def test_password_reset_no_new_password(test_project, waf, create_users): """Test changing password via post.""" change_form_data = { 'username': '******', } selector, verifier = users._generate_split_token() token = '{0}{1}'.format(selector.decode('utf-8'), verifier.decode('utf-8')) with get_engine().connect() as con: query = sa.select('*').select_from(user) row = con.execute(query).fetchone() change_form_data['username'] = row.username stmt = user_password_reset.insert().values( user_id=row.id, selector=str(selector), verifier=hashlib.sha256(verifier).hexdigest(), expires=get_utc(datetime.datetime.now() + datetime.timedelta(hours=3)), ) con.execute(stmt) encoded_user_id = users.encode_user_id(row.id) request, response = testing.simulate_request(waf) middleware = testing.injected_session_start(waf, request) request, response = waf.server.test_client.post( f'/auth/password_reset/{encoded_user_id}/{token}/', json=change_form_data, headers=testing.csrf_headers()) testing.injected_session_end(waf, middleware) assert response.status == 401
def test_data_get_no_data(test_project, waf, admin_login_user): """Test posting a new user""" user_id, username, password = create_admin_test_data_user('admin_test_get') request, response = testing.simulate_login(waf, 'admin_api_test', 'admin_api_pass') middleware = testing.injected_session_start(waf, request) request, response = waf.server.test_client.get(f'/admin/user/?id=5000', headers=testing.csrf_headers(request)) testing.injected_session_end(waf, middleware) assert response.status == 404
def test_read_only_permission_success(test_project, waf, create_groups): """Test has permission works with readonly""" request, response = testing.simulate_login(waf, 'permission_test_admin', 'admin_pass_1') middleware = testing.injected_session_start(waf, request) request, response = waf.server.test_client.get( '/test_app/read_only/', headers=testing.csrf_headers(request)) testing.injected_session_end(waf, middleware) assert response.status == 200
def test_logout_post(test_project, waf, create_users): """Test logging out via post.""" request, response = testing.simulate_login(waf, 'admin', 'admin_pass') middleware = testing.injected_session_start(waf, request) request, response = waf.server.test_client.post( '/auth/logout/', headers=testing.csrf_headers(request)) testing.injected_session_end(waf, middleware) assert 'user' not in request['session'] assert response.status == 200
def test_login_post_wrong_user(test_project, waf, create_users): """Test logging in via post with a nonexistent user.""" form_data = { 'username': '******', 'password': '******', 'next': '/', } request, response = waf.server.test_client.post( '/auth/login/', json=form_data, headers=testing.csrf_headers()) assert 'user' not in request['session'] assert response.status == 403
def test_login_post(test_project, waf, create_users): """Test logging in via post.""" form_data = { 'username': '******', 'password': '******', 'next': '/', } request, response = waf.server.test_client.post( '/auth/login/', json=form_data, headers=testing.csrf_headers()) assert 'user' in request['session'] assert request['session']['user'].get('username') == 'admin' assert response.status == 200
def test_password_change_wrong_user(test_project, waf, create_users): """Test changing password for another user via post.""" change_form_data = { 'username': '******', 'old_password': '******', 'new_password': '******', } request, response = testing.simulate_login(waf, 'casual_user', 'casual_pass2') middleware = testing.injected_session_start(waf, request) request, response = waf.server.test_client.post( '/auth/password_change/', json=change_form_data, headers=testing.csrf_headers(request)) testing.injected_session_end(waf, middleware) assert response.status == 403
def test_data_patch(test_project, waf, admin_login_user): """Test posting a new user""" user_id, username, password = create_admin_test_data_user('admin_test_put') form_data = { 'id': user_id, 'username': '******', 'password': '******', } request, response = testing.simulate_login(waf, 'admin_api_test', 'admin_api_pass') middleware = testing.injected_session_start(waf, request) form_data[settings.CSRF_FIELD_NAME] = request['session']['csrf_token'] c_headers = testing.csrf_headers() c_headers.pop(settings.CSRF_HEADER_NAME) request, response = waf.server.test_client.patch('/admin/user/', json=form_data, headers=c_headers) testing.injected_session_end(waf, middleware) assert response.status == 200 with get_engine('default').connect() as con: query = sa.select('*').select_from(tables.user).where(tables.user.c.id==user_id) row = con.execute(query) assert(row.fetchone().username == 'new')
def test_data_delete_no_id(test_project, waf, admin_login_user): """Test posting a new user""" user_id, username, password = create_admin_test_data_user('admin_test_delete') form_data = {} request, response = testing.simulate_login(waf, 'admin_api_test', 'admin_api_pass') middleware = testing.injected_session_start(waf, request) request, response = waf.server.test_client.delete('/admin/user/', json=form_data, headers=testing.csrf_headers(request)) testing.injected_session_end(waf, middleware) assert response.status == 400
def test_data_post_no_csrf(test_project, waf, admin_login_user): """Test posting a new user""" form_data = { 'username': '******', 'password': '******', 'is_active': True, 'is_staff': True, } request, response = testing.simulate_login(waf, 'admin_api_test', 'admin_api_pass') middleware = testing.injected_session_start(waf, request) request, response = waf.server.test_client.post('/admin/user/', json=form_data, headers=testing.csrf_headers()) testing.injected_session_end(waf, middleware) assert response.status == 403
def test_data_patch_bad_table(test_project, waf, admin_login_user): """Test posting a new user""" user_id, username, password = create_admin_test_data_user('admin_test_put') form_data = { 'id': user_id, 'username': '******', 'password': '******', } request, response = testing.simulate_login(waf, 'admin_api_test', 'admin_api_pass') middleware = testing.injected_session_start(waf, request) request, response = waf.server.test_client.patch('/admin/cats/', json=form_data, headers=testing.csrf_headers(request)) testing.injected_session_end(waf, middleware) assert response.status == 403
def test_logout_post_not_logged_in(test_project, waf, create_users): """Test logging out via post.""" request, response = waf.server.test_client.post( '/auth/logout/', headers=testing.csrf_headers()) assert response.status == 401
def test_search_get_sort_limit_offset_reverse(test_project, waf, admin_login_user): """Test search for a user passing in a sort, limit, and offset""" request, response = testing.simulate_login(waf, 'admin_search_test', 'admin_search_pass') middleware = testing.injected_session_start(waf, request) paramstring = 'field=username&value=admin_search_test&sort=-username&limit=10&offset=0' request, response = waf.server.test_client.get(f'/admin/user/search/?{paramstring}', headers=testing.csrf_headers(request)) testing.injected_session_end(waf, middleware) assert response.status == 200
def test_search_get_no_data(test_project, waf, admin_login_user): """Test search for a user""" request, response = testing.simulate_login(waf, 'admin_search_test', 'admin_search_pass') middleware = testing.injected_session_start(waf, request) request, response = waf.server.test_client.get('/admin/user/search/?field=username&value=waffles', headers=testing.csrf_headers(request)) testing.injected_session_end(waf, middleware) assert response.status == 401
def test_manage_access_post(test_project, waf, admin_login_user): """Test posting a new group and adding a user""" data = { 'user_ids': [admin_login_user[0]], 'group_name': 'test_access', 'permissions': [ {'name': 'get', 'target': 'admin'}, {'name': 'post', 'target': 'admin'}, ], } request, response = testing.simulate_login(waf, 'admin_manage_access_test', 'admin_manage_access_pass') middleware = testing.injected_session_start(waf, request) request, response = waf.server.test_client.post('/admin/manage_access/', json=data, headers=testing.csrf_headers(request)) testing.injected_session_end(waf, middleware) assert response.status == 200