def test_login__form_submission__success_with_full_identity(self, remember):
from nuorisovaalitadmin.models import School
from nuorisovaalitadmin.models import User
from nuorisovaalitadmin.views.login import login
session = DBSession()
populate_testing_db()
school = session.query(School).first()
self.assertTrue(school is not None)
session.add(User(u'john.doe', u'secret', u'Jöhn Döe', u'*****@*****.**', school_or_id=school))
self.assertEquals(
session.query(User).filter_by(username=u'john.doe').first().email,
u'*****@*****.**')
remember.return_value = [('X-Login', 'john.doe')]
request = testing.DummyRequest()
token = request.session.new_csrf_token()
request.POST = {
'form.submitted': u'1',
'username': u'john.doe',
'password': u'secret',
'csrf_token': token,
}
response = login(request)
self.assertEquals(dict(response.headers), {
'Content-Length': '0',
'Content-Type': 'text/html; charset=UTF-8',
'Location': 'http://example.com',
'X-Login': u'john.doe'})
self.assertEquals(request.session.pop_flash(), [u'Olet kirjautunut sisään.'])
def test_login__form_submission__invalid_password(self):
from nuorisovaalitadmin.models import School
from nuorisovaalitadmin.models import User
from nuorisovaalitadmin.views.login import login
session = DBSession()
populate_testing_db()
school = session.query(School).first()
self.assertTrue(school is not None)
session.add(User(u'john.doe', u'secret', u'Jöhn Döe', u'*****@*****.**', school_or_id=school))
session.flush()
self.assertEquals(
session.query(User).filter_by(username=u'john.doe').first().email,
u'*****@*****.**')
request = testing.DummyRequest()
token = request.session.new_csrf_token()
request.POST = {
'form.submitted': u'1',
'username': u'john.doe',
'password': u'thisiswrong',
'csrf_token': token,
}
options = login(request)
self.assertEquals(options, {
'title': u'Kirjaudu sisään',
'action_url': 'http://example.com/login',
'username': u'john.doe',
'reset_url': 'http://example.com/reset-password',
'csrf_token': token})
def test_login__no_submission(self):
from nuorisovaalitadmin.views.login import login
request = testing.DummyRequest()
token = request.session.new_csrf_token()
options = login(request)
self.assertEquals(options, {
'title': u'Kirjaudu sisään',
'action_url': 'http://example.com/login',
'username': u'',
'reset_url': 'http://example.com/reset-password',
'csrf_token': token,
})
def test_login__form_submission__csrf_mismatch(self):
from nuorisovaalitadmin.views.login import login
request = testing.DummyRequest()
token = request.session.new_csrf_token()
request.POST = {
'form.submitted': u'1',
'username': u'john.doe',
'password': u'thisiswrong',
'csrf_token': u'invalid',
}
self.failIf(token == u'invalid')
self.assertRaises(Forbidden, lambda: login(request))
def test_login__form_submission__non_existing_user(self):
from nuorisovaalitadmin.views.login import login
request = testing.DummyRequest()
token = request.session.new_csrf_token()
request.POST = {
'form.submitted': u'1',
'username': u'john.doe',
'password': u'thisiswrong',
'csrf_token': token,
}
options = login(request)
self.assertEquals(options, {
'title': u'Kirjaudu sisään',
'action_url': 'http://example.com/login',
'username': u'john.doe',
'reset_url': 'http://example.com/reset-password',
'csrf_token': token})
