def test_User_email_with_plus_sign_is_stored_correctly(self):
email = "test+{0}@example.com".format(self.randString)
user = User.new(email, None)
user2 = User.getByEmail(email)
self.assertEqual(user2.email, email)
self.assertTrue("+" in user2.email)
user.rm()
def getUserForEmailAndOrHash(self, digest: Digest, email: Union[str,None]):
if email:
user = User.getByEmail(email)
self.checkUserAgainsDigest(digest, user)
return user
users = User.getByDigest(digest)
self.assureExactlyOneUserInList(users)
return users[0]
def getUserForEmailAndOrHash(self, digest, email):
if email:
user = User.getByEmail(email)
self.deleteDigestFromOtherUsers(user, digest)
self.checkUserAgainsDigest(digest, user)
return user
users = User.getByDigest(digest)
self.assureExactlyOneUserInList(users)
return users[0]
def getUserForEmailAndOrHash(self, digest: Digest, email: Union[str,None]):
if email:
user = User.getByEmail(email)
if user is None:
raise ReportedError([noSuchUser], 400)
self.checkUserAgainsDigest(digest, user)
return user
users = User.getByDigest(digest)
self.assureExactlyOneUserInList(users)
return users[0]
def your_user_is_deleted_in_deregistration(self):
with app.test_client() as c:
self.login(c)
user = User.getByEmail(self.usercreation_email)
self.assertTrue(user is not None)
data = dict(
csrf_token = self.getCSRF(c),
credentialType= "password",
identifier= self.usercreation_userid,
secret = self.usercreation_password
)
c.post(config.base_url+'/deregister', data=data)
user = User.getByEmail(self.usercreation_email)
self.assertTrue(user is None)
def ssl_login_registers_and_logs_in_if_you_have_cert_and_give_email(self):
self._keygenAndLogin()
self._logoutAfterKeygen()
user = User.getByEmail(self.usercreation_email)
self.deleteUser(user)
sslLoginBaseUrl = app.config.get("SSL_LOGIN_BASE_URL")
self.driver.get(sslLoginBaseUrl + '/[email protected]')
self.driver.get(sslLoginBaseUrl + '/v1/users/me')
body = self.driver.find_element_by_css_selector("BODY").text
self.assertTrue('{"credentialType": "certificate", "identifier": "' in
body)
self.assertTrue('"email": "*****@*****.**"' in body)
user = User.getByEmail("*****@*****.**")
self.deleteUser(user)
self.deleteCerts()
def your_credentials_are_deleted_in_deregistration(self):
with app.test_client() as c:
self.login(c)
user = User.getByEmail(self.usercreation_email)
creds = Credential.getByUser(user)
self.assertTrue(len(creds) > 0)
data = dict(
csrf_token = self.getCSRF(c),
credentialType= "password",
identifier= self.usercreation_userid,
secret = self.usercreation_password
)
c.post(config.base_url+'/deregister', data=data)
user = User.getByEmail(self.usercreation_email)
creds = Credential.getByUser(user)
self.assertTrue(len(creds) == 0)
def unregistered_user_can_register_with_facebook_in_the_middle_of_login_procedure_of_a_served_application(self):
if config.skipFacebookTests:
return
driver = self.driver
self._gotoOauthPage(driver)
self.switchToTab('registration')
driver.find_element_by_id("Facebook_registration_button").click()
time.sleep(1)
self.master = driver.current_window_handle
timeCount = 1;
while (len(driver.window_handles) == 1 ):
time
timeCount += 1
if ( timeCount > 50 ):
break;
for handle in driver.window_handles:
if handle!=self.master:
driver.switch_to.window(handle)
driver.find_element_by_id("pass").clear()
driver.find_element_by_id("pass").send_keys(config.fbpassword2)
driver.find_element_by_id("email").clear()
driver.find_element_by_id("email").send_keys(config.fbuser2)
driver.find_element_by_id("u_0_2").click()
driver.switch_to.window(self.master)
time.sleep(5)
self.assertTrue(driver.current_url.startswith(self.redirect_uri.lower()))
self.user = User.getByEmail(config.fbuser2)
Credential.getByUser(self.user, "facebook").rm()
self.user.rm()
def test_users_with_assurer_assurance_can_get_user_by_email(self):
self._createAssurer()
self.setupRandom()
self.createUserWithCredentials()
target = User.getByEmail(self.userCreationEmail)
resp = self.controller.doGetByEmail(target.email)
self.assertUserResponse(resp)
def deleteDigestFromOtherUsers(self, user, digest):
if digest:
users = User.getByDigest(digest)
for anotherUser in users:
if anotherUser.email != user.email:
anotherUser.hash = None
anotherUser.save()
def users_without_login_cannot_get_user_by_email(self):
self.controller._testdata.current_user = None
self.createUserWithCredentials()
target = User.getByEmail(self.usercreation_email)
with self.assertRaises(ReportedError) as e:
self.controller.do_get_by_email(target.email)
self.assertEquals(e.exception.status,403)
def if_you_register_without_hash_it_will_be_null(self):
with app.test_client() as c:
data = self.prepareData()
data.pop('digest')
c.post(config.base_url + '/v1/register', data=data)
user = User.getByEmail(self.registered_email)
self.assertEqual(user.hash, None)
def users_without_assurer_assurance_cannot_get_user_by_email(self):
user = self.createUserWithCredentials()
self.assertTrue(user is not None)
target = User.getByEmail(self.usercreation_email)
with self.assertRaises(ReportedError) as e:
self.controller.do_get_by_email(target.email)
self.assertTrue(e.exception.status,403)
def test_no_by_email_with_wrong_email(self):
self._createAssurer()
self.setupRandom()
self.createUserWithCredentials()
target = User.getByEmail(self.userCreationEmail)
with self.assertRaises(ReportedError) as context:
self.controller.doGetByEmail('u'+target.email)
self.assertEqual(context.exception.status,404)
def test_the_users_hash_is_changed_to_the_new_one(self):
with app.test_client() as client:
resp = self.login(client)
self.assertUserResponse(resp)
user = User.getByEmail(self.userCreationEmail)
self.assertEqual(user.hash, None)
digest = self.createHash()
csrf = self.getCSRF(client)
data = dict(
digest= digest,
csrf_token= csrf
)
resp = client.post(config.BASE_URL+'/v1/users/me/update_hash', data=data)
self.assertEqual(200,resp.status_code)
userAfter = User.getByEmail(self.userCreationEmail)
self.assertEqual(userAfter.hash, digest)
def users_with_assurer_assurance_can_get_user_by_email(self):
current_user = self.controller.getCurrentUser()
Assurance.new(current_user, 'assurer', current_user)
self.setupRandom()
self.createUserWithCredentials()
target = User.getByEmail(self.usercreation_email)
resp = self.controller.do_get_by_email(target.email)
self.assertUserResponse(resp)
def _do_get_by_email(self, email):
assurances = Assurance.getByUser(self.getCurrentUser())
if assurances.has_key('assurer'):
user = User.getByEmail(email)
if user is None:
raise ReportedError(["no such user"], status=404)
return self.as_dict(user)
raise ReportedError(["no authorization"], status=403)
def users_without_assurer_assurance_cannot_get_email_and_digest_for_anyone(self):
current_user = self.controller.getCurrentUser()
targetuser=self.createUserWithCredentials()
Assurance.new(targetuser,'test',current_user)
target = User.getByEmail(self.usercreation_email)
with self.assertRaises(ReportedError) as e:
self.showUserByCurrentUser(target.userid)
self.assertTrue(e.exception.status,403)
def test_password_reset_creates_password_if_it_does_not_exists(self):
form = self.createPasswordResetFormWithSecret()
user = User.getByEmail(self.userCreationEmail)
passcred = Credential.getByUser(user, "password")
passcred.rm()
self.controller.doPasswordReset(form)
newPassCred = Credential.getByUser(user, "password")
self.assertEqual(newPassCred.secret, CredentialManager.protect_secret(self.newPassword))
def tearDown(self):
test_method_name = self._testMethodName
TE.driver.save_screenshot("shippable/%s.png" % test_method_name)
if os.environ.get("E2EDEBUG"):
pdb.set_trace()
self.logOut()
fbuser = User.getByEmail(config.facebookUser1.email)
if fbuser:
self.removeFbuser(config.facebookUser1)
def no_password_reset_for_timed_out_temporary_credential(self):
password = self.mkRandomPassword()
secret = unicode(uuid4())
user = User.getByEmail(self.usercreation_email)
Credential.new(user, 'email_for_password_reset', secret, time.time()-1)
with app.test_client() as c:
data = dict(password=password, secret=secret)
resp = c.post("/v1/password_reset", data = data)
self.assertEqual(resp.status_code, 404)
def removeFbuser(self,user=None):
if user is None:
user = config.facebookUser2
self.user = User.getByEmail(user.email)
if self.user:
Credential.getByUser(self.user, "facebook").rm()
for appMap in AppMap.getForUser(self.user):
appMap.rm()
self.user.rm()
def test_users_with_assurer_assurance_can_get_email_and_digest_for_anyone(self):
current_user = self._createAssurer()
targetuser=self.createUserWithCredentials().user
Assurance.new(targetuser,'test',current_user)
target = User.getByEmail(self.userCreationEmail)
resp = self.showUserByCurrentUser(target.userid)
data = self.fromJson(resp)
assurances = data['assurances']
self.assertEqual(assurances['test'][0]['assurer'], current_user.email)
def doGetByEmail(self, email):
current_user = self.getCurrentUser()
assurances = Assurance.getByUser(current_user)
if 'assurer' in assurances:
user = User.getByEmail(email)
if user is None:
raise ReportedError([noSuchUser], status=404)
return self.as_dict(user)
raise ReportedError([noAuthorization], status=403)
def assertEmailChangeIsInitiated(self, resp):
text = self.getResponseText(resp)
self.assertEqual(200, resp.status_code)
self.assertEqual(emailChangeEmailSent, json.loads(text)['message'])
user = User.getByEmail(self.userCreationEmail)
self.userid=user.userid
tempCredential = Credential.getByUser(user, "changeemail")
self.secret = tempCredential.secret
self.assertEqual(self.newEmail, tempCredential.getAdditionalInfo())
def no_by_email_with_wrong_email(self):
current_user = self.controller.getCurrentUser()
Assurance.new(current_user, 'assurer', current_user)
self.setupRandom()
self.createUserWithCredentials()
target = User.getByEmail(self.usercreation_email)
with self.assertRaises(ReportedError) as e:
self.controller.do_get_by_email('u'+target.email)
self.assertTrue(e.exception.status,404)
def it_is_possible_to_delete_the_hash_by_not_giving_a_digest_in_the_request(self):
with app.test_client() as c:
resp = self.login(c)
self.assertUserResponse(resp)
user = User.getByEmail(self.usercreation_email)
oldHash = self.createHash()
user.hash = oldHash
userToCheck = User.getByEmail(self.usercreation_email)
self.assertEqual(userToCheck.hash, oldHash)
self.setupRandom()
csrf = self.getCSRF(c)
data = dict(
csrf_token= csrf
)
resp = c.post(config.base_url+'/v1/users/me/update_hash', data=data)
self.assertEqual(200,resp.status_code)
userAfter = User.getByEmail(self.usercreation_email)
self.assertEqual(userAfter.hash, None)
def do_main(verbose, email, assurer_email, assurances):
if verbose > 0:
print("Setting assurances {0} for user {1} by {2}".format(assurances, email, assurer_email))
user = User.getByEmail(email)
if user is None:
print "no such user: {0}".format(email)
return 2
if assurer_email == 'self':
assurer = user
else:
assurer = User.getByEmail(assurer_email)
if user is None:
print "no such assurer: {0}".format(assurer_email)
return 2
for ass in assurances:
if verbose > 1:
print("Setting assurance {0} for user {1} by {2}".format(ass, email, assurer_email))
Assurance.new(user, ass, assurer, time.time())
return 0
def do_send_password_reset_email(self, email):
user = User.getByEmail(email)
if user is None:
raise ReportedError(['Invalid email address'])
passwordResetEmailExpiration = 14400
secret=unicode(uuid4())
expirationTime = time.time() + passwordResetEmailExpiration
Credential.new(user, passwordResetCredentialType, secret, unicode(expirationTime))
self.sendPasswordResetMail(user, secret, expirationTime)
return self.simple_response("Password reset email has successfully sent.")
def test_the_server_can_get_your_user_info_with_your_access_token(self):
accessToken = self.obtainAccessToken()['access_token']
url = TE.backendUrl + "/v1/users/me"
headers = {'Authorization': 'Bearer {0}'.format(accessToken)}
resp = requests.get(url, headers=headers, verify=False)
answer = resp.json()
user = User.getByEmail(self.userCreationEmail)
appMapEntry = AppMap.get(TE.app, user)
self.assertEqual(answer['email'], appMapEntry.getEmail())
self.assertEqual(answer['assurances'], [])
def test_email_validation_gives_emailverification_assurance(self):
self.setupRandom()
with app.test_client():
email = self.registerAndObtainValidationUri()
self.assertTrue(
self.validateUri.startswith(config.BASE_URL +
"/v1/verify_email"))
with app.test_client() as client:
user = User.getByEmail(email)
creds = Credential.getByUser(user)
assurances = Assurance.getByUser(user)
self.assertTrue(emailVerification not in assurances)
resp = client.get(self.validateUri)
self.assertEqual(resp.status_code, 200)
self.assertEqual(user.email, email)
newcreds = Credential.getByUser(user)
self.assertEqual(len(creds) - 1, len(newcreds))
assurances = Assurance.getByUser(user)
self.assertTrue(assurances[emailVerification] is not None)
user.rm()
def new(cls, user, name, assurer, timestamp=None):
if timestamp is None:
timestamp = time.time()
assurance = cls(user, name, assurer, timestamp)
assurance.save()
return assurance
def __repr__(self):
return "Assurance({0},{1},{2},{3})".format(self.user, self.name,
self.assurer,
self.timestamp)
@classmethod
def removeAllForUser(cls, user):
instances = cls.query.filter_by(user=user).all()
for instance in instances:
instance.rm()
@classmethod
def getStats(klass):
assuranceStats = dict()
assurances = klass.query.with_entities(Assurance.name).add_column(
func.count(klass.name)).group_by(klass.name).all()
for name, value in assurances:
assuranceStats[name] = value
return assuranceStats
User.subscribe(Assurance.removeAllForUser, "pre_rm")
def doSendPasswordResetEmail(self, email):
user = User.getByEmail(email)
if user is None:
raise ReportedError([invalidEmailAdress,email])
self.sendPasswordResetMail(user)
return self.simple_response(passwordResetSent)
def test_your_assurances_are_deleted_in_deregistration(self):
self._doDeregistrationDoit()
user = User.getByEmail(self.userCreationEmail)
assurances = Assurance.getByUser(user)
self.assertTrue(len(assurances) == 0)
def test_your_credentials_are_deleted_in_deregistration(self):
self._doDeregistrationDoit()
user = User.getByEmail(self.userCreationEmail)
creds = Credential.getByUser(user)
self.assertTrue(len(creds) == 0)
def getStats(self):
ret = dict()
ret['users'] = User.getStats()
ret['applications'] = Application.getStats()
ret['assurances'] = Assurance.getStats()
return ret
@classmethod
def deleteExpired(cls, credType):
now = time.time()
creds = Credential.query.filter_by(credentialType=credType).all()
for c in creds:
if c.getExpirationTime() < now:
c.rm()
def __repr__(self, *args, **kwargs):
return "Credential(user={0.user.email},credentialType={0.credentialType},identifier={0.identifier},secret={0.secret})".format(
self)
@classmethod
def getByUser_as_dictlist(cls, user):
l = []
creds = Credential.query.filter_by(user=user).all()
for cred in creds:
l.append(
dict(credentialType=cred.credentialType,
identifier=cred.identifier))
return l
@classmethod
def removeAllForUser(cls, user):
creds = Credential.query.filter_by(user=user).all()
for cred in creds:
cred.rm()
User.subscribe(Credential.removeAllForUser, "pre_rm")
def test_emailChangeInit_does_not_change_email_address(self):
self.controller.emailChangeInit(self.newEmailAddress, self.user)
user = User.get(self.user.userid)
self.assertEqual(self.oldEmailAddress, self.user.email)
self.assertEqual(self.oldEmailAddress, user.email)
def updateHashForUser(self, client, assurance="test", addDigest=True, digest=None):
resp = self.doUpdateHashForUser(client, assurance, addDigest, digest)
self.assertEqual(200, resp.status_code)
self.userAfter = User.getByEmail(self.userCreationEmail)
assurances = Assurance.getByUser(self.userAfter)
return assurances
def test_confirmChangeEmail_changes_email_address_to_the_new_one(self):
self.doConfirmChangeEmail()
user = User.get(self.user.userid)
self.assertEqual(self.newEmailAddress, user.email)
def test_confirmChangeEmail_does_not_change_email_address_to_the_new_one_if_confirm_is_false(self):
self.doConfirmChangeEmail(confirm=False)
user = User.get(self.user.userid)
self.assertEqual(self.oldEmailAddress, user.email)
def validate_email(self,field):
if User.getByEmail(field.data):
raise ValidationError(thereIsAlreadyAUserWithThatEmail)
def getAuthenticatedUser(self):
authid, authenticator = self.getSession()['auth_user']
authuser = User.get(authid)
return authuser, authenticator
def test_your_user_is_deleted_in_deregistration(self):
self._doDeregistrationDoit()
user = User.getByEmail(self.userCreationEmail)
self.assertTrue(user is None)
def getUser(userid):
return User.get(userid)
def test_your_user_with_appmap_is_deleted_in_deregistration(self):
self.addAppMapToUser = True
self._doDeregistrationDoit()
user = User.getByEmail(self.userCreationEmail)
self.assertTrue(user is None)
def doPasswordReset(self):
form = self.createPasswordResetFormWithSecret()
self.controller.doPasswordReset(form)
self.user = User.getByEmail(self.userCreationEmail)
self.cred = Credential.getByUser(self.user, "password")
def test_in_unassured_hash_collision_no_user_is_deleted(self):
anotheruser = self.unAssuredCollision()
email = self.userCreationEmail
self.assertEqual(email, User.getByEmail(email).email)
self.assertEqual(anotheruser.email, User.getByEmail(anotheruser.email).email)