def test_login_and_store_credentials_in_session(self):
# only testing custom logic, which happens on POST
# everything else is handled by django.contrib.auth
mockrequest = Mock()
mockrequest.method = 'POST'
def not_logged_in(rqst):
rqst.user.is_authenticated.return_value = False
def set_logged_in(rqst):
rqst.user.is_authenticated.return_value = True
rqst.POST.get.return_value = "TEST_PASSWORD"
# failed login
with patch('eulfedora.views.authviews.login',
new=Mock(side_effect=not_logged_in)):
mockrequest.session = dict()
response = login_and_store_credentials_in_session(mockrequest)
self.assert_(FEDORA_PASSWORD_SESSION_KEY not in mockrequest.session,
'user password for fedora should not be stored in session on failed login')
# successful login
with patch('eulfedora.views.authviews.login',
new=Mock(side_effect=set_logged_in)):
response = login_and_store_credentials_in_session(mockrequest)
self.assert_(FEDORA_PASSWORD_SESSION_KEY in mockrequest.session,
'user password for fedora should be stored in session on successful login')
# test password stored in the mock request
pwd = mockrequest.POST.get()
# encrypted password stored in session
sessionpwd = mockrequest.session[FEDORA_PASSWORD_SESSION_KEY]
self.assertNotEqual(pwd, sessionpwd,
'password should not be stored in the session without encryption')
self.assertEqual(pwd, cryptutil.decrypt(sessionpwd),
'user password stored in session is encrypted')
def test_login_and_store_credentials_in_session(self):
# only testing custom logic, which happens on POST
# everything else is handled by django.contrib.auth
mockrequest = Mock()
mockrequest.method = 'POST'
def not_logged_in(rqst):
rqst.user.is_authenticated.return_value = False
def set_logged_in(rqst):
rqst.user.is_authenticated.return_value = True
rqst.POST.get.return_value = "TEST_PASSWORD"
# failed login
with patch('eulfedora.views.authviews.login',
new=Mock(side_effect=not_logged_in)):
mockrequest.session = dict()
response = login_and_store_credentials_in_session(mockrequest)
self.assert_(
FEDORA_PASSWORD_SESSION_KEY not in mockrequest.session,
'user password for fedora should not be stored in session on failed login'
)
# successful login
with patch('eulfedora.views.authviews.login',
new=Mock(side_effect=set_logged_in)):
response = login_and_store_credentials_in_session(mockrequest)
self.assert_(
FEDORA_PASSWORD_SESSION_KEY in mockrequest.session,
'user password for fedora should be stored in session on successful login'
)
# test password stored in the mock request
pwd = mockrequest.POST.get()
# encrypted password stored in session
sessionpwd = mockrequest.session[FEDORA_PASSWORD_SESSION_KEY]
self.assertNotEqual(
pwd, sessionpwd,
'password should not be stored in the session without encryption'
)
self.assertEqual(pwd, force_text(cryptutil.decrypt(sessionpwd)),
'user password stored in session is encrypted')
def login(request):
'''Log in, store credentials for Fedora access, and redirect to
the user profile page if no **next** url was specified. If login
fails, the user will be redirect either to the **next** url (if
specified) or to the site index, with an error message to indicate
the login failure.
Login functionality is based on
:meth:`eulfedora.views.login_and_store_credentials_in_session` and
:meth:`django.contrib.auth.views.login`
'''
response = login_and_store_credentials_in_session(
request,
# NOTE: specifying 401.html because default accounts/registration.html
# doesn't exist; we should handle this better
template_name='401.html')
# if login succeeded and a next url was not specified,
# redirect the user somewhere appropriate
if request.method == "POST":
next_url = request.POST.get('next', None)
if request.user.is_authenticated() and not next_url:
# if the user is in the Site Admin group, redirect
# to the harvest queue page
if request.user.groups.filter(name='Site Admin').count():
next_url = reverse('harvest:queue')
# if the user has a profile page, redirect t
elif request.user.get_profile().has_profile_page():
next_url = reverse('accounts:profile',
kwargs={'username': request.user.username})
if next_url is None:
next_url = reverse('site-index')
return HttpResponseSeeOtherRedirect(next_url)
# if this was a post, but the user is not authenticated, login must have failed
elif not request.user.is_authenticated():
# add an error message, then redirect the user back to where they were
messages.error(request, 'Login failed. Please try again.')
if not next_url:
next_url = reverse('site-index')
return HttpResponseSeeOtherRedirect(next_url)
return response
def login(request):
'''Log in, store credentials for Fedora access, and redirect to
the user profile page if no **next** url was specified. If login
fails, the user will be redirect either to the **next** url (if
specified) or to the site index, with an error message to indicate
the login failure.
Login functionality is based on
:meth:`eulfedora.views.login_and_store_credentials_in_session` and
:meth:`django.contrib.auth.views.login`
'''
response = login_and_store_credentials_in_session(request,
# NOTE: specifying 401.html because default accounts/registration.html
# doesn't exist; we should handle this better
template_name='401.html')
# if login succeeded and a next url was not specified,
# redirect the user somewhere appropriate
if request.method == "POST":
next_url = request.POST.get('next', None)
if request.user.is_authenticated() and not next_url:
# if the user is in the Site Admin group, redirect
# to the harvest queue page
if request.user.groups.filter(name='Site Admin').count():
next_url = reverse('harvest:queue')
# if the user has a profile page, redirect t
elif request.user.userprofile.has_profile_page():
next_url = reverse('accounts:profile',
kwargs={'username': request.user.username})
if next_url is None:
next_url = reverse('site-index')
return HttpResponseSeeOtherRedirect(next_url)
# if this was a post, but the user is not authenticated, login must have failed
elif not request.user.is_authenticated():
# add an error message, then redirect the user back to where they were
messages.error(request, 'Login failed. Please try again.')
if not next_url:
next_url = reverse('site-index')
return HttpResponseSeeOtherRedirect(next_url)
return response
