def test_login_forget_password_email_send(web_server, browser, dbsession, init): """Send out the reset password by email, but do not answer to it, instead directly login.""" with transaction.manager: create_user(dbsession, init.config.registry) b = browser b.visit(web_server) b.find_by_css("#nav-sign-in").click() assert b.is_element_present_by_css("#login-form") b.click_link_by_text("Forgot your password?") assert b.is_element_present_by_css("#forgot-password-form") b.fill("email", EMAIL) b.find_by_name("submit").click() b.visit("{}/login".format(web_server)) b.fill("username", EMAIL) b.fill("password", PASSWORD) b.find_by_name("login_email").click() assert b.is_element_present_by_css("#msg-you-are-logged-in")
def test_login(web_server: str, browser: DriverAPI, dbsession: Session, init: Initializer): """Login as a user to the site.. This is a functional test. Prepare the test by creating one user in the database. Then try to login as this user by using Splinter test browser. :param web_server: Functional web server py.test fixture - this string points to a started web server with test.ini configuration. :param browser: A Splinter web browser used to execute the tests. By default ``splinter.driver.webdriver.firefox.WebDriver``, but can be altered with py.test command line options for pytest-splinter. :param dbsession: Active SQLAlchemy database session for the test run. """ with transaction.manager: # Create a dummy [email protected] user we test create_user(dbsession, init.config.registry, email=EMAIL, password=PASSWORD) # Direct Splinter browser to the website b = browser b.visit(web_server) # This link should be in the top navigation b.find_by_css("#nav-sign-in").click() # Link gives us the login form assert b.is_element_present_by_css("#login-form") b.fill("username", EMAIL) b.fill("password", PASSWORD) b.find_by_name("login_email").click() # After login we see a profile link to our profile assert b.is_element_present_by_css("#nav-logout")
def test_last_login_ip(web_server, browser, dbsession, init): """Record last log in IP correctly.""" with transaction.manager: create_user(dbsession, init.config.registry) with transaction.manager: user = get_user(dbsession) assert not user.last_login_ip b = browser b.visit(web_server) b.click_link_by_text("Sign in") assert b.is_element_present_by_css("#login-form") b.fill("username", EMAIL) b.fill("password", PASSWORD) b.find_by_name("login_email").click() assert b.is_element_present_by_css("#msg-you-are-logged-in") with transaction.manager: user = get_user(dbsession) assert user.last_login_ip in [ ipaddress.IPv4Address("127.0.0.1"), ipaddress.IPv6Address("::1") ]
def test_logged_in_has_authenticated_permission(web_server, dbsession: Session, browser, permission_app): """Logged in users can access views behind authenticated permission.""" b = browser with transaction.manager: create_user(dbsession, permission_app.init.config.registry) b.visit(web_server) login(web_server, b) # Logged in user can access b.visit("{}/test_authenticated".format(web_server)) assert b.is_element_present_by_css("#ok")
def test_forget_password_bad_user(web_server, browser, dbsession, init): """Reset password by email.""" with transaction.manager: create_user(dbsession, init.config.registry) b = browser b.visit(web_server + "/login") assert b.is_element_present_by_css("#login-form") b.click_link_by_text("Forgot your password?") assert b.is_element_present_by_css("#forgot-password-form") b.fill("email", "*****@*****.**") b.find_by_name("submit").click() assert b.is_element_present_by_css(".error-msg-detail")
def test_login(web_server, browser, dbsession, init): """Login an user.""" with transaction.manager: create_user(dbsession, init.config.registry) b = browser b.visit(web_server) b.click_link_by_text("Sign in") assert b.is_element_present_by_css("#login-form") b.fill("username", EMAIL) b.fill("password", PASSWORD) b.find_by_name("login_email").click() # After login we see a profile link to our profile assert b.is_element_present_by_css("#nav-logout")
def test_delete_user_confirm(browser, web_server, init, dbsession): """Delete a user.""" b = browser create_logged_in_user(dbsession, init.config.registry, web_server, browser, admin=True) # Create another user who we are going to delete with transaction.manager: create_user(dbsession, init.config.registry, email="*****@*****.**") b.find_by_css("#nav-admin").click() b.find_by_css("#latest-user-shortcut").click() b.find_by_css("#btn-crud-delete").click() b.find_by_css("#btn-delete-yes").click() assert b.is_element_present_by_css("#msg-item-deleted") with transaction.manager: assert dbsession.query(User).count() == 1
def test_query_jsonb_data(dbsession, registry, query_param, expected_lines): """Query JSONB field by one of its keys.""" with transaction.manager: u = create_user(dbsession, registry) assert isinstance(u.user_data, NestedMutationDict) u.user_data['phone_number'] = 'xxx' users = dbsession.query(User).filter( User.user_data['phone_number'].astext == query_param).all() assert len(users) == expected_lines
def test_pending_jsonb_dict_new_key(dbsession, registry): """Check that new keys added to JSONB that is not committed yet are persistent.""" with transaction.manager: u = create_user(dbsession, registry) assert isinstance(u.user_data, NestedMutationDict) u.user_data["phone_number"] = "xxx" with transaction.manager: u = dbsession.query(User).first() assert u.user_data.get("phone_number") == "xxx"
def test_add_user_existing_email(browser, web_server, init, dbsession): """Add a user but there already exists one with the same email.""" with transaction.manager: create_user(dbsession, init.config.registry, email="*****@*****.**") b = browser create_logged_in_user(dbsession, init.config.registry, web_server, browser, admin=True) b.find_by_css("#nav-admin").click() b.find_by_css("#btn-panel-add-user").click() # b.fill("username", "test2") b.fill("email", "*****@*****.**") b.fill("password", "secret") b.fill("password-confirm", "secret") b.find_by_name("add").click() assert b.is_element_present_by_css("#error-deformField1") # Email address already taken
def test_delete_user_cancel(browser, web_server, init, dbsession): """Delete a user, but back off on the confirmation screen.""" b = browser create_logged_in_user(dbsession, init.config.registry, web_server, browser, admin=True) # Create another user who we are going to delete with transaction.manager: create_user(dbsession, init.config.registry, email="*****@*****.**") b.find_by_css("#nav-admin").click() b.find_by_css("#latest-user-shortcut").click() b.find_by_css("#btn-crud-delete").click() b.find_by_css("#btn-delete-no").click() # Back to the show page assert b.is_element_present_by_css("#crud-show") with transaction.manager: assert dbsession.query(User).count() == 2
def test_forget_password(web_server, browser, dbsession, init): """Reset password by email.""" with transaction.manager: create_user(dbsession, init.config.registry) b = browser b.visit(web_server) b.click_link_by_text("Sign in") assert b.is_element_present_by_css("#login-form") b.click_link_by_text("Forgot your password?") assert b.is_element_present_by_css("#forgot-password-form") b.fill("email", EMAIL) b.find_by_name("submit").click() assert b.is_element_present_by_css("#msg-check-email") with transaction.manager: user = get_user(dbsession) activation_code = user.activation.code b.visit("{}/reset-password/{}".format(web_server, activation_code)) assert b.is_element_present_by_css("#reset-password-form") # Friendly name should be visible assert b.is_text_present("*****@*****.**") b.fill("password", "yyy") b.fill("password-confirm", "yyy") b.find_by_name("submit").click() assert b.is_element_present_by_css("#msg-password-reset-complete") b.fill("username", EMAIL) b.fill("password", "yyy") b.find_by_name("login_email").click() assert b.is_element_present_by_css("#nav-logout")
def test_forget_password_expired_token(web_server, browser, dbsession, init): """Reset password by email.""" with transaction.manager: create_user(dbsession, init.config.registry) b = browser b.visit(web_server + "/forgot-password") assert b.is_element_present_by_css("#forgot-password-form") b.fill("email", EMAIL) b.find_by_name("submit").click() assert b.is_element_present_by_css("#msg-check-email") with transaction.manager: user = get_user(dbsession) activation = user.activation activation.expires_at = now() - timedelta(days=365) activation_code = activation.code b.visit("{}/reset-password/{}".format(web_server, activation_code)) assert b.is_element_present_by_css("#not-found")
def test_non_admin_user_denied(web_server, browser, dbsession, init): """The second user should not see admin link nor get to the admin page.""" with transaction.manager: u = create_user(dbsession, init.config.registry, admin=True) assert u.is_admin() u = create_user(dbsession, init.config.registry, email="*****@*****.**") assert not u.is_admin() b = browser b.visit(web_server + "/login") b.fill("username", "*****@*****.**") b.fill("password", PASSWORD) b.find_by_name("login_email").click() assert not b.is_element_visible_by_css("#nav-admin") b.visit(web_server + "/admin/") assert b.is_element_visible_by_css("#forbidden")
def test_logout(web_server, browser, dbsession, init): """Log out.""" with transaction.manager: create_user(dbsession, init.config.registry) b = browser b.visit("{}/{}".format(web_server, "login")) assert b.is_element_present_by_css("#login-form") b.fill("username", EMAIL) b.fill("password", PASSWORD) b.find_by_name("login_email").click() assert b.is_element_present_by_css("#msg-you-are-logged-in") b.find_by_css("#nav-logout").click() # Anonynous again assert b.is_element_present_by_css("#msg-logged-out") assert not b.is_element_present_by_css("#nav-logout") # We should see the log in form assert b.is_element_present_by_css("#login-form")
def test_pagination(web_server, browser, dbsession, init): with transaction.manager: create_logged_in_user( dbsession, init.config.registry, web_server, browser, admin=True ) for index in range(1, 101): u = create_user( dbsession, init.config.registry, email="example{}@example.com".format(index) ) dbsession.add(u) # quick check total users assert dbsession.query(User).count() == 101 b = browser b.visit(web_server + "/admin/models/user/listing") # pagination should show correct number of total assert b.is_text_present("Total 101 items") assert b.is_text_present("Page #1 (1-20 of 101)") # page should show 20 rows (default size) assert len(b.find_by_css("tr.crud-row")) == 20 # first email should be last created assert b.find_by_css("td.crud-column-email").first.text == "*****@*****.**" # pager should show 2 buttons, first 2 are disabled assert len(b.find_by_css(".pager li")) == 4 assert len(b.find_by_css(".pager li.disabled")) == 2 # click to next and repeat the above tests b.find_by_css(".pager li")[2].click() assert b.is_text_present("Total 101 items") assert b.is_text_present("Page #2 (21-40 of 101)") assert len(b.find_by_css("tr.crud-row")) == 20 assert b.find_by_css("td.crud-column-email").first.text == "*****@*****.**" assert len(b.find_by_css(".pager li")) == 4 assert len(b.find_by_css(".pager li.disabled")) == 0
def test_forget_password_disabled_user(web_server, browser, dbsession, init): """Reset password by email.""" with transaction.manager: u = create_user(dbsession, init.config.registry) u.enabled = False b = browser b.visit(web_server + "/login") assert b.is_element_present_by_css("#login-form") b.click_link_by_text("Forgot your password?") assert b.is_element_present_by_css("#forgot-password-form") b.fill("email", EMAIL) b.find_by_name("submit").click() assert b.is_element_present_by_css("#msg-cannot-reset-password")
def test_enter_admin(web_server, browser, dbsession, init): """The first user can open the admin page.""" with transaction.manager: u = create_user(dbsession, init.config.registry) site_creator = get_site_creator(init.config.registry) site_creator.init_empty_site(dbsession, u) assert u.is_admin() b = browser b.visit(web_server + "/login") b.fill("username", EMAIL) b.fill("password", PASSWORD) b.find_by_name("login_email").click() assert b.is_element_visible_by_css("#nav-admin") b.find_by_css("#nav-admin").click() assert b.is_element_present_by_css("#admin-main")
def test_facebook_login_disabled_user(web_server, browser, dbsession, init): """Logged in user which is not enabled should give an error..""" with transaction.manager: u = create_user(dbsession, init.config.registry, email=os.environ["FACEBOOK_USER"]) u.enabled = False b = browser b.visit(web_server) b.click_link_by_text("Sign in") assert b.is_element_visible_by_css("#login-form") b.find_by_css(".btn-login-facebook").click() do_facebook_login_if_facebook_didnt_log_us_already(browser) assert b.is_element_present_by_css("#msg-cannot-login-social-media-user")
def populated_mailing_list(mailgun, dbsession, registry, mailing_list): with transaction.manager: create_user(dbsession, registry) import_all_users(mailgun, dbsession, mailing_list) return mailing_list