def test_activate_invalid(self):
from horus.views import RegisterController
from pyramid_mailer.interfaces import IMailer
from pyramid_mailer.mailer import DummyMailer
from horus.interfaces import IHorusUserClass
from horus.tests.models import User
from horus.interfaces import IHorusActivationClass
from horus.tests.models import Activation
self.config.registry.registerUtility(Activation, IHorusActivationClass)
self.config.registry.registerUtility(User, IHorusUserClass)
self.config.include('horus')
self.config.add_route('index', '/')
self.config.registry.registerUtility(DummyMailer(), IMailer)
user = User(username='******', email='*****@*****.**')
user.set_password('temp')
user.activation = Activation()
self.session.add(user)
self.session.flush()
request = testing.DummyRequest()
request.matchdict = Mock()
get = Mock()
get.return_value = 'invalid'
request.matchdict.get = get
controller = RegisterController(request)
response = controller.activate()
user = User.get_by_username(request, 'sontek')
assert not user.is_activated
assert response.status_int == 404
def test_forgot_password_invalid_password(self):
from horus.views import ForgotPasswordController
from pyramid_mailer.interfaces import IMailer
from pyramid_mailer.mailer import DummyMailer
from horus.interfaces import IHorusUserClass
from horus.tests.models import User
self.config.registry.registerUtility(User, IHorusUserClass)
self.config.add_route('index', '/')
self.config.include('horus')
self.config.registry.registerUtility(DummyMailer(), IMailer)
user = User(username='******', password='******', email='*****@*****.**')
user.set_password('foo')
self.session.add(user)
self.session.flush()
request = self.get_csrf_request(post={
'Email': 'sontek'
}, request_method='POST')
request.user = None
view = ForgotPasswordController(request)
response = view.forgot_password()
assert len(response['errors']) == 1
def test_forgot_password_valid_user(self):
from horus.views import ForgotPasswordController
from pyramid_mailer.interfaces import IMailer
from pyramid_mailer.mailer import DummyMailer
from horus.interfaces import IHorusUserClass
from horus.tests.models import User
self.config.registry.registerUtility(User, IHorusUserClass)
self.config.add_route('index', '/')
self.config.include('horus')
self.config.registry.registerUtility(DummyMailer(), IMailer)
user = User(username='******', password='******', email='*****@*****.**')
user.set_password('foo')
self.session.add(user)
self.session.flush()
request = self.get_csrf_request(post={
'Email': '*****@*****.**'
}, request_method='POST')
request.user = None
flash = Mock()
request.session.flash = flash
view = ForgotPasswordController(request)
response = view.forgot_password()
flash.assert_called_with(u'Please check your e-mail to reset your password.', 'success')
assert response.status_int == 302
def test_login_succeeds(self):
""" Make sure we can login """
from horus.tests.models import User
from horus.interfaces import IHorusUserClass
from horus.interfaces import IHorusActivationClass
from horus.tests.models import Activation
self.config.registry.registerUtility(Activation, IHorusActivationClass)
self.config.registry.registerUtility(User, IHorusUserClass)
admin = User(username='******', email='*****@*****.**')
admin.set_password('foo')
self.session.add(admin)
self.session.flush()
from horus.views import AuthController
self.config.add_route('index', '/')
self.config.include('horus')
request = self.get_csrf_request(post={
'submit': True,
'Username': '******',
'Password': '******',
}, request_method='POST')
view = AuthController(request)
response = view.login()
assert response.status_int == 302
def test_inactive_login_fails(self):
""" Make sure we can't login with an inactive user """
from horus.tests.models import User
from horus.interfaces import IHorusUserClass
from horus.interfaces import IHorusActivationClass
from horus.tests.models import Activation
self.config.registry.registerUtility(Activation, IHorusActivationClass)
self.config.registry.registerUtility(User, IHorusUserClass)
user = User(username='******', email='*****@*****.**')
user.set_password('foo')
user.activation = Activation()
self.session.add(user)
self.session.flush()
from horus.views import AuthController
self.config.add_route('index', '/')
self.config.include('horus')
request = self.get_csrf_request(post={
'submit': True,
'Username': '******',
'Password': '******',
}, request_method='POST')
flash = Mock()
request.session.flash = flash
view = AuthController(request)
view.login()
flash.assert_called_with(u'Your account is not active, please check your e-mail.',
'error')
def test_profile_bad_pk(self):
from horus.views import ProfileController
from horus.interfaces import IHorusUserClass
from horus.interfaces import IHorusActivationClass
from horus.tests.models import User
from horus.tests.models import Activation
self.config.registry.registerUtility(User, IHorusUserClass)
self.config.registry.registerUtility(Activation, IHorusActivationClass)
self.config.add_route('index', '/')
self.config.include('horus')
user = User(username='******', email='*****@*****.**')
user.set_password('temp')
self.session.add(user)
self.session.flush()
request = testing.DummyRequest()
request.user = Mock()
flash = Mock()
request.session.flash = flash
request.matchdict = Mock()
get = Mock()
get.return_value = 99
request.matchdict.get = get
view = ProfileController(request)
response = view.profile()
assert response.status_int == 404
def test_password_hashing(self):
from horus.tests.models import User
user1 = User(user_name='sontek', email='*****@*****.**')
user1.set_password('password')
self.session.add(user1)
self.session.flush()
assert user1.password != 'password'
assert user1.salt != None
def test_reset_password_valid_user(self):
from horus.views import ForgotPasswordController
from hem.interfaces import IDBSession
from horus.events import PasswordResetEvent
from pyramid_mailer.interfaces import IMailer
from pyramid_mailer.mailer import DummyMailer
from horus.models import crypt
from horus.interfaces import IHorusUserClass
from horus.interfaces import IHorusActivationClass
from horus.tests.models import User
from horus.tests.models import Activation
self.config.registry.registerUtility(User, IHorusUserClass)
self.config.registry.registerUtility(Activation, IHorusActivationClass)
self.config.add_route('index', '/')
self.config.include('horus')
self.config.registry.registerUtility(DummyMailer(), IMailer)
user = User(username='******', email='*****@*****.**')
user.set_password('foo')
user.activation = Activation()
self.session.add(user)
self.session.flush()
request = self.get_csrf_request(post={
'Password': {
'Password': '******',
'Password-confirm': 'test123',
},
}, request_method='POST')
request.matchdict = Mock()
get = Mock()
get.return_value = user.activation.code
request.matchdict.get = get
request.user = None
flash = Mock()
request.session.flash = flash
def handle_password_reset(event):
request = event.request
session = request.registry.getUtility(IDBSession)
session.commit()
self.config.add_subscriber(handle_password_reset, PasswordResetEvent)
view = ForgotPasswordController(request)
response = view.reset_password()
assert not crypt.check(user.password, 'temp' + user.salt)
assert response.status_int == 302
def test_profile_update_password(self):
from horus.views import ProfileController
from hem.interfaces import IDBSession
from horus.events import ProfileUpdatedEvent
from horus.models import crypt
from horus.interfaces import IHorusUserClass
from horus.tests.models import User
from horus.interfaces import IHorusActivationClass
from horus.tests.models import Activation
self.config.registry.registerUtility(Activation, IHorusActivationClass)
self.config.registry.registerUtility(User, IHorusUserClass)
self.config.add_route('index', '/')
self.config.include('horus')
user = User(username='******', email='*****@*****.**')
user.set_password('temp')
self.session.add(user)
self.session.flush()
def handle_profile_updated(event):
request = event.request
session = request.registry.getUtility(IDBSession)
session.commit()
self.config.add_subscriber(handle_profile_updated, ProfileUpdatedEvent)
request = self.get_csrf_request(post={
'Email': '*****@*****.**',
'Password': {
'Password': '******',
'Password-confirm': 'test123',
},
}, request_method='POST')
request.context = user
request.matchdict = Mock()
get = Mock()
get.return_value = user.id
request.matchdict.get = get
flash = Mock()
request.session.flash = flash
view = ProfileController(request)
view.edit_profile()
new_user = User.get_by_id(request, user.id)
assert new_user.email == '*****@*****.**'
assert not crypt.check(user.password, 'temp' + user.salt)
def test_acl(self):
from horus.tests.models import User
from pyramid.security import Allow
user1 = User(user_name='sontek', email='*****@*****.**')
user1.set_password('foo')
self.session.add(user1)
self.session.flush()
assert user1.__acl__ == [(Allow, 'user:%s' % user1.pk, 'access_user')]
def test_activate_invalid_user(self):
from horus.views import RegisterController
from pyramid_mailer.interfaces import IMailer
from pyramid_mailer.mailer import DummyMailer
from horus.interfaces import IHorusUserClass
from horus.tests.models import User
from horus.interfaces import IHorusActivationClass
from horus.tests.models import Activation
self.config.registry.registerUtility(Activation, IHorusActivationClass)
self.config.registry.registerUtility(User, IHorusUserClass)
self.config.include('horus')
self.config.add_route('index', '/')
self.config.registry.registerUtility(DummyMailer(), IMailer)
bad_act = Activation()
user = User(username='******', email='*****@*****.**')
user.activation = Activation()
user.set_password('foo')
user2 = User(username='******', email='*****@*****.**')
user2.activation = bad_act
user2.set_password('foo2')
self.session.add(user)
self.session.add(user2)
self.session.flush()
request = testing.DummyRequest()
request.matchdict = Mock()
def get(val, ret):
if val == 'code':
return bad_act.code
elif val == 'user_pk':
return user.id
request.matchdict.get = get
controller = RegisterController(request)
response = controller.activate()
new_user1 = User.get_by_username(request, 'sontek')
new_user2 = User.get_by_username(request, 'jessie')
assert not new_user1.is_activated
assert not new_user2.is_activated
assert response.status_int == 404
def test_activate_multiple_users(self):
from horus.views import RegisterController
from pyramid_mailer.interfaces import IMailer
from pyramid_mailer.mailer import DummyMailer
from horus.interfaces import IHorusUserClass
from horus.tests.models import User
from horus.interfaces import IHorusActivationClass
from horus.tests.models import Activation
self.config.registry.registerUtility(Activation, IHorusActivationClass)
self.config.registry.registerUtility(User, IHorusUserClass)
self.config.include('horus')
self.config.add_route('index', '/')
self.config.registry.registerUtility(DummyMailer(), IMailer)
user = User(username='******', email='*****@*****.**')
user.activation = Activation()
user.set_password('foo')
user1 = User(username='******', email='*****@*****.**')
user1.activation = Activation()
user1.set_password('foo2')
self.session.add(user)
self.session.add(user1)
self.session.flush()
request = testing.DummyRequest()
request.matchdict = Mock()
def get(key, default):
if key == 'code':
return user1.activation.code
else:
return user1.id
request.matchdict.get = get
controller = RegisterController(request)
response = controller.activate()
user = User.get_by_username(request, 'sontek1')
activations = Activation.get_all(request)
assert len(activations.all()) == 1
assert user.is_activated
assert response.status_int == 302
def test_reset_password_invalid_password(self):
from horus.views import ForgotPasswordController
from pyramid_mailer.interfaces import IMailer
from pyramid_mailer.mailer import DummyMailer
from horus.interfaces import IHorusUserClass
from horus.interfaces import IHorusActivationClass
from horus.tests.models import User
from horus.tests.models import Activation
self.config.registry.registerUtility(User, IHorusUserClass)
self.config.registry.registerUtility(Activation, IHorusActivationClass)
self.config.add_route('index', '/')
self.config.include('horus')
self.config.registry.registerUtility(DummyMailer(), IMailer)
user = User(username='******', password='******', email='*****@*****.**')
user.set_password('foo')
user.activation = Activation()
self.session.add(user)
self.session.flush()
request = self.get_csrf_request(post={
'Password': {
'Password': '******',
'Password-confirm': 't',
},
}, request_method='POST')
request.matchdict = Mock()
get = Mock()
get.return_value = user.activation.code
request.matchdict.get = get
request.user = None
flash = Mock()
request.session.flash = flash
view = ForgotPasswordController(request)
response = view.reset_password()
assert len(response['errors']) == 1
def test_user_factory(self):
from horus.resources import UserFactory
from horus.tests.models import User
from horus.interfaces import IHorusUserClass
self.config.registry.registerUtility(User, IHorusUserClass)
user = User(user_name='sontek', email='*****@*****.**')
user.set_password('foo')
self.session.add(user)
self.session.commit()
request = testing.DummyRequest()
factory = UserFactory(request)
fact_user = factory[user.pk]
assert factory.request == request
assert user == fact_user
def test_group_finder(self):
from horus import groupfinder
from horus.tests.models import User
from horus.tests.models import Group
group = Group(name='foo', description='bar')
user1 = User(username='******', email='*****@*****.**')
user1.set_password('foo')
group.users.append(user1)
self.session.add(group)
self.session.add(user1)
self.session.flush()
request = Mock()
request.user = user1
results = groupfinder(1, request)
assert 'group:foo' in results
assert 'user:%s' % (user1.id) in results
assert len(results) == 2
def test_valid_login(self):
""" Call the login view, make sure routes are working """
from horus.tests.models import User
admin = User(username='******', email='*****@*****.**')
admin.set_password('temp')
self.session.add(admin)
self.session.flush()
res = self.app.get('/login')
csrf = res.form.fields['csrf_token'][0].value
res = self.app.post('/login',
{
'submit': True,
'Username': '******',
'Password': '******',
'csrf_token': csrf
}
)
assert res.status_int == 302
def test_profile_update_profile_invalid(self):
from horus.views import ProfileController
from horus.interfaces import IHorusUserClass
from horus.interfaces import IHorusActivationClass
from horus.interfaces import IHorusProfileSchema
from horus.tests.models import User
from horus.tests.models import Activation
from horus.tests.schemas import ProfileSchema
self.config.registry.registerUtility(Activation, IHorusActivationClass)
self.config.registry.registerUtility(User, IHorusUserClass)
self.config.registry.registerUtility(ProfileSchema,
IHorusProfileSchema)
self.config.add_route('index', '/')
self.config.include('horus')
user = User(username='******', email='*****@*****.**')
user.set_password('temp')
self.session.add(user)
self.session.flush()
request = self.get_csrf_request(request_method='POST')
request.context = user
request.matchdict = Mock()
get = Mock()
get.return_value = user.id
request.matchdict.get = get
flash = Mock()
request.session.flash = flash
view = ProfileController(request)
response = view.edit_profile()
assert len(response['errors']) == 3
def test_register_existing_user(self):
from horus.views import RegisterController
from pyramid_mailer.mailer import DummyMailer
from pyramid_mailer.interfaces import IMailer
from horus.interfaces import IHorusUserClass
from horus.tests.models import User
from horus.interfaces import IHorusActivationClass
from horus.tests.models import Activation
self.config.registry.registerUtility(Activation, IHorusActivationClass)
self.config.registry.registerUtility(User, IHorusUserClass)
self.config.include('horus')
self.config.registry.registerUtility(DummyMailer(), IMailer)
self.config.add_route('index', '/')
admin = User(username='******', email='*****@*****.**')
admin.set_password('test123')
self.session.add(admin)
self.session.flush()
request = self.get_csrf_request(post={
'Username': '******',
'Password': {
'Password': '******',
'Password-confirm': 'test123',
},
'Email': '*****@*****.**'
}, request_method='POST')
flash = Mock()
request.session.flash = flash
controller = RegisterController(request)
controller.register()
flash.assert_called_with(u'That username is already used.', 'error')
def test_reset_password_loads(self):
from horus.views import ForgotPasswordController
from pyramid_mailer.interfaces import IMailer
from pyramid_mailer.mailer import DummyMailer
from horus.interfaces import IHorusUserClass
from horus.tests.models import User
from horus.tests.models import Activation
from horus.interfaces import IHorusActivationClass
self.config.registry.registerUtility(User, IHorusUserClass)
self.config.registry.registerUtility(Activation, IHorusActivationClass)
self.config.add_route('index', '/')
self.config.include('horus')
self.config.registry.registerUtility(DummyMailer(), IMailer)
user = User(username='******', password='******', email='*****@*****.**')
user.set_password('foo')
user.activation = Activation()
self.session.add(user)
self.session.flush()
request = testing.DummyRequest()
request.matchdict = Mock()
get = Mock()
get.return_value = user.activation.code
request.matchdict.get = get
request.user = None
view = ForgotPasswordController(request)
response = view.reset_password()
assert response.get('form', None)
assert 'sontek' in response['form']
def test_get_user_activation(self):
from horus.tests.models import Activation
from horus.tests.models import User
user1 = User(username='******', email='*****@*****.**')
user2 = User(username='******', email='*****@*****.**')
user1.set_password('password')
user2.set_password('password')
activation = Activation()
user2.activation = activation
self.session.add(user1)
self.session.add(user2)
self.session.commit()
request = testing.DummyRequest()
new_user = User.get_by_username(request, 'sontek2')
new_activation = Activation.get_by_code(request, activation.code)
assert activation == new_activation
assert new_user.activation == new_activation
def test_inactive_login(self):
""" Make sure inactive users can't sign in"""
from horus.tests.models import User
from horus.tests.models import Activation
admin = User(username='******', email='*****@*****.**')
admin.activation = Activation()
admin.set_password('temp')
self.session.add(admin)
self.session.flush()
res = self.app.get('/login')
csrf = res.form.fields['csrf_token'][0].value
res = self.app.post('/login',
{
'submit': True,
'Username': '******',
'Password': '******',
'csrf_token': csrf
}
)
assert 'Your account is not active, please check your e-mail.' in res.body