def test_change_no_token(client):
result = client.get('/forgot-password/change')
assert_redirects_with_flash(
result,
expected_url="/forgot-password/ask",
expected_message="No token provided, please request one.",
expected_category="warning",
)
def test_change_invalid_token(client):
result = client.get('/forgot-password/change?token=this-is-invalid')
assert_redirects_with_flash(
result,
expected_url="/forgot-password/ask",
expected_message="The token is invalid, please request a new one.",
expected_category="warning",
)
def test_step_2_unknown_user(client):
"""Register a user, step 2, but no provided username"""
result = client.get('/register/confirm?username=unknown')
assert_redirects_with_flash(
result,
expected_url="/?tab=register",
expected_message="The registration seems to have failed, please try again.",
expected_category="warning",
)
def test_user_unauthed(client):
"""Check that when unauthed, the user page redirects back to /."""
result = client.get('/user/dudemcpants/')
assert_redirects_with_flash(
result,
expected_url="/",
expected_message="Please log in to continue.",
expected_category="warning",
)
def test_change_not_active(client, token_for_dummy_user, patched_lock):
result = client.get(f'/forgot-password/change?token={token_for_dummy_user}')
patched_lock["delete"].assert_called_once()
assert_redirects_with_flash(
result,
expected_url="/forgot-password/ask",
expected_message="The token has expired, please request a new one.",
expected_category="warning",
)
def test_user_settings_otp_enable_invalid_form(client, logged_in_dummy_user):
"""Test an invalid form when enabling an otp token"""
result = client.post("/user/dummy/settings/otp/enable/", data={})
assert_redirects_with_flash(
result,
expected_url="/user/dummy/settings/otp/",
expected_message="token must not be empty",
expected_category="danger",
)
def test_group_remove_member_invalid_form(client, dummy_user_as_group_manager):
"""Test an invalid form when removing a member from a group"""
result = client.post('/group/dummy-group/members/remove', data={})
assert_redirects_with_flash(
result,
expected_url="/group/dummy-group/",
expected_message="Username must not be empty",
expected_category="danger",
)
def test_step_3_garbled_token(client, dummy_stageuser):
"""Registration activation page with a bad token"""
result = client.get('/register/activate?token=pants')
assert_redirects_with_flash(
result,
expected_url="/?tab=register",
expected_message="The token is invalid, please register again.",
expected_category="warning",
)
def test_user_settings_otp_no_permission(client, logged_in_dummy_user):
"""Verify that a user's OTP settings page can't be viewed by another user."""
result = client.get("/user/dudemcpants/settings/otp/")
assert_redirects_with_flash(
result,
expected_url="/user/dudemcpants/",
expected_message="You do not have permission to edit this account.",
expected_category="danger",
)
def test_step_3_no_token(client, dummy_stageuser):
"""Registration activation page but no token"""
result = client.get('/register/activate')
assert_redirects_with_flash(
result,
expected_url="/?tab=register",
expected_message="No token provided, please check your email validation link.",
expected_category="warning",
)
def test_user_edit_post(client, logged_in_dummy_user):
"""Test posting to the user edit page: /user/<username>/settings/profile/"""
result = client.post('/user/dummy/settings/profile/', data=POST_CONTENTS)
assert_redirects_with_flash(
result,
expected_url="/user/dummy/settings/profile/",
expected_message="Profile Updated: <a href=\"/user/dummy/\">view your profile</a>",
expected_category="success",
)
def test_group_add_unknown_member(client, dummy_user_as_group_manager):
"""Test adding a non-existent member to a group"""
result = client.post('/group/dummy-group/members/',
data={"new_member_username": "******"})
assert_redirects_with_flash(
result,
expected_url="/group/dummy-group/",
expected_message="User testuser was not found in the system.",
expected_category="danger",
)
def test_user_settings_otp_delete_no_permission(client, logged_in_dummy_user):
"""Verify that another user can't delete an otp token. """
result = client.post("/user/dudemcpants/settings/otp/delete/",
data={"token": "aabbcc-aabbcc"})
assert_redirects_with_flash(
result,
expected_url="/user/dudemcpants/",
expected_message="You do not have permission to edit this account.",
expected_category="danger",
)
def test_step_3_unknown_user(client, token_for_dummy_user):
"""Registration activation page with a token pointing to an unknown user"""
ipa_admin.stageuser_del(a_uid="dummy")
result = client.get(f'/register/activate?token={token_for_dummy_user}')
assert_redirects_with_flash(
result,
expected_url="/?tab=register",
expected_message="This user cannot be found, please register again.",
expected_category="warning",
)
def test_spamcheck_wait_bad_username(client, dummy_stageuser):
"""Test the spamcheck_wait endpoint with a bad username"""
result = client.get('/register/spamcheck-wait?username=does-not-exist')
assert_redirects_with_flash(
result,
expected_url="/?tab=register",
expected_message=
"The registration seems to have failed, please try again.",
expected_category="warning",
)
def test_user_settings_agreements_post(client, logged_in_dummy_user,
dummy_agreement):
"""Test signing an agreement"""
result = client.post('/user/dummy/settings/agreements/',
data={"agreement": "dummy agreement"})
assert_redirects_with_flash(
result,
expected_url="/user/dummy/settings/agreements/",
expected_message="You signed the \"dummy agreement\" agreement.",
expected_category="success",
)
def test_user_settings_agreements_post_unknown(client, logged_in_dummy_user,
dummy_agreement):
"""Test signing an unknown agreement"""
result = client.post('/user/dummy/settings/agreements/',
data={"agreement": "this does not exist"})
assert_redirects_with_flash(
result,
expected_url="/user/dummy/settings/agreements/",
expected_message="Unknown agreement: this does not exist.",
expected_category="warning",
)
def test_change_too_old(client, token_for_dummy_user, patched_lock):
passed_expiry = datetime.datetime.now() - datetime.timedelta(minutes=1)
patched_lock["valid_until"].return_value = passed_expiry
result = client.get(f'/forgot-password/change?token={token_for_dummy_user}')
patched_lock["delete"].assert_called_once()
assert_redirects_with_flash(
result,
expected_url="/forgot-password/ask",
expected_message="The token has expired, please request a new one.",
expected_category="warning",
)
def test_user_settings_otp_enable_no_permission(client, logged_in_dummy_user):
"""Verify that another user can't enable an otp token. """
result = client.post(
"/user/dudemcpants/settings/otp/enable/",
data={"description": "pants token", "password": "******"},
)
assert_redirects_with_flash(
result,
expected_url="/user/dudemcpants/",
expected_message="You do not have permission to edit this account.",
expected_category="danger",
)
def test_user_settings_otp_disable_lasttoken(client, logged_in_dummy_user,
dummy_user_with_otp):
"""Test trying to disable the last token"""
result = client.post(
"/user/dummy/settings/otp/disable/",
data={"token": dummy_user_with_otp.uniqueid},
)
assert_redirects_with_flash(
result,
expected_url="/user/dummy/settings/otp/",
expected_message="Sorry, You cannot disable your last active token.",
expected_category="warning",
)
def test_login_with_bad_redirect(client, dummy_user):
"""Test a successful login with a bad redirect"""
redirect_url = "http://example.com"
result = client.post(
f"/?next={quote(redirect_url)}",
data={
"login-username": "******",
"login-password": "******",
"login-submit": "1",
},
)
assert_redirects_with_flash(result, "/user/dummy/", "Welcome, dummy!",
"success")
def test_user_edit_no_permission(method, client, logged_in_dummy_user):
"""Verify that a user can't be changed by another user."""
result = client.open(
"/user/dudemcpants/settings/profile/",
method=method,
data=POST_CONTENTS if method == "POST" else None,
)
assert_redirects_with_flash(
result,
expected_url="/user/dudemcpants/",
expected_message="You do not have permission to edit this account.",
expected_category="danger",
)
def test_login_with_redirect(client, dummy_user):
"""Test a successful login with a redirect"""
redirect_url = "/groups/?page_size=30&page_number=2"
result = client.post(
f"/?next={quote(redirect_url)}",
data={
"login-username": "******",
"login-password": "******",
"login-submit": "1",
},
)
assert_redirects_with_flash(result, redirect_url, "Welcome, dummy!",
"success")
def test_step_3_invalid_token(client, token_for_dummy_user, mocker):
"""Registration activation page with an invalid token"""
mocker.patch(
"noggin.controller.registration.EmailValidationToken.is_valid",
return_value=False,
)
result = client.get(f'/register/activate?token={token_for_dummy_user}')
assert_redirects_with_flash(
result,
expected_url="/?tab=register",
expected_message="This token is no longer valid, please register again.",
expected_category="warning",
)
def test_step_3_wrong_address(client, token_for_dummy_user, mocker):
"""Registration activation page with a token containing the wrong email address"""
logger = mocker.patch.object(current_app._get_current_object(), "logger")
ipa_admin.stageuser_mod(a_uid="dummy", mail="*****@*****.**")
result = client.get(f'/register/activate?token={token_for_dummy_user}')
assert_redirects_with_flash(
result,
expected_url="/?tab=register",
expected_message=
("The username and the email address don't match the token you used, "
"please register again."),
expected_category="warning",
)
logger.error.assert_called_once()
def test_step_1_no_smtp(client, post_data_step_1, cleanup_dummy_user, mocker):
mailer = mocker.patch("noggin.controller.registration.mailer")
mailer.send.side_effect = ConnectionRefusedError
logger = mocker.patch("noggin.controller.registration.app.logger")
result = client.post('/', data=post_data_step_1)
# Error message
assert_redirects_with_flash(
result,
expected_url="/register/confirm?username=dummy",
expected_message="We could not send you the address validation email, please retry later",
expected_category="danger",
)
# Log message
logger.error.assert_called_once()
def test_step_3(client, post_data_step_3, token_for_dummy_user, cleanup_dummy_user):
"""Register a user, step 3"""
with fml_testing.mock_sends(
UserCreateV1({"msg": {"agent": "dummy", "user": "******"}})
):
result = client.post(
f"/register/activate?token={token_for_dummy_user}", data=post_data_step_3
)
assert_redirects_with_flash(
result,
"/",
"Congratulations, your account is now active! Welcome, Dummy User.",
"success",
)
def test_change_post_with_otp(
client, dummy_user, dummy_user_with_otp, token_for_dummy_user, patched_lock_active
):
otp = get_otp(otp_secret_from_uri(dummy_user_with_otp.uri))
result = client.post(
f'/forgot-password/change?token={token_for_dummy_user}',
data={"password": "******", "password_confirm": "newpassword", "otp": otp},
)
patched_lock_active["delete"].assert_called()
assert_redirects_with_flash(
result,
expected_url="/",
expected_message="Your password has been changed.",
expected_category="success",
)
def test_step_1_registration_closed(client, post_data_step_1,
cleanup_dummy_user, mocker):
"""Try to register a user when registration is closed"""
mocker.patch.dict(current_app.config, {"REGISTRATION_OPEN": False})
record_signal = mocker.Mock()
with mailer.record_messages() as outbox, stageuser_created.connected_to(
record_signal):
result = client.post('/', data=post_data_step_1)
assert_redirects_with_flash(
result,
expected_url="/",
expected_message="Registration is closed at the moment.",
expected_category="warning",
)
record_signal.assert_not_called()
assert len(outbox) == 0
def test_password_changes(client, dummy_user):
"""Verify that password changes"""
result = client.post(
'/password-reset?username=dummy',
data={
"current_password": "******",
"password": "******",
"password_confirm": "secretpw",
},
)
assert_redirects_with_flash(
result,
expected_url="/",
expected_message="Your password has been changed",
expected_category="success",
)
