def test_user_settings_otp_add_wrong_password(client, logged_in_dummy_user):
"""Test adding an otp token with the wrong password"""
result = client.post(
"/user/dummy/settings/otp/",
data={"description": "pants token", "password": "******"},
)
assert_form_field_error(result, "password", "Incorrect password")
def test_invalid_email(client, post_data_step_1):
"""Register a user with an invalid email address"""
post_data_step_1["register-mail"] = "firstlast at name dot org"
result = client.post('/', data=post_data_step_1)
assert_form_field_error(result,
field_name="register-mail",
expected_message='Email must be valid')
def test_empty_email(client, post_data_step_1):
"""Register a user with an empty email address"""
del post_data_step_1["register-mail"]
result = client.post('/', data=post_data_step_1)
assert_form_field_error(result,
field_name="register-mail",
expected_message='Email must not be empty')
def test_duplicate(client, post_data_step_1, cleanup_dummy_user, dummy_user):
"""Register a user that already exists"""
result = client.post('/', data=post_data_step_1)
assert_form_field_error(
result,
field_name="register-username",
expected_message='This username is already taken, please choose another one.',
)
def test_invalid_username(client, post_data_step_1):
"""Register a user with an invalid username"""
post_data_step_1["register-username"] = "******"
result = client.post('/', data=post_data_step_1)
assert_form_field_error(
result,
field_name="register-username",
expected_message='may only include letters, numbers, _, -, . and $',
)
def test_underage(client, post_data_step_1):
"""Register a user that is too young"""
post_data_step_1["register-underage"] = ""
result = client.post('/', data=post_data_step_1)
assert_form_field_error(
result,
field_name="register-underage",
expected_message="You must be over 16 years old to create an account",
)
def test_blocklisted_email(client, post_data_step_1):
"""Register a user with an invalid email address"""
post_data_step_1["register-mail"] = "*****@*****.**"
result = client.post('/', data=post_data_step_1)
assert_form_field_error(
result,
field_name="register-mail",
expected_message='Email addresses from that domain are not allowed',
)
def test_field_error_step_1(client, post_data_step_1, mocker, field_name,
server_name):
"""Register a user with fields that the server errors on"""
ipa_admin = mocker.patch("noggin.controller.registration.ipa_admin")
ipa_admin.stageuser_add.side_effect = python_freeipa.exceptions.ValidationError(
message=f"invalid '{server_name}': this is invalid", code="4242")
result = client.post('/', data=post_data_step_1)
assert_form_field_error(result,
field_name=f"register-{field_name}",
expected_message="this is invalid")
def test_short_password_form(client, post_data_step_3, token_for_dummy_user,
cleanup_dummy_user, mocker):
"""Register a user with too short a password"""
post_data_step_3["password"] = post_data_step_3["password_confirm"] = "42"
result = client.post(f"/register/activate?token={token_for_dummy_user}",
data=post_data_step_3)
assert_form_field_error(
result,
"password",
expected_message='Field must be at least 6 characters long.')
def test_change_post_password_too_short(
client, dummy_user, token_for_dummy_user, patched_lock_active, mocker
):
result = client.post(
f'/forgot-password/change?token={token_for_dummy_user}',
data={"password": "******", "password_confirm": "42"},
)
assert_form_field_error(
result, "password", expected_message="Field must be at least 6 characters long."
)
def test_field_error_step_3(client, token_for_dummy_user, mocker,
post_data_step_3, cleanup_dummy_user):
"""Activate a user with a password that the server errors on"""
user_mod = mocker.patch(
"noggin.controller.registration.ipa_admin.user_mod")
user_mod.side_effect = python_freeipa.exceptions.ValidationError(
message=f"invalid 'password': this is invalid", code="4242")
result = client.post(f"/register/activate?token={token_for_dummy_user}",
data=post_data_step_3)
assert_form_field_error(result,
field_name="password",
expected_message="this is invalid")
def test_non_matching_passwords(client):
"""Verify that passwords that dont match are caught"""
result = client.post(
'/password-reset?username=jbloggs',
data={
"current_password": "******",
"password": "******",
"password_confirm": "password2",
},
)
assert_form_field_error(result,
field_name="password",
expected_message="Passwords must match")
def test_non_matching_passwords_user(client, logged_in_dummy_user):
"""Verify that passwords that dont match are caught"""
result = client.post(
'/user/dummy/settings/password',
data={
"username": "******",
"current_password": "******",
"password": "******",
"password_confirm": "password2",
},
)
assert_form_field_error(result,
field_name="password",
expected_message="Passwords must match")
def test_login_no_username(client):
"""Test not giving a username"""
result = client.post(
'/',
data={"login-password": "******", "login-submit": "1"},
follow_redirects=True,
)
assert_form_field_error(
result,
field_name="login-username",
expected_message="You must provide a user name",
)
assert "noggin_session" not in session
assert "noggin_username" not in session
def test_login_no_password(client, dummy_user):
"""Test not giving a password"""
result = client.post(
'/',
data={"login-username": "******", "login-submit": "1"},
follow_redirects=True,
)
assert_form_field_error(
result,
field_name="login-password",
expected_message="You must provide a password",
)
assert "noggin_session" not in session
assert "noggin_username" not in session
def test_otp_sync_no_username(client, dummy_user):
"""Test not giving a username"""
result = client.post(
'/otp/sync/',
data={
"password": "******",
"first_code": "123456",
"second_code": "234567",
},
follow_redirects=False,
)
assert_form_field_error(result,
field_name="username",
expected_message="You must provide a user name")
def test_user_settings_otp_add_wrong_code(client, logged_in_dummy_user,
totp_token):
"""Test failure when adding an otptoken"""
result = client.post(
"/user/dummy/settings/otp/",
data={
"confirm-description": "pants token",
"confirm-secret": totp_token.secret,
"confirm-code": "123456",
"confirm-submit": "1",
},
)
assert_form_field_error(result, "confirm-code",
"The code is wrong, please try again.")
def test_short_password_policy(client, dummy_user):
"""Verify that server password policies are upheld"""
result = client.post(
'/password-reset?username=dummy',
data={
"current_password": "******",
"password": "******",
"password_confirm": "1234567",
},
)
assert_form_field_error(
result,
field_name="password",
expected_message="Constraint violation: Password is too short",
)
def test_short_password_form(client, dummy_user):
"""Verify that form password policies are upheld"""
result = client.post(
'/password-reset?username=dummy',
data={
"current_password": "******",
"password": "******",
"password_confirm": "1",
},
)
assert_form_field_error(
result,
field_name="password",
expected_message="Field must be at least 6 characters long.",
)
def test_password_no_user(client):
"""Verify that user must exist"""
result = client.post(
'/password-reset?username=dudemcpants',
data={
"current_password": "******",
"password": "******",
"password_confirm": "LongSuperSafePassword",
},
)
assert_form_field_error(
result,
field_name="current_password",
expected_message="The old password or username is not correct",
)
def test_password(client, dummy_user):
"""Verify that current password must be correct"""
result = client.post(
'/password-reset?username=dummy',
data={
"current_password": "******",
"password": "******",
"password_confirm": "LongSuperSafePassword",
},
)
assert_form_field_error(
result,
field_name="current_password",
expected_message="The old password or username is not correct",
)
def test_password_user(client, logged_in_dummy_user):
"""Verify that current password must be correct"""
result = client.post(
'/user/dummy/settings/password',
data={
"username": "******",
"current_password": "******",
"password": "******",
"password_confirm": "LongSuperSafePassword",
},
)
assert_form_field_error(
result,
field_name="current_password",
expected_message="The old password or username is not correct",
)
def test_field_error_step_3(client, token_for_dummy_user, mocker,
post_data_step_3, cleanup_dummy_user):
"""Activate a user with a password that the server errors on"""
user_mod = mocker.patch(
"noggin.controller.registration.ipa_admin.user_mod")
user_mod.side_effect = python_freeipa.exceptions.ValidationError(
message="invalid 'password': this is invalid", code="4242")
record_signal = mocker.Mock()
with fml_testing.mock_sends(UserCreateV1), user_registered.connected_to(
record_signal):
result = client.post(
f"/register/activate?token={token_for_dummy_user}",
data=post_data_step_3)
assert_form_field_error(result,
field_name="password",
expected_message="this is invalid")
record_signal.assert_called_once()
def test_time_sensitive_password_policy(client, dummy_user, password_min_time):
"""Verify that new password policies are upheld"""
ipa_admin.group_add_member("dummy-group", users="dummy")
result = client.post(
'/password-reset?username=dummy',
data={
"current_password": "******",
"password": "******",
"password_confirm": "somesupersecretpassword",
},
)
# the dummy user is created and has its password immediately changed,
# so this next attempt should fail with a constraint error.
assert_form_field_error(
result,
field_name="password",
expected_message="Constraint violation: Too soon to change password",
)
def test_change_post_password_with_otp_wrong_value(
client,
dummy_user,
dummy_user_with_otp,
token_for_dummy_user,
patched_lock_active,
mocker,
):
logger = mocker.patch.object(current_app._get_current_object(), "logger")
result = client.post(
f'/forgot-password/change?token={token_for_dummy_user}',
data={"password": "******", "password_confirm": "42424242", "otp": "42"},
)
assert_form_field_error(result, "otp", "Incorrect value.")
patched_lock_active["delete"].assert_not_called()
logger.info.assert_called_with(
"Password for dummy was changed to a random string because the OTP token "
"they provided was wrong."
)
def test_user_settings_otp_add_invalid_form(client, logged_in_dummy_user):
"""Test an invalid form when adding an otp token"""
result = client.post("/user/dummy/settings/otp/", data={})
assert_form_field_error(result, "password", "You must provide a password")
def test_ask_post_non_existant_user(client):
result = client.post('/forgot-password/ask', data={"username": "******"})
assert_form_field_error(
result, field_name="username", expected_message="User nosuchuser does not exist"
)
