def test_deleted_user_no_message_permission(): """Ensure nobody can message a deleted user.""" deleted_user = User("Deleted_User", "password") deleted_user.is_deleted = True principals = principals_allowed_by_permission(deleted_user, "message") assert not principals
def test_banned_user_no_message_permission(): """Ensure nobody can message a banned user.""" banned_user = User("Banned_User", "password") banned_user.is_banned = True principals = principals_allowed_by_permission(banned_user, "message") assert not principals
def test_user_email_check(): """Ensure checking a user's email address works correctly.""" user = User("Some_User", "Some_Password") user.email_address = "*****@*****.**" assert user.is_correct_email_address("*****@*****.**") assert not user.is_correct_email_address("*****@*****.**")
def test_duplicate_username(db): """Ensure two users with the same name can't be created.""" original = User("Inimitable", "securepassword") db.add(original) duplicate = User("Inimitable", "adifferentpassword") db.add(duplicate) with raises(IntegrityError): db.commit()
def post_register( request: Request, username: str, password: str, password_confirm: str, invite_code: str, ) -> HTTPFound: """Process a registration request.""" if not request.params.get("accepted_terms"): raise HTTPUnprocessableEntity( "Terms of Use and Privacy Policy must be accepted.") if password != password_confirm: raise HTTPUnprocessableEntity( "Password and confirmation do not match.") code_row = _handle_invite_code(request, invite_code) # create the user and set inviter to the owner of the invite code user = User(username, password) if code_row: user.inviter_id = code_row.user_id # flush the user insert to db, will fail if username is already taken request.db_session.add(user) try: request.db_session.flush() except IntegrityError: raise HTTPUnprocessableEntity( "That username has already been registered.") # the flush above will generate the new user's ID, so use that to update the invite # code with info about the user that registered with it if code_row: code_row.invitee_id = user.user_id # subscribe the new user to all groups except ~test all_groups = request.query(Group).all() for group in all_groups: if group.path == "test": continue request.db_session.add(GroupSubscription(user, group)) _send_welcome_message(user, request) incr_counter("registrations") # log the user in to the new account remember(request, user.user_id) # set request.user before logging so the user is associated with the event request.user = user request.db_session.add(Log(LogEventType.USER_REGISTER, request)) # redirect to the front page raise HTTPFound(location="/")
def test_duplicate_username_case_insensitive(db): """Ensure usernames only differing in casing can't be created.""" test_username = "******" original = User(test_username.lower(), "hackproof") db.add(original) duplicate = User(test_username.upper(), "sosecure") db.add(duplicate) with raises(IntegrityError): db.commit()
def test_creation_validates_schema(mocker): """Ensure that model creation goes through schema validation.""" mocker.spy(UserSchema, 'validate') User('testing', 'testpassword') call_args = [call[0] for call in UserSchema.validate.call_args_list] expected_args = {'username': '******', 'password': '******'} assert any(expected_args in call for call in call_args)
def test_creation_validates_schema(mocker): """Ensure that model creation goes through schema validation (via load()).""" mocker.spy(UserSchema, "load") User("testing", "testpassword") call_args = [call[0] for call in UserSchema.load.call_args_list] expected_args = {"username": "******", "password": "******"} assert any(expected_args in call for call in call_args)
def session_user(sdb): """Create a user named 'SessionUser' in the db for test session.""" # note that some tests may depend on this username/password having these specific # values, so make sure to search for and update those tests if you change the # username or password for any reason user = User("SessionUser", "session user password") sdb.add(user) sdb.commit() yield user
def insert_dev_data(config_path: str) -> None: """Load the app config and insert some "starter" data for a dev version.""" session = get_session_from_config(config_path) user = User("TestUser", "password") group = Group("testing", "An automatically created group to use for testing") subscription = GroupSubscription(user, group) session.add_all([user, group, subscription]) session.commit()
def session_user2(sdb): """Create a second user named 'OtherUser' in the db for test session. This is useful for cases where two different users are needed, such as when testing private messages. """ user = User("OtherUser", "other user password") sdb.add(user) sdb.commit() yield user
def insert_dev_data(config_path: str) -> None: """Load the app config and insert some "starter" data for a dev version.""" session = get_session_from_config(config_path) session.add_all([ User('TestUser', 'password'), Group( 'testing', 'An automatically created group to use for testing purposes', ), ]) session.commit()
def user_list(db): """Create several users.""" users = [] for name in ["foo", "bar", "baz"]: user = User(name, "password") users.append(user) db.add(user) db.commit() yield users for user in users: db.delete(user) db.commit()
def test_change_password(): """Ensure changing a user password works as expected.""" new_user = User("A_New_User", "lovesexsecretgod") new_user.change_password("lovesexsecretgod", "lovesexsecretgod1") # the old one shouldn't work assert not new_user.is_correct_password("lovesexsecretgod") # the new one should assert new_user.is_correct_password("lovesexsecretgod1")
def test_ban_permission_manually_granted(): """Ensure ban permissions must be granted manually.""" user = User("Test_User", "password") principals = principals_allowed_by_permission(user, "ban") assert principals == {"*:user.ban"}
def post_register( request: Request, username: str, password: str, password_confirm: str, invite_code: str, ) -> HTTPFound: """Process a registration request.""" if not request.params.get("accepted_terms"): raise HTTPUnprocessableEntity( "Terms of Use and Privacy Policy must be accepted.") if password != password_confirm: raise HTTPUnprocessableEntity( "Password and confirmation do not match.") # attempt to fetch and lock the row for the specified invite code (lock prevents # concurrent requests from using the same invite code) lookup_code = UserInviteCode.prepare_code_for_lookup(invite_code) code_row = ( request.query(UserInviteCode).filter( UserInviteCode.code == lookup_code, UserInviteCode.invitee_id == None, # noqa ).with_for_update(skip_locked=True).one_or_none()) if not code_row: incr_counter("invite_code_failures") raise HTTPUnprocessableEntity("Invalid invite code") # create the user and set inviter to the owner of the invite code user = User(username, password) user.inviter_id = code_row.user_id # flush the user insert to db, will fail if username is already taken request.db_session.add(user) try: request.db_session.flush() except IntegrityError: raise HTTPUnprocessableEntity( "That username has already been registered.") # the flush above will generate the new user's ID, so use that to update the invite # code with info about the user that registered with it code_row.invitee_id = user.user_id # subscribe the new user to all groups except ~test all_groups = request.query(Group).all() for group in all_groups: if group.path == "test": continue request.db_session.add(GroupSubscription(user, group)) _send_welcome_message(user, request) incr_counter("registrations") # log the user in to the new account remember(request, user.user_id) # set request.user before logging so the user is associated with the event request.user = user request.db_session.add(Log(LogEventType.USER_REGISTER, request)) # redirect to the front page raise HTTPFound(location="/")
def test_password_contained_in_username(): """Ensure a user can't be created with the password in the username.""" with raises(ValidationError): User("PasswordIsVeryGood", "VeryGood")
def test_user_password_check(): """Ensure checking the password for a new user works correctly.""" new_user = User("myusername", "mypassword") assert new_user.is_correct_password("mypassword")
def test_username_contained_in_password(): """Ensure a user can't be created with the username in the password.""" with raises(ValidationError): User("MyUsername", "iputmyusernameinmypassword")
def test_username_and_password_differ_in_casing(): """Ensure a user can't be created with name/pass the same except case.""" with raises(ValidationError): User("NobodyWillGuess", "nobodywillguess")
def test_matching_password_and_username(): """Ensure a new user can't be created with same username and password.""" with raises(ValidationError): User("UnimaginativePassword", "UnimaginativePassword")
def test_user_email_check_case_insensitive(): """Ensure the user email address check isn't case-sensitive.""" user = User("Some_User", "Some_Password") user.email_address = "*****@*****.**" assert user.is_correct_email_address("*****@*****.**")
def test_conversation_other_user_invalid(conversation): """Ensure that "other user" method fails if the user isn't involved.""" new_user = User("SomeOutsider", "super amazing password") with raises(ValueError): assert conversation.other_user(new_user)
def test_too_short_password(): """Ensure a new user can't be created with a too-short password.""" password = "******" * (PASSWORD_MIN_LENGTH - 1) with raises(ValidationError): User("ShortPasswordGuy", password)
def test_only_admin_has_ban_permission(): """Ensure only admins have ban permissions.""" user = User("Test_User", "password") principals = principals_allowed_by_permission(user, "ban") assert principals == {"admin"}