def test_success_url_uses_came_from(self):
self.request.form.update({
'came_from': self.portal.absolute_url() + '/foobar'
})
view = SecureLoginView(self.portal, self.request)
opts = json.loads(view.options())
self.assertTrue('/foobar' in opts['successUrl'])
def test_success_url_is_dashboard(self):
registry = queryUtility(IRegistry)
registry['plone.two_factor_enabled'] = True
registry['castle.plivo_auth_id'] = u'foobar'
view = SecureLoginView(self.portal, self.request)
opts = json.loads(view.options())
self.assertTrue('@@dashboard' in opts['successUrl'])
def test_get_options(self):
registry = queryUtility(IRegistry)
registry['plone.two_factor_enabled'] = True
registry['castle.plivo_auth_id'] = u'foobar'
view = SecureLoginView(self.portal, self.request)
opts = json.loads(view.options())
self.assertTrue(opts['twoFactorEnabled'])
self.assertEquals(len(opts['supportedAuthSchemes']), 2)
def test_success_url_uses_came_from(self):
registry = queryUtility(IRegistry)
registry['plone.two_factor_enabled'] = True
registry['castle.plivo_auth_id'] = u'foobar'
self.request.form.update(
{'came_from': self.portal.absolute_url() + '/foobar'})
view = SecureLoginView(self.portal, self.request)
opts = json.loads(view.options())
self.assertTrue('/foobar' in opts['successUrl'])
def test_password_history(self):
pass1 = 'N1C3P@$$w0rd'
pass2 = 'P@$$w0rd2018'
editableUser = api.user.get(username=TEST_USER_NAME)
editableUser.setMemberProperties(
{'password_date': DateTime('01/10/2011')})
login(self.portal, TEST_USER_NAME)
# -----Change password-----
self.request.form.update({
'apiMethod': 'set_password',
'username': TEST_USER_NAME,
'existing_password': TEST_USER_PASSWORD,
'new_password': pass1
})
view = SecureLoginView(self.portal, self.request)
result = json.loads(view())
self.assertTrue(result['success'])
logout()
# -----Try logging in with new password-----
self.request.form.update({
'apiMethod': 'login',
'username': TEST_USER_NAME,
'password': pass1
})
view = SecureLoginView(self.portal, self.request)
result = json.loads(view())
self.assertFalse(result['resetpassword'])
# -----Change password again-----
login(self.portal, TEST_USER_NAME)
self.request.form.update({
'apiMethod': 'set_password',
'username': TEST_USER_NAME,
'existing_password': pass1,
'new_password': pass2
})
view = SecureLoginView(self.portal, self.request)
result = json.loads(view())
self.assertTrue(result['success'])
# -----Try to change password back-----
self.request.form.update({
'apiMethod': 'set_password',
'username': TEST_USER_NAME,
'existing_password': pass2,
'new_password': pass1
})
view = SecureLoginView(self.portal, self.request)
result = json.loads(view())
self.assertFalse(result['success'])
def test_send_text_message_with_code(self):
view = SecureLoginView(self.portal, self.request)
view() # REQUESTING_AUTH_CODE state
responses.add(
responses.POST,
"https://api.plivo.com/v1/Account/foobar_auth_id/Message/",
body='{"success": true}',
content_type="application/json")
registry = queryUtility(IRegistry)
registry['castle.plivo_auth_id'] = u'foobar_auth_id'
registry['castle.plivo_auth_token'] = u'foobar_auth_token'
registry['castle.plivo_phone_number'] = u'15555555555'
user = api.user.get(username=TEST_USER_NAME)
user.setMemberProperties(mapping={
'phone_number': '19999999999',
})
self.request.form.update({
'authType': 'sms',
'username': TEST_USER_NAME
})
self.request.REQUEST_METHOD = 'POST'
result = json.loads(view())
self.assertTrue(result['success'])
self.assertEquals(len(responses.calls), 1)
text_body = json.loads(responses.calls[0].request.body)
self.assertTrue('code:' in text_body['text'])
self.assertEquals(text_body['dst'], '19999999999')
self.assertEquals(text_body['src'], '15555555555')
def test_initial_login(self):
self.request.form.update({
'username': TEST_USER_NAME,
'password': TEST_USER_PASSWORD
})
view = SecureLoginView(self.portal, self.request)
result = json.loads(view())
self.assertTrue(result['success'])
def test_authorize_code_required_for_login(self):
self.request.form.update({
'username': TEST_USER_NAME,
'password': TEST_USER_PASSWORD
})
view = SecureLoginView(self.portal, self.request)
view.auth.issue_2factor_code(TEST_USER_NAME)
result = json.loads(view())
self.assertFalse(result['success'])
def test_authorize_code_fails(self):
view = SecureLoginView(self.portal, self.request)
view() # REQUESTING_AUTH_CODE state
self.request.form.update({
'authType': 'email',
'username': TEST_USER_NAME
})
self.request.REQUEST_METHOD = 'POST'
view = SecureLoginView(self.portal, self.request)
view() # CHECK_CREDENTIALS state
self.request.form.update({
'username': TEST_USER_NAME,
'password': TEST_USER_PASSWORD,
'code': 'foobar'
})
result = json.loads(view())
self.assertFalse(result['success'])
def test_authorize_code_fails(self):
self.request.form.update({
'apiMethod': 'authorize_code',
'username': TEST_USER_NAME,
'code': 'foobar'
})
view = SecureLoginView(self.portal, self.request)
result = json.loads(view())
self.assertFalse(result['success'])
def test_login_success_without_two_factor(self):
registry = getUtility(IRegistry)
registry['plone.two_factor_enabled'] = False
self.request.form.update({
'username': TEST_USER_NAME,
'password': TEST_USER_PASSWORD
})
view = SecureLoginView(self.portal, self.request)
result = json.loads(view())
self.assertTrue(result['success'])
def test_initial_login(self):
view = SecureLoginView(self.portal, self.request)
view() # CHECK_CREDENTIALS state
self.request.form.update({
'username': TEST_USER_NAME,
'password': TEST_USER_PASSWORD
})
self.request.REQUEST_METHOD = 'POST'
result = json.loads(view())
self.assertTrue(result['success'])
def test_authorize_code_succeeds(self):
self.request.form.update({
'apiMethod': 'authorize_code',
'username': TEST_USER_NAME
})
view = SecureLoginView(self.portal, self.request)
code = view.auth.issue_2factor_code(TEST_USER_NAME)
self.request.form.update({'code': code})
result = json.loads(view())
self.assertTrue(result['success'])
def test_authorize_code_required_for_login(self):
registry = getUtility(IRegistry)
registry['plone.two_factor_enabled'] = True
self.request.form.update({
'apiMethod': 'login',
'username': TEST_USER_NAME,
'password': TEST_USER_PASSWORD
})
view = SecureLoginView(self.portal, self.request)
result = json.loads(view())
self.assertFalse(result['success'])
def test_long_password(self):
longpass = '******'
self.request.form.update({
'apiMethod': 'set_password',
'username': TEST_USER_NAME,
'existing_password': TEST_USER_PASSWORD,
'new_password': longpass
})
view = SecureLoginView(self.portal, self.request)
result = json.loads(view())
self.assertTrue(result['success'])
def test_login_failure(self):
self.request.form.update({
'apiMethod': 'login',
'username': TEST_USER_NAME,
'password': '******'
})
view = SecureLoginView(self.portal, self.request)
code = view.auth.issue_2factor_code(TEST_USER_NAME)
self.request.form.update({'code': code})
result = json.loads(view())
self.assertFalse(result['success'])
def test_setting_enabled_no_urls(self):
api.portal.set_registry_record(
name='plone.only_allow_login_to_backend_urls', value=True)
api.portal.set_registry_record(name='plone.backend_url', value=())
self.request.form.update({
'apiMethod': 'login',
'username': TEST_USER_NAME,
'password': TEST_USER_PASSWORD
})
view = SecureLoginView(self.portal, self.request)
result = json.loads(view())
self.assertTrue(result['success'])
def test_expired_login(self):
editableUser = api.user.get(username=TEST_USER_NAME)
editableUser.setMemberProperties(
{'password_date': DateTime('01/10/2011')})
self.request.form.update({
'apiMethod': 'login',
'username': TEST_USER_NAME,
'password': TEST_USER_PASSWORD
})
view = SecureLoginView(self.portal, self.request)
result = json.loads(view())
self.assertTrue(result['resetpassword'])
def test_authorize_code_succeeds(self):
view = SecureLoginView(self.portal, self.request)
view() # REQUESTING_AUTH_CODE state
self.request.form.update({
'authType': 'email',
'username': TEST_USER_NAME
})
self.request.REQUEST_METHOD = 'POST'
view = SecureLoginView(self.portal, self.request)
view() # CHECK_CREDENTIALS state
code = cache.get(
view.auth.get_2factor_code_key(TEST_USER_NAME))['code']
self.request.form.update({
'username': TEST_USER_NAME,
'password': TEST_USER_PASSWORD,
'code': code
})
self.request.REQUEST_METHOD = 'POST'
result = json.loads(view())
self.assertTrue(result['success'])
def test_country_code_not_allowed(self):
registry = getUtility(IRegistry)
registry['plone.two_factor_enabled'] = False
registry['plone.restrict_logins_to_countries'] = (u'US',)
self.request.environ['HTTP_CF_IPCOUNTRY'] = 'AF'
self.request.form.update({
'username': TEST_USER_NAME,
'password': TEST_USER_PASSWORD
})
view = SecureLoginView(self.portal, self.request)
result = json.loads(view())
self.assertFalse(result['success'])
self.assertTrue(result['countryBlocked'])
def test_setting_enabled_no_urls(self):
api.portal.set_registry_record(
name='plone.only_allow_login_to_backend_urls', value=True)
api.portal.set_registry_record(name='plone.backend_url', value=())
view = SecureLoginView(self.portal, self.request)
view() # CHECK_CREDENTIALS state
self.request.form.update({
'username': TEST_USER_NAME,
'password': TEST_USER_PASSWORD
})
self.request.REQUEST_METHOD = 'POST'
result = json.loads(view())
self.assertTrue(result['success'])
def test_login_success(self):
registry = getUtility(IRegistry)
registry['plone.two_factor_enabled'] = True
self.request.form.update({
'apiMethod': 'login',
'username': TEST_USER_NAME,
'password': TEST_USER_PASSWORD
})
view = SecureLoginView(self.portal, self.request)
code = view.auth.issue_2factor_code(TEST_USER_NAME)
self.request.form.update({'code': code})
result = json.loads(view())
self.assertTrue(result['success'])
def test_send_email_with_code(self):
view = SecureLoginView(self.portal, self.request)
view() # REQUESTING_AUTH_CODE state
self.request.form.update({
'authType': 'email',
'username': TEST_USER_NAME
})
self.request.REQUEST_METHOD = 'POST'
json.loads(view())
mailhost = self.portal.MailHost
self.assertEqual(len(mailhost.messages), 1)
def test_send_email_with_code(self):
self.auth.set_secure_flow_state(self.auth.REQUESTING_AUTH_CODE)
self.request.form.update({
'authType': 'email',
'username': TEST_USER_NAME
})
user = api.user.get(username=TEST_USER_NAME)
user.setMemberProperties(mapping={'email': '*****@*****.**', })
view = SecureLoginView(self.portal, self.request)
json.loads(view())
mailhost = self.portal.MailHost
self.assertEqual(len(mailhost.messages), 1)
def test_expired_login(self):
editableUser = api.user.get(username=TEST_USER_NAME)
editableUser.setMemberProperties(
{'password_date': DateTime('01/10/2011')})
view = SecureLoginView(self.portal, self.request)
view() # CHECK_CREDENTIALS state
update_password_expiry(self.portal)
self.request.form.update({
'username': TEST_USER_NAME,
'password': TEST_USER_PASSWORD
})
self.request.REQUEST_METHOD = 'POST'
result = json.loads(view())
self.assertTrue(result['changePasswordRequired'])
def test_setting_disabled(self):
api.portal.set_registry_record(
name='plone.only_allow_login_to_backend_urls', value=False)
api.portal.set_registry_record(name='plone.backend_url',
value=(unicode(''), ))
view = SecureLoginView(self.portal, self.request)
view() # call the view once to set initial state
self.request.form.update({
'username': TEST_USER_NAME,
'password': TEST_USER_PASSWORD
})
self.request.REQUEST_METHOD = 'POST'
result = json.loads(view())
self.assertTrue(result['success'])
def test_password_reset_password_does_not_match(self):
registry = getUtility(IRegistry)
registry['plone.two_factor_enabled'] = False
login(self.portal, TEST_USER_NAME)
self.request.form.update({
'apiMethod': 'set_password',
'username': TEST_USER_NAME,
'existing_password': '******',
'new_password': '******',
'_authenticator': createToken()
})
view = SecureLoginView(self.portal, self.request)
result = json.loads(view())
self.assertFalse(result['success'])
def test_whitelist(self):
editableUser = api.user.get(username=TEST_USER_NAME)
editableUser.setMemberProperties(
{'password_date': DateTime('01/10/2011')})
api.portal.set_registry_record(
name='plone.pwexpiry_whitelisted_users',
value=[editableUser.getId().decode('utf-8')])
self.request.form.update({
'apiMethod': 'login',
'username': TEST_USER_NAME,
'password': TEST_USER_PASSWORD
})
view = SecureLoginView(self.portal, self.request)
result = json.loads(view())
self.assertFalse(result['resetpassword'])
def test_whitelist(self):
editableUser = api.user.get(username=TEST_USER_NAME)
editableUser.setMemberProperties(
{'password_date': DateTime('01/10/2011')})
api.portal.set_registry_record(
name='plone.pwexpiry_whitelisted_users',
value=[editableUser.getId().decode('utf-8')])
view = SecureLoginView(self.portal, self.request)
view() # CHECK_CREDENTIALS state
self.request.form.update({
'username': TEST_USER_NAME,
'password': TEST_USER_PASSWORD
})
self.request.REQUEST_METHOD = 'POST'
result = json.loads(view())
self.assertTrue(result['success'])
def test_setting_enabled_good_url(self):
api.portal.set_registry_record(
name='plone.only_allow_login_to_backend_urls', value=True)
api.portal.set_registry_record(
name='plone.backend_url',
value=(unicode('http://dummydomain/castle'),
unicode('http://nohost/plone'),
unicode('http://vpn.example.com')))
self.request.form.update({
'apiMethod': 'login',
'username': TEST_USER_NAME,
'password': TEST_USER_PASSWORD
})
view = SecureLoginView(self.portal, self.request)
result = json.loads(view())
self.assertTrue(result['success'])
