def test_password_hashing():
u = create_user_with_permissions()
assert u.pass_hash
assert u.pass_salt
# test a new random salt every time a password is set (by default)
oldsalt = u.pass_salt
oldhash = u.pass_hash
u.password = '******'
assert oldsalt != u.pass_salt
assert oldhash != u.pass_hash
# use a custom salt
u.set_password('foobar', 'mysalt')
assert u.pass_salt == 'mysalt'
# using the same password and salt should result in the same hash
oldsalt = u.pass_salt
oldhash = u.pass_hash
u.set_password('foobar', 'mysalt')
assert oldsalt == u.pass_salt
assert oldhash == u.pass_hash
# now make sure the application salt will be taken into account if set
try:
settings.components.auth.password_salt = '123456'
u.set_password('foobar', 'mysalt')
assert oldsalt == u.pass_salt, u.pass_salt
# hash is different b/c of the application salt
assert oldhash != u.pass_hash
finally:
settings.components.auth.password_salt = None
def test_user_validate():
u = create_user_with_permissions()
u.password = u'testpass123'
db.sess.commit()
assert User.validate(u.login_id, u'bad_password') is None
assert User.validate(u'bad_login', u'testpass123') is None
assert User.validate(u.login_id, u'testpass123').id == u.id
def test_ok(self):
# add another user so that we can be sure we are not deleting the
# user the Client is currently logged in as, which would cause a 302
user_id = create_user_with_permissions().id
# add a group so we get 200s when working with it instead of 302s
group_id = Group.add(name=u'TestUsersManage.test_ok-group').id
# get a list of permissions (there should be at least one) so we have a real id
permission_id = Permission.pairs('id:name', Permission.name)[0][0]
routes = (
'/users/add',
'/users/login',
'/users/recover-password',
'/users/change-password',
'/users/edit/%s' % user_id,
'/users/manage',
'/users/permissions/%s' % user_id,
'/groups/add',
'/groups/edit/%s' % group_id,
'/groups/manage',
'/permissions/manage',
'/permissions/edit/%s' % permission_id,
)
for route in routes:
yield self.check_code, 200, route
routes = (
'/users/delete/%s' % user_id,
'/groups/delete/%s' % group_id,
)
for route in routes:
yield self.check_code, 302, route
def setup_class(cls):
cls.c = Client(ag.wsgi_test_app, BaseResponse)
cls.user = create_user_with_permissions()
cls.user.reset_required = True
db.sess.commit()
cls.userid = login_client_as_user(cls.c,
cls.user.login_id,
cls.user.text_password,
validate_login_response=False)
def test_cleared_login(self):
super_user = create_user_with_permissions(super_user=True)
ta = TestApp(ag.wsgi_test_app)
topost = {
'login_id': super_user.login_id,
'password': super_user.text_password,
'login-form-submit-flag': '1'
}
r = ta.post('/users/login', topost)
assert 'auth-manage' in r.user.perms
user = create_user_with_permissions()
topost = {
'login_id': user.login_id,
'password': user.text_password,
'login-form-submit-flag': '1'
}
r = ta.post('/users/login', topost)
assert len(r.user.perms) == 0
def setup_class(cls):
permissions = [
'ugp_approved_grp', 'ugp_not_approved', 'ugp_denied_grp']
for permission in permissions:
Permission.add(name=six.text_type(permission))
cls.user = create_user_with_permissions(u'ugp_approved', u'ugp_denied')
cls.user2 = create_user_with_permissions(u'ugp_approved')
cls.g1 = Group.add(name=u'ugp_g1')
cls.g2 = Group.add(name=u'ugp_g2')
Group.assign_permissions_by_name(u'ugp_g1', (u'ugp_approved_grp', u'ugp_denied',
u'ugp_denied_grp'))
Group.assign_permissions_by_name(u'ugp_g2', None, u'ugp_denied_grp')
cls.user.groups.append(cls.g1)
cls.user.groups.append(cls.g2)
db.sess.commit()
cls.perm_approved_grp = Permission.get_by(name=u'ugp_approved_grp')
cls.perm_denied = Permission.get_by(name=u'ugp_denied')
cls.perm_denied_grp = Permission.get_by(name=u'ugp_denied_grp')
def test_user_update():
u = create_user_with_permissions()
current_hash = u.pass_hash
u = User.edit(u.id, pass_hash=u'123456')
assert u.pass_hash == current_hash
u.reset_required = False
db.sess.commit()
u = User.edit(u.id, email_notify=True)
assert not u.reset_required
u = User.edit(u.id, password='******')
assert u.reset_required
def test_inactive_user(self):
user = create_user_with_permissions()
user.inactive_flag = True
db.sess.commit()
topost = {
'email_address': user.email_address,
'lost-password-form-submit-flag': 'submitted',
}
r = self.c.post('users/recover-password', data=topost)
assert r.status_code == 200, r.status
assert b'Did not find a user with email address:' in r.data
def test_user_group_assignment():
g1 = Group.add_iu(name=u'group_for_testing_%s' % randchars(15))
g2 = Group.add_iu(name=u'group_for_testing_%s' % randchars(15))
u = create_user_with_permissions()
assert u.groups == []
User.edit(u.id, assigned_groups=[g1.id, g2.id])
assert len(u.groups) == 2
assert len(g1.users) == len(g2.users) == 1
User.edit(u.id, assigned_groups=g2.id)
assert len(u.groups) == 1
assert u.groups[0].id == g2.id
def test_inactive_property():
user = create_user_with_permissions()
user.inactive_flag = True
assert user.inactive
user.inactive_flag = False
user.inactive_date = datetime.datetime(2050, 10, 10)
assert not user.inactive
user.inactive_date = datetime.datetime(2000, 10, 10)
assert user.inactive
def login_client_with_permissions(client,
approved_perms=None,
denied_perms=None,
super_user=False):
"""
Creates a user with the given permissions and then logs in with said
user.
"""
from compstack.auth.lib.testing import create_user_with_permissions, login_client_as_user
# create user
user = create_user_with_permissions(approved_perms, denied_perms,
super_user)
# save id for later since the request to the app will kill the session
user_id = user.id
# login with the user
login_client_as_user(client, user.login_id, user.text_password)
return user_id
def test_password_validate():
u = create_user_with_permissions()
password = u.text_password
assert u.validate_password(password)
assert not u.validate_password('foobar')
def test_super_edit(self):
su = create_user_with_permissions(super_user=True)
r = self.c.get('users/edit/%s' % su.id)
assert r.status_code == 200, r.status
assert b'Edit User' in r.data
def test_no_super_edit(self):
su = create_user_with_permissions(super_user=True)
r = self.c.get('users/edit/%s' % su.id)
assert r.status_code == 403, r.status
def test_super_delete(self):
su = create_user_with_permissions(super_user=True)
req, r = self.c.get('users/delete/%s' % su.id, follow_redirects=True)
assert r.status_code == 200, r.status
assert b'User deleted' in r.data
assert req.url.endswith('users/manage')
def test_user_unique():
u1 = create_user_with_permissions()
u2 = User.add_iu(login_id=u1.login_id, email_address='*****@*****.**' % u1.login_id)
assert u2 is None, '%s, %s' % (u1.id, u2.id)
u2 = User.add_iu(login_id='test%s' % u1.login_id, email_address=u1.email_address)
assert u2 is None
def setUp(self):
# create a user
self.user = create_user_with_permissions()
def test_password_reset(self):
""" has to be done in the same test function so that order is assured"""
user = create_user_with_permissions()
r = self.c.get('users/recover-password')
assert r.status_code == 200, r.status
assert b'Recover Password' in r.data
# setup the mock objects so we can test the email getting sent out
tt = minimock.TraceTracker()
smtplib.SMTP = minimock.Mock('smtplib.SMTP', tracker=None)
smtplib.SMTP.mock_returns = minimock.Mock('smtp_connection',
tracker=tt)
# test posting to the restore password view
db.sess.expire(user)
topost = {
'email_address': user.email_address,
'lost-password-form-submit-flag': 'submitted',
}
req, r = self.c.post('users/recover-password',
data=topost,
follow_redirects=True)
assert r.status_code == 200, r.status
assert b'email with a link to reset your password has been sent' in r.data, r.data
assert req.url == 'http://localhost/'
# test the mock strings (i.e. test the email that was sent out)
db.sess.expire(user)
assert tt.check('Called smtp_connection.sendmail(...%s...has been issu'
'ed to reset the password...' % user.email_address)
# restore the mocked objects
minimock.restore()
# now test resetting the password
r = self.c.get('/users/reset-password/%s/%s' %
(user.login_id, user.pass_reset_key))
assert r.status_code == 200, r.status_code
assert b'Reset Password' in r.data
assert b'Please choose a new password to complete the reset request' in r.data
# expire the date
db.sess.expire(user)
orig_reset_ts = user.pass_reset_ts
user.pass_reset_ts = datetime.datetime(2000, 10, 10)
db.sess.commit()
# check expired message
req, resp = self.c.get('/users/reset-password/%s/%s' %
(user.login_id, user.pass_reset_key),
follow_redirects=True)
assert resp.status_code == 200, resp.status
assert b'Recover Password' in resp.data
assert b'password reset link expired, use the form below to resend reset link' in resp.data
assert req.url.endswith('users/recover-password')
# unexpire the date
db.sess.expire(user)
user.pass_reset_ts = orig_reset_ts
db.sess.commit()
# check posting the new passwords
topost = {
'password': '******',
'password-confirm': 'TestPassword2',
'new-password-form-submit-flag': 'submitted',
}
req, r = self.c.post('/users/reset-password/%s/%s' %
(user.login_id, user.pass_reset_key),
data=topost,
follow_redirects=True)
assert r.status_code == 200, r.status
assert b'Your password has been reset successfully' in r.data
assert req.url == 'http://localhost/'
def test_user_get_by_login():
u = create_user_with_permissions()
obj = User.get_by(login_id=u.login_id)
assert u.id == obj.id
def test_user_name_or_login():
u = create_user_with_permissions()
assert u.name_or_login == u.login_id
u.name_first = u'testname'
assert u.name != ''
assert u.name_or_login == u.name
def setup_class(cls):
cls.c = Client(ag.wsgi_test_app, BaseResponse)
cls.userid = login_client_with_permissions(cls.c, u'prof-test-1',
u'prof-test-2')
cls.userid2 = create_user_with_permissions().id
def test_user_get_by_email():
u = create_user_with_permissions()
obj = User.get_by_email(u.email_address)
assert u.id == obj.id
obj = User.get_by_email((u'%s' % u.email_address).upper())
assert u.id == obj.id
def test_super_edit_forbidden(self):
u = create_user_with_permissions(super_user=True)
r = self.c.get('users/edit/%s' % u.id)
assert r.status_code == 403, r.status
