def test_change_password(self, test_app):
"""Test changing password correctly and incorrectly"""
self.login(test_app)
# test that the password can be changed
template.clear_test_template_context()
res = test_app.post(
'/edit/password/', {
'old_password': '******',
'new_password': '******',
})
res.follow()
# Did we redirect to the correct page?
assert urlparse.urlsplit(res.location)[2] == '/edit/account/'
# test_user has to be fetched again in order to have the current values
test_user = User.query.filter_by(username=u'chris').first()
assert auth.check_password('123456', test_user.pw_hash)
# Update current user passwd
self.user_password = '******'
# test that the password cannot be changed if the given
# old_password is wrong
template.clear_test_template_context()
test_app.post(
'/edit/password/', {
'old_password': '******',
'new_password': '******',
})
test_user = User.query.filter_by(username=u'chris').first()
assert not auth.check_password('098765', test_user.pw_hash)
def test_change_password(self, test_app):
"""Test changing password correctly and incorrectly"""
self.login(test_app)
# test that the password can be changed
template.clear_test_template_context()
res = test_app.post('/edit/password/', {
'old_password': '******',
'new_password': '******',
})
res.follow()
# Did we redirect to the correct page?
assert urlparse.urlsplit(res.location)[2] == '/edit/account/'
# test_user has to be fetched again in order to have the current values
test_user = User.query.filter_by(username=u'chris').first()
assert auth.check_password('123456', test_user.pw_hash)
# Update current user passwd
self.user_password = '******'
# test that the password cannot be changed if the given
# old_password is wrong
template.clear_test_template_context()
test_app.post('/edit/password/', {
'old_password': '******',
'new_password': '******',
})
test_user = User.query.filter_by(username=u'chris').first()
assert not auth.check_password('098765', test_user.pw_hash)
def _do_request(self, url, *context_keys, **kwargs):
template.clear_test_template_context()
response = self.test_app.request(url, **kwargs)
context_data = template.TEMPLATE_TEST_CONTEXT
for key in context_keys:
context_data = context_data[key]
return response, context_data
def _test_delete(self, test_user):
# Delete openid from user
# Create another user to test deleting OpenID that doesn't belong to them
new_user = fixture_add_user(username='******')
openid = OpenIDUserURL()
openid.openid_url = 'http://realfake.myopenid.com/'
openid.user_id = new_user.id
openid.save()
# Try and delete OpenID url that isn't the users
template.clear_test_template_context()
res = openid_plugin_app.post(
'/edit/openid/delete/', {
'openid': 'http://realfake.myopenid.com/'})
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/plugins/openid/delete.html']
form = context['form']
assert form.openid.errors == [u'That OpenID is not registered to this account.']
# Delete OpenID
# Kind of weird to POST to delete/finish
template.clear_test_template_context()
res = openid_plugin_app.post(
'/edit/openid/delete/finish/', {
'openid': u'http://add.myopenid.com'})
res.follow()
# Correct place?
assert urlparse.urlsplit(res.location)[2] == '/edit/account/'
assert 'mediagoblin/edit/edit_account.html' in template.TEMPLATE_TEST_CONTEXT
# OpenID deleted?
new_openid = mg_globals.database.OpenIDUserURL.query.filter_by(
openid_url=u'http://add.myopenid.com').first()
assert not new_openid
def _test_delete(self, test_user):
# Delete openid from user
# Create another user to test deleting OpenID that doesn't belong to them
new_user = fixture_add_user(username="******")
openid = OpenIDUserURL()
openid.openid_url = "http://realfake.myopenid.com/"
openid.user_id = new_user.id
openid.save()
# Try and delete OpenID url that isn't the users
template.clear_test_template_context()
res = openid_plugin_app.post("/edit/openid/delete/", {"openid": "http://realfake.myopenid.com/"})
context = template.TEMPLATE_TEST_CONTEXT["mediagoblin/plugins/openid/delete.html"]
form = context["form"]
assert form.openid.errors == [u"That OpenID is not registered to this account."]
# Delete OpenID
# Kind of weird to POST to delete/finish
template.clear_test_template_context()
res = openid_plugin_app.post("/edit/openid/delete/finish/", {"openid": u"http://add.myopenid.com"})
res.follow()
# Correct place?
assert urlparse.urlsplit(res.location)[2] == "/edit/account/"
assert "mediagoblin/edit/edit_account.html" in template.TEMPLATE_TEST_CONTEXT
# OpenID deleted?
new_openid = mg_globals.database.OpenIDUserURL.query.filter_by(
openid_url=u"http://add.myopenid.com"
).first()
assert not new_openid
def _test_add_existing():
template.clear_test_template_context()
res = persona_plugin_app.post(
'/edit/persona/add/')
res.follow()
assert urlparse.urlsplit(res.location)[2] == '/edit/persona/'
def test_change_password(test_app):
"""Test changing password correctly and incorrectly"""
test_user = fixture_add_user(password=u'toast', privileges=[u'active'])
test_app.post('/auth/login/', {'username': u'chris', 'password': u'toast'})
# test that the password can be changed
res = test_app.post('/edit/password/', {
'old_password': '******',
'new_password': '******',
})
res.follow()
# Did we redirect to the correct page?
assert urlparse.urlsplit(res.location)[2] == '/edit/account/'
# test_user has to be fetched again in order to have the current values
test_user = User.query.filter_by(username=u'chris').first()
assert auth_tools.bcrypt_check_password('123456', test_user.pw_hash)
# test that the password cannot be changed if the given
# old_password is wrong
template.clear_test_template_context()
test_app.post('/edit/password/', {
'old_password': '******',
'new_password': '******',
})
test_user = User.query.filter_by(username=u'chris').first()
assert not auth_tools.bcrypt_check_password('098765', test_user.pw_hash)
def _test_non_response():
template.clear_test_template_context()
res = openid_plugin_app.post("/auth/openid/login/", {"openid": "http://phoney.myopenid.com/"})
res.follow()
# Correct Place?
assert urlparse.urlsplit(res.location)[2] == "/auth/openid/login/"
assert "mediagoblin/plugins/openid/login.html" in template.TEMPLATE_TEST_CONTEXT
def _test_non_response():
template.clear_test_template_context()
res = openid_plugin_app.post(
'/auth/openid/login/', {
'openid': 'http://phoney.myopenid.com/'})
res.follow()
# Correct Place?
assert urlparse.urlsplit(res.location)[2] == '/auth/openid/login/'
assert 'mediagoblin/plugins/openid/login.html' in template.TEMPLATE_TEST_CONTEXT
def _test_non_response():
template.clear_test_template_context()
res = openid_plugin_app.post(
'/auth/openid/login/', {
'openid': 'http://phoney.myopenid.com/'})
res.follow()
# Correct Place?
assert urlparse.urlsplit(res.location)[2] == '/auth/openid/login/'
assert 'mediagoblin/plugins/openid/login.html' in template.TEMPLATE_TEST_CONTEXT
def do_post(self, data, *context_keys, **kwargs):
url = kwargs.pop('url', '/submit/')
do_follow = kwargs.pop('do_follow', False)
template.clear_test_template_context()
response = self.test_app.post(url, data, **kwargs)
if do_follow:
response.follow()
context_data = template.TEMPLATE_TEST_CONTEXT
for key in context_keys:
context_data = context_data[key]
return response, context_data
def do_post(self, data, *context_keys, **kwargs):
url = kwargs.pop('url', '/submit/')
do_follow = kwargs.pop('do_follow', False)
template.clear_test_template_context()
response = self.test_app.post(url, data, **kwargs)
if do_follow:
response.follow()
context_data = template.TEMPLATE_TEST_CONTEXT
for key in context_keys:
context_data = context_data[key]
return response, context_data
def _test_new_user():
openid_plugin_app.post(
'/auth/openid/login/', {
'openid': u'http://real.myopenid.com'})
# Right place?
assert 'mediagoblin/auth/register.html' in template.TEMPLATE_TEST_CONTEXT
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/register.html']
register_form = context['register_form']
# Register User
res = openid_plugin_app.post(
'/auth/openid/register/', {
'openid': register_form.openid.data,
'username': u'chris',
'email': u'*****@*****.**'})
res.follow()
# Correct place?
assert urlparse.urlsplit(res.location)[2] == '/u/chris/'
assert 'mediagoblin/user_pages/user_nonactive.html' in template.TEMPLATE_TEST_CONTEXT
# No need to test if user is in logged in and verification email
# awaits, since openid uses the register_user function which is
# tested in test_auth
# Logout User
openid_plugin_app.get('/auth/logout')
# Get user and detach from session
test_user = mg_globals.database.LocalUser.query.filter(
LocalUser.username==u'chris'
).first()
Session.expunge(test_user)
# Log back in
# Could not get it to work by 'POST'ing to /auth/openid/login/
template.clear_test_template_context()
res = openid_plugin_app.post(
'/auth/openid/login/finish/', {
'openid': u'http://real.myopenid.com'})
res.follow()
assert urlparse.urlsplit(res.location)[2] == '/'
assert 'mediagoblin/root.html' in template.TEMPLATE_TEST_CONTEXT
# Make sure user is in the session
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/root.html']
session = context['request'].session
assert session['user_id'] == six.text_type(test_user.id)
def _test_new_user():
openid_plugin_app.post('/auth/openid/login/',
{'openid': u'http://real.myopenid.com'})
# Right place?
assert 'mediagoblin/auth/register.html' in template.TEMPLATE_TEST_CONTEXT
context = template.TEMPLATE_TEST_CONTEXT[
'mediagoblin/auth/register.html']
register_form = context['register_form']
# Register User
res = openid_plugin_app.post(
'/auth/openid/register/', {
'openid': register_form.openid.data,
'username': u'chris',
'email': u'*****@*****.**'
})
res.follow()
# Correct place?
assert urlparse.urlsplit(res.location)[2] == '/u/chris/'
assert 'mediagoblin/user_pages/user_nonactive.html' in template.TEMPLATE_TEST_CONTEXT
# No need to test if user is in logged in and verification email
# awaits, since openid uses the register_user function which is
# tested in test_auth
# Logout User
openid_plugin_app.get('/auth/logout')
# Get user and detach from session
test_user = mg_globals.database.LocalUser.query.filter(
LocalUser.username == u'chris').first()
Session.expunge(test_user)
# Log back in
# Could not get it to work by 'POST'ing to /auth/openid/login/
template.clear_test_template_context()
res = openid_plugin_app.post(
'/auth/openid/login/finish/',
{'openid': u'http://real.myopenid.com'})
res.follow()
assert urlparse.urlsplit(res.location)[2] == '/'
assert 'mediagoblin/root.html' in template.TEMPLATE_TEST_CONTEXT
# Make sure user is in the session
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/root.html']
session = context['request'].session
assert session['user_id'] == six.text_type(test_user.id)
def _test_authentication():
template.clear_test_template_context()
res = ldap_plugin_app.post(
'/auth/ldap/login/',
{'username': u'chris',
'password': u'toast'})
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/register.html']
register_form = context['register_form']
assert register_form.username.data == u'chris'
assert register_form.email.data == u'*****@*****.**'
template.clear_test_template_context()
res = ldap_plugin_app.post(
'/auth/ldap/register/',
{'username': u'chris',
'email': u'*****@*****.**'})
res.follow()
assert urlparse.urlsplit(res.location)[2] == '/u/chris/'
assert 'mediagoblin/user_pages/user.html' in template.TEMPLATE_TEST_CONTEXT
# Try to register with same email and username
template.clear_test_template_context()
res = ldap_plugin_app.post(
'/auth/ldap/register/',
{'username': u'chris',
'email': u'*****@*****.**'})
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/register.html']
register_form = context['register_form']
assert register_form.email.errors == [u'Sorry, a user with that email address already exists.']
assert register_form.username.errors == [u'Sorry, a user with that name already exists.']
# Log out
ldap_plugin_app.get('/auth/logout/')
# Get user and detach from session
test_user = mg_globals.database.User.query.filter_by(
username=u'chris').first()
Session.expunge(test_user)
# Log back in
template.clear_test_template_context()
res = ldap_plugin_app.post(
'/auth/ldap/login/',
{'username': u'chris',
'password': u'toast'})
res.follow()
assert urlparse.urlsplit(res.location)[2] == '/'
assert 'mediagoblin/root.html' in template.TEMPLATE_TEST_CONTEXT
# Make sure user is in the session
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/root.html']
session = context['request'].session
assert session['user_id'] == unicode(test_user.id)
def _test_authentication():
template.clear_test_template_context()
res = ldap_plugin_app.post(
'/auth/ldap/login/',
{'username': u'chris',
'password': u'toast'})
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/register.html']
register_form = context['register_form']
assert register_form.username.data == u'chris'
assert register_form.email.data == u'*****@*****.**'
template.clear_test_template_context()
res = ldap_plugin_app.post(
'/auth/ldap/register/',
{'username': u'chris',
'email': u'*****@*****.**'})
res.follow()
assert urlparse.urlsplit(res.location)[2] == '/u/chris/'
assert 'mediagoblin/user_pages/user_nonactive.html' in template.TEMPLATE_TEST_CONTEXT
# Try to register with same email and username
template.clear_test_template_context()
res = ldap_plugin_app.post(
'/auth/ldap/register/',
{'username': u'chris',
'email': u'*****@*****.**'})
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/register.html']
register_form = context['register_form']
assert register_form.email.errors == [u'Sorry, a user with that email address already exists.']
assert register_form.username.errors == [u'Sorry, a user with that name already exists.']
# Log out
ldap_plugin_app.get('/auth/logout/')
# Get user and detach from session
test_user = mg_globals.database.User.query.filter_by(
username=u'chris').first()
Session.expunge(test_user)
# Log back in
template.clear_test_template_context()
res = ldap_plugin_app.post(
'/auth/ldap/login/',
{'username': u'chris',
'password': u'toast'})
res.follow()
assert urlparse.urlsplit(res.location)[2] == '/'
assert 'mediagoblin/root.html' in template.TEMPLATE_TEST_CONTEXT
# Make sure user is in the session
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/root.html']
session = context['request'].session
assert session['user_id'] == unicode(test_user.id)
def _test_add():
# Successful add
template.clear_test_template_context()
res = openid_plugin_app.post(
'/edit/openid/', {'openid': u'http://add.myopenid.com'})
res.follow()
# Correct place?
assert urlparse.urlsplit(res.location)[2] == '/edit/account/'
assert 'mediagoblin/edit/edit_account.html' in template.TEMPLATE_TEST_CONTEXT
# OpenID Added?
new_openid = mg_globals.database.OpenIDUserURL.query.filter_by(
openid_url=u'http://add.myopenid.com').first()
assert new_openid
def _test_add():
# Successful add
template.clear_test_template_context()
res = openid_plugin_app.post("/edit/openid/", {"openid": u"http://add.myopenid.com"})
res.follow()
# Correct place?
assert urlparse.urlsplit(res.location)[2] == "/edit/account/"
assert "mediagoblin/edit/edit_account.html" in template.TEMPLATE_TEST_CONTEXT
# OpenID Added?
new_openid = mg_globals.database.OpenIDUserURL.query.filter_by(
openid_url=u"http://add.myopenid.com"
).first()
assert new_openid
def _test_edit_persona():
# Try and delete only Persona email address
template.clear_test_template_context()
res = persona_plugin_app.post('/edit/persona/',
{'email': '*****@*****.**'})
assert 'mediagoblin/plugins/persona/edit.html' in template.TEMPLATE_TEST_CONTEXT
context = template.TEMPLATE_TEST_CONTEXT[
'mediagoblin/plugins/persona/edit.html']
form = context['form']
assert form.email.errors == [
u"You can't delete your only Persona email address unless you have a password set."
]
template.clear_test_template_context()
res = persona_plugin_app.post('/edit/persona/', {})
assert 'mediagoblin/plugins/persona/edit.html' in template.TEMPLATE_TEST_CONTEXT
context = template.TEMPLATE_TEST_CONTEXT[
'mediagoblin/plugins/persona/edit.html']
form = context['form']
assert form.email.errors == [u'This field is required.']
# Try and delete Persona not owned by the user
template.clear_test_template_context()
res = persona_plugin_app.post('/edit/persona/',
{'email': '*****@*****.**'})
assert 'mediagoblin/plugins/persona/edit.html' in template.TEMPLATE_TEST_CONTEXT
context = template.TEMPLATE_TEST_CONTEXT[
'mediagoblin/plugins/persona/edit.html']
form = context['form']
assert form.email.errors == [
u'That Persona email address is not registered to this account.'
]
res = persona_plugin_app.get('/edit/persona/add/')
assert urlparse.urlsplit(res.location)[2] == '/edit/persona/'
# Add Persona email address
template.clear_test_template_context()
res = persona_plugin_app.post('/edit/persona/add/')
res.follow()
assert urlparse.urlsplit(res.location)[2] == '/edit/account/'
# Delete a Persona
res = persona_plugin_app.post('/edit/persona/',
{'email': '*****@*****.**'})
res.follow()
assert urlparse.urlsplit(res.location)[2] == '/edit/account/'
def clear_test_buckets():
"""
We store some things for testing purposes that should be cleared
when we want a "clean slate" of information for our next round of
tests. Call this function to wipe all that stuff clean.
Also wipes out some other things we might redefine during testing,
like the jinja envs.
"""
global SETUP_JINJA_ENVS
SETUP_JINJA_ENVS = {}
global EMAIL_TEST_INBOX
global EMAIL_TEST_MBOX_INBOX
EMAIL_TEST_INBOX = []
EMAIL_TEST_MBOX_INBOX = []
clear_test_template_context()
def clear_test_buckets():
"""
We store some things for testing purposes that should be cleared
when we want a "clean slate" of information for our next round of
tests. Call this function to wipe all that stuff clean.
Also wipes out some other things we might redefine during testing,
like the jinja envs.
"""
global SETUP_JINJA_ENVS
SETUP_JINJA_ENVS = {}
global EMAIL_TEST_INBOX
global EMAIL_TEST_MBOX_INBOX
EMAIL_TEST_INBOX = []
EMAIL_TEST_MBOX_INBOX = []
clear_test_template_context()
def _test_edit_persona():
# Try and delete only Persona email address
template.clear_test_template_context()
res = persona_plugin_app.post(
'/edit/persona/',
{'email': '*****@*****.**'})
assert 'mediagoblin/plugins/persona/edit.html' in template.TEMPLATE_TEST_CONTEXT
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/plugins/persona/edit.html']
form = context['form']
assert form.email.errors == [u"You can't delete your only Persona email address unless you have a password set."]
template.clear_test_template_context()
res = persona_plugin_app.post(
'/edit/persona/', {})
assert 'mediagoblin/plugins/persona/edit.html' in template.TEMPLATE_TEST_CONTEXT
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/plugins/persona/edit.html']
form = context['form']
assert form.email.errors == [u'This field is required.']
# Try and delete Persona not owned by the user
template.clear_test_template_context()
res = persona_plugin_app.post(
'/edit/persona/',
{'email': '*****@*****.**'})
assert 'mediagoblin/plugins/persona/edit.html' in template.TEMPLATE_TEST_CONTEXT
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/plugins/persona/edit.html']
form = context['form']
assert form.email.errors == [u'That Persona email address is not registered to this account.']
res = persona_plugin_app.get('/edit/persona/add/')
assert urlparse.urlsplit(res.location)[2] == '/edit/persona/'
# Add Persona email address
template.clear_test_template_context()
res = persona_plugin_app.post(
'/edit/persona/add/')
res.follow()
assert urlparse.urlsplit(res.location)[2] == '/edit/account/'
# Delete a Persona
res = persona_plugin_app.post(
'/edit/persona/',
{'email': '*****@*****.**'})
res.follow()
assert urlparse.urlsplit(res.location)[2] == '/edit/account/'
def _test_new_user():
openid_plugin_app.post("/auth/openid/login/", {"openid": u"http://real.myopenid.com"})
# Right place?
assert "mediagoblin/auth/register.html" in template.TEMPLATE_TEST_CONTEXT
context = template.TEMPLATE_TEST_CONTEXT["mediagoblin/auth/register.html"]
register_form = context["register_form"]
# Register User
res = openid_plugin_app.post(
"/auth/openid/register/",
{"openid": register_form.openid.data, "username": u"chris", "email": u"*****@*****.**"},
)
res.follow()
# Correct place?
assert urlparse.urlsplit(res.location)[2] == "/u/chris/"
assert "mediagoblin/user_pages/user.html" in template.TEMPLATE_TEST_CONTEXT
# No need to test if user is in logged in and verification email
# awaits, since openid uses the register_user function which is
# tested in test_auth
# Logout User
openid_plugin_app.get("/auth/logout")
# Get user and detach from session
test_user = mg_globals.database.User.query.filter_by(username=u"chris").first()
Session.expunge(test_user)
# Log back in
# Could not get it to work by 'POST'ing to /auth/openid/login/
template.clear_test_template_context()
res = openid_plugin_app.post("/auth/openid/login/finish/", {"openid": u"http://real.myopenid.com"})
res.follow()
assert urlparse.urlsplit(res.location)[2] == "/"
assert "mediagoblin/root.html" in template.TEMPLATE_TEST_CONTEXT
# Make sure user is in the session
context = template.TEMPLATE_TEST_CONTEXT["mediagoblin/root.html"]
session = context["request"].session
assert session["user_id"] == unicode(test_user.id)
def test_sniffing(self):
'''
Test sniffing mechanism to assert that regular uploads work as intended
'''
template.clear_test_template_context()
response = self.test_app.post(
'/submit/', {
'title': u'UNIQUE_TITLE_PLS_DONT_CREATE_OTHER_MEDIA_WITH_THIS_TITLE'
}, upload_files=[(
'file', GOOD_JPG)])
response.follow()
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/user_pages/user.html']
request = context['request']
media = request.db.MediaEntry.query.filter_by(
title=u'UNIQUE_TITLE_PLS_DONT_CREATE_OTHER_MEDIA_WITH_THIS_TITLE').first()
assert media.media_type == 'mediagoblin.media_types.image'
def test_sniffing(self):
'''
Test sniffing mechanism to assert that regular uploads work as intended
'''
template.clear_test_template_context()
response = self.test_app.post(
'/submit/', {
'title': 'UNIQUE_TITLE_PLS_DONT_CREATE_OTHER_MEDIA_WITH_THIS_TITLE'
}, upload_files=[(
'file', GOOD_JPG)])
response.follow()
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/user_pages/user.html']
request = context['request']
media = request.db.MediaEntry.query.filter_by(
title='UNIQUE_TITLE_PLS_DONT_CREATE_OTHER_MEDIA_WITH_THIS_TITLE').first()
assert media.media_type == 'mediagoblin.media_types.image'
def test_authentication_disabled_app(authentication_disabled_app):
# app.auth should = false
assert mg_globals
assert mg_globals.app.auth is False
# Try to visit register page
template.clear_test_template_context()
response = authentication_disabled_app.get('/auth/register/')
response.follow()
# Correct redirect?
assert urlparse.urlsplit(response.location)[2] == '/'
assert 'mediagoblin/root.html' in template.TEMPLATE_TEST_CONTEXT
# Try to vist login page
template.clear_test_template_context()
response = authentication_disabled_app.get('/auth/login/')
response.follow()
# Correct redirect?
assert urlparse.urlsplit(response.location)[2] == '/'
assert 'mediagoblin/root.html' in template.TEMPLATE_TEST_CONTEXT
## Test check_login_simple should return None
assert auth_tools.check_login_simple('test', 'simple') is None
# Try to visit the forgot password page
template.clear_test_template_context()
response = authentication_disabled_app.get('/auth/register/')
response.follow()
# Correct redirect?
assert urlparse.urlsplit(response.location)[2] == '/'
assert 'mediagoblin/root.html' in template.TEMPLATE_TEST_CONTEXT
def test_authentication_disabled_app(authentication_disabled_app):
# app.auth should = false
assert mg_globals
assert mg_globals.app.auth is False
# Try to visit register page
template.clear_test_template_context()
response = authentication_disabled_app.get('/auth/register/')
response.follow()
# Correct redirect?
assert urlparse.urlsplit(response.location)[2] == '/'
assert 'mediagoblin/root.html' in template.TEMPLATE_TEST_CONTEXT
# Try to vist login page
template.clear_test_template_context()
response = authentication_disabled_app.get('/auth/login/')
response.follow()
# Correct redirect?
assert urlparse.urlsplit(response.location)[2] == '/'
assert 'mediagoblin/root.html' in template.TEMPLATE_TEST_CONTEXT
## Test check_login_simple should return None
assert auth_tools.check_login_simple('test', 'simple') is None
# Try to visit the forgot password page
template.clear_test_template_context()
response = authentication_disabled_app.get('/auth/register/')
response.follow()
# Correct redirect?
assert urlparse.urlsplit(response.location)[2] == '/'
assert 'mediagoblin/root.html' in template.TEMPLATE_TEST_CONTEXT
def test_bad_login(self, openid_plugin_app):
""" Test that attempts to login with invalid paramaters"""
# Test GET request for auth/register page
res = openid_plugin_app.get("/auth/register/").follow()
# Make sure it redirected to the correct place
assert urlparse.urlsplit(res.location)[2] == "/auth/openid/login/"
# Test GET request for auth/login page
res = openid_plugin_app.get("/auth/login/")
res.follow()
# Correct redirect?
assert urlparse.urlsplit(res.location)[2] == "/auth/openid/login/"
# Test GET request for auth/openid/register page
res = openid_plugin_app.get("/auth/openid/register/")
res.follow()
# Correct redirect?
assert urlparse.urlsplit(res.location)[2] == "/auth/openid/login/"
# Test GET request for auth/openid/login/finish page
res = openid_plugin_app.get("/auth/openid/login/finish/")
res.follow()
# Correct redirect?
assert urlparse.urlsplit(res.location)[2] == "/auth/openid/login/"
# Test GET request for auth/openid/login page
res = openid_plugin_app.get("/auth/openid/login/")
# Correct place?
assert "mediagoblin/plugins/openid/login.html" in template.TEMPLATE_TEST_CONTEXT
# Try to login with an empty form
template.clear_test_template_context()
openid_plugin_app.post("/auth/openid/login/", {})
context = template.TEMPLATE_TEST_CONTEXT["mediagoblin/plugins/openid/login.html"]
form = context["login_form"]
assert form.openid.errors == [u"This field is required."]
# Try to login with wrong form values
template.clear_test_template_context()
openid_plugin_app.post("/auth/openid/login/", {"openid": "not_a_url.com"})
context = template.TEMPLATE_TEST_CONTEXT["mediagoblin/plugins/openid/login.html"]
form = context["login_form"]
assert form.openid.errors == [u"Please enter a valid url."]
# Should be no users in the db
assert User.query.count() == 0
# Phony OpenID URl
template.clear_test_template_context()
openid_plugin_app.post("/auth/openid/login/", {"openid": "http://phoney.myopenid.com/"})
context = template.TEMPLATE_TEST_CONTEXT["mediagoblin/plugins/openid/login.html"]
form = context["login_form"]
assert form.openid.errors == [u"Sorry, the OpenID server could not be found"]
def test_change_password(test_app):
"""Test changing password correctly and incorrectly"""
test_user = fixture_add_user(
password=u'toast',
privileges=[u'active'])
test_app.post(
'/auth/login/', {
'username': u'chris',
'password': u'toast'})
# test that the password can be changed
res = test_app.post(
'/edit/password/', {
'old_password': '******',
'new_password': '******',
})
res.follow()
# Did we redirect to the correct page?
assert urlparse.urlsplit(res.location)[2] == '/edit/account/'
# test_user has to be fetched again in order to have the current values
test_user = LocalUser.query.filter(LocalUser.username==u'chris').first()
assert auth_tools.bcrypt_check_password('123456', test_user.pw_hash)
# test that the password cannot be changed if the given
# old_password is wrong
template.clear_test_template_context()
test_app.post(
'/edit/password/', {
'old_password': '******',
'new_password': '******',
})
test_user = LocalUser.query.filter(LocalUser.username==u'chris').first()
assert not auth_tools.bcrypt_check_password('098765', test_user.pw_hash)
def test_change_password(test_app):
"""Test changing password correctly and incorrectly"""
test_user = fixture_add_user(password=u"toast", privileges=[u"active"])
test_app.post("/auth/login/", {"username": u"chris", "password": u"toast"})
# test that the password can be changed
res = test_app.post("/edit/password/", {"old_password": "******", "new_password": "******"})
res.follow()
# Did we redirect to the correct page?
assert urlparse.urlsplit(res.location)[2] == "/edit/account/"
# test_user has to be fetched again in order to have the current values
test_user = User.query.filter_by(username=u"chris").first()
assert auth_tools.bcrypt_check_password("123456", test_user.pw_hash)
# test that the password cannot be changed if the given
# old_password is wrong
template.clear_test_template_context()
test_app.post("/edit/password/", {"old_password": "******", "new_password": "******"})
test_user = User.query.filter_by(username=u"chris").first()
assert not auth_tools.bcrypt_check_password("098765", test_user.pw_hash)
def test_authentication_views(test_app):
"""
Test logging in and logging out
"""
# Make a new user
test_user = fixture_add_user()
# Get login
# ---------
test_app.get('/auth/login/')
assert 'mediagoblin/auth/login.html' in template.TEMPLATE_TEST_CONTEXT
# Failed login - blank form
# -------------------------
template.clear_test_template_context()
response = test_app.post('/auth/login/')
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/login.html']
form = context['login_form']
assert form.username.errors == [u'This field is required.']
# Failed login - blank user
# -------------------------
template.clear_test_template_context()
response = test_app.post(
'/auth/login/', {
'password': u'toast'})
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/login.html']
form = context['login_form']
assert form.username.errors == [u'This field is required.']
# Failed login - blank password
# -----------------------------
template.clear_test_template_context()
response = test_app.post(
'/auth/login/', {
'username': u'chris'})
assert 'mediagoblin/auth/login.html' in template.TEMPLATE_TEST_CONTEXT
# Failed login - bad user
# -----------------------
template.clear_test_template_context()
response = test_app.post(
'/auth/login/', {
'username': u'steve',
'password': '******'})
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/login.html']
assert context['login_failed']
# Failed login - bad password
# ---------------------------
template.clear_test_template_context()
response = test_app.post(
'/auth/login/', {
'username': u'chris',
'password': '******'})
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/login.html']
assert context['login_failed']
# Successful login
# ----------------
template.clear_test_template_context()
response = test_app.post(
'/auth/login/', {
'username': u'chris',
'password': '******'})
# User should be redirected
response.follow()
assert urlparse.urlsplit(response.location)[2] == '/'
assert 'mediagoblin/root.html' in template.TEMPLATE_TEST_CONTEXT
# Make sure user is in the session
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/root.html']
session = context['request'].session
assert session['user_id'] == six.text_type(test_user.id)
# Successful logout
# -----------------
template.clear_test_template_context()
response = test_app.get('/auth/logout/')
# Should be redirected to index page
response.follow()
assert urlparse.urlsplit(response.location)[2] == '/'
assert 'mediagoblin/root.html' in template.TEMPLATE_TEST_CONTEXT
# Make sure the user is not in the session
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/root.html']
session = context['request'].session
assert 'user_id' not in session
# User is redirected to custom URL if POST['next'] is set
# -------------------------------------------------------
template.clear_test_template_context()
response = test_app.post(
'/auth/login/', {
'username': u'chris',
'password': '******',
'next' : '/u/chris/'})
assert urlparse.urlsplit(response.location)[2] == '/u/chris/'
## Verify that username is lowercased on login attempt
template.clear_test_template_context()
response = test_app.post(
'/auth/login/', {
'username': u'ANDREW',
'password': '******'})
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/login.html']
form = context['login_form']
# Username should no longer be uppercased; it should be lowercased
assert not form.username.data == u'ANDREW'
assert form.username.data == u'andrew'
def test_email_change(self, test_app):
self.login(test_app)
# Test email already in db
template.clear_test_template_context()
test_app.post('/edit/email/', {
'new_email': '*****@*****.**',
'password': '******'
})
# Check form errors
context = template.TEMPLATE_TEST_CONTEXT[
'mediagoblin/edit/change_email.html']
assert context['form'].new_email.errors == [
u'Sorry, a user with that email address already exists.'
]
# Test successful email change
template.clear_test_template_context()
res = test_app.post('/edit/email/', {
'new_email': '*****@*****.**',
'password': '******'
})
res.follow()
# Correct redirect?
assert urlparse.urlsplit(res.location)[2] == '/edit/account/'
# Make sure we get email verification and try verifying
assert len(mail.EMAIL_TEST_INBOX) == 1
message = mail.EMAIL_TEST_INBOX.pop()
assert message['To'] == '*****@*****.**'
email_context = template.TEMPLATE_TEST_CONTEXT[
'mediagoblin/edit/verification.txt']
assert email_context['verification_url'] in \
message.get_payload(decode=True)
path = urlparse.urlsplit(email_context['verification_url'])[2]
assert path == u'/edit/verify_email/'
## Try verifying with bs verification key, shouldn't work
template.clear_test_template_context()
res = test_app.get("/edit/verify_email/?token=total_bs")
res.follow()
# Correct redirect?
assert urlparse.urlsplit(res.location)[2] == '/'
# Email shouldn't be saved
email_in_db = mg_globals.database.User.query.filter_by(
email='*****@*****.**').first()
email = User.query.filter_by(username='******').first().email
assert email_in_db is None
assert email == '*****@*****.**'
# Verify email activation works
template.clear_test_template_context()
get_params = urlparse.urlsplit(email_context['verification_url'])[3]
res = test_app.get('%s?%s' % (path, get_params))
res.follow()
# New email saved?
email = User.query.filter_by(username='******').first().email
assert email == '*****@*****.**'
def test_email_change(self, test_app):
self.login(test_app)
# Test email already in db
template.clear_test_template_context()
test_app.post(
'/edit/email/', {
'new_email': '*****@*****.**',
'password': '******'})
# Check form errors
context = template.TEMPLATE_TEST_CONTEXT[
'mediagoblin/edit/change_email.html']
assert context['form'].new_email.errors == [
u'Sorry, a user with that email address already exists.']
# Test successful email change
template.clear_test_template_context()
res = test_app.post(
'/edit/email/', {
'new_email': '*****@*****.**',
'password': '******'})
res.follow()
# Correct redirect?
assert urlparse.urlsplit(res.location)[2] == '/edit/account/'
# Make sure we get email verification and try verifying
assert len(mail.EMAIL_TEST_INBOX) == 1
message = mail.EMAIL_TEST_INBOX.pop()
assert message['To'] == '*****@*****.**'
email_context = template.TEMPLATE_TEST_CONTEXT[
'mediagoblin/edit/verification.txt']
assert email_context['verification_url'] in \
message.get_payload(decode=True)
path = urlparse.urlsplit(email_context['verification_url'])[2]
assert path == u'/edit/verify_email/'
## Try verifying with bs verification key, shouldn't work
template.clear_test_template_context()
res = test_app.get(
"/edit/verify_email/?token=total_bs")
res.follow()
# Correct redirect?
assert urlparse.urlsplit(res.location)[2] == '/'
# Email shouldn't be saved
email_in_db = mg_globals.database.User.query.filter_by(
email='*****@*****.**').first()
email = User.query.filter_by(username='******').first().email
assert email_in_db is None
assert email == '*****@*****.**'
# Verify email activation works
template.clear_test_template_context()
get_params = urlparse.urlsplit(email_context['verification_url'])[3]
res = test_app.get('%s?%s' % (path, get_params))
res.follow()
# New email saved?
email = User.query.filter_by(username='******').first().email
assert email == '*****@*****.**'
def test_login(self, openid_plugin_app):
"""Tests that test login and registion with openid"""
# Test finish_login redirects correctly when response = False
self._setup(openid_plugin_app, False)
@mock.patch("mediagoblin.plugins.openid.views._finish_verification", self._finish_verification)
@mock.patch("mediagoblin.plugins.openid.views._start_verification", self._start_verification)
def _test_non_response():
template.clear_test_template_context()
res = openid_plugin_app.post("/auth/openid/login/", {"openid": "http://phoney.myopenid.com/"})
res.follow()
# Correct Place?
assert urlparse.urlsplit(res.location)[2] == "/auth/openid/login/"
assert "mediagoblin/plugins/openid/login.html" in template.TEMPLATE_TEST_CONTEXT
_test_non_response()
# Test login with new openid
# Need to clear_test_template_context before calling _setup
template.clear_test_template_context()
self._setup(openid_plugin_app)
@mock.patch("mediagoblin.plugins.openid.views._finish_verification", self._finish_verification)
@mock.patch("mediagoblin.plugins.openid.views._start_verification", self._start_verification)
def _test_new_user():
openid_plugin_app.post("/auth/openid/login/", {"openid": u"http://real.myopenid.com"})
# Right place?
assert "mediagoblin/auth/register.html" in template.TEMPLATE_TEST_CONTEXT
context = template.TEMPLATE_TEST_CONTEXT["mediagoblin/auth/register.html"]
register_form = context["register_form"]
# Register User
res = openid_plugin_app.post(
"/auth/openid/register/",
{"openid": register_form.openid.data, "username": u"chris", "email": u"*****@*****.**"},
)
res.follow()
# Correct place?
assert urlparse.urlsplit(res.location)[2] == "/u/chris/"
assert "mediagoblin/user_pages/user.html" in template.TEMPLATE_TEST_CONTEXT
# No need to test if user is in logged in and verification email
# awaits, since openid uses the register_user function which is
# tested in test_auth
# Logout User
openid_plugin_app.get("/auth/logout")
# Get user and detach from session
test_user = mg_globals.database.User.query.filter_by(username=u"chris").first()
Session.expunge(test_user)
# Log back in
# Could not get it to work by 'POST'ing to /auth/openid/login/
template.clear_test_template_context()
res = openid_plugin_app.post("/auth/openid/login/finish/", {"openid": u"http://real.myopenid.com"})
res.follow()
assert urlparse.urlsplit(res.location)[2] == "/"
assert "mediagoblin/root.html" in template.TEMPLATE_TEST_CONTEXT
# Make sure user is in the session
context = template.TEMPLATE_TEST_CONTEXT["mediagoblin/root.html"]
session = context["request"].session
assert session["user_id"] == unicode(test_user.id)
_test_new_user()
# Test register with empty form
template.clear_test_template_context()
openid_plugin_app.post("/auth/openid/register/", {})
context = template.TEMPLATE_TEST_CONTEXT["mediagoblin/auth/register.html"]
register_form = context["register_form"]
assert register_form.openid.errors == [u"This field is required."]
assert register_form.email.errors == [u"This field is required."]
assert register_form.username.errors == [u"This field is required."]
# Try to register with existing username and email
template.clear_test_template_context()
openid_plugin_app.post(
"/auth/openid/register/",
{"openid": "http://real.myopenid.com", "email": "*****@*****.**", "username": "******"},
)
context = template.TEMPLATE_TEST_CONTEXT["mediagoblin/auth/register.html"]
register_form = context["register_form"]
assert register_form.username.errors == [u"Sorry, a user with that name already exists."]
assert register_form.email.errors == [u"Sorry, a user with that email address already exists."]
assert register_form.openid.errors == [u"Sorry, an account is already registered to that OpenID."]
def test_authentication_views(test_app):
"""
Test logging in and logging out
"""
# Make a new user
test_user = fixture_add_user(active_user=False)
# Get login
# ---------
test_app.get("/auth/login/")
assert template.TEMPLATE_TEST_CONTEXT.has_key("mediagoblin/auth/login.html")
# Failed login - blank form
# -------------------------
template.clear_test_template_context()
response = test_app.post("/auth/login/")
context = template.TEMPLATE_TEST_CONTEXT["mediagoblin/auth/login.html"]
form = context["login_form"]
assert form.username.errors == [u"This field is required."]
assert form.password.errors == [u"This field is required."]
# Failed login - blank user
# -------------------------
template.clear_test_template_context()
response = test_app.post("/auth/login/", {"password": u"toast"})
context = template.TEMPLATE_TEST_CONTEXT["mediagoblin/auth/login.html"]
form = context["login_form"]
assert form.username.errors == [u"This field is required."]
# Failed login - blank password
# -----------------------------
template.clear_test_template_context()
response = test_app.post("/auth/login/", {"username": u"chris"})
context = template.TEMPLATE_TEST_CONTEXT["mediagoblin/auth/login.html"]
form = context["login_form"]
assert form.password.errors == [u"This field is required."]
# Failed login - bad user
# -----------------------
template.clear_test_template_context()
response = test_app.post("/auth/login/", {"username": u"steve", "password": "******"})
context = template.TEMPLATE_TEST_CONTEXT["mediagoblin/auth/login.html"]
assert context["login_failed"]
# Failed login - bad password
# ---------------------------
template.clear_test_template_context()
response = test_app.post("/auth/login/", {"username": u"chris", "password": "******"})
context = template.TEMPLATE_TEST_CONTEXT["mediagoblin/auth/login.html"]
assert context["login_failed"]
# Successful login
# ----------------
template.clear_test_template_context()
response = test_app.post("/auth/login/", {"username": u"chris", "password": "******"})
# User should be redirected
response.follow()
assert_equal(urlparse.urlsplit(response.location)[2], "/")
assert template.TEMPLATE_TEST_CONTEXT.has_key("mediagoblin/root.html")
# Make sure user is in the session
context = template.TEMPLATE_TEST_CONTEXT["mediagoblin/root.html"]
session = context["request"].session
assert session["user_id"] == unicode(test_user._id)
# Successful logout
# -----------------
template.clear_test_template_context()
response = test_app.get("/auth/logout/")
# Should be redirected to index page
response.follow()
assert_equal(urlparse.urlsplit(response.location)[2], "/")
assert template.TEMPLATE_TEST_CONTEXT.has_key("mediagoblin/root.html")
# Make sure the user is not in the session
context = template.TEMPLATE_TEST_CONTEXT["mediagoblin/root.html"]
session = context["request"].session
assert session.has_key("user_id") == False
# User is redirected to custom URL if POST['next'] is set
# -------------------------------------------------------
template.clear_test_template_context()
response = test_app.post("/auth/login/", {"username": u"chris", "password": "******", "next": "/u/chris/"})
assert_equal(urlparse.urlsplit(response.location)[2], "/u/chris/")
def test_login(self, openid_plugin_app):
"""Tests that test login and registion with openid"""
# Test finish_login redirects correctly when response = False
self._setup(openid_plugin_app, False)
@mock.patch('mediagoblin.plugins.openid.views._finish_verification', self._finish_verification)
@mock.patch('mediagoblin.plugins.openid.views._start_verification', self._start_verification)
def _test_non_response():
template.clear_test_template_context()
res = openid_plugin_app.post(
'/auth/openid/login/', {
'openid': 'http://phoney.myopenid.com/'})
res.follow()
# Correct Place?
assert urlparse.urlsplit(res.location)[2] == '/auth/openid/login/'
assert 'mediagoblin/plugins/openid/login.html' in template.TEMPLATE_TEST_CONTEXT
_test_non_response()
# Test login with new openid
# Need to clear_test_template_context before calling _setup
template.clear_test_template_context()
self._setup(openid_plugin_app)
@mock.patch('mediagoblin.plugins.openid.views._finish_verification', self._finish_verification)
@mock.patch('mediagoblin.plugins.openid.views._start_verification', self._start_verification)
def _test_new_user():
openid_plugin_app.post(
'/auth/openid/login/', {
'openid': u'http://real.myopenid.com'})
# Right place?
assert 'mediagoblin/auth/register.html' in template.TEMPLATE_TEST_CONTEXT
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/register.html']
register_form = context['register_form']
# Register User
res = openid_plugin_app.post(
'/auth/openid/register/', {
'openid': register_form.openid.data,
'username': u'chris',
'email': u'*****@*****.**'})
res.follow()
# Correct place?
assert urlparse.urlsplit(res.location)[2] == '/u/chris/'
assert 'mediagoblin/user_pages/user_nonactive.html' in template.TEMPLATE_TEST_CONTEXT
# No need to test if user is in logged in and verification email
# awaits, since openid uses the register_user function which is
# tested in test_auth
# Logout User
openid_plugin_app.get('/auth/logout')
# Get user and detach from session
test_user = mg_globals.database.LocalUser.query.filter(
LocalUser.username==u'chris'
).first()
Session.expunge(test_user)
# Log back in
# Could not get it to work by 'POST'ing to /auth/openid/login/
template.clear_test_template_context()
res = openid_plugin_app.post(
'/auth/openid/login/finish/', {
'openid': u'http://real.myopenid.com'})
res.follow()
assert urlparse.urlsplit(res.location)[2] == '/'
assert 'mediagoblin/root.html' in template.TEMPLATE_TEST_CONTEXT
# Make sure user is in the session
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/root.html']
session = context['request'].session
assert session['user_id'] == six.text_type(test_user.id)
_test_new_user()
# Test register with empty form
template.clear_test_template_context()
openid_plugin_app.post(
'/auth/openid/register/', {})
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/register.html']
register_form = context['register_form']
assert register_form.openid.errors == [u'This field is required.']
assert register_form.email.errors == [u'This field is required.']
assert register_form.username.errors == [u'This field is required.']
# Try to register with existing username and email
template.clear_test_template_context()
openid_plugin_app.post(
'/auth/openid/register/', {
'openid': 'http://real.myopenid.com',
'email': '*****@*****.**',
'username': '******'})
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/register.html']
register_form = context['register_form']
assert register_form.username.errors == [u'Sorry, a user with that name already exists.']
assert register_form.email.errors == [u'Sorry, a user with that email address already exists.']
assert register_form.openid.errors == [u'Sorry, an account is already registered to that OpenID.']
def test_bad_login(self, openid_plugin_app):
""" Test that attempts to login with invalid paramaters"""
# Test GET request for auth/register page
res = openid_plugin_app.get('/auth/register/').follow()
# Make sure it redirected to the correct place
assert urlparse.urlsplit(res.location)[2] == '/auth/openid/login/'
# Test GET request for auth/login page
res = openid_plugin_app.get('/auth/login/')
res.follow()
# Correct redirect?
assert urlparse.urlsplit(res.location)[2] == '/auth/openid/login/'
# Test GET request for auth/openid/register page
res = openid_plugin_app.get('/auth/openid/register/')
res.follow()
# Correct redirect?
assert urlparse.urlsplit(res.location)[2] == '/auth/openid/login/'
# Test GET request for auth/openid/login/finish page
res = openid_plugin_app.get('/auth/openid/login/finish/')
res.follow()
# Correct redirect?
assert urlparse.urlsplit(res.location)[2] == '/auth/openid/login/'
# Test GET request for auth/openid/login page
res = openid_plugin_app.get('/auth/openid/login/')
# Correct place?
assert 'mediagoblin/plugins/openid/login.html' in template.TEMPLATE_TEST_CONTEXT
# Try to login with an empty form
template.clear_test_template_context()
openid_plugin_app.post(
'/auth/openid/login/', {})
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/plugins/openid/login.html']
form = context['login_form']
assert form.openid.errors == [u'This field is required.']
# Try to login with wrong form values
template.clear_test_template_context()
openid_plugin_app.post(
'/auth/openid/login/', {
'openid': 'not_a_url.com'})
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/plugins/openid/login.html']
form = context['login_form']
assert form.openid.errors == [u'Please enter a valid url.']
# Should be no users in the db
assert User.query.count() == 0
# Phony OpenID URl
template.clear_test_template_context()
openid_plugin_app.post(
'/auth/openid/login/', {
'openid': 'http://phoney.myopenid.com/'})
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/plugins/openid/login.html']
form = context['login_form']
assert form.openid.errors == [u'Sorry, the OpenID server could not be found']
def test_add_delete(self, openid_plugin_app):
"""Test adding and deleting openids"""
# Add user
test_user = fixture_add_user(password="")
openid = OpenIDUserURL()
openid.openid_url = "http://real.myopenid.com"
openid.user_id = test_user.id
openid.save()
# Log user in
template.clear_test_template_context()
self._setup(openid_plugin_app)
@mock.patch("mediagoblin.plugins.openid.views._finish_verification", self._finish_verification)
@mock.patch("mediagoblin.plugins.openid.views._start_verification", self._start_verification)
def _login_user():
openid_plugin_app.post("/auth/openid/login/finish/", {"openid": u"http://real.myopenid.com"})
_login_user()
# Try and delete only OpenID url
template.clear_test_template_context()
res = openid_plugin_app.post("/edit/openid/delete/", {"openid": "http://real.myopenid.com"})
assert "mediagoblin/plugins/openid/delete.html" in template.TEMPLATE_TEST_CONTEXT
# Add OpenID to user
# Empty form
template.clear_test_template_context()
res = openid_plugin_app.post("/edit/openid/", {})
context = template.TEMPLATE_TEST_CONTEXT["mediagoblin/plugins/openid/add.html"]
form = context["form"]
assert form.openid.errors == [u"This field is required."]
# Try with a bad url
template.clear_test_template_context()
openid_plugin_app.post("/edit/openid/", {"openid": u"not_a_url.com"})
context = template.TEMPLATE_TEST_CONTEXT["mediagoblin/plugins/openid/add.html"]
form = context["form"]
assert form.openid.errors == [u"Please enter a valid url."]
# Try with a url that's already registered
template.clear_test_template_context()
openid_plugin_app.post("/edit/openid/", {"openid": "http://real.myopenid.com"})
context = template.TEMPLATE_TEST_CONTEXT["mediagoblin/plugins/openid/add.html"]
form = context["form"]
assert form.openid.errors == [u"Sorry, an account is already registered to that OpenID."]
# Test adding openid to account
# Need to clear_test_template_context before calling _setup
template.clear_test_template_context()
self._setup(openid_plugin_app, edit=True)
# Need to remove openid_url from db because it was added at setup
openid = OpenIDUserURL.query.filter_by(openid_url=u"http://add.myopenid.com")
openid.delete()
@mock.patch("mediagoblin.plugins.openid.views._finish_verification", self._finish_verification)
@mock.patch("mediagoblin.plugins.openid.views._start_verification", self._start_verification)
def _test_add():
# Successful add
template.clear_test_template_context()
res = openid_plugin_app.post("/edit/openid/", {"openid": u"http://add.myopenid.com"})
res.follow()
# Correct place?
assert urlparse.urlsplit(res.location)[2] == "/edit/account/"
assert "mediagoblin/edit/edit_account.html" in template.TEMPLATE_TEST_CONTEXT
# OpenID Added?
new_openid = mg_globals.database.OpenIDUserURL.query.filter_by(
openid_url=u"http://add.myopenid.com"
).first()
assert new_openid
_test_add()
# Test deleting openid from account
# Need to clear_test_template_context before calling _setup
template.clear_test_template_context()
self._setup(openid_plugin_app, delete=True)
# Need to add OpenID back to user because it was deleted during
# patch
openid = OpenIDUserURL()
openid.openid_url = "http://add.myopenid.com"
openid.user_id = test_user.id
openid.save()
@mock.patch("mediagoblin.plugins.openid.views._finish_verification", self._finish_verification)
@mock.patch("mediagoblin.plugins.openid.views._start_verification", self._start_verification)
def _test_delete(self, test_user):
# Delete openid from user
# Create another user to test deleting OpenID that doesn't belong to them
new_user = fixture_add_user(username="******")
openid = OpenIDUserURL()
openid.openid_url = "http://realfake.myopenid.com/"
openid.user_id = new_user.id
openid.save()
# Try and delete OpenID url that isn't the users
template.clear_test_template_context()
res = openid_plugin_app.post("/edit/openid/delete/", {"openid": "http://realfake.myopenid.com/"})
context = template.TEMPLATE_TEST_CONTEXT["mediagoblin/plugins/openid/delete.html"]
form = context["form"]
assert form.openid.errors == [u"That OpenID is not registered to this account."]
# Delete OpenID
# Kind of weird to POST to delete/finish
template.clear_test_template_context()
res = openid_plugin_app.post("/edit/openid/delete/finish/", {"openid": u"http://add.myopenid.com"})
res.follow()
# Correct place?
assert urlparse.urlsplit(res.location)[2] == "/edit/account/"
assert "mediagoblin/edit/edit_account.html" in template.TEMPLATE_TEST_CONTEXT
# OpenID deleted?
new_openid = mg_globals.database.OpenIDUserURL.query.filter_by(
openid_url=u"http://add.myopenid.com"
).first()
assert not new_openid
_test_delete(self, test_user)
def test_register_views(test_app):
"""
Massive test function that all our registration-related views all work.
"""
# Test doing a simple GET on the page
# -----------------------------------
test_app.get('/auth/register/')
# Make sure it rendered with the appropriate template
assert 'mediagoblin/auth/register.html' in template.TEMPLATE_TEST_CONTEXT
# Try to register without providing anything, should error
# --------------------------------------------------------
template.clear_test_template_context()
test_app.post('/auth/register/', {})
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/register.html']
form = context['register_form']
assert form.username.errors == [u'This field is required.']
assert form.password.errors == [u'This field is required.']
assert form.email.errors == [u'This field is required.']
# Try to register with fields that are known to be invalid
# --------------------------------------------------------
## too short
template.clear_test_template_context()
test_app.post('/auth/register/', {
'username': '******',
'password': '******',
'email': 'l'
})
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/register.html']
form = context['register_form']
assert form.username.errors == [
u'Field must be between 3 and 30 characters long.'
]
assert form.password.errors == [
u'Field must be between 5 and 1024 characters long.'
]
## bad form
template.clear_test_template_context()
test_app.post('/auth/register/', {
'username': '******',
'email': 'lollerskates'
})
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/register.html']
form = context['register_form']
assert form.username.errors == [
u'This field does not take email addresses.'
]
assert form.email.errors == [u'This field requires an email address.']
## At this point there should be no users in the database ;)
assert User.query.count() == 0
# Successful register
# -------------------
template.clear_test_template_context()
response = test_app.post(
'/auth/register/', {
'username': u'angrygirl',
'password': '******',
'email': '*****@*****.**'
})
response.follow()
## Did we redirect to the proper page? Use the right template?
assert urlparse.urlsplit(response.location)[2] == '/u/angrygirl/'
assert 'mediagoblin/user_pages/user_nonactive.html' in template.TEMPLATE_TEST_CONTEXT
## Make sure user is in place
new_user = mg_globals.database.LocalUser.query.filter(
LocalUser.username == u'angrygirl').first()
assert new_user
## Make sure that the proper privileges are granted on registration
assert new_user.has_privilege(u'commenter')
assert new_user.has_privilege(u'uploader')
assert new_user.has_privilege(u'reporter')
assert not new_user.has_privilege(u'active')
## Make sure user is logged in
request = template.TEMPLATE_TEST_CONTEXT[
'mediagoblin/user_pages/user_nonactive.html']['request']
assert request.session['user_id'] == six.text_type(new_user.id)
## Make sure we get email confirmation, and try verifying
assert len(mail.EMAIL_TEST_INBOX) == 1
message = mail.EMAIL_TEST_INBOX.pop()
assert message['To'] == '*****@*****.**'
email_context = template.TEMPLATE_TEST_CONTEXT[
'mediagoblin/auth/verification_email.txt']
assert email_context['verification_url'].encode(
'ascii') in message.get_payload(decode=True)
path = urlparse.urlsplit(email_context['verification_url'])[2]
get_params = urlparse.urlsplit(email_context['verification_url'])[3]
assert path == u'/auth/verify_email/'
parsed_get_params = urlparse.parse_qs(get_params)
## Try verifying with bs verification key, shouldn't work
template.clear_test_template_context()
response = test_app.get("/auth/verify_email/?token=total_bs")
response.follow()
# Correct redirect?
assert urlparse.urlsplit(response.location)[2] == '/'
# assert context['verification_successful'] == True
# TODO: Would be good to test messages here when we can do so...
new_user = mg_globals.database.LocalUser.query.filter(
LocalUser.username == u'angrygirl').first()
assert new_user
## Verify the email activation works
template.clear_test_template_context()
response = test_app.get("%s?%s" % (path, get_params))
response.follow()
context = template.TEMPLATE_TEST_CONTEXT[
'mediagoblin/user_pages/user.html']
# assert context['verification_successful'] == True
# TODO: Would be good to test messages here when we can do so...
new_user = mg_globals.database.LocalUser.query.filter(
LocalUser.username == u'angrygirl').first()
assert new_user
# Uniqueness checks
# -----------------
## We shouldn't be able to register with that user twice
template.clear_test_template_context()
response = test_app.post(
'/auth/register/', {
'username': u'angrygirl',
'password': '******',
'email': '*****@*****.**'
})
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/register.html']
form = context['register_form']
assert form.username.errors == [
u'Sorry, a user with that name already exists.'
]
## TODO: Also check for double instances of an email address?
### Oops, forgot the password
# -------------------
template.clear_test_template_context()
response = test_app.post('/auth/forgot_password/',
{'username': u'angrygirl'})
response.follow()
## Did we redirect to the proper page? Use the right template?
assert urlparse.urlsplit(response.location)[2] == '/auth/login/'
assert 'mediagoblin/auth/login.html' in template.TEMPLATE_TEST_CONTEXT
## Make sure link to change password is sent by email
assert len(mail.EMAIL_TEST_INBOX) == 1
message = mail.EMAIL_TEST_INBOX.pop()
assert message['To'] == '*****@*****.**'
email_context = template.TEMPLATE_TEST_CONTEXT[
'mediagoblin/plugins/basic_auth/fp_verification_email.txt']
#TODO - change the name of verification_url to something forgot-password-ish
assert email_context['verification_url'].encode(
'ascii') in message.get_payload(decode=True)
path = urlparse.urlsplit(email_context['verification_url'])[2]
get_params = urlparse.urlsplit(email_context['verification_url'])[3]
parsed_get_params = urlparse.parse_qs(get_params)
assert path == u'/auth/forgot_password/verify/'
## Try using a bs password-changing verification key, shouldn't work
template.clear_test_template_context()
response = test_app.get("/auth/forgot_password/verify/?token=total_bs")
response.follow()
# Correct redirect?
assert urlparse.urlsplit(response.location)[2] == '/'
## Verify step 1 of password-change works -- can see form to change password
template.clear_test_template_context()
response = test_app.get("%s?%s" % (path, get_params))
assert 'mediagoblin/plugins/basic_auth/change_fp.html' in \
template.TEMPLATE_TEST_CONTEXT
## Verify step 2.1 of password-change works -- report success to user
template.clear_test_template_context()
response = test_app.post('/auth/forgot_password/verify/', {
'password': '******',
'token': parsed_get_params['token']
})
response.follow()
assert 'mediagoblin/auth/login.html' in template.TEMPLATE_TEST_CONTEXT
## Verify step 2.2 of password-change works -- login w/ new password success
template.clear_test_template_context()
response = test_app.post('/auth/login/', {
'username': u'angrygirl',
'password': '******'
})
# User should be redirected
response.follow()
assert urlparse.urlsplit(response.location)[2] == '/'
assert 'mediagoblin/root.html' in template.TEMPLATE_TEST_CONTEXT
def test_ldap_plugin(ldap_plugin_app):
res = ldap_plugin_app.get('/auth/login/')
assert urlparse.urlsplit(res.location)[2] == '/auth/ldap/login/'
res = ldap_plugin_app.get('/auth/register/')
assert urlparse.urlsplit(res.location)[2] == '/auth/ldap/register/'
res = ldap_plugin_app.get('/auth/ldap/register/')
assert urlparse.urlsplit(res.location)[2] == '/auth/ldap/login/'
template.clear_test_template_context()
res = ldap_plugin_app.post(
'/auth/ldap/login/', {})
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/login.html']
form = context['login_form']
assert form.username.errors == [u'This field is required.']
assert form.password.errors == [u'This field is required.']
@mock.patch('mediagoblin.plugins.ldap.tools.LDAP.login',
mock.Mock(return_value=return_value()))
def _test_authentication():
template.clear_test_template_context()
res = ldap_plugin_app.post(
'/auth/ldap/login/',
{'username': u'chris',
'password': u'toast'})
context = template.TEMPLATE_TEST_CONTEXT[
'mediagoblin/auth/register.html']
register_form = context['register_form']
assert register_form.username.data == u'chris'
assert register_form.email.data == u'*****@*****.**'
template.clear_test_template_context()
res = ldap_plugin_app.post(
'/auth/ldap/register/',
{'username': u'chris',
'email': u'*****@*****.**'})
res.follow()
assert urlparse.urlsplit(res.location)[2] == '/u/chris/'
assert 'mediagoblin/user_pages/user_nonactive.html' in \
template.TEMPLATE_TEST_CONTEXT
# Try to register with same email and username
template.clear_test_template_context()
res = ldap_plugin_app.post(
'/auth/ldap/register/',
{'username': u'chris',
'email': u'*****@*****.**'})
context = template.TEMPLATE_TEST_CONTEXT[
'mediagoblin/auth/register.html']
register_form = context['register_form']
assert register_form.email.errors == [
u'Sorry, a user with that email address already exists.']
assert register_form.username.errors == [
u'Sorry, a user with that name already exists.']
# Log out
ldap_plugin_app.get('/auth/logout/')
# Get user and detach from session
test_user = mg_globals.database.LocalUser.query.filter(
LocalUser.username==u'chris'
).first()
Session.expunge(test_user)
# Log back in
template.clear_test_template_context()
res = ldap_plugin_app.post(
'/auth/ldap/login/',
{'username': u'chris',
'password': u'toast'})
res.follow()
assert urlparse.urlsplit(res.location)[2] == '/'
assert 'mediagoblin/root.html' in template.TEMPLATE_TEST_CONTEXT
# Make sure user is in the session
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/root.html']
session = context['request'].session
assert session['user_id'] == six.text_type(test_user.id)
_test_authentication()
def test_register_views(test_app):
"""
Massive test function that all our registration-related views all work.
"""
# Test doing a simple GET on the page
# -----------------------------------
test_app.get('/auth/register/')
# Make sure it rendered with the appropriate template
assert 'mediagoblin/auth/register.html' in template.TEMPLATE_TEST_CONTEXT
# Try to register without providing anything, should error
# --------------------------------------------------------
template.clear_test_template_context()
test_app.post(
'/auth/register/', {})
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/register.html']
form = context['register_form']
assert form.username.errors == [u'This field is required.']
assert form.password.errors == [u'This field is required.']
assert form.email.errors == [u'This field is required.']
# Try to register with fields that are known to be invalid
# --------------------------------------------------------
## too short
template.clear_test_template_context()
test_app.post(
'/auth/register/', {
'username': '******',
'password': '******',
'email': 'l'})
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/register.html']
form = context['register_form']
assert form.username.errors == [u'Field must be between 3 and 30 characters long.']
assert form.password.errors == [u'Field must be between 5 and 1024 characters long.']
## bad form
template.clear_test_template_context()
test_app.post(
'/auth/register/', {
'username': '******',
'email': 'lollerskates'})
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/register.html']
form = context['register_form']
assert form.username.errors == [u'This field does not take email addresses.']
assert form.email.errors == [u'This field requires an email address.']
## At this point there should be no users in the database ;)
assert User.query.count() == 0
# Successful register
# -------------------
template.clear_test_template_context()
response = test_app.post(
'/auth/register/', {
'username': u'angrygirl',
'password': '******',
'email': '*****@*****.**'})
response.follow()
## Did we redirect to the proper page? Use the right template?
assert urlparse.urlsplit(response.location)[2] == '/u/angrygirl/'
assert 'mediagoblin/user_pages/user_nonactive.html' in template.TEMPLATE_TEST_CONTEXT
## Make sure user is in place
new_user = mg_globals.database.User.query.filter_by(
username=u'angrygirl').first()
assert new_user
## Make sure that the proper privileges are granted on registration
assert new_user.has_privilege(u'commenter')
assert new_user.has_privilege(u'uploader')
assert new_user.has_privilege(u'reporter')
assert not new_user.has_privilege(u'active')
## Make sure user is logged in
request = template.TEMPLATE_TEST_CONTEXT[
'mediagoblin/user_pages/user_nonactive.html']['request']
assert request.session['user_id'] == six.text_type(new_user.id)
## Make sure we get email confirmation, and try verifying
assert len(mail.EMAIL_TEST_INBOX) == 1
message = mail.EMAIL_TEST_INBOX.pop()
assert message['To'] == '*****@*****.**'
email_context = template.TEMPLATE_TEST_CONTEXT[
'mediagoblin/auth/verification_email.txt']
assert email_context['verification_url'].encode('ascii') in message.get_payload(decode=True)
path = urlparse.urlsplit(email_context['verification_url'])[2]
get_params = urlparse.urlsplit(email_context['verification_url'])[3]
assert path == u'/auth/verify_email/'
parsed_get_params = urlparse.parse_qs(get_params)
## Try verifying with bs verification key, shouldn't work
template.clear_test_template_context()
response = test_app.get(
"/auth/verify_email/?token=total_bs")
response.follow()
# Correct redirect?
assert urlparse.urlsplit(response.location)[2] == '/'
# assert context['verification_successful'] == True
# TODO: Would be good to test messages here when we can do so...
new_user = mg_globals.database.User.query.filter_by(
username=u'angrygirl').first()
assert new_user
## Verify the email activation works
template.clear_test_template_context()
response = test_app.get("%s?%s" % (path, get_params))
response.follow()
context = template.TEMPLATE_TEST_CONTEXT[
'mediagoblin/user_pages/user.html']
# assert context['verification_successful'] == True
# TODO: Would be good to test messages here when we can do so...
new_user = mg_globals.database.User.query.filter_by(
username=u'angrygirl').first()
assert new_user
# Uniqueness checks
# -----------------
## We shouldn't be able to register with that user twice
template.clear_test_template_context()
response = test_app.post(
'/auth/register/', {
'username': u'angrygirl',
'password': '******',
'email': '*****@*****.**'})
context = template.TEMPLATE_TEST_CONTEXT[
'mediagoblin/auth/register.html']
form = context['register_form']
assert form.username.errors == [
u'Sorry, a user with that name already exists.']
## TODO: Also check for double instances of an email address?
### Oops, forgot the password
# -------------------
template.clear_test_template_context()
response = test_app.post(
'/auth/forgot_password/',
{'username': u'angrygirl'})
response.follow()
## Did we redirect to the proper page? Use the right template?
assert urlparse.urlsplit(response.location)[2] == '/auth/login/'
assert 'mediagoblin/auth/login.html' in template.TEMPLATE_TEST_CONTEXT
## Make sure link to change password is sent by email
assert len(mail.EMAIL_TEST_INBOX) == 1
message = mail.EMAIL_TEST_INBOX.pop()
assert message['To'] == '*****@*****.**'
email_context = template.TEMPLATE_TEST_CONTEXT[
'mediagoblin/plugins/basic_auth/fp_verification_email.txt']
#TODO - change the name of verification_url to something forgot-password-ish
assert email_context['verification_url'].encode('ascii') in message.get_payload(decode=True)
path = urlparse.urlsplit(email_context['verification_url'])[2]
get_params = urlparse.urlsplit(email_context['verification_url'])[3]
parsed_get_params = urlparse.parse_qs(get_params)
assert path == u'/auth/forgot_password/verify/'
## Try using a bs password-changing verification key, shouldn't work
template.clear_test_template_context()
response = test_app.get(
"/auth/forgot_password/verify/?token=total_bs")
response.follow()
# Correct redirect?
assert urlparse.urlsplit(response.location)[2] == '/'
## Verify step 1 of password-change works -- can see form to change password
template.clear_test_template_context()
response = test_app.get("%s?%s" % (path, get_params))
assert 'mediagoblin/plugins/basic_auth/change_fp.html' in \
template.TEMPLATE_TEST_CONTEXT
## Verify step 2.1 of password-change works -- report success to user
template.clear_test_template_context()
response = test_app.post(
'/auth/forgot_password/verify/', {
'password': '******',
'token': parsed_get_params['token']})
response.follow()
assert 'mediagoblin/auth/login.html' in template.TEMPLATE_TEST_CONTEXT
## Verify step 2.2 of password-change works -- login w/ new password success
template.clear_test_template_context()
response = test_app.post(
'/auth/login/', {
'username': u'angrygirl',
'password': '******'})
# User should be redirected
response.follow()
assert urlparse.urlsplit(response.location)[2] == '/'
assert 'mediagoblin/root.html' in template.TEMPLATE_TEST_CONTEXT
def test_add_delete(self, openid_plugin_app):
"""Test adding and deleting openids"""
# Add user
test_user = fixture_add_user(password='', privileges=[u'active'])
openid = OpenIDUserURL()
openid.openid_url = 'http://real.myopenid.com'
openid.user_id = test_user.id
openid.save()
# Log user in
template.clear_test_template_context()
self._setup(openid_plugin_app)
@mock.patch('mediagoblin.plugins.openid.views._finish_verification', self._finish_verification)
@mock.patch('mediagoblin.plugins.openid.views._start_verification', self._start_verification)
def _login_user():
openid_plugin_app.post(
'/auth/openid/login/finish/', {
'openid': u'http://real.myopenid.com'})
_login_user()
# Try and delete only OpenID url
template.clear_test_template_context()
res = openid_plugin_app.post(
'/edit/openid/delete/', {
'openid': 'http://real.myopenid.com'})
assert 'mediagoblin/plugins/openid/delete.html' in template.TEMPLATE_TEST_CONTEXT
# Add OpenID to user
# Empty form
template.clear_test_template_context()
res = openid_plugin_app.post(
'/edit/openid/', {})
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/plugins/openid/add.html']
form = context['form']
assert form.openid.errors == [u'This field is required.']
# Try with a bad url
template.clear_test_template_context()
openid_plugin_app.post(
'/edit/openid/', {
'openid': u'not_a_url.com'})
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/plugins/openid/add.html']
form = context['form']
assert form.openid.errors == [u'Please enter a valid url.']
# Try with a url that's already registered
template.clear_test_template_context()
openid_plugin_app.post(
'/edit/openid/', {
'openid': 'http://real.myopenid.com'})
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/plugins/openid/add.html']
form = context['form']
assert form.openid.errors == [u'Sorry, an account is already registered to that OpenID.']
# Test adding openid to account
# Need to clear_test_template_context before calling _setup
template.clear_test_template_context()
self._setup(openid_plugin_app, edit=True)
# Need to remove openid_url from db because it was added at setup
openid = OpenIDUserURL.query.filter_by(
openid_url=u'http://add.myopenid.com')
openid.delete()
@mock.patch('mediagoblin.plugins.openid.views._finish_verification', self._finish_verification)
@mock.patch('mediagoblin.plugins.openid.views._start_verification', self._start_verification)
def _test_add():
# Successful add
template.clear_test_template_context()
res = openid_plugin_app.post(
'/edit/openid/', {
'openid': u'http://add.myopenid.com'})
res.follow()
# Correct place?
assert urlparse.urlsplit(res.location)[2] == '/edit/account/'
assert 'mediagoblin/edit/edit_account.html' in template.TEMPLATE_TEST_CONTEXT
# OpenID Added?
new_openid = mg_globals.database.OpenIDUserURL.query.filter_by(
openid_url=u'http://add.myopenid.com').first()
assert new_openid
_test_add()
# Test deleting openid from account
# Need to clear_test_template_context before calling _setup
template.clear_test_template_context()
self._setup(openid_plugin_app, delete=True)
# Need to add OpenID back to user because it was deleted during
# patch
openid = OpenIDUserURL()
openid.openid_url = 'http://add.myopenid.com'
openid.user_id = test_user.id
openid.save()
@mock.patch('mediagoblin.plugins.openid.views._finish_verification', self._finish_verification)
@mock.patch('mediagoblin.plugins.openid.views._start_verification', self._start_verification)
def _test_delete(self, test_user):
# Delete openid from user
# Create another user to test deleting OpenID that doesn't belong to them
new_user = fixture_add_user(username='******')
openid = OpenIDUserURL()
openid.openid_url = 'http://realfake.myopenid.com/'
openid.user_id = new_user.id
openid.save()
# Try and delete OpenID url that isn't the users
template.clear_test_template_context()
res = openid_plugin_app.post(
'/edit/openid/delete/', {
'openid': 'http://realfake.myopenid.com/'})
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/plugins/openid/delete.html']
form = context['form']
assert form.openid.errors == [u'That OpenID is not registered to this account.']
# Delete OpenID
# Kind of weird to POST to delete/finish
template.clear_test_template_context()
res = openid_plugin_app.post(
'/edit/openid/delete/finish/', {
'openid': u'http://add.myopenid.com'})
res.follow()
# Correct place?
assert urlparse.urlsplit(res.location)[2] == '/edit/account/'
assert 'mediagoblin/edit/edit_account.html' in template.TEMPLATE_TEST_CONTEXT
# OpenID deleted?
new_openid = mg_globals.database.OpenIDUserURL.query.filter_by(
openid_url=u'http://add.myopenid.com').first()
assert not new_openid
_test_delete(self, test_user)
def test_login(self, openid_plugin_app):
"""Tests that test login and registion with openid"""
# Test finish_login redirects correctly when response = False
self._setup(openid_plugin_app, False)
@mock.patch('mediagoblin.plugins.openid.views._finish_verification', self._finish_verification)
@mock.patch('mediagoblin.plugins.openid.views._start_verification', self._start_verification)
def _test_non_response():
template.clear_test_template_context()
res = openid_plugin_app.post(
'/auth/openid/login/', {
'openid': 'http://phoney.myopenid.com/'})
res.follow()
# Correct Place?
assert urlparse.urlsplit(res.location)[2] == '/auth/openid/login/'
assert 'mediagoblin/plugins/openid/login.html' in template.TEMPLATE_TEST_CONTEXT
_test_non_response()
# Test login with new openid
# Need to clear_test_template_context before calling _setup
template.clear_test_template_context()
self._setup(openid_plugin_app)
@mock.patch('mediagoblin.plugins.openid.views._finish_verification', self._finish_verification)
@mock.patch('mediagoblin.plugins.openid.views._start_verification', self._start_verification)
def _test_new_user():
openid_plugin_app.post(
'/auth/openid/login/', {
'openid': u'http://real.myopenid.com'})
# Right place?
assert 'mediagoblin/auth/register.html' in template.TEMPLATE_TEST_CONTEXT
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/register.html']
register_form = context['register_form']
# Register User
res = openid_plugin_app.post(
'/auth/openid/register/', {
'openid': register_form.openid.data,
'username': u'chris',
'email': u'*****@*****.**'})
res.follow()
# Correct place?
assert urlparse.urlsplit(res.location)[2] == '/u/chris/'
assert 'mediagoblin/user_pages/user_nonactive.html' in template.TEMPLATE_TEST_CONTEXT
# No need to test if user is in logged in and verification email
# awaits, since openid uses the register_user function which is
# tested in test_auth
# Logout User
openid_plugin_app.get('/auth/logout')
# Get user and detach from session
test_user = mg_globals.database.User.query.filter_by(
username=u'chris').first()
Session.expunge(test_user)
# Log back in
# Could not get it to work by 'POST'ing to /auth/openid/login/
template.clear_test_template_context()
res = openid_plugin_app.post(
'/auth/openid/login/finish/', {
'openid': u'http://real.myopenid.com'})
res.follow()
assert urlparse.urlsplit(res.location)[2] == '/'
assert 'mediagoblin/root.html' in template.TEMPLATE_TEST_CONTEXT
# Make sure user is in the session
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/root.html']
session = context['request'].session
assert session['user_id'] == unicode(test_user.id)
_test_new_user()
# Test register with empty form
template.clear_test_template_context()
openid_plugin_app.post(
'/auth/openid/register/', {})
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/register.html']
register_form = context['register_form']
assert register_form.openid.errors == [u'This field is required.']
assert register_form.email.errors == [u'This field is required.']
assert register_form.username.errors == [u'This field is required.']
# Try to register with existing username and email
template.clear_test_template_context()
openid_plugin_app.post(
'/auth/openid/register/', {
'openid': 'http://real.myopenid.com',
'email': '*****@*****.**',
'username': '******'})
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/register.html']
register_form = context['register_form']
assert register_form.username.errors == [u'Sorry, a user with that name already exists.']
assert register_form.email.errors == [u'Sorry, a user with that email address already exists.']
assert register_form.openid.errors == [u'Sorry, an account is already registered to that OpenID.']
def _test_registration():
# No register users
template.clear_test_template_context()
res = persona_plugin_app.post(
'/auth/persona/login/', {})
assert 'mediagoblin/auth/register.html' in template.TEMPLATE_TEST_CONTEXT
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/register.html']
register_form = context['register_form']
assert register_form.email.data == u'*****@*****.**'
assert register_form.persona_email.data == u'*****@*****.**'
template.clear_test_template_context()
res = persona_plugin_app.post(
'/auth/persona/register/', {})
assert 'mediagoblin/auth/register.html' in template.TEMPLATE_TEST_CONTEXT
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/register.html']
register_form = context['register_form']
assert register_form.username.errors == [u'This field is required.']
assert register_form.email.errors == [u'This field is required.']
assert register_form.persona_email.errors == [u'This field is required.']
# Successful register
template.clear_test_template_context()
res = persona_plugin_app.post(
'/auth/persona/register/',
{'username': '******',
'email': '*****@*****.**',
'persona_email': '*****@*****.**'})
res.follow()
assert urlparse.urlsplit(res.location)[2] == '/u/chris/'
assert 'mediagoblin/user_pages/user_nonactive.html' in template.TEMPLATE_TEST_CONTEXT
# Try to register same Persona email address
template.clear_test_template_context()
res = persona_plugin_app.post(
'/auth/persona/register/',
{'username': '******',
'email': '*****@*****.**',
'persona_email': '*****@*****.**'})
assert 'mediagoblin/auth/register.html' in template.TEMPLATE_TEST_CONTEXT
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/register.html']
register_form = context['register_form']
assert register_form.persona_email.errors == [u'Sorry, an account is already registered to that Persona email.']
# Logout
persona_plugin_app.get('/auth/logout/')
# Get user and detach from session
test_user = mg_globals.database.LocalUser.query.filter(
LocalUser.username==u'chris'
).first()
active_privilege = Privilege.query.filter(
Privilege.privilege_name==u'active').first()
test_user.all_privileges.append(active_privilege)
test_user.save()
test_user = mg_globals.database.LocalUser.query.filter(
LocalUser.username==u'chris'
).first()
Session.expunge(test_user)
# Add another user for _test_edit_persona
persona_plugin_app.post(
'/auth/persona/register/',
{'username': '******',
'email': '*****@*****.**',
'persona_email': '*****@*****.**'})
# Log back in
template.clear_test_template_context()
res = persona_plugin_app.post(
'/auth/persona/login/')
res.follow()
assert urlparse.urlsplit(res.location)[2] == '/'
assert 'mediagoblin/root.html' in template.TEMPLATE_TEST_CONTEXT
# Make sure user is in the session
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/root.html']
session = context['request'].session
assert session['user_id'] == six.text_type(test_user.id)
def _test_registration():
# No register users
template.clear_test_template_context()
res = persona_plugin_app.post('/auth/persona/login/', {})
assert 'mediagoblin/auth/register.html' in template.TEMPLATE_TEST_CONTEXT
context = template.TEMPLATE_TEST_CONTEXT[
'mediagoblin/auth/register.html']
register_form = context['register_form']
assert register_form.email.data == u'*****@*****.**'
assert register_form.persona_email.data == u'*****@*****.**'
template.clear_test_template_context()
res = persona_plugin_app.post('/auth/persona/register/', {})
assert 'mediagoblin/auth/register.html' in template.TEMPLATE_TEST_CONTEXT
context = template.TEMPLATE_TEST_CONTEXT[
'mediagoblin/auth/register.html']
register_form = context['register_form']
assert register_form.username.errors == [
u'This field is required.'
]
assert register_form.email.errors == [u'This field is required.']
assert register_form.persona_email.errors == [
u'This field is required.'
]
# Successful register
template.clear_test_template_context()
res = persona_plugin_app.post(
'/auth/persona/register/', {
'username': '******',
'email': '*****@*****.**',
'persona_email': '*****@*****.**'
})
res.follow()
assert urlparse.urlsplit(res.location)[2] == '/u/chris/'
assert 'mediagoblin/user_pages/user.html' in template.TEMPLATE_TEST_CONTEXT
# Try to register same Persona email address
template.clear_test_template_context()
res = persona_plugin_app.post(
'/auth/persona/register/', {
'username': '******',
'email': '*****@*****.**',
'persona_email': '*****@*****.**'
})
assert 'mediagoblin/auth/register.html' in template.TEMPLATE_TEST_CONTEXT
context = template.TEMPLATE_TEST_CONTEXT[
'mediagoblin/auth/register.html']
register_form = context['register_form']
assert register_form.persona_email.errors == [
u'Sorry, an account is already registered to that Persona email.'
]
# Logout
persona_plugin_app.get('/auth/logout/')
# Get user and detach from session
test_user = mg_globals.database.User.query.filter_by(
username=u'chris').first()
test_user.email_verified = True
test_user.status = u'active'
test_user.save()
test_user = mg_globals.database.User.query.filter_by(
username=u'chris').first()
Session.expunge(test_user)
# Add another user for _test_edit_persona
persona_plugin_app.post(
'/auth/persona/register/', {
'username': '******',
'email': '*****@*****.**',
'persona_email': '*****@*****.**'
})
# Log back in
template.clear_test_template_context()
res = persona_plugin_app.post('/auth/persona/login/')
res.follow()
assert urlparse.urlsplit(res.location)[2] == '/'
assert 'mediagoblin/root.html' in template.TEMPLATE_TEST_CONTEXT
# Make sure user is in the session
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/root.html']
session = context['request'].session
assert session['user_id'] == unicode(test_user.id)
def test_authentication_views(test_app):
"""
Test logging in and logging out
"""
# Make a new user
test_user = fixture_add_user()
# Get login
# ---------
test_app.get('/auth/login/')
assert 'mediagoblin/auth/login.html' in template.TEMPLATE_TEST_CONTEXT
# Failed login - blank form
# -------------------------
template.clear_test_template_context()
response = test_app.post('/auth/login/')
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/login.html']
form = context['login_form']
assert form.username.errors == [u'This field is required.']
# Failed login - blank user
# -------------------------
template.clear_test_template_context()
response = test_app.post('/auth/login/', {'password': u'toast'})
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/login.html']
form = context['login_form']
assert form.username.errors == [u'This field is required.']
# Failed login - blank password
# -----------------------------
template.clear_test_template_context()
response = test_app.post('/auth/login/', {'username': u'chris'})
assert 'mediagoblin/auth/login.html' in template.TEMPLATE_TEST_CONTEXT
# Failed login - bad user
# -----------------------
template.clear_test_template_context()
response = test_app.post('/auth/login/', {
'username': u'steve',
'password': '******'
})
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/login.html']
assert context['login_failed']
# Failed login - bad password
# ---------------------------
template.clear_test_template_context()
response = test_app.post('/auth/login/', {
'username': u'chris',
'password': '******'
})
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/login.html']
assert context['login_failed']
# Successful login
# ----------------
template.clear_test_template_context()
response = test_app.post('/auth/login/', {
'username': u'chris',
'password': '******'
})
# User should be redirected
response.follow()
assert urlparse.urlsplit(response.location)[2] == '/'
assert 'mediagoblin/root.html' in template.TEMPLATE_TEST_CONTEXT
# Make sure user is in the session
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/root.html']
session = context['request'].session
assert session['user_id'] == six.text_type(test_user.id)
# Successful logout
# -----------------
template.clear_test_template_context()
response = test_app.get('/auth/logout/')
# Should be redirected to index page
response.follow()
assert urlparse.urlsplit(response.location)[2] == '/'
assert 'mediagoblin/root.html' in template.TEMPLATE_TEST_CONTEXT
# Make sure the user is not in the session
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/root.html']
session = context['request'].session
assert 'user_id' not in session
# User is redirected to custom URL if POST['next'] is set
# -------------------------------------------------------
template.clear_test_template_context()
response = test_app.post('/auth/login/', {
'username': u'chris',
'password': '******',
'next': '/u/chris/'
})
assert urlparse.urlsplit(response.location)[2] == '/u/chris/'
## Verify that username is lowercased on login attempt
template.clear_test_template_context()
response = test_app.post('/auth/login/', {
'username': u'ANDREW',
'password': '******'
})
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/login.html']
form = context['login_form']
# Username should no longer be uppercased; it should be lowercased
assert not form.username.data == u'ANDREW'
assert form.username.data == u'andrew'
def test_register_views(test_app):
"""
Massive test function that all our registration-related views all work.
"""
# Test doing a simple GET on the page
# -----------------------------------
test_app.get('/auth/register/')
# Make sure it rendered with the appropriate template
assert template.TEMPLATE_TEST_CONTEXT.has_key(
'mediagoblin/auth/register.html')
# Try to register without providing anything, should error
# --------------------------------------------------------
template.clear_test_template_context()
test_app.post(
'/auth/register/', {})
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/register.html']
form = context['register_form']
assert form.username.errors == [u'This field is required.']
assert form.password.errors == [u'This field is required.']
assert form.email.errors == [u'This field is required.']
# Try to register with fields that are known to be invalid
# --------------------------------------------------------
## too short
template.clear_test_template_context()
test_app.post(
'/auth/register/', {
'username': '******',
'password': '******',
'email': 'l'})
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/register.html']
form = context['register_form']
assert form.username.errors == [
u'Field must be between 3 and 30 characters long.']
assert form.password.errors == [
u'Field must be between 6 and 30 characters long.']
## bad form
template.clear_test_template_context()
test_app.post(
'/auth/register/', {
'username': '******',
'email': 'lollerskates'})
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/register.html']
form = context['register_form']
assert form.username.errors == [
u'Invalid input.']
assert form.email.errors == [
u'Invalid email address.']
## At this point there should be no users in the database ;)
assert not User.query.count()
# Successful register
# -------------------
template.clear_test_template_context()
response = test_app.post(
'/auth/register/', {
'username': u'happygirl',
'password': '******',
'email': '*****@*****.**'})
response.follow()
## Did we redirect to the proper page? Use the right template?
assert_equal(
urlparse.urlsplit(response.location)[2],
'/u/happygirl/')
assert template.TEMPLATE_TEST_CONTEXT.has_key(
'mediagoblin/user_pages/user.html')
## Make sure user is in place
new_user = mg_globals.database.User.find_one(
{'username': u'happygirl'})
assert new_user
assert new_user.status == u'needs_email_verification'
assert new_user.email_verified == False
## Make sure user is logged in
request = template.TEMPLATE_TEST_CONTEXT[
'mediagoblin/user_pages/user.html']['request']
assert request.session['user_id'] == unicode(new_user.id)
## Make sure we get email confirmation, and try verifying
assert len(mail.EMAIL_TEST_INBOX) == 1
message = mail.EMAIL_TEST_INBOX.pop()
assert message['To'] == '*****@*****.**'
email_context = template.TEMPLATE_TEST_CONTEXT[
'mediagoblin/auth/verification_email.txt']
assert email_context['verification_url'] in message.get_payload(decode=True)
path = urlparse.urlsplit(email_context['verification_url'])[2]
get_params = urlparse.urlsplit(email_context['verification_url'])[3]
assert path == u'/auth/verify_email/'
parsed_get_params = urlparse.parse_qs(get_params)
### user should have these same parameters
assert parsed_get_params['userid'] == [
unicode(new_user.id)]
assert parsed_get_params['token'] == [
new_user.verification_key]
## Try verifying with bs verification key, shouldn't work
template.clear_test_template_context()
response = test_app.get(
"/auth/verify_email/?userid=%s&token=total_bs" % unicode(
new_user.id))
response.follow()
context = template.TEMPLATE_TEST_CONTEXT[
'mediagoblin/user_pages/user.html']
# assert context['verification_successful'] == True
# TODO: Would be good to test messages here when we can do so...
new_user = mg_globals.database.User.find_one(
{'username': u'happygirl'})
assert new_user
assert new_user.status == u'needs_email_verification'
assert new_user.email_verified == False
## Verify the email activation works
template.clear_test_template_context()
response = test_app.get("%s?%s" % (path, get_params))
response.follow()
context = template.TEMPLATE_TEST_CONTEXT[
'mediagoblin/user_pages/user.html']
# assert context['verification_successful'] == True
# TODO: Would be good to test messages here when we can do so...
new_user = mg_globals.database.User.find_one(
{'username': u'happygirl'})
assert new_user
assert new_user.status == u'active'
assert new_user.email_verified == True
# Uniqueness checks
# -----------------
## We shouldn't be able to register with that user twice
template.clear_test_template_context()
response = test_app.post(
'/auth/register/', {
'username': u'happygirl',
'password': '******',
'email': '*****@*****.**'})
context = template.TEMPLATE_TEST_CONTEXT[
'mediagoblin/auth/register.html']
form = context['register_form']
assert form.username.errors == [
u'Sorry, a user with that name already exists.']
## TODO: Also check for double instances of an email address?
### Oops, forgot the password
# -------------------
template.clear_test_template_context()
response = test_app.post(
'/auth/forgot_password/',
{'username': u'happygirl'})
response.follow()
## Did we redirect to the proper page? Use the right template?
assert_equal(
urlparse.urlsplit(response.location)[2],
'/auth/login/')
assert template.TEMPLATE_TEST_CONTEXT.has_key(
'mediagoblin/auth/login.html')
## Make sure link to change password is sent by email
assert len(mail.EMAIL_TEST_INBOX) == 1
message = mail.EMAIL_TEST_INBOX.pop()
assert message['To'] == '*****@*****.**'
email_context = template.TEMPLATE_TEST_CONTEXT[
'mediagoblin/auth/fp_verification_email.txt']
#TODO - change the name of verification_url to something forgot-password-ish
assert email_context['verification_url'] in message.get_payload(decode=True)
path = urlparse.urlsplit(email_context['verification_url'])[2]
get_params = urlparse.urlsplit(email_context['verification_url'])[3]
assert path == u'/auth/forgot_password/verify/'
parsed_get_params = urlparse.parse_qs(get_params)
# user should have matching parameters
new_user = mg_globals.database.User.find_one({'username': u'happygirl'})
assert parsed_get_params['userid'] == [unicode(new_user.id)]
assert parsed_get_params['token'] == [new_user.fp_verification_key]
### The forgotten password token should be set to expire in ~ 10 days
# A few ticks have expired so there are only 9 full days left...
assert (new_user.fp_token_expire - datetime.datetime.now()).days == 9
## Try using a bs password-changing verification key, shouldn't work
template.clear_test_template_context()
response = test_app.get(
"/auth/forgot_password/verify/?userid=%s&token=total_bs" % unicode(
new_user.id), status=404)
assert_equal(response.status.split()[0], u'404') # status="404 NOT FOUND"
## Try using an expired token to change password, shouldn't work
template.clear_test_template_context()
new_user = mg_globals.database.User.find_one({'username': u'happygirl'})
real_token_expiration = new_user.fp_token_expire
new_user.fp_token_expire = datetime.datetime.now()
new_user.save()
response = test_app.get("%s?%s" % (path, get_params), status=404)
assert_equal(response.status.split()[0], u'404') # status="404 NOT FOUND"
new_user.fp_token_expire = real_token_expiration
new_user.save()
## Verify step 1 of password-change works -- can see form to change password
template.clear_test_template_context()
response = test_app.get("%s?%s" % (path, get_params))
assert template.TEMPLATE_TEST_CONTEXT.has_key('mediagoblin/auth/change_fp.html')
## Verify step 2.1 of password-change works -- report success to user
template.clear_test_template_context()
response = test_app.post(
'/auth/forgot_password/verify/', {
'userid': parsed_get_params['userid'],
'password': '******',
'token': parsed_get_params['token']})
response.follow()
assert template.TEMPLATE_TEST_CONTEXT.has_key(
'mediagoblin/auth/login.html')
## Verify step 2.2 of password-change works -- login w/ new password success
template.clear_test_template_context()
response = test_app.post(
'/auth/login/', {
'username': u'happygirl',
'password': '******'})
# User should be redirected
response.follow()
assert_equal(
urlparse.urlsplit(response.location)[2],
'/')
assert template.TEMPLATE_TEST_CONTEXT.has_key(
'mediagoblin/root.html')
def test_authentication_views(test_app):
"""
Test logging in and logging out
"""
# Make a new user
test_user = fixture_add_user(active_user=False)
# Get login
# ---------
test_app.get('/auth/login/')
assert template.TEMPLATE_TEST_CONTEXT.has_key(
'mediagoblin/auth/login.html')
# Failed login - blank form
# -------------------------
template.clear_test_template_context()
response = test_app.post('/auth/login/')
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/login.html']
form = context['login_form']
assert form.username.errors == [u'This field is required.']
assert form.password.errors == [u'This field is required.']
# Failed login - blank user
# -------------------------
template.clear_test_template_context()
response = test_app.post(
'/auth/login/', {
'password': u'toast'})
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/login.html']
form = context['login_form']
assert form.username.errors == [u'This field is required.']
# Failed login - blank password
# -----------------------------
template.clear_test_template_context()
response = test_app.post(
'/auth/login/', {
'username': u'chris'})
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/login.html']
form = context['login_form']
assert form.password.errors == [u'This field is required.']
# Failed login - bad user
# -----------------------
template.clear_test_template_context()
response = test_app.post(
'/auth/login/', {
'username': u'steve',
'password': '******'})
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/login.html']
assert context['login_failed']
# Failed login - bad password
# ---------------------------
template.clear_test_template_context()
response = test_app.post(
'/auth/login/', {
'username': u'chris',
'password': '******'})
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/login.html']
assert context['login_failed']
# Successful login
# ----------------
template.clear_test_template_context()
response = test_app.post(
'/auth/login/', {
'username': u'chris',
'password': '******'})
# User should be redirected
response.follow()
assert_equal(
urlparse.urlsplit(response.location)[2],
'/')
assert template.TEMPLATE_TEST_CONTEXT.has_key(
'mediagoblin/root.html')
# Make sure user is in the session
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/root.html']
session = context['request'].session
assert session['user_id'] == unicode(test_user.id)
# Successful logout
# -----------------
template.clear_test_template_context()
response = test_app.get('/auth/logout/')
# Should be redirected to index page
response.follow()
assert_equal(
urlparse.urlsplit(response.location)[2],
'/')
assert template.TEMPLATE_TEST_CONTEXT.has_key(
'mediagoblin/root.html')
# Make sure the user is not in the session
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/root.html']
session = context['request'].session
assert session.has_key('user_id') == False
# User is redirected to custom URL if POST['next'] is set
# -------------------------------------------------------
template.clear_test_template_context()
response = test_app.post(
'/auth/login/', {
'username': u'chris',
'password': '******',
'next' : '/u/chris/'})
assert_equal(
urlparse.urlsplit(response.location)[2],
'/u/chris/')
def test_ldap_plugin(ldap_plugin_app):
res = ldap_plugin_app.get('/auth/login/')
assert urlparse.urlsplit(res.location)[2] == '/auth/ldap/login/'
res = ldap_plugin_app.get('/auth/register/')
assert urlparse.urlsplit(res.location)[2] == '/auth/ldap/register/'
res = ldap_plugin_app.get('/auth/ldap/register/')
assert urlparse.urlsplit(res.location)[2] == '/auth/ldap/login/'
template.clear_test_template_context()
res = ldap_plugin_app.post(
'/auth/ldap/login/', {})
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/login.html']
form = context['login_form']
assert form.username.errors == [u'This field is required.']
assert form.password.errors == [u'This field is required.']
@mock.patch('mediagoblin.plugins.ldap.tools.LDAP.login',
mock.Mock(return_value=return_value()))
def _test_authentication():
template.clear_test_template_context()
res = ldap_plugin_app.post(
'/auth/ldap/login/',
{'username': u'chris',
'password': u'toast'})
context = template.TEMPLATE_TEST_CONTEXT[
'mediagoblin/auth/register.html']
register_form = context['register_form']
assert register_form.username.data == u'chris'
assert register_form.email.data == u'*****@*****.**'
template.clear_test_template_context()
res = ldap_plugin_app.post(
'/auth/ldap/register/',
{'username': u'chris',
'email': u'*****@*****.**'})
res.follow()
assert urlparse.urlsplit(res.location)[2] == '/u/chris/'
assert 'mediagoblin/user_pages/user_nonactive.html' in \
template.TEMPLATE_TEST_CONTEXT
# Try to register with same email and username
template.clear_test_template_context()
res = ldap_plugin_app.post(
'/auth/ldap/register/',
{'username': u'chris',
'email': u'*****@*****.**'})
context = template.TEMPLATE_TEST_CONTEXT[
'mediagoblin/auth/register.html']
register_form = context['register_form']
assert register_form.email.errors == [
u'Sorry, a user with that email address already exists.']
assert register_form.username.errors == [
u'Sorry, a user with that name already exists.']
# Log out
ldap_plugin_app.get('/auth/logout/')
# Get user and detach from session
test_user = mg_globals.database.User.query.filter_by(
username=u'chris').first()
Session.expunge(test_user)
# Log back in
template.clear_test_template_context()
res = ldap_plugin_app.post(
'/auth/ldap/login/',
{'username': u'chris',
'password': u'toast'})
res.follow()
assert urlparse.urlsplit(res.location)[2] == '/'
assert 'mediagoblin/root.html' in template.TEMPLATE_TEST_CONTEXT
# Make sure user is in the session
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/root.html']
session = context['request'].session
assert session['user_id'] == six.text_type(test_user.id)
_test_authentication()
