def test_good_login(app):
url = phase2_url + 'login/'
init_data(app.application.redis)
rv = app.post(url, data={'username': '******', 'password': '******'})
assert rv.status_code == 303
assert 'session=' in rv.headers.get('Set-Cookie')
assert 'dashboard' in rv.headers.get('Location')
rv = app.post(url, data={'username': '******', 'password': admin_password})
assert rv.status_code == 303
assert 'session=' in rv.headers.get('Set-Cookie')
assert 'dashboard' in rv.headers.get('Location')
def test_bad_login(app):
url = phase2_url + 'login/'
init_data(app.application.redis)
rv = app.post(url)
assert 'dashboard' not in rv.headers.get('Location')
assert rv.status_code == 303
rv = app.post(url, data={'username': '******', 'password': '******'})
assert 'dashboard' not in rv.headers.get('Location')
assert rv.status_code == 303
rv = app.post(url, data={'username': '******'})
assert 'dashboard' not in rv.headers.get('Location')
assert rv.status_code == 303
rv = app.post(url, data={'username': '******', 'password': '******'})
assert 'dashboard' not in rv.headers.get('Location')
assert rv.status_code == 303
def test_post_405(app):
"""Be sure this returns 405, instead of 404 or 403."""
for url in ('', 'dashboard/', 'dashboard/test/1/', 'dashboard/abc/def/'):
rv = app.post(phase2_url + url)
assert rv.status_code == 405
