def test_bad_login_yields_401():
s = _get_session(True)
User.create_user("BillBixby", "hulkrulez", "*****@*****.**")
app = controllers.make_app()
app = BespinTestApp(app)
resp = app.post("/register/login/BillBixby",
dict(password="******"), status=401)
def test_login_without_cookie():
s = _get_session(True)
User.create_user("BillBixby", "hulkrulez", "*****@*****.**")
app = controllers.make_app()
app = BespinTestApp(app)
resp = app.post("/register/login/BillBixby", dict(password="******"))
assert resp.cookies_set['auth_tkt']
def test_bad_login_yields_401():
s = _get_session(True)
User.create_user("BillBixby", "hulkrulez", "*****@*****.**")
app = controllers.make_app()
app = BespinTestApp(app)
resp = app.post("/register/login/BillBixby",
dict(password="******"),
status=401)
def test_bad_ticket_is_ignored():
_clear_db()
app = controllers.make_app()
app = BespinTestApp(app)
resp = app.post("/register/new/Aldus", dict(password="******",
email="*****@*****.**"))
app.cookies['auth_tkt'] = app.cookies['auth_tkt'][:-1]
resp = app.get("/preview/at/SampleProjectFor%3AAldus/index.html", status=401)
def test_login_without_cookie():
s = _get_session(True)
User.create_user("BillBixby", "hulkrulez", "*****@*****.**")
app = controllers.make_app()
app = BespinTestApp(app)
resp = app.post("/register/login/BillBixby",
dict(password="******"))
assert resp.cookies_set['auth_tkt']
def test_bad_ticket_is_ignored():
_clear_db()
app = controllers.make_app()
app = BespinTestApp(app)
resp = app.post("/register/new/Aldus", dict(password="******",
email="*****@*****.**"))
app.cookies['auth_tkt'] = app.cookies['auth_tkt'][:-1]
resp = app.get("/preview/at/SampleProjectFor%3AAldus/index.html",
status=401)
def test_userinfo_also_returns_capabilities():
_clear_db()
app = controllers.make_app()
app = BespinTestApp(app)
resp = app.post("/register/new/BillBixby", dict(email="*****@*****.**", password="******"))
resp = app.get("/register/userinfo/")
data = simplejson.loads(resp.body)
print data
assert "serverCapabilities" in data
def test_static_files_with_auth():
_clear_db()
app = controllers.make_app()
app = BespinTestApp(app)
resp = app.get('/editor.html', status=302)
assert resp.location == "http://localhost/"
resp = app.post('/register/new/Aldus', dict(password="******",
email="*****@*****.**"))
resp = app.get('/editor.html')
def test_static_files_with_auth():
_clear_db()
app = controllers.make_app()
app = BespinTestApp(app)
resp = app.get('/editor.html', status=302)
assert resp.location == "http://localhost/"
resp = app.post('/register/new/Aldus', dict(password="******",
email="*****@*****.**"))
resp = app.get('/editor.html')
def test_server_capabilities():
_clear_db()
app = controllers.make_app()
app = BespinTestApp(app)
resp = app.post("/register/new/BillBixby", dict(email="*****@*****.**", password="******"))
resp = app.get("/capabilities/")
assert resp.content_type == "application/json"
data = simplejson.loads(resp.body)
print data
assert data == dict(capabilities=["vcs"], dojoModulePath={}, javaScriptPlugins=[])
def test_userinfo_also_returns_capabilities():
_clear_db()
app = controllers.make_app()
app = BespinTestApp(app)
resp = app.post('/register/new/BillBixby',
dict(email="*****@*****.**", password="******"))
resp = app.get('/register/userinfo/')
data = simplejson.loads(resp.body)
print data
assert 'serverCapabilities' in data
def test_username_with_bad_characters():
_clear_db()
app = controllers.make_app()
app = BespinTestApp(app)
resp = app.post("/register/new/Thinga%20Majig",
dict(password="******", email="thinga@majig"), status=400)
resp = app.post("/register/new/Thinga<majig>",
dict(password="******", email="thinga@majig"), status=400)
resp = app.post("/register/new/Thing/",
dict(password="******", email="thinga@majig"), status=400)
resp = app.post("/register/new/..",
dict(password="******", email="thinga@majig"), status=400)
def test_register_existing_user_should_not_authenticate():
s = _get_session(True)
app_orig = controllers.make_app()
app = BespinTestApp(app_orig)
resp = app.post('/register/new/BillBixby', dict(email="*****@*****.**",
password="******"))
app = BespinTestApp(app_orig)
resp = app.post("/register/new/BillBixby", dict(email="*****@*****.**",
password="******"),
status=409)
assert not resp.cookies_set
user = User.find_user("BillBixby", 'notangry')
assert user is not None
def test_server_capabilities():
_clear_db()
app = controllers.make_app()
app = BespinTestApp(app)
resp = app.post('/register/new/BillBixby',
dict(email="*****@*****.**", password="******"))
resp = app.get("/capabilities/")
assert resp.content_type == "application/json"
data = simplejson.loads(resp.body)
print data
assert data == dict(capabilities=["vcs"],
dojoModulePath={},
javaScriptPlugins=[])
def test_get_users_settings():
_clear_db()
app = controllers.make_app()
app = BespinTestApp(app)
resp = app.post("/register/new/macgyver",
dict(password="******", email="*****@*****.**"))
resp = app.put("/file/at/BespinSettings/settings", """
vcsuser Mack Gyver <*****@*****.**>
""")
s = _get_session()
macgyver = User.find_user("macgyver")
settings = macgyver.get_settings()
assert settings == dict(vcsuser="******")
def test_get_users_settings():
_clear_db()
app = controllers.make_app()
app = BespinTestApp(app)
resp = app.post("/register/new/macgyver",
dict(password="******", email="*****@*****.**"))
resp = app.put("/file/at/BespinSettings/settings", """
vcsuser Mack Gyver <*****@*****.**>
""")
s = _get_session()
macgyver = User.find_user("macgyver")
settings = macgyver.get_settings()
assert settings == dict(vcsuser="******")
def test_register_and_verify_user():
config.activate_profile()
_clear_db()
s = _get_session()
app = controllers.make_app()
app = BespinTestApp(app)
resp = app.post('/register/new/BillBixby',
dict(email="*****@*****.**", password="******"))
assert resp.content_type == "application/json"
data = simplejson.loads(resp.body)
assert data == {}
assert resp.cookies_set['auth_tkt']
assert app.cookies
billbixby = User.find_user("BillBixby")
sample_project = get_project(billbixby, billbixby, "SampleProject")
files = [file.name for file in sample_project.list_files()]
assert "readme.txt" in files
# should be able to run again without an exception appearing
resp = app.post('/register/new/BillBixby',
dict(email="*****@*****.**", password="******"),
status=409)
# with the cookie set, we should be able to retrieve the
# logged in name
resp = app.get('/register/userinfo/')
assert resp.content_type == 'application/json'
data = simplejson.loads(resp.body)
assert data['username'] == 'BillBixby'
assert 'quota' in data
assert data['quota'] == 15728640
assert 'amountUsed' in data
resp = app.get("/file/at/BespinSettings/config")
app.post("/file/close/BespinSettings/config")
def test_password_change_bad_code():
config.set_profile("test")
config.activate_profile()
_clear_db()
app = controllers.make_app()
app = BespinTestApp(app)
resp = app.post('/register/new/BillBixby', dict(email="*****@*****.**",
password="******"))
app.reset()
resp = app.post('/register/password/BillBixby', dict(
code="42",
newPassword="******"),
status=400)
def test_lost_username(send_text_email):
config.set_profile("test")
config.activate_profile()
_clear_db()
app = controllers.make_app()
app = BespinTestApp(app)
resp = app.post('/register/new/BillBixby',
dict(email="*****@*****.**", password="******"))
resp = app.post('/register/lost/', dict(email='*****@*****.**'))
assert send_text_email.called
args = send_text_email.call_args[0]
assert args[0] == '*****@*****.**'
assert args[1].startswith("Your username for ")
assert "Your username is:" in args[2]
assert "BillBixby" in args[2]
def test_lost_username(send_text_email):
config.set_profile("test")
config.activate_profile()
_clear_db()
app = controllers.make_app()
app = BespinTestApp(app)
resp = app.post('/register/new/BillBixby', dict(email="*****@*****.**",
password="******"))
resp = app.post('/register/lost/', dict(email='*****@*****.**'))
assert send_text_email.called
args = send_text_email.call_args[0]
assert args[0] == '*****@*****.**'
assert args[1].startswith("Your username for ")
assert "Your username is:" in args[2]
assert "BillBixby" in args[2]
def test_register_and_verify_user():
config.activate_profile()
_clear_db()
s = _get_session()
app = controllers.make_app()
app = BespinTestApp(app)
resp = app.post('/register/new/BillBixby', dict(email="*****@*****.**",
password="******"))
assert resp.content_type == "application/json"
data = simplejson.loads(resp.body)
assert data == {}
assert resp.cookies_set['auth_tkt']
assert app.cookies
billbixby = User.find_user("BillBixby")
sample_project = get_project(billbixby, billbixby, "SampleProject")
files = [file.name for file in sample_project.list_files()]
assert "readme.txt" in files
# should be able to run again without an exception appearing
resp = app.post('/register/new/BillBixby', dict(email="*****@*****.**",
password="******"),
status=409)
# with the cookie set, we should be able to retrieve the
# logged in name
resp = app.get('/register/userinfo/')
assert resp.content_type == 'application/json'
data = simplejson.loads(resp.body)
assert data['username'] == 'BillBixby'
assert 'quota' in data
assert data['quota'] == 15728640
assert 'amountUsed' in data
resp = app.get("/file/at/BespinSettings/config")
app.post("/file/close/BespinSettings/config")
def test_users_can_be_locked_out():
config.set_profile("test")
config.c.login_failure_tracking = "memory"
config.c.login_attempts = "1"
config.c.lockout_period = "1"
config.activate_profile()
app = controllers.make_app()
app = BespinTestApp(app)
_clear_db()
resp = app.post('/register/new/BillBixby', dict(email="*****@*****.**",
password="******"))
resp = app.post("/register/login/BillBixby",
dict(password="******"), status=401)
# fail with good password now, because we're locked out
resp = app.post("/register/login/BillBixby",
dict(password="******"), status=401)
def test_password_change_with_confirmation_code():
config.set_profile("test")
config.activate_profile()
_clear_db()
app = controllers.make_app()
app = BespinTestApp(app)
resp = app.post('/register/new/BillBixby', dict(email="*****@*****.**",
password="******"))
app.reset()
user = User.find_user("BillBixby")
verify_code = controllers._get_password_verify_code(user)
resp = app.post('/register/password/BillBixby', dict(
code=verify_code,
newPassword="******"))
user = User.find_user('BillBixby', 'hatetraffic')
assert user
def test_lost_password_request(send_text_email):
config.set_profile("test")
config.activate_profile()
_clear_db()
app = controllers.make_app()
app = BespinTestApp(app)
resp = app.post('/register/new/BillBixby', dict(email="*****@*****.**",
password="******"))
app.reset()
resp = app.post('/register/lost/', dict(username='******'))
assert send_text_email.called
args = send_text_email.call_args[0]
assert args[0] == '*****@*****.**'
assert args[1].startswith("Requested password change for ")
user = User.find_user("BillBixby")
verify_code = controllers._get_password_verify_code(user)
assert verify_code in args[2]
def test_users_can_be_locked_out():
config.set_profile("test")
config.c.login_failure_tracking = "memory"
config.c.login_attempts = "1"
config.c.lockout_period = "1"
config.activate_profile()
app = controllers.make_app()
app = BespinTestApp(app)
_clear_db()
resp = app.post('/register/new/BillBixby',
dict(email="*****@*****.**", password="******"))
resp = app.post("/register/login/BillBixby",
dict(password="******"),
status=401)
# fail with good password now, because we're locked out
resp = app.post("/register/login/BillBixby",
dict(password="******"),
status=401)
def test_messages_sent_from_server_to_user():
_clear_db()
app = controllers.make_app()
app = BespinTestApp(app)
resp = app.post("/register/new/macgyver",
dict(password="******", email="*****@*****.**"))
s = _get_session()
macgyver = User.find_user("macgyver")
assert len(macgyver.messages) == 0
macgyver.publish(dict(my="message"))
s.commit()
resp = app.post("/messages/")
assert resp.content_type == "application/json"
data = simplejson.loads(resp.body)
assert len(data) == 1
assert data[0] == dict(my="message")
# the message should be consumed
resp = app.post("/messages/")
data = simplejson.loads(resp.body)
assert len(data) == 0
def test_messages_sent_from_server_to_user():
_clear_db()
app = controllers.make_app()
app = BespinTestApp(app)
resp = app.post("/register/new/macgyver",
dict(password="******", email="*****@*****.**"))
s = _get_session()
macgyver = User.find_user("macgyver")
assert len(macgyver.messages) == 0
macgyver.publish(dict(my="message"))
s.commit()
resp = app.post("/messages/")
assert resp.content_type == "application/json"
data = simplejson.loads(resp.body)
assert len(data) == 1
assert data[0] == dict(my="message")
# the message should be consumed
resp = app.post("/messages/")
data = simplejson.loads(resp.body)
assert len(data) == 0
def test_register_existing_user_should_not_authenticate():
s = _get_session(True)
app_orig = controllers.make_app()
app = BespinTestApp(app_orig)
resp = app.post('/register/new/BillBixby',
dict(email="*****@*****.**", password="******"))
app = BespinTestApp(app_orig)
resp = app.post("/register/new/BillBixby",
dict(email="*****@*****.**", password="******"),
status=409)
assert not resp.cookies_set
user = User.find_user("BillBixby", 'notangry')
assert user is not None
def test_password_change_bad_code():
config.set_profile("test")
config.activate_profile()
_clear_db()
app = controllers.make_app()
app = BespinTestApp(app)
resp = app.post('/register/new/BillBixby',
dict(email="*****@*****.**", password="******"))
app.reset()
resp = app.post('/register/password/BillBixby',
dict(code="42", newPassword="******"),
status=400)
def test_username_with_bad_characters():
_clear_db()
app = controllers.make_app()
app = BespinTestApp(app)
resp = app.post("/register/new/Thinga%20Majig",
dict(password="******", email="thinga@majig"),
status=400)
resp = app.post("/register/new/Thinga<majig>",
dict(password="******", email="thinga@majig"),
status=400)
resp = app.post("/register/new/Thing/",
dict(password="******", email="thinga@majig"),
status=400)
resp = app.post("/register/new/..",
dict(password="******", email="thinga@majig"),
status=400)
def test_password_change_with_confirmation_code():
config.set_profile("test")
config.activate_profile()
_clear_db()
app = controllers.make_app()
app = BespinTestApp(app)
resp = app.post('/register/new/BillBixby',
dict(email="*****@*****.**", password="******"))
app.reset()
user = User.find_user("BillBixby")
verify_code = controllers._get_password_verify_code(user)
resp = app.post('/register/password/BillBixby',
dict(code=verify_code, newPassword="******"))
user = User.find_user('BillBixby', 'hatetraffic')
assert user
def test_lost_password_request(send_text_email):
config.set_profile("test")
config.activate_profile()
_clear_db()
app = controllers.make_app()
app = BespinTestApp(app)
resp = app.post('/register/new/BillBixby',
dict(email="*****@*****.**", password="******"))
app.reset()
resp = app.post('/register/lost/', dict(username='******'))
assert send_text_email.called
args = send_text_email.call_args[0]
assert args[0] == '*****@*****.**'
assert args[1].startswith("Requested password change for ")
user = User.find_user("BillBixby")
verify_code = controllers._get_password_verify_code(user)
assert verify_code in args[2]
def test_register_returns_empty_when_not_logged_in():
app = controllers.make_app()
app = BespinTestApp(app)
resp = app.get('/register/userinfo/', status=401)
assert resp.body == ""
def setup_module(module):
global app
config.set_profile('test')
app = controllers.make_app()
app = BespinTestApp(app)
logging.basicConfig(level=logging.DEBUG)
def test_api_version_header():
app = controllers.make_app()
app = BespinTestApp(app)
resp = app.get("/register/userinfo/", status=401)
assert resp.headers.get("X-Bespin-API") == "dev"
def test_api_version_header():
app = controllers.make_app()
app = BespinTestApp(app)
resp = app.get("/register/userinfo/", status=401)
assert resp.headers.get("X-Bespin-API") == "dev"
def test_register_returns_empty_when_not_logged_in():
app = controllers.make_app()
app = BespinTestApp(app)
resp = app.get('/register/userinfo/', status=401)
assert resp.body == ""
def setup_module(module):
global app
config.set_profile('test')
app = controllers.make_app()
app = BespinTestApp(app)
