def test_login_forget_password_email_send(web_server, browser, dbsession,
init):
"""Send out the reset password by email, but do not answer to it, instead directly login."""
with transaction.manager:
create_user(dbsession, init.config.registry)
b = browser
b.visit(web_server)
b.find_by_css("#nav-sign-in").click()
assert b.is_element_present_by_css("#login-form")
b.click_link_by_text("Forgot your password?")
assert b.is_element_present_by_css("#forgot-password-form")
b.fill("email", EMAIL)
b.find_by_name("submit").click()
b.visit("{}/login".format(web_server))
b.fill("username", EMAIL)
b.fill("password", PASSWORD)
b.find_by_name("login_email").click()
assert b.is_element_present_by_css("#msg-you-are-logged-in")
def test_login(web_server: str, browser: DriverAPI, dbsession: Session,
init: Initializer):
"""Login as a user to the site..
This is a functional test. Prepare the test by creating one user in the database. Then try to login as this user by using Splinter test browser.
:param web_server: Functional web server py.test fixture - this string points to a started web server with test.ini configuration.
:param browser: A Splinter web browser used to execute the tests. By default ``splinter.driver.webdriver.firefox.WebDriver``, but can be altered with py.test command line options for pytest-splinter.
:param dbsession: Active SQLAlchemy database session for the test run.
"""
with transaction.manager:
# Create a dummy [email protected] user we test
create_user(dbsession,
init.config.registry,
email=EMAIL,
password=PASSWORD)
# Direct Splinter browser to the website
b = browser
b.visit(web_server)
# This link should be in the top navigation
b.find_by_css("#nav-sign-in").click()
# Link gives us the login form
assert b.is_element_present_by_css("#login-form")
b.fill("username", EMAIL)
b.fill("password", PASSWORD)
b.find_by_name("login_email").click()
# After login we see a profile link to our profile
assert b.is_element_present_by_css("#nav-logout")
def test_last_login_ip(web_server, browser, dbsession, init):
"""Record last log in IP correctly."""
with transaction.manager:
create_user(dbsession, init.config.registry)
with transaction.manager:
user = get_user(dbsession)
assert not user.last_login_ip
b = browser
b.visit(web_server)
b.click_link_by_text("Sign in")
assert b.is_element_present_by_css("#login-form")
b.fill("username", EMAIL)
b.fill("password", PASSWORD)
b.find_by_name("login_email").click()
assert b.is_element_present_by_css("#msg-you-are-logged-in")
with transaction.manager:
user = get_user(dbsession)
assert user.last_login_ip in [
ipaddress.IPv4Address("127.0.0.1"),
ipaddress.IPv6Address("::1")
]
def test_logged_in_has_authenticated_permission(web_server, dbsession: Session, browser, permission_app):
"""Logged in users can access views behind authenticated permission."""
b = browser
with transaction.manager:
create_user(dbsession, permission_app.init.config.registry)
b.visit(web_server)
login(web_server, b)
# Logged in user can access
b.visit("{}/test_authenticated".format(web_server))
assert b.is_element_present_by_css("#ok")
def test_forget_password_bad_user(web_server, browser, dbsession, init):
"""Reset password by email."""
with transaction.manager:
create_user(dbsession, init.config.registry)
b = browser
b.visit(web_server + "/login")
assert b.is_element_present_by_css("#login-form")
b.click_link_by_text("Forgot your password?")
assert b.is_element_present_by_css("#forgot-password-form")
b.fill("email", "*****@*****.**")
b.find_by_name("submit").click()
assert b.is_element_present_by_css(".error-msg-detail")
def test_login(web_server, browser, dbsession, init):
"""Login an user."""
with transaction.manager:
create_user(dbsession, init.config.registry)
b = browser
b.visit(web_server)
b.click_link_by_text("Sign in")
assert b.is_element_present_by_css("#login-form")
b.fill("username", EMAIL)
b.fill("password", PASSWORD)
b.find_by_name("login_email").click()
# After login we see a profile link to our profile
assert b.is_element_present_by_css("#nav-logout")
def test_delete_user_confirm(browser, web_server, init, dbsession):
"""Delete a user."""
b = browser
create_logged_in_user(dbsession, init.config.registry, web_server, browser, admin=True)
# Create another user who we are going to delete
with transaction.manager:
create_user(dbsession, init.config.registry, email="*****@*****.**")
b.find_by_css("#nav-admin").click()
b.find_by_css("#latest-user-shortcut").click()
b.find_by_css("#btn-crud-delete").click()
b.find_by_css("#btn-delete-yes").click()
assert b.is_element_present_by_css("#msg-item-deleted")
with transaction.manager:
assert dbsession.query(User).count() == 1
def test_query_jsonb_data(dbsession, registry, query_param, expected_lines):
"""Query JSONB field by one of its keys."""
with transaction.manager:
u = create_user(dbsession, registry)
assert isinstance(u.user_data, NestedMutationDict)
u.user_data['phone_number'] = 'xxx'
users = dbsession.query(User).filter(
User.user_data['phone_number'].astext == query_param).all()
assert len(users) == expected_lines
def test_pending_jsonb_dict_new_key(dbsession, registry):
"""Check that new keys added to JSONB that is not committed yet are persistent."""
with transaction.manager:
u = create_user(dbsession, registry)
assert isinstance(u.user_data, NestedMutationDict)
u.user_data["phone_number"] = "xxx"
with transaction.manager:
u = dbsession.query(User).first()
assert u.user_data.get("phone_number") == "xxx"
def test_add_user_existing_email(browser, web_server, init, dbsession):
"""Add a user but there already exists one with the same email."""
with transaction.manager:
create_user(dbsession, init.config.registry, email="*****@*****.**")
b = browser
create_logged_in_user(dbsession, init.config.registry, web_server, browser, admin=True)
b.find_by_css("#nav-admin").click()
b.find_by_css("#btn-panel-add-user").click()
# b.fill("username", "test2")
b.fill("email", "*****@*****.**")
b.fill("password", "secret")
b.fill("password-confirm", "secret")
b.find_by_name("add").click()
assert b.is_element_present_by_css("#error-deformField1") # Email address already taken
def test_delete_user_cancel(browser, web_server, init, dbsession):
"""Delete a user, but back off on the confirmation screen."""
b = browser
create_logged_in_user(dbsession, init.config.registry, web_server, browser, admin=True)
# Create another user who we are going to delete
with transaction.manager:
create_user(dbsession, init.config.registry, email="*****@*****.**")
b.find_by_css("#nav-admin").click()
b.find_by_css("#latest-user-shortcut").click()
b.find_by_css("#btn-crud-delete").click()
b.find_by_css("#btn-delete-no").click()
# Back to the show page
assert b.is_element_present_by_css("#crud-show")
with transaction.manager:
assert dbsession.query(User).count() == 2
def test_forget_password(web_server, browser, dbsession, init):
"""Reset password by email."""
with transaction.manager:
create_user(dbsession, init.config.registry)
b = browser
b.visit(web_server)
b.click_link_by_text("Sign in")
assert b.is_element_present_by_css("#login-form")
b.click_link_by_text("Forgot your password?")
assert b.is_element_present_by_css("#forgot-password-form")
b.fill("email", EMAIL)
b.find_by_name("submit").click()
assert b.is_element_present_by_css("#msg-check-email")
with transaction.manager:
user = get_user(dbsession)
activation_code = user.activation.code
b.visit("{}/reset-password/{}".format(web_server, activation_code))
assert b.is_element_present_by_css("#reset-password-form")
# Friendly name should be visible
assert b.is_text_present("*****@*****.**")
b.fill("password", "yyy")
b.fill("password-confirm", "yyy")
b.find_by_name("submit").click()
assert b.is_element_present_by_css("#msg-password-reset-complete")
b.fill("username", EMAIL)
b.fill("password", "yyy")
b.find_by_name("login_email").click()
assert b.is_element_present_by_css("#nav-logout")
def test_forget_password_expired_token(web_server, browser, dbsession, init):
"""Reset password by email."""
with transaction.manager:
create_user(dbsession, init.config.registry)
b = browser
b.visit(web_server + "/forgot-password")
assert b.is_element_present_by_css("#forgot-password-form")
b.fill("email", EMAIL)
b.find_by_name("submit").click()
assert b.is_element_present_by_css("#msg-check-email")
with transaction.manager:
user = get_user(dbsession)
activation = user.activation
activation.expires_at = now() - timedelta(days=365)
activation_code = activation.code
b.visit("{}/reset-password/{}".format(web_server, activation_code))
assert b.is_element_present_by_css("#not-found")
def test_non_admin_user_denied(web_server, browser, dbsession, init):
"""The second user should not see admin link nor get to the admin page."""
with transaction.manager:
u = create_user(dbsession, init.config.registry, admin=True)
assert u.is_admin()
u = create_user(dbsession,
init.config.registry,
email="*****@*****.**")
assert not u.is_admin()
b = browser
b.visit(web_server + "/login")
b.fill("username", "*****@*****.**")
b.fill("password", PASSWORD)
b.find_by_name("login_email").click()
assert not b.is_element_visible_by_css("#nav-admin")
b.visit(web_server + "/admin/")
assert b.is_element_visible_by_css("#forbidden")
def test_logout(web_server, browser, dbsession, init):
"""Log out."""
with transaction.manager:
create_user(dbsession, init.config.registry)
b = browser
b.visit("{}/{}".format(web_server, "login"))
assert b.is_element_present_by_css("#login-form")
b.fill("username", EMAIL)
b.fill("password", PASSWORD)
b.find_by_name("login_email").click()
assert b.is_element_present_by_css("#msg-you-are-logged-in")
b.find_by_css("#nav-logout").click()
# Anonynous again
assert b.is_element_present_by_css("#msg-logged-out")
assert not b.is_element_present_by_css("#nav-logout")
# We should see the log in form
assert b.is_element_present_by_css("#login-form")
def test_pagination(web_server, browser, dbsession, init):
with transaction.manager:
create_logged_in_user(
dbsession,
init.config.registry,
web_server,
browser,
admin=True
)
for index in range(1, 101):
u = create_user(
dbsession,
init.config.registry,
email="example{}@example.com".format(index)
)
dbsession.add(u)
# quick check total users
assert dbsession.query(User).count() == 101
b = browser
b.visit(web_server + "/admin/models/user/listing")
# pagination should show correct number of total
assert b.is_text_present("Total 101 items")
assert b.is_text_present("Page #1 (1-20 of 101)")
# page should show 20 rows (default size)
assert len(b.find_by_css("tr.crud-row")) == 20
# first email should be last created
assert b.find_by_css("td.crud-column-email").first.text == "*****@*****.**"
# pager should show 2 buttons, first 2 are disabled
assert len(b.find_by_css(".pager li")) == 4
assert len(b.find_by_css(".pager li.disabled")) == 2
# click to next and repeat the above tests
b.find_by_css(".pager li")[2].click()
assert b.is_text_present("Total 101 items")
assert b.is_text_present("Page #2 (21-40 of 101)")
assert len(b.find_by_css("tr.crud-row")) == 20
assert b.find_by_css("td.crud-column-email").first.text == "*****@*****.**"
assert len(b.find_by_css(".pager li")) == 4
assert len(b.find_by_css(".pager li.disabled")) == 0
def test_forget_password_disabled_user(web_server, browser, dbsession, init):
"""Reset password by email."""
with transaction.manager:
u = create_user(dbsession, init.config.registry)
u.enabled = False
b = browser
b.visit(web_server + "/login")
assert b.is_element_present_by_css("#login-form")
b.click_link_by_text("Forgot your password?")
assert b.is_element_present_by_css("#forgot-password-form")
b.fill("email", EMAIL)
b.find_by_name("submit").click()
assert b.is_element_present_by_css("#msg-cannot-reset-password")
def test_enter_admin(web_server, browser, dbsession, init):
"""The first user can open the admin page."""
with transaction.manager:
u = create_user(dbsession, init.config.registry)
site_creator = get_site_creator(init.config.registry)
site_creator.init_empty_site(dbsession, u)
assert u.is_admin()
b = browser
b.visit(web_server + "/login")
b.fill("username", EMAIL)
b.fill("password", PASSWORD)
b.find_by_name("login_email").click()
assert b.is_element_visible_by_css("#nav-admin")
b.find_by_css("#nav-admin").click()
assert b.is_element_present_by_css("#admin-main")
def test_facebook_login_disabled_user(web_server, browser, dbsession, init):
"""Logged in user which is not enabled should give an error.."""
with transaction.manager:
u = create_user(dbsession,
init.config.registry,
email=os.environ["FACEBOOK_USER"])
u.enabled = False
b = browser
b.visit(web_server)
b.click_link_by_text("Sign in")
assert b.is_element_visible_by_css("#login-form")
b.find_by_css(".btn-login-facebook").click()
do_facebook_login_if_facebook_didnt_log_us_already(browser)
assert b.is_element_present_by_css("#msg-cannot-login-social-media-user")
def populated_mailing_list(mailgun, dbsession, registry, mailing_list):
with transaction.manager:
create_user(dbsession, registry)
import_all_users(mailgun, dbsession, mailing_list)
return mailing_list