def test_login_inactive(user, extended_app):
"""Log in inactive user."""
assert is_user_logged(extended_app) is False
authenticate(extended_app)
assert is_user_logged(extended_app) is True
def test_login_redirect(afterlogin_app): # pylint:disable=redefined-outer-name
"""Log in and test redirect from AfterLogIn."""
assert is_user_logged(afterlogin_app) is False
res = authenticate(afterlogin_app)
assert res.location == EVENT_URL.format(AfterLogIn)
assert is_user_logged(afterlogin_app) is True
def test_login_redirect(active_user, afterlogin_app):
"""Log in and test redirect from AfterLogIn."""
assert is_user_logged(afterlogin_app) is False
res = authenticate(afterlogin_app)
assert res.location == EVENT_URL.format(AfterLogIn)
assert is_user_logged(afterlogin_app) is True
def test_login_remember(active_user, extended_app):
"""Login user and mark remember me field."""
res = extended_app.get('/login')
assert is_user_logged(extended_app) is False
res = authenticate(extended_app, remember=True)
assert is_user_logged(extended_app) is True
assert 'Max-Age=' in str(res)
def test_logout(active_user, extended_app): # pylint:disable=unused-argument
"""Check logout action."""
authenticate(extended_app)
assert is_user_logged(extended_app) is True
extended_app.get('/logout', status=303)
assert is_user_logged(extended_app) is False
res = extended_app.get('/secret', status=302)
assert res.status_code == 302
def test_login_ok(active_user, extended_app, email):
"""Actually log in test."""
res = extended_app.get('/secret', status=302)
res = res.follow()
res = extended_app.get('/login?after=%2Fsecret')
assert is_user_logged(extended_app) is False
res = authenticate(extended_app, email=email)
assert 'Max-Age=' not in str(res)
assert is_user_logged(extended_app) is True
def test_logout_login(active_user, extended_config, extended_app): # pylint:disable=unused-argument
"""Check logout action with configured logout redirection."""
extended_config.registry['config'].fullauth.redirects.logout = 'login'
authenticate(extended_app)
assert is_user_logged(extended_app) is True
res = extended_app.get('/logout', status=303)
assert is_user_logged(extended_app) is False
# redirection should be done to login page.
assert '/login' in res.location
res = extended_app.get('/secret', status=302)
assert res.status_code == 302
def test_login_success_xhr(active_user, extended_app):
"""Test xhr authentication."""
res = extended_app.get('/login')
post_data = {
'email': DEFAULT_USER['email'],
'password': DEFAULT_USER['password'],
'csrf_token': res.form['csrf_token'].value
}
extended_app.get('/secret', status=302)
res = extended_app.post('/login?after=%2Fsecret',
post_data,
xhr=True,
expect_errors=True)
assert res.content_type == 'application/json'
assert res.json['status'] is True
assert 'after' in res.json
assert is_user_logged(extended_app) is True
# second call
res = extended_app.post('/login?after=%2Fsecret',
post_data,
xhr=True,
expect_errors=True)
assert res.json['status'] is True
assert res.json['msg'] == 'Already logged in!'
def test_login_csrf_error(active_user, extended_app, post_data):
"""Try to log in with erroneus csrf token."""
res = extended_app.get('/login', status=200)
assert res
res = extended_app.post('/login', post_data, status=401)
assert is_user_logged(extended_app) is False
def test_login_redirects(active_user, extended_app):
"""Login with redirects."""
res = extended_app.get('/secret', status=302)
assert res.status_code == 302
res = res.follow()
res.form['email'] = DEFAULT_USER['email']
res.form['password'] = DEFAULT_USER['password']
res = res.form.submit()
assert is_user_logged(extended_app) is True
assert res.status_code == 303
def test_login_invalid_cookie(db_session, active_user, extended_app):
"""Test access login page by deleted user."""
res = authenticate(extended_app)
assert 'Max-Age=' not in str(res)
assert is_user_logged(extended_app) is True
db_session.delete(active_user)
transaction.commit()
# will rise Attribute error
res = extended_app.get('/login')
assert res.status_code == 200, "Should stay since user is no longer valid!"
def test_login_invalid_cookie(db_session, active_user, extended_app):
"""Test access login page by deleted user."""
res = authenticate(extended_app)
assert "Max-Age=" not in str(res)
assert is_user_logged(extended_app) is True
db_session.delete(active_user)
transaction.commit()
# will rise Attribute error
res = extended_app.get("/login")
assert res.status_code == 200, "Should stay since user is no longer valid!"
def test_error_afterlogin(afterloginerror_app): # pylint:disable=redefined-outer-name
"""Test errors from BeforeLogIn event."""
res = afterloginerror_app.get('/login')
post_data = {
'email': DEFAULT_USER['email'],
'password': DEFAULT_USER['password'],
'csrf_token': res.form['csrf_token'].value
}
res = afterloginerror_app.post('/login', post_data, xhr=True)
assert res.json['status'] is False
assert res.json['msg'] == 'AfterLogIn'
assert is_user_logged(afterloginerror_app) is False
def test_error_afterlogin(active_user, afterloginerror_app):
"""Test errors from BeforeLogIn event."""
res = afterloginerror_app.get('/login')
post_data = {
'email': DEFAULT_USER['email'],
'password': DEFAULT_USER['password'],
'csrf_token': res.form['csrf_token'].value
}
res = afterloginerror_app.post('/login', post_data, xhr=True)
assert res.json['status'] is False
assert res.json['msg'] == 'AfterLogIn'
assert is_user_logged(afterloginerror_app) is False
def test_error_afterlogin(afterloginerror_app): # pylint:disable=redefined-outer-name
"""Test errors from BeforeLogIn event."""
res = afterloginerror_app.get("/login")
post_data = {
"email": DEFAULT_USER["email"],
"password": DEFAULT_USER["password"],
"csrf_token": res.form["csrf_token"].value,
}
res = afterloginerror_app.post("/login", post_data, xhr=True)
assert res.json["status"] is False
assert res.json["msg"] == "AfterLogIn"
assert is_user_logged(afterloginerror_app) is False
def test_account_activation(user, db_session, default_app):
"""Activate user."""
user = db_session.merge(user)
default_app.get('/register/activate/' + user.activate_key)
transaction.commit()
user = db_session.query(User).filter(User.email == user.email).one()
assert not user.activate_key
assert user.is_active
assert user.activated_at
authenticate(default_app)
assert is_user_logged(default_app) is True
def test_account_activation(user, db_session, default_app):
"""Activate user."""
user = db_session.merge(user)
default_app.get('/register/activate/' + user.activate_key)
transaction.commit()
user = db_session.query(User).filter(User.email == user.email).one()
assert not user.activate_key
assert user.is_active
assert user.activated_at
authenticate(default_app)
assert is_user_logged(default_app) is True
def test_afteractivate(user, db_session, afteractivate_app):
"""Activate user adn check redirect through AfterActivate."""
user = db_session.merge(user)
res = afteractivate_app.get('/register/activate/' + user.activate_key)
assert res.location == EVENT_URL.format(AfterActivate)
transaction.commit()
user = db_session.query(User).filter(User.email == user.email).one()
assert not user.activate_key
assert user.is_active
assert user.activated_at
authenticate(afteractivate_app)
assert is_user_logged(afteractivate_app) is True
def test_afteractivate(user, db_session, afteractivate_app): # pylint:disable=redefined-outer-name
"""Activate user adn check redirect through AfterActivate."""
user = db_session.merge(user)
res = afteractivate_app.get('/register/activate/' + user.activate_key)
assert res.location == EVENT_URL.format(AfterActivate)
transaction.commit()
user = db_session.query(User).filter(User.email == user.email).one()
assert not user.activate_key
assert user.is_active
assert user.activated_at
authenticate(afteractivate_app)
assert is_user_logged(afteractivate_app) is True
