class UserTest(JarrFlaskCommon):
def setUp(self):
super().setUp()
login = '******'
self.user = UserController().get(login=login)
self.user2 = UserController().get(login='******')
self.uctrl = UserController()
def test_UserResource_get(self):
resp = self.jarr_client('get', 'user', headers=None)
self.assertStatusCode(401, resp)
resp = self.jarr_client('get', 'user', user=self.user.login)
self.assertStatusCode(200, resp)
self.assertEqual(resp.json['login'], self.user.login)
self.assertFalse('password' in resp.json)
resp = self.jarr_client('get', 'user', user=self.user2.login)
self.assertStatusCode(200, resp)
self.assertEqual(resp.json['login'], self.user2.login)
self.assertFalse('password' in resp.json)
def test_UserResource_put(self):
headers = {
'Authorization': self.get_token_for(self.user2.login),
'Content-Type': 'application/json'
}
old_password = self.user2.password
data = {'email': 'not an email', 'cluster_wake_up': True}
resp = self.jarr_client('put', 'user', data=data, headers=headers)
self.assertStatusCode(200, resp)
user2 = self.uctrl.get(id=self.user2.id)
self.assertEqual(user2.email, 'not an email')
self.assertTrue(user2.cluster_wake_up)
self.assertEqual(old_password, user2.password)
data = {'password': '******'}
resp = self.jarr_client('put', 'user', data=data, headers=headers)
self.assertStatusCode(200, resp)
updated_user = self.uctrl.get(id=self.user2.id)
self.assertNotEqual(data['password'], updated_user.password)
self.assertNotEqual(old_password, updated_user.password)
self.assertTrue(updated_user.cluster_wake_up)
data = {'login': self.user.login}
resp = self.jarr_client('put', 'user', data=data, headers=headers)
self.assertStatusCode(400, resp)
def test_UserResource_delete(self):
headers = {'Authorization': self.get_token_for(self.user2.login)}
resp = self.jarr_client('delete', 'user', headers=headers)
self.assertStatusCode(204, resp)
resp = self.jarr_client('get', 'user', headers=headers)
self.assertStatusCode(404, resp)
self.assertIsNone(self.uctrl.read(id=self.user2.id).first())
class AuthTest(JarrFlaskCommon):
def setUp(self):
super().setUp()
login = '******'
self.user = UserController().get(login=login)
self.user2 = UserController().get(login='******')
self.uctrl = UserController()
@patch('jarr.lib.emails.send')
def test_password_recovery(self, mock_emails_send):
self.assertEqual('', self.user.renew_password_token)
resp = self.jarr_client('post',
'/auth/recovery',
data={
'login': self.user.login,
'email': self.user.email
})
self.assertStatusCode(204, resp)
self.assertTrue(mock_emails_send.called)
mail_content = mock_emails_send.call_args[1]['plaintext']
self.assertIn(
'/auth/recovery/%s/%s/' % (self.user.login, self.user.email),
mail_content)
self.assertIn('\n\nRegards,', mail_content)
token = mail_content.split('/')[-1].split('\n\n')[0]
self.assertEqual(token,
self.uctrl.get(id=self.user.id).renew_password_token)
# recovering with wrong token
data = {
'password': '******',
"login": self.user.login,
'email': 'fake@email',
'token': 'token'
}
resp = self.jarr_client('put', '/auth/recovery', data=data)
self.assertStatusCode(404, resp)
data['email'] = self.user.email
resp = self.jarr_client('put', '/auth/recovery', data=data)
self.assertStatusCode(403, resp)
data['email'], data['token'] = 'fake@email', token
resp = self.jarr_client('put', '/auth/recovery', data=data)
self.assertStatusCode(404, resp)
# true recovery
old_password = self.user.password
data['email'], data['token'] = self.user.email, token
resp = self.jarr_client('put', '/auth/recovery', data=data)
self.assertStatusCode(204, resp)
self.assertNotEqual(old_password,
self.uctrl.get(id=self.user.id).password)
self.assertEqual('',
self.uctrl.get(id=self.user.id).renew_password_token)
def process_ids(cls, social_id, username, email): # pragma: no cover
labels = {"method": "get", "uri": "/oauth/callback/" + cls.provider}
if social_id is None:
SERVER.labels(result="4XX", **labels).inc()
raise UnprocessableEntity('No social id, authentication failed')
ucontr = UserController()
try:
user = ucontr.get(**{'%s_identity' % cls.provider: social_id})
except NotFound:
user = None
if not user and not conf.oauth.allow_signup:
SERVER.labels(result="4XX", **labels).inc()
raise BadRequest('Account creation is not allowed through OAuth.')
if not user:
if username and not ucontr.read(login=username).count():
login = username
else:
login = '******' % (cls.provider, username or social_id)
user = ucontr.create(
**{
'%s_identity' % cls.provider: social_id,
'login': login,
'email': email
})
jwt_ext = current_app.extensions['jwt']
access_token = jwt_ext.jwt_encode_callback(user).decode('utf8')
SERVER.labels(result="2XX", **labels).inc()
return {
"access_token":
"%s %s" % (conf.auth.jwt_header_prefix, access_token)
}, 200
def test_password(self):
login = '******'
passwd = 'test_password'
ucontr = UserController()
user = ucontr.create(login=login, password=passwd)
self.assertNotEqual(passwd, user.password)
self.assertEqual(user, ucontr.check_password(login, passwd))
self.assertIsNone(ucontr.check_password(login, passwd * 2))
passwd *= 2
ucontr.update({'id': user.id}, {'password': passwd})
user = ucontr.get(id=user.id)
self.assertNotEqual(passwd, user.password)
self.assertEqual(user, ucontr.check_password(login, passwd))
self.assertIsNone(ucontr.check_password(login, passwd * 2))