def test_login(self):
"""User requests the login page."""
data, status_code, header = login('GET', {}, '', '')
self.assertIn('form', data)
self.assertIsInstance(data['form'], LoginForm,
"Response includes a login form.")
self.assertEqual(status_code, status.HTTP_200_OK)
def login() -> Response:
"""User can log in with username and password, or permanent token."""
ip_address = request.remote_addr
form_data = request.form
next_page = request.args.get('next_page', url_for('account'))
logger.debug('Request to log in, then redirect to %s', next_page)
data, code, headers = authentication.login(request.method,
form_data, ip_address,
next_page)
data.update({'pagetitle': 'Log in to arXiv'})
# Flask puts cookie-setting methods on the response, so we do that here
# instead of in the controller.
if code is status.HTTP_303_SEE_OTHER:
# Set the session cookie.
response = make_response(redirect(headers.get('Location'), code=code))
set_cookies(response, data)
unset_submission_cookie(response) # Fix for ARXIVNG-1149.
return response
# Form is invalid, or login failed.
response = Response(
render_template("accounts/login.html", **data),
status=code
)
return response
def test_login(self, mock_SessionStore):
"""User requests the login page."""
with self.app.app_context():
data, status_code, header = login('GET', {}, '', '')
self.assertIn('form', data)
self.assertIsInstance(data['form'], LoginForm,
"Response includes a login form.")
self.assertEqual(status_code, status.HTTP_200_OK)
def test_post_invalid_data(self):
"""User submits invalid data."""
form_data = MultiDict({'username': '******'}) # Missing password.
next_page = '/next'
ip = '123.45.67.89'
data, status_code, header = login('POST', form_data, ip, next_page)
self.assertIn('form', data)
self.assertIsInstance(data['form'], LoginForm,
"Response includes a login form.")
self.assertGreater(len(data['form'].password.errors), 0,
"Password field has an error")
self.assertEqual(status_code, status.HTTP_400_BAD_REQUEST,
"Response status is 400 bad request")
def test_post_valid_data_bad_credentials(self, mock_legacy, mock_users):
"""Form data are valid but don't check out."""
mock_users.exceptions.AuthenticationFailed = \
users.exceptions.AuthenticationFailed
mock_legacy.exceptions.SessionCreationFailed = \
legacy.exceptions.SessionCreationFailed
mock_users.authenticate.side_effect = raise_authentication_failed
form_data = MultiDict({'username': '******', 'password': '******'})
next_page = '/next'
ip = '123.45.67.89'
data, code, headers = login('POST', form_data, ip, next_page)
self.assertEqual(code, status.HTTP_400_BAD_REQUEST)
self.assertIsInstance(data['form'], LoginForm,
"Response includes a login form.")
def test_post_great(self, mock_legacy, mock_sessions, mock_users):
"""Form data are valid and check out."""
mock_users.exceptions.AuthenticationFailed = \
users.exceptions.AuthenticationFailed
mock_sessions.exceptions.SessionCreationFailed = \
sessions.exceptions.SessionCreationFailed
mock_legacy.exceptions.SessionCreationFailed = \
legacy.exceptions.SessionCreationFailed
form_data = MultiDict({'username': '******', 'password': '******'})
ip = '123.45.67.89'
next_page = '/foo'
start_time = datetime.now(tz=EASTERN)
user = domain.User(user_id=42,
username='******',
email='*****@*****.**',
verified=True)
auths = domain.Authorizations(
classic=6, scopes=['public:read', 'submission:create'])
mock_users.authenticate.return_value = user, auths
c_session = domain.Session(session_id='barsession',
user=user,
start_time=start_time,
authorizations=auths)
c_cookie = 'bardata'
mock_legacy.create.return_value = c_session
mock_legacy.generate_cookie.return_value = c_cookie
session = domain.Session(
session_id='foosession',
user=user,
start_time=start_time,
authorizations=domain.Authorizations(
scopes=['public:read', 'submission:create']))
cookie = 'foodata'
mock_sessions.create.return_value = session
mock_sessions.generate_cookie.return_value = cookie
data, status_code, header = login('POST', form_data, ip, next_page)
self.assertEqual(status_code, status.HTTP_303_SEE_OTHER,
"Redirects user to next page")
self.assertEqual(header['Location'], next_page,
"Redirects user to next page.")
self.assertEqual(data['cookies']['session_cookie'], (cookie, None),
"Session cookie is returned")
self.assertEqual(data['cookies']['classic_cookie'], (c_cookie, None),
"Classic session cookie is returned")
def test_post_not_verified(self, mock_legacy, mock_SessionStore,
mock_users):
"""Form data are valid and check out."""
mock_users.exceptions.AuthenticationFailed = \
users.exceptions.AuthenticationFailed
mock_legacy.exceptions.SessionCreationFailed = \
legacy.exceptions.SessionCreationFailed
form_data = MultiDict({'username': '******', 'password': '******'})
ip = '123.45.67.89'
next_page = '/foo'
start_time = datetime.now(tz=UTC)
user = domain.User(user_id=42,
username='******',
email='*****@*****.**',
verified=False)
auths = domain.Authorizations(
classic=6, scopes=['public:read', 'submission:create'])
mock_users.authenticate.return_value = user, auths
c_session = domain.Session(session_id='barsession',
user=user,
start_time=start_time,
authorizations=auths)
c_cookie = 'bardata'
mock_legacy.create.return_value = c_session
mock_legacy.generate_cookie.return_value = c_cookie
session = domain.Session(
session_id='foosession',
user=user,
start_time=start_time,
authorizations=domain.Authorizations(
scopes=['public:read', 'submission:create']))
cookie = 'foodata'
mock_SessionStore.current_session.return_value \
.create.return_value = session
mock_SessionStore.current_session.return_value \
.generate_cookie.return_value = cookie
data, status_code, header = login('POST', form_data, ip, next_page)
self.assertEqual(status_code, status.HTTP_400_BAD_REQUEST,
"Bad request error is returned")
