def test_logout(self): from horus.strings import UIStringsBase as Str from horus.views import AuthController from horus.tests.models import User from horus.interfaces import IUserClass from horus.interfaces import IActivationClass from horus.tests.models import Activation self.config.registry.registerUtility(Activation, IActivationClass) self.config.registry.registerUtility(User, IUserClass) self.config.add_route('index', '/') self.config.include('horus') self.config.registry.settings['horus.login_redirect'] = 'index' self.config.registry.settings['horus.logout_redirect'] = 'index' request = testing.DummyRequest() invalidate = Mock() request.user = Mock() request.session = Mock() request.session.invalidate = invalidate view = AuthController(request) with patch('horus.views.forget') as forget: with patch('horus.views.HTTPFound') as HTTPFound: with patch('horus.views.FlashMessage') as FlashMessage: view.logout() FlashMessage.assert_called_with(request, Str.logout, kind="success") forget.assert_called_with(request) assert invalidate.called assert HTTPFound.called
def test_inactive_login_fails(self): """Make sure we can't log in with an inactive user.""" from horus.tests.models import User from horus.interfaces import IUserClass from horus.interfaces import IActivationClass from horus.tests.models import Activation self.config.registry.registerUtility(Activation, IActivationClass) self.config.registry.registerUtility(User, IUserClass) user = User(username='******', email='*****@*****.**') user.password = '******' user.activation = Activation() self.session.add(user) self.session.flush() from horus.views import AuthController self.config.add_route('index', '/') self.config.include('horus') self.config.registry.settings['horus.login_redirect'] = 'index' self.config.registry.settings['horus.logout_redirect'] = 'index' request = self.get_csrf_request(post={ 'submit': True, 'username': '******', 'password': '******', }, request_method='POST') view = AuthController(request) with patch('horus.views.FlashMessage') as FlashMessage: view.login() FlashMessage.assert_called_with(request, 'Your account is not active, please check your e-mail.', kind='danger')
def test_login_fails_empty(self): """Make sure we can't log in with empty credentials.""" from horus.views import AuthController from horus.interfaces import IUserClass from horus.tests.models import User from horus.interfaces import IActivationClass from horus.tests.models import Activation self.config.registry.registerUtility(Activation, IActivationClass) self.config.registry.registerUtility(User, IUserClass) self.config.add_route('index', '/') self.config.include('horus') self.config.registry.settings['horus.login_redirect'] = 'index' self.config.registry.settings['horus.logout_redirect'] = 'index' request = testing.DummyRequest(post={ 'submit': True, }, request_method='POST') view = AuthController(request) response = view.login() errors = response['errors'] assert errors[0].node.name == 'csrf_token' assert errors[0].msg == 'Required' assert errors[1].node.name == 'username' assert errors[1].msg == 'Required' assert errors[2].node.name == 'password' assert errors[2].msg == 'Required'
def test_csrf_invalid_fails(self): """ Make sure we can't login with a bad csrf """ from horus.views import AuthController from horus.interfaces import IUserClass from horus.tests.models import User from horus.interfaces import IActivationClass from horus.tests.models import Activation self.config.registry.registerUtility(Activation, IActivationClass) self.config.registry.registerUtility(User, IUserClass) self.config.add_route('index', '/') self.config.include('horus') self.config.registry.settings['horus.login_redirect'] = 'index' self.config.registry.settings['horus.logout_redirect'] = 'index' request = self.get_csrf_request(post={ 'submit': True, 'login': '******', 'password': '******', 'csrf_token': 'abc2' }, request_method='POST') view = AuthController(request) response = view.login() errors = response['errors'] assert errors[0].node.name == 'csrf_token' assert errors[0].msg == 'Invalid cross-site scripting token'
def test_login_fails_bad_credentials(self): """ Make sure we can't login with bad credentials""" from horus.views import AuthController from horus.interfaces import IUserClass from horus.tests.models import User from horus.interfaces import IActivationClass from horus.tests.models import Activation self.config.registry.registerUtility(Activation, IActivationClass) self.config.registry.registerUtility(User, IUserClass) self.config.add_route('index', '/') self.config.include('horus') request = self.get_csrf_request(post={ 'submit': True, 'username': '******', 'password': '******', }, request_method='POST') flash = Mock() request.session.flash = flash view = AuthController(request) view.login() flash.assert_called_with('Invalid username or password.', 'error')
def test_logout(self): from horus.views import AuthController from horus.tests.models import User from horus.interfaces import IUserClass from horus.interfaces import IActivationClass from horus.tests.models import Activation self.config.registry.registerUtility(Activation, IActivationClass) self.config.registry.registerUtility(User, IUserClass) self.config.add_route('index', '/') self.config.include('horus') request = testing.DummyRequest() flash = Mock() invalidate = Mock() request.user = Mock() request.session = Mock() request.session.invalidate = invalidate request.session.flash = flash view = AuthController(request) with patch('horus.views.forget') as forget: with patch('horus.views.HTTPFound') as HTTPFound: view.logout() flash.assert_called_with('Logged out successfully.', 'success') forget.assert_called_with(request) assert invalidate.called assert HTTPFound.called
def persona(self): request = self.request schema = schemas.PersonaSchema().bind(request=request) form = deform.Form( schema, formid='persona', use_ajax=True, ajax_options=self.ajax_options ) lm = request.layout_manager lm.layout.add_form(form) try: if request.POST.get('__formid__', '') == 'persona': persona = form.validate(request.POST.items()) if persona.get('id', None) == -1: controller = AuthController(request) return controller.logout() else: # TODO: multiple personas persona = None except deform.exception.ValidationFailure as e: return dict(persona={'form': e.render()}) else: persona = dict(id=0 if request.user else -1) return dict(persona={'form': form.render(persona)})
def test_inactive_login_fails(self): """Make sure we can't log in with an inactive user.""" from horus.tests.models import User from horus.interfaces import IUserClass from horus.interfaces import IActivationClass from horus.tests.models import Activation self.config.registry.registerUtility(Activation, IActivationClass) self.config.registry.registerUtility(User, IUserClass) user = User(username='******', email='*****@*****.**') user.password = '******' user.activation = Activation() self.session.add(user) self.session.flush() from horus.views import AuthController self.config.add_route('index', '/') self.config.include('horus') self.config.registry.settings['horus.login_redirect'] = 'index' self.config.registry.settings['horus.logout_redirect'] = 'index' request = self.get_csrf_request(post={ 'submit': True, 'username': '******', 'password': '******', }, request_method='POST') view = AuthController(request) with patch('horus.views.FlashMessage') as FlashMessage: view.login() FlashMessage.assert_called_with(request, 'Your account is not active, please check your e-mail.', kind='error')
def test_login_succeeds(self): """Make sure we can log in.""" from horus.tests.models import User from horus.interfaces import IUserClass from horus.interfaces import IActivationClass from horus.tests.models import Activation self.config.registry.registerUtility(Activation, IActivationClass) self.config.registry.registerUtility(User, IUserClass) self.config.registry.settings['horus.login_redirect'] = 'index' self.config.registry.settings['horus.logout_redirect'] = 'index' admin = User(username='******', email='*****@*****.**') admin.password = '******' self.session.add(admin) self.session.flush() from horus.views import AuthController self.config.add_route('index', '/') self.config.include('horus') request = self.get_csrf_request(post={ 'submit': True, 'username': '******', 'password': '******', }, request_method='POST') view = AuthController(request) response = view.login() assert response.status_int == 302
def test_login_fails_bad_credentials(self): """ Make sure we can't login with bad credentials""" from horus.views import AuthController from horus.interfaces import IUserClass from horus.tests.models import User from horus.interfaces import IActivationClass from horus.tests.models import Activation self.config.registry.registerUtility(Activation, IActivationClass) self.config.registry.registerUtility(User, IUserClass) self.config.add_route('index', '/') self.config.include('horus') self.config.registry.settings['horus.login_redirect'] = 'index' self.config.registry.settings['horus.logout_redirect'] = 'index' request = self.get_csrf_request(post={ 'submit': True, 'username': '******', 'password': '******', }, request_method='POST') view = AuthController(request) with patch('horus.views.FlashMessage') as FlashMessage: view.login() FlashMessage.assert_called_with(request, "Invalid username or password.", kind="error")
def test_inactive_login_fails(self): """ Make sure we can't login with an inactive user """ from horus.tests.models import User from horus.interfaces import IHorusUserClass from horus.interfaces import IHorusActivationClass from horus.tests.models import Activation self.config.registry.registerUtility(Activation, IHorusActivationClass) self.config.registry.registerUtility(User, IHorusUserClass) user = User(username='******', email='*****@*****.**') user.set_password('foo') user.activation = Activation() self.session.add(user) self.session.flush() from horus.views import AuthController self.config.add_route('index', '/') self.config.include('horus') request = self.get_csrf_request(post={ 'submit': True, 'Username': '******', 'Password': '******', }, request_method='POST') flash = Mock() request.session.flash = flash view = AuthController(request) view.login() flash.assert_called_with(u'Your account is not active, please check your e-mail.', 'error')
def test_login_fails_bad_credentials(self): """ Make sure we can't login with bad credentials""" from horus.views import AuthController from horus.interfaces import IUserClass from horus.tests.models import User from horus.interfaces import IActivationClass from horus.tests.models import Activation self.config.registry.registerUtility(Activation, IActivationClass) self.config.registry.registerUtility(User, IUserClass) self.config.add_route('index', '/') self.config.include('horus') self.config.registry.settings['horus.login_redirect'] = 'index' self.config.registry.settings['horus.logout_redirect'] = 'index' request = self.get_csrf_request(post={ 'submit': True, 'username': '******', 'password': '******', }, request_method='POST') view = AuthController(request) with patch('horus.views.FlashMessage') as FlashMessage: view.login() FlashMessage.assert_called_with(request, "Invalid username or password.", kind="danger")
def auth(self): request = self.request action = request.params.get('action', 'login') if action not in ['login', 'logout']: raise HTTPBadRequest() controller = AuthController(request) form = controller.form form.formid = 'auth' form.use_ajax = True form.ajax_options = self.ajax_options if request.POST.get('__formid__', '') == 'auth': result = getattr(controller, action)() error = request.session.pop_flash('error') if isinstance(result, dict): if error: form.error = colander.Invalid(form.schema, error[0]) result = {'form': form.render()} else: return result return dict(auth=result) lm = request.layout_manager lm.layout.add_form(form) return dict(auth={'form': form.render()})
def test_auth_controller_extensions(self): from horus.views import AuthController from horus.interfaces import IUserClass from horus.interfaces import ILoginSchema from horus.interfaces import ILoginForm from horus.interfaces import IActivationClass from horus.interfaces import IUIStrings from horus.strings import UIStringsBase from horus.tests.models import User from horus.tests.models import Activation self.config.registry.registerUtility(Activation, IActivationClass) self.config.add_route('index', '/') self.config.registry.settings['horus.login_redirect'] = 'index' self.config.registry.settings['horus.logout_redirect'] = 'index' request = testing.DummyRequest() getUtility = Mock() getUtility.return_value = True schema = Mock() form = Mock() self.config.registry.registerUtility(UIStringsBase, IUIStrings) self.config.registry.registerUtility(User, IUserClass) self.config.registry.registerUtility(schema, ILoginSchema) self.config.registry.registerUtility(form, ILoginForm) AuthController(request) assert schema.called assert form.called
def test_login_loads(self): from horus.views import AuthController from horus.interfaces import IUserClass from horus.tests.models import User from horus.interfaces import IActivationClass from horus.tests.models import Activation self.config.registry.registerUtility(Activation, IActivationClass) self.config.registry.registerUtility(User, IUserClass) self.config.add_route('index', '/') self.config.include('horus') request = testing.DummyRequest() request.user = None view = AuthController(request) response = view.login() assert response.get('form', None)
def test_login_redirects_if_logged_in(self): from horus.views import AuthController from horus.interfaces import IUserClass from horus.tests.models import User from horus.interfaces import IActivationClass from horus.tests.models import Activation self.config.registry.registerUtility(Activation, IActivationClass) self.config.registry.registerUtility(User, IUserClass) self.config.add_route('index', '/') self.config.include('horus') request = testing.DummyRequest() request.user = Mock() view = AuthController(request) response = view.login() assert response.status_int == 302
def test_login_redirects_if_logged_in(self): from horus.views import AuthController from horus.interfaces import IUserClass from horus.tests.models import User from horus.interfaces import IActivationClass from horus.tests.models import Activation self.config.registry.registerUtility(Activation, IActivationClass) self.config.registry.registerUtility(User, IUserClass) self.config.add_route('index', '/') self.config.include('horus') self.config.registry.settings['horus.login_redirect'] = 'index' self.config.registry.settings['horus.logout_redirect'] = 'index' request = testing.DummyRequest() request.user = Mock() view = AuthController(request) response = view.login() assert response.status_int == 302
def persona(self): request = self.request schema = schemas.PersonaSchema().bind(request=request) form = deform.Form(schema, formid="persona", use_ajax=True, ajax_options=self.ajax_options) lm = request.layout_manager lm.layout.add_form(form) try: if request.POST.get("__formid__", "") == "persona": persona = form.validate(request.POST.items()) if persona.get("id", None) == -1: controller = AuthController(request) return controller.logout() else: # TODO: multiple personas persona = None except deform.exception.ValidationFailure as e: return dict(persona={"form": e.render()}) else: persona = dict(id=0 if request.user else -1) return dict(persona={"form": form.render(persona)})
def login(self): result = AuthController(self.request).login() return self.respond(result)
def logout(self): result = AuthController(self.request).logout() self.request.user = None return self.respond(result)
def auth_controller(self): return AuthController(self.request)