def test_duplicate_token_for_same_user_is_removed_after_visiting_magic_link(
client):
token = factories.MagicTokenFactory()
duplicate = factories.MagicTokenFactory(user=token.user)
url = reverse('magicauth-validate-token', args=[token.key])
client.get(url)
assert duplicate not in MagicToken.objects.all()
def test_expired_token_is_deleted(client):
token = factories.MagicTokenFactory()
token.created = timezone.now() - timedelta(days=1)
token.save()
url = reverse('magicauth-validate-token', args=[token.key])
client.get(url)
assert token not in MagicToken.objects.all()
def test_token_is_removed_after_visiting_magic_link(client):
token = factories.MagicTokenFactory()
url = reverse('magicauth-validate-token', args=[token.key])
count_before = MagicToken.objects.count()
client.get(url)
count_after = MagicToken.objects.count()
assert count_after == count_before - 1
def test_expired_token_redirects(client):
token = factories.MagicTokenFactory()
token.created = timezone.now() - timedelta(days=1)
token.save()
url = reverse('magicauth-validate-token', args=[token.key])
response = client.get(url)
assert response.status_code == 302
def test_opening_magic_link_with_a_next_sets_a_new_url(client):
token = factories.MagicTokenFactory()
url = (reverse("magicauth-validate-token", kwargs={"key": token.key}) +
"?next=/test_dashboard/?a=test&b=test")
response = client.get(url)
assert response.status_code == 302
assert response.url == "/test_dashboard/?a=test&b=test"
def test_validate_token_view_with_unsafe_next_raises_404_for_loggedin_user(client):
token = factories.MagicTokenFactory()
user = factories.UserFactory()
client.force_login(user)
next_url = 'http://www.myfishingsite.com/'
response = open_magic_link(client, token, next_url)
assert response.status_code == 404
assert user.is_authenticated
def test_opening_magic_link_with_a_unsafe_next_while_loggedin_sets_triggers_404(
client):
token = factories.MagicTokenFactory()
user = factories.UserFactory()
client.force_login(user)
url = (reverse("magicauth-validate-token", kwargs={"key": token.key}) +
"?next=http://www.myfishingsite.com/?a=test&b=test")
response = client.get(url)
assert response.status_code == 404
assert user.is_authenticated == True
def test_posting_good_email_and_good_totp_success(client):
settings.ENABLE_2FA = True
token = factories.MagicTokenFactory()
thierry = token.user
device = thierry.staticdevice_set.create()
device.token_set.create(token="123456")
response = post_email_and_OTP(client, thierry.email, "123456")
assert response.status_code == 302
assert len(mail.outbox) == 1
def test_posting_good_email_and_wrong_otp_error(client):
settings.ENABLE_2FA = True
token = factories.MagicTokenFactory()
thierry = token.user
device = thierry.staticdevice_set.create()
device.token_set.create(token="123456")
response = post_email_and_OTP(client, thierry.email, "567654")
assert response.status_code == 200
assert "Ce code n'est pas valide." in str(response.content)
assert len(mail.outbox) == 0
def test_thierry_has_several_devices_second_device(client):
settings.ENABLE_2FA = True
token = factories.MagicTokenFactory()
thierry = token.user
device_1 = thierry.staticdevice_set.create()
device_1.token_set.create(token="123456")
device_2 = thierry.staticdevice_set.create()
device_2.token_set.create(token="111111")
response = post_email_and_OTP(client, thierry.email, "111111")
assert response.status_code == 302
assert len(mail.outbox) == 1
def test_visiting_magic_link_triggers_login(client):
token = factories.MagicTokenFactory()
url = reverse('magicauth-validate-token', args=[token.key])
client.get(url)
assert '_auth_user_id' in client.session
def test_opening_magic_link_with_valid_token_redirects(client):
token = factories.MagicTokenFactory()
url = reverse('magicauth-validate-token', args=[token.key])
response = client.get(url)
assert response.status_code == 302
def test_opening_magic_link_with_a_unsafe_next_sets_triggers_404(client):
token = factories.MagicTokenFactory()
url = (reverse("magicauth-validate-token", kwargs={"key": token.key}) +
"?next=http://www.myfishingsite.com/?a=test&b=test")
response = client.get(url)
assert response.status_code == 404
def test_duplicate_token_for_same_user_is_removed_after_visiting_magic_link(client):
token = factories.MagicTokenFactory()
duplicate = factories.MagicTokenFactory(user=token.user)
open_magic_link(client, token)
assert duplicate not in MagicToken.objects.all()
def test_expired_token_is_deleted_when_valid_token_is_visited(client):
expired_token = create_expired_token()
valid_token = factories.MagicTokenFactory(user=expired_token.user)
open_magic_link(client, valid_token)
assert expired_token not in MagicToken.objects.all()
def test_validate_token_view_with_unsafe_next_does_not_log_in(client):
token = factories.MagicTokenFactory()
next_url = 'http://www.myfishingsite.com/'
open_magic_link(client, token, next_url)
assert "_auth_user_id" not in client.session
def test_opening_magic_link_with_valid_token_redirects(client):
token = factories.MagicTokenFactory()
response = open_magic_link(client, token)
assert response.status_code == 302
assert response.url == "/landing/"
def test_opening_magic_link_triggers_login(client):
token = factories.MagicTokenFactory()
open_magic_link(client, token)
assert "_auth_user_id" in client.session
def test_wait_page_will_redirect_to_validate_token(client):
token = factories.MagicTokenFactory()
response = open_magic_link_with_wait(client, token)
redirect_url = reverse('magicauth-validate-token', kwargs={"key": token.key})
assert redirect_url in response.context_data['next_step_url']
def test_opening_magic_link_with_a_next_sets_a_new_url(client):
token = factories.MagicTokenFactory()
next_url_raw = "/test_dashboard/?a=test&b=test"
response = open_magic_link(client, token, next_url_raw)
assert response.status_code == 302
assert response.url == next_url_raw
def test_wait_page_will_redirect_with_next_param(client):
token = factories.MagicTokenFactory()
response = open_magic_link_with_wait(client, token, '/test_dashboard/')
assert 'next=/test_dashboard/' in response.context_data['next_step_url']
def test_validate_token_view_with_unsafe_next_raises_404(client):
token = factories.MagicTokenFactory()
next_url = 'http://www.myfishingsite.com/'
response = open_magic_link(client, token, next_url)
assert response.status_code == 404
def test_wait_page_will_redirect_with_default_next_param(client):
token = factories.MagicTokenFactory()
response = open_magic_link_with_wait(client, token)
assert 'next=/landing/' in response.context_data['next_step_url']
def test_token_is_removed_after_visiting_magic_link(client):
token = factories.MagicTokenFactory()
count_before = MagicToken.objects.count()
open_magic_link(client, token)
count_after = MagicToken.objects.count()
assert count_after == count_before - 1
def test_wait_page_will_redirect_in_WAIT_SECONDS(client):
token = factories.MagicTokenFactory()
response = open_magic_link_with_wait(client, token)
assert response.context_data['WAIT_SECONDS'] == settings.WAIT_SECONDS
def create_expired_token():
token = factories.MagicTokenFactory()
token.created = timezone.now() - timedelta(seconds=(settings.TOKEN_DURATION_SECONDS * 2))
token.save()
return token
def test_wait_page_raises_404_if_unsafe_next_url(client):
token = factories.MagicTokenFactory()
response = open_magic_link_with_wait(
client, token, 'http://www.myfishingsite.com/')
assert response.status_code == 404
