def user_cannot_register_twice_with_same_email(self): email = "k-{0}@example.com".format(self.randString) with app.test_client() as c: resp , outbox = self.register(c,email=email) # @UnusedVariable logout_user() self.assertUserResponse(resp) self.setupRandom() with app.test_client() as c: resp, outbox = self.register(c, email=email) # @UnusedVariable logout_user() self.assertEquals(400, resp.status_code) text = self.getResponseText(resp) self.assertTrue(text.startswith('{"errors": ["email: There is already a user with that email'))
def test_you_need_csrf_token_and_secret_for_deregister_doit(self): self._doDeregistration() with app.test_client() as client: resp = self._doDeregisterDoit(client) self.assertEqual(resp.status_code, 200) self.assertEqual('{"message": "you are deregistered"}', self.getResponseText(resp))
def test_deregistration_doit_needs_a_logged_in_user(self): self._doDeregistration() with app.test_client() as client: resp = self._doDeregisterDoit(client, nologin=True) self.assertEqual(resp.status_code, 403) self.assertEqual('{"errors": ["not logged in"]}', self.getResponseText(resp))
def test_you_need_valid_deregister_secret_for_deregister_doit(self): self._doDeregistration() with app.test_client() as client: resp = self._doDeregisterDoit(client, secret=uuid4()) self.assertEqual(resp.status_code, 400) self.assertEqual('{"errors": ["bad deregistration secret"]}', self.getResponseText(resp))
def old_password_for_self_should_be_correct(self): with app.test_client() as c: self._preparePasswordChangeTest(c) resp = self._doPasswordChange(c, oldPassword=self.mkRandomPassword()) self.assertEquals(resp.status_code, 400) respdata = self.fromJson(resp) self.assertEqual(respdata['errors'], ["old password does not match"])
def password_login_works_with_correct_identifier_and_secret(self): user = self.createUserWithCredentials() user.activate() with app.test_client() as c: data = dict(identifier=self.usercreation_userid, secret=self.usercreation_password, credentialType='password') resp = c.post(config.base_url + '/login', data=data) self.assertUserResponse(resp)
def registration_should_give_a_credential_type(self): data = self.prepareData() data.pop('credentialType') with app.test_client() as c: resp = c.post(config.base_url + '/v1/register', data=data) self.assertEquals(resp.status_code, 400) self.assertTrue(self.getResponseText(resp).startswith('{"errors": ["credentialType: '))
def if_you_register_without_hash_it_will_be_null(self): with app.test_client() as c: data = self.prepareData() data.pop('digest') c.post(config.base_url + '/v1/register', data=data) user = User.getByEmail(self.registered_email) self.assertEqual(user.hash, None)
def password_registration_needs_good_password(self): data = self.prepareData() data['secret'] = '1234' with app.test_client() as c: resp = c.post(config.base_url + '/v1/register', data=data) self.assertEquals(resp.status_code, 400) self.assertTrue(self.getResponseText(resp).startswith('{"errors": ["secret: '))
def test_the_added_credential_should_contain_identifier(self): with app.test_client() as client: self.login(client) self.setupRandom() resp = self.addPasswordCredential(client,nofield="identifier") self.assertEqual(400, resp.status_code) self.assertEqual('{"errors": ["identifier: Field must be between 4 and 250 characters long."]}', self.getResponseText(resp))
def if_you_log_out_you_will_be_logged_out(self): with app.test_client() as c: self.login(c) resp = c.get(config.base_url + "/logout") self.assertEquals(resp.status_code, 200) resp = c.get(config.base_url + "/logout") self.assertEquals(resp.status_code, 302)
def callMe(self, data): headers = {'Authorization':'{0} {1}'.format( data['token_type'], data['access_token'])} with app.test_client() as client: resp = client.get('/v1/users/me', headers=headers) return resp
def getCode(self): with app.test_client() as client: self.login(client) baseUri = config.BASE_URL + '/v1/oauth2/auth' uri = WebInterface.parametrizeUri(baseUri, self.authParams) resp = client.get(uri) return resp
def test_registration_should_give_a_credential_type(self): data = self.prepareAuthInterfaceData() data.pop('credentialType') with app.test_client() as client: resp = client.post(config.BASE_URL + '/v1/register', data=data) self.assertEqual(resp.status_code, 400) self.assertTrue(self.getResponseText(resp).startswith('{"errors": ["credentialType: '))
def test_password_registration_needs_good_password(self): data = self.prepareAuthInterfaceData() data['password'] = '******' with app.test_client() as client: resp = client.post(config.BASE_URL + '/v1/register', data=data) self.assertEqual(resp.status_code, 400) self.assertTrue(self.getResponseText(resp).startswith('{"errors": ["password: '))
def test_registration_is_impossible_without_email(self): with app.test_client() as client: data = self.prepareAuthInterfaceData() data.pop('email') resp = client.post(config.BASE_URL + '/v1/register', data=data) self.assertEqual(resp.status_code, 400) self.assertEqual(self.getResponseText(resp),'{"errors": ["email: Invalid email address."]}')
def getCode(self): with app.test_client() as client: self.login(client) baseUri = config.BASE_URL + '/v1/oauth2/auth' uri = WebInterface.parametrizeUri(baseUri, self.authParams) resp = client.get(uri) return resp
def test_change_password_for_self_needs_old_password(self): with app.test_client() as client: self._preparePasswordChangeTest(client) resp = self._doPasswordChange(client, oldPassword='******') self.assertEqual(resp.status_code, 400) respdata = self.fromJson(resp) self.assertTrue(u'oldPassword: '******'errors'][0])
def change_password_returns_200_and_a_success_message(self): with app.test_client() as c: self._preparePasswordChangeTest(c) resp = self._doPasswordChange(c) self.assertEquals(resp.status_code, 200) respdata = self.fromJson(resp) self.assertEqual(respdata['message'], 'password changed succesfully')
def password_login_needs_correct_identifier_and_secret(self): with app.test_client() as c: data = dict(identifier="userid", secret=self.mkRandomPassword(), credentialType='password') resp = c.post(config.base_url + '/login', data=data) self.assertEquals(resp.status_code, 403) text = self.getResponseText(resp) self.assertEquals(text,'{"errors": ["Bad username or password"]}')
def email_verification_after_expiry_will_fail(self): self.setupRandom() with app.test_client() as c: resp, outbox = self.register(c) # @UnusedVariable email = self.registered_email logout_user() self.validateUri=re.search('href="([^"]*)',outbox[0].body).group(1) with app.test_client() as c: user = User.getByEmail(email) creds = Credential.getByUser(user) for cred in creds: if cred.credentialType == 'emailcheck': cred.identifier = unicode(time.time()- 1) resp = c.get(self.validateUri) self.assertEqual(400, resp.status_code) self.assertEqual('{"errors": ["expired token"]}', self.getResponseText(resp))
def change_password_needs_csrf(self): with app.test_client() as c: self._preparePasswordChangeTest(c) resp = self._doPasswordChange(c,csrf="badcsrf") self.assertEquals(resp.status_code, 400) respdata = self.fromJson(resp) self.assertEqual(respdata['errors'], [u'csrf_token: csrf validation error'])
def change_password_for_self_needs_old_password(self): with app.test_client() as c: self._preparePasswordChangeTest(c) resp = self._doPasswordChange(c, oldPassword='******') self.assertEquals(resp.status_code, 400) respdata = self.fromJson(resp) self.assertTrue(u'oldPassword: '******'errors'][0])
def test_the_password_should_be_at_least_8_characters_long(self): with app.test_client() as client: self.login(client) self.setupRandom() resp = self.addPasswordCredential(client,password="******") self.assertEqual(400, resp.status_code) self.assertEqual('{"errors": ["password: Field must be at least 8 characters long."]}', self.getResponseText(resp))
def registration_is_impossible_without_email(self): with app.test_client() as c: data = self.prepareData() data.pop('email') resp = c.post(config.base_url + '/v1/register', data=data) self.assertEquals(resp.status_code, 400) self.assertEquals(self.getResponseText(resp),'{"errors": ["email: Invalid email address."]}')
def password_login_should_send_hidden_field_credentialType(self): with app.test_client() as c: data = dict(identifier="userid", secret=self.mkRandomPassword()) resp = c.post(config.base_url + '/login', data=data) self.assertEquals(resp.status_code, 403) text = self.getResponseText(resp) self.assertTrue(text.startswith('{"errors": ["credentialType: '))
def test_the_added_credential_should_contain_secret(self): with app.test_client() as client: self.login(client) resp = self.addPasswordCredential(client,nofield="password") self.assertEqual(400, resp.status_code) self.assertEqual('{"errors": ["password: Field must be at least 8 characters long.", "password: password should contain lowercase", "password: password should contain uppercase", "password: password should contain digit"]}', self.getResponseText(resp))
def password_login_needs_identifier(self): with app.test_client() as c: data = dict(secret=self.mkRandomPassword()) resp = c.post(config.base_url + '/login', data=data) self.assertEquals(resp.status_code, 403) text = self.getResponseText(resp) self.assertTrue(text.startswith('{"errors": ["identifier: '))
def registerAndObtainValidationUri(self): with app.test_client() as client: resp = self.register(client) email = self.registeredEmail logout_user() self.assertUserResponse(resp) self.validateUri = self.getValidateUri() return email
def registerAndObtainValidationUri(self): with app.test_client() as client: resp = self.register(client) email = self.registeredEmail logout_user() self.assertUserResponse(resp) self.validateUri = self.getValidateUri() return email
def test_password_reset_needs_secret(self): password = self.mkRandomPassword() with app.test_client() as client: data = dict(password=password) resp = client.post("/v1/password_reset", data = data) self.assertEqual(resp.status_code, 400) respData = self.fromJson(resp) self.assertTrue("secret" in respData['errors'][0])
def test_auth_interface_redirects_to_redirect_uri(self): uri, baseUrl, uriBase, queryString = self.buildUris(self.app2) # @UnusedVariable targetUri = "{0}?next={1}".format(app.config.get('LOGIN_URL'), uritools.uriencode(uri).decode('utf-8')) with app.test_client() as client: resp = client.get( uriBase, query_string=queryString, base_url=baseUrl) self.assertEqual(resp.status_code, 302) self.assertEqual(resp.headers['Location'],targetUri)
def the_reset_link_is_in_the_reset_email(self): with app.test_client() as c: with mail.record_messages() as outbox: c.get("/v1/users/{0}/passwordreset".format(self.usercreation_email)) text = outbox[0].body soup = BeautifulSoup(text) passwordResetLink = soup.find("a")['href'] return passwordResetLink
def test_password_login_needs_identifier(self): with app.test_client() as client: data = dict(password=self.mkRandomPassword(), credentialType='password') resp = client.post(config.BASE_URL + '/v1/login', data=data) self.assertEqual(resp.status_code, 403) text = self.getResponseText(resp) self.assertTrue(text.startswith('{"errors": ["identifier: '))
def test_email_validation_email_can_be_resent(self): with app.test_client() as client: self.login(client) client.get(config.BASE_URL + "/v1/send_verify_email") user = User.get(self.userid) self.assertEqual( self.userCreationEmail, Credential.getByUser(user, "emailcheck").user.email)
def test_password_login_needs_correct_credentialType(self): with app.test_client() as client: data = dict(identifier="userid", password=self.mkRandomPassword(), credentialType='incorrect') resp = client.post(config.BASE_URL + '/v1/login', data=data) self.assertEqual(resp.status_code, 403) self.assertCredentialErrorresponse(resp)
def callMe(self, data): headers = { 'Authorization': '{0} {1}'.format(data['token_type'], data['access_token']) } with app.test_client() as client: resp = client.get('/v1/users/me', headers=headers) return resp
def test_password_login_needs_secret(self): with app.test_client() as client: data = dict(credentialType="password", identifier="userid") resp = client.post(config.BASE_URL + '/v1/login', data=data) self.assertEqual(resp.status_code, 403) text = self.getResponseText(resp) self.assertTrue( "password: Field must be at least 8 characters long." in text)
def test_you_need_valid_csrf_token_for_deregister_doit(self): self._doDeregistration() with app.test_client() as client: resp = self._doDeregisterDoit(client, csrf="invalid") self.assertEqual(resp.status_code, 400) self.assertEqual( '{"errors": ["csrf_token: csrf validation error"]}', self.getResponseText(resp))
def test_password_reset_needs_password(self): secret = uuid4().hex with app.test_client() as client: data = dict(secret=secret) resp = client.post("/v1/password_reset", data = data) self.assertEqual(resp.status_code, 400) respData = self.fromJson(resp) self.assertTrue("password" in respData['errors'][0])
def test_password_reset_needs_password(self): secret = uuid4().hex with app.test_client() as client: data = dict(secret=secret) resp = client.post("/v1/password_reset", data=data) self.assertEqual(resp.status_code, 400) respData = self.fromJson(resp) self.assertTrue("password" in respData['errors'][0])
def test_you_need_deregister_secret_for_deregister_doit(self): self._doDeregistration() with app.test_client() as client: resp = self._doDeregisterDoit(client, secret=False) self.assertEqual(resp.status_code, 400) self.assertEqual( '{"errors": ["deregister_secret: Field must be at least 8 characters long.", "deregister_secret: secret should contain lowercase", "deregister_secret: secret should contain digit"]}', self.getResponseText(resp))
def password_login_needs_correct_credentialType(self): with app.test_client() as c: data = dict(identifier="userid", secret=self.mkRandomPassword(), credentialType='incorrect') resp = c.post(config.base_url + '/login', data=data) self.assertEquals(resp.status_code, 403) text = self.getResponseText(resp) expected = '{{"errors": [{0}]}}'.format(credErr) self.assertEquals(text,expected)
def test_password_reset_needs_secret(self): password = self.mkRandomPassword() with app.test_client() as client: data = dict(password=password) resp = client.post("/v1/password_reset", data=data) self.assertEqual(resp.status_code, 400) respData = self.fromJson(resp) self.assertTrue("secret" in respData['errors'][0])
def password_login_needs_secret(self): with app.test_client() as c: data = dict(credentialType=self.mkRandomPassword(), identifier="userid") resp = c.post(config.base_url + '/login', data=data) self.assertEquals(resp.status_code, 403) text = self.getResponseText(resp) self.assertEqual('{{"errors": ["secret: Field must be at least 8 characters long.", "secret: password should contain lowercase", "secret: password should contain uppercase", "secret: password should contain digit", {0}]}}'.format(credErr), text)
def test_change_password_needs_csrf(self): with app.test_client() as client: self._preparePasswordChangeTest(client) resp = self._doPasswordChange(client, csrf="badcsrf") self.assertEqual(resp.status_code, 400) respdata = self.fromJson(resp) self.assertEqual(respdata['errors'], [u'csrf_token: csrf validation error'])
def test_change_password_does_change_password(self): with app.test_client() as client: self._preparePasswordChangeTest(client) self._doPasswordChange(client) cred = Credential.get('password', self.userCreationUserid) self.assertEqual( cred.secret, CredentialManager.protect_secret(self.newPassword))
def test_change_password_returns_200_and_a_success_message(self): with app.test_client() as client: self._preparePasswordChangeTest(client) resp = self._doPasswordChange(client) self.assertEqual(resp.status_code, 200) respdata = self.fromJson(resp) self.assertEqual(respdata['message'], 'password changed succesfully')
def test_password_login_needs_correct_identifier_and_secret(self): with app.test_client() as client: data = dict(identifier="userid", password=self.mkRandomPassword(), credentialType='password') resp = client.post(config.BASE_URL + '/v1/login', data=data) self.assertEqual(resp.status_code, 403) text = self.getResponseText(resp) self.assertEqual(text, '{"errors": ["Bad username or password"]}')
def test_password_reset_secret_have_to_be_valid(self): password = self.mkRandomPassword() secret = uuid4().hex with app.test_client() as client: data = dict(password=password, secret=secret) resp = client.post("/v1/password_reset", data=data) self.assertEqual(resp.status_code, 404) respData = self.fromJson(resp) self.assertEqual('The secret has expired', respData['errors'][0])
def test_old_password_for_self_should_be_correct(self): with app.test_client() as client: self._preparePasswordChangeTest(client) resp = self._doPasswordChange(client, oldPassword=self.mkRandomPassword()) self.assertEqual(resp.status_code, 400) respdata = self.fromJson(resp) self.assertEqual(respdata['errors'], ["old password does not match"])
def test_you_should_give_the_identifier_for_credential_deletion(self): with app.test_client() as client: self.login(client) data = { "csrf_token": self.getCSRF(client), "credentialType": "facebook", } resp = client.post(config.BASE_URL + "/v1/remove_credential", data=data) self.assertEqual(400, resp.status_code) self.assertEqual('{"errors": ["identifier: Field must be between 4 and 250 characters long."]}', self.getResponseText(resp))
def test_for_access_token_you_need_a_refresh_token(self): with app.test_client() as client: self.app = self.createApp() appid = self.app.appid appsecret = self.app.secret tokenParams = dict(grant_type="refresh_token", client_id=appid, client_secret=appsecret) resp = client.post("/v1/oauth2/token", data=tokenParams) self.assertEqual(400, resp.status_code)
def test_wrong_data_generates_error_response(self): data = dict( pubkey = wrong_pubkey, email = "*****@*****.**" ) with app.test_client() as client: resp = client.post("/v1/ca/signreq", data=data) self.assertEqual(400,resp.status_code) respData = self.fromJson(resp) self.assertEqual("error in cert",respData['errors'])
def test_without_login_it_is_not_possible_to_update_the_hash(self): self.setupRandom() with app.test_client() as client: csrf = self.getCSRF(client) data = dict( digest= self.createHash(), csrf_token= csrf ) resp = client.post(config.BASE_URL+'/v1/users/me/update_hash', data=data) self.assertEqual(403,resp.status_code)
def test_error_message_on_hash_collision(self): anotheruser = self.createUserWithCredentials().user digest = self.createHash() anotheruser.hash = digest Assurance.new(anotheruser, "test", anotheruser) anotheruser.save() with app.test_client() as client: resp = self.doUpdateHashForUser(client, digest=digest) self.assertEqual(400, resp.status_code) self.assertEqual('{"errors": ["another user is using your hash"]}', resp.data.decode('utf-8'))
def test_you_should_give_the_credentialType_for_credential_deletion(self): with app.test_client() as client: self.login(client) credId = self.randString data = { "csrf_token": self.getCSRF(client), "identifier": credId, } resp = client.post(config.BASE_URL + "/v1/remove_credential", data=data) self.assertEqual(400, resp.status_code) self.assertCredentialErrorresponse(resp)