Esempio n. 1
0
def test_basic_login(db):
    # Create our test user using signup
    test_basic_signup(db)

    with auth_api_session() as (auth_api, metadata_interceptor):
        reply = auth_api.Login(auth_pb2.LoginReq(user="******"))
    assert reply.next_step == auth_pb2.LoginRes.LoginStep.SENT_LOGIN_EMAIL

    # backdoor to find login token
    with session_scope() as session:
        entry = session.query(LoginToken).one()
        login_token = entry.token

    with auth_api_session() as (auth_api, metadata_interceptor):
        reply = auth_api.CompleteTokenLogin(
            auth_pb2.CompleteTokenLoginReq(login_token=login_token))

    reply_token = get_session_cookie_token(metadata_interceptor)

    with session_scope() as session:
        token = (session.query(UserSession).filter(
            User.username == "frodo").filter(
                UserSession.token == reply_token).one_or_none())
        assert token

    # log out
    with auth_api_session() as (auth_api, metadata_interceptor):
        reply = auth_api.Deauthenticate(
            empty_pb2.Empty(),
            metadata=(("cookie", f"couchers-sesh={reply_token}"), ))
Esempio n. 2
0
def test_logout_invalid_token(db):
    # Create our test user using signup
    test_basic_signup(db)

    with auth_api_session() as (auth_api, metadata_interceptor):
        reply = auth_api.Login(auth_pb2.LoginReq(user="******"))
    assert reply.next_step == auth_pb2.LoginRes.LoginStep.SENT_LOGIN_EMAIL

    # backdoor to find login token
    with session_scope() as session:
        entry = session.query(LoginToken).one()
        login_token = entry.token

    with auth_api_session() as (auth_api, metadata_interceptor):
        auth_api.CompleteTokenLogin(
            auth_pb2.CompleteTokenLoginReq(login_token=login_token))

    reply_token = get_session_cookie_token(metadata_interceptor)

    # delete all login tokens
    with session_scope() as session:
        session.query(LoginToken).delete()

    # log out with non-existent token should still return a valid result
    with auth_api_session() as (auth_api, metadata_interceptor):
        auth_api.Deauthenticate(empty_pb2.Empty(),
                                metadata=(("cookie",
                                           f"couchers-sesh={reply_token}"), ))

    reply_token = get_session_cookie_token(metadata_interceptor)
    # make sure we set an empty cookie
    assert reply_token == ""
Esempio n. 3
0
def test_banned_user(db):
    test_basic_signup(db)
    with auth_api_session() as (auth_api, metadata_interceptor):
        reply = auth_api.Login(auth_pb2.LoginReq(user="******"))
    assert reply.next_step == auth_pb2.LoginRes.LoginStep.SENT_LOGIN_EMAIL

    with session_scope() as session:
        login_token = session.query(LoginToken).one().token

    with session_scope() as session:
        session.query(User).one().is_banned = True

    with auth_api_session() as (auth_api, metadata_interceptor):
        with pytest.raises(grpc.RpcError):
            auth_api.CompleteTokenLogin(
                auth_pb2.CompleteTokenLoginReq(login_token=login_token))
Esempio n. 4
0
def test_login_tokens_invalidate_after_use(db):
    test_basic_signup(db)
    with auth_api_session(db) as auth_api:
        reply = auth_api.Login(auth_pb2.LoginReq(user="******"))
    assert reply.next_step == auth_pb2.LoginRes.LoginStep.SENT_LOGIN_EMAIL

    with session_scope(db) as session:
        login_token = session.query(LoginToken).one_or_none().token

    with auth_api_session(db) as auth_api:
        session_token = auth_api.CompleteTokenLogin(
            auth_pb2.CompleteTokenLoginReq(login_token=login_token)).token

    with auth_api_session(db) as auth_api, pytest.raises(grpc.RpcError):
        # check we can't login again
        auth_api.CompleteTokenLogin(
            auth_pb2.CompleteTokenLoginReq(login_token=login_token))
Esempio n. 5
0
def test_basic_login(temp_db_session):
    # Create our test user using signup
    test_basic_signup(temp_db_session)

    with auth_api_session(temp_db_session) as auth_api:
        reply = auth_api.Login(auth_pb2.LoginReq(user="******"))
    assert reply.next_step == 1  # SENT_LOGIN_EMAIL

    # backdoor to find login token
    entry = temp_db_session().query(LoginToken).one_or_none()
    login_token = entry.token

    with auth_api_session(temp_db_session) as auth_api:
        reply = auth_api.CompleteTokenLogin(
            auth_pb2.CompleteTokenLoginReq(login_token=login_token))
    assert isinstance(reply.token, str)
    session_token = reply.token

    # log out
    with auth_api_session(temp_db_session) as auth_api:
        reply = auth_api.Deauthenticate(
            auth_pb2.DeAuthReq(token=session_token))