Exemplo n.º 1
1
    def test_twitter_login_registration(self, verify_credentials):
        twitter_data = TWITTER_DATA.copy()
        twitter_data["id"] = uuid.uuid4().hex
        verify_credentials.return_value = type("U", (object,), {"AsDict": lambda s: twitter_data})()

        with self.app.test_client() as client:
            token_key, token_secret = "kkkkkkkk", "sssssss"
            for registered in True, False:
                r = client.post(
                    "/ws/login/external/",
                    headers=[get_client_auth_header()],
                    data=dict(external_system="twitter", external_token=token_key + ":" + token_secret),
                )
                self.assertEquals(200, r.status_code)
                creds = json.loads(r.data)
                self.assertEquals(creds["registered"], registered)

            r = client.get(
                creds["resource_url"], headers=[("Authorization", creds["token_type"] + " " + creds["access_token"])]
            )
            data = json.loads(r.data)
            self.assertEquals(data["username"], TWITTER_DATA["screen_name"])
            self.assertEquals(data["display_name"], TWITTER_DATA["name"])
            self.assertTrue(data["avatar_thumbnail_url"])

            token = ExternalToken.query.filter_by(user=creds["user_id"]).one()
            self.assertEquals(token.external_uid, twitter_data["id"])
            self.assertIn("read", token.permissions)
Exemplo n.º 2
0
    def test_facebook_login_registration(self, _get_external_data, get_new_token):
        """ Registration and login is handled in the same view.

            If a facebook token validates on their end, and we don't have a record
            for it on our end, we register the user and return an access token.
            If the user already exists on our system, we return and access token."""

        data = FACEBOOK_GRAPH_DATA.copy()
        data["id"] = uuid.uuid4().hex
        _get_external_data.return_value = data
        from rockpack.mainsite.services.oauth.api import FacebookUser

        long_lived_fb_token = "fdsuioncf3w8ryl38yb7yfsfsdfsd4eius"
        get_new_token.return_value = FacebookUser("facebook", long_lived_fb_token, 3600)

        with self.app.test_client() as client:
            self.app.test_request_context().push()
            initial_fb_token = uuid.uuid4().hex
            r = client.post(
                "/ws/login/external/",
                headers=[get_client_auth_header()],
                data=dict(
                    external_system="facebook",
                    external_token=initial_fb_token,
                    token_expires=datetime.now().isoformat(),
                ),
            )
            creds = json.loads(r.data)
            self.assertEquals(200, r.status_code)
            self.assertNotEquals(None, creds["refresh_token"])

            et = ExternalToken.query.filter_by(external_system="facebook", external_token=long_lived_fb_token)

            self.assertEquals(1, et.count(), "should only be one token for user")
            uid = et.one().user
            self.assertEquals(User.query.get(uid).gender, "m")

            # We pretend that the new token represents the same user,
            # so we should still get a valid login
            new_facebook_token = uuid.uuid4().hex
            r = client.post(
                "/ws/login/external/",
                headers=[get_client_auth_header()],
                data=dict(
                    external_system="facebook",
                    external_token=new_facebook_token,
                    token_expires=datetime.now().isoformat(),
                ),
            )
            self.assertEquals(200, r.status_code)
            self.assertNotEquals(None, creds["refresh_token"])

            et = ExternalToken.query.filter_by(user=uid)
            self.assertEquals(1, et.count(), "should only be one token for user")
            et = et.one()
            self.assertEquals(long_lived_fb_token, et.external_token, "token should be updated")
Exemplo n.º 3
0
 def test_email_addresses(self):
     with self.app.test_client() as client:
         for email, status in [
             (None, 400),
             ("", 400),
             ("foo", 400),
             ("foo@com", 400),
             ("*****@*****.**", 400),
             ("*****@*****.**", 400),
             ("[email protected].", 400),
             ("*****@*****.**", 200),
         ]:
             username = uuid.uuid4().hex
             r = client.post(
                 "/ws/register/",
                 headers=[get_client_auth_header()],
                 data=dict(
                     username=username,
                     password="******",
                     first_name="foo",
                     last_name="bar",
                     date_of_birth="1980-01-01",
                     locale="en-us",
                     email=email,
                 ),
             )
             self.assertEquals(r.status_code, status, "%s: %d, %s" % (email, r.status_code, r.data))
Exemplo n.º 4
0
    def test_username_availability(self):
        with self.app.test_client() as client:
            self.app.test_request_context().push()
            r = client.post(
                "/ws/register/availability/",
                headers=[get_client_auth_header()],
                data=dict(username=UserData.test_user_a.username),
            )
            self.assertEquals(r.status_code, 200)
            self.assertEquals(json.loads(r.data)["available"], False)

            r = client.post(
                "/ws/register/availability/",
                headers=[get_client_auth_header()],
                data=dict(username="******"),
            )
            self.assertEquals(r.status_code, 200)
            self.assertEquals(json.loads(r.data)["available"], True)
Exemplo n.º 5
0
 def test_succesful_login(self, get_resource_url):
     with self.app.test_client() as client:
         r = client.post(
             "/ws/login/",
             headers=[get_client_auth_header()],
             data=dict(grant_type="password", username="******", password="******"),
         )
         self.assertEquals(200, r.status_code)
         get_resource_url.assert_called_with(own=True)
Exemplo n.º 6
0
 def test_invalid_external_system(self, _get_external_data):
     _get_external_data.return_value = FACEBOOK_GRAPH_DATA
     with self.app.test_client() as client:
         facebook_token = uuid.uuid4().hex
         r = client.post(
             "/ws/login/external/",
             headers=[get_client_auth_header()],
             data=dict(external_system="PantsBake", external_token=facebook_token),
         )
         self.assertEquals(400, r.status_code)
Exemplo n.º 7
0
    def test_unauthorized_facebook_registration(self, _get_external_data):
        _get_external_data.return_value = {}

        with self.app.test_client() as client:
            facebook_token = uuid.uuid4().hex
            r = client.post(
                "/ws/login/external/",
                headers=[get_client_auth_header()],
                data=dict(external_system="facebook", external_token=facebook_token),
            )
            error = json.loads(r.data)
            self.assertEquals(400, r.status_code)
            self.assertEquals("unauthorized_client", error["error"])
Exemplo n.º 8
0
 def test_naughty_username(self):
     with self.app.test_client() as client:
         for username, status in [("Scunthorpe", 200), ("HorIsACunt", 400)]:
             r = client.post(
                 "/ws/register/",
                 headers=[get_client_auth_header()],
                 data=dict(
                     username=username,
                     password="******",
                     first_name="foo",
                     last_name="bar",
                     date_of_birth="2000-01-01",
                     locale="en-us",
                     email="*****@*****.**" % username,
                 ),
             )
             self.assertEquals(status, r.status_code, r.data)
Exemplo n.º 9
0
    def test_failed_registration(self):
        with self.app.test_client() as client:
            r = client.post(
                "/ws/register/",
                headers=[get_client_auth_header()],
                data=dict(
                    username="",
                    password="******",
                    first_name="foo",
                    last_name="bar",
                    date_of_birth="2000-01-01",
                    locale="en-us",
                    email="foo{}@bar.com".format(uuid.uuid4().hex),
                ),
            )
            response = json.loads(r.data)

            self.assertEquals(response["form_errors"]["username"][0], "This field is required.")
Exemplo n.º 10
0
    def test_registration_gender(self, _get_external_data):
        data = FACEBOOK_GRAPH_DATA.copy()
        data["id"] = uuid.uuid4().hex
        data["gender"] = "m"
        _get_external_data.return_value = data

        with self.app.test_client() as client:
            facebook_token = uuid.uuid4().hex
            r = client.post(
                "/ws/login/external/",
                headers=[get_client_auth_header()],
                data=dict(
                    external_system="facebook", external_token=facebook_token, token_expires="2020-01-01T00:00:00"
                ),
            )
            creds = json.loads(r.data)
            self.assertEquals(200, r.status_code)
            self.assertIsNotNone(creds["refresh_token"])
            user_gender = User.query.filter_by(id=creds["user_id"]).value("gender")
            self.assertEquals(user_gender, data["gender"])
Exemplo n.º 11
0
 def test_birthdates(self):
     with self.app.test_client() as client:
         for dob, status in [
             ("1980-01-01", 200),
             ("1980-31-01", 400),
             ("1800-01-01", 400),
             ("2010-01-01", 400),
             ("2100-01-01", 400),
         ]:
             username = uuid.uuid4().hex
             r = client.post(
                 "/ws/register/",
                 headers=[get_client_auth_header()],
                 data=dict(
                     username=username,
                     password="******",
                     first_name="foo",
                     last_name="bar",
                     date_of_birth=dob,
                     locale="en-us",
                     email="*****@*****.**" % username,
                 ),
             )
             self.assertEquals(r.status_code, status, "%s: %d, %s" % (dob, r.status_code, r.data))
Exemplo n.º 12
0
    def test_successful_registration(self):

        viewing_user = self.create_test_user().id

        with self.app.test_request_context():
            with self.app.test_client() as client:
                r = client.post(
                    "/ws/register/",
                    headers=[get_client_auth_header()],
                    data=dict(
                        username="******",
                        password="******",
                        first_name="foo",
                        last_name="bar",
                        date_of_birth="2000-01-01",
                        locale="en-us",
                        email="foo{}@bar.com".format(uuid.uuid4().hex),
                    ),
                )

        creds = json.loads(r.data)
        self.assertEquals(200, r.status_code)
        self.assertNotEquals(None, creds["refresh_token"])
        self.assertGreaterEqual(
            Channel.query.filter_by(owner=creds["user_id"]).count(), 1, "default user channel should be created"
        )

        self.wait_for_es()

        with self.app.test_client() as client:

            r = client.get("/ws/{}/".format(creds["user_id"]), headers=[get_auth_header(viewing_user)])
            self.assertGreaterEqual(json.loads(r.data)["channels"]["total"], 1)

            creds = json.loads(r.data)

            r = client.post(
                "/ws/login/",
                headers=[get_client_auth_header()],
                data=dict(grant_type="password", username="******", password="******"),
            )

            creds = json.loads(r.data)
            self.assertNotEquals(None, creds["refresh_token"])

            r = client.post(
                "/ws/token/",
                headers=[get_client_auth_header()],
                data=dict(refresh_token=creds["refresh_token"], grant_type="refresh_token"),
            )

            new_creds = json.loads(r.data)

            self.assertEquals("Bearer", new_creds["token_type"], "token type should be Bearer")
            self.assertEquals(new_creds["refresh_token"], creds["refresh_token"], "refresh tokens should be the same")
            self.assertNotEquals(
                new_creds["access_token"],
                creds["access_token"],
                "old access token should not be the same at the new one",
            )

            # Try and get a refresh token with an invalid token
            r = client.post(
                "/ws/token/",
                headers=[get_client_auth_header()],
                data=dict(refresh_token="7348957nev9o3874nqlvcfh47lmqa"),
            )
            self.assertEquals(400, r.status_code)
Exemplo n.º 13
0
 def test_fb():
     from flask import render_template
     from test.test_helpers import get_client_auth_header
     return render_template('fb_test.html',
                            client_auth_headers=[get_client_auth_header()])