def test_full_login_flow_default_device(self): self.device = models.PaperDevice(owner=self.user) self.device.save() assert self.device.last_used_at is None used_code = models.PaperCode(device=self.device, code="deadbeef", used_at=timezone.now()) used_code.save() code = models.PaperCode(device=self.device, code="aardvark") code.save() resp = self.client.get(self.path()) assert self.requested_user == self.user assert self.requested_device_id is None assert resp.status_code == 200 self.assertTemplateUsed(resp, "twofa/verify/base.html") resp = self.client.post(self.path(), {"response": "deadbeef"}) assert resp.status_code == 200 resp = self.client.post(self.path(), {"response": "aardvark"}) assert resp.status_code == 302 assert resp["Location"] == django.urls.reverse("index") user = django.contrib.auth.get_user(self.client) assert user.is_authenticated code = models.PaperCode.objects.get(id=code.id) assert code.used_at is not None device = models.PaperDevice.objects.get(id=self.device.id) assert device.last_used_at is not None
def test_renders_codes(self): device = models.PaperDevice(owner=self.user) device.save() models.PaperCode(device=device, code='12345678').save() models.PaperCode(device=device, code='1337beef').save() client = django.test.Client() self.login(client) resp = client.get(self.path(device_id=device.pk)) assert resp.status_code == 200 assert set(resp.context[-1]['codes']) == {'12345678', '1337beef'} assert device not in models.PaperDevice.objects.active_for_user( self.user)
def test_full_login_flow_different_device(self): self.device = models.PaperDevice( owner=self.user) self.device.save() real_device = models.PaperDevice( owner=self.user) real_device.save() self.other_devices = [real_device] code = models.PaperCode( device=real_device, code='aardvark') code.save() resp = self.client.get(self.path()) assert self.requested_user == self.user assert self.requested_device_id is None assert resp.status_code == 200 self.assertTemplateUsed(resp, 'twofa/verify/base.html') assert set(resp.context[-1]['other_devices']) == {real_device} resp = self.client.post(self.path(), {'response': 'aardvark'}) assert resp.status_code == 200 user = django.contrib.auth.get_user(self.client) assert not user.is_authenticated self.other_devices = [self.device] self.device = real_device resp = self.client.get(self.path(real_device)) assert self.requested_user == self.user assert self.requested_device_id == str(real_device.id) assert resp.status_code == 200 resp = self.client.post(self.path(real_device), {'response': 'aardvark'}) assert resp.status_code == 302 user = django.contrib.auth.get_user(self.client) assert user.is_authenticated