def test_duplicate_token_for_same_user_is_removed_after_visiting_magic_link( client): token = factories.MagicTokenFactory() duplicate = factories.MagicTokenFactory(user=token.user) url = reverse('magicauth-validate-token', args=[token.key]) client.get(url) assert duplicate not in MagicToken.objects.all()
def test_expired_token_is_deleted(client): token = factories.MagicTokenFactory() token.created = timezone.now() - timedelta(days=1) token.save() url = reverse('magicauth-validate-token', args=[token.key]) client.get(url) assert token not in MagicToken.objects.all()
def test_token_is_removed_after_visiting_magic_link(client): token = factories.MagicTokenFactory() url = reverse('magicauth-validate-token', args=[token.key]) count_before = MagicToken.objects.count() client.get(url) count_after = MagicToken.objects.count() assert count_after == count_before - 1
def test_expired_token_redirects(client): token = factories.MagicTokenFactory() token.created = timezone.now() - timedelta(days=1) token.save() url = reverse('magicauth-validate-token', args=[token.key]) response = client.get(url) assert response.status_code == 302
def test_opening_magic_link_with_a_next_sets_a_new_url(client): token = factories.MagicTokenFactory() url = (reverse("magicauth-validate-token", kwargs={"key": token.key}) + "?next=/test_dashboard/?a=test&b=test") response = client.get(url) assert response.status_code == 302 assert response.url == "/test_dashboard/?a=test&b=test"
def test_validate_token_view_with_unsafe_next_raises_404_for_loggedin_user(client): token = factories.MagicTokenFactory() user = factories.UserFactory() client.force_login(user) next_url = 'http://www.myfishingsite.com/' response = open_magic_link(client, token, next_url) assert response.status_code == 404 assert user.is_authenticated
def test_opening_magic_link_with_a_unsafe_next_while_loggedin_sets_triggers_404( client): token = factories.MagicTokenFactory() user = factories.UserFactory() client.force_login(user) url = (reverse("magicauth-validate-token", kwargs={"key": token.key}) + "?next=http://www.myfishingsite.com/?a=test&b=test") response = client.get(url) assert response.status_code == 404 assert user.is_authenticated == True
def test_posting_good_email_and_good_totp_success(client): settings.ENABLE_2FA = True token = factories.MagicTokenFactory() thierry = token.user device = thierry.staticdevice_set.create() device.token_set.create(token="123456") response = post_email_and_OTP(client, thierry.email, "123456") assert response.status_code == 302 assert len(mail.outbox) == 1
def test_posting_good_email_and_wrong_otp_error(client): settings.ENABLE_2FA = True token = factories.MagicTokenFactory() thierry = token.user device = thierry.staticdevice_set.create() device.token_set.create(token="123456") response = post_email_and_OTP(client, thierry.email, "567654") assert response.status_code == 200 assert "Ce code n'est pas valide." in str(response.content) assert len(mail.outbox) == 0
def test_thierry_has_several_devices_second_device(client): settings.ENABLE_2FA = True token = factories.MagicTokenFactory() thierry = token.user device_1 = thierry.staticdevice_set.create() device_1.token_set.create(token="123456") device_2 = thierry.staticdevice_set.create() device_2.token_set.create(token="111111") response = post_email_and_OTP(client, thierry.email, "111111") assert response.status_code == 302 assert len(mail.outbox) == 1
def test_visiting_magic_link_triggers_login(client): token = factories.MagicTokenFactory() url = reverse('magicauth-validate-token', args=[token.key]) client.get(url) assert '_auth_user_id' in client.session
def test_opening_magic_link_with_valid_token_redirects(client): token = factories.MagicTokenFactory() url = reverse('magicauth-validate-token', args=[token.key]) response = client.get(url) assert response.status_code == 302
def test_opening_magic_link_with_a_unsafe_next_sets_triggers_404(client): token = factories.MagicTokenFactory() url = (reverse("magicauth-validate-token", kwargs={"key": token.key}) + "?next=http://www.myfishingsite.com/?a=test&b=test") response = client.get(url) assert response.status_code == 404
def test_duplicate_token_for_same_user_is_removed_after_visiting_magic_link(client): token = factories.MagicTokenFactory() duplicate = factories.MagicTokenFactory(user=token.user) open_magic_link(client, token) assert duplicate not in MagicToken.objects.all()
def test_expired_token_is_deleted_when_valid_token_is_visited(client): expired_token = create_expired_token() valid_token = factories.MagicTokenFactory(user=expired_token.user) open_magic_link(client, valid_token) assert expired_token not in MagicToken.objects.all()
def test_validate_token_view_with_unsafe_next_does_not_log_in(client): token = factories.MagicTokenFactory() next_url = 'http://www.myfishingsite.com/' open_magic_link(client, token, next_url) assert "_auth_user_id" not in client.session
def test_opening_magic_link_with_valid_token_redirects(client): token = factories.MagicTokenFactory() response = open_magic_link(client, token) assert response.status_code == 302 assert response.url == "/landing/"
def test_opening_magic_link_triggers_login(client): token = factories.MagicTokenFactory() open_magic_link(client, token) assert "_auth_user_id" in client.session
def test_wait_page_will_redirect_to_validate_token(client): token = factories.MagicTokenFactory() response = open_magic_link_with_wait(client, token) redirect_url = reverse('magicauth-validate-token', kwargs={"key": token.key}) assert redirect_url in response.context_data['next_step_url']
def test_opening_magic_link_with_a_next_sets_a_new_url(client): token = factories.MagicTokenFactory() next_url_raw = "/test_dashboard/?a=test&b=test" response = open_magic_link(client, token, next_url_raw) assert response.status_code == 302 assert response.url == next_url_raw
def test_wait_page_will_redirect_with_next_param(client): token = factories.MagicTokenFactory() response = open_magic_link_with_wait(client, token, '/test_dashboard/') assert 'next=/test_dashboard/' in response.context_data['next_step_url']
def test_validate_token_view_with_unsafe_next_raises_404(client): token = factories.MagicTokenFactory() next_url = 'http://www.myfishingsite.com/' response = open_magic_link(client, token, next_url) assert response.status_code == 404
def test_wait_page_will_redirect_with_default_next_param(client): token = factories.MagicTokenFactory() response = open_magic_link_with_wait(client, token) assert 'next=/landing/' in response.context_data['next_step_url']
def test_token_is_removed_after_visiting_magic_link(client): token = factories.MagicTokenFactory() count_before = MagicToken.objects.count() open_magic_link(client, token) count_after = MagicToken.objects.count() assert count_after == count_before - 1
def test_wait_page_will_redirect_in_WAIT_SECONDS(client): token = factories.MagicTokenFactory() response = open_magic_link_with_wait(client, token) assert response.context_data['WAIT_SECONDS'] == settings.WAIT_SECONDS
def create_expired_token(): token = factories.MagicTokenFactory() token.created = timezone.now() - timedelta(seconds=(settings.TOKEN_DURATION_SECONDS * 2)) token.save() return token
def test_wait_page_raises_404_if_unsafe_next_url(client): token = factories.MagicTokenFactory() response = open_magic_link_with_wait( client, token, 'http://www.myfishingsite.com/') assert response.status_code == 404