def test_login(self): """User requests the login page.""" data, status_code, header = login('GET', {}, '', '') self.assertIn('form', data) self.assertIsInstance(data['form'], LoginForm, "Response includes a login form.") self.assertEqual(status_code, status.HTTP_200_OK)
def login() -> Response: """User can log in with username and password, or permanent token.""" ip_address = request.remote_addr form_data = request.form next_page = request.args.get('next_page', url_for('account')) logger.debug('Request to log in, then redirect to %s', next_page) data, code, headers = authentication.login(request.method, form_data, ip_address, next_page) data.update({'pagetitle': 'Log in to arXiv'}) # Flask puts cookie-setting methods on the response, so we do that here # instead of in the controller. if code is status.HTTP_303_SEE_OTHER: # Set the session cookie. response = make_response(redirect(headers.get('Location'), code=code)) set_cookies(response, data) unset_submission_cookie(response) # Fix for ARXIVNG-1149. return response # Form is invalid, or login failed. response = Response( render_template("accounts/login.html", **data), status=code ) return response
def test_login(self, mock_SessionStore): """User requests the login page.""" with self.app.app_context(): data, status_code, header = login('GET', {}, '', '') self.assertIn('form', data) self.assertIsInstance(data['form'], LoginForm, "Response includes a login form.") self.assertEqual(status_code, status.HTTP_200_OK)
def test_post_invalid_data(self): """User submits invalid data.""" form_data = MultiDict({'username': '******'}) # Missing password. next_page = '/next' ip = '123.45.67.89' data, status_code, header = login('POST', form_data, ip, next_page) self.assertIn('form', data) self.assertIsInstance(data['form'], LoginForm, "Response includes a login form.") self.assertGreater(len(data['form'].password.errors), 0, "Password field has an error") self.assertEqual(status_code, status.HTTP_400_BAD_REQUEST, "Response status is 400 bad request")
def test_post_valid_data_bad_credentials(self, mock_legacy, mock_users): """Form data are valid but don't check out.""" mock_users.exceptions.AuthenticationFailed = \ users.exceptions.AuthenticationFailed mock_legacy.exceptions.SessionCreationFailed = \ legacy.exceptions.SessionCreationFailed mock_users.authenticate.side_effect = raise_authentication_failed form_data = MultiDict({'username': '******', 'password': '******'}) next_page = '/next' ip = '123.45.67.89' data, code, headers = login('POST', form_data, ip, next_page) self.assertEqual(code, status.HTTP_400_BAD_REQUEST) self.assertIsInstance(data['form'], LoginForm, "Response includes a login form.")
def test_post_great(self, mock_legacy, mock_sessions, mock_users): """Form data are valid and check out.""" mock_users.exceptions.AuthenticationFailed = \ users.exceptions.AuthenticationFailed mock_sessions.exceptions.SessionCreationFailed = \ sessions.exceptions.SessionCreationFailed mock_legacy.exceptions.SessionCreationFailed = \ legacy.exceptions.SessionCreationFailed form_data = MultiDict({'username': '******', 'password': '******'}) ip = '123.45.67.89' next_page = '/foo' start_time = datetime.now(tz=EASTERN) user = domain.User(user_id=42, username='******', email='*****@*****.**', verified=True) auths = domain.Authorizations( classic=6, scopes=['public:read', 'submission:create']) mock_users.authenticate.return_value = user, auths c_session = domain.Session(session_id='barsession', user=user, start_time=start_time, authorizations=auths) c_cookie = 'bardata' mock_legacy.create.return_value = c_session mock_legacy.generate_cookie.return_value = c_cookie session = domain.Session( session_id='foosession', user=user, start_time=start_time, authorizations=domain.Authorizations( scopes=['public:read', 'submission:create'])) cookie = 'foodata' mock_sessions.create.return_value = session mock_sessions.generate_cookie.return_value = cookie data, status_code, header = login('POST', form_data, ip, next_page) self.assertEqual(status_code, status.HTTP_303_SEE_OTHER, "Redirects user to next page") self.assertEqual(header['Location'], next_page, "Redirects user to next page.") self.assertEqual(data['cookies']['session_cookie'], (cookie, None), "Session cookie is returned") self.assertEqual(data['cookies']['classic_cookie'], (c_cookie, None), "Classic session cookie is returned")
def test_post_not_verified(self, mock_legacy, mock_SessionStore, mock_users): """Form data are valid and check out.""" mock_users.exceptions.AuthenticationFailed = \ users.exceptions.AuthenticationFailed mock_legacy.exceptions.SessionCreationFailed = \ legacy.exceptions.SessionCreationFailed form_data = MultiDict({'username': '******', 'password': '******'}) ip = '123.45.67.89' next_page = '/foo' start_time = datetime.now(tz=UTC) user = domain.User(user_id=42, username='******', email='*****@*****.**', verified=False) auths = domain.Authorizations( classic=6, scopes=['public:read', 'submission:create']) mock_users.authenticate.return_value = user, auths c_session = domain.Session(session_id='barsession', user=user, start_time=start_time, authorizations=auths) c_cookie = 'bardata' mock_legacy.create.return_value = c_session mock_legacy.generate_cookie.return_value = c_cookie session = domain.Session( session_id='foosession', user=user, start_time=start_time, authorizations=domain.Authorizations( scopes=['public:read', 'submission:create'])) cookie = 'foodata' mock_SessionStore.current_session.return_value \ .create.return_value = session mock_SessionStore.current_session.return_value \ .generate_cookie.return_value = cookie data, status_code, header = login('POST', form_data, ip, next_page) self.assertEqual(status_code, status.HTTP_400_BAD_REQUEST, "Bad request error is returned")