def setUp(self):
SeecrTestCase.setUp(self)
self.form = BasicHtmlLoginForm(action='/action', loginPath='/login', home='/home')
class BasicHtmlLoginFormTest(SeecrTestCase):
def setUp(self):
SeecrTestCase.setUp(self)
self.form = BasicHtmlLoginForm(action='/action', loginPath='/login', home='/home')
def testLoginForm(self):
result = joco(self.form.loginForm(session={}, path='/page/login2'))
self.assertEqualsWS("""<div id="login">
<form method="POST" action="/action">
<input type="hidden" name="formUrl" value="/page/login2"/>
<dl>
<dt>Username</dt>
<dd><input type="text" name="username" value=""/></dd>
<dt>Password</dt>
<dd><input type="password" name="password"/></dd>
<dd class="submit"><input type="submit" value="login"/></dd>
</dl>
</form>
</div>""", result)
def testRedirectOnGet(self):
result = joco(self.form.handleRequest(path='/whatever', Client=('127.0.0.1', 3451), Method='GET'))
header, body = result.split(CRLF*2)
self.assertTrue('302' in header)
self.assertTrue('Location: /home' in header, header)
def testLoginWithPOSTsucceeds(self):
observer = CallTrace()
self.form.addObserver(observer)
observer.returnValues['validateUser'] = True
Body = urlencode(dict(username='******', password='******'))
session = {}
result = joco(self.form.handleRequest(path='/login', Client=('127.0.0.1', 3451), Method='POST', Body=Body, session=session))
self.assertEquals('user', session['user'].name)
header, body = result.split(CRLF*2)
self.assertTrue('302' in header)
self.assertTrue('Location: /home' in header)
self.assertEquals(['validateUser'], [m.name for m in observer.calledMethods])
self.assertEquals({'username': '******', 'password':'******'}, observer.calledMethods[0].kwargs)
def testLoginWithPOSTfails(self):
observer = CallTrace()
self.form.addObserver(observer)
observer.returnValues['validateUser'] = False
Body = urlencode(dict(username='******', password='******'))
session = {}
result = joco(self.form.handleRequest(path='/login', Client=('127.0.0.1', 3451), Method='POST', Body=Body, session=session))
self.assertFalse('user' in session)
self.assertEquals({'username':'******', 'errorMessage': 'Invalid username or password'}, session['BasicHtmlLoginForm.formValues'])
header, body = result.split(CRLF*2)
self.assertTrue('302' in header)
self.assertTrue('Location: /login' in header, header)
self.assertEquals(['validateUser'], [m.name for m in observer.calledMethods])
self.assertEquals({'username': '******', 'password':'******'}, observer.calledMethods[0].kwargs)
def testLoginFormWithError(self):
session = {}
session['BasicHtmlLoginForm.formValues']={'username': '******', 'errorMessage': 'Invalid <username> or "password"'}
result = joco(self.form.loginForm(session=session, path='/show/login'))
self.assertEqualsWS("""<div id="login">
<p class="error">Invalid <username> or "password"</p>
<form method="POST" action="/action">
<input type="hidden" name="formUrl" value="/show/login"/>
<dl>
<dt>Username</dt>
<dd><input type="text" name="username" value='<us"er>'/></dd>
<dt>Password</dt>
<dd><input type="password" name="password"/></dd>
<dd class="submit"><input type="submit" value="login"/></dd>
</dl>
</form>
</div>""", result)
def testShowChangePasswordForm(self):
session = {
'user': User('username'),
'BasicHtmlLoginForm.formValues': {'errorMessage': 'BAD BOY'},
}
result = joco(self.form.changePasswordForm(session=session, path='/show/changepasswordform'))
self.assertEqualsWS("""<div id="login">
<p class="error">BAD BOY</p>
<form method="POST" action="/action/changepassword">
<input type="hidden" name="formUrl" value="/show/changepasswordform"/>
<input type="hidden" name="username" value="username"/>
<dl>
<dt>Old password</dt>
<dd><input type="password" name="oldPassword"/></dd>
<dt>New password</dt>
<dd><input type="password" name="newPassword"/></dd>
<dt>Retype new password</dt>
<dd><input type="password" name="retypedPassword"/></dd>
<dd class="submit"><input type="submit" value="change"/></dd>
</dl>
</form>
</div>""", result)
def testShowChangePasswordFormErrorWithoutUser(self):
session = {}
result = joco(self.form.changePasswordForm(session=session, path='/show/changepasswordform'))
self.assertEqualsWS("""<div id="login">
<p class="error">Please login to change password.</p>
</div>""", result)
def testChangePasswordMismatch(self):
Body = urlencode(dict(username='******', oldPassword='******', newPassword="******", retypedPassword="******", formUrl='/show/changepasswordform'))
session = {}
result = joco(self.form.handleRequest(path='/login/changepassword', Client=('127.0.0.1', 3451), Method='POST', Body=Body, session=session))
self.assertEquals({'username':'******', 'errorMessage': 'New passwords do not match'}, session['BasicHtmlLoginForm.formValues'])
self.assertEqualsWS("""HTTP/1.0 302 Redirect\r\nLocation: /show/changepasswordform\r\n\r\n""", result)
def testChangePasswordWrongOld(self):
observer = CallTrace()
self.form.addObserver(observer)
observer.returnValues['validateUser'] = False
Body = urlencode(dict(username='******', oldPassword='******', newPassword="******", retypedPassword="******", formUrl='/show/changepasswordform'))
session = {}
result = joco(self.form.handleRequest(path='/login/changepassword', Client=('127.0.0.1', 3451), Method='POST', Body=Body, session=session))
self.assertEquals({'username':'******', 'errorMessage': 'Username and password do not match.'}, session['BasicHtmlLoginForm.formValues'])
self.assertEquals("HTTP/1.0 302 Redirect\r\nLocation: /show/changepasswordform\r\n\r\n", result)
def testChangePassword(self):
observer = CallTrace()
self.form.addObserver(observer)
observer.returnValues['validateUser'] = True
Body = urlencode(dict( username='******', oldPassword='******', newPassword="******", retypedPassword="******", formUrl='/show/changepasswordform'))
session = {}
result = joco(self.form.handleRequest(path='/login/changepassword', Client=('127.0.0.1', 3451), Method='POST', Body=Body, session=session))
self.assertEquals(['validateUser', 'changePassword'], [m.name for m in observer.calledMethods])
self.assertEquals("HTTP/1.0 302 Redirect\r\nLocation: /home\r\n\r\n", result)
def testDeleteUserNoAdmin(self):
observer = CallTrace()
self.form.addObserver(observer)
result = joco(self.form.handleRequest(
path='/login/remove',
Client=('127.0.0.1', 3451),
Method='POST',
Body=urlencode(dict(username='******', formUrl='/show/userlist')),
session={}))
self.assertEquals([], [m.name for m in observer.calledMethods])
self.assertEquals("HTTP/1.0 302 Redirect\r\nLocation: /show/userlist\r\n\r\n", result)
def testDeleteUserAsAdmin(self):
observer = CallTrace(returnValues={'hasUser': True})
self.form.addObserver(observer)
result = joco(self.form.handleRequest(
path='/login/remove',
Client=('127.0.0.1', 3451),
Method='POST',
Body=urlencode(dict(username='******', formUrl='/show/userlist')),
session={'user': User('admin')}))
self.assertEquals(['hasUser', 'removeUser'], [m.name for m in observer.calledMethods])
self.assertEquals("HTTP/1.0 302 Redirect\r\nLocation: /show/userlist\r\n\r\n", result)
def testDeleteNonExistingUser(self):
observer = CallTrace(returnValues={'hasUser': False})
self.form.addObserver(observer)
session = {'user': User('admin')}
result = joco(self.form.handleRequest(
path='/login/remove',
Client=('127.0.0.1', 3451),
Method='POST',
Body=urlencode(dict(username='******', formUrl='/show/userlist')),
session=session))
self.assertEquals(['hasUser'], [m.name for m in observer.calledMethods])
self.assertEquals("HTTP/1.0 302 Redirect\r\nLocation: /show/userlist\r\n\r\n", result)
self.assertEquals({'errorMessage': 'User "user" does not exist.'}, session['BasicHtmlLoginForm.formValues'])
