def test_login__form_submission__success_with_identity_wo_scheme(self, remember): from webidentity.views.login import login from webidentity.models import User session = DBSession() session.add(User(u'john.doe', u'secret', u'*****@*****.**')) self.assertEquals( session.query(User).filter_by(username=u'john.doe').first().email, u'*****@*****.**') remember.return_value = [('X-Login', 'john.doe')] request = testing.DummyRequest(environ={ 'wsgi.url_scheme': 'http', }) token = request.session.new_csrf_token() request.POST = { 'form.submitted': u'1', 'login': u'example.com/id/john.doe', 'password': u'secret', 'csrf_token': token, } response = login(request) self.assertEquals(dict(response.headers), { 'Content-Length': '0', 'Content-Type': 'text/html; charset=UTF-8', 'Location': 'http://example.com', 'X-Login': u'john.doe'}) self.assertEquals(request.session.pop_flash(), [u'You have successfully logged in.'])
def test_login__form_submission__invalid_password(self): from webidentity.views.login import login from webidentity.models import User session = DBSession() session.add(User(u'john.doe', u'secret', u'*****@*****.**')) self.assertEquals( session.query(User).filter_by(username=u'john.doe').first().email, u'*****@*****.**') request = testing.DummyRequest(environ={ 'wsgi.url_scheme': 'http', }) token = request.session.new_csrf_token() request.POST = { 'form.submitted': u'1', 'login': u'john.doe', 'password': u'thisiswrong', 'csrf_token': token, } options = login(request) self.assertEquals(options, { 'title': u'Login', 'reset_url': 'http://example.com/reset-password', 'action_url': 'http://example.com/login', 'login': u'john.doe', 'csrf_token': token})
def test_login__no_submission(self): from webidentity.views.login import login request = testing.DummyRequest(environ={ 'wsgi.url_scheme': 'http', }) token = request.session.new_csrf_token() options = login(request) self.assertEquals(options, { 'title': u'Login', 'reset_url': 'http://example.com/reset-password', 'action_url': 'http://example.com/login', 'login': u'', 'csrf_token': token, })
def test_login__form_submission__csrf_mismatch(self): from webidentity.views.login import login request = testing.DummyRequest(environ={ 'wsgi.url_scheme': 'http', }) token = request.session.new_csrf_token() request.POST = { 'form.submitted': u'1', 'login': u'john.doe', 'password': u'thisiswrong', 'csrf_token': u'invalid', } self.failIf(token == u'invalid') self.assertRaises(Forbidden, lambda: login(request))
def test_login__form_submission__non_existing_user(self): from webidentity.views.login import login request = testing.DummyRequest(environ={ 'wsgi.url_scheme': 'http', }) token = request.session.new_csrf_token() request.POST = { 'form.submitted': u'1', 'login': u'john.doe', 'password': u'thisiswrong', 'csrf_token': token, } options = login(request) self.assertEquals(options, { 'title': u'Login', 'reset_url': 'http://example.com/reset-password', 'action_url': 'http://example.com/login', 'login': u'john.doe', 'csrf_token': token})