def test_successful_authenticate(db):
user, _ = generate_user(hashed_password=hash_password("password"))
# Authenticate with username
with auth_api_session() as (auth_api, metadata_interceptor):
reply = auth_api.Authenticate(
auth_pb2.AuthReq(user=user.username, password="******"))
assert not reply.jailed
# Authenticate with email
with auth_api_session() as (auth_api, metadata_interceptor):
reply = auth_api.Authenticate(
auth_pb2.AuthReq(user=user.email, password="******"))
assert not reply.jailed
def test_logout_invalid_token(db):
# Create our test user using signup
_quick_signup()
with auth_api_session() as (auth_api, metadata_interceptor):
reply = auth_api.Login(auth_pb2.LoginReq(user="******"))
assert reply.next_step == auth_pb2.LoginRes.LoginStep.NEED_PASSWORD
with auth_api_session() as (auth_api, metadata_interceptor):
auth_api.Authenticate(
auth_pb2.AuthReq(user="******",
password="******"))
reply_token = get_session_cookie_token(metadata_interceptor)
# delete all login tokens
with session_scope() as session:
session.execute(delete(LoginToken))
# log out with non-existent token should still return a valid result
with auth_api_session() as (auth_api, metadata_interceptor):
auth_api.Deauthenticate(empty_pb2.Empty(),
metadata=(("cookie",
f"couchers-sesh={reply_token}"), ))
reply_token = get_session_cookie_token(metadata_interceptor)
# make sure we set an empty cookie
assert reply_token == ""
def test_basic_login(db):
# Create our test user using signup
_quick_signup()
with auth_api_session() as (auth_api, metadata_interceptor):
reply = auth_api.Login(auth_pb2.LoginReq(user="******"))
assert reply.next_step == auth_pb2.LoginRes.LoginStep.NEED_PASSWORD
with auth_api_session() as (auth_api, metadata_interceptor):
auth_api.Authenticate(
auth_pb2.AuthReq(user="******",
password="******"))
reply_token = get_session_cookie_token(metadata_interceptor)
with session_scope() as session:
token = (session.execute(
select(UserSession).join(User, UserSession.user_id == User.id).
where(User.username == "frodo").where(
UserSession.token == reply_token)).scalar_one_or_none()).token
assert token
# log out
with auth_api_session() as (auth_api, metadata_interceptor):
auth_api.Deauthenticate(empty_pb2.Empty(),
metadata=(("cookie",
f"couchers-sesh={reply_token}"), ))
def test_unsuccessful_authenticate(db):
user, _ = generate_user(hashed_password=hash_password("password"))
# Invalid password
with auth_api_session() as (auth_api, metadata_interceptor):
with pytest.raises(grpc.RpcError) as e:
reply = auth_api.Authenticate(
auth_pb2.AuthReq(user=user.username,
password="******"))
assert e.value.code() == grpc.StatusCode.NOT_FOUND
assert e.value.details() == errors.INVALID_USERNAME_OR_PASSWORD
# Invalid username
with auth_api_session() as (auth_api, metadata_interceptor):
with pytest.raises(grpc.RpcError) as e:
reply = auth_api.Authenticate(
auth_pb2.AuthReq(user="******", password="******"))
assert e.value.code() == grpc.StatusCode.NOT_FOUND
assert e.value.details() == errors.INVALID_USERNAME_OR_PASSWORD
# Invalid email
with auth_api_session() as (auth_api, metadata_interceptor):
with pytest.raises(grpc.RpcError) as e:
reply = auth_api.Authenticate(
auth_pb2.AuthReq(user=f"{random_hex(12)}@couchers.org.invalid",
password="******"))
assert e.value.code() == grpc.StatusCode.NOT_FOUND
assert e.value.details() == errors.INVALID_USERNAME_OR_PASSWORD
# Invalid id
with auth_api_session() as (auth_api, metadata_interceptor):
with pytest.raises(grpc.RpcError) as e:
reply = auth_api.Authenticate(
auth_pb2.AuthReq(user="******", password="******"))
assert e.value.code() == grpc.StatusCode.NOT_FOUND
assert e.value.details() == errors.INVALID_USERNAME_OR_PASSWORD
# No Password
user_without_pass, _ = generate_user(hashed_password=None)
with auth_api_session() as (auth_api, metadata_interceptor):
with pytest.raises(grpc.RpcError) as e:
reply = auth_api.Authenticate(
auth_pb2.AuthReq(user=user_without_pass.username,
password="******"))
assert e.value.code() == grpc.StatusCode.FAILED_PRECONDITION
assert e.value.details() == errors.NO_PASSWORD
def test_banned_user(db):
_quick_signup()
with auth_api_session() as (auth_api, metadata_interceptor):
reply = auth_api.Login(auth_pb2.LoginReq(user="******"))
assert reply.next_step == auth_pb2.LoginRes.LoginStep.NEED_PASSWORD
with session_scope() as session:
session.execute(select(User)).scalar_one().is_banned = True
with auth_api_session() as (auth_api, metadata_interceptor):
with pytest.raises(grpc.RpcError) as e:
auth_api.Authenticate(
auth_pb2.AuthReq(user="******",
password="******"))
assert e.value.details() == "Your account is suspended."
def TestRpc(request, context):
return auth_pb2.AuthReq(user="******", password="******")