def test_prune_group(self): username = '******' group_name = 'testgroup1' self.login_and_nav() db = utils.current.db or utils.instantiate_db(self.conf) with db.cursor() as c: c.execute('select user_id from phpbb_users where username=%s', (username,)) row = c.fetchone() assert row is not None form = self.response.form() elements = form.elements.mutable doc = self.response.lxml_etree elt = webracer.utils.xpath_first_check(doc, '//option[text()="%s"]' % group_name) elements.set_value('group_id', elt.attrib['value']) elements.set_value('action', 'delete') self.post(form.computed_action, body=elements.params.list) self.assert_successish() assert 'Users to be pruned' in self.response.body assert username in self.response.body self.submit_confirm_form() #assert 'The selected users have been deactivated successfully' in self.response.body assert 'The selected users have been deleted successfully' in self.response.body with db.cursor() as c: c.execute('select user_id from phpbb_users where username=%s', (username,)) row = c.fetchone() assert row is None
def test_valid_actkey(self): url = '/ucp.php?mode=sendpassword' self.get(url) self.assert_successish() form = self.response.form(id='remind') elements = form.elements.mutable elements.set_value('username', 'morpheus') elements.set_value('email', '*****@*****.**') self.post(form.computed_action, body=elements.params.list) self.assert_successish() assert 'A new password was sent to your registered email address.' db = utils.current.db or utils.instantiate_db(self.conf) with db.cursor() as c: c.execute('select user_id, user_actkey from phpbb_users where username=%s', ('morpheus',)) uid, actkey = c.fetchone() self.get('/ucp.php?mode=activate&u=%s&k=%s' % (uid, actkey)) self.assert_successish() assert 'You have already activated your account.' not in self.response.body assert 'Your new password has been activated.' in self.response.body
def test_prune_one_user(self): username = '******' self.login_and_nav() db = utils.current.db or utils.instantiate_db(self.conf) with db.cursor() as c: c.execute('select user_id from phpbb_users where username=%s', (username,)) row = c.fetchone() assert row is not None form = self.response.form() elements = form.elements.mutable elements.set_value('username', username) elements.set_value('action', 'delete') self.post(form.computed_action, body=elements.params.list) self.assert_successish() assert 'Users to be pruned' in self.response.body assert username in self.response.body self.submit_confirm_form() #assert 'The selected users have been deactivated successfully' in self.response.body assert 'The selected users have been deleted successfully' in self.response.body with db.cursor() as c: c.execute('select user_id from phpbb_users where username=%s', (username,)) row = c.fetchone() assert row is None
def test_actkey_comparison(self): url = '/ucp.php?mode=sendpassword' self.get(url) self.assert_successish() form = self.response.form(id='remind') elements = form.elements.mutable elements.set_value('username', 'morpheus') elements.set_value('email', '*****@*****.**') self.post(form.computed_action, body=elements.params.list) self.assert_successish() assert 'A new password was sent to your registered email address.' db = utils.current.db or utils.instantiate_db(self.conf) with db.cursor() as c: c.execute('update phpbb_users set user_actkey=%s where username=%s', ('0E51234567', 'morpheus')) self.assert_equal(1, c.rowcount) c.execute('select user_id from phpbb_users where username=%s', ('morpheus',)) uid = c.fetchone()[0] c.execute('commit') self.get('/ucp.php?mode=activate&u=%s&k=0' % uid) self.assert_successish() assert 'You have already activated your account.' not in self.response.body # weakness makes activation possible assert 'Your new password has been activated.' not in self.response.body assert 'The activation key you supplied does not match any in the database.' in self.response.body