def test_passwords_must_match():
# Check for failure if password != passcheck
form = Bag(username=user_name,
password='******',
passcheck='qwe',
email='*****@*****.**',
emailcheck='*****@*****.**',
day='12',
month='12',
year=arrow.now().year - 19)
with pytest.raises(WeasylError) as err:
login.create(form)
assert 'passwordMismatch' == err.value.value
def test_DMY_out_of_valid_ranges_raises_birthdayInvalid_WeasylError():
# Check for failure state if 'day' is not an valid day e.g., 42
form = Bag(username=user_name,
password='',
passcheck='',
email='*****@*****.**',
emailcheck='*****@*****.**',
day='42',
month='12',
year='2000')
with pytest.raises(WeasylError) as err:
login.create(form)
assert 'birthdayInvalid' == err.value.value
# Check for failure state if 'month' is not an valid month e.g., 42
form = Bag(username=user_name,
password='',
passcheck='',
email='*****@*****.**',
emailcheck='*****@*****.**',
day='12',
month='42',
year='2000')
with pytest.raises(WeasylError) as err:
login.create(form)
assert 'birthdayInvalid' == err.value.value
# Check for failure state if 'year' is not an valid year e.g., -1
form = Bag(username=user_name,
password='',
passcheck='',
email='*****@*****.**',
emailcheck='*****@*****.**',
day='12',
month='12',
year='-1')
with pytest.raises(WeasylError) as err:
login.create(form)
assert 'birthdayInvalid' == err.value.value
def test_usernames_must_be_unique():
db_utils.create_user(username=user_name, email_addr="*****@*****.**")
form = Bag(username=user_name,
password='******',
passcheck='0123456789',
email=email_addr,
emailcheck=email_addr,
day='12',
month='12',
year=arrow.now().year - 19)
with pytest.raises(WeasylError) as err:
login.create(form)
assert 'usernameExists' == err.value.value
def test_DMY_not_integer_raises_birthdayInvalid_WeasylError():
# Check for failure state if 'day' is not an integer, e.g., string
form = Bag(username=user_name,
password='',
passcheck='',
email='*****@*****.**',
emailcheck='*****@*****.**',
day='test',
month='31',
year='1942')
with pytest.raises(WeasylError) as err:
login.create(form)
assert 'birthdayInvalid' == err.value.value
# Check for failure state if 'month' is not an integer, e.g., string
form = Bag(username=user_name,
password='',
passcheck='',
email='*****@*****.**',
emailcheck='*****@*****.**',
day='12',
month='test',
year='1942')
with pytest.raises(WeasylError) as err:
login.create(form)
assert 'birthdayInvalid' == err.value.value
# Check for failure state if 'year' is not an integer, e.g., string
form = Bag(username=user_name,
password='',
passcheck='',
email='*****@*****.**',
emailcheck='*****@*****.**',
day='12',
month='31',
year='test')
with pytest.raises(WeasylError) as err:
login.create(form)
assert 'birthdayInvalid' == err.value.value
def test_DMY_missing_raises_birthdayInvalid_WeasylError():
# Check for failure state if 'year' is not an valid year e.g., -1
form = Bag(username=user_name,
password='',
passcheck='',
email='*****@*****.**',
emailcheck='*****@*****.**',
day=None,
month='12',
year='2000')
with pytest.raises(WeasylError) as err:
login.create(form)
assert 'birthdayInvalid' == err.value.value
# Check for failure state if 'year' is not an valid year e.g., -1
form = Bag(username=user_name,
password='',
passcheck='',
email='*****@*****.**',
emailcheck='*****@*****.**',
day='12',
month=None,
year='2000')
with pytest.raises(WeasylError) as err:
login.create(form)
assert 'birthdayInvalid' == err.value.value
# Check for failure state if 'year' is not an valid year e.g., -1
form = Bag(username=user_name,
password='',
passcheck='',
email='*****@*****.**',
emailcheck='*****@*****.**',
day='12',
month='12',
year=None)
with pytest.raises(WeasylError) as err:
login.create(form)
assert 'birthdayInvalid' == err.value.value
def test_under_13_age_raises_birthdayInvalid_WeasylError():
# Check for failure state if computed birthday is <13 years old
form = Bag(username=user_name,
password='',
passcheck='',
email='*****@*****.**',
emailcheck='*****@*****.**',
day='12',
month='12',
year=arrow.now().year - 11)
with pytest.raises(WeasylError) as err:
login.create(form)
assert 'birthdayInvalid' == err.value.value
def test_verify_correct_information_creates_account():
form = Bag(username=user_name,
password='******',
passcheck='0123456789',
email=email_addr,
emailcheck=email_addr,
day='12',
month='12',
year=arrow.now().year - 19)
login.create(form)
# This record should exist when this function completes successfully
assert d.engine.scalar(
"SELECT EXISTS (SELECT 0 FROM logincreate WHERE login_name = %(name)s)",
name=form.username)
def test_acct_verif_token_returned_if_username_provided_to_function():
form = Bag(username=user_name, password='******', passcheck='0123456789',
email=email_addr, emailcheck=email_addr,
day='12', month='12', year=arrow.now().year - 19)
d.engine.execute(d.meta.tables["logincreate"].insert(), {
"token": token,
"username": form.username,
"login_name": form.username,
"hashpass": login.passhash(raw_password),
"email": form.email,
"birthday": arrow.Arrow(2000, 1, 1),
})
acct_verification_token = login.get_account_verification_token(email=None, username=form.username)
assert token == acct_verification_token
def test_forgotpasswordRecordMissing_WeasylError_if_reset_record_not_found():
db_utils.create_user(email_addr=email_addr, username=user_name)
password = '******'
form = Bag(email=email_addr,
username=user_name,
day=arrow.now().day,
month=arrow.now().month,
year=arrow.now().year,
token=token,
password=password,
passcheck=password)
# Technically we did this in the above test, but for completeness, target it alone
with pytest.raises(WeasylError) as err:
resetpassword.reset(form)
assert 'forgotpasswordRecordMissing' == err.value.value
def test_username_cant_be_blank_or_have_semicolon():
form = Bag(username='******',
password='******',
passcheck='0123456789',
email=email_addr,
emailcheck=email_addr,
day='12',
month='12',
year=arrow.now().year - 19)
with pytest.raises(WeasylError) as err:
login.create(form)
assert 'usernameInvalid' == err.value.value
form.username = '******'
with pytest.raises(WeasylError) as err:
login.create(form)
assert 'usernameInvalid' == err.value.value
def test_username_cannot_match_an_active_alias():
user_id = db_utils.create_user(username='******')
d.engine.execute(
"INSERT INTO useralias VALUES (%(userid)s, %(username)s, 'p')",
userid=user_id,
username=user_name)
form = Bag(username=user_name,
password='******',
passcheck='0123456789',
email=email_addr,
emailcheck=email_addr,
day='12',
month='12',
year=arrow.now().year - 19)
with pytest.raises(WeasylError) as err:
login.create(form)
assert 'usernameExists' == err.value.value
def test_link_time_field_is_updated_when_valid_token_supplied_to_function():
user_name = "test"
email_addr = "*****@*****.**"
user_id = db_utils.create_user(email_addr=email_addr, username=user_name)
form_for_request = Bag(email=email_addr,
username=user_name,
day=arrow.now().day,
month=arrow.now().month,
year=arrow.now().year)
resetpassword.request(form_for_request)
pw_reset_token = d.engine.scalar(
"SELECT token FROM forgotpassword WHERE userid = %(id)s", id=user_id)
resetpassword.prepare(pw_reset_token)
link_time = d.engine.scalar(
"SELECT link_time FROM forgotpassword WHERE token = %(token)s",
token=pw_reset_token)
assert link_time >= d.get_time()
def test_create_fails_if_username_is_a_prohibited_name():
form = Bag(username='******',
password='******',
passcheck='0123456789',
email='*****@*****.**',
emailcheck='*****@*****.**',
day='12',
month='12',
year=arrow.now().year - 19)
prohibited_names = [
"admin", "administrator", "mod", "moderator", "weasyl", "weasyladmin",
"weasylmod", "staff", "security"
]
for name in prohibited_names:
form.username = name
with pytest.raises(WeasylError) as err:
login.create(form)
assert 'usernameInvalid' == err.value.value
def test_username_cant_be_blank_or_have_semicolon():
form = Bag(username='******',
password='******',
passcheck='0123456789',
email=email_addr,
emailcheck=email_addr,
day='12',
month='12',
year=arrow.now().year - 19)
with pytest.raises(WeasylError) as err:
login.create(form)
assert 'usernameInvalid' == err.value.value
form.username = '******'
login.create(form)
assert d.engine.scalar(
"SELECT username FROM logincreate WHERE email = %(email)s LIMIT 1",
email=form.email,
) == "testloginsuite"
def test_create_fails_if_another_account_has_email_linked_to_their_account():
"""
Test checks to see if an email is tied to an active user account. If so,
login.create() will not permit another account to be made for the same
address.
"""
db_utils.create_user(username=user_name, email_addr=email_addr)
form = Bag(username="******",
password='******',
passcheck='0123456789',
email=email_addr,
emailcheck=email_addr,
day='12',
month='12',
year=arrow.now().year - 19)
login.create(form)
query = d.engine.scalar("""
SELECT username FROM logincreate WHERE username = %(username)s AND invalid IS TRUE
""",
username=form.username)
assert query == "user"
def test_passwords_must_be_of_sufficient_length():
password = "******"
form = Bag(username=user_name,
password=password,
passcheck=password,
email='foo',
emailcheck='foo',
day='12',
month='12',
year=arrow.now().year - 19)
# Insecure length
with pytest.raises(WeasylError) as err:
login.create(form)
assert 'passwordInsecure' == err.value.value
# Secure length
password = "******"
form.passcheck = form.password = password
# emailInvalid is the next failure state after passwordInsecure, so it is a 'success' for this testcase
with pytest.raises(WeasylError) as err:
login.create(form)
assert 'emailInvalid' == err.value.value
def test_usernames_cannot_match_pending_account_usernames():
d.engine.execute(
d.meta.tables["logincreate"].insert(), {
"token": 40 * "a",
"username": user_name,
"login_name": user_name,
"hashpass": login.passhash(raw_password),
"email": "*****@*****.**",
"birthday": arrow.Arrow(2000, 1, 1),
})
form = Bag(username=user_name,
password='******',
passcheck='0123456789',
email=email_addr,
emailcheck=email_addr,
day='12',
month='12',
year=arrow.now().year - 19)
with pytest.raises(WeasylError) as err:
login.create(form)
assert 'usernameExists' == err.value.value
def test_stale_records_get_deleted_when_function_is_called():
token_store = []
for i in range(20):
user_name = "testPrepare%d" % (i,)
email_addr = "*****@*****.**" % (i,)
user_id = db_utils.create_user(email_addr=email_addr, username=user_name)
form_for_request = Bag(email=email_addr, username=user_name, day=arrow.now().day,
month=arrow.now().month, year=arrow.now().year)
resetpassword.request(form_for_request)
pw_reset_token = d.engine.scalar("SELECT token FROM forgotpassword WHERE userid = %(id)s", id=user_id)
token_store.append(pw_reset_token)
# Set 5 tokens to be two hours old (0,5) (7200)
for i in range(0, 5):
d.engine.execute("UPDATE forgotpassword SET set_time = %(time)s WHERE token = %(token)s",
time=d.get_time() - 7200, token=token_store[i])
# Set 5 tokens to be 30 minutes old (5,10) (1800)
for i in range(5, 10):
d.engine.execute("UPDATE forgotpassword SET set_time = %(time)s WHERE token = %(token)s",
time=d.get_time() - 1800, token=token_store[i])
# Set 5 tokens to be 10 minutes old for the last visit time (10,15) (600)
for i in range(10, 15):
d.engine.execute("UPDATE forgotpassword SET link_time = %(time)s WHERE token = %(token)s",
time=d.get_time() - 600, token=token_store[i])
# Set 5 tokens to be 2 minutes old for the last visit time (10,15) (120)
for i in range(15, 20):
d.engine.execute("UPDATE forgotpassword SET link_time = %(time)s WHERE token = %(token)s",
time=d.get_time() - 120, token=token_store[i])
# This range should be invalid (set_time > 3600)
for i in range(0, 5):
assert not resetpassword.prepare(token_store[i])
# This range should still be valid (set_time < 3600)
for i in range(5, 10):
assert resetpassword.prepare(token_store[i])
# This range should be invalid (link_time > 300)
for i in range(10, 15):
assert not resetpassword.prepare(token_store[i])
# This range should still be valid (link_time < 300)
for i in range(15, 20):
assert resetpassword.prepare(token_store[i])
def test_create_fails_if_email_domain_is_blacklisted():
"""
Test verifies that login.create() will properly fail to register new accounts
when the domain portion of the email address is contained in the emailblacklist
table.
"""
d.engine.execute(
d.meta.tables["emailblacklist"].insert(), {
"domain_name": "blacklisted.com",
"reason": "test case for login.create()",
"added_by": db_utils.create_user(),
})
blacklisted_email = "*****@*****.**"
form = Bag(username=user_name,
password='******',
passcheck='0123456789',
email=blacklisted_email,
emailcheck=blacklisted_email,
day='12',
month='12',
year=arrow.now().year - 19)
with pytest.raises(WeasylError) as err:
login.create(form)
assert 'emailBlacklisted' == err.value.value
