def test_failed_pass_change_with_incorrect_old_password(self): oldpassword = random_password(self.rd) newpassword = random_password(self.rd) data = { "oldpassword": oldpassword, "newpassword1": newpassword, "newpassword2": newpassword, } self.client.post(reverse("research settings"), data) self.assertTrue(get_user(self.client).is_authenticated)
def test_trying_wrong_password(self): new_password = random_password(self.rd) # change user's password response = self.client.post( self.url, { "oldpassword": random_password(self.rd), "newpassword1": new_password, "newpassword2": new_password, }, ) self.assertTrue(get_user(self.client).is_authenticated)
def test_invalid_login(self): # Meepy visits the login page, but enters the incorrect username. self.go_to_login_page() initial_url = self.browser.current_url self.get_userbox().send_keys(random_username(self.rd)) self.get_passbox().send_keys(self.password) self.get_passbox().send_keys(Keys.ENTER) self.wait_for(lambda: self.assertIn("Username does not exist.", self. browser.page_source)) self.assertEqual(self.browser.current_url, initial_url) # Meepy enters the correct username, but the incorrect password self.get_userbox().clear() self.get_userbox().send_keys(self.username) self.get_passbox().send_keys(random_password(self.rd)) self.get_passbox().send_keys(Keys.ENTER) self.wait_for(lambda: self.assertIn( "Sorry, that login was invalid. Please try again.", self.browser.page_source, )) self.assertEqual(self.browser.current_url, initial_url) # Meepy enters the correct username and password, and logs in successfully self.get_userbox().clear() self.get_passbox().clear() self.get_userbox().send_keys(self.username) self.get_passbox().send_keys(self.password) self.get_passbox().send_keys(Keys.ENTER) self.wait_for(lambda: self.assertIn("Dashboard", self.browser.title))
def test_invalid_login(self): # Try to log in as a nonexistent user form = ResearchLoginForm(data=self.form_data) self.assertFalse(form.is_valid()) # Try to log in as a deactivated user user = User.objects.create_user(username=self.username, email=self.email, password=self.password) form = ResearchLoginForm(data=self.form_data) self.assertTrue(form.is_valid()) user.is_active = False user.save() form = ResearchLoginForm(data=self.form_data) self.assertFalse(form.is_valid()) # Try to log in with an invalid password data = { "username": self.username, "password": random_password(self.rd) } form = ResearchLoginForm(data=data) self.assertFalse(form.is_valid())
def setUp(self): super().setUp(preauth=True) # Create some compendium entries as user 1 test_tag = CompendiumEntryTag.objects.create(tagname="test_tag") test_author = Author.objects.create(authorname="test_author") self.data = { "title": "test article", "url": "https://www.example.com", "edit-entry": "", "tags": [test_tag.id], "authors": [test_author.id], } self.create_compendium_entries(self.data, 3) self.client.logout() # Create a second user, and add some entries as that user email2 = random_email(self.rd) username2 = random_username(self.rd) password2 = random_password(self.rd) self.user2 = User.objects.create_user(email=email2, username=username2, password=password2) self.client.force_login(self.user2) self.create_compendium_entries(self.data, 3)
def test_password_invalidation(self): user = User.objects.create_user( username=self.username, email=self.email, password=self.password, ) min_len = settings.MIN_PASSWORD_LENGTH max_len = settings.MAX_PASSWORD_LENGTH # Password too short password = random_password(self.rd)[: min_len - 1].encode("utf-8") with self.assertRaises(ValidationError): validate_password(password) # Password too long password = b64encode(token_bytes(200))[: max_len + 1] with self.assertRaises(ValidationError): validate_password(password) # Password is too similar to user information with self.assertRaises(ValidationError): validate_password(password, user=user) # Password is too common with self.assertRaises(ValidationError): validate_password("password12345") with self.assertRaises(ValidationError): validate_password("1234567890")
def setUp(self): super().setUp() # Create some example tags for testing self.tag_ids = [] for tagname in ("test_tag_A", "test_tag_B", "test_tag_C"): if not CompendiumEntryTag.objects.filter(tagname=tagname).exists(): new_tag = CompendiumEntryTag.objects.create(tagname=tagname) self.tag_ids.append(new_tag.id) self.title = random_password(self.rd) self.abstract = random_password(self.rd) self.url = "https://example.com" self.data = { "title": self.title, "abstract": self.abstract, "url": self.url, "tags": [self.tag_ids[0]], }
def test_invalid_logins(self): # Attempt to login as a nonexistent user self.client.login(username=self.username, password=self.password) self.assertFalse(get_user(self.client).is_authenticated) # Attempt to login as an existing user but with an invalid password User.objects.create_user(username=self.username, email=self.email, password=self.password) self.client.login(username=self.username, password=random_password(self.rd)) self.assertFalse(get_user(self.client).is_authenticated)
def test_password_change(self): """ Ensure that the ChangePasswordForm correctly validates the user input when they enter their original password, and the new passwords match. """ newpass = random_password(self.rd) data = { "oldpassword": self.password, "newpassword1": newpass, "newpassword2": newpass, } form = PasswordChangeForm(data=data) self.assertTrue(form.is_valid())
def test_password_change_should_logout(self): new_password = random_password(self.rd) # change user's password response = self.client.post( self.url, { "oldpassword": self.password, "newpassword1": new_password, "newpassword2": new_password, }, ) self.assertFalse(get_user(self.client).is_authenticated)
def test_logout_on_password_change(self): response = self.client.get(reverse("research settings")) self.assertTemplateUsed(response, "base.html") # try to change password with correct credentials newpassword = random_password(self.rd) data = { "oldpassword": self.password, "newpassword1": newpassword, "newpassword2": newpassword, } self.client.post(reverse("research settings"), data) self.assertFalse(get_user(self.client).is_authenticated)
def test_navigation_to_password_change_form(self): self.browser.get(self.live_server_url + reverse("research dashboard")) # Meepy clicks the profile button in the navbar, and then clicks the settings # button. navbar = self.browser.find_element_by_id("navbar") profile_button = navbar.find_element_by_id( "user-profile-dropdown-button") self.browser.execute_script("arguments[0].click();", profile_button) menu = navbar.find_element_by_id("user-profile-dropdown-menu") settings_button = menu.find_element_by_id("user-settings") self.browser.execute_script("arguments[0].click();", settings_button) self.wait_for(lambda: self.assertIn("Settings", self.browser.title)) # Meepy then clicks on change password link change_password_link = self.browser.find_element_by_id( "change-password-link") self.browser.execute_script("arguments[0].click();", change_password_link) # Meepy enters her current and new password (twice) and she should be # logged out on successful change of password oldpass_box = self.browser.find_element_by_id("id_oldpassword") newpass1_box = self.browser.find_element_by_id("id_newpassword1") newpass2_box = self.browser.find_element_by_id("id_newpassword2") self.assertEqual(oldpass_box.get_attribute("placeholder"), "Your old Password") self.assertEqual(newpass1_box.get_attribute("placeholder"), "New Password") self.assertEqual(newpass2_box.get_attribute("placeholder"), "Confirm New Password") newpass = random_password(self.rd) oldpass_box.send_keys(self.password) newpass1_box.send_keys(newpass) newpass2_box.send_keys(newpass) newpass2_box.send_keys(Keys.ENTER) self.wait_for(lambda: self.assertIn("Login", self.browser.title))
def test_invalid_login(self): ### Use a nonexistent username login_data = { "username": random_username(self.rd), "password": self.password } self.client.post(reverse("research login"), login_data) self.assertFalse(get_user(self.client).is_authenticated) ### Use an existing username, but an incorrect password original_db_entry = User.objects.get(username=self.username).password login_data = { "username": self.username, "password": random_password(self.rd) } self.client.post(reverse("research login"), login_data) self.assertFalse(get_user(self.client).is_authenticated) # Database should not have changed self.assertEqual(original_db_entry, User.objects.get(username=self.username).password)
def test_passwords_must_match(self): self.data["password_2"] = random_password(self.rd) self.assertFalse(SignupForm(data=self.data).is_valid())