def test_add_user(self):
backend = MongoDBRegistrationBackend(self.settings, self.config)
# Test good, available username, writing it to DB
struct = {"username":"******", "password":"******", "email":"*****@*****.**"}
backend.add_user(struct)
user_doc = self.db.users.find_one({"username":struct["username"]})
self.assertEquals(user_doc["username"], struct["username"])
self.assertEquals(user_doc["email"], struct["email"])
self.assertNotEquals(user_doc["password"], struct["password"])
# Test that we cannot add the same username again
self.assertRaises(colander.Invalid, backend.add_user, struct)
def test_activate(self, connection_mock):
conn = connection_mock.instance()
connection_mock.return_value = conn
db = conn[self.settings["mongodb.db_name"]]
backend = MongoDBRegistrationBackend(self.settings, self.config)
utcnow = datetime.datetime.utcnow()
with patch('datetime.datetime'):
datetime.datetime.utcnow.return_value = utcnow
backend.activate("token")
db.users.update.assert_called_once_with({"access_tokens.token":"token"},
{"$set":{"access_tokens.$.activated_timestamp":utcnow}}, safe=True)
def test_activate(self, connection_mock):
conn = connection_mock.instance()
connection_mock.return_value = conn
db = conn[self.settings["mongodb.db_name"]]
backend = MongoDBRegistrationBackend(self.settings, self.config)
utcnow = datetime.datetime.utcnow()
with patch('datetime.datetime'):
datetime.datetime.utcnow.return_value = utcnow
backend.activate("token")
db.users.update.assert_called_once_with(
{"access_tokens.token": "token"},
{"$set": {
"access_tokens.$.activated_timestamp": utcnow
}},
safe=True)
def test_add_user(self):
backend = MongoDBRegistrationBackend(self.settings, self.config)
# Test good, available username, writing it to DB
struct = {
"username": "******",
"password": "******",
"email": "*****@*****.**"
}
backend.add_user(struct)
user_doc = self.db.users.find_one({"username": struct["username"]})
self.assertEquals(user_doc["username"], struct["username"])
self.assertEquals(user_doc["email"], struct["email"])
self.assertNotEquals(user_doc["password"], struct["password"])
# Test that we cannot add the same username again
self.assertRaises(colander.Invalid, backend.add_user, struct)
def test_init(self, connection_mock):
conn = connection_mock.instance()
connection_mock.return_value = conn
backend = MongoDBRegistrationBackend(self.settings, self.config)
self.assertEquals(self.config.registry.settings["mongodb_conn"], conn)
self.assertEquals(backend.db, conn[self.settings["mongodb.db_name"]])
def test_issue_access_token(self, connection_mock):
conn = connection_mock.instance()
connection_mock.return_value = conn
db = conn[self.settings["mongodb.db_name"]]
backend = MongoDBRegistrationBackend(self.settings, self.config)
uid = ObjectId()
token = "token"
with patch('pyramid_registration.mongodb._generate_access_token'):
mongodb._generate_access_token.return_value = token
def side_effect(*args):
def second_call(*args):
return {"_id":uid}
mongodb._generate_access_token.side_effect = second_call
return None
db.users.find_one.side_effect = side_effect
backend.issue_access_token(uid)
db.users.find_one.assert_called_with({"access_tokens.token":token})
def test_simple_login(self, connection_mock):
conn = connection_mock.instance()
connection_mock.return_value = conn
db = conn[self.settings["mongodb.db_name"]]
backend = MongoDBRegistrationBackend(self.settings, self.config)
password = "******"
stored_user = {"username":"******",
"password":_hash_pw("testpassword"),
"email":"*****@*****.**"}
# Test situation where user exists and we do password hash comparison
db.users.find_one.return_value = stored_user
self.assertTrue(backend.simple_login(stored_user["username"], password))
# Test situation where user does not exist
db.users.find_one.return_value = False
self.assertFalse(backend.simple_login(stored_user["username"], password))
def test_activation(self):
backend = MongoDBRegistrationBackend(self.settings, self.config)
struct = {
"username": "******",
"password": "******",
"email": "*****@*****.**"
}
backend.add_user(struct)
user_doc = self.db.users.find_one({"username": struct["username"]})
self.assertEquals(user_doc["username"], struct["username"])
self.assertEquals(user_doc["email"], struct["email"])
self.assertNotEquals(user_doc["password"], struct["password"])
# User has been added - verify it has no activated tokens
for token in user_doc.get("access_tokens", []):
self.assertFalse(token.get("activated_timestamp"))
# Issue a token for this user
access_token = backend.issue_access_token(user_doc["_id"])
# Verify user has this access token in their user document
user_doc = self.db.users.find_one({"username": struct["username"]})
doc_token = False
for token in user_doc.get("access_tokens", []):
if token.get("token") == access_token:
doc_token = token
break
self.assertEquals(doc_token["token"], access_token)
# Verify this token is not activated
self.assertFalse(doc_token.get("activated_timestamp"))
# Ensure verify_access_token on this token returns False
self.assertFalse(backend.verify_access_token(access_token))
# Now activate the token, and assert that the token is marked as
# activated in the database.
backend.activate(access_token)
user_doc = self.db.users.find_one({"username": struct["username"]})
doc_token = False
for token in user_doc.get("access_tokens", []):
if token.get("token") == access_token:
self.assertTrue(token.get("activated_timestamp"))
break
# Ensure verify_access_token on this token returns the user_id
userid = backend.verify_access_token(access_token)
self.assertEquals(userid, str(user_doc["_id"]))
def test_verify_access_token(self, connection_mock):
conn = connection_mock.instance()
connection_mock.return_value = conn
db = conn[self.settings["mongodb.db_name"]]
backend = MongoDBRegistrationBackend(self.settings, self.config)
# Test that a non-existant token will not verify
db.users.find_one.return_value = None
self.assertFalse(backend.verify_access_token("token"))
# Test that a matching token will return a stringified ID
with patch("pyramid_registration.mongodb._purge_old_tokens"):
oid = ObjectId()
db.users.find_one.return_value = {"_id":oid}
self.assertEquals(backend.verify_access_token("token"), str(oid))
# Test that verify has tried to purge the expired tokens
mongodb._purge_old_tokens.assert_called_once_with(db, oid)
def test_verify_access_token(self, connection_mock):
conn = connection_mock.instance()
connection_mock.return_value = conn
db = conn[self.settings["mongodb.db_name"]]
backend = MongoDBRegistrationBackend(self.settings, self.config)
# Test that a non-existant token will not verify
db.users.find_one.return_value = None
self.assertFalse(backend.verify_access_token("token"))
# Test that a matching token will return a stringified ID
with patch("pyramid_registration.mongodb._purge_old_tokens"):
oid = ObjectId()
db.users.find_one.return_value = {"_id": oid}
self.assertEquals(backend.verify_access_token("token"), str(oid))
# Test that verify has tried to purge the expired tokens
mongodb._purge_old_tokens.assert_called_once_with(db, oid)
def test_issue_access_token(self, connection_mock):
conn = connection_mock.instance()
connection_mock.return_value = conn
db = conn[self.settings["mongodb.db_name"]]
backend = MongoDBRegistrationBackend(self.settings, self.config)
uid = ObjectId()
token = "token"
with patch('pyramid_registration.mongodb._generate_access_token'):
mongodb._generate_access_token.return_value = token
def side_effect(*args):
def second_call(*args):
return {"_id": uid}
mongodb._generate_access_token.side_effect = second_call
return None
db.users.find_one.side_effect = side_effect
backend.issue_access_token(uid)
db.users.find_one.assert_called_with(
{"access_tokens.token": token})
def test_simple_login(self, connection_mock):
conn = connection_mock.instance()
connection_mock.return_value = conn
db = conn[self.settings["mongodb.db_name"]]
backend = MongoDBRegistrationBackend(self.settings, self.config)
password = "******"
stored_user = {
"username": "******",
"password": _hash_pw("testpassword"),
"email": "*****@*****.**"
}
# Test situation where user exists and we do password hash comparison
db.users.find_one.return_value = stored_user
self.assertTrue(backend.simple_login(stored_user["username"],
password))
# Test situation where user does not exist
db.users.find_one.return_value = False
self.assertFalse(
backend.simple_login(stored_user["username"], password))
def test_activation(self):
backend = MongoDBRegistrationBackend(self.settings, self.config)
struct = {"username":"******", "password":"******", "email":"*****@*****.**"}
backend.add_user(struct)
user_doc = self.db.users.find_one({"username":struct["username"]})
self.assertEquals(user_doc["username"], struct["username"])
self.assertEquals(user_doc["email"], struct["email"])
self.assertNotEquals(user_doc["password"], struct["password"])
# User has been added - verify it has no activated tokens
for token in user_doc.get("access_tokens", []):
self.assertFalse(token.get("activated_timestamp"))
# Issue a token for this user
access_token = backend.issue_access_token(user_doc["_id"])
# Verify user has this access token in their user document
user_doc = self.db.users.find_one({"username":struct["username"]})
doc_token = False
for token in user_doc.get("access_tokens", []):
if token.get("token") == access_token:
doc_token = token
break
self.assertEquals(doc_token["token"], access_token)
# Verify this token is not activated
self.assertFalse(doc_token.get("activated_timestamp"))
# Ensure verify_access_token on this token returns False
self.assertFalse(backend.verify_access_token(access_token))
# Now activate the token, and assert that the token is marked as
# activated in the database.
backend.activate(access_token)
user_doc = self.db.users.find_one({"username":struct["username"]})
doc_token = False
for token in user_doc.get("access_tokens", []):
if token.get("token") == access_token:
self.assertTrue(token.get("activated_timestamp"))
break
# Ensure verify_access_token on this token returns the user_id
userid = backend.verify_access_token(access_token)
self.assertEquals(userid, str(user_doc["_id"]))
def test_add_user(self, connection_mock):
# Test bad username
struct = {"username":"******"}
conn = connection_mock.instance()
connection_mock.return_value = conn
db = conn[self.settings["mongodb.db_name"]]
backend = MongoDBRegistrationBackend(self.settings, self.config)
self.assertRaises(colander.Invalid, backend.add_user, struct)
# Test good username that already exists in DB
struct["username"] = "******"
db.users.find_one.return_value = {"username":struct["username"]}
self.assertRaises(colander.Invalid, backend.add_user, struct)
# Test good, available username, writing it to DB
db.users.find_one.return_value = None
utcnow = datetime.datetime.utcnow()
with patch("pyramid_registration.mongodb.make_access_token"):
with patch("datetime.datetime"):
testtoken = "testtoken"
datetime.datetime.utcnow.return_value = utcnow
mongodb.make_access_token.return_value = testtoken
backend.add_user(struct)
db.users.insert.assert_called_once_with({"username":struct["username"],
"access_tokens":[{"created_timestamp":utcnow,"token":testtoken}]},
safe=True)
# Test writing bcrypted password value to DB
struct["password"] = "******"
hashed_pw = _hash_pw(struct["password"])
# patch bcrypt module to return the hash we just generated
with patch("pyramid_registration.mongodb.bcrypt.hashpw"):
mongodb.bcrypt.hashpw.return_value = hashed_pw
backend.add_user(struct)
db.users.insert.assert_called_with({"username":struct["username"],"password":hashed_pw,
"access_tokens":[{"created_timestamp":utcnow,"token":testtoken}]},
safe=True)
# Test writing email to DB
struct["email"] = "*****@*****.**"
del struct["password"]
backend.add_user(struct)
db.users.insert.assert_called_with({"username":struct["username"],"email":struct["email"],
"access_tokens":[{"created_timestamp":utcnow,"token":testtoken}]},
safe=True)
def test_simple_login(self):
backend = MongoDBRegistrationBackend(self.settings, self.config)
# Test good, available username, writing it to DB
password = "******"
struct = {"username":"******", "password":password, "email":"*****@*****.**"}
backend.add_user(struct)
# Now lets verify we can retrieve it correctly with a simple_login
user_doc = backend.simple_login(struct["username"], struct["password"])
self.assertEquals(struct["username"], user_doc["username"])
self.assertEquals(struct["email"], user_doc["email"])
# Same again but by email not username
user_doc = backend.simple_login(struct["email"], struct["password"])
self.assertEquals(struct["username"], user_doc["username"])
self.assertEquals(struct["email"], user_doc["email"])
# Failure case: bad password
user_doc = backend.simple_login(struct["email"], "wrongpassword")
self.assertFalse(user_doc)
def test_simple_login(self):
backend = MongoDBRegistrationBackend(self.settings, self.config)
# Test good, available username, writing it to DB
password = "******"
struct = {
"username": "******",
"password": password,
"email": "*****@*****.**"
}
backend.add_user(struct)
# Now lets verify we can retrieve it correctly with a simple_login
user_doc = backend.simple_login(struct["username"], struct["password"])
self.assertEquals(struct["username"], user_doc["username"])
self.assertEquals(struct["email"], user_doc["email"])
# Same again but by email not username
user_doc = backend.simple_login(struct["email"], struct["password"])
self.assertEquals(struct["username"], user_doc["username"])
self.assertEquals(struct["email"], user_doc["email"])
# Failure case: bad password
user_doc = backend.simple_login(struct["email"], "wrongpassword")
self.assertFalse(user_doc)
def test_add_user(self, connection_mock):
# Test bad username
struct = {"username": "******"}
conn = connection_mock.instance()
connection_mock.return_value = conn
db = conn[self.settings["mongodb.db_name"]]
backend = MongoDBRegistrationBackend(self.settings, self.config)
self.assertRaises(colander.Invalid, backend.add_user, struct)
# Test good username that already exists in DB
struct["username"] = "******"
db.users.find_one.return_value = {"username": struct["username"]}
self.assertRaises(colander.Invalid, backend.add_user, struct)
# Test good, available username, writing it to DB
db.users.find_one.return_value = None
utcnow = datetime.datetime.utcnow()
with patch("pyramid_registration.mongodb.make_access_token"):
with patch("datetime.datetime"):
testtoken = "testtoken"
datetime.datetime.utcnow.return_value = utcnow
mongodb.make_access_token.return_value = testtoken
backend.add_user(struct)
db.users.insert.assert_called_once_with(
{
"username":
struct["username"],
"access_tokens": [{
"created_timestamp": utcnow,
"token": testtoken
}]
},
safe=True)
# Test writing bcrypted password value to DB
struct["password"] = "******"
hashed_pw = _hash_pw(struct["password"])
# patch bcrypt module to return the hash we just generated
with patch("pyramid_registration.mongodb.bcrypt.hashpw"):
mongodb.bcrypt.hashpw.return_value = hashed_pw
backend.add_user(struct)
db.users.insert.assert_called_with(
{
"username":
struct["username"],
"password":
hashed_pw,
"access_tokens": [{
"created_timestamp": utcnow,
"token": testtoken
}]
},
safe=True)
# Test writing email to DB
struct["email"] = "*****@*****.**"
del struct["password"]
backend.add_user(struct)
db.users.insert.assert_called_with(
{
"username":
struct["username"],
"email":
struct["email"],
"access_tokens": [{
"created_timestamp": utcnow,
"token": testtoken
}]
},
safe=True)
