def testInsecurePostIsNotRejectedInDevelopmentMode(self): """A C{POST} via HTTP is not rejected when in development mode.""" self.config.set('service', 'development', 'true') with login(None, None, self.transact) as session: resource = VerifyUserPasswordResource(None, session, 'user') payload = dumps({'password': '******'}) headers = {'Content-Length': [str(len(payload))], 'Content-Type': ['application/json']} request = FakeRequest(method='POST', headers=Headers(headers), body=payload) self.assertEqual(NOT_DONE_YET, resource.render(request)) yield resource.deferred self.assertEqual(request.code, http.OK)
def testPostWithExtraCrapInPayloadReturnsBadRequest(self): """ A C{POST} to C{/users/user/verify} with unexpected data in the payload returns a 400 Bad Request. """ with login(None, None, self.transact) as session: resource = VerifyUserPasswordResource(None, session, 'user') payload = dumps({'password': '******', 'foo': 'bar'}) headers = {'Content-Length': [str(len(payload))], 'Content-Type': ['application/json'], 'X-Forwarded-Protocol': ['https']} request = FakeRequest(method='POST', headers=Headers(headers), body=payload) self.assertEqual(NOT_DONE_YET, resource.render(request)) yield resource.deferred self.assertEqual(request.code, http.BAD_REQUEST)
def testInsecurePostIsRejected(self): """A C{POST} via HTTP is rejected if not in development mode.""" self.config.set('service', 'development', 'false') with login(None, None, self.transact) as session: resource = VerifyUserPasswordResource(None, session, 'user') payload = '' headers = {'Content-Length': [str(len(payload))], 'Content-Type': ['application/json']} request = FakeRequest(method='POST', headers=Headers(headers), body=payload) self.assertEqual(NOT_DONE_YET, resource.render(request)) yield resource.deferred self.assertEqual(request.code, http.BAD_REQUEST) self.assertEqual( request.getResponseHeader('X-FluidDB-Message'), '/users/<username>/verify requests must use HTTPS')
def testPostWithUnknownUsernameReturnsNotFound(self): """ A C{POST} to C{/users/user/verify} with an unknown username returns a 404 Not Found. """ with login(None, None, self.transact) as session: resource = VerifyUserPasswordResource(None, session, 'unknown') payload = dumps({'password': '******'}) headers = {'Content-Length': [str(len(payload))], 'Content-Type': ['application/json'], 'X-Forwarded-Protocol': ['https']} request = FakeRequest(method='POST', headers=Headers(headers), body=payload) self.assertEqual(NOT_DONE_YET, resource.render(request)) yield resource.deferred self.assertEqual(request.code, http.NOT_FOUND)
def testPostWithIncorrectPasswordReturnsFalse(self): """ A C{POST} to C{/users/user/verify} with the incorrect password returns a C{{'valid': False}} response. """ with login(None, None, self.transact) as session: resource = VerifyUserPasswordResource(None, session, 'user') payload = dumps({'password': '******'}) headers = {'Content-Length': [str(len(payload))], 'Content-Type': ['application/json'], 'X-Forwarded-Protocol': ['https']} request = FakeRequest(method='POST', headers=Headers(headers), body=payload) self.assertEqual(NOT_DONE_YET, resource.render(request)) yield resource.deferred self.assertEqual(request.code, http.OK) self.assertEqual(loads(request.response), {'valid': False})
def testPostWithCorrectPasswordReturnsCorrectFullname(self): """ A C{POST} to C{/users/user/verify} with the correct password returns a JSON object with the user's correct full name. """ with login(None, None, self.transact) as session: resource = VerifyUserPasswordResource(None, session, 'user') payload = dumps({'password': '******'}) headers = {'Content-Length': [str(len(payload))], 'Content-Type': ['application/json'], 'X-Forwarded-Protocol': ['https']} request = FakeRequest(method='POST', headers=Headers(headers), body=payload) self.assertEqual(NOT_DONE_YET, resource.render(request)) yield resource.deferred self.assertEqual(request.code, http.OK) result = loads(request.response) self.assertEqual(u'Peter Parker', result['fullname'])
def testPostWithCorrectPasswordDoesNotCauseALogWarning(self): """ A C{POST} to C{/users/user/verify} with the correct password should not cause a complaint about unknown return payload fields in the logging system. """ with login(None, None, self.transact) as session: resource = VerifyUserPasswordResource(None, session, 'user') payload = dumps({'password': '******'}) headers = {'Content-Length': [str(len(payload))], 'Content-Type': ['application/json'], 'X-Forwarded-Protocol': ['https']} request = FakeRequest(method='POST', headers=Headers(headers), body=payload) self.assertEqual(NOT_DONE_YET, resource.render(request)) yield resource.deferred logOutput = self.log.getvalue() self.assertNotIn("unknown response payload field 'renewalToken'", logOutput) self.assertNotIn("unknown response payload field 'accessToken'", logOutput)
def testPostWithCorrectPasswordReturnsCorrectKeys(self): """ A C{POST} to C{/users/user/verify} with the correct password returns a JSON object with all the expected keys, including valid = True. """ with login(None, None, self.transact) as session: resource = VerifyUserPasswordResource(None, session, 'user') payload = dumps({'password': '******'}) headers = {'Content-Length': [str(len(payload))], 'Content-Type': ['application/json'], 'X-Forwarded-Protocol': ['https']} request = FakeRequest(method='POST', headers=Headers(headers), body=payload) self.assertEqual(NOT_DONE_YET, resource.render(request)) yield resource.deferred self.assertEqual(request.code, http.OK) result = loads(request.response) self.assertEqual( ['accessToken', 'fullname', 'renewalToken', 'role', 'valid'], sorted(result.keys())) self.assertTrue(result['valid'])