
self.config.include('horus')
self.config.registry.settings['horus.login_redirect'] = 'index'
self.config.registry.settings['horus.logout_redirect'] = 'index'
request = self.get_csrf_request(post={
'submit': True,
'username': '******',
'password': '******',
}, request_method='POST')
view = AuthController(request)
with patch('horus.views.FlashMessage') as FlashMessage:
view.login()
FlashMessage.assert_called_with(request,
"Invalid username or password.", kind="danger")
def auth(self):
request = self.request
action = request.params.get('action', 'login')
if action not in ['login', 'logout']:
raise HTTPBadRequest()
controller = AuthController(request)
form = controller.form
form.formid = 'auth'
form.use_ajax = True
form.ajax_options = self.ajax_options
if request.POST.get('__formid__', '') == 'auth':
result = getattr(controller, action)()
error = request.session.pop_flash('error')
if isinstance(result, dict):
if error:
form.error = colander.Invalid(form.schema, error[0])
result = {'form': form.render()}
else:
return result
return dict(auth=result)
lm = request.layout_manager
lm.layout.add_form(form)
return dict(auth={'form': form.render()})
def test_auth_controller_extensions(self):
from horus.views import AuthController
from horus.interfaces import IUserClass
from horus.interfaces import ILoginSchema
from horus.interfaces import ILoginForm
from horus.interfaces import IActivationClass
from horus.interfaces import IUIStrings
from horus.strings import UIStringsBase
from horus.tests.models import User
from horus.tests.models import Activation
self.config.registry.registerUtility(Activation, IActivationClass)
self.config.add_route('index', '/')
self.config.registry.settings['horus.login_redirect'] = 'index'
self.config.registry.settings['horus.logout_redirect'] = 'index'
request = testing.DummyRequest()
getUtility = Mock()
getUtility.return_value = True
schema = Mock()
form = Mock()
self.config.registry.registerUtility(UIStringsBase, IUIStrings)
self.config.registry.registerUtility(User, IUserClass)
self.config.registry.registerUtility(schema, ILoginSchema)
self.config.registry.registerUtility(form, ILoginForm)
AuthController(request)
assert schema.called
assert form.called
def test_login_loads(self):
from horus.views import AuthController
from horus.interfaces import IUserClass
from horus.tests.models import User
from horus.interfaces import IActivationClass
from horus.tests.models import Activation
self.config.registry.registerUtility(Activation, IActivationClass)
self.config.registry.registerUtility(User, IUserClass)
self.config.add_route('index', '/')
self.config.include('horus')
request = testing.DummyRequest()
request.user = None
view = AuthController(request)
response = view.login()
assert response.get('form', None)
def test_login_redirects_if_logged_in(self):
from horus.views import AuthController
from horus.interfaces import IUserClass
from horus.tests.models import User
from horus.interfaces import IActivationClass
from horus.tests.models import Activation
self.config.registry.registerUtility(Activation, IActivationClass)
self.config.registry.registerUtility(User, IUserClass)
self.config.add_route('index', '/')
self.config.include('horus')
request = testing.DummyRequest()
request.user = Mock()
view = AuthController(request)
response = view.login()
assert response.status_int == 302
def test_login_redirects_if_logged_in(self):
from horus.views import AuthController
from horus.interfaces import IUserClass
from horus.tests.models import User
from horus.interfaces import IActivationClass
from horus.tests.models import Activation
self.config.registry.registerUtility(Activation, IActivationClass)
self.config.registry.registerUtility(User, IUserClass)
self.config.add_route('index', '/')
self.config.include('horus')
self.config.registry.settings['horus.login_redirect'] = 'index'
self.config.registry.settings['horus.logout_redirect'] = 'index'
request = testing.DummyRequest()
request.user = Mock()
view = AuthController(request)
response = view.login()
assert response.status_int == 302
def persona(self):
request = self.request
schema = schemas.PersonaSchema().bind(request=request)
form = deform.Form(schema, formid="persona", use_ajax=True, ajax_options=self.ajax_options)
lm = request.layout_manager
lm.layout.add_form(form)
try:
if request.POST.get("__formid__", "") == "persona":
persona = form.validate(request.POST.items())
if persona.get("id", None) == -1:
controller = AuthController(request)
return controller.logout()
else:
# TODO: multiple personas
persona = None
except deform.exception.ValidationFailure as e:
return dict(persona={"form": e.render()})
else:
persona = dict(id=0 if request.user else -1)
return dict(persona={"form": form.render(persona)})
def login(self):
result = AuthController(self.request).login()
return self.respond(result)
def logout(self):
result = AuthController(self.request).logout()
self.request.user = None
return self.respond(result)
def auth_controller(self):
return AuthController(self.request)
