Exemple #1
0
    def test_activate_invalid(self):
        from horus.views import RegisterController
        from pyramid_mailer.interfaces import IMailer
        from pyramid_mailer.mailer import DummyMailer
        from horus.interfaces           import IHorusUserClass
        from horus.tests.models         import User
        from horus.interfaces           import IHorusActivationClass
        from horus.tests.models         import Activation
        self.config.registry.registerUtility(Activation, IHorusActivationClass)

        self.config.registry.registerUtility(User, IHorusUserClass)
        self.config.include('horus')
        self.config.add_route('index', '/')

        self.config.registry.registerUtility(DummyMailer(), IMailer)

        user = User(username='******', email='*****@*****.**')
        user.set_password('temp')
        user.activation = Activation()

        self.session.add(user)
        self.session.flush()

        request = testing.DummyRequest()
        request.matchdict = Mock()
        get = Mock()
        get.return_value = 'invalid'
        request.matchdict.get = get

        controller = RegisterController(request)
        response = controller.activate()
        user = User.get_by_username(request, 'sontek')

        assert not user.is_activated
        assert response.status_int == 404
Exemple #2
0
    def test_forgot_password_invalid_password(self):
        from horus.views import ForgotPasswordController
        from pyramid_mailer.interfaces import IMailer
        from pyramid_mailer.mailer import DummyMailer
        from horus.interfaces           import IHorusUserClass
        from horus.tests.models         import User

        self.config.registry.registerUtility(User, IHorusUserClass)

        self.config.add_route('index', '/')
        self.config.include('horus')
        self.config.registry.registerUtility(DummyMailer(), IMailer)

        user = User(username='******', password='******', email='*****@*****.**')
        user.set_password('foo')

        self.session.add(user)
        self.session.flush()

        request = self.get_csrf_request(post={
            'Email': 'sontek'
        }, request_method='POST')

        request.user = None

        view = ForgotPasswordController(request)
        response = view.forgot_password()

        assert len(response['errors']) == 1
Exemple #3
0
    def test_forgot_password_valid_user(self):
        from horus.views import ForgotPasswordController
        from pyramid_mailer.interfaces import IMailer
        from pyramid_mailer.mailer import DummyMailer
        from horus.interfaces           import IHorusUserClass
        from horus.tests.models         import User

        self.config.registry.registerUtility(User, IHorusUserClass)

        self.config.add_route('index', '/')
        self.config.include('horus')
        self.config.registry.registerUtility(DummyMailer(), IMailer)

        user = User(username='******', password='******', email='*****@*****.**')
        user.set_password('foo')

        self.session.add(user)
        self.session.flush()


        request = self.get_csrf_request(post={
            'Email': '*****@*****.**'
        }, request_method='POST')

        request.user = None

        flash = Mock()
        request.session.flash = flash

        view = ForgotPasswordController(request)
        response = view.forgot_password()

        flash.assert_called_with(u'Please check your e-mail to reset your password.', 'success')
        assert response.status_int == 302
Exemple #4
0
    def test_login_succeeds(self):
        """ Make sure we can login """
        from horus.tests.models import User
        from horus.interfaces     import IHorusUserClass
        from horus.interfaces   import IHorusActivationClass
        from horus.tests.models import Activation
        self.config.registry.registerUtility(Activation, IHorusActivationClass)

        self.config.registry.registerUtility(User, IHorusUserClass)

        admin = User(username='******', email='*****@*****.**')
        admin.set_password('foo')

        self.session.add(admin)
        self.session.flush()

        from horus.views import AuthController
        self.config.add_route('index', '/')

        self.config.include('horus')

        request = self.get_csrf_request(post={
                'submit': True,
                'Username': '******',
                'Password': '******',
            }, request_method='POST')

        view = AuthController(request)
        response = view.login()

        assert response.status_int == 302
Exemple #5
0
    def test_inactive_login_fails(self):
        """ Make sure we can't login with an inactive user """
        from horus.tests.models import User
        from horus.interfaces     import IHorusUserClass
        from horus.interfaces   import IHorusActivationClass
        from horus.tests.models import Activation
        self.config.registry.registerUtility(Activation, IHorusActivationClass)

        self.config.registry.registerUtility(User, IHorusUserClass)
        user = User(username='******', email='*****@*****.**')
        user.set_password('foo')
        user.activation = Activation()
        self.session.add(user)
        self.session.flush()

        from horus.views import AuthController
        self.config.add_route('index', '/')
        self.config.include('horus')

        request = self.get_csrf_request(post={
                'submit': True,
                'Username': '******',
                'Password': '******',
            }, request_method='POST')

        flash = Mock()

        request.session.flash = flash

        view = AuthController(request)
        view.login()

        flash.assert_called_with(u'Your account is not active, please check your e-mail.',
            'error')
Exemple #6
0
    def test_profile_bad_pk(self):
        from horus.views import ProfileController
        from horus.interfaces           import IHorusUserClass
        from horus.interfaces           import IHorusActivationClass
        from horus.tests.models         import User
        from horus.tests.models         import Activation

        self.config.registry.registerUtility(User, IHorusUserClass)
        self.config.registry.registerUtility(Activation, IHorusActivationClass)

        self.config.add_route('index', '/')
        self.config.include('horus')

        user = User(username='******', email='*****@*****.**')
        user.set_password('temp')

        self.session.add(user)
        self.session.flush()

        request = testing.DummyRequest()
        request.user = Mock()

        flash = Mock()
        request.session.flash = flash

        request.matchdict = Mock()
        get = Mock()
        get.return_value = 99
        request.matchdict.get = get

        view = ProfileController(request)

        response = view.profile()

        assert response.status_int == 404
Exemple #7
0
    def test_password_hashing(self):
        from horus.tests.models import User
        user1 = User(user_name='sontek', email='*****@*****.**')
        user1.set_password('password')
        self.session.add(user1)
        self.session.flush()

        assert user1.password != 'password'
        assert user1.salt != None
Exemple #8
0
    def test_reset_password_valid_user(self):
        from horus.views import ForgotPasswordController
        from hem.interfaces import IDBSession
        from horus.events import PasswordResetEvent
        from pyramid_mailer.interfaces import IMailer
        from pyramid_mailer.mailer import DummyMailer
        from horus.models import crypt
        from horus.interfaces           import IHorusUserClass
        from horus.interfaces           import IHorusActivationClass
        from horus.tests.models         import User
        from horus.tests.models         import Activation

        self.config.registry.registerUtility(User, IHorusUserClass)
        self.config.registry.registerUtility(Activation, IHorusActivationClass)


        self.config.add_route('index', '/')
        self.config.include('horus')
        self.config.registry.registerUtility(DummyMailer(), IMailer)

        user = User(username='******', email='*****@*****.**')
        user.set_password('foo')
        user.activation = Activation()

        self.session.add(user)
        self.session.flush()

        request = self.get_csrf_request(post={
            'Password': {
                'Password': '******',
                'Password-confirm': 'test123',
            },
        }, request_method='POST')

        request.matchdict = Mock()
        get = Mock()
        get.return_value = user.activation.code
        request.matchdict.get = get

        request.user = None

        flash = Mock()
        request.session.flash = flash

        def handle_password_reset(event):
            request = event.request
            session = request.registry.getUtility(IDBSession)
            session.commit()

        self.config.add_subscriber(handle_password_reset, PasswordResetEvent)

        view = ForgotPasswordController(request)
        response = view.reset_password()

        assert not crypt.check(user.password, 'temp' + user.salt)
        assert response.status_int == 302
Exemple #9
0
    def test_profile_update_password(self):
        from horus.views import ProfileController
        from hem.interfaces import IDBSession
        from horus.events import ProfileUpdatedEvent
        from horus.models import crypt
        from horus.interfaces           import IHorusUserClass
        from horus.tests.models         import User
        from horus.interfaces           import IHorusActivationClass
        from horus.tests.models         import Activation
        self.config.registry.registerUtility(Activation, IHorusActivationClass)

        self.config.registry.registerUtility(User, IHorusUserClass)

        self.config.add_route('index', '/')
        self.config.include('horus')

        user = User(username='******', email='*****@*****.**')
        user.set_password('temp')

        self.session.add(user)
        self.session.flush()

        def handle_profile_updated(event):
            request = event.request
            session = request.registry.getUtility(IDBSession)
            session.commit()

        self.config.add_subscriber(handle_profile_updated, ProfileUpdatedEvent)


        request = self.get_csrf_request(post={
            'Email': '*****@*****.**',
            'Password': {
                'Password': '******',
                'Password-confirm': 'test123',
            },
        }, request_method='POST')

        request.context = user

        request.matchdict = Mock()
        get = Mock()
        get.return_value = user.id
        request.matchdict.get = get

        flash = Mock()
        request.session.flash = flash

        view = ProfileController(request)

        view.edit_profile()
        new_user = User.get_by_id(request, user.id)

        assert new_user.email == '*****@*****.**'
        assert not crypt.check(user.password, 'temp' + user.salt)
Exemple #10
0
    def test_acl(self):
        from horus.tests.models import User
        from pyramid.security import Allow

        user1 = User(user_name='sontek', email='*****@*****.**')
        user1.set_password('foo')

        self.session.add(user1)
        self.session.flush()

        assert user1.__acl__ == [(Allow, 'user:%s' % user1.pk, 'access_user')]
Exemple #11
0
    def test_activate_invalid_user(self):
        from horus.views import RegisterController
        from pyramid_mailer.interfaces import IMailer
        from pyramid_mailer.mailer import DummyMailer
        from horus.interfaces           import IHorusUserClass
        from horus.tests.models         import User
        from horus.interfaces           import IHorusActivationClass
        from horus.tests.models         import Activation
        self.config.registry.registerUtility(Activation, IHorusActivationClass)

        self.config.registry.registerUtility(User, IHorusUserClass)
        self.config.include('horus')
        self.config.add_route('index', '/')

        self.config.registry.registerUtility(DummyMailer(), IMailer)

        bad_act = Activation()

        user = User(username='******', email='*****@*****.**')
        user.activation = Activation()
        user.set_password('foo')

        user2 = User(username='******', email='*****@*****.**')
        user2.activation = bad_act
        user2.set_password('foo2')

        self.session.add(user)
        self.session.add(user2)
        self.session.flush()

        request = testing.DummyRequest()
        request.matchdict = Mock()

        def get(val, ret):
            if val == 'code':
                return bad_act.code
            elif val == 'user_pk':
                return user.id

        request.matchdict.get = get

        controller = RegisterController(request)
        response = controller.activate()
        new_user1 = User.get_by_username(request, 'sontek')
        new_user2 = User.get_by_username(request, 'jessie')

        assert not new_user1.is_activated
        assert not new_user2.is_activated
        assert response.status_int == 404
Exemple #12
0
    def test_activate_multiple_users(self):
        from horus.views import RegisterController
        from pyramid_mailer.interfaces import IMailer
        from pyramid_mailer.mailer import DummyMailer
        from horus.interfaces           import IHorusUserClass
        from horus.tests.models         import User
        from horus.interfaces           import IHorusActivationClass
        from horus.tests.models         import Activation
        self.config.registry.registerUtility(Activation, IHorusActivationClass)

        self.config.registry.registerUtility(User, IHorusUserClass)
        self.config.include('horus')
        self.config.add_route('index', '/')

        self.config.registry.registerUtility(DummyMailer(), IMailer)

        user = User(username='******', email='*****@*****.**')
        user.activation = Activation()
        user.set_password('foo')
        user1 = User(username='******', email='*****@*****.**')
        user1.activation = Activation()
        user1.set_password('foo2')

        self.session.add(user)
        self.session.add(user1)
        self.session.flush()

        request = testing.DummyRequest()
        request.matchdict = Mock()

        def get(key, default):
            if key == 'code':
                return user1.activation.code
            else:
                return user1.id

        request.matchdict.get = get

        controller = RegisterController(request)
        response = controller.activate()
        user = User.get_by_username(request, 'sontek1')

        activations = Activation.get_all(request)

        assert len(activations.all()) == 1
        assert user.is_activated
        assert response.status_int == 302
Exemple #13
0
    def test_reset_password_invalid_password(self):
        from horus.views import ForgotPasswordController
        from pyramid_mailer.interfaces import IMailer
        from pyramid_mailer.mailer import DummyMailer
        from horus.interfaces           import IHorusUserClass
        from horus.interfaces           import IHorusActivationClass
        from horus.tests.models         import User
        from horus.tests.models         import Activation

        self.config.registry.registerUtility(User, IHorusUserClass)
        self.config.registry.registerUtility(Activation, IHorusActivationClass)

        self.config.add_route('index', '/')
        self.config.include('horus')
        self.config.registry.registerUtility(DummyMailer(), IMailer)


        user = User(username='******', password='******', email='*****@*****.**')
        user.set_password('foo')
        user.activation = Activation()

        self.session.add(user)
        self.session.flush()

        request = self.get_csrf_request(post={
            'Password': {
                'Password': '******',
                'Password-confirm': 't',
            },
        }, request_method='POST')

        request.matchdict = Mock()
        get = Mock()
        get.return_value = user.activation.code
        request.matchdict.get = get

        request.user = None

        flash = Mock()
        request.session.flash = flash

        view = ForgotPasswordController(request)
        response = view.reset_password()

        assert len(response['errors']) == 1
Exemple #14
0
    def test_user_factory(self):
        from horus.resources import UserFactory
        from horus.tests.models import User
        from horus.interfaces import IHorusUserClass
        self.config.registry.registerUtility(User, IHorusUserClass)

        user = User(user_name='sontek', email='*****@*****.**')
        user.set_password('foo')
        self.session.add(user)
        self.session.commit()

        request = testing.DummyRequest()
        factory = UserFactory(request)

        fact_user = factory[user.pk]

        assert factory.request == request
        assert user == fact_user
Exemple #15
0
    def test_group_finder(self):
        from horus import groupfinder
        from horus.tests.models import User
        from horus.tests.models import Group

        group = Group(name='foo', description='bar')
        user1 = User(username='******', email='*****@*****.**')
        user1.set_password('foo')
        group.users.append(user1)

        self.session.add(group)
        self.session.add(user1)
        self.session.flush()

        request = Mock()
        request.user = user1

        results = groupfinder(1, request)

        assert 'group:foo' in results
        assert 'user:%s' % (user1.id) in results
        assert len(results) == 2
Exemple #16
0
    def test_valid_login(self): 
        """ Call the login view, make sure routes are working """
        from horus.tests.models import User
        admin = User(username='******', email='*****@*****.**')
        admin.set_password('temp')
        self.session.add(admin)
        self.session.flush()

        res = self.app.get('/login')

        csrf = res.form.fields['csrf_token'][0].value

        res = self.app.post('/login', 
            {
                'submit': True,
                'Username': '******',
                'Password': '******',
                'csrf_token': csrf
            }
        )

        assert res.status_int == 302
Exemple #17
0
    def test_profile_update_profile_invalid(self):
        from horus.views import ProfileController
        from horus.interfaces           import IHorusUserClass
        from horus.interfaces           import IHorusActivationClass
        from horus.interfaces           import IHorusProfileSchema
        from horus.tests.models         import User
        from horus.tests.models         import Activation
        from horus.tests.schemas        import ProfileSchema

        self.config.registry.registerUtility(Activation, IHorusActivationClass)
        self.config.registry.registerUtility(User, IHorusUserClass)
        self.config.registry.registerUtility(ProfileSchema,
            IHorusProfileSchema)

        self.config.add_route('index', '/')
        self.config.include('horus')

        user = User(username='******', email='*****@*****.**')
        user.set_password('temp')
        self.session.add(user)
        self.session.flush()

        request = self.get_csrf_request(request_method='POST') 
        request.context = user

        request.matchdict = Mock()
        get = Mock()
        get.return_value = user.id
        request.matchdict.get = get


        flash = Mock()
        request.session.flash = flash

        view = ProfileController(request)

        response = view.edit_profile()

        assert len(response['errors']) == 3
Exemple #18
0
    def test_register_existing_user(self):
        from horus.views import RegisterController
        from pyramid_mailer.mailer import DummyMailer
        from pyramid_mailer.interfaces import IMailer
        from horus.interfaces           import IHorusUserClass
        from horus.tests.models         import User
        from horus.interfaces   import IHorusActivationClass
        from horus.tests.models import Activation
        self.config.registry.registerUtility(Activation, IHorusActivationClass)

        self.config.registry.registerUtility(User, IHorusUserClass)

        self.config.include('horus')
        self.config.registry.registerUtility(DummyMailer(), IMailer)

        self.config.add_route('index', '/')

        admin = User(username='******', email='*****@*****.**')
        admin.set_password('test123')
        self.session.add(admin)
        self.session.flush()

        request = self.get_csrf_request(post={
            'Username': '******',
            'Password': {
                'Password': '******',
                'Password-confirm': 'test123',
            },
            'Email': '*****@*****.**'
        }, request_method='POST')

        flash = Mock()
        request.session.flash = flash

        controller = RegisterController(request)
        controller.register()

        flash.assert_called_with(u'That username is already used.', 'error')
Exemple #19
0
    def test_reset_password_loads(self):
        from horus.views import ForgotPasswordController
        from pyramid_mailer.interfaces import IMailer
        from pyramid_mailer.mailer import DummyMailer
        from horus.interfaces           import IHorusUserClass
        from horus.tests.models         import User
        from horus.tests.models         import Activation
        from horus.interfaces           import IHorusActivationClass

        self.config.registry.registerUtility(User, IHorusUserClass)
        self.config.registry.registerUtility(Activation, IHorusActivationClass)

        self.config.add_route('index', '/')
        self.config.include('horus')
        self.config.registry.registerUtility(DummyMailer(), IMailer)

        user = User(username='******', password='******', email='*****@*****.**')
        user.set_password('foo')
        user.activation = Activation()

        self.session.add(user)
        self.session.flush()

        request = testing.DummyRequest()

        request.matchdict = Mock()
        get = Mock()
        get.return_value = user.activation.code
        request.matchdict.get = get

        request.user = None

        view = ForgotPasswordController(request)
        response = view.reset_password()

        assert response.get('form', None)
        assert 'sontek' in response['form']
Exemple #20
0
    def test_get_user_activation(self):
        from horus.tests.models import Activation
        from horus.tests.models import User

        user1 = User(username='******', email='*****@*****.**')
        user2 = User(username='******', email='*****@*****.**')
        user1.set_password('password')
        user2.set_password('password')

        activation = Activation()
        user2.activation = activation

        self.session.add(user1)
        self.session.add(user2)
        self.session.commit()

        request = testing.DummyRequest()

        new_user = User.get_by_username(request, 'sontek2')

        new_activation = Activation.get_by_code(request, activation.code)

        assert activation == new_activation
        assert new_user.activation == new_activation
Exemple #21
0
    def test_inactive_login(self):
        """ Make sure inactive users can't sign in"""
        from horus.tests.models import User
        from horus.tests.models import Activation
        admin = User(username='******', email='*****@*****.**')
        admin.activation = Activation()
        admin.set_password('temp')
        self.session.add(admin)
        self.session.flush()

        res = self.app.get('/login')

        csrf = res.form.fields['csrf_token'][0].value

        res = self.app.post('/login', 
            {
                'submit': True,
                'Username': '******',
                'Password': '******',
                'csrf_token': csrf
            }
        )

        assert 'Your account is not active, please check your e-mail.' in res.body