def testRegression1(self): email = '*****@*****.**' good_password = '******' bad_password = '******' # 1. Register client response = UserUtil.register_user(self.testapp, email, good_password) self.assertEqual(response.status_int, constants.STATUS_OK, 'Register failed with correct credentials: ' + str(response.status_int)) # 2. Verify client response = UserUtil.verify_user(self.testapp, self.mail_stub, email) self.assertEqual(response.status_int, constants.STATUS_OK, 'Verification failed: ' + str(response.status_int)) # 3. Logout client response = UserUtil.logout(self.testapp) self.assertEqual(response.status_int, constants.STATUS_OK, 'Logout failed: ' + str(response.status_int)) # 4. Check logout response = self.testapp.get('/', expect_errors=True) self.assertEqual(response.status_int, constants.STATUS_UNAUTHORIZED, 'Users only page should not be served after logout: ' + str(response.status_int)) # 5. Login with remember me turned on and a wrong password response = UserUtil.login_user(self.testapp, email, bad_password, True) self.assertEqual(response.status_int, constants.STATUS_BAD_REQUEST, 'Login succeeded with bad password.' + str(response.status_int)) # 6. Acessing secure content (after login and after deleting session data) response = self.testapp.get('/', expect_errors=True) self.assertEqual(response.status_int, constants.STATUS_UNAUTHORIZED, 'Users only page must not be served without logging in: ' + str(response.status_int))
def testLoginFailWithVerification(self): email = '*****@*****.**' password = '******' # 1. Register client response = UserUtil.login_user(self.testapp, email, password) self.assertEqual(response.status_int, constants.STATUS_BAD_REQUEST, 'Login succeeded with empty db: ' + str(response.status_int)) response = UserUtil.register_user(self.testapp, email, password) self.assertEqual(response.status_int, constants.STATUS_OK, 'Register failed with correct credentials: ' + str(response.status_int)) # 2. Verify client response = UserUtil.verify_user(self.testapp, self.mail_stub, email) self.assertEqual(response.status_int, constants.STATUS_OK, 'Verification failed: ' + str(response.status_int)) # 3. Logout response = UserUtil.logout(self.testapp) self.assertEqual(response.status_int, constants.STATUS_OK, 'Logout failed: ' + str(response.status_int)) # 4. Login with bad credentials response = UserUtil.login_user(self.testapp, email, 'password2') self.assertEqual(response.status_int, constants.STATUS_BAD_REQUEST, 'Login succeeded with bad password.') response = UserUtil.login_user(self.testapp, email, '') self.assertEqual(response.status_int, constants.STATUS_BAD_REQUEST, 'Login succeeded with empty password.') response = UserUtil.login_user(self.testapp, '*****@*****.**', password) self.assertEqual(response.status_int, constants.STATUS_BAD_REQUEST, 'Login succeeded with bad email.')
def testLoginSuccess(self): email = '*****@*****.**' password = '******' # 1. Register client response = UserUtil.register_user(self.testapp, email, password) self.assertEqual(response.status_int, constants.STATUS_OK, 'Register failed with correct credentials: ' + str(response.status_int)) # 2. Access test site - error should arrive response = self.testapp.get('/', expect_errors=True) self.assertEqual(response.status_int, constants.STATUS_UNAUTHORIZED, 'Users only page should be served after logging in: ' + str(response.status_int)) # 3. Try to login -> Verification needed first response = UserUtil.login_user(self.testapp, email, password) self.assertEqual(response.status_int, constants.STATUS_FORBIDDEN, 'Server should answer 403 for unverified client: ' + str(response.status_int)) # 4. Verify response = UserUtil.verify_user(self.testapp, self.mail_stub, email) self.assertEqual(response.status_int, constants.STATUS_OK, 'Verification failed: ' + str(response.status_int)) # 5. Access test site should succeed after verification response = self.testapp.get('/', expect_errors=True) self.assertEqual(response.status_int, constants.STATUS_OK, 'Users only page should be served after logging in: ' + str(response.status_int)) # 6. Check login session = get_current_session() self.assertEqual(session.get(constants.VAR_NAME_EMAIL), email, 'User email is not correct in session variable: ' + str( session.get(constants.VAR_NAME_EMAIL))) self.assertIsNotNone(session.get(constants.SESSION_ID), 'SessionId is none') # 7. Access test site response = self.testapp.get('/', expect_errors=True) self.assertEqual(response.status_int, constants.STATUS_OK, 'Users only page should be served after logging in: ' + str(response.status_int)) # 8. Logout response = UserUtil.logout(self.testapp) self.assertEqual(response.status_int, constants.STATUS_OK, 'Logout failed: ' + str(response.status_int)) # 9. SH-26 regression response = UserUtil.logout(self.testapp) self.assertEqual(response.status_int, constants.STATUS_OK, 'Logout failed: ' + str(response.status_int))
def testPersistentCookie(self): email = '*****@*****.**' password = '******' # 1. Register client response = UserUtil.register_user(self.testapp, email, password) self.assertEqual(response.status_int, constants.STATUS_OK, 'Register failed with correct credentials: ' + str(response.status_int)) # 2. Verify client response = UserUtil.verify_user(self.testapp, self.mail_stub, email) self.assertEqual(response.status_int, constants.STATUS_OK, 'Verification failed: ' + str(response.status_int)) # 3. Login with remember me turned off response = UserUtil.login_user(self.testapp, email, password) self.assertEqual(response.status_int, constants.STATUS_OK, 'Login failed with verified client: ' + str(response.status_int)) # 4. Acessing secure content (after login and after deleting session data) response = self.testapp.get('/', expect_errors=True) self.assertEqual(response.status_int, constants.STATUS_OK, 'Users only page should be served after logging in: ' + str(response.status_int)) session = get_current_session() session.terminate() response = self.testapp.get('/', expect_errors=True) self.assertEqual(response.status_int, constants.STATUS_UNAUTHORIZED, 'Users only page should not be served without providing session data: ' + str(response.status_int)) # 5. Login with remember me turned on response = UserUtil.login_user(self.testapp, email, password, True) self.assertEqual(response.status_int, constants.STATUS_OK, 'Login failed with verified client: ' + str(response.status_int)) # 6. Acessing secure content (after login and after deleting session data) response = self.testapp.get('/', expect_errors=True) self.assertEqual(response.status_int, constants.STATUS_OK, 'Users only page should be served after logging in: ' + str(response.status_int)) session = get_current_session() session.terminate() response = self.testapp.get('/', expect_errors=True) self.assertEqual(response.status_int, constants.STATUS_OK, 'Users only page should be served after logging in: ' + str(response.status_int)) # Test next login session = get_current_session() session.terminate() response = self.testapp.get('/', expect_errors=True) self.assertEqual(response.status_int, constants.STATUS_OK, 'Users only page should be served after logging in: ' + str(response.status_int)) # 7. Try to access secure content with modified token response = self.testapp.get('/', expect_errors=True, headers=dict(Cookie='token=')) self.assertEqual(response.status_int, constants.STATUS_OK, 'Users only page should be served after logging in: ' + str(response.status_int)) # 8. Logout response = UserUtil.logout(self.testapp) self.assertEqual(response.status_int, constants.STATUS_OK, 'Logout failed: ' + str(response.status_int)) # 9. Check logout response = self.testapp.get('/', expect_errors=True) self.assertEqual(response.status_int, constants.STATUS_UNAUTHORIZED, 'Users only page should not be served after logout: ' + str(response.status_int))