def test_includeme(forklift):
settings = {}
if forklift:
settings["forklift.domain"] = forklift
config = pretend.stub(
get_settings=lambda: settings,
include=pretend.call_recorder(lambda n: None),
add_legacy_action_route=pretend.call_recorder(lambda *a, **k: None),
)
includeme(config)
config.include.calls == [pretend.call(".action_routing")]
config.add_legacy_action_route.calls == [
pretend.call(
"forklift.legacy.file_upload",
"file_upload",
domain=forklift,
),
pretend.call("forklift.legacy.submit", "submit", domain=forklift),
pretend.call(
"forklift.legacy.submit_pkg_info",
"submit_pkg_info",
domain=forklift,
),
pretend.call(
"forklift.legacy.doc_upload",
"doc_upload",
domain=forklift,
),
]
def test_csp_policy(self):
response = pretend.stub(headers={})
handler = pretend.call_recorder(lambda request: response)
settings = {
"csp": {
"default-src": ["*"],
"style-src": ["'self'", "example.net"],
},
}
registry = pretend.stub(settings=settings)
tween = csp.content_security_policy_tween_factory(handler, registry)
request = pretend.stub(
path="/project/foobar/",
find_service=pretend.call_recorder(
lambda *args, **kwargs: settings["csp"]
),
)
assert tween(request) is response
assert response.headers == {
"Content-Security-Policy":
"default-src *; style-src 'self' example.net",
}
def test_resets_password_bad_confirm(self, db_request, monkeypatch):
user = UserFactory.create()
db_request.matchdict["user_id"] = str(user.id)
db_request.params = {"username": "******"}
db_request.route_path = pretend.call_recorder(lambda *a, **kw: "/foobar")
db_request.user = UserFactory.create()
db_request.remote_addr = "10.10.10.10"
service = pretend.stub(
find_userid=pretend.call_recorder(lambda username: user.id),
disable_password=pretend.call_recorder(lambda userid, reason: None),
)
db_request.find_service = pretend.call_recorder(lambda iface, context: service)
send_email = pretend.call_recorder(lambda *a, **kw: None)
monkeypatch.setattr(views, "send_password_compromised_email", send_email)
result = views.user_reset_password(db_request)
assert db_request.find_service.calls == []
assert send_email.calls == []
assert service.disable_password.calls == []
assert db_request.route_path.calls == [
pretend.call("admin.user.detail", user_id=user.id)
]
assert result.status_code == 303
assert result.location == "/foobar"
def test_call(self, monkeypatch):
request = pretend.stub()
registry = pretend.stub()
result = pretend.stub()
prepared = {
"registry": registry,
"request": request,
"closer": pretend.call_recorder(lambda: None)
}
prepare = pretend.call_recorder(lambda *a, **kw: prepared)
monkeypatch.setattr(scripting, "prepare", prepare)
@pretend.call_recorder
def runner(irequest):
assert irequest is request
return result
task = celery.WarehouseTask()
task.app = Celery()
task.app.pyramid_config = pretend.stub(registry=registry)
task.run = runner
assert task() is result
assert prepare.calls == [pretend.call(registry=registry)]
assert prepared["closer"].calls == [pretend.call()]
assert runner.calls == [pretend.call(request)]
def test_configuration(self, url, cache_class, monkeypatch):
client_obj = pretend.stub()
client_cls = pretend.stub(
create_service=pretend.call_recorder(lambda *a, **kw: client_obj)
)
monkeypatch.setattr(cache, cache_class, client_cls)
registry = {}
config = pretend.stub(
add_view_deriver=pretend.call_recorder(
lambda deriver, over=None, under=None: None
),
register_service_factory=pretend.call_recorder(
lambda service, iface=None: None
),
registry=pretend.stub(
settings={"warehouse.xmlrpc.cache.url": url},
__setitem__=registry.__setitem__,
),
)
cache.includeme(config)
assert config.add_view_deriver.calls == [
pretend.call(
cache.cached_return_view, under="rendered_view", over="mapped_view"
)
]
def test_delete_by_prefix_with_storage_prefix(self):
files = {"Contents": [{"Key": f"docs/foo/{i}.html"} for i in range(150)]}
s3_client = pretend.stub(
list_objects_v2=pretend.call_recorder(
lambda Bucket=None, Prefix=None: files
),
delete_objects=pretend.call_recorder(lambda Bucket=None, Delete=None: None),
)
storage = S3DocsStorage(s3_client, "bucket-name", prefix="docs")
storage.remove_by_prefix("foo")
assert s3_client.list_objects_v2.calls == [
pretend.call(Bucket="bucket-name", Prefix="docs/foo")
]
assert s3_client.delete_objects.calls == [
pretend.call(
Bucket="bucket-name",
Delete={"Objects": [{"Key": f"docs/foo/{i}.html"} for i in range(100)]},
),
pretend.call(
Bucket="bucket-name",
Delete={
"Objects": [{"Key": f"docs/foo/{i}.html"} for i in range(100, 150)]
},
),
]
def test_with_disabled_user_compromised_pw(self, pyramid_request, pyramid_services):
user = pretend.stub(id=1)
service = pretend.stub(
get_user=pretend.call_recorder(lambda user_id: user),
find_userid=pretend.call_recorder(lambda username: 1),
check_password=pretend.call_recorder(
lambda userid, password, tags=None: False
),
is_disabled=pretend.call_recorder(
lambda user_id: (True, DisableReason.CompromisedPassword)
),
)
pyramid_services.register_service(IUserService, None, service)
pyramid_services.register_service(
IPasswordBreachedService,
None,
pretend.stub(failure_message_plain="Bad Password!"),
)
with pytest.raises(BasicAuthBreachedPassword) as excinfo:
assert (
accounts._basic_auth_login("myuser", "mypass", pyramid_request) is None
)
assert excinfo.value.status == "401 Bad Password!"
assert service.find_userid.calls == [pretend.call("myuser")]
assert service.get_user.calls == [pretend.call(1)]
assert service.is_disabled.calls == [pretend.call(1)]
assert service.check_password.calls == []
def test_deriver(self, service_available, xmlrpc_cache, fakeredis):
context = pretend.stub()
purger = pretend.call_recorder(lambda tags: None)
service = RedisXMLRPCCache("redis://127.0.0.2:6379/0", purger)
service.redis_conn = fakeredis
service.redis_lru.conn = fakeredis
if service_available:
_find_service = pretend.call_recorder(lambda *args, **kwargs: service)
else:
_find_service = pretend.raiser(LookupError)
request = pretend.stub(
find_service=_find_service, rpc_method="rpc_method", rpc_args=(0, 1)
)
response = {}
@pretend.call_recorder
def view(context, request):
return response
info = pretend.stub(options={}, exception_only=False)
info.options["xmlrpc_cache"] = xmlrpc_cache
derived_view = cached_return_view(view, info)
assert derived_view(context, request) is response
assert view.calls == [pretend.call(context, request)]
def test_after_commit_hook(self, monkeypatch, success):
args = [pretend.stub(), pretend.stub()]
kwargs = {"foo": pretend.stub(), "bar": pretend.stub()}
super_class = pretend.stub(
apply_async=pretend.call_recorder(lambda *a, **kw: None),
)
real_super = __builtins__["super"]
inner_super = pretend.call_recorder(lambda *a, **kw: super_class)
def fake_super(*args, **kwargs):
if not args and not kwargs:
return inner_super(*args, **kwargs)
else:
return real_super(*args, **kwargs)
monkeypatch.setitem(__builtins__, "super", fake_super)
task = celery.WarehouseTask()
task.app = Celery()
task._after_commit_hook(success, *args, **kwargs)
if success:
assert inner_super.calls == [pretend.call()]
else:
assert inner_super.calls == []
def test_send_email_success(self, monkeypatch):
message_obj = Message()
def mock_message(*args, **kwargs):
return message_obj
monkeypatch.setattr(email, "Message", mock_message)
task = pretend.stub()
mailer = pretend.stub(
send_immediately=pretend.call_recorder(lambda i: None)
)
request = pretend.stub(
registry=pretend.stub(
settings=pretend.stub(
get=pretend.call_recorder(lambda k: 'SENDER'),
),
getUtility=pretend.call_recorder(lambda mailr: mailer)
)
)
email.send_email(
task,
request,
"body",
"subject",
recipients=["recipients"],
)
assert mailer.send_immediately.calls == [pretend.call(message_obj)]
assert request.registry.getUtility.calls == [pretend.call(IMailer)]
assert request.registry.settings.get.calls == [
pretend.call("mail.sender")]
def test_404_when_missing_file(self, db_request, pyramid_config):
@pretend.call_recorder
def raiser(path):
raise FileNotFoundError
storage_service = pretend.stub(get=raiser)
project = ProjectFactory.create()
release = ReleaseFactory.create(project=project)
file_ = FileFactory.create(
release=release,
filename="{}-{}.tar.gz".format(project.name, release.version),
python_version="source",
)
path = "source/{}/{}/{}".format(
project.name[0], project.name, file_.filename
)
db_request.matchdict["path"] = path
db_request.log = pretend.stub(
error=pretend.call_recorder(lambda event, **kw: None),
)
db_request.find_service = pretend.call_recorder(
lambda iface: storage_service
)
resp = views.packages(db_request)
assert isinstance(resp, HTTPNotFound)
assert db_request.find_service.calls == [pretend.call(IFileStorage)]
assert storage_service.get.calls == [pretend.call(path)]
assert db_request.log.error.calls == [
pretend.call("missing file data", path=path),
]
def test_invalidated_deletes_no_save(self, pyramid_request):
session_factory = SessionFactory(
"mysecret", "redis://redis://localhost:6379/0",
)
session_factory.redis = pretend.stub(
delete=pretend.call_recorder(lambda key: None)
)
pyramid_request.session.invalidated = ["1", "2"]
pyramid_request.session.should_save = pretend.call_recorder(
lambda: False
)
response = pretend.stub(
delete_cookie=pretend.call_recorder(lambda cookie: None),
)
session_factory._process_response(pyramid_request, response)
assert session_factory.redis.delete.calls == [
pretend.call("warehouse/session/data/1"),
pretend.call("warehouse/session/data/2"),
]
assert pyramid_request.session.should_save.calls == [
pretend.call(),
pretend.call(),
]
assert response.delete_cookie.calls == [pretend.call("session_id")]
def test_devel_csp(self):
settings = {
"csp": {
"script-src": ["{request.scheme}://{request.host}"],
}
}
response = pretend.stub(headers={})
registry = pretend.stub(settings=settings)
handler = pretend.call_recorder(lambda request: response)
tween = csp.content_security_policy_tween_factory(handler, registry)
request = pretend.stub(
scheme="https",
host="example.com",
path="/path/to/nowhere",
find_service=pretend.call_recorder(
lambda *args, **kwargs: settings["csp"],
),
)
assert tween(request) is response
assert response.headers == {
"Content-Security-Policy": "script-src https://example.com",
}
def test_includeme(monkeypatch):
session_factory_obj = pretend.stub()
session_factory_cls = pretend.call_recorder(
lambda secret, url: session_factory_obj
)
monkeypatch.setattr(
warehouse.sessions,
"SessionFactory",
session_factory_cls,
)
config = pretend.stub(
set_session_factory=pretend.call_recorder(lambda factory: None),
registry=pretend.stub(
settings={
"sessions.secret": "my secret",
"sessions.url": "my url",
},
),
add_view_deriver=pretend.call_recorder(lambda *a, **kw: None),
)
includeme(config)
assert config.set_session_factory.calls == [
pretend.call(session_factory_obj),
]
assert session_factory_cls.calls == [pretend.call("my secret", "my url")]
assert config.add_view_deriver.calls == [
pretend.call(
session_view,
over="csrf_view",
under=viewderivers.INGRESS,
),
]
def test_virtualenv_state(monkeypatch):
CONTENT = '{"last_check": "1970-01-02T11:00:00Z", "pypi_version": "1.0"}'
fake_file = pretend.stub(
read=pretend.call_recorder(lambda: CONTENT),
write=pretend.call_recorder(lambda s: None),
)
@pretend.call_recorder
@contextmanager
def fake_open(filename, mode='r'):
yield fake_file
monkeypatch.setattr(outdated, 'open', fake_open, raising=False)
monkeypatch.setattr(outdated, 'running_under_virtualenv',
pretend.call_recorder(lambda: True))
monkeypatch.setattr(sys, 'prefix', 'virtually_env')
state = outdated.load_selfcheck_statefile()
state.save('2.0', datetime.datetime.utcnow())
assert len(outdated.running_under_virtualenv.calls) == 1
expected_path = os.path.join('virtually_env', 'pip-selfcheck.json')
assert fake_open.calls == [
pretend.call(expected_path),
pretend.call(expected_path, 'w'),
]
# json.dumps will call this a number of times
assert len(fake_file.write.calls)
def test_valid_session_id_invalid_data(self, pyramid_request):
pyramid_request.cookies["session_id"] = "123456"
session_factory = SessionFactory(
"mysecret", "redis://redis://localhost:6379/0",
)
session_factory.signer.unsign = pretend.call_recorder(
lambda session_id, max_age: b"123456"
)
session_factory.redis = pretend.stub(
get=pretend.call_recorder(lambda key: b"invalid data"),
)
session_factory._process_response = pretend.stub()
session = session_factory(pyramid_request)
assert len(pyramid_request.response_callbacks) == 1
assert pyramid_request.response_callbacks[0] is \
session_factory._process_response
assert session_factory.signer.unsign.calls == [
pretend.call("123456", max_age=12 * 60 * 60),
]
assert session_factory.redis.get.calls == [
pretend.call("warehouse/session/data/123456"),
]
assert isinstance(session, Session)
assert session._sid is None
assert session.new
def test_render_response():
template = pretend.stub(render=pretend.call_recorder(lambda **k: "test"))
app = pretend.stub(
config=pretend.stub(),
templates=pretend.stub(
get_template=pretend.call_recorder(lambda t: template),
),
)
request = pretend.stub()
resp = render_response(app, request, "template.html", foo="bar")
assert resp.get_wsgi_headers(create_environ())["Content-Length"] == "4"
assert resp.data == b"test"
assert app.templates.get_template.calls == [pretend.call("template.html")]
assert template.render.calls == [
pretend.call(
foo="bar",
config=app.config,
csrf_token=mock.ANY,
gravatar_url=mock.ANY,
url_for=mock.ANY,
static_url=mock.ANY,
),
]
def test_without_a_query(self, monkeypatch, db_request, page):
params = MultiDict()
if page is not None:
params["page"] = page
db_request.params = params
es_query = pretend.stub()
db_request.es = pretend.stub(query=lambda *a, **kw: es_query)
page_obj = pretend.stub(page_count=(page or 1) + 10)
page_cls = pretend.call_recorder(lambda *a, **kw: page_obj)
monkeypatch.setattr(views, "ElasticsearchPage", page_cls)
url_maker = pretend.stub()
url_maker_factory = pretend.call_recorder(lambda request: url_maker)
monkeypatch.setattr(views, "paginate_url_factory", url_maker_factory)
assert search(db_request) == {
"page": page_obj,
"term": params.get("q", ''),
"order": params.get("o", ''),
"applied_filters": [],
"available_filters": [],
}
assert page_cls.calls == [
pretend.call(es_query, url_maker=url_maker, page=page or 1),
]
assert url_maker_factory.calls == [pretend.call(db_request)]
def test_includeme():
config = pretend.stub(
add_directive=pretend.call_recorder(lambda name, callable: None),
add_tween=pretend.call_recorder(lambda tween, over, under: None),
)
static.includeme(config)
assert config.add_directive.calls == [
pretend.call(
"whitenoise_serve_static",
static.whitenoise_serve_static,
),
pretend.call(
"whitenoise_add_files",
static.whitenoise_add_files,
),
]
assert config.add_tween.calls == [
pretend.call(
"warehouse.static.whitenoise_tween_factory",
over=[
"warehouse.utils.compression.compression_tween_factory",
EXCVIEW,
],
under=[
"warehouse.csp.content_security_policy_tween_factory",
"warehouse.config.require_https_tween_factory",
INGRESS,
],
),
]
def test_wsgi_app_exception(app, monkeypatch):
match = pretend.stub(match=pretend.call_recorder(lambda: ("warehouse.fake.view", {})))
urls = pretend.stub(bind_to_environ=pretend.call_recorder(lambda e: match))
response = pretend.call_recorder(lambda e, s: None)
class FakeException(HTTPException):
# @pretend.call_recorder
def __call__(self, *args, **kwargs):
return response
@pretend.call_recorder
def fake_view(*args, **kwargs):
raise FakeException("An error has occurred")
fake_module = pretend.stub(view=fake_view)
import_module = pretend.call_recorder(lambda mod: fake_module)
monkeypatch.setattr(importlib, "import_module", import_module)
environ = create_environ()
start_response = pretend.stub()
app.urls = urls
app.wsgi_app(environ, start_response)
assert match.match.calls == [pretend.call()]
assert urls.bind_to_environ.calls == [pretend.call(environ)]
assert import_module.calls == [pretend.call("warehouse.fake")]
assert fake_view.calls == [pretend.call(app, mock.ANY)]
def test_purges_fails(self, monkeypatch, exception_type):
exc = exception_type()
class Cacher:
@staticmethod
@pretend.call_recorder
def purge_key(key):
raise exc
class Task:
@staticmethod
@pretend.call_recorder
def retry(exc):
raise celery.exceptions.Retry
task = Task()
cacher = Cacher()
request = pretend.stub(
find_service=pretend.call_recorder(lambda iface: cacher),
log=pretend.stub(
info=pretend.call_recorder(lambda *args, **kwargs: None),
error=pretend.call_recorder(lambda *args, **kwargs: None),
),
)
with pytest.raises(celery.exceptions.Retry):
fastly.purge_key(task, request, "foo")
assert request.find_service.calls == [pretend.call(IOriginCache)]
assert cacher.purge_key.calls == [pretend.call("foo")]
assert task.retry.calls == [pretend.call(exc=exc)]
assert request.log.info.calls == [pretend.call("Purging %s", "foo")]
assert request.log.error.calls == [
pretend.call("Error purging %s: %s", "foo", str(exception_type()))
]
def test_project_detail_invalid_version():
app = pretend.stub(
config=pretend.stub(
cache=pretend.stub(
browser=False,
varnish=False,
),
),
db=pretend.stub(
packaging=pretend.stub(
get_project=pretend.call_recorder(
lambda proj: "test-project",
),
get_releases=pretend.call_recorder(
lambda proj: [{"version": "1.0"}],
),
),
),
)
request = pretend.stub()
project_name = "test-project"
with pytest.raises(NotFound):
project_detail(app, request, project_name, "2.0")
assert app.db.packaging.get_project.calls == [
pretend.call("test-project"),
]
assert app.db.packaging.get_releases.calls == [
pretend.call("test-project"),
]
def test_purge_key_unsuccessful(self, monkeypatch, result):
cacher = fastly.FastlyCache(
api_key="an api key", service_id="the-service-id", purger=None
)
response = pretend.stub(
raise_for_status=pretend.call_recorder(lambda: None), json=lambda: result
)
requests_post = pretend.call_recorder(lambda *a, **kw: response)
monkeypatch.setattr(requests, "post", requests_post)
with pytest.raises(fastly.UnsuccessfulPurge):
cacher.purge_key("one")
assert requests_post.calls == [
pretend.call(
"https://api.fastly.com/service/the-service-id/purge/one",
headers={
"Accept": "application/json",
"Fastly-Key": "an api key",
"Fastly-Soft-Purge": "1",
},
)
]
assert response.raise_for_status.calls == [pretend.call()]
def test_delete_by_prefix(self, file_count):
files = {
'Contents': [
{'Key': f'foo/{i}.html'} for i in range(file_count)
],
}
s3_client = pretend.stub(
list_objects_v2=pretend.call_recorder(
lambda Bucket=None, Prefix=None: files),
delete_objects=pretend.call_recorder(
lambda Bucket=None, Delete=None: None),
)
storage = S3DocsStorage(s3_client, 'bucket-name')
storage.remove_by_prefix('foo')
assert s3_client.list_objects_v2.calls == [
pretend.call(Bucket='bucket-name', Prefix='foo'),
]
assert s3_client.delete_objects.calls == [
pretend.call(
Bucket='bucket-name',
Delete={
'Objects': [
{'Key': f'foo/{i}.html'} for i in range(file_count)
]
},
),
]
def test_includeme_with_origin_cache():
cache_class = pretend.stub(create_service=pretend.stub())
config = pretend.stub(
add_directive=pretend.call_recorder(lambda name, func: None),
registry=pretend.stub(
settings={
"origin_cache.backend":
"warehouse.cache.origin.fastly.FastlyCache",
},
),
maybe_dotted=pretend.call_recorder(lambda n: cache_class),
register_service_factory=pretend.call_recorder(lambda f, iface: None)
)
origin.includeme(config)
assert config.add_directive.calls == [
pretend.call(
"register_origin_cache_keys",
origin.register_origin_cache_keys,
),
]
assert config.maybe_dotted.calls == [
pretend.call("warehouse.cache.origin.fastly.FastlyCache"),
]
assert config.register_service_factory.calls == [
pretend.call(cache_class.create_service, IOriginCache),
]
def test_includeme(monkeypatch):
class FakeRegistry(dict):
settings = {"database.url": pretend.stub()}
engine = pretend.stub()
create_engine = pretend.call_recorder(lambda url, isolation_level: engine)
config = pretend.stub(
add_directive=pretend.call_recorder(lambda *a: None),
registry=FakeRegistry(),
add_request_method=pretend.call_recorder(lambda f, name, reify: None),
)
monkeypatch.setattr(sqlalchemy, "create_engine", create_engine)
includeme(config)
assert config.add_directive.calls == [
pretend.call("alembic_config", _configure_alembic),
]
assert create_engine.calls == [
pretend.call(
config.registry.settings["database.url"],
isolation_level="SERIALIZABLE",
),
]
assert config.registry["sqlalchemy.engine"] is engine
assert config.add_request_method.calls == [
pretend.call(_create_session, name="db", reify=True),
]
def test_request_without_tm(self, monkeypatch):
async_result = pretend.stub()
super_class = pretend.stub(
apply_async=pretend.call_recorder(lambda *a, **kw: async_result),
)
real_super = __builtins__["super"]
inner_super = pretend.call_recorder(lambda *a, **kw: super_class)
def fake_super(*args, **kwargs):
if not args and not kwargs:
return inner_super(*args, **kwargs)
else:
return real_super(*args, **kwargs)
monkeypatch.setitem(__builtins__, "super", fake_super)
request = pretend.stub()
get_current_request = pretend.call_recorder(lambda: request)
monkeypatch.setattr(celery, "get_current_request", get_current_request)
task = celery.WarehouseTask()
task.app = Celery()
assert task.apply_async() is async_result
assert super_class.apply_async.calls == [pretend.call()]
assert get_current_request.calls == [pretend.call()]
assert inner_super.calls == [pretend.call()]
def test_with_valid_password(self, monkeypatch):
principals = pretend.stub()
authenticate = pretend.call_recorder(
lambda userid, request: principals
)
monkeypatch.setattr(accounts, "_authenticate", authenticate)
userid = pretend.stub()
service = pretend.stub(
find_userid=pretend.call_recorder(lambda username: userid),
check_password=pretend.call_recorder(
lambda userid, password: True
),
)
request = pretend.stub(
find_service=pretend.call_recorder(lambda iface, context: service),
)
assert accounts._login("myuser", "mypass", request) is principals
assert request.find_service.calls == [
pretend.call(IUserService, context=None),
]
assert service.find_userid.calls == [pretend.call("myuser")]
assert service.check_password.calls == [pretend.call(userid, "mypass")]
assert authenticate.calls == [pretend.call(userid, request)]
def test_simple_csp(self):
settings = {
"csp": {
"default-src": ["'none'"],
"sandbox": ["allow-top-navigation"],
}
}
response = pretend.stub(headers={})
registry = pretend.stub(settings=settings)
handler = pretend.call_recorder(lambda request: response)
tween = csp.content_security_policy_tween_factory(handler, registry)
request = pretend.stub(
scheme="https",
host="example.com",
path="/simple/",
find_service=pretend.call_recorder(
lambda *args, **kwargs: settings["csp"],
),
)
assert tween(request) is response
assert response.headers == {
"Content-Security-Policy":
"default-src 'none'; sandbox allow-top-navigation",
}
def test_custom_tag(self, service_available, xmlrpc_cache):
context = pretend.stub()
service = pretend.stub(
fetch=pretend.call_recorder(
lambda func, args, kwargs, key, tag, expires: func(*args, **kwargs)
)
)
if service_available:
_find_service = pretend.call_recorder(lambda *args, **kwargs: service)
else:
_find_service = pretend.raiser(LookupError)
request = pretend.stub(
find_service=_find_service,
rpc_method="rpc_method",
rpc_args=("warehouse", "1.0.0"),
)
response = {}
@pretend.call_recorder
def view(context, request):
return response
info = pretend.stub(options={}, exception_only=False)
info.options["xmlrpc_cache"] = xmlrpc_cache
info.options["xmlrpc_cache_tag"] = "arg1/%s"
info.options["xmlrpc_cache_arg_index"] = 1
derived_view = cached_return_view(view, info)
assert derived_view(context, request) is response
assert view.calls == [pretend.call(context, request)]
def test_verify_error(self):
metrics = pretend.stub(
increment=pretend.call_recorder(lambda str: None))
cache = integrations.PublicKeysCache(cache_time=12)
github_verifier = utils.GitHubTokenScanningPayloadVerifier(
api_url="http://foo",
session=pretend.stub(),
metrics=metrics,
api_token="api-token",
public_keys_cache=cache,
)
github_verifier.retrieve_public_key_payload = pretend.raiser(
integrations.InvalidPayloadSignatureError("Bla", "bla"))
assert github_verifier.verify(payload={}, key_id="a",
signature="a") is False
assert metrics.increment.calls == [
pretend.call("warehouse.token_leak.github.auth.cache.miss"),
pretend.call("warehouse.token_leak.github.auth.error.bla"),
]
def test_main_no_vlads_in_args(monkeypatch):
monkeypatch.setattr(
'vladiate.main.parse_args', lambda: stub(
list_commands=False,
show_version=False,
vladfile=stub(),
vlads=[],
processes=1,
)
)
monkeypatch.setattr(
'vladiate.main.find_vladfile', lambda *args, **kwargs: stub()
)
vlad = call_recorder(lambda *args, **kwargs: stub(validate=lambda: stub()))
vlad.source = stub()
monkeypatch.setattr(
'vladiate.main.load_vladfile',
lambda *args, **kwargs: (None, {'Something Else': vlad})
)
assert main() is None
def test_analyze_disclosures_raise(monkeypatch):
metrics = collections.Counter()
def metrics_increment(key):
metrics.update([key])
metrics_service = pretend.stub(increment=metrics_increment)
task = pretend.stub(delay=pretend.call_recorder(lambda *a, **k: None))
monkeypatch.setattr(tasks, "analyze_disclosure_task", task)
utils.analyze_disclosures(disclosure_records=[1, 2, 3],
origin="yay",
metrics=metrics_service)
assert task.delay.calls == [
pretend.call(disclosure_record=1, origin="yay"),
pretend.call(disclosure_record=2, origin="yay"),
pretend.call(disclosure_record=3, origin="yay"),
]
def test_creates_validated_credential(self):
fake_validated_credential = object()
user_service = pretend.stub(
verify_webauthn_credential=lambda *a, **kw:
fake_validated_credential,
get_webauthn_by_label=pretend.call_recorder(lambda *a: None),
)
form = forms.ProvisionWebAuthnForm(
data={
"credential": "{}",
"label": "fake label"
},
user_service=user_service,
user_id=pretend.stub(),
challenge=pretend.stub(),
rp_id=pretend.stub(),
origin=pretend.stub(),
)
assert form.validate()
assert form.validated_credential is fake_validated_credential
def test_adds_blacklist(self, db_request):
db_request.user = UserFactory.create()
db_request.POST["project"] = "foo"
db_request.POST["confirm"] = "foo"
db_request.POST["comment"] = "This is a comment"
db_request.session = pretend.stub(
flash=pretend.call_recorder(lambda *a, **kw: None))
db_request.route_path = lambda a: "/admin/blacklist/"
views.add_blacklist(db_request)
assert db_request.session.flash.calls == [
pretend.call("Blacklisted 'foo'", queue="success")
]
blacklist = (db_request.db.query(BlacklistedProject).filter(
BlacklistedProject.name == "foo").one())
assert blacklist.name == "foo"
assert blacklist.blacklisted_by == db_request.user
assert blacklist.comment == "This is a comment"
def test_basic(self, pyramid_request, metrics):
limiter_obj = pretend.stub()
limiter_class = pretend.call_recorder(lambda *a, **kw: limiter_obj)
context = pretend.stub()
pyramid_request.registry["ratelimiter.storage"] = pretend.stub()
result = RateLimit("1 per 5 minutes",
identifiers=["foo"],
limiter_class=limiter_class)(context,
pyramid_request)
assert result is limiter_obj
assert limiter_class.calls == [
pretend.call(
pyramid_request.registry["ratelimiter.storage"],
limit="1 per 5 minutes",
identifiers=["foo"],
metrics=metrics,
)
]
def test_via_basic_auth_compromised(
self, monkeypatch, pyramid_request, pyramid_services
):
send_email = pretend.call_recorder(lambda *a, **kw: None)
monkeypatch.setattr(accounts, "send_password_compromised_email", send_email)
user = pretend.stub(id=2)
service = pretend.stub(
get_user=pretend.call_recorder(lambda user_id: user),
find_userid=pretend.call_recorder(lambda username: 2),
check_password=pretend.call_recorder(
lambda userid, password, tags=None: True
),
is_disabled=pretend.call_recorder(lambda user_id: (False, None)),
disable_password=pretend.call_recorder(lambda user_id, reason=None: None),
)
breach_service = pretend.stub(
check_password=pretend.call_recorder(lambda pw, tags=None: True),
failure_message_plain="Bad Password!",
)
pyramid_services.register_service(IUserService, None, service)
pyramid_services.register_service(
IPasswordBreachedService, None, breach_service
)
with pytest.raises(BasicAuthBreachedPassword) as excinfo:
accounts._basic_auth_login("myuser", "mypass", pyramid_request)
assert excinfo.value.status == "401 Bad Password!"
assert service.find_userid.calls == [pretend.call("myuser")]
assert service.get_user.calls == [pretend.call(2)]
assert service.is_disabled.calls == [pretend.call(2)]
assert service.check_password.calls == [
pretend.call(2, "mypass", tags=["method:auth", "auth_method:basic"])
]
assert breach_service.check_password.calls == [
pretend.call("mypass", tags=["method:auth", "auth_method:basic"])
]
assert service.disable_password.calls == [
pretend.call(2, reason=DisableReason.CompromisedPassword)
]
assert send_email.calls == [pretend.call(pyramid_request, user)]
def test_token_service_factory_default_max_age(monkeypatch):
name = "name"
service_obj = pretend.stub()
service_cls = pretend.call_recorder(lambda *args: service_obj)
service_factory = services.TokenServiceFactory(name, service_cls)
assert service_factory.name == name
assert service_factory.service_class == service_cls
context = pretend.stub()
secret = pretend.stub()
default_max_age = pretend.stub()
request = pretend.stub(registry=pretend.stub(
settings={
"token.name.secret": secret,
"token.default.max_age": default_max_age,
}))
assert service_factory(context, request) is service_obj
assert service_cls.calls == [pretend.call(secret, name, default_max_age)]
def test_with_error(self):
request = pretend.stub(
raven=pretend.stub(
captureException=pretend.call_recorder(lambda: None),
),
)
class TestException(Exception):
pass
@pretend.call_recorder
def handler(request):
raise TestException
tween = raven.raven_tween_factory(handler, pretend.stub())
with pytest.raises(TestException):
tween(request)
assert handler.calls == [pretend.call(request)]
assert request.raven.captureException.calls == [pretend.call()]
def test_camoify_no_src(self, monkeypatch):
html = "<img>"
request = pretend.stub(registry=pretend.stub(
settings={
"camo.url": "https://camo.example.net/",
"camo.key": "fake key",
}))
camo_url = partial(filters._camo_url, request)
request.camo_url = camo_url
ctx = {"request": request}
gen_camo_url = pretend.call_recorder(
lambda curl, ckey, url: "https://camo.example.net/image.jpg")
monkeypatch.setattr(filters, "_camo_url", gen_camo_url)
result = filters.camoify(ctx, html)
assert result == "<img>"
assert gen_camo_url.calls == []
def test_csp_policy_inject(self):
response = pretend.stub(headers={})
def handler(request):
request.find_service("csp")["default-src"].append("example.com")
return response
settings = {"csp": {"default-src": ["*"], "style-src": ["'self'"]}}
registry = pretend.stub(settings=settings)
tween = csp.content_security_policy_tween_factory(handler, registry)
request = pretend.stub(
path="/example",
find_service=pretend.call_recorder(lambda *args, **kwargs: settings["csp"]),
)
assert tween(request) is response
assert response.headers == {
"Content-Security-Policy": "default-src * example.com; style-src 'self'"
}
def test_with_valid_password(self, monkeypatch, pyramid_request, pyramid_services):
principals = pretend.stub()
authenticate = pretend.call_recorder(lambda userid, request: principals)
monkeypatch.setattr(accounts, "_authenticate", authenticate)
user = pretend.stub(id=2)
service = pretend.stub(
get_user=pretend.call_recorder(lambda user_id: user),
find_userid=pretend.call_recorder(lambda username: 2),
check_password=pretend.call_recorder(
lambda userid, password, tags=None: True
),
update_user=pretend.call_recorder(lambda userid, last_login: None),
is_disabled=pretend.call_recorder(lambda user_id: (False, None)),
)
breach_service = pretend.stub(
check_password=pretend.call_recorder(lambda pw, tags=None: False)
)
pyramid_services.register_service(IUserService, None, service)
pyramid_services.register_service(
IPasswordBreachedService, None, breach_service
)
now = datetime.datetime.utcnow()
with freezegun.freeze_time(now):
assert (
accounts._basic_auth_login("myuser", "mypass", pyramid_request)
is principals
)
assert service.find_userid.calls == [pretend.call("myuser")]
assert service.get_user.calls == [pretend.call(2)]
assert service.is_disabled.calls == [pretend.call(2)]
assert service.check_password.calls == [
pretend.call(2, "mypass", tags=["method:auth", "auth_method:basic"])
]
assert breach_service.check_password.calls == [
pretend.call("mypass", tags=["method:auth", "auth_method:basic"])
]
assert service.update_user.calls == [pretend.call(2, last_login=now)]
assert authenticate.calls == [pretend.call(2, pyramid_request)]
def test_csp_policy_default_inject(self):
settings = collections.defaultdict(list)
response = pretend.stub(headers={})
registry = pretend.stub(settings=settings)
def handler(request):
request.find_service("csp")["default-src"].append("example.com")
return response
tween = csp.content_security_policy_tween_factory(handler, registry)
request = pretend.stub(
path="/path/to/nowhere/",
find_service=pretend.call_recorder(
lambda *args, **kwargs: settings),
)
assert tween(request) is response
assert response.headers == {
"Content-Security-Policy": "default-src example.com"
}
def test_unknown_view(self, pyramid_services, metrics, route):
response = pretend.stub()
view = pretend.call_recorder(lambda request, context: response)
view_info = pretend.stub(original_view=pretend.stub())
derived = views.timing_view(view, view_info)
request = pretend.stub(
matched_route=pretend.stub(name=route) if route else None,
find_service=pyramid_services.find_service,
)
context = pretend.stub()
route_tag = "route:null" if route is None else f"route:{route}"
assert derived(context, request) is response
assert view.calls == [pretend.call(context, request)]
assert metrics.timed.calls == [
pretend.call("pyramid.view.duration",
tags=[route_tag, "view:unknown"])
]
def test_pass_foreign_args_true_sets_positional_args_key(
self, configure_for_pf, capsys):
"""
If `pass_foreign_args` is `True` we set the `positional_args` key in
the `event_dict` before clearing args.
"""
test_processor = call_recorder(lambda l, m, event_dict: event_dict)
configure_logging((test_processor, ), pass_foreign_args=True)
configure(
processors=[ProcessorFormatter.wrap_for_formatter],
logger_factory=LoggerFactory(),
wrapper_class=BoundLogger,
)
positional_args = {"foo": "bar"}
logging.getLogger().info("okay %(foo)s", positional_args)
event_dict = test_processor.calls[0].args[2]
assert "positional_args" in event_dict
assert positional_args == event_dict["positional_args"]
def test_normalizing_redirects(self, db_request):
project = ProjectFactory.create()
release = ReleaseFactory.create(project=project, version="3.0")
name = release.project.name.lower()
if name == release.project.name:
name = release.project.name.upper()
db_request.matchdict = {"name": name}
db_request.current_route_path = pretend.call_recorder(
lambda name: "/project/the-redirect/3.0/"
)
resp = json.json_release(release, db_request)
assert isinstance(resp, HTTPMovedPermanently)
assert resp.headers["Location"] == "/project/the-redirect/3.0/"
_assert_has_cors_headers(resp.headers)
assert db_request.current_route_path.calls == [
pretend.call(name=release.project.name)
]
def test_missing_obj_id(self, db_session, monkeypatch):
monkeypatch.setattr(tasks, "checks", test_checks)
task = pretend.stub()
MalwareCheckFactory.create(name="ExampleHookedCheck",
state=MalwareCheckState.Enabled)
task = pretend.stub()
request = pretend.stub(
db=db_session,
log=pretend.stub(
error=pretend.call_recorder(lambda *args, **kwargs: None)),
)
tasks.run_check(task, request, "ExampleHookedCheck")
assert request.log.error.calls == [
pretend.call(
"Fatal exception: ExampleHookedCheck: Missing required kwarg `obj_id`"
)
]
def test_includeme():
config_settings = {}
config = pretend.stub(
add_request_method=pretend.call_recorder(lambda f, name, reify: None),
get_settings=lambda: config_settings,
)
i18n.includeme(config)
assert config.add_request_method.calls == [
pretend.call(i18n._locale, name="locale", reify=True),
]
assert config_settings == {
"jinja2.filters": {
"format_date": "warehouse.i18n.filters:format_date",
"format_datetime": "warehouse.i18n.filters:format_datetime",
"format_rfc822_datetime":
"warehouse.i18n.filters:format_rfc822_datetime",
"format_number": "warehouse.i18n.filters:format_number",
},
}
def test_csp_policy(self):
response = pretend.stub(headers={})
handler = pretend.call_recorder(lambda request: response)
registry = pretend.stub(
settings={
"csp": {
"default-src": ["*"],
"style-src": ["'self'", "example.net"],
},
},
)
tween = config.content_security_policy_tween_factory(handler, registry)
request = pretend.stub(path="/project/foobar/")
assert tween(request) is response
assert response.headers == {
"Content-Security-Policy":
"default-src *; style-src 'self' example.net",
}
def test_invalidated_deletes_save_non_secure(self, monkeypatch, pyramid_request):
msgpack_packb = pretend.call_recorder(lambda *a, **kw: b"msgpack data")
monkeypatch.setattr(msgpack, "packb", msgpack_packb)
session_factory = SessionFactory("mysecret", "redis://redis://localhost:6379/0")
session_factory.redis = pretend.stub(
delete=pretend.call_recorder(lambda key: None),
setex=pretend.call_recorder(lambda key, age, data: None),
)
session_factory.signer.sign = pretend.call_recorder(lambda data: "cookie data")
pyramid_request.scheme = "http"
pyramid_request.session.sid = "123456"
pyramid_request.session.invalidated = ["1", "2"]
pyramid_request.session.should_save = pretend.call_recorder(lambda: True)
response = pretend.stub(
set_cookie=pretend.call_recorder(
lambda cookie, data, max_age, httponly, secure, samesite: None
)
)
session_factory._process_response(pyramid_request, response)
assert session_factory.redis.delete.calls == [
pretend.call("warehouse/session/data/1"),
pretend.call("warehouse/session/data/2"),
]
assert msgpack_packb.calls == [
pretend.call(
pyramid_request.session, default=object_encode, use_bin_type=True,
)
]
assert session_factory.redis.setex.calls == [
pretend.call("warehouse/session/data/123456", 12 * 60 * 60, b"msgpack data")
]
assert pyramid_request.session.should_save.calls == [
pretend.call(),
pretend.call(),
]
assert session_factory.signer.sign.calls == [pretend.call(b"123456")]
assert response.set_cookie.calls == [
pretend.call(
"session_id",
"cookie data",
max_age=12 * 60 * 60,
httponly=True,
secure=False,
samesite=b"lax",
)
]
def test_aws_session_factory(monkeypatch, region):
boto_session_obj = pretend.stub()
boto_session_cls = pretend.call_recorder(lambda **kw: boto_session_obj)
monkeypatch.setattr(aws, "_Boto3Session", boto_session_cls)
request = pretend.stub(registry=pretend.stub(settings={
"aws.key_id": "my key",
"aws.secret_key": "my secret",
}, ), )
if region is not None:
request.registry.settings["aws.region"] = region
assert aws.aws_session_factory(None, request) is boto_session_obj
assert boto_session_cls.calls == [
pretend.call(aws_access_key_id="my key",
aws_secret_access_key="my secret",
**({} if region is None else {
"region_name": region
}))
]
def test_xmlrpc_updated_releases():
now = datetime.datetime.utcnow()
result = [
dict(name='one', version='1', created=now, summary='text'),
dict(name='two', version='2', created=now, summary='text'),
dict(name='two', version='3', created=now, summary='text'),
dict(name='three', version='4', created=now, summary='text')
]
app = pretend.stub(db=pretend.stub(packaging=pretend.stub(
get_releases_since=pretend.call_recorder(lambda *a: result), ), ), )
interface = xmlrpc.Interface(app, pretend.stub())
old_timestamp = arrow.get(now - datetime.timedelta(days=1)).timestamp
assert interface.updated_releases(old_timestamp) == \
[['one', '1'], ['two', '2'], ['two', '3'], ['three', '4']]
assert app.db.packaging.get_releases_since.calls == [
pretend.call(arrow.get(old_timestamp).datetime)
]
def test_successfully_indexes(self, db_request, monkeypatch):
docs = pretend.stub()
task = pretend.stub()
def project_docs(db, project_name=None):
return docs
monkeypatch.setattr(warehouse.search.tasks, "_project_docs",
project_docs)
es_client = FakeESClient()
es_client.indices.indices["warehouse-aaaaaaaaaa"] = None
es_client.indices.aliases["warehouse"] = ["warehouse-aaaaaaaaaa"]
db_engine = pretend.stub()
db_request.registry.update({
"elasticsearch.client": es_client,
"elasticsearch.index": "warehouse",
"elasticsearch.shards": 42,
"sqlalchemy.engine": db_engine,
})
parallel_bulk = pretend.call_recorder(
lambda client, iterable, index=None: [None])
monkeypatch.setattr(warehouse.search.tasks, "parallel_bulk",
parallel_bulk)
monkeypatch.setattr(redis.StrictRedis, "from_url",
lambda *a, **kw: pretend.stub(lock=NotLock))
reindex_project(task, db_request, "foo")
assert parallel_bulk.calls == [
pretend.call(es_client, docs, index="warehouse")
]
assert es_client.indices.create.calls == []
assert es_client.indices.delete.calls == []
assert es_client.indices.aliases == {
"warehouse": ["warehouse-aaaaaaaaaa"]
}
assert es_client.indices.put_settings.calls == []
def test_delivery(self, db_request, monkeypatch):
verify_sns_message = pretend.call_recorder(lambda *a, **kw: None)
monkeypatch.setattr(views, "_verify_sns_message", verify_sns_message)
e = EmailFactory.create()
em = EmailMessageFactory.create(to=e.email)
event_id = str(uuid.uuid4())
db_request.json_body = {
"Type":
"Notification",
"MessageId":
event_id,
"Message":
json.dumps({
"notificationType": "Delivery",
"mail": {
"messageId": em.message_id
},
"delivery": {
"someData": "this is some data"
},
}),
}
resp = views.notification(db_request)
assert verify_sns_message.calls == [
pretend.call(db_request, db_request.json_body),
]
assert resp.status_code == 200
assert em.status is EmailStatuses.Delivered
event = (db_request.db.query(Event).filter(
Event.event_id == event_id).one())
assert event.email == em
assert event.event_type is EventTypes.Delivery
assert event.data == {"someData": "this is some data"}
def test_creates_project_and_assigns_role(self, db_request):
db_request.session = pretend.stub(
flash=pretend.call_recorder(lambda *a, **kw: None)
)
db_request.route_path = (
lambda *a, **kw: f"/admin/projects/{kw['project_name']}/"
)
user = UserFactory.create(username="******")
ProhibitedProjectFactory.create(name="wutangclan")
db_request.POST["project_name"] = "wutangclan"
db_request.POST["username"] = "******"
result = views.release_prohibited_project_name(db_request)
assert isinstance(result, HTTPSeeOther)
assert result.headers["Location"] == "/admin/projects/wutangclan/"
assert db_request.session.flash.calls == [
pretend.call("'wutangclan' released to 'methodman'.", queue="success")
]
assert not (
db_request.db.query(ProhibitedProjectName)
.filter(ProhibitedProjectName.name == "wutangclan")
.count()
)
project = (
db_request.db.query(Project).filter(Project.name == "wutangclan").one()
)
assert project is not None
role = (
db_request.db.query(Role)
.filter(
Role.user == user, Role.project == project, Role.role_name == "Owner"
)
.first()
)
assert role is not None
all_roles = db_request.db.query(Role).filter(Role.project == project).count()
assert all_roles == 1
def test_request_password_reset(self, monkeypatch, pyramid_request,
pyramid_config, user_service,
token_service):
stub_user = pretend.stub(username=pretend.stub())
pyramid_request.method = "POST"
token_service.dumps = pretend.call_recorder(lambda a: "TOK")
user_service.get_user_by_username = pretend.call_recorder(
lambda a: stub_user)
pyramid_request.find_service = pretend.call_recorder(
lambda interface, **kw: {
IUserService: user_service,
ITokenService: token_service,
}[interface],
)
form_obj = pretend.stub(
username_or_email=pretend.stub(data=stub_user.username),
validate=pretend.call_recorder(lambda: True),
)
form_class = pretend.call_recorder(lambda d, user_service: form_obj)
n_hours = token_service.max_age // 60 // 60
send_password_reset_email = pretend.call_recorder(
lambda *args, **kwargs: {'n_hours': n_hours},
)
monkeypatch.setattr(views, 'send_password_reset_email',
send_password_reset_email)
result = views.request_password_reset(pyramid_request,
_form_class=form_class)
assert result == {'n_hours': n_hours}
assert user_service.get_user_by_username.calls == [
pretend.call(stub_user.username),
]
assert pyramid_request.find_service.calls == [
pretend.call(IUserService, context=None),
pretend.call(ITokenService, name='password'),
]
assert form_obj.validate.calls == [
pretend.call(),
]
assert form_class.calls == [
pretend.call(pyramid_request.POST, user_service=user_service),
]
assert send_password_reset_email.calls == [
pretend.call(pyramid_request, stub_user),
]
def test_with_invalid_password(self, pyramid_request, pyramid_services):
user = pretend.stub(
id=1,
record_event=pretend.call_recorder(lambda *a, **kw: None),
)
service = pretend.stub(
get_user=pretend.call_recorder(lambda user_id: user),
find_userid=pretend.call_recorder(lambda username: 1),
check_password=pretend.call_recorder(
lambda userid, password, ip_address, tags=None: False
),
is_disabled=pretend.call_recorder(lambda user_id: (False, None)),
)
pyramid_services.register_service(service, IUserService, None)
pyramid_services.register_service(
pretend.stub(), IPasswordBreachedService, None
)
pyramid_request.matched_route = pretend.stub(name="forklift.legacy.file_upload")
pyramid_request.help_url = pretend.call_recorder(lambda **kw: "/the/help/url/")
with pytest.raises(BasicAuthFailedPassword) as excinfo:
assert (
accounts._basic_auth_login("myuser", "mypass", pyramid_request) is None
)
assert excinfo.value.status == (
"403 Invalid or non-existent authentication information. "
"See /the/help/url/ for more information."
)
assert service.find_userid.calls == [pretend.call("myuser")]
assert service.get_user.calls == [pretend.call(1)]
assert service.is_disabled.calls == [pretend.call(1)]
assert service.check_password.calls == [
pretend.call(
1,
"mypass",
"1.2.3.4",
tags=["mechanism:basic_auth", "method:auth", "auth_method:basic"],
)
]
assert user.record_event.calls == [
pretend.call(
tag="account:login:failure",
ip_address="1.2.3.4",
additional={"reason": "invalid_password", "auth_method": "basic"},
)
]
def test_returns_400_when_unknown_message(self, db_request, monkeypatch):
verify_sns_message = pretend.call_recorder(lambda *a, **kw: None)
monkeypatch.setattr(views, "_verify_sns_message", verify_sns_message)
db_request.json_body = {
"Type": "Notification",
"MessageId": str(uuid.uuid4()),
"Message": json.dumps({
"mail": {
"messageId": str(uuid.uuid4())
},
}),
}
with pytest.raises(HTTPBadRequest, match="Unknown messageId"):
views.notification(db_request)
assert verify_sns_message.calls == [
pretend.call(db_request, db_request.json_body),
]
assert db_request.db.query(EmailMessage).count() == 0
assert db_request.db.query(Event).count() == 0
def test_verify_webauthn_assertion(self, user_service, monkeypatch):
user = UserFactory.create()
user_service.add_webauthn(
user.id,
label="test_label",
credential_id="foo",
public_key="bar",
sign_count=1,
)
verify_assertion_response = pretend.call_recorder(lambda *a, **kw: 2)
monkeypatch.setattr(webauthn, "verify_assertion_response",
verify_assertion_response)
updated_sign_count = user_service.verify_webauthn_assertion(
user.id,
pretend.stub(),
challenge=pretend.stub(),
origin=pretend.stub(),
rp_id=pretend.stub(),
)
assert updated_sign_count == 2
def test_password_breached(self):
form = forms.ResetPasswordForm(
data={
"new_password": "******",
"password_confirm": "MyStr0ng!shPassword",
"username": "******",
"full_name": "full_name",
"email": "email",
},
user_service=pretend.stub(
find_userid=pretend.call_recorder(lambda _: None)),
breach_service=pretend.stub(
check_password=lambda pw, tags=None: True,
failure_message=
("This password has appeared in a breach or has otherwise been "
"compromised and cannot be used."),
),
)
assert not form.validate()
assert form.new_password.errors.pop() == (
"This password has appeared in a breach or has otherwise been "
"compromised and cannot be used.")
