def test_validate_password_too_many_failed(self):
@pretend.call_recorder
def check_password(userid, password, tags=None):
raise TooManyFailedLogins(resets_in=None)
request = pretend.stub()
user_service = pretend.stub(
find_userid=pretend.call_recorder(lambda userid: 1),
check_password=check_password,
is_disabled=pretend.call_recorder(lambda userid: (False, None)),
)
breach_service = pretend.stub()
form = forms.LoginForm(
data={"username": "******"},
request=request,
user_service=user_service,
breach_service=breach_service,
)
field = pretend.stub(data="pw")
with pytest.raises(wtforms.validators.ValidationError):
form.validate_password(field)
assert user_service.find_userid.calls == [
pretend.call("my_username"),
pretend.call("my_username"),
]
assert user_service.is_disabled.calls == [pretend.call(1)]
assert user_service.check_password.calls == [pretend.call(1, "pw", tags=None)]
def test_password_breached(self, monkeypatch):
send_email = pretend.call_recorder(lambda *a, **kw: None)
monkeypatch.setattr(forms, "send_password_compromised_email_hibp", send_email)
user = pretend.stub(id=1)
request = pretend.stub()
user_service = pretend.stub(
find_userid=lambda _: 1,
get_user=lambda _: user,
check_password=lambda userid, pw, tags=None: True,
disable_password=pretend.call_recorder(lambda user_id, reason=None: None),
is_disabled=lambda userid: (False, None),
)
breach_service = pretend.stub(
check_password=lambda pw, tags=None: True, failure_message="Bad Password!"
)
form = forms.LoginForm(
data={"password": "******"},
request=request,
user_service=user_service,
breach_service=breach_service,
)
assert not form.validate()
assert form.password.errors.pop() == "Bad Password!"
assert user_service.disable_password.calls == [
pretend.call(1, reason=DisableReason.CompromisedPassword)
]
assert send_email.calls == [pretend.call(request, user)]
def test_validate_password_ok(self):
request = pretend.stub()
user_service = pretend.stub(
find_userid=pretend.call_recorder(lambda userid: 1),
check_password=pretend.call_recorder(
lambda userid, password, tags=None: True
),
is_disabled=pretend.call_recorder(lambda userid: (False, None)),
)
breach_service = pretend.stub(
check_password=pretend.call_recorder(lambda pw, tags: False)
)
form = forms.LoginForm(
data={"username": "******"},
request=request,
user_service=user_service,
breach_service=breach_service,
check_password_metrics_tags=["bar"],
)
field = pretend.stub(data="pw")
form.validate_password(field)
assert user_service.find_userid.calls == [
pretend.call("my_username"),
pretend.call("my_username"),
]
assert user_service.is_disabled.calls == [pretend.call(1)]
assert user_service.check_password.calls == [
pretend.call(1, "pw", tags=["bar"])
]
assert breach_service.check_password.calls == [
pretend.call("pw", tags=["method:auth", "auth_method:login_form"])
]
def test_validate_password_notok(self, db_session):
request = pretend.stub()
user_service = pretend.stub(
find_userid=pretend.call_recorder(lambda userid: 1),
check_password=pretend.call_recorder(
lambda userid, password, tags=None: False
),
is_disabled=pretend.call_recorder(lambda userid: (False, None)),
)
breach_service = pretend.stub()
form = forms.LoginForm(
data={"username": "******"},
request=request,
user_service=user_service,
breach_service=breach_service,
)
field = pretend.stub(data="pw")
with pytest.raises(wtforms.validators.ValidationError):
form.validate_password(field)
assert user_service.find_userid.calls == [
pretend.call("my_username"),
pretend.call("my_username"),
]
assert user_service.is_disabled.calls == [pretend.call(1)]
assert user_service.check_password.calls == [pretend.call(1, "pw", tags=None)]
def test_validate_username_with_user(self):
user_service = pretend.stub(find_userid=pretend.call_recorder(lambda userid: 1))
form = forms.LoginForm(user_service=user_service)
field = pretend.stub(data="my_username")
form.validate_username(field)
assert user_service.find_userid.calls == [pretend.call("my_username")]
def test_validate_password_no_user(self):
user_service = pretend.stub(
find_userid=pretend.call_recorder(lambda userid: None))
form = forms.LoginForm(data={"username": "******"},
user_service=user_service)
field = pretend.stub(data="password")
form.validate_password(field)
assert user_service.find_userid.calls == [pretend.call("my_username")]
def test_validate_username_with_no_user(self):
user_service = pretend.stub(
find_userid=pretend.call_recorder(lambda userid: None))
form = forms.LoginForm(user_service=user_service)
field = pretend.stub(data="my_username")
with pytest.raises(wtforms.validators.ValidationError):
form.validate_username(field)
assert user_service.find_userid.calls == [pretend.call("my_username")]
def test_creation(self):
request = pretend.stub()
user_service = pretend.stub()
breach_service = pretend.stub()
form = forms.LoginForm(
request=request, user_service=user_service, breach_service=breach_service
)
assert form.request is request
assert form.user_service is user_service
assert form.breach_service is breach_service
def test_validate_password_ok(self):
user_service = pretend.stub(
find_userid=pretend.call_recorder(lambda userid: 1),
check_password=pretend.call_recorder(
lambda userid, password: True),
)
form = forms.LoginForm(data={"username": "******"},
user_service=user_service)
field = pretend.stub(data="pw")
form.validate_password(field)
assert user_service.find_userid.calls == [pretend.call("my_username")]
assert user_service.check_password.calls == [pretend.call(1, "pw")]
def test_validate_password_notok(self, db_session):
user_service = pretend.stub(
find_userid=pretend.call_recorder(lambda userid: 1),
check_password=pretend.call_recorder(
lambda userid, password: False),
)
form = forms.LoginForm(data={"username": "******"},
user_service=user_service)
field = pretend.stub(data="pw")
with pytest.raises(wtforms.validators.ValidationError):
form.validate_password(field)
assert user_service.find_userid.calls == [pretend.call("my_username")]
assert user_service.check_password.calls == [pretend.call(1, "pw")]
def test_validate_password_too_many_failed(self):
@pretend.call_recorder
def check_password(userid, password):
raise TooManyFailedLogins(resets_in=None)
user_service = pretend.stub(
find_userid=pretend.call_recorder(lambda userid: 1),
check_password=check_password,
)
form = forms.LoginForm(data={"username": "******"},
user_service=user_service)
field = pretend.stub(data="pw")
with pytest.raises(wtforms.validators.ValidationError):
form.validate_password(field)
assert user_service.find_userid.calls == [pretend.call("my_username")]
assert user_service.check_password.calls == [pretend.call(1, "pw")]
def test_validate_password_no_user(self):
request = pretend.stub()
user_service = pretend.stub(
find_userid=pretend.call_recorder(lambda userid: None))
breach_service = pretend.stub()
form = forms.LoginForm(
data={"username": "******"},
request=request,
user_service=user_service,
breach_service=breach_service,
)
field = pretend.stub(data="password")
form.validate_password(field)
assert user_service.find_userid.calls == [
pretend.call("my_username"),
pretend.call("my_username"),
]
def test_validate_password_disabled_for_compromised_pw(self, db_session):
request = pretend.stub()
user_service = pretend.stub(
find_userid=pretend.call_recorder(lambda userid: 1),
is_disabled=pretend.call_recorder(
lambda userid: (True, DisableReason.CompromisedPassword)
),
)
breach_service = pretend.stub(failure_message="Bad Password!")
form = forms.LoginForm(
data={"username": "******"},
request=request,
user_service=user_service,
breach_service=breach_service,
)
field = pretend.stub(data="pw")
with pytest.raises(wtforms.validators.ValidationError, match=r"Bad Password\!"):
form.validate_password(field)
assert user_service.find_userid.calls == [pretend.call("my_username")]
assert user_service.is_disabled.calls == [pretend.call(1)]
def test_validate_password_notok(self, db_session):
request = pretend.stub(remote_addr="127.0.0.1")
user_service = pretend.stub(
find_userid=pretend.call_recorder(lambda userid: 1),
check_password=pretend.call_recorder(
lambda userid, password, ip_address, tags=None: False),
is_disabled=pretend.call_recorder(lambda userid: (False, None)),
record_event=pretend.call_recorder(lambda *a, **kw: None),
)
breach_service = pretend.stub()
form = forms.LoginForm(
data={"username": "******"},
request=request,
user_service=user_service,
breach_service=breach_service,
)
field = pretend.stub(data="pw")
with pytest.raises(wtforms.validators.ValidationError):
form.validate_password(field)
assert user_service.find_userid.calls == [
pretend.call("my_username"),
pretend.call("my_username"),
]
assert user_service.is_disabled.calls == [pretend.call(1)]
assert user_service.check_password.calls == [
pretend.call(1, "pw", "127.0.0.1", tags=None)
]
assert user_service.record_event.calls == [
pretend.call(
1,
tag="account:login:failure",
ip_address="127.0.0.1",
additional={"reason": "invalid_password"},
)
]
def test_creation(self):
user_service = pretend.stub()
form = forms.LoginForm(user_service=user_service)
assert form.user_service is user_service