def test_prune_group(self):
username = '******'
group_name = 'testgroup1'
self.login_and_nav()
db = utils.current.db or utils.instantiate_db(self.conf)
with db.cursor() as c:
c.execute('select user_id from phpbb_users where username=%s',
(username,))
row = c.fetchone()
assert row is not None
form = self.response.form()
elements = form.elements.mutable
doc = self.response.lxml_etree
elt = webracer.utils.xpath_first_check(doc, '//option[text()="%s"]' % group_name)
elements.set_value('group_id', elt.attrib['value'])
elements.set_value('action', 'delete')
self.post(form.computed_action, body=elements.params.list)
self.assert_successish()
assert 'Users to be pruned' in self.response.body
assert username in self.response.body
self.submit_confirm_form()
#assert 'The selected users have been deactivated successfully' in self.response.body
assert 'The selected users have been deleted successfully' in self.response.body
with db.cursor() as c:
c.execute('select user_id from phpbb_users where username=%s',
(username,))
row = c.fetchone()
assert row is None
def test_valid_actkey(self):
url = '/ucp.php?mode=sendpassword'
self.get(url)
self.assert_successish()
form = self.response.form(id='remind')
elements = form.elements.mutable
elements.set_value('username', 'morpheus')
elements.set_value('email', '*****@*****.**')
self.post(form.computed_action, body=elements.params.list)
self.assert_successish()
assert 'A new password was sent to your registered email address.'
db = utils.current.db or utils.instantiate_db(self.conf)
with db.cursor() as c:
c.execute('select user_id, user_actkey from phpbb_users where username=%s',
('morpheus',))
uid, actkey = c.fetchone()
self.get('/ucp.php?mode=activate&u=%s&k=%s' % (uid, actkey))
self.assert_successish()
assert 'You have already activated your account.' not in self.response.body
assert 'Your new password has been activated.' in self.response.body
def test_prune_one_user(self):
username = '******'
self.login_and_nav()
db = utils.current.db or utils.instantiate_db(self.conf)
with db.cursor() as c:
c.execute('select user_id from phpbb_users where username=%s',
(username,))
row = c.fetchone()
assert row is not None
form = self.response.form()
elements = form.elements.mutable
elements.set_value('username', username)
elements.set_value('action', 'delete')
self.post(form.computed_action, body=elements.params.list)
self.assert_successish()
assert 'Users to be pruned' in self.response.body
assert username in self.response.body
self.submit_confirm_form()
#assert 'The selected users have been deactivated successfully' in self.response.body
assert 'The selected users have been deleted successfully' in self.response.body
with db.cursor() as c:
c.execute('select user_id from phpbb_users where username=%s',
(username,))
row = c.fetchone()
assert row is None
def test_actkey_comparison(self):
url = '/ucp.php?mode=sendpassword'
self.get(url)
self.assert_successish()
form = self.response.form(id='remind')
elements = form.elements.mutable
elements.set_value('username', 'morpheus')
elements.set_value('email', '*****@*****.**')
self.post(form.computed_action, body=elements.params.list)
self.assert_successish()
assert 'A new password was sent to your registered email address.'
db = utils.current.db or utils.instantiate_db(self.conf)
with db.cursor() as c:
c.execute('update phpbb_users set user_actkey=%s where username=%s',
('0E51234567', 'morpheus'))
self.assert_equal(1, c.rowcount)
c.execute('select user_id from phpbb_users where username=%s',
('morpheus',))
uid = c.fetchone()[0]
c.execute('commit')
self.get('/ucp.php?mode=activate&u=%s&k=0' % uid)
self.assert_successish()
assert 'You have already activated your account.' not in self.response.body
# weakness makes activation possible
assert 'Your new password has been activated.' not in self.response.body
assert 'The activation key you supplied does not match any in the database.' in self.response.body
