def test_auth_user_verify_after_pw_change(testing_db):
    response = hug.test.get(main, "/config.js", headers=get_user_login())
    assert response.status == hug.HTTP_200
    response = hug.test.patch(main,
                              "/api/user",
                              headers=get_user_login(),
                              body=get_change_pw_match())
    assert response.status == hug.HTTP_200
    response = hug.test.get(main, "/config.js", headers=get_user_login())
    assert response.status == hug.HTTP_401
    response = hug.test.get(main,
                            "/config.js",
                            headers=get_auth_header(USER, USER + "1"))
    assert response.status == hug.HTTP_200
Exemplo n.º 2
0
def test_change_user_pw(testing_db):
    NEW_PASSWORD = '******'
    # first, verify that both users' logins work
    response = hug.test.get(main,
                            "/api/booked",
                            headers=get_user_login(),
                            start_date="2020-03-26",
                            end_date="2020-03-26")
    assert response.status == hug.HTTP_200
    response = hug.test.get(main,
                            "/admin/config.js",
                            headers=get_admin_login())
    assert response.status == hug.HTTP_200
    # now, let's change the password
    hug.test.cli('change_user_pw',
                 module='main',
                 username=USER,
                 password=NEW_PASSWORD,
                 for_real=True)

    # check that the old login does not work anymore
    response = hug.test.get(main,
                            "/api/booked",
                            headers=get_user_login(),
                            start_date="2020-03-26",
                            end_date="2020-03-26")
    assert response.status == hug.HTTP_401

    # and the new one does
    response = hug.test.get(
        main,
        "/api/booked",
        headers={"Authorization": get_basic_auth(USER, NEW_PASSWORD)},
        start_date="2020-03-26",
        end_date="2020-03-26")
    assert response.status == hug.HTTP_200

    # and the existing user wasn't changed
    response = hug.test.get(main,
                            "/admin/config.js",
                            headers=get_admin_login())
    assert response.status == hug.HTTP_200
def test_user_is_unauthorized(testing_db):
    response = hug.test.get(main, "/admin_api/user", headers=get_user_login())
    assert response.status == hug.HTTP_401
def test_auth_user_verify(testing_db):
    response = hug.test.get(main, "/config.js", headers=get_user_login())
    assert response.status == hug.HTTP_200
def test_change_user_password_no_match(testing_db):
    response = hug.test.patch(main,
                              "/api/user",
                              headers=get_user_login(),
                              body=get_change_pw_mismatch())
    assert response.status == hug.HTTP_400