def test_validate_username_invalid(): form = LoginForm( MultiDict({ "username": "******", "password": "******" }), authenticator=lambda username, password: False, ) assert not form.validate()
def test_validate_username_with_user(self): login_service = pretend.stub( find_userid=pretend.call_recorder(lambda userid: 1), ) form = LoginForm(login_service=login_service) field = pretend.stub(data="my_username") form.validate_username(field) assert login_service.find_userid.calls == [pretend.call("my_username")]
def login(app, request): form = LoginForm( request.form, authenticator=app.db.accounts.user_authenticate, translations=app.translations, ) if request.method == "POST" and form.validate(): # Get the user's ID, this is what we will use as the identifier anytime # we need to securely reference the user within the database. user_id = app.db.accounts.get_user_id(form.username.data) if request.session.get("user.id") != user_id: # To avoid reusing another user's session data, clear the session # data if the existing session corresponds to a different # authenticated user. request.session.clear() # Cycle the session key to prevent session fixation attacks from # crossing an authentication boundary request.session.cycle() # Cycle the CSRF token to prevent a CSRF via session fixation attack # from crossing an authentication boundary csrf_cycle(request.session) # Log the user in by storing their user id in their session request.session["user.id"] = user_id # We'll want to redirect the user with a 303 once we've completed the # log in process. resp = redirect_next( request, default=url_for(request, "warehouse.views.index"), ) # Store the user's name in a cookie so that the client side can use # it for display purposes. This value **MUST** not be used for any # sort of access control. resp.set_cookie("username", form.username.data) # Return our prepared response to the user return resp # Either this is a GET request or it is a POST request with a failing form # validation. Either way we want to simply render our template with the # form available. return render_response( app, request, "accounts/login.html", form=form, next=request.values.get("next"), )
def test_validate_username_with_no_user(self): login_service = pretend.stub( find_userid=pretend.call_recorder(lambda userid: None), ) form = LoginForm(login_service=login_service) field = pretend.stub(data="my_username") with pytest.raises(wtforms.validators.ValidationError): form.validate_username(field) assert login_service.find_userid.calls == [pretend.call("my_username")]
def test_validate_password_no_user(self): login_service = pretend.stub( find_userid=pretend.call_recorder(lambda userid: None), ) form = LoginForm( data={"username": "******"}, login_service=login_service, ) field = pretend.stub(data="password") form.validate_password(field) assert login_service.find_userid.calls == [pretend.call("my_username")]
def test_validate_password_ok(self): login_service = pretend.stub( find_userid=pretend.call_recorder(lambda userid: 1), check_password=pretend.call_recorder( lambda userid, password: True ), ) form = LoginForm( data={"username": "******"}, login_service=login_service, ) field = pretend.stub(data="pw") form.validate_password(field) assert login_service.find_userid.calls == [pretend.call("my_username")] assert login_service.check_password.calls == [pretend.call(1, "pw")]
def test_validate_password_notok(self, db_session): login_service = pretend.stub( find_userid=pretend.call_recorder(lambda userid: 1), check_password=pretend.call_recorder( lambda userid, password: False ), ) form = LoginForm( data={"username": "******"}, login_service=login_service, ) field = pretend.stub(data="pw") with pytest.raises(wtforms.validators.ValidationError): form.validate_password(field) assert login_service.find_userid.calls == [pretend.call("my_username")] assert login_service.check_password.calls == [pretend.call(1, "pw")]
def test_creation(self): login_service = pretend.stub() form = LoginForm(login_service=login_service) assert form.login_service is login_service