def you_can_login_using_facebook(self): if config.skipFacebookTests: return self.user = self.createUserWithCredentials("facebook", config.fbuserid, None, config.fbuser) self.user.activate() driver = self.driver driver.get(self.base_url+"/static/login.html") self.switchToTab("login") driver.find_element_by_id("Facebook_login_button").click() time.sleep(1) self._switchWindow(driver) driver.find_element_by_id("pass").clear() driver.find_element_by_id("pass").send_keys(config.fbpassword) driver.find_element_by_id("email").clear() driver.find_element_by_id("email").send_keys(config.fbuser) driver.find_element_by_id("u_0_2").click() driver.switch_to.window(self.master) time.sleep(1) self.assertEqual(self.base_url + "/static/login.html", driver.current_url) body = driver.find_element_by_id("message").text self.assertEqual("", body) body = driver.find_element_by_id("userdata").text self.assertTrue("*****@*****.**"in body) Credential.getByUser(self.user, "facebook").rm() self.user.rm()
def test_timed_out_emailcheck_credentials_are_cleared_in_registration(self): for someone in User.query.all()[:5]: # @UndefinedVariable Credential.new(someone, 'emailcheck', str(time.time()-1)+":"+uuid4().hex, uuid4().hex) self.assertTrue(self.countExpiredCreds('emailcheck')>=5) form = self.prepareLoginForm() self.controller.doRegistration(form) self.assertTrue(self.countExpiredCreds('emailcheck')==0)
def unregistered_user_can_register_with_facebook_in_the_middle_of_login_procedure_of_a_served_application(self): if config.skipFacebookTests: return driver = self.driver self._gotoOauthPage(driver) self.switchToTab('registration') driver.find_element_by_id("Facebook_registration_button").click() time.sleep(1) self.master = driver.current_window_handle timeCount = 1; while (len(driver.window_handles) == 1 ): time timeCount += 1 if ( timeCount > 50 ): break; for handle in driver.window_handles: if handle!=self.master: driver.switch_to.window(handle) driver.find_element_by_id("pass").clear() driver.find_element_by_id("pass").send_keys(config.fbpassword2) driver.find_element_by_id("email").clear() driver.find_element_by_id("email").send_keys(config.fbuser2) driver.find_element_by_id("u_0_2").click() driver.switch_to.window(self.master) time.sleep(5) self.assertTrue(driver.current_url.startswith(self.redirect_uri.lower())) self.user = User.getByEmail(config.fbuser2) Credential.getByUser(self.user, "facebook").rm() self.user.rm()
def do_add_credential(self, form): user = self.getCurrentUser() Credential.new(user, form.credentialType.data, form.identifier.data, form.secret.data) return self.as_dict(user)
def test_password_reset_creates_password_if_it_does_not_exists(self): form = self.createPasswordResetFormWithSecret() user = User.getByEmail(self.userCreationEmail) passcred = Credential.getByUser(user, "password") passcred.rm() self.controller.doPasswordReset(form) newPassCred = Credential.getByUser(user, "password") self.assertEqual(newPassCred.secret, CredentialManager.protect_secret(self.newPassword))
def doConfirmChangeEmail(self, secret=None, confirm=True, useverifysecret=False): self.controller.emailChangeInit(self.newEmailAddress, self.user) if secret is None: if useverifysecret: secret = Credential.getByUser(self.user, 'changeemailandverify').secret else: secret = Credential.getByUser(self.user, 'changeemail').secret return self.controller.confirmEmailChange(FakeForm(dict(confirm=confirm, secret=secret)))
def sendPasswordVerificationEmail(self, user): secret=unicode(uuid4()) expiry = time.time() + 60*60*24*4 Credential.new(user, 'emailcheck', unicode(expiry), secret ) timeText = time.strftime("%a, %d %b %Y %H:%M:%S +0000", time.gmtime(expiry)) uri = "{0}/v1/verify_email/{1}".format(self.getConfig('BASE_URL'),secret) text = """Hi, click on <a href="{0}">{0}</a> until {1} to verify your email""".format(uri, timeText) self.mail.send_message(subject="verification", body=text, recipients=[user.email], sender=self.getConfig('SERVER_EMAIL_ADDRESS'))
def test_the_credential_is_actually_added(self): myUserid = self.createRandomUserId() credBefore = Credential.get("password", myUserid) self.assertTrue(credBefore is None) resp = self._createPasswordCredential(userid=myUserid) self.assertEqual(200, resp.status_code) credAfter = Credential.get("password", myUserid) self.assertTrue(credAfter is not None)
def no_password_reset_for_timed_out_temporary_credential(self): password = self.mkRandomPassword() secret = unicode(uuid4()) user = User.getByEmail(self.usercreation_email) Credential.new(user, 'email_for_password_reset', secret, time.time()-1) with app.test_client() as c: data = dict(password=password, secret=secret) resp = c.post("/v1/password_reset", data = data) self.assertEqual(resp.status_code, 404)
def emailChangeInit(self, newEmailAddress, user): if User.getByEmail(newEmailAddress): raise ReportedError(thereIsAlreadyAUserWithThatEmail, 418) secret, expiry = CredentialManager.createTemporaryCredential(user, "changeemail",additionalInfo=newEmailAddress ) self.sendEmail(user, secret, expiry, "CHANGE_EMAIL_OLD", newemail=newEmailAddress, oldemail=user.email ) secret, expiry = CredentialManager.createTemporaryCredential(user, "changeemailandverify",additionalInfo=newEmailAddress ) self.sendEmail(user, secret, expiry, "CHANGE_EMAIL_NEW", recipient=newEmailAddress, newemail=newEmailAddress, oldemail=user.email) Credential.deleteExpired("changeemail") Credential.deleteExpired("changeemailandverify")
def removeFbuser(self, user=None): if user is None: user = config.facebookUser2 self.user = User.getByEmail(user.email) if self.user: Credential.getByUser(self.user, "facebook").rm() for appMap in AppMap.getForUser(self.user): appMap.rm() self.user.rm()
def _removeACredential(self, myUserid): self.controller.loginInFramework(self.cred) user = self.cred.user Credential.new(user, "facebook", myUserid, "testsecret") data = {"credentialType": "facebook", "identifier": myUserid} self.assertTrue(Credential.get("facebook", myUserid)) resp = self.controller.doRemoveCredential(FakeForm(data)) return resp
def test_expired_deregistration_certificates_are_deleted_in_deregistration_initiation( self): for someone in User.query.all()[:5]: # @UndefinedVariable Credential.new(someone, 'deregister', str(time.time() - 1) + ":" + uuid4().hex, uuid4().hex) self.assertTrue(self.countExpiredCreds('deregister') >= 5) self._doDeregistrationDoit() self.assertTrue(self.countExpiredCreds('deregister') == 0)
def createTemporaryCredential(user, credentialType, expiry=fourDaysInSeconds, additionalInfo=None): secret = uuid4().hex expiry = time.time() + expiry Credential.new(user, credentialType, str(expiry) + ":" + str(additionalInfo), secret) return secret, expiry
def removeFbuser(self,user=None): if user is None: user = config.facebookUser2 self.user = User.getByEmail(user.email) if self.user: Credential.getByUser(self.user, "facebook").rm() for appMap in AppMap.getForUser(self.user): appMap.rm() self.user.rm()
def do_password_reset(self, form): cred = Credential.get(passwordResetCredentialType, form.secret.data) if cred is None or (float(cred.secret) < time.time()): Credential.deleteExpired(passwordResetCredentialType) raise ReportedError(['The secret has expired'], 404) passcred = Credential.getByUser(cred.user, 'password') passcred.secret = CredentialManager.protect_secret(form.password.data) cred.rm() return self.simple_response('Password successfully changed')
def test_bad_secret_clears_up_all_timed_out_temporary_credentials(self): password = self.mkRandomPassword() secret = uuid4().hex for someone in User.query.all()[:5]: # @UndefinedVariable Credential.new(someone, 'email_for_password_reset', str(time.time()-1)+":"+uuid4().hex, uuid4().hex) self.assertTrue(self.countExpiredCreds()>=5) data = dict(password=password, secret=secret) self.assertReportedError(self.controller.doPasswordReset,(FakeForm(data),), 404, ['The secret has expired']) self.assertEqual(self.countExpiredCreds(),0)
def test_the_credential_used_for_login_cannot_be_cleared(self): credential = self.createUserWithCredentials() self.controller.loginInFramework(credential) self.assertTrue(Credential.get("password", self.userCreationUserid)) form = FakeForm({ "identifier": self.userCreationUserid, "credentialType": "password", }) self.assertReportedError(self.controller.doRemoveCredential,[form], 400, ["You cannot delete the login you are using"]) self.assertTrue(Credential.get("password", self.userCreationUserid))
def do_send_password_reset_email(self, email): user = User.getByEmail(email) if user is None: raise ReportedError(['Invalid email address']) passwordResetEmailExpiration = 14400 secret=unicode(uuid4()) expirationTime = time.time() + passwordResetEmailExpiration Credential.new(user, passwordResetCredentialType, secret, unicode(expirationTime)) self.sendPasswordResetMail(user, secret, expirationTime) return self.simple_response("Password reset email has successfully sent.")
def successful_password_reset_sets_the_password(self): password = self.mkRandomPassword() secret = unicode(uuid4()) user = User.getByEmail(self.usercreation_email) Credential.new(user, 'email_for_password_reset', secret, time.time()+3600) with app.test_client() as c: data = dict(password=password, secret=secret) c.post("/v1/password_reset", data = data) cred = Credential.getByUser(user, "password") self.assertEquals(cred.secret, CredentialManager.protect_secret(password))
def successful_password_clears_the_temporary_credential(self): password = self.mkRandomPassword() secret = unicode(uuid4()) user = User.getByEmail(self.usercreation_email) Credential.new(user, 'email_for_password_reset', secret, time.time()+3600) with app.test_client() as c: data = dict(password=password, secret=secret) c.post("/v1/password_reset", data = data) newcred = Credential.get('email_for_password_reset', secret) self.assertEquals(newcred, None)
def test_valid_secret_is_accepted(self): password = self.mkRandomPassword() secret = uuid4().hex user = User.getByEmail(self.userCreationEmail) Credential.new(user, 'email_for_password_reset', str(time.time()+3600), secret) with app.test_client() as client: data = dict(password=password, secret=secret) resp = client.post("/v1/password_reset", data = data) self.assertEqual(resp.status_code, 200) respData = self.fromJson(resp) self.assertEqual("Password successfully changed",respData['message'])
def findTemporaryEmailCredential(self, secret): cred = Credential.getBySecret("changeemail", secret) verify = False if cred is None: credverify = Credential.getBySecret("changeemailandverify", secret) if credverify is None: raise ReportedError(badChangeEmailSecret, 403) else: cred = credverify verify = True return cred, verify
def doDeregistrationDoit(self, form): Credential.deleteExpired('deregister') secret = form.deregister_secret.data if secret is None: raise ReportedError( [secretIsNeededForDeregistrationDoit],400) deregistrationCredential = Credential.getBySecret('deregister', secret) if deregistrationCredential is None: raise ReportedError([badDeregistrationSecret],400) user = deregistrationCredential.user self.removeUser(user) return self.simple_response(youAreDeregistered)
def the_credential_used_for_login_cannot_be_cleared(self): with app.test_client() as c: self.login(c) self.assertTrue(Credential.get("password", self.usercreation_userid)) data = { "identifier": self.usercreation_userid, "credentialType": "password", } resp = c.post(config.base_url + "/v1/remove_credential", data=data) self.assertEqual(400, resp.status_code) self.assertEqual('{"errors": ["You cannot delete the login you are using"]}', self.getResponseText(resp)) self.assertTrue(Credential.get("password", self.usercreation_userid))
def test_the_added_credential_should_contain_credentialType(self): with app.test_client() as client: self.login(client) self.setupRandom() username = "******".format(self.randString) credBefore = Credential.get("password", username) self.assertTrue(credBefore is None) resp = self.addPasswordCredential(client, username=username, nofield="credentialType") self.assertEqual(400, resp.status_code) credAfter = Credential.get("password", username) self.assertTrue(credAfter is None) self.assertCredentialErrorresponse(resp)
def test_valid_secret_is_accepted(self): password = self.mkRandomPassword() secret = uuid4().hex user = User.getByEmail(self.userCreationEmail) Credential.new(user, 'email_for_password_reset', str(time.time() + 3600), secret) with app.test_client() as client: data = dict(password=password, secret=secret) resp = client.post("/v1/password_reset", data=data) self.assertEqual(resp.status_code, 200) respData = self.fromJson(resp) self.assertEqual("Password successfully changed", respData['message'])
def getCredentialFromForm(cls, form): cred = Credential.get('password', form.identifier.data) if cred is None: user = User.getByEmail(form.identifier.data) if user is None: return None cred = Credential.getByUser(user, "password") if cred is None: return None hashed = cls.protect_secret(form.password.data) if cred.secret == hashed: return cred return None
def doConfirmChangeEmail(self, secret=None, confirm=True, useverifysecret=False): self.controller.emailChangeInit(self.newEmailAddress, self.user) if secret is None: if useverifysecret: secret = Credential.getByUser(self.user, 'changeemailandverify').secret else: secret = Credential.getByUser(self.user, 'changeemail').secret return self.controller.confirmEmailChange( FakeForm(dict(confirm=confirm, secret=secret)))
def do_deregister(self,form): if not self.isLoginCredentials(form): raise ReportedError(["You should use your login credentials to deregister"], 400) cred = Credential.get(form.credentialType.data, form.identifier.data) user = cred.user creds = Credential.getByUser(user) for cred in creds: cred.rm() assurances = Assurance.listByUser(user) for assurance in assurances: assurance.rm() user.rm() return self.simple_response('deregistered')
def the_credential_is_actually_deleted(self): with app.test_client() as c: self.login(c) user = User.getByEmail(self.usercreation_email) credId = self.randString Credential.new(user, "facebook", credId, "testsecret") self.assertTrue(Credential.get("facebook", credId)) data = { "credentialType": "facebook", "identifier": credId, } c.post(config.base_url + "/v1/remove_credential", data=data) self.assertFalse(Credential.get("facebook", credId))
def doPasswordReset(self, form): Credential.deleteExpired(self.passwordResetCredentialType) cred = Credential.getBySecret( self.passwordResetCredentialType, form.secret.data) if cred is None or (cred.getExpirationTime() < time.time()): raise ReportedError([theSecretHasExpired], 404) passcred = Credential.getByUser(cred.user, 'password') protectedSecret = CredentialManager.protect_secret(form.password.data) if not passcred: passcred = Credential.new(cred.user, "password", cred.user.email, protectedSecret) else: passcred.secret = protectedSecret cred.rm() return self.simple_response(passwordSuccessfullyChanged)
def test_the_credential_is_actually_deleted(self): with app.test_client() as client: self.login(client) user = User.getByEmail(self.userCreationEmail) credId = self.randString Credential.new(user, "facebook", credId, "testsecret") self.assertTrue(Credential.get("facebook", credId)) data = { "csrf_token": self.getCSRF(client), "credentialType": "facebook", "identifier": credId, } client.post(config.BASE_URL + "/v1/remove_credential", data=data) self.assertFalse(Credential.get("facebook", credId))
def you_should_give_valid_identifier_for_credential_deletion(self): with app.test_client() as c: self.login(c) user = User.getByEmail(self.usercreation_email) credId = self.randString Credential.new(user, "facebook", credId, "testsecret") self.assertTrue(Credential.get("facebook", credId)) data = { "identifier": credId+"no", "credentialType": "facebook", } resp = c.post(config.base_url + "/v1/remove_credential", data=data) self.assertEqual(404, resp.status_code) self.assertEqual('{"errors": ["No such credential"]}', self.getResponseText(resp))
def a_credential_can_be_deleted(self): with app.test_client() as c: self.login(c) user = User.getByEmail(self.usercreation_email) credId = self.randString Credential.new(user, "facebook", credId, "testsecret") self.assertTrue(Credential.get("facebook", credId)) data = { "credentialType": "facebook", "identifier": credId, } resp = c.post(config.base_url + "/v1/remove_credential", data=data) self.assertEqual(200, resp.status_code) self.assertEqual('{"message": "credential removed"}', self.getResponseText(resp))
def registerCertUser(self, cert, email): if cert is None or cert == '': raise ReportedError(["No certificate given"], 403) identifier, digest = self.parseCert(cert) cred = Credential.get("certificate", identifier) if cred is None: if email is None: raise ReportedError(["You have to register first"], 403) theEmail = email[0] CredentialManager.create_user_with_creds("certificate", identifier, digest, theEmail) cred = Credential.get("certificate", identifier) self.sendPasswordVerificationEmail(cred.user) cred.user.activate() return cred
def test_you_should_give_valid_identifier_for_credential_deletion(self): with app.test_client() as client: self.login(client) user = User.getByEmail(self.userCreationEmail) credId = self.randString Credential.new(user, "facebook", credId, "testsecret") self.assertTrue(Credential.get("facebook", credId)) data = { "csrf_token": self.getCSRF(client), "identifier": credId+"no", "credentialType": "facebook", } resp = client.post(config.BASE_URL + "/v1/remove_credential", data=data) self.assertEqual(404, resp.status_code) self.assertEqual('{"errors": ["No such credential"]}', self.getResponseText(resp))
def test_a_credential_can_be_deleted(self): with app.test_client() as client: self.login(client) user = User.getByEmail(self.userCreationEmail) credId = self.randString Credential.new(user, "facebook", credId, "testsecret") self.assertTrue(Credential.get("facebook", credId)) data = { "csrf_token": self.getCSRF(client), "credentialType": "facebook", "identifier": credId, } resp = client.post(config.BASE_URL + "/v1/remove_credential", data=data) self.assertEqual(200, resp.status_code) self.assertEqual('{"message": "credential removed"}', self.getResponseText(resp))
def doRegistration(self, form): Credential.deleteExpired('emailcheck') cred = CredentialManager.create_user_with_creds( form.credentialType.data, form.identifier.data, form.password.data, form.email.data, None) user = cred.user additionalInfo = self.checkAndUpdateHash(form, user) self.sendPasswordVerificationEmail(user) user.set_authenticated() user.activate() success = self.loginInFramework(cred) if success: return self.returnUserAndLoginCookie(user, additionalInfo)
def test_the_emailcheck_secret_is_not_shown_in_the_registration_answer(self): form = self.prepareLoginForm() resp = self.controller.doRegistration(form) text = self.getResponseText(resp) current_user = self.controller.getCurrentUser() cred = Credential.getByUser(current_user, 'emailcheck') self.assertTrue(not cred.secret in text)
def shownDataForUser(self, user): return dict( email=user.email, userid=user.userid, assurances=Assurance.getByUser(user), hash=user.hash, credentials=Credential.getByUser_as_dictlist(user))
def doPasswordResetWithNewPassword(self, password): self.goToLoginPage() emailAddress = TE.assurerUser.email # @UndefinedVariable self.initiatePasswordReset(emailAddress) cred = Credential.getByUser(TE.assurerUser, "email_for_password_reset") passwordResetLink = TE.pwresetUrl + "?secret=" + cred.secret self.clickPasswordResetLink(password, passwordResetLink)
def test_registration_email_contains_registration_uri_with_secret(self): msg = self._registerAndGetEmail() self.assertTrue(msg) current_user = self.controller.getCurrentUser() cred = Credential.getByUser(current_user, 'emailcheck') base_url = self.controller.getConfig('BASE_URL') uri = "{0}/v1/verify_email/{1}".format(base_url,cred.secret) self.assertEmailContains(uri, msg)
def test_email_validation_email_can_be_resent(self): with app.test_client() as client: self.login(client) client.get(config.BASE_URL + "/v1/send_verify_email") user = User.get(self.userid) self.assertEqual( self.userCreationEmail, Credential.getByUser(user, "emailcheck").user.email)
def test_change_password_does_change_password(self): with app.test_client() as client: self._preparePasswordChangeTest(client) self._doPasswordChange(client) cred = Credential.get('password', self.userCreationUserid) self.assertEqual( cred.secret, CredentialManager.protect_secret(self.newPassword))
def registerCertUser(self, email, identifier, digest, cred): if email is None: raise ReportedError([youHaveToRegisterFirst], 403) theEmail = email[0] CredentialManager.create_user_with_creds("certificate", identifier, digest, theEmail) cred = Credential.get("certificate", identifier) self.sendPasswordVerificationEmail(cred.user) return cred
def the_reset_link_is_in_the_reset_email(self): self._sendPasswordResetEmail() text = self.outbox[0].html soup = BeautifulSoup(text, "lxml") passwordResetLink = soup.find("a")['href'] self.secret = passwordResetLink.split('secret=')[1] self.tempcred = Credential.getBySecret('email_for_password_reset', self.secret) return passwordResetLink
def assertEmailChangeIsInitiated(self, resp): text = self.getResponseText(resp) self.assertEqual(200, resp.status_code) self.assertEqual(emailChangeEmailSent, json.loads(text)['message']) user = User.getByEmail(self.userCreationEmail) self.userid = user.userid tempCredential = Credential.getByUser(user, "changeemail") self.secret = tempCredential.secret self.assertEqual(self.newEmail, tempCredential.getAdditionalInfo())
def _getDeregistrationSecret(self): self._loginAndDeregister() user = self.cred.user if self.addAppMapToUser == True: app = Application.query.first() # @UndefinedVariable AppMap.new(app, user) deregistrationCredential = Credential.getByUser(user, 'deregister') secret = deregistrationCredential.secret return secret