def test_password_reset_no_new_password(test_project, waf, create_users):
"""Test changing password via post."""
change_form_data = {
'username': '******',
}
selector, verifier = users._generate_split_token()
token = '{0}{1}'.format(selector.decode('utf-8'), verifier.decode('utf-8'))
with get_engine().connect() as con:
query = sa.select('*').select_from(user)
row = con.execute(query).fetchone()
change_form_data['username'] = row.username
stmt = user_password_reset.insert().values(
user_id=row.id,
selector=str(selector),
verifier=hashlib.sha256(verifier).hexdigest(),
expires=get_utc(datetime.datetime.now() +
datetime.timedelta(hours=3)),
)
con.execute(stmt)
encoded_user_id = users.encode_user_id(row.id)
request, response = testing.simulate_request(waf)
middleware = testing.injected_session_start(waf, request)
request, response = waf.server.test_client.post(
f'/auth/password_reset/{encoded_user_id}/{token}/',
json=change_form_data,
headers=testing.csrf_headers())
testing.injected_session_end(waf, middleware)
assert response.status == 401
def create_users():
"""Create test users."""
engine = get_engine('default')
users.create_user_sync(engine, username='******', password='******')
users.create_user_sync(engine,
username='******',
password='******')
def handle(self, **options):
engine = get_engine()
with engine.connect() as con:
stmt = question.insert().values(
question_text='What?',
pub_date=datetime.datetime.now())
con.execute(stmt)
def test_create_user_sync(test_project, waf):
"""Test creating a user from engine."""
engine = get_engine('default')
users.create_user_sync(engine, username='******', password='******')
with engine.connect() as con:
query = sa.select('*').select_from(
tables.user).where(tables.user.c.username == 'test2')
row = [r for r in con.execute(query)][0]
assert users.check_password('pass2', row.password)
def create_admin_test_data_user(name, password='******'):
"""Create test users."""
engine = get_engine('default')
users.create_user_sync(engine, username=name, password=password)
with engine.connect() as con:
query = sa.select('*').select_from(tables.user).where(tables.user.c.username==name)
results = con.execute(query)
user_row = results.fetchone()
return user_row.id, user_row.username, password
def admin_login_user():
engine = get_engine('default')
username='******'
password='******'
users.create_user_sync(engine, username=username, password=password, is_staff=True, is_superuser=True)
with engine.connect() as con:
query = sa.select('*').select_from(tables.user).where(tables.user.c.username==username)
results = con.execute(query)
user_row = results.fetchone()
return user_row.id, user_row.username, password
def handle(self, **options):
"""Create test databases for all db connections."""
# Create test db
for key in settings.DATABASES:
test_db = settings.DATABASES[key]
test_db['database'] = 'test_' + test_db['database']
engine = get_engine(key)
if not database_exists(engine.url):
create_database(engine.url)
create_tables(settings.INSTALLED_APPS, warn=False)
pytest.main(options['unknown'])
def handle(self, **options):
print('Create a super user')
waf = Jawaf(settings.PROJECT_NAME)
username = input('Username: '******'Email Address: ')
engine = get_engine()
password = None
while(password == None):
password = getpass.getpass()
password2 = getpass.getpass('Password (again): ')
if not self._validate_password(password, password2):
password = None
create_user_from_engine(engine, username=username, password=password, email=email)
def test_data_patch(test_project, waf, admin_login_user):
"""Test posting a new user"""
user_id, username, password = create_admin_test_data_user('admin_test_put')
form_data = {
'id': user_id,
'username': '******',
'password': '******',
}
request, response = testing.simulate_login(waf, 'admin_api_test', 'admin_api_pass')
middleware = testing.injected_session_start(waf, request)
form_data[settings.CSRF_FIELD_NAME] = request['session']['csrf_token']
c_headers = testing.csrf_headers()
c_headers.pop(settings.CSRF_HEADER_NAME)
request, response = waf.server.test_client.patch('/admin/user/', json=form_data, headers=c_headers)
testing.injected_session_end(waf, middleware)
assert response.status == 200
with get_engine('default').connect() as con:
query = sa.select('*').select_from(tables.user).where(tables.user.c.id==user_id)
row = con.execute(query)
assert(row.fetchone().username == 'new')
def create_groups():
"""Create test users."""
engine = get_engine('default')
users.create_user_sync(engine,
username='******',
password='******')
users.create_user_sync(engine,
username='******',
password='******')
group_id = permissions.create_group_sync(engine,
name='AdminEditors',
permission_pairs=({
'name':
'get',
'target':
'test_app'
}, ))
with engine.connect() as con:
query = sa.select('*').select_from(tables.user).where(
tables.user.c.username == 'permission_test_admin')
user_row = [r for r in con.execute(query)][0]
permissions.add_user_to_group_sync(engine, user_row.id, group_id)
def test_password_reset(test_project, waf, create_users):
"""Test changing password via post."""
change_form_data = {
'username': '******',
'new_password': '******',
}
selector, verifier = users._generate_split_token()
token = '%s%s' % (selector.decode('utf-8'), verifier.decode('utf-8'))
with get_engine().connect() as con:
stmt = user_password_reset.insert().values(
user_id=1,
selector=str(selector),
verifier=hashlib.sha256(verifier).hexdigest(),
expires=get_utc(datetime.datetime.now() +
datetime.timedelta(hours=3)),
)
con.execute(stmt)
encoded_user_id = users.encode_user_id(1)
request, response = waf.server.test_client.post(
'/auth/password_reset/%s/%s/' % (encoded_user_id, token),
data=change_form_data)
assert response.status == 200
