def setUp(self):
form = ChopRegistrationForm(self.test_user)
form.save()
# Manually create existing user with profile.
existing_user = User(**self.existing_user)
existing_user.set_password(self.existing_user['password'])
existing_user.save()
UserProfile(user=existing_user).save()
test_user = User.objects.get(email=self.test_user['email'])
UserProfile(user=test_user).save()
def setUp(self):
form = ChopRegistrationForm(self.test_user)
form.save()
# Manually create existing user with profile.
existing_user = User(**self.existing_user)
existing_user.set_password(self.existing_user['password'])
existing_user.save()
UserProfile(user=existing_user).save()
test_user = User.objects.get(email=self.test_user['email'])
UserProfile(user=test_user).save()
def test_registration_form_eula(self):
form = ChopRegistrationForm({
'first_name': 'John',
'last_name': 'Sample',
'email': '*****@*****.**',
'password': '******',
'institution': 'The Children\'s Hospital of Philadelphia',
'reason': '',
'eula': False
})
self.assertFalse(form.is_valid())
def test_registration_form_eula(self):
form = ChopRegistrationForm({
'first_name': 'John',
'last_name': 'Sample',
'email': '*****@*****.**',
'password': '******',
'institution': 'The Children\'s Hospital of Philadelphia',
'reason': '',
'eula': False
})
self.assertFalse(form.is_valid())
def test_empty_registration_form(self):
form = ChopRegistrationForm({})
self.assertFalse(form.is_valid())
def test_empty_registration_form(self):
form = ChopRegistrationForm({})
self.assertFalse(form.is_valid())
class AccountsModuleTests(TestCase):
client = Client()
test_user = {
'first_name': 'John',
'last_name': 'Sample',
'email': '*****@*****.**',
'password': '******',
'institution': 'The Children\'s Hospital of Philadelphia',
'reason': 'Making the world a better place',
'eula': True
}
existing_user = {
'first_name': 'Jane',
'last_name': 'Sample',
'username': '******',
'email': '*****@*****.**',
'password': '******',
}
test_user_object = None
form_data = {
'first_name': 'John',
'last_name': 'Sample',
'email': '*****@*****.**',
'password': '******',
'institution': 'The Children\'s Hospital of Philadelphia',
'reason': 'Making the world a better place',
'eula': True
}
valid_form = ChopRegistrationForm(form_data)
def setUp(self):
form = ChopRegistrationForm(self.test_user)
form.save()
# Manually create existing user with profile.
existing_user = User(**self.existing_user)
existing_user.set_password(self.existing_user['password'])
existing_user.save()
UserProfile(user=existing_user).save()
test_user = User.objects.get(email=self.test_user['email'])
UserProfile(user=test_user).save()
def tearDown(self):
User.objects.get(email=self.test_user['email']).delete()
User.objects.get(email=self.existing_user['email']).delete()
# Hangs in CI
# def test_throttled_login(self):
# response = self.client.get('/login/')
# self.assertEqual(response.status_code, 200)
def test_new_registration_form(self):
form = self.valid_form
self.assertTrue(form.is_valid())
def test_registration_form_empty_reason(self):
form = ChopRegistrationForm({
'first_name': 'John',
'last_name': 'Sample',
'email': '*****@*****.**',
'password': '******',
'institution': 'The Children\'s Hospital of Philadelphia',
'reason': '',
'eula': True
})
self.assertFalse(form.is_valid())
def test_registration_form_eula(self):
form = ChopRegistrationForm({
'first_name': 'John',
'last_name': 'Sample',
'email': '*****@*****.**',
'password': '******',
'institution': 'The Children\'s Hospital of Philadelphia',
'reason': '',
'eula': False
})
self.assertFalse(form.is_valid())
def test_empty_registration_form(self):
form = ChopRegistrationForm({})
self.assertFalse(form.is_valid())
def test_new_reg_creates_user(self):
form = self.valid_form
form.save()
user = User.objects.get(email='*****@*****.**')
self.assertTrue(isinstance(user, User))
def test_new_reg_creates_user_profile(self):
response = self.client.post('/accounts/register/', self.form_data)
# Check that form submit is ok.
self.assertEqual(response.status_code, 302)
user = User.objects.get(email='*****@*****.**')
up = UserProfile.objects.get(user=user)
self.assertEqual(str(up), 'John Sample\'s Profile')
self.assertTrue(up.user, user)
self.assertTrue(isinstance(up, UserProfile))
def test_new_reg_creates_registration_profile(self):
response = self.client.post('/accounts/register/', self.form_data)
# Check that form submit is ok.
self.assertEqual(response.status_code, 302)
user = User.objects.get(email='*****@*****.**')
rp = RegistrationProfile.objects.get(user=user)
self.assertTrue(rp.user, user)
# Check that the newly registered user is neither activated or moderated
self.assertFalse(rp.activated)
self.assertFalse(rp.moderated)
self.assertTrue(isinstance(rp, RegistrationProfile))
@override_settings(AUTHENTICATION_BACKENDS=['accounts.backends.LdapBackend'])
def test_ldap_login_email(self):
backend = LdapBackend()
with patch('ldap3.Connection') as MockLDAP:
backend.get_ad_timestamp = MagicMock(return_value=datetime.now())
ldap = MockLDAP.return_value
ldap.search.return_value = [{'dn': 'test'}]
ldap.response = [{'dn': 'test'}]
user = backend.authenticate('*****@*****.**', 'Chop1234')
# Check search calls
search_call_list = ldap.search.call_args_list
self.assertTrue(call('searchdn', '(sAMAccountName=admin)') in search_call_list)
# Check binds
self.assertTrue(ldap.bind.called)
self.assertTrue(ldap.unbind.called)
# Check is User
self.assertTrue(isinstance(user, User))
@override_settings(AUTHENTICATION_BACKENDS=['accounts.backends.LdapBackend'])
def test_ldap_login_expired(self):
backend = LdapBackend()
with patch('ldap3.Connection') as MockLDAP:
backend.get_ad_timestamp = MagicMock(return_value=datetime.now() - timedelta(days=181))
ldap = MockLDAP.return_value
ldap.search.return_value = [{'dn': 'test'}]
ldap.response = [{'dn': 'test'}]
user = backend.authenticate('*****@*****.**', 'Chop1234')
# Check search calls
search_call_list = ldap.search.call_args_list
self.assertTrue(call('searchdn', '(sAMAccountName=admin)') in search_call_list)
# Check binds
self.assertTrue(ldap.bind.called)
self.assertTrue(ldap.unbind.called)
# Check is User
self.assertTrue(isinstance(user, User))
# Check User is expired
self.assertTrue(user.profile.password_expired)
@override_settings(AUTHENTICATION_BACKENDS=['accounts.backends.LdapBackend'])
def test_ldap_login_username(self):
backend = LdapBackend()
with patch('ldap3.Connection') as MockLDAP:
backend.get_ad_timestamp = MagicMock(return_value=datetime.now())
ldap = MockLDAP.return_value
ldap.search.return_value = [{'dn': 'test'}]
ldap.response = [{'dn': 'test'}]
user = backend.authenticate('admin', 'Chop1234')
# Check search calls
search_call_list = ldap.search.call_args_list
self.assertTrue(call('searchdn', '(sAMAccountName=admin)') in search_call_list)
self.assertTrue(call('dc=chop,dc=edu', '(sAMAccountName=admin)', attributes=['pwdLastSet']) in search_call_list)
# Check binds
self.assertTrue(ldap.bind.called)
self.assertTrue(ldap.unbind.called)
# Check is User
self.assertTrue(isinstance(user, User))
@override_settings(AUTHENTICATION_BACKENDS=['accounts.backends.LdapBackend'])
def test_ldap_login_user_does_not_exist(self):
backend = LdapBackend()
with patch('ldap3.Connection') as MockLDAP:
backend.get_ad_timestamp = MagicMock(return_value=datetime.now())
ldap = MockLDAP.return_value
ldap.search.return_value = [{'dn': 'test'}]
ldap.response = [{'dn': 'test'}]
user = backend.authenticate('*****@*****.**', 'xxxxx')
self.assertEqual(user, None)
def test_ldap_ad_timestamp_conversion(self):
backend = LdapBackend()
mock_response = [{'attributes': {'pwdLastSet': ['131157000000000000']}}]
d = backend.get_ad_timestamp(mock_response)
self.assertEqual(datetime(2016, 8, 15, 2), d)
def test_login_allowed(self):
s = self.client.session
s['login_allowed'] = True
s.save()
response = self.client.get('/login/')
# Should redirect to login.
self.assertEqual(response.status_code, 200)
def test_login_not_allowed(self):
s = self.client.session
s['login_allowed'] = False
s.save()
response = self.client.get('/login/')
# Should redirect to login.
self.assertTrue('You have reached the maximum number of login attempts.' in str(response.content))
self.assertEqual(response.status_code, 200)
def test_authenticated_login_redirect(self):
user = User.objects.get(email='*****@*****.**')
# Accept the EULA for this user
user.profile.eula = True
user.profile.save()
self.client.force_login(user)
response = self.client.get('/login/')
# Should redirect to root.
self.assertEqual(response.status_code, 302)
def test_block_disabled_user_login(self):
s = self.client.session
s['login_allowed'] = False
s.save()
response = self.client.post('/login/', {'username': '******', 'password': '******'})
# Should redirect to login.
self.assertEqual(response.status_code, 302)
def test_throttled_user_login(self):
s = self.client.session
s['login_allowed'] = True
s.save()
with self.settings(CACHES={
'default': {
'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
'LOCATION': 'test-cache',
}
}):
form_data = {'email': '*****@*****.**', 'username': '******', 'password': '******'}
response = self.client.post('/login/', form_data)
# Should redirect to root.
self.assertEqual(response.status_code, 302)
def test_throttled_user_login_bad_payload(self):
s = self.client.session
s['login_allowed'] = True
s.save()
with self.settings(CACHES={
'default': {
'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
'LOCATION': 'test-cache',
}
}):
form_data = {'email': '*****@*****.**', 'username': '******'}
response = self.client.post('/login/', form_data)
# Should not redirect...
self.assertEqual(response.status_code, 200)
def test_max_attempts(self):
from django.core.cache import cache
s = self.client.session
s['login_allowed'] = True
s.save()
with self.settings(CACHES={
'default': {
'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
'LOCATION': 'test-cache2',
}
}):
form_data = {'email': '*****@*****.**', 'username': '******', 'password': '******'}
user = User.objects.get(email='*****@*****.**')
self.assertTrue(user.is_active)
# Make 11 bogus login attempts (10 is max)
cache.set('[email protected]_127.0.0.1_login_attempts', 10)
self.client.post('/login/', form_data)
user = User.objects.get(email='*****@*****.**')
self.assertFalse(user.is_active)
def test_max_attempts_user_already_inactive(self):
s = self.client.session
s['login_allowed'] = True
s.save()
with self.settings(CACHES={
'default': {
'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
'LOCATION': 'test-cache2',
}
}):
form_data = {'email': '*****@*****.**', 'username': '******', 'password': '******'}
user = User.objects.get(email='*****@*****.**')
user.is_active = False
user.save()
self.assertFalse(user.is_active)
# Should fail immediately
response = self.client.post('/login/', form_data)
self.assertTrue('You have reached the maximum number of login attempts.' in str(response.content))
user = User.objects.get(email='*****@*****.**')
self.assertFalse(user.is_active)
def test_throttled_login_user_not_found(self):
s = self.client.session
s['login_allowed'] = True
s.save()
with self.settings(CACHES={
'default': {
'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
'LOCATION': 'test-cache2',
}
}):
form_data = {'email': '*****@*****.**', 'username': '******', 'password': '******'}
# Should fail immediately
response = self.client.post('/login/', form_data)
self.assertTrue('Please enter a correct email and password.' in str(response.content))
def test_clear_throttled_login(self):
from django.core.cache import cache
s = self.client.session
s['login_allowed'] = True
s.save()
with self.settings(CACHES={
'default': {
'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
'LOCATION': 'test-cache2',
}
}):
form_data = {'email': '*****@*****.**', 'username': '******', 'password': '******'}
user = User.objects.get(email='*****@*****.**')
self.assertTrue(user.is_active)
# Make 3 bogus login attempts (5 is max)
cache.set('[email protected]_127.0.0.1_login_attempts', 3)
self.client.post('/login/', form_data)
user = User.objects.get(email='*****@*****.**')
self.assertTrue(user.is_active)
# when login successful user should be deleted from cache.
self.assertFalse(cache.get('[email protected]_127.0.0.1_login_attempts'))
def test_eula(self):
response = self.client.get('/eula/')
self.assertTrue('End User License Agreement', str(response.content))
self.assertEqual(response.status_code, 200)
def test_agree_to_eula(self):
user = User.objects.get(email='*****@*****.**')
self.client.force_login(user)
self.assertFalse(user.profile.eula)
response = self.client.post('/eula/', {'decision': 'i agree'})
# Get user again to update state
user = User.objects.get(email='*****@*****.**')
self.assertTrue(user.profile.eula)
# Should redirect if accepted
self.assertEqual(response.status_code, 302)
def test_reject_to_eula(self):
user = User.objects.get(email='*****@*****.**')
self.client.force_login(user)
self.assertFalse(user.profile.eula)
response = self.client.post('/eula/', {'decision': ''})
# Should redirect if accepted and profile should reflect unaccepted eula
self.assertFalse(user.profile.eula)
self.assertEqual(response.status_code, 302)
def test_eula_middleware(self):
user = User.objects.get(email='*****@*****.**')
self.client.force_login(user)
self.assertFalse(user.profile.eula)
response = self.client.get('/')
self.assertTrue('END-USER LICENSE AGREEMENT' in str(response.content))
def test_eula_middleware_static(self):
user = User.objects.get(email='*****@*****.**')
self.client.force_login(user)
self.assertFalse(user.profile.eula)
response = self.client.get('/static/css/style.css')
self.assertFalse('END-USER LICENSE AGREEMENT' in str(response.content))
