def test_change_no_token(client): result = client.get('/forgot-password/change') assert_redirects_with_flash( result, expected_url="/forgot-password/ask", expected_message="No token provided, please request one.", expected_category="warning", )
def test_change_invalid_token(client): result = client.get('/forgot-password/change?token=this-is-invalid') assert_redirects_with_flash( result, expected_url="/forgot-password/ask", expected_message="The token is invalid, please request a new one.", expected_category="warning", )
def test_step_2_unknown_user(client): """Register a user, step 2, but no provided username""" result = client.get('/register/confirm?username=unknown') assert_redirects_with_flash( result, expected_url="/?tab=register", expected_message="The registration seems to have failed, please try again.", expected_category="warning", )
def test_user_unauthed(client): """Check that when unauthed, the user page redirects back to /.""" result = client.get('/user/dudemcpants/') assert_redirects_with_flash( result, expected_url="/", expected_message="Please log in to continue.", expected_category="warning", )
def test_change_not_active(client, token_for_dummy_user, patched_lock): result = client.get(f'/forgot-password/change?token={token_for_dummy_user}') patched_lock["delete"].assert_called_once() assert_redirects_with_flash( result, expected_url="/forgot-password/ask", expected_message="The token has expired, please request a new one.", expected_category="warning", )
def test_user_settings_otp_enable_invalid_form(client, logged_in_dummy_user): """Test an invalid form when enabling an otp token""" result = client.post("/user/dummy/settings/otp/enable/", data={}) assert_redirects_with_flash( result, expected_url="/user/dummy/settings/otp/", expected_message="token must not be empty", expected_category="danger", )
def test_group_remove_member_invalid_form(client, dummy_user_as_group_manager): """Test an invalid form when removing a member from a group""" result = client.post('/group/dummy-group/members/remove', data={}) assert_redirects_with_flash( result, expected_url="/group/dummy-group/", expected_message="Username must not be empty", expected_category="danger", )
def test_step_3_garbled_token(client, dummy_stageuser): """Registration activation page with a bad token""" result = client.get('/register/activate?token=pants') assert_redirects_with_flash( result, expected_url="/?tab=register", expected_message="The token is invalid, please register again.", expected_category="warning", )
def test_user_settings_otp_no_permission(client, logged_in_dummy_user): """Verify that a user's OTP settings page can't be viewed by another user.""" result = client.get("/user/dudemcpants/settings/otp/") assert_redirects_with_flash( result, expected_url="/user/dudemcpants/", expected_message="You do not have permission to edit this account.", expected_category="danger", )
def test_step_3_no_token(client, dummy_stageuser): """Registration activation page but no token""" result = client.get('/register/activate') assert_redirects_with_flash( result, expected_url="/?tab=register", expected_message="No token provided, please check your email validation link.", expected_category="warning", )
def test_user_edit_post(client, logged_in_dummy_user): """Test posting to the user edit page: /user/<username>/settings/profile/""" result = client.post('/user/dummy/settings/profile/', data=POST_CONTENTS) assert_redirects_with_flash( result, expected_url="/user/dummy/settings/profile/", expected_message="Profile Updated: <a href=\"/user/dummy/\">view your profile</a>", expected_category="success", )
def test_group_add_unknown_member(client, dummy_user_as_group_manager): """Test adding a non-existent member to a group""" result = client.post('/group/dummy-group/members/', data={"new_member_username": "******"}) assert_redirects_with_flash( result, expected_url="/group/dummy-group/", expected_message="User testuser was not found in the system.", expected_category="danger", )
def test_user_settings_otp_delete_no_permission(client, logged_in_dummy_user): """Verify that another user can't delete an otp token. """ result = client.post("/user/dudemcpants/settings/otp/delete/", data={"token": "aabbcc-aabbcc"}) assert_redirects_with_flash( result, expected_url="/user/dudemcpants/", expected_message="You do not have permission to edit this account.", expected_category="danger", )
def test_step_3_unknown_user(client, token_for_dummy_user): """Registration activation page with a token pointing to an unknown user""" ipa_admin.stageuser_del(a_uid="dummy") result = client.get(f'/register/activate?token={token_for_dummy_user}') assert_redirects_with_flash( result, expected_url="/?tab=register", expected_message="This user cannot be found, please register again.", expected_category="warning", )
def test_spamcheck_wait_bad_username(client, dummy_stageuser): """Test the spamcheck_wait endpoint with a bad username""" result = client.get('/register/spamcheck-wait?username=does-not-exist') assert_redirects_with_flash( result, expected_url="/?tab=register", expected_message= "The registration seems to have failed, please try again.", expected_category="warning", )
def test_user_settings_agreements_post(client, logged_in_dummy_user, dummy_agreement): """Test signing an agreement""" result = client.post('/user/dummy/settings/agreements/', data={"agreement": "dummy agreement"}) assert_redirects_with_flash( result, expected_url="/user/dummy/settings/agreements/", expected_message="You signed the \"dummy agreement\" agreement.", expected_category="success", )
def test_user_settings_agreements_post_unknown(client, logged_in_dummy_user, dummy_agreement): """Test signing an unknown agreement""" result = client.post('/user/dummy/settings/agreements/', data={"agreement": "this does not exist"}) assert_redirects_with_flash( result, expected_url="/user/dummy/settings/agreements/", expected_message="Unknown agreement: this does not exist.", expected_category="warning", )
def test_change_too_old(client, token_for_dummy_user, patched_lock): passed_expiry = datetime.datetime.now() - datetime.timedelta(minutes=1) patched_lock["valid_until"].return_value = passed_expiry result = client.get(f'/forgot-password/change?token={token_for_dummy_user}') patched_lock["delete"].assert_called_once() assert_redirects_with_flash( result, expected_url="/forgot-password/ask", expected_message="The token has expired, please request a new one.", expected_category="warning", )
def test_user_settings_otp_enable_no_permission(client, logged_in_dummy_user): """Verify that another user can't enable an otp token. """ result = client.post( "/user/dudemcpants/settings/otp/enable/", data={"description": "pants token", "password": "******"}, ) assert_redirects_with_flash( result, expected_url="/user/dudemcpants/", expected_message="You do not have permission to edit this account.", expected_category="danger", )
def test_user_settings_otp_disable_lasttoken(client, logged_in_dummy_user, dummy_user_with_otp): """Test trying to disable the last token""" result = client.post( "/user/dummy/settings/otp/disable/", data={"token": dummy_user_with_otp.uniqueid}, ) assert_redirects_with_flash( result, expected_url="/user/dummy/settings/otp/", expected_message="Sorry, You cannot disable your last active token.", expected_category="warning", )
def test_login_with_bad_redirect(client, dummy_user): """Test a successful login with a bad redirect""" redirect_url = "http://example.com" result = client.post( f"/?next={quote(redirect_url)}", data={ "login-username": "******", "login-password": "******", "login-submit": "1", }, ) assert_redirects_with_flash(result, "/user/dummy/", "Welcome, dummy!", "success")
def test_user_edit_no_permission(method, client, logged_in_dummy_user): """Verify that a user can't be changed by another user.""" result = client.open( "/user/dudemcpants/settings/profile/", method=method, data=POST_CONTENTS if method == "POST" else None, ) assert_redirects_with_flash( result, expected_url="/user/dudemcpants/", expected_message="You do not have permission to edit this account.", expected_category="danger", )
def test_login_with_redirect(client, dummy_user): """Test a successful login with a redirect""" redirect_url = "/groups/?page_size=30&page_number=2" result = client.post( f"/?next={quote(redirect_url)}", data={ "login-username": "******", "login-password": "******", "login-submit": "1", }, ) assert_redirects_with_flash(result, redirect_url, "Welcome, dummy!", "success")
def test_step_3_invalid_token(client, token_for_dummy_user, mocker): """Registration activation page with an invalid token""" mocker.patch( "noggin.controller.registration.EmailValidationToken.is_valid", return_value=False, ) result = client.get(f'/register/activate?token={token_for_dummy_user}') assert_redirects_with_flash( result, expected_url="/?tab=register", expected_message="This token is no longer valid, please register again.", expected_category="warning", )
def test_step_3_wrong_address(client, token_for_dummy_user, mocker): """Registration activation page with a token containing the wrong email address""" logger = mocker.patch.object(current_app._get_current_object(), "logger") ipa_admin.stageuser_mod(a_uid="dummy", mail="*****@*****.**") result = client.get(f'/register/activate?token={token_for_dummy_user}') assert_redirects_with_flash( result, expected_url="/?tab=register", expected_message= ("The username and the email address don't match the token you used, " "please register again."), expected_category="warning", ) logger.error.assert_called_once()
def test_step_1_no_smtp(client, post_data_step_1, cleanup_dummy_user, mocker): mailer = mocker.patch("noggin.controller.registration.mailer") mailer.send.side_effect = ConnectionRefusedError logger = mocker.patch("noggin.controller.registration.app.logger") result = client.post('/', data=post_data_step_1) # Error message assert_redirects_with_flash( result, expected_url="/register/confirm?username=dummy", expected_message="We could not send you the address validation email, please retry later", expected_category="danger", ) # Log message logger.error.assert_called_once()
def test_step_3(client, post_data_step_3, token_for_dummy_user, cleanup_dummy_user): """Register a user, step 3""" with fml_testing.mock_sends( UserCreateV1({"msg": {"agent": "dummy", "user": "******"}}) ): result = client.post( f"/register/activate?token={token_for_dummy_user}", data=post_data_step_3 ) assert_redirects_with_flash( result, "/", "Congratulations, your account is now active! Welcome, Dummy User.", "success", )
def test_change_post_with_otp( client, dummy_user, dummy_user_with_otp, token_for_dummy_user, patched_lock_active ): otp = get_otp(otp_secret_from_uri(dummy_user_with_otp.uri)) result = client.post( f'/forgot-password/change?token={token_for_dummy_user}', data={"password": "******", "password_confirm": "newpassword", "otp": otp}, ) patched_lock_active["delete"].assert_called() assert_redirects_with_flash( result, expected_url="/", expected_message="Your password has been changed.", expected_category="success", )
def test_step_1_registration_closed(client, post_data_step_1, cleanup_dummy_user, mocker): """Try to register a user when registration is closed""" mocker.patch.dict(current_app.config, {"REGISTRATION_OPEN": False}) record_signal = mocker.Mock() with mailer.record_messages() as outbox, stageuser_created.connected_to( record_signal): result = client.post('/', data=post_data_step_1) assert_redirects_with_flash( result, expected_url="/", expected_message="Registration is closed at the moment.", expected_category="warning", ) record_signal.assert_not_called() assert len(outbox) == 0
def test_password_changes(client, dummy_user): """Verify that password changes""" result = client.post( '/password-reset?username=dummy', data={ "current_password": "******", "password": "******", "password_confirm": "secretpw", }, ) assert_redirects_with_flash( result, expected_url="/", expected_message="Your password has been changed", expected_category="success", )