class FacebookTest(PDUnitTest, UserUtil):
def setUp(self):
PDUnitTest.setUp(self)
self.cred = self.createUserWithCredentials(credType="facebook")
self.cred.user.activate()
interface = self.controller.interface
interface.facebook_id = self.userCreationUserid
interface.accessToken = self.usercreationPassword
data = {
'credentialType': 'facebook',
'identifier': interface.facebook_id,
'password': interface.accessToken
}
self.form = FakeForm(data)
def tearDown(self):
PDUnitTest.tearDown(self)
def test_facebook_login_needs_facebook_id_and_access_token(self):
resp = self.controller.doLogin(self.form)
self.assertEqual(resp.status_code, 200)
def test_facebook_login_needs_facebook_id_as_username(self):
form = self.form
form.set('identifier','badid')
with self.assertRaises(ReportedError) as e:
self.controller.doLogin(form)
self.assertEqual(e.exception.status, 403)
self.assertEqual(e.exception.descriptor,["bad facebook id"])
def test_facebook_login_needs_correct_access_token_as_password(self):
self.form.set('password',self.mkRandomPassword())
with self.assertRaises(ReportedError) as e:
self.controller.doLogin(self.form)
self.assertEqual(e.exception.status, 403)
self.assertTrue("Cannot login to facebook" in e.exception.descriptor)
def test_facebook_login_needs_facebook_credentials_as_registered(self):
self.cred.rm()
with self.assertRaises(ReportedError) as e:
self.controller.doLogin(self.form)
self.assertEqual(e.exception.status, 403)
self.assertEqual(e.exception.descriptor,["You have to register first"])
def test_facebookMe_reaches_facebook(self):
try:
FlaskInterface().facebookMe("code")
except urllib.error.HTTPError as err:
self.assertEqual(400, err.code)
self.assertTrue('x-fb-rev' in err.headers)
self.assertTrue('{"error":{"message":"Invalid OAuth access token.","type":"OAuthException","code":190' in str(err.read()))
def test_if_hash_is_same_but_empty__no_message(self):
digest = ""
user = self.createUserWithCredentials().user
data = dict(
digest=digest
)
self.controller.checkAndUpdateHash(FakeForm(data), user)
resp = self.controller.checkAndUpdateHash(FakeForm(data), user)
self.assertEqual(dict(), resp)
def test_if_hash_is_same_a_message_is_sent(self):
digest = self.createHash()
user = self.createUserWithCredentials().user
data = dict(
digest=digest
)
self.controller.checkAndUpdateHash(FakeForm(data), user)
resp = self.controller.checkAndUpdateHash(FakeForm(data), user)
self.assertEqual(sameHash, resp['message'])
class FacebookTest(PDUnitTest, UserTesting):
def setUp(self):
PDUnitTest.setUp(self)
self.user = self.createUserWithCredentials(credType="facebook")
self.user.activate()
self.controller.facebook_id = self.usercreation_userid
self.controller.access_token = self.usercreation_password
data = {
'credentialType': 'facebook',
'identifier': self.controller.facebook_id,
'secret': self.controller.access_token
}
self.request_data = FakeForm(data)
def tearDown(self):
PDUnitTest.tearDown(self)
@test
def facebook_login_needs_facebook_id_and_access_token(self):
resp = self.controller.do_login(self.request_data)
self.assertEqual(resp.status_code, 200)
@test
def facebook_login_needs_facebook_id_as_username(self):
self.request_data.set('identifier','badid')
with self.assertRaises(ReportedError) as e:
self.controller.do_login(self.request_data)
self.assertEqual(e.exception.status, 403)
self.assertEqual(e.exception.descriptor,["bad facebook id"])
@test
def facebook_login_needs_correct_access_token_as_password(self):
self.request_data.set('secret',self.mkRandomPassword())
with self.assertRaises(ReportedError) as e:
self.controller.do_login(self.request_data)
self.assertEqual(e.exception.status, 403)
self.assertEqual(e.exception.descriptor, ["Cannot login to facebook"])
@test
def facebook_login_needs_facebook_credentials_as_registered(self):
cred = Credential.getByUser(self.user, "facebook")
cred.rm()
with self.assertRaises(ReportedError) as e:
self.controller.do_login(self.request_data)
self.assertEqual(e.exception.status, 403)
self.assertEqual(e.exception.descriptor,["You have to register first"])
@test
def facebookMe_reaches_facebook(self):
resp = FlaskInterface()._facebookMe("code")
self.assertEqual(400, resp.status)
self.assertTrue(resp.headers.has_key('x-fb-rev'))
self.assertEqual('{"error":{"message":"Invalid OAuth access token.","type":"OAuthException","code":190}}', resp.data)
def test_if_hash_is_same_no_assurances_deleted(self):
digest = self.createHash()
user = self.createUserWithCredentials().user
data = dict(
digest=digest
)
self.controller.checkAndUpdateHash(FakeForm(data), user)
Assurance.new(user, "test", user)
self.controller.checkAndUpdateHash(FakeForm(data), user)
assurances = Assurance.getByUser(user)
self.assertTrue("test" in assurances.keys())
self.assertTrue("hashgiven" in assurances.keys())
def setUp(self):
PDUnitTest.setUp(self)
self.cred = self.createUserWithCredentials(credType="facebook")
self.cred.user.activate()
interface = self.controller.interface
interface.facebook_id = self.userCreationUserid
interface.accessToken = self.usercreationPassword
data = {
'credentialType': 'facebook',
'identifier': interface.facebook_id,
'password': interface.accessToken
}
self.form = FakeForm(data)
def _doDeregistrationDoit(self, overwriteSecret=None):
secret = self._getDeregistrationSecret()
if overwriteSecret is not None:
secret = overwriteSecret
resp = self.controller.doDeregistrationDoit(
FakeForm(dict(deregister_secret=secret)))
return resp
def createPasswordResetFormWithSecret(self):
passwordResetLink = self.the_reset_link_is_in_the_reset_email()
self.secret = passwordResetLink.split('secret=')[1]
self.setupRandom()
self.newPassword = self.mkRandomPassword()
data = dict(password=self.newPassword, secret=self.secret)
form = FakeForm(data)
return form
def _createPasswordCredential(self, userid=None):
self.controller.loginInFramework(self.cred)
self.setupUserCreationData()
if userid is None:
userid = self.userCreationUserid
form = FakeForm(dict(credentialType='password', identifier=userid, password=self.usercreationPassword))
resp = self.controller.doAddCredential(form)
return resp
def _removeACredential(self, myUserid):
self.controller.loginInFramework(self.cred)
user = self.cred.user
Credential.new(user, "facebook", myUserid, "testsecret")
data = {"credentialType": "facebook",
"identifier": myUserid}
self.assertTrue(Credential.get("facebook", myUserid))
resp = self.controller.doRemoveCredential(FakeForm(data))
return resp
def callJustTokenInterface(self, code, data=None):
self.controller.logOut()
self.data = self.tokenParams
self.addDataBasedOnOptionValue('code', self.tokenParams['code'], code)
self.addDataBasedOnOptionValue('refresh_token',
self.tokenParams['refresh_token'], data)
form = FakeForm(self.data)
resp = self.authProvider.token_interface(form)
data = self.fromJson(resp)
return data
def test_the_credential_used_for_login_cannot_be_cleared(self):
credential = self.createUserWithCredentials()
self.controller.loginInFramework(credential)
self.assertTrue(Credential.get("password", self.userCreationUserid))
form = FakeForm({
"identifier": self.userCreationUserid,
"credentialType": "password",
})
self.assertReportedError(self.controller.doRemoveCredential,[form], 400, ["You cannot delete the login you are using"])
self.assertTrue(Credential.get("password", self.userCreationUserid))
def test_bad_secret_clears_up_all_timed_out_temporary_credentials(self):
password = self.mkRandomPassword()
secret = uuid4().hex
for someone in User.query.all()[:5]: # @UndefinedVariable
Credential.new(someone, 'email_for_password_reset', str(time.time()-1)+":"+uuid4().hex, uuid4().hex)
self.assertTrue(self.countExpiredCreds()>=5)
data = dict(password=password, secret=secret)
self.assertReportedError(self.controller.doPasswordReset,(FakeForm(data),),
404, ['The secret has expired'])
self.assertEqual(self.countExpiredCreds(),0)
def prepareLoginForm(self, digest =None, email=None):
self.setupUserCreationData()
self.data = dict(credentialType='password',
identifier=self.userCreationUserid,
password=self.usercreationPassword,
email=None,
digest=None)
self.addDataBasedOnOptionValue('email', email, self.userCreationEmail)
self.addDataBasedOnOptionValue('digest', digest, self.createHash())
form = FakeForm(self.data)
return form
def setUp(self):
PDUnitTest.setUp(self)
self.user = self.createUserWithCredentials(credType="facebook")
self.user.activate()
self.controller.facebook_id = self.usercreation_userid
self.controller.access_token = self.usercreation_password
data = {
'credentialType': 'facebook',
'identifier': self.controller.facebook_id,
'secret': self.controller.access_token
}
self.request_data = FakeForm(data)
def doConfirmChangeEmail(self,
secret=None,
confirm=True,
useverifysecret=False):
self.controller.emailChangeInit(self.newEmailAddress, self.user)
if secret is None:
if useverifysecret:
secret = Credential.getByUser(self.user,
'changeemailandverify').secret
else:
secret = Credential.getByUser(self.user, 'changeemail').secret
return self.controller.confirmEmailChange(
FakeForm(dict(confirm=confirm, secret=secret)))
def prepareLoginForm(self, inactive=False, identifier=None, secret=None):
cred = self.createUserWithCredentials()
if inactive:
cred.user.active = False
self.data = dict(credentialType='password',
identifier=None,
password=None)
self.addDataBasedOnOptionValue('identifier', identifier,
self.userCreationUserid)
self.addDataBasedOnOptionValue('password', secret,
self.usercreationPassword)
form = FakeForm(self.data)
return form
def prepareLoginForm(self,
noTestAdderAssurance=False,
email=None,
noAssurerAssurance=False,
digest=None):
self.createLoggedInUser()
user = self.cred.user
if not noAssurerAssurance:
Assurance.new(user, 'assurer', user)
if not noTestAdderAssurance:
Assurance.new(user, 'assurer.test', user)
self.targetUser = self.createUserWithCredentials().user
self.targetUser.hash = self.createHash()
self.digest = self.targetUser.hash
self.data = dict(assurance='test', email=None)
self.addDataBasedOnOptionValue('email', email, self.targetUser.email)
self.addDataBasedOnOptionValue('digest', digest, self.targetUser.hash)
form = FakeForm(self.data)
return form
def test_deregistration_doit_needs_deregistration_secret(self):
emptyForm = FakeForm(dict(deregister_secret=None))
self.assertReportedError(self.controller.doDeregistrationDoit,
[emptyForm], 400,
["secret is needed for deregistration_doit"])
def _doDeregister(self):
data = dict(csrf_token=self.controller.getCSRF())
resp = self.controller.doDeregister(FakeForm(data))
return resp