def test_login_and_store_credentials_in_session(self): # only testing custom logic, which happens on POST # everything else is handled by django.contrib.auth mockrequest = Mock() mockrequest.method = 'POST' def not_logged_in(rqst): rqst.user.is_authenticated.return_value = False def set_logged_in(rqst): rqst.user.is_authenticated.return_value = True rqst.POST.get.return_value = "TEST_PASSWORD" # failed login with patch('eulfedora.views.authviews.login', new=Mock(side_effect=not_logged_in)): mockrequest.session = dict() response = login_and_store_credentials_in_session(mockrequest) self.assert_(FEDORA_PASSWORD_SESSION_KEY not in mockrequest.session, 'user password for fedora should not be stored in session on failed login') # successful login with patch('eulfedora.views.authviews.login', new=Mock(side_effect=set_logged_in)): response = login_and_store_credentials_in_session(mockrequest) self.assert_(FEDORA_PASSWORD_SESSION_KEY in mockrequest.session, 'user password for fedora should be stored in session on successful login') # test password stored in the mock request pwd = mockrequest.POST.get() # encrypted password stored in session sessionpwd = mockrequest.session[FEDORA_PASSWORD_SESSION_KEY] self.assertNotEqual(pwd, sessionpwd, 'password should not be stored in the session without encryption') self.assertEqual(pwd, cryptutil.decrypt(sessionpwd), 'user password stored in session is encrypted')
def test_login_and_store_credentials_in_session(self): # only testing custom logic, which happens on POST # everything else is handled by django.contrib.auth mockrequest = Mock() mockrequest.method = 'POST' def not_logged_in(rqst): rqst.user.is_authenticated.return_value = False def set_logged_in(rqst): rqst.user.is_authenticated.return_value = True rqst.POST.get.return_value = "TEST_PASSWORD" # failed login with patch('eulfedora.views.authviews.login', new=Mock(side_effect=not_logged_in)): mockrequest.session = dict() response = login_and_store_credentials_in_session(mockrequest) self.assert_( FEDORA_PASSWORD_SESSION_KEY not in mockrequest.session, 'user password for fedora should not be stored in session on failed login' ) # successful login with patch('eulfedora.views.authviews.login', new=Mock(side_effect=set_logged_in)): response = login_and_store_credentials_in_session(mockrequest) self.assert_( FEDORA_PASSWORD_SESSION_KEY in mockrequest.session, 'user password for fedora should be stored in session on successful login' ) # test password stored in the mock request pwd = mockrequest.POST.get() # encrypted password stored in session sessionpwd = mockrequest.session[FEDORA_PASSWORD_SESSION_KEY] self.assertNotEqual( pwd, sessionpwd, 'password should not be stored in the session without encryption' ) self.assertEqual(pwd, force_text(cryptutil.decrypt(sessionpwd)), 'user password stored in session is encrypted')
def login(request): '''Log in, store credentials for Fedora access, and redirect to the user profile page if no **next** url was specified. If login fails, the user will be redirect either to the **next** url (if specified) or to the site index, with an error message to indicate the login failure. Login functionality is based on :meth:`eulfedora.views.login_and_store_credentials_in_session` and :meth:`django.contrib.auth.views.login` ''' response = login_and_store_credentials_in_session( request, # NOTE: specifying 401.html because default accounts/registration.html # doesn't exist; we should handle this better template_name='401.html') # if login succeeded and a next url was not specified, # redirect the user somewhere appropriate if request.method == "POST": next_url = request.POST.get('next', None) if request.user.is_authenticated() and not next_url: # if the user is in the Site Admin group, redirect # to the harvest queue page if request.user.groups.filter(name='Site Admin').count(): next_url = reverse('harvest:queue') # if the user has a profile page, redirect t elif request.user.get_profile().has_profile_page(): next_url = reverse('accounts:profile', kwargs={'username': request.user.username}) if next_url is None: next_url = reverse('site-index') return HttpResponseSeeOtherRedirect(next_url) # if this was a post, but the user is not authenticated, login must have failed elif not request.user.is_authenticated(): # add an error message, then redirect the user back to where they were messages.error(request, 'Login failed. Please try again.') if not next_url: next_url = reverse('site-index') return HttpResponseSeeOtherRedirect(next_url) return response
def login(request): '''Log in, store credentials for Fedora access, and redirect to the user profile page if no **next** url was specified. If login fails, the user will be redirect either to the **next** url (if specified) or to the site index, with an error message to indicate the login failure. Login functionality is based on :meth:`eulfedora.views.login_and_store_credentials_in_session` and :meth:`django.contrib.auth.views.login` ''' response = login_and_store_credentials_in_session(request, # NOTE: specifying 401.html because default accounts/registration.html # doesn't exist; we should handle this better template_name='401.html') # if login succeeded and a next url was not specified, # redirect the user somewhere appropriate if request.method == "POST": next_url = request.POST.get('next', None) if request.user.is_authenticated() and not next_url: # if the user is in the Site Admin group, redirect # to the harvest queue page if request.user.groups.filter(name='Site Admin').count(): next_url = reverse('harvest:queue') # if the user has a profile page, redirect t elif request.user.userprofile.has_profile_page(): next_url = reverse('accounts:profile', kwargs={'username': request.user.username}) if next_url is None: next_url = reverse('site-index') return HttpResponseSeeOtherRedirect(next_url) # if this was a post, but the user is not authenticated, login must have failed elif not request.user.is_authenticated(): # add an error message, then redirect the user back to where they were messages.error(request, 'Login failed. Please try again.') if not next_url: next_url = reverse('site-index') return HttpResponseSeeOtherRedirect(next_url) return response