class TestAuth(unittest.TestCase): def setUp(self): os.environ["PY4WEB_APPS_FOLDER"] = "apps" self.db = DAL("sqlite:memory") self.session = Session(secret="a", expiration=10) self.session.local.data = {} self.auth = Auth(self.session, self.db, define_tables=True) self.auth.enable() request.app_name = "_scaffold" def test_register_invalid(self): body = {"email": "*****@*****.**"} self.assertEqual( self.auth.action("api/register", "POST", {}, body), { "id": None, "errors": { "username": "******", "password": "******", "first_name": "Enter a value", "last_name": "Enter a value", }, "status": "error", "message": "validation errors", "code": 401, }, ) def test_register(self): body = { "username": "******", "email": "*****@*****.**", "password": "******", "first_name": "Pinco", "last_name": "Pallino", } self.assertEqual( self.auth.action("api/register", "POST", {}, body), { "id": 1, "status": "success", "code": 200 }, ) user = self.db.auth_user[1] self.assertTrue(user.action_token.startswith("pending-registration")) self.assertEqual(self.auth.get_user(), {}) body = {"email": "*****@*****.**", "password": "******"} self.assertTrue( self.auth.action("api/login", "POST", {}, body), { "status": "error", "message": "Registration is pending", "code": 400 }, ) token = user.action_token[len("pending-registration") + 1:] try: self.auth.action("verify_email", "GET", {"token": token}, {}) assert False, "email not verified" except HTTP: pass user = self.db.auth_user[1] self.assertTrue(user.action_token == None) self.assertEqual( self.auth.action("api/login", "POST", {}, body), { "status": "error", "message": "Invalid Credentials", "code": 400 }, ) body = {"email": "*****@*****.**", "password": "******"} self.assertEqual( self.auth.action("api/login", "POST", {}, body), { "user": { "id": 1, "username": "******", "email": "*****@*****.**", "first_name": "Pinco", "last_name": "Pallino", }, "status": "success", "code": 200, }, ) body = { "email": "ppallino", # can login with both email and username "password": "******", } self.assertEqual( self.auth.action("api/login", "POST", {}, body), { "user": { "id": 1, "username": "******", "email": "*****@*****.**", "first_name": "Pinco", "last_name": "Pallino", }, "status": "success", "code": 200, }, ) body = {"email": "*****@*****.**"} self.assertEqual( self.auth.action("api/request_reset_password", "POST", {}, body), { "status": "success", "code": 200 }, ) body = {"token": "junk", "new_password": "******"} self.assertTrue( self.auth.action("api/reset_password", "POST", {}, body), { "status": "error", "message": "invalid token, request expired", "code": 400, }, ) body = { "token": self.auth._link.split("?token=")[1], "new_password": "******", } self.assertTrue( self.auth.action("api/reset_password", "POST", {}, body), { "status": "success", "code": 200 }, ) self.assertEqual( self.auth.get_user(), { "id": 1, "username": "******", "email": "*****@*****.**", "first_name": "Pinco", "last_name": "Pallino", }, ) body = {} self.assertEqual( self.auth.action("api/change_password", "POST", {}, body), { "errors": { "password": "******" }, "status": "error", "message": "validation errors", "code": 401, }, ) body = {"password": "******", "new_password": "******"} self.assertEqual( self.auth.action("api/change_password", "POST", {}, body), { "updated": 1, "status": "success", "code": 200 }, ) body = {"password": "******", "new_email": "*****@*****.**"} self.assertEqual( self.auth.action("api/change_email", "POST", {}, body), { "updated": 1, "status": "success", "code": 200 }, ) body = {"first_name": "Max", "last_name": "Powers", "password": "******"} self.assertEqual( self.auth.action("api/profile", "POST", {}, body), { "errors": { "password": "******" }, "status": "error", "message": "validation errors", "code": 401, }, ) body = {"first_name": "Max", "last_name": "Powers"} self.assertEqual( self.auth.action("api/profile", "POST", {}, body), { "updated": 1, "status": "success", "code": 200 }, )
class TestAuth(unittest.TestCase): def setUp(self): os.environ['PY4WEB_APPS_FOLDER'] = 'apps' self.db = DAL('sqlite:memory') self.session = Session(secret="a", expiration=10) self.session.local.data = {} self.auth = Auth(self.session, self.db, define_tables=True) self.auth.enable() request.app_name = '_scaffold' def test_register_invalid(self): body = {'email': '*****@*****.**'} self.assertEqual( self.auth.action('api/register', 'POST', {}, body), { 'id': None, 'errors': { 'username': '******', 'password': '******', 'first_name': 'Enter a value', 'last_name': 'Enter a value' }, 'status': 'error', 'message': 'validation errors', 'code': 401 }) def test_register(self): body = { 'username': '******', 'email': '*****@*****.**', 'password': '******', 'first_name': 'Pinco', 'last_name': 'Pallino' } self.assertEqual(self.auth.action('api/register', 'POST', {}, body), { 'id': 1, 'status': 'success', 'code': 200 }) user = self.db.auth_user[1] self.assertTrue(user.action_token.startswith('pending-registration')) self.assertEqual(self.auth.get_user(), {}) body = {'email': '*****@*****.**', 'password': '******'} self.assertTrue(self.auth.action('api/login', 'POST', {}, body), { 'status': 'error', 'message': 'Registration is pending', 'code': 400 }) token = user.action_token[len('pending-registration') + 1:] try: self.auth.action('verify_email', 'GET', {'token': token}, {}) assert False, 'email not verified' except HTTP: pass user = self.db.auth_user[1] self.assertTrue(user.action_token == None) self.assertEqual(self.auth.action('api/login', 'POST', {}, body), { 'status': 'error', 'message': 'Invalid Credentials', 'code': 400 }) body = {'email': '*****@*****.**', 'password': '******'} self.assertEqual( self.auth.action('api/login', 'POST', {}, body), { 'user': { 'id': 1, 'username': '******', 'email': '*****@*****.**', 'first_name': 'Pinco', 'last_name': 'Pallino', }, 'status': 'success', 'code': 200 }) body = { 'email': 'ppallino', # can login with both email and username 'password': '******' } self.assertEqual( self.auth.action('api/login', 'POST', {}, body), { 'user': { 'id': 1, 'username': '******', 'email': '*****@*****.**', 'first_name': 'Pinco', 'last_name': 'Pallino', }, 'status': 'success', 'code': 200 }) body = {'email': '*****@*****.**'} self.assertEqual( self.auth.action('api/request_reset_password', 'POST', {}, body), { 'status': 'success', 'code': 200 }) body = {'token': 'junk', 'new_password': '******'} self.assertTrue( self.auth.action('api/reset_password', 'POST', {}, body), { 'status': 'error', 'message': 'invalid token, request expired', 'code': 400 }) body = { 'token': self.auth._link.split('?token=')[1], 'new_password': '******' } self.assertTrue( self.auth.action('api/reset_password', 'POST', {}, body), { 'status': 'success', 'code': 200 }) self.assertEqual( self.auth.get_user(), { 'id': 1, 'username': '******', 'email': '*****@*****.**', 'first_name': 'Pinco', 'last_name': 'Pallino' }) body = {} self.assertEqual( self.auth.action('api/change_password', 'POST', {}, body), { 'errors': { 'password': '******' }, 'status': 'error', 'message': 'validation errors', 'code': 401 }) body = {'password': '******', 'new_password': '******'} self.assertEqual( self.auth.action('api/change_password', 'POST', {}, body), { 'updated': 1, 'status': 'success', 'code': 200 }) body = {'password': '******', 'new_email': '*****@*****.**'} self.assertEqual( self.auth.action('api/change_email', 'POST', {}, body), { 'updated': 1, 'status': 'success', 'code': 200 }) body = {'first_name': 'Max', 'last_name': 'Powers', 'password': '******'} self.assertEqual( self.auth.action('api/profile', 'POST', {}, body), { 'errors': { 'password': '******' }, 'status': 'error', 'message': 'validation errors', 'code': 401 }) body = {'first_name': 'Max', 'last_name': 'Powers'} self.assertEqual(self.auth.action('api/profile', 'POST', {}, body), { 'updated': 1, 'status': 'success', 'code': 200 })
class TestAuth(unittest.TestCase): def setUp(self): os.environ["PY4WEB_APPS_FOLDER"] = "apps" _before_request() # mimic before_request bottle-hook self.db = DAL("sqlite:memory") self.session = Session(secret="a", expiration=10) self.session.initialize() self.auth = Auth(self.session, self.db, define_tables=True, password_complexity=None) self.auth.enable() self.auth.action = self.action request.app_name = "_scaffold" def tearDown(self): bottle.app.router.remove('/*') def action(self, name, method, query, data): request.environ['REQUEST_METHOD'] = method request.environ['ombott.request.query'] = query request.environ['ombott.request.json'] = data # we break a symmetry below. should fix in auth.py if name.startswith('api/'): return getattr(AuthAPI, name[4:])(self.auth) else: return getattr(self.auth.form_source, name)() def on_request(self, keep_session=False): storage = self.session._safe_local # mimic before_request bottle-hook _before_request() # mimic action.uses() self.session.initialize() self.auth.flash.on_request() self.auth.on_request() if keep_session: self.session._safe_local = storage def test_extra_fields(self): db = DAL("sqlite:memory") self.auth = Auth(self.session, db, define_tables=True, extra_fields=[Field('favorite_color')]) self.on_request() self.assertEqual(type(db.auth_user.favorite_color), Field) def test_register_invalid(self): self.on_request() body = {"email": "*****@*****.**"} self.assertEqual( self.auth.action("api/register", "POST", {}, body), { "id": None, "errors": { "username": "******", "password": "******", "first_name": "Enter a value", "last_name": "Enter a value", }, "status": "error", "message": "validation errors", "code": 401, }, ) def test_register(self): self.on_request() body = { "username": "******", "email": "*****@*****.**", "password": "******", "first_name": "Pinco", "last_name": "Pallino", } self.assertEqual( self.auth.action("api/register", "POST", {}, body), { "id": 1, "status": "success", "code": 200 }, ) user = self.db.auth_user[1] self.assertTrue(user.action_token.startswith("pending-registration")) self.assertEqual(self.auth.get_user(), {}) self.on_request() body = {"email": "*****@*****.**", "password": "******"} self.assertEqual( self.auth.action("api/login", "POST", {}, body), { "status": "error", "message": "Registration is pending", "code": 400 }, ) self.on_request() token = user.action_token[len("pending-registration") + 1:] try: self.auth.action("verify_email", "GET", {"token": token}, {}) assert False, "email not verified" except HTTP: pass user = self.db.auth_user[1] self.assertTrue(user.action_token is None) self.on_request() self.assertEqual( self.auth.action("api/login", "POST", {}, body), { "status": "error", "message": "Invalid Credentials", "code": 400 }, ) self.on_request() body = {"email": "*****@*****.**", "password": "******"} self.assertEqual( self.auth.action("api/login", "POST", {}, body), { "user": { "id": 1, "username": "******", "email": "*****@*****.**", "first_name": "Pinco", "last_name": "Pallino", }, "status": "success", "code": 200, }, ) self.on_request() body = { "email": "ppallino", # can login with both email and username "password": "******", } self.assertEqual( self.auth.action("api/login", "POST", {}, body), { "user": { "id": 1, "username": "******", "email": "*****@*****.**", "first_name": "Pinco", "last_name": "Pallino", }, "status": "success", "code": 200, }, ) self.on_request(keep_session=True) body = {"email": "*****@*****.**"} self.assertEqual( self.auth.action("api/request_reset_password", "POST", {}, body), { "status": "success", "code": 200 }, ) self.on_request(keep_session=True) body = {"token": "junk", "new_password": "******"} self.assertEqual( self.auth.action("api/reset_password", "POST", {}, body), { "status": "error", "message": "validation errors", "errors": { "token": "invalid token" }, "code": 401, }, ) self.on_request(keep_session=True) body = { "token": self.auth._link.split("?token=")[1], "new_password": "******", "new_password2": "987654321", } self.assertEqual( self.auth.action("api/reset_password", "POST", {}, body), { "status": "success", "code": 200 }, ) self.assertEqual( self.auth.get_user(), { "id": 1, "username": "******", "email": "*****@*****.**", "first_name": "Pinco", "last_name": "Pallino", }, ) self.on_request(keep_session=True) body = {} self.assertEqual( self.auth.action("api/change_password", "POST", {}, body), { 'errors': { 'old_password': '******' }, "status": "error", "message": "validation errors", "code": 401, }, ) self.on_request(keep_session=True) body = {"old_password": "******", "new_password": "******"} self.assertEqual( self.auth.action("api/change_password", "POST", {}, body), { "updated": 1, "status": "success", "code": 200 }, ) self.on_request(keep_session=True) body = {"password": "******", "new_email": "*****@*****.**"} self.assertEqual( self.auth.action("api/change_email", "POST", {}, body), { "updated": 1, "status": "success", "code": 200 }, ) self.on_request(keep_session=True) body = {"first_name": "Max", "last_name": "Powers", "password": "******"} self.assertEqual( self.auth.action("api/profile", "POST", {}, body), { "errors": { "password": "******" }, "status": "error", "message": "validation errors", "code": 401, }, ) self.on_request(keep_session=True) body = {"first_name": "Max", "last_name": "Powers"} self.assertEqual( self.auth.action("api/profile", "POST", {}, body), { "updated": 1, "status": "success", "code": 200 }, )