def test_redirect_can_use_301(self):
request = Request(generate_wsgi())
route = Redirect('/test1', '/test3', status=301)
route.load_request(request)
request.load_app(App())
route.get_response()
self.assertTrue(request.is_status(301))
self.assertEqual(request.redirect_url, '/test3')
def test_redirect_route(self):
route = Redirect('/test1', '/test2')
request = Request(generate_wsgi())
route.load_request(request)
request.load_app(App())
route.get_response()
self.assertTrue(request.is_status(302))
self.assertEqual(request.redirect_url, '/test2')
class TestSecureHeadersMiddleware(TestCase):
def setUp(self):
super().setUp()
self.request = Request(generate_wsgi())
self.middleware = SecureHeadersMiddleware(self.request)
self.container.bind('Request', self.request.load_app(self.container))
self.request = self.container.make('Request')
def test_secure_headers_middleware(self):
self.middleware.after()
self.assertEqual(self.request.header('Strict-Transport-Security'),
'max-age=63072000; includeSubdomains')
self.assertEqual(self.request.header('X-Frame-Options'), 'SAMEORIGIN')
def test_secure_headers_gets_middleware_from_the_config(self):
self.request = self.container.make('Request')
self.middleware.after()
self.assertEqual(self.request.header('X-Content-Type-Options'),
'sniff-test')
class TestAuth(TestCase):
"""Start and rollback transactions for this test
"""
transactions = True
def setUp(self):
super().setUp()
self.container = App()
self.app = self.container
self.app.bind('Container', self.app)
view = View(self.container)
self.request = Request(generate_wsgi()).load_environ(generate_wsgi())
self.request.key(application.KEY)
self.app.bind('Request', self.request)
self.container.bind('View', view.render)
self.container.bind('ViewClass', view)
self.auth = Guard(self.app)
self.auth.register_guard('web', WebGuard)
self.auth.guard('web').register_driver('jwt', AuthJwtDriver)
self.auth.set('web')
self.app.swap(Auth, self.auth)
self.request.load_app(self.app)
def setUpFactories(self):
User.create({
'name': 'testuser123',
'email': '*****@*****.**',
'password': bcrypt_password('secret'),
'second_password': bcrypt_password('pass123'),
})
def test_auth(self):
self.assertTrue(self.auth)
def test_login_user1(self):
for driver in ('cookie', 'jwt'):
self.auth.driver(driver)
self.assertTrue(self.auth.login('*****@*****.**', 'secret'))
self.assertTrue(self.request.get_cookie('token'))
self.assertEqual(self.auth.user().name, 'testuser123')
def test_login_with_no_password(self):
with self.assertRaises(TypeError):
for driver in ('cookie', 'jwt'):
self.auth.driver(driver)
self.auth.driver = driver
self.assertTrue(self.auth.login('*****@*****.**', None))
def test_guard_switches_guard(self):
self.assertIsInstance(self.auth.guard('web'), WebGuard)
def test_login_user_with_list_auth_column(self):
for driver in ('cookie', 'jwt'):
self.auth.driver(driver)
self.auth.auth_model.__auth__ = ['name', 'email']
self.assertTrue(self.auth.login('testuser123', 'secret'))
self.assertTrue(self.request.get_cookie('token'))
def test_can_register(self):
self.auth.register({
'name': 'Joe',
'email': '*****@*****.**',
'password': '******'
})
for driver in ('cookie', 'jwt'):
self.auth.driver(driver)
self.assertTrue(User.where('email', '*****@*****.**').first())
self.assertNotEqual(
User.where('email', '*****@*****.**').first().password,
'secret')
def test_get_user(self):
for driver in ('cookie', 'jwt'):
self.auth.driver(driver)
self.assertTrue(self.auth.login_by_id(1))
self.assertTrue(self.request.user())
def test_get_user_returns_false_if_not_loggedin(self):
for driver in ('cookie', 'jwt'):
self.auth.driver(driver)
self.auth.login('*****@*****.**', 'wrong_secret')
self.assertFalse(self.auth.user())
def test_logout_user(self):
for driver in ('cookie', 'jwt'):
self.auth.driver(driver)
self.auth.login('*****@*****.**', 'secret')
self.assertTrue(self.request.get_cookie('token'))
self.assertTrue(self.auth.user())
self.assertTrue(self.request.user())
self.auth.driver('jwt')
self.auth.logout()
self.assertFalse(self.request.get_cookie('token'))
self.assertFalse(self.auth.user())
self.assertFalse(self.request.user())
def test_login_user_fails(self):
for driver in ('cookie', 'jwt'):
self.auth.driver(driver)
self.assertFalse(self.auth.login('*****@*****.**', 'bad_password'))
def test_login_user_success(self):
for driver in ('cookie', 'jwt'):
self.auth.driver(driver)
self.assertTrue(self.auth.login('*****@*****.**', 'secret'))
def test_login_by_id(self):
for driver in ('cookie', 'jwt'):
self.auth.driver(driver)
self.assertTrue(self.auth.login_by_id(1))
self.assertTrue(self.request.get_cookie('token'))
self.assertFalse(self.auth.login_by_id(3))
def test_guard_can_register_new_drivers(self):
self.auth.guard('web').register_driver('api', AuthJwtDriver)
self.assertIsInstance(self.auth.driver('api'), AuthJwtDriver)
def test_guard_can_register_new_guards(self):
self.auth.register_guard('api_guard', AuthJwtDriver)
self.assertIsInstance(self.auth.guard('api_guard'), AuthJwtDriver)
def test_login_once_does_not_set_cookie(self):
for driver in ('cookie', 'jwt'):
self.auth.driver(driver)
self.assertTrue(self.auth.once().login_by_id(1))
self.assertIsNone(self.request.get_cookie('token'))
def test_confirm_controller_success(self):
for driver in ('jwt', 'cookie'):
self.auth.driver(driver)
params = {'id': Sign().sign('{0}::{1}'.format(1, time.time()))}
self.request.set_params(params)
user = self.auth.once().login_by_id(1)
self.request.set_user(user)
self.app.bind('Request', self.request)
self.app.make('Request').load_app(self.app)
# Create the route
route = Get('/email/verify/@id', ConfirmController.confirm_email)
ConfirmController.get_user = User
# Resolve the controller constructor
controller = self.app.resolve(route.controller)
# Resolve the method
response = self.app.resolve(
getattr(controller, route.controller_method))
self.assertEqual(response.rendered_template, 'confirm')
self.refreshDatabase()
def test_confirm_controller_failure(self):
for driver in ('cookie', 'jwt'):
self.auth.driver(driver)
timestamp_plus_11 = datetime.datetime.now() - datetime.timedelta(
minutes=11)
params = {
'id':
Sign().sign('{0}::{1}'.format(1,
timestamp_plus_11.timestamp()))
}
self.request.set_params(params)
user = self.auth.once().login_by_id(1)
self.request.set_user(user)
self.app.bind('Request', self.request)
self.app.make('Request').load_app(self.app)
# Create the route
route = Get('/email/verify/@id', ConfirmController.confirm_email)
ConfirmController.get_user = User
# Resolve the controller constructor
controller = self.app.resolve(route.controller)
# Resolve the method
response = self.app.resolve(
getattr(controller, route.controller_method))
self.assertEqual(response.rendered_template, 'error')
