def test_empty_password(self):
self.log("should be able to create a user with no password")
user = self.user_manager.create(email='*****@*****.**',
username='******')
self.assertIsNotNone(user.id)
self.assertIsNotNone(user.password)
# should not be able to login with a null or empty password
self.assertFalse(check_password("", user.password))
self.assertFalse(check_password(None, user.password))
def test_change_password(self):
self.log("should be able to change password")
user2 = self.user_manager.create(**user2_data)
encoded_id = self.app.security.encode_id(user2.id)
self.assertIsInstance(user2, model.User)
self.assertIsNotNone(user2.id)
self.assertEqual(user2.email, user2_data["email"])
self.assertTrue(check_password(default_password, user2.password))
user, message = self.user_manager.change_password(self.trans)
self.assertEqual(message,
"Please provide a token or a user and password.")
user, message = self.user_manager.change_password(
self.trans, id=encoded_id, current=changed_password)
self.assertEqual(message, "Invalid current password.")
user, message = self.user_manager.change_password(
self.trans,
id=encoded_id,
current=default_password,
password=changed_password,
confirm=default_password)
self.assertEqual(message, "Passwords do not match.")
user, message = self.user_manager.change_password(
self.trans,
id=encoded_id,
current=default_password,
password=default_password,
confirm=changed_password)
self.assertEqual(message, "Passwords do not match.")
user, message = self.user_manager.change_password(
self.trans,
id=encoded_id,
current=default_password,
password=changed_password,
confirm=changed_password)
self.assertFalse(check_password(default_password, user2.password))
self.assertTrue(check_password(changed_password, user2.password))
reset_user, prt = self.user_manager.get_reset_token(
self.trans, user2.email)
user, message = self.user_manager.change_password(
self.trans,
token=prt.token,
password=default_password,
confirm=default_password)
self.assertTrue(check_password(default_password, user2.password))
self.assertFalse(check_password(changed_password, user2.password))
prt.expiration_time = datetime.utcnow()
user, message = self.user_manager.change_password(
self.trans,
token=prt.token,
password=default_password,
confirm=default_password)
self.assertEqual(
message,
"Invalid or expired password reset token, please request a new one."
)
def test_hash_consistent():
# Make sure hashes created for earlier Galaxies continue to work in the future.
simple_pass = "******"
complex_pass = "******"
# Check hashes built in Python 2 for 18.05.
simple_pass_hash = 'PBKDF2$sha256$10000$LlkhoImT15LZAcFB$/afKJrFX9GXt6VEpB+omae19A2S4kBEY'
complex_pass_hash = 'PBKDF2$sha256$10000$rg2gPThkJycziB0s$/BJ7AfuaYjpo5hhUvCMhf4TTrhsrOIH1'
# Check hashes built in Python 3 for 18.05.
simple_pass_hash_2 = 'PBKDF2$sha256$10000$vOIv7wGXS2/rGhDu$wS/5NwGSZm1ECv/vSEZb7jKjYSzXWZDL'
complex_pass_hash_2 = 'PBKDF2$sha256$10000$q1av/Clyujm5Fdc6$Dh7o1KTMn/YQYc5NurN+aVaF3uaI8iOv'
# Check older sha1 passwords that may still be the database as well.
simple_pass_hash_old = '58f17339ffdb71050734d2fbdd41b870423fe433'
complex_pass_hash_old = 'b567602039213afc0db026eedd72bd3ee2e57092'
assert passwords.check_password(simple_pass, simple_pass_hash)
assert passwords.check_password(complex_pass, complex_pass_hash)
assert passwords.check_password(simple_pass, simple_pass_hash_2)
assert passwords.check_password(complex_pass, complex_pass_hash_2)
assert passwords.check_password(simple_pass, simple_pass_hash_old)
assert passwords.check_password(complex_pass, complex_pass_hash_old)
assert not passwords.check_password(complex_pass, simple_pass_hash_old)
assert not passwords.check_password(simple_pass, complex_pass_hash_old)
def test_hash_consistent():
# Make sure hashes created for earlier Galaxies continue to work in the future.
simple_pass = "******"
complex_pass = u"à strange ünicode ڃtring"
# Check hashes built in Python 2 for 18.05.
simple_pass_hash = 'PBKDF2$sha256$10000$LlkhoImT15LZAcFB$/afKJrFX9GXt6VEpB+omae19A2S4kBEY'
complex_pass_hash = 'PBKDF2$sha256$10000$rg2gPThkJycziB0s$/BJ7AfuaYjpo5hhUvCMhf4TTrhsrOIH1'
# Check hashes built in Python 3 for 18.05.
simple_pass_hash_2 = 'PBKDF2$sha256$10000$vOIv7wGXS2/rGhDu$wS/5NwGSZm1ECv/vSEZb7jKjYSzXWZDL'
complex_pass_hash_2 = 'PBKDF2$sha256$10000$q1av/Clyujm5Fdc6$Dh7o1KTMn/YQYc5NurN+aVaF3uaI8iOv'
# Check older sha1 passwords that may still be the database as well.
simple_pass_hash_old = '58f17339ffdb71050734d2fbdd41b870423fe433'
complex_pass_hash_old = 'b567602039213afc0db026eedd72bd3ee2e57092'
assert passwords.check_password(simple_pass, simple_pass_hash)
assert passwords.check_password(complex_pass, complex_pass_hash)
assert passwords.check_password(simple_pass, simple_pass_hash_2)
assert passwords.check_password(complex_pass, complex_pass_hash_2)
assert passwords.check_password(simple_pass, simple_pass_hash_old)
assert passwords.check_password(complex_pass, complex_pass_hash_old)
assert not passwords.check_password(complex_pass, simple_pass_hash_old)
assert not passwords.check_password(simple_pass, complex_pass_hash_old)
def test_base(self):
self.log("should be able to create a user")
user2 = self.user_manager.create(**user2_data)
self.assertIsInstance(user2, model.User)
self.assertIsNotNone(user2.id)
self.assertEqual(user2.email, user2_data['email'])
self.assertTrue(check_password(default_password, user2.password))
user3 = self.user_manager.create(**user3_data)
self.log("should be able to query")
users = self.trans.sa_session.query(model.User).all()
self.assertEqual(self.user_manager.list(), users)
self.assertEqual(self.user_manager.by_id(user2.id), user2)
self.assertEqual(self.user_manager.by_ids([user3.id, user2.id]),
[user3, user2])
self.log("should be able to limit and offset")
self.assertEqual(self.user_manager.list(limit=1), users[0:1])
self.assertEqual(self.user_manager.list(offset=1), users[1:])
self.assertEqual(self.user_manager.list(limit=1, offset=1), users[1:2])
self.assertEqual(self.user_manager.list(limit=0), [])
self.assertEqual(self.user_manager.list(offset=3), [])
self.log("should be able to order")
self.assertEqual(
self.user_manager.list(order_by=(desc(model.User.create_time))),
[user3, user2, self.admin_user])
def test_login(self):
self.log("should be able to validate user credentials")
user2 = self.user_manager.create(**user2_data)
self.app.security.encode_id(user2.id)
self.assertIsInstance(user2, model.User)
self.assertIsNotNone(user2.id)
self.assertEqual(user2.email, user2_data["email"])
self.assertTrue(check_password(default_password, user2.password))
def test_hash_and_check():
simple_pass = "******"
complex_pass = "******"
not_pass_simple = "not simple pass"
not_pass_complex = "à strange ün ڃtring"
simple_pass_hash = passwords.hash_password(simple_pass)
complex_pass_hash = passwords.hash_password(complex_pass)
assert passwords.check_password(simple_pass, simple_pass_hash)
assert passwords.check_password(complex_pass, complex_pass_hash)
assert not passwords.check_password(complex_pass, simple_pass_hash)
assert not passwords.check_password(not_pass_complex, simple_pass_hash)
assert not passwords.check_password(not_pass_simple, simple_pass_hash)
assert not passwords.check_password(simple_pass, complex_pass_hash)
assert not passwords.check_password(not_pass_complex, complex_pass_hash)
assert not passwords.check_password(not_pass_simple, complex_pass_hash)
def test_hash_and_check():
simple_pass = "******"
complex_pass = u"à strange ünicode ڃtring"
not_pass_simple = "not simple pass"
not_pass_complex = u"à strange ün ڃtring"
simple_pass_hash = passwords.hash_password(simple_pass)
complex_pass_hash = passwords.hash_password(complex_pass)
assert passwords.check_password(simple_pass, simple_pass_hash)
assert passwords.check_password(complex_pass, complex_pass_hash)
assert not passwords.check_password(complex_pass, simple_pass_hash)
assert not passwords.check_password(not_pass_complex, simple_pass_hash)
assert not passwords.check_password(not_pass_simple, simple_pass_hash)
assert not passwords.check_password(simple_pass, complex_pass_hash)
assert not passwords.check_password(not_pass_complex, complex_pass_hash)
assert not passwords.check_password(not_pass_simple, complex_pass_hash)
def test_login(self):
self.log("should be able to validate user credentials")
user2 = self.user_manager.create(**user2_data)
self.app.security.encode_id(user2.id)
self.assertIsInstance(user2, model.User)
self.assertIsNotNone(user2.id)
self.assertEqual(user2.email, user2_data["email"])
self.assertTrue(check_password(default_password, user2.password))
controller = User(self.app)
response = json.loads(controller.login(self.trans))
self.assertEqual(response["err_msg"],
"Please specify a username and password.")
response = json.loads(
controller.login(self.trans,
payload={
"login": user2.email,
"password": changed_password
}))
self.assertEqual(response["err_msg"], "Invalid password.")
response = json.loads(
controller.login(self.trans,
payload={
"login": user2.username,
"password": changed_password
}))
self.assertEqual(response["err_msg"], "Invalid password.")
user2.deleted = True
response = json.loads(
controller.login(self.trans,
payload={
"login": user2.username,
"password": default_password
}))
self.assertEqual(
response["err_msg"],
"This account has been marked deleted, contact your local Galaxy administrator to restore the account. Contact: [email protected]."
)
user2.deleted = False
user2.external = True
response = json.loads(
controller.login(self.trans,
payload={
"login": user2.username,
"password": default_password
}))
self.assertEqual(
response["err_msg"],
"This account was created for use with an external authentication method, contact your local Galaxy administrator to activate it. Contact: [email protected]."
)
user2.external = False
self.trans.app.config.password_expiration_period = timedelta(days=1)
user2.last_password_change = datetime.today() - timedelta(days=1)
response = json.loads(
controller.login(self.trans,
payload={
"login": user2.username,
"password": default_password
}))
self.assertEqual(
response["message"],
"Your password has expired. Please reset or change it to access Galaxy."
)
self.assertEqual(response["expired_user"],
self.trans.security.encode_id(user2.id))
self.trans.app.config.password_expiration_period = timedelta(days=10)
response = json.loads(
controller.login(self.trans,
payload={
"login": user2.username,
"password": default_password
}))
self.assertEqual(response["message"],
"Your password will expire in 11 day(s).")
self.trans.app.config.password_expiration_period = timedelta(days=100)
response = json.loads(
controller.login(self.trans,
payload={
"login": user2.username,
"password": default_password
}))
self.assertEqual(response["message"], "Success.")
