async def test_success(client):
cfg = client.app[APP_LOGIN_CONFIG]
url = client.app.router['auth_change_password'].url_for()
login_url = client.app.router['auth_login'].url_for()
logout_url = client.app.router['auth_logout'].url_for()
async with LoggedUser(client) as user:
rsp = await client.post(url,
json={
'current': user['raw_password'],
'new': NEW_PASSWORD,
'confirm': NEW_PASSWORD,
})
assert rsp.url_obj.path == url.path
assert rsp.status == 200
assert cfg.MSG_PASSWORD_CHANGED in await rsp.text()
await assert_status(rsp, web.HTTPOk, cfg.MSG_PASSWORD_CHANGED)
rsp = await client.get(logout_url)
assert rsp.status == 200
assert rsp.url_obj.path == logout_url.path
rsp = await client.post(login_url,
json={
'email': user['email'],
'password': NEW_PASSWORD,
})
assert rsp.status == 200
assert rsp.url_obj.path == login_url.path
await assert_status(rsp, web.HTTPOk, cfg.MSG_LOGGED_IN)
async def test_project_uuid_uniqueness(loop, client, fake_project):
async with LoggedUser(client):
# create the project once
await _create_project(client, fake_project)
# create a second project with same uuid shall fail
with pytest.raises(AssertionError):
await _create_project(client, fake_project)
# delete
pid = fake_project["uuid"]
await _delete_project(client, pid)
async def test_change_to_existing_email(client):
url = client.app.router['auth_change_email'].url_for()
async with LoggedUser(client) as user:
async with NewUser() as other:
rsp = await client.post(url, json={
'email': other['email'],
})
await assert_status(rsp, web.HTTPUnprocessableEntity,
"This email cannot be used")
async def test_delete_invalid_project(loop, client):
async with LoggedUser(client):
url = client.app.router["delete_project"].url_for(
project_id="some-fake-id")
resp = await client.delete(url)
payload = await resp.json()
assert resp.status == 404, pprint(payload)
data, error = unwrap_envelope(payload)
assert not data
assert error
async def test_password_strength(client):
cfg = client.app[APP_LOGIN_CONFIG]
route = client.app.router['auth_check_password_strength']
async with LoggedUser(client) as user:
url = route.url_for(password=NEW_PASSWORD)
rsp = await client.get(url)
assert rsp.url_obj.path == url.path
data, error = await assert_status(rsp, web.HTTPOk)
assert data["strength"] > 0.9
assert data["rating"] == "Very strong"
assert data["improvements"]
async def test_wrong_confirm_pass(client):
cfg = client.app[APP_LOGIN_CONFIG]
url = client.app.router['auth_change_password'].url_for()
async with LoggedUser(client) as user:
rsp = await client.post(url,
json={
'current': user['raw_password'],
'new': NEW_PASSWORD,
'confirm': NEW_PASSWORD.upper(),
})
assert rsp.url_obj.path == url.path
assert rsp.status == 409
await assert_status(rsp, web.HTTPConflict, cfg.MSG_PASSWORD_MISMATCH)
async def test_list_template_projects(loop, client, fake_db,
fake_template_projects,
fake_template_projects_osparc):
fake_db.load_template_projects()
async with LoggedUser(client):
url = client.app.router["list_projects"].url_for()
resp = await client.get(url.with_query(type="template"))
payload = await resp.json()
assert resp.status == 200, pprint(payload)
projects, error = unwrap_envelope(payload)
assert not error, pprint(error)
# fake-template-projects.json + fake-template-projects.osparc.json
assert len(projects) == (len(fake_template_projects) +
len(fake_template_projects_osparc))
async def test_storage_locations(client, storage_server):
url = "/v0/storage/locations"
async with LoggedUser(client) as user:
print("Logged user:", user) # TODO: can use in the test
resp = await client.get(url)
payload = await resp.json()
assert resp.status == 200, str(payload)
data, error = unwrap_envelope(payload)
assert len(data) == 1
assert not error
assert data[0]['user_id'] == user['id']
async def test_wrong_current_password(client):
cfg = client.app[APP_LOGIN_CONFIG]
url = client.app.router['auth_change_password'].url_for()
async with LoggedUser(client):
rsp = await client.post(url,
json={
'current': 'wrongpassword',
'new': NEW_PASSWORD,
'confirm': NEW_PASSWORD,
})
assert rsp.url_obj.path == url.path
assert rsp.status == 422
assert cfg.MSG_WRONG_PASSWORD in await rsp.text()
await assert_status(rsp, web.HTTPUnprocessableEntity,
cfg.MSG_WRONG_PASSWORD)
async def test_storage_list_filter(client, storage_server):
# tests composition of 2 queries
file_id = "a/b/c/d/e/dat"
url = "/v0/storage/locations/0/files/metadata?uuid_filter={}".format(quote(file_id, safe=''))
async with LoggedUser(client) as user:
print("Logged user:", user) # TODO: can use in the test
resp = await client.get(url)
payload = await resp.json()
assert resp.status == 200, str(payload)
data, error = unwrap_envelope(payload)
assert len(data) == 1
assert not error
assert data[0]['uuid_filter'] == file_id
async def test_storage_file_meta(client, storage_server):
# tests redirect of path with quotes in path
file_id = "a/b/c/d/e/dat"
url = "/v0/storage/locations/0/files/{}/metadata".format(quote(file_id, safe=''))
async with LoggedUser(client) as user:
print("Logged user:", user) # TODO: can use in the test
resp = await client.get(url)
payload = await resp.json()
assert resp.status == 200, str(payload)
data, error = unwrap_envelope(payload)
assert len(data) == 1
assert not error
assert data[0]['filemeta'] == 42
async def test_change_and_confirm(client, capsys):
cfg = client.app[APP_LOGIN_CONFIG]
url = client.app.router['auth_change_email'].url_for()
index_url = client.app.router[INDEX_RESOURCE_NAME].url_for()
login_url = client.app.router['auth_login'].url_for()
logout_url = client.app.router['auth_logout'].url_for()
assert index_url.path == URL(cfg.LOGIN_REDIRECT).path
async with LoggedUser(client) as user:
# request change email
rsp = await client.post(url, json={
'email': NEW_EMAIL,
})
assert rsp.url_obj.path == url.path
await assert_status(rsp, web.HTTPOk, cfg.MSG_CHANGE_EMAIL_REQUESTED)
# email sent
out, err = capsys.readouterr()
link = parse_link(out)
# click email's link
rsp = await client.get(link)
txt = await rsp.text()
assert rsp.url_obj.path == index_url.path
assert "welcome to fake web front-end" in txt
# try new email but logout first
rsp = await client.get(logout_url)
assert rsp.url_obj.path == logout_url.path
await assert_status(rsp, web.HTTPOk, cfg.MSG_LOGGED_OUT)
rsp = await client.post(login_url,
json={
'email': NEW_EMAIL,
'password': user['raw_password'],
})
payload = await rsp.json()
assert rsp.url_obj.path == login_url.path
await assert_status(rsp, web.HTTPOk, cfg.MSG_LOGGED_IN)
async def test_workflow(loop, client, fake_project):
async with LoggedUser(client):
# empty list
projects = await _list_projects(client)
assert not projects
# creation
await _create_project(client, fake_project)
# list not empty
projects = await _list_projects(client)
assert len(projects) == 1
assert projects[0] == fake_project
modified_project = deepcopy(projects[0])
modified_project["name"] = "some other name"
modified_project["notes"] = "John Raynor killed Kerrigan"
modified_project["workbench"]["ReNamed"] = modified_project[
"workbench"].pop("Xw)F")
modified_project["workbench"]["ReNamed"]["position"]["x"] = 0
# modifiy
pid = modified_project["uuid"]
await _update_project(client, modified_project, pid)
# list not empty
projects = await _list_projects(client)
assert len(projects) == 1
assert projects[0] == modified_project
# get
project = await _get_project(client, pid)
assert project == modified_project
# delete
await _delete_project(client, pid)
# list empty
projects = await _list_projects(client)
assert not projects
async def test_logout(client):
db = get_storage(client.app)
logout_url = client.app.router['auth_logout'].url_for()
protected_url = client.app.router['auth_change_email'].url_for()
async with LoggedUser(client) as user:
# try to access protected page
r = await client.post(protected_url, json={'email': user['email']})
assert r.url_obj.path == protected_url.path
await assert_status(r, web.HTTPOk)
# logout
r = await client.get(logout_url)
assert r.url_obj.path == logout_url.path
await assert_status(r, web.HTTPOk)
# and try again
r = await client.post(protected_url)
assert r.url_obj.path == protected_url.path
await assert_status(r, web.HTTPUnauthorized)
await db.delete_user(user)
async def logged_user(client):
""" adds a user in db and logs in with client """
async with LoggedUser(client) as user:
yield user