def test_basic_login(db): # Create our test user using signup test_basic_signup(db) with auth_api_session() as (auth_api, metadata_interceptor): reply = auth_api.Login(auth_pb2.LoginReq(user="******")) assert reply.next_step == auth_pb2.LoginRes.LoginStep.SENT_LOGIN_EMAIL # backdoor to find login token with session_scope() as session: entry = session.query(LoginToken).one() login_token = entry.token with auth_api_session() as (auth_api, metadata_interceptor): reply = auth_api.CompleteTokenLogin( auth_pb2.CompleteTokenLoginReq(login_token=login_token)) reply_token = get_session_cookie_token(metadata_interceptor) with session_scope() as session: token = (session.query(UserSession).filter( User.username == "frodo").filter( UserSession.token == reply_token).one_or_none()) assert token # log out with auth_api_session() as (auth_api, metadata_interceptor): reply = auth_api.Deauthenticate( empty_pb2.Empty(), metadata=(("cookie", f"couchers-sesh={reply_token}"), ))
def test_logout_invalid_token(db): # Create our test user using signup test_basic_signup(db) with auth_api_session() as (auth_api, metadata_interceptor): reply = auth_api.Login(auth_pb2.LoginReq(user="******")) assert reply.next_step == auth_pb2.LoginRes.LoginStep.SENT_LOGIN_EMAIL # backdoor to find login token with session_scope() as session: entry = session.query(LoginToken).one() login_token = entry.token with auth_api_session() as (auth_api, metadata_interceptor): auth_api.CompleteTokenLogin( auth_pb2.CompleteTokenLoginReq(login_token=login_token)) reply_token = get_session_cookie_token(metadata_interceptor) # delete all login tokens with session_scope() as session: session.query(LoginToken).delete() # log out with non-existent token should still return a valid result with auth_api_session() as (auth_api, metadata_interceptor): auth_api.Deauthenticate(empty_pb2.Empty(), metadata=(("cookie", f"couchers-sesh={reply_token}"), )) reply_token = get_session_cookie_token(metadata_interceptor) # make sure we set an empty cookie assert reply_token == ""
def test_login_tokens_invalidate_after_use(db): test_basic_signup(db) with auth_api_session(db) as auth_api: reply = auth_api.Login(auth_pb2.LoginReq(user="******")) assert reply.next_step == auth_pb2.LoginRes.LoginStep.SENT_LOGIN_EMAIL with session_scope(db) as session: login_token = session.query(LoginToken).one_or_none().token with auth_api_session(db) as auth_api: session_token = auth_api.CompleteTokenLogin( auth_pb2.CompleteTokenLoginReq(login_token=login_token)).token with auth_api_session(db) as auth_api, pytest.raises(grpc.RpcError): # check we can't login again auth_api.CompleteTokenLogin( auth_pb2.CompleteTokenLoginReq(login_token=login_token))
def test_banned_user(db): test_basic_signup(db) with auth_api_session() as (auth_api, metadata_interceptor): reply = auth_api.Login(auth_pb2.LoginReq(user="******")) assert reply.next_step == auth_pb2.LoginRes.LoginStep.SENT_LOGIN_EMAIL with session_scope() as session: login_token = session.query(LoginToken).one().token with session_scope() as session: session.query(User).one().is_banned = True with auth_api_session() as (auth_api, metadata_interceptor): with pytest.raises(grpc.RpcError): auth_api.CompleteTokenLogin( auth_pb2.CompleteTokenLoginReq(login_token=login_token))
def test_basic_login(temp_db_session): # Create our test user using signup test_basic_signup(temp_db_session) with auth_api_session(temp_db_session) as auth_api: reply = auth_api.Login(auth_pb2.LoginReq(user="******")) assert reply.next_step == 1 # SENT_LOGIN_EMAIL # backdoor to find login token entry = temp_db_session().query(LoginToken).one_or_none() login_token = entry.token with auth_api_session(temp_db_session) as auth_api: reply = auth_api.CompleteTokenLogin( auth_pb2.CompleteTokenLoginReq(login_token=login_token)) assert isinstance(reply.token, str) session_token = reply.token # log out with auth_api_session(temp_db_session) as auth_api: reply = auth_api.Deauthenticate( auth_pb2.DeAuthReq(token=session_token))