def test_user_settings_otp_add_wrong_password(client, logged_in_dummy_user): """Test adding an otp token with the wrong password""" result = client.post( "/user/dummy/settings/otp/", data={"description": "pants token", "password": "******"}, ) assert_form_field_error(result, "password", "Incorrect password")
def test_invalid_email(client, post_data_step_1): """Register a user with an invalid email address""" post_data_step_1["register-mail"] = "firstlast at name dot org" result = client.post('/', data=post_data_step_1) assert_form_field_error(result, field_name="register-mail", expected_message='Email must be valid')
def test_empty_email(client, post_data_step_1): """Register a user with an empty email address""" del post_data_step_1["register-mail"] result = client.post('/', data=post_data_step_1) assert_form_field_error(result, field_name="register-mail", expected_message='Email must not be empty')
def test_duplicate(client, post_data_step_1, cleanup_dummy_user, dummy_user): """Register a user that already exists""" result = client.post('/', data=post_data_step_1) assert_form_field_error( result, field_name="register-username", expected_message='This username is already taken, please choose another one.', )
def test_invalid_username(client, post_data_step_1): """Register a user with an invalid username""" post_data_step_1["register-username"] = "******" result = client.post('/', data=post_data_step_1) assert_form_field_error( result, field_name="register-username", expected_message='may only include letters, numbers, _, -, . and $', )
def test_underage(client, post_data_step_1): """Register a user that is too young""" post_data_step_1["register-underage"] = "" result = client.post('/', data=post_data_step_1) assert_form_field_error( result, field_name="register-underage", expected_message="You must be over 16 years old to create an account", )
def test_blocklisted_email(client, post_data_step_1): """Register a user with an invalid email address""" post_data_step_1["register-mail"] = "*****@*****.**" result = client.post('/', data=post_data_step_1) assert_form_field_error( result, field_name="register-mail", expected_message='Email addresses from that domain are not allowed', )
def test_field_error_step_1(client, post_data_step_1, mocker, field_name, server_name): """Register a user with fields that the server errors on""" ipa_admin = mocker.patch("noggin.controller.registration.ipa_admin") ipa_admin.stageuser_add.side_effect = python_freeipa.exceptions.ValidationError( message=f"invalid '{server_name}': this is invalid", code="4242") result = client.post('/', data=post_data_step_1) assert_form_field_error(result, field_name=f"register-{field_name}", expected_message="this is invalid")
def test_short_password_form(client, post_data_step_3, token_for_dummy_user, cleanup_dummy_user, mocker): """Register a user with too short a password""" post_data_step_3["password"] = post_data_step_3["password_confirm"] = "42" result = client.post(f"/register/activate?token={token_for_dummy_user}", data=post_data_step_3) assert_form_field_error( result, "password", expected_message='Field must be at least 6 characters long.')
def test_change_post_password_too_short( client, dummy_user, token_for_dummy_user, patched_lock_active, mocker ): result = client.post( f'/forgot-password/change?token={token_for_dummy_user}', data={"password": "******", "password_confirm": "42"}, ) assert_form_field_error( result, "password", expected_message="Field must be at least 6 characters long." )
def test_field_error_step_3(client, token_for_dummy_user, mocker, post_data_step_3, cleanup_dummy_user): """Activate a user with a password that the server errors on""" user_mod = mocker.patch( "noggin.controller.registration.ipa_admin.user_mod") user_mod.side_effect = python_freeipa.exceptions.ValidationError( message=f"invalid 'password': this is invalid", code="4242") result = client.post(f"/register/activate?token={token_for_dummy_user}", data=post_data_step_3) assert_form_field_error(result, field_name="password", expected_message="this is invalid")
def test_non_matching_passwords(client): """Verify that passwords that dont match are caught""" result = client.post( '/password-reset?username=jbloggs', data={ "current_password": "******", "password": "******", "password_confirm": "password2", }, ) assert_form_field_error(result, field_name="password", expected_message="Passwords must match")
def test_non_matching_passwords_user(client, logged_in_dummy_user): """Verify that passwords that dont match are caught""" result = client.post( '/user/dummy/settings/password', data={ "username": "******", "current_password": "******", "password": "******", "password_confirm": "password2", }, ) assert_form_field_error(result, field_name="password", expected_message="Passwords must match")
def test_login_no_username(client): """Test not giving a username""" result = client.post( '/', data={"login-password": "******", "login-submit": "1"}, follow_redirects=True, ) assert_form_field_error( result, field_name="login-username", expected_message="You must provide a user name", ) assert "noggin_session" not in session assert "noggin_username" not in session
def test_login_no_password(client, dummy_user): """Test not giving a password""" result = client.post( '/', data={"login-username": "******", "login-submit": "1"}, follow_redirects=True, ) assert_form_field_error( result, field_name="login-password", expected_message="You must provide a password", ) assert "noggin_session" not in session assert "noggin_username" not in session
def test_otp_sync_no_username(client, dummy_user): """Test not giving a username""" result = client.post( '/otp/sync/', data={ "password": "******", "first_code": "123456", "second_code": "234567", }, follow_redirects=False, ) assert_form_field_error(result, field_name="username", expected_message="You must provide a user name")
def test_user_settings_otp_add_wrong_code(client, logged_in_dummy_user, totp_token): """Test failure when adding an otptoken""" result = client.post( "/user/dummy/settings/otp/", data={ "confirm-description": "pants token", "confirm-secret": totp_token.secret, "confirm-code": "123456", "confirm-submit": "1", }, ) assert_form_field_error(result, "confirm-code", "The code is wrong, please try again.")
def test_short_password_policy(client, dummy_user): """Verify that server password policies are upheld""" result = client.post( '/password-reset?username=dummy', data={ "current_password": "******", "password": "******", "password_confirm": "1234567", }, ) assert_form_field_error( result, field_name="password", expected_message="Constraint violation: Password is too short", )
def test_short_password_form(client, dummy_user): """Verify that form password policies are upheld""" result = client.post( '/password-reset?username=dummy', data={ "current_password": "******", "password": "******", "password_confirm": "1", }, ) assert_form_field_error( result, field_name="password", expected_message="Field must be at least 6 characters long.", )
def test_password_no_user(client): """Verify that user must exist""" result = client.post( '/password-reset?username=dudemcpants', data={ "current_password": "******", "password": "******", "password_confirm": "LongSuperSafePassword", }, ) assert_form_field_error( result, field_name="current_password", expected_message="The old password or username is not correct", )
def test_password(client, dummy_user): """Verify that current password must be correct""" result = client.post( '/password-reset?username=dummy', data={ "current_password": "******", "password": "******", "password_confirm": "LongSuperSafePassword", }, ) assert_form_field_error( result, field_name="current_password", expected_message="The old password or username is not correct", )
def test_password_user(client, logged_in_dummy_user): """Verify that current password must be correct""" result = client.post( '/user/dummy/settings/password', data={ "username": "******", "current_password": "******", "password": "******", "password_confirm": "LongSuperSafePassword", }, ) assert_form_field_error( result, field_name="current_password", expected_message="The old password or username is not correct", )
def test_field_error_step_3(client, token_for_dummy_user, mocker, post_data_step_3, cleanup_dummy_user): """Activate a user with a password that the server errors on""" user_mod = mocker.patch( "noggin.controller.registration.ipa_admin.user_mod") user_mod.side_effect = python_freeipa.exceptions.ValidationError( message="invalid 'password': this is invalid", code="4242") record_signal = mocker.Mock() with fml_testing.mock_sends(UserCreateV1), user_registered.connected_to( record_signal): result = client.post( f"/register/activate?token={token_for_dummy_user}", data=post_data_step_3) assert_form_field_error(result, field_name="password", expected_message="this is invalid") record_signal.assert_called_once()
def test_time_sensitive_password_policy(client, dummy_user, password_min_time): """Verify that new password policies are upheld""" ipa_admin.group_add_member("dummy-group", users="dummy") result = client.post( '/password-reset?username=dummy', data={ "current_password": "******", "password": "******", "password_confirm": "somesupersecretpassword", }, ) # the dummy user is created and has its password immediately changed, # so this next attempt should fail with a constraint error. assert_form_field_error( result, field_name="password", expected_message="Constraint violation: Too soon to change password", )
def test_change_post_password_with_otp_wrong_value( client, dummy_user, dummy_user_with_otp, token_for_dummy_user, patched_lock_active, mocker, ): logger = mocker.patch.object(current_app._get_current_object(), "logger") result = client.post( f'/forgot-password/change?token={token_for_dummy_user}', data={"password": "******", "password_confirm": "42424242", "otp": "42"}, ) assert_form_field_error(result, "otp", "Incorrect value.") patched_lock_active["delete"].assert_not_called() logger.info.assert_called_with( "Password for dummy was changed to a random string because the OTP token " "they provided was wrong." )
def test_user_settings_otp_add_invalid_form(client, logged_in_dummy_user): """Test an invalid form when adding an otp token""" result = client.post("/user/dummy/settings/otp/", data={}) assert_form_field_error(result, "password", "You must provide a password")
def test_ask_post_non_existant_user(client): result = client.post('/forgot-password/ask', data={"username": "******"}) assert_form_field_error( result, field_name="username", expected_message="User nosuchuser does not exist" )