def test_last_login_ip(web_server, browser, dbsession, init):
"""Record last log in IP correctly."""
with transaction.manager:
create_user(dbsession, init.config.registry)
with transaction.manager:
user = get_user(dbsession)
assert not user.last_login_ip
b = browser
b.visit(web_server)
b.click_link_by_text("Sign in")
assert b.is_element_present_by_css("#login-form")
b.fill("username", EMAIL)
b.fill("password", PASSWORD)
b.find_by_name("login_email").click()
assert b.is_element_present_by_css("#msg-you-are-logged-in")
with transaction.manager:
user = get_user(dbsession)
assert user.last_login_ip in [
ipaddress.IPv4Address("127.0.0.1"),
ipaddress.IPv6Address("::1")
]
def test_delete_user_confirm(browser, web_server, init, dbsession):
"""Delete a user."""
b = browser
create_logged_in_user(dbsession,
init.config.registry,
web_server,
browser,
admin=True)
# Create another user who we are going to delete
with transaction.manager:
create_user(dbsession,
init.config.registry,
email="*****@*****.**")
b.find_by_css("#nav-admin").click()
b.find_by_css("#latest-user-shortcut").click()
b.find_by_css("#btn-crud-delete").click()
b.find_by_css("#btn-delete-yes").click()
assert b.is_element_present_by_css("#msg-item-deleted")
with transaction.manager:
assert dbsession.query(User).count() == 1
def test_add_user_existing_email(browser, web_server, init, dbsession):
"""Add a user but there already exists one with the same email."""
with transaction.manager:
create_user(dbsession, init.config.registry, email="*****@*****.**")
b = browser
create_logged_in_user(dbsession,
init.config.registry,
web_server,
browser,
admin=True)
b.find_by_css("#nav-admin").click()
b.find_by_css("#btn-panel-add-user").click()
# b.fill("username", "test2")
b.fill("email", "*****@*****.**")
b.fill("password", "secret")
b.fill("password-confirm", "secret")
b.find_by_name("add").click()
assert b.is_element_present_by_css(
"#error-deformField1") # Email address already taken
def test_delete_user_cancel(browser, web_server, init, dbsession):
"""Delete a user, but back off on the confirmation screen."""
b = browser
create_logged_in_user(dbsession,
init.config.registry,
web_server,
browser,
admin=True)
# Create another user who we are going to delete
with transaction.manager:
create_user(dbsession,
init.config.registry,
email="*****@*****.**")
b.find_by_css("#nav-admin").click()
b.find_by_css("#latest-user-shortcut").click()
b.find_by_css("#btn-crud-delete").click()
b.find_by_css("#btn-delete-no").click()
# Back to the show page
assert b.is_element_present_by_css("#crud-show")
with transaction.manager:
assert dbsession.query(User).count() == 2
def test_login_forget_password_email_send(web_server, browser, dbsession,
init):
"""Send out the reset password by email, but do not answer to it, instead directly login."""
with transaction.manager:
create_user(dbsession, init.config.registry)
b = browser
b.visit(web_server)
b.find_by_css("#nav-sign-in").click()
assert b.is_element_present_by_css("#login-form")
b.click_link_by_text("Forgot your password?")
assert b.is_element_present_by_css("#forgot-password-form")
b.fill("email", EMAIL)
b.find_by_name("submit").click()
b.visit("{}/login".format(web_server))
b.fill("username", EMAIL)
b.fill("password", PASSWORD)
b.find_by_name("login_email").click()
assert b.is_element_present_by_css("#msg-you-are-logged-in")
def test_last_login_ip(web_server, browser, dbsession, init):
"""Record last log in IP correctly."""
with transaction.manager:
create_user(dbsession, init.config.registry)
with transaction.manager:
user = get_user(dbsession)
assert not user.last_login_ip
b = browser
b.visit(web_server)
b.click_link_by_text("Sign in")
assert b.is_element_present_by_css("#login-form")
b.fill("username", EMAIL)
b.fill("password", PASSWORD)
b.find_by_name("login_email").click()
assert b.is_element_present_by_css("#msg-you-are-logged-in")
with transaction.manager:
user = get_user(dbsession)
assert user.last_login_ip == "127.0.0.1"
def test_login(web_server: str, browser: DriverAPI, dbsession: Session,
init: Initializer):
"""Login as a user to the site..
This is a functional test. Prepare the test by creating one user in the database. Then try to login as this user by using Splinter test browser.
:param web_server: Functional web server py.test fixture - this string points to a started web server with test.ini configuration.
:param browser: A Splinter web browser used to execute the tests. By default ``splinter.driver.webdriver.firefox.WebDriver``, but can be altered with py.test command line options for pytest-splinter.
:param dbsession: Active SQLAlchemy database session for the test run.
"""
with transaction.manager:
# Create a dummy [email protected] user we test
create_user(dbsession,
init.config.registry,
email=EMAIL,
password=PASSWORD)
# Direct Splinter browser to the website
b = browser
b.visit(web_server)
# This link should be in the top navigation
b.find_by_css("#nav-sign-in").click()
# Link gives us the login form
assert b.is_element_present_by_css("#login-form")
b.fill("username", EMAIL)
b.fill("password", PASSWORD)
b.find_by_name("login_email").click()
# After login we see a profile link to our profile
assert b.is_element_present_by_css("#nav-logout")
def test_login(web_server:str, browser:DriverAPI, dbsession:Session, init:Initializer):
"""Login as a user to the site.
This is a functional test. Prepare the test by creating one user in the database. Then try to login as this user by using Splinter test browser.
:param web_server: Functional web server py.test fixture - this string points to a started web server with test.ini configuration.
:param browser: A Splinter web browser used to execute the tests. By default ``splinter.driver.webdriver.firefox.WebDriver``, but can be altered with py.test command line options for pytest-splinter.
:param dbsession: Active SQLAlchemy database session for the test run.
:param init: Websauna Initializer which ramps up the environment with the default ``test.ini`` and exposes the test config.
"""
with transaction.manager:
# Create a dummy [email protected] user we test
create_user(dbsession, init.config.registry, email=EMAIL, password=PASSWORD)
# Direct Splinter browser to the website
b = browser
b.visit(web_server)
# This link should be in the top navigation
b.find_by_css("#nav-sign-in").click()
# Link gives us the login form
assert b.is_element_visible_by_css("#login-form")
b.fill("username", EMAIL)
b.fill("password", PASSWORD)
b.find_by_name("login_email").click()
# After login we see a profile link to our profile
assert b.is_element_visible_by_css("#nav-logout")
def test_logged_in_has_authenticated_permission(web_server, dbsession: Session, browser, permission_app):
"""Logged in users can access views behind authenticated permission."""
b = browser
with transaction.manager:
create_user(dbsession, permission_app.init.config.registry)
b.visit(web_server)
login(web_server, b)
# Logged in user can access
b.visit("{}/test_authenticated".format(web_server))
assert b.is_element_present_by_css("#ok")
def test_setup_user_account(dbsession, registry, eth_service, testnet_service, eth_network_id):
"""See that we create primary and testnet address."""
with transaction.manager:
user = create_user(dbsession, registry)
setup_user_account(user)
assert user.owned_crypto_addresses.count() == 2 # 2 addresses
assert user.owned_crypto_operations.count() == 2 # 2 account creations
def _create_address(web3, dbsession, opid):
with transaction.manager:
op = dbsession.query(CryptoOperation).get(opid)
assert isinstance(op.address, CryptoAddress)
op.address.address = eth_address_to_bin(TEST_ADDRESS)
op.mark_performed()
op.mark_complete()
with mock.patch("websauna.wallet.ethereum.ops.create_address", new=_create_address):
# Create address on main net
success_op_count, failed_op_count = eth_service.run_waiting_operations()
assert success_op_count == 1
assert failed_op_count == 0
# Create address on test net
success_op_count, failed_op_count = testnet_service.run_waiting_operations()
assert success_op_count == 1
assert failed_op_count == 0
# Make sure more addresses is not get created when we are called again
with transaction.manager:
user = dbsession.query(User).first()
setup_user_account(user)
assert user.owned_crypto_addresses.count() == 2 # 2 addresses
assert user.owned_crypto_operations.count() == 2 # 2 account creations
def test_get_user_account_assets(dbsession, registry, mock_eth_service,
eth_network_id, eth_asset_id):
"""get_user_assets() gives sane results."""
with transaction.manager:
user = create_user(dbsession, registry)
setup_user_account(user, do_mainnet=True)
mock_create_addresses(mock_eth_service, dbsession)
# Play around with user accounts
with transaction.manager:
# No accounts yet
assert UserCryptoAddress.get_user_asset_accounts(user) == []
# User gets a deposit, an account gets created
user = dbsession.query(User).first()
network = dbsession.query(AssetNetwork).get(eth_network_id)
asset = dbsession.query(Asset).get(eth_asset_id)
address = UserCryptoAddress.get_default(user, network)
account = address.address.get_or_create_account(asset)
account.account.do_withdraw_or_deposit(Decimal("+10"), "Top up")
current_accounts = UserCryptoAddress.get_user_asset_accounts(user)
assert len(current_accounts) == 1
current_address, current_account = current_accounts[0]
assert current_account == account
assert current_address == address
def test_get_user_account_assets(dbsession, registry, mock_eth_service, eth_network_id, eth_asset_id):
"""get_user_assets() gives sane results."""
with transaction.manager:
user = create_user(dbsession, registry)
setup_user_account(user)
mock_create_addresses(mock_eth_service, dbsession)
# Play around with user accounts
with transaction.manager:
# No accounts yet
assert UserCryptoAddress.get_user_asset_accounts(user) == []
# User gets a deposit, an account gets created
user = dbsession.query(User).first()
network = dbsession.query(AssetNetwork).get(eth_network_id)
asset = dbsession.query(Asset).get(eth_asset_id)
address = UserCryptoAddress.get_default(user, network)
account = address.address.get_or_create_account(asset)
account.account.do_withdraw_or_deposit(Decimal("+10"), "Top up")
current_accounts = UserCryptoAddress.get_user_asset_accounts(user)
assert len(current_accounts) == 1
current_address, current_account = current_accounts[0]
assert current_account == account
assert current_address == address
def test_forget_password_bad_user(web_server, browser, dbsession, init):
"""Reset password by email."""
with transaction.manager:
create_user(dbsession, init.config.registry)
b = browser
b.visit(web_server + "/login")
assert b.is_element_present_by_css("#login-form")
b.click_link_by_text("Forgot your password?")
assert b.is_element_present_by_css("#forgot-password-form")
b.fill("email", "*****@*****.**")
b.find_by_name("submit").click()
assert b.is_element_present_by_css(".errorMsg")
def test_forget_password_bad_user(web_server, browser, dbsession, init):
"""Reset password by email."""
with transaction.manager:
create_user(dbsession, init.config.registry)
b = browser
b.visit(web_server + "/login")
assert b.is_element_present_by_css("#login-form")
b.click_link_by_text("Forgot your password?")
assert b.is_element_present_by_css("#forgot-password-form")
b.fill("email", "*****@*****.**")
b.find_by_name("submit").click()
assert b.is_element_present_by_css(".error-msg-detail")
def test_starter_token(dbsession, registry, eth_network_id, web3: Web3, eth_service: EthereumService, house_address, toybox):
"""See that a fresh user account is supplied with some play assets."""
with transaction.manager:
user = create_user(dbsession, registry)
setup_user_account(user)
# Let all the events completed
success, fail = eth_service.run_event_cycle()
assert success == 1
assert fail == 0
# We need another event cycle to process the initial asset transfers
with transaction.manager:
user = dbsession.query(User).first()
opid = user.user_data["starter_asset_txs"][0]["toybox"]
assert opid
wait_for_op_confirmations(eth_service, opid)
# Let the transfer come through
eth_service.run_event_cycle()
# Make sure we confirm the deposit
with transaction.manager:
user = dbsession.query(User).first()
user_depo = user.owned_crypto_operations.join(CryptoOperation).filter_by(operation_type=CryptoOperationType.deposit).first()
opid = user_depo.crypto_operation.id
wait_for_op_confirmations(eth_service, opid)
with transaction.manager:
# Sanity check our token contract posts us logs
user = dbsession.query(User).first()
client = get_rpc_client(web3)
asset = dbsession.query(Asset).get(toybox)
address = bin_to_eth_address(asset.external_id)
network = dbsession.query(AssetNetwork).get(eth_network_id)
user_address = UserCryptoAddress.get_default(user, network).address
house_address = dbsession.query(CryptoAddress).get(house_address)
house = bin_to_eth_address(house_address.address)
token = Token.get(web3, address)
# Check we correctly resolved low level logs
token_logs = client.get_logs(from_block=0, address=[address])
wallet_logs = client.get_logs(from_block=0, address=[house])
assert len(token_logs) > 0
assert len(wallet_logs) > 0
# Check contract state matches
assert token.contract.call().balanceOf(house) == 9990
assert token.contract.call().balanceOf(bin_to_eth_address(user_address.address)) == 10
# Check our internal book keeping matches
assert house_address.get_account(asset).account.get_balance() == 9990
assert user_address.get_account(asset).account.get_balance() == 10
def test_delete_user_confirm(browser, web_server, init, dbsession):
"""Delete a user."""
b = browser
create_logged_in_user(dbsession, init.config.registry, web_server, browser, admin=True)
# Create another user who we are going to delete
with transaction.manager:
create_user(dbsession, init.config.registry, email="*****@*****.**")
b.find_by_css("#nav-admin").click()
b.find_by_css("#latest-user-shortcut").click()
b.find_by_css("#btn-crud-delete").click()
b.find_by_css("#btn-delete-yes").click()
assert b.is_element_present_by_css("#msg-item-deleted")
with transaction.manager:
assert dbsession.query(User).count() == 1
def test_login(web_server, browser, dbsession, init):
"""Login an user."""
with transaction.manager:
create_user(dbsession, init.config.registry)
b = browser
b.visit(web_server)
b.click_link_by_text("Sign in")
assert b.is_element_present_by_css("#login-form")
b.fill("username", EMAIL)
b.fill("password", PASSWORD)
b.find_by_name("login_email").click()
# After login we see a profile link to our profile
assert b.is_element_present_by_css("#nav-logout")
def test_login(web_server, browser, dbsession, init):
"""Login an user."""
with transaction.manager:
create_user(dbsession, init.config.registry)
b = browser
b.visit(web_server)
b.click_link_by_text("Sign in")
assert b.is_element_present_by_css("#login-form")
b.fill("username", EMAIL)
b.fill("password", PASSWORD)
b.find_by_name("login_email").click()
# After login we see a profile link to our profile
assert b.is_element_present_by_css("#nav-logout")
def test_pending_jsonb_dict_new_key(dbsession, registry):
"""Check that new keys added to JSONB that is not committed yet are persistent."""
with transaction.manager:
u = create_user(dbsession, registry)
assert isinstance(u.user_data, NestedMutationDict)
u.user_data["phone_number"] = "xxx"
with transaction.manager:
u = dbsession.query(User).first()
assert u.user_data.get("phone_number") == "xxx"
def test_pending_jsonb_dict_new_key(dbsession, registry):
"""Check that new keys added to JSONB that is not committed yet are persistent."""
with transaction.manager:
u = create_user(dbsession, registry)
assert isinstance(u.user_data, NestedMutationDict)
u.user_data["phone_number"] = "xxx"
with transaction.manager:
u = dbsession.query(User).first()
assert u.user_data.get("phone_number") == "xxx"
def test_starter_eth(dbsession, registry, eth_network_id, web3: Web3,
eth_service: EthereumService, house_address, starter_eth):
"""Test the user gets some starter ETH when signing up."""
with transaction.manager:
user = create_user(dbsession, registry)
setup_user_account(user, do_mainnet=True)
# Let all the events completed
success, fail = eth_service.run_event_cycle()
assert success >= 1
assert fail == 0
# When op is confirmed, the user account is correctly credited
with transaction.manager:
user = dbsession.query(User).first()
txid = user.user_data["starter_asset_txs"][0]["eth"]
confirm_transaction(web3, txid)
# Let the transfer come through
eth_service.run_event_cycle()
with transaction.manager:
user = dbsession.query(User).first()
client = get_rpc_client(web3)
asset = get_ether_asset(dbsession)
ua = user.owned_crypto_addresses.first()
address = bin_to_eth_address(ua.address.address)
# Sanity check we get events from starter deposit
logs = client.get_logs(from_block=0, address=[address])
ops = list(user.owned_crypto_operations)
# The event was processed on log level
assert len(logs) == 1
# The last user operation is deposit
depo = ops[-1]
assert isinstance(depo.crypto_operation, CryptoAddressDeposit)
opid = depo.crypto_operation.id
# Wait deposit to confirm
wait_for_op_confirmations(eth_service, opid)
with transaction.manager:
# User ETH balance is expected
asset = get_ether_asset(dbsession)
user = dbsession.query(User).first()
ua = user.owned_crypto_addresses.first()
caccout = ua.address.get_account(asset)
assert caccout.account.get_balance() == Decimal("0.1")
def test_non_admin_user_denied(web_server, browser, dbsession, init):
"""The second user should not see admin link nor get to the admin page."""
with transaction.manager:
u = create_user(dbsession, init.config.registry, admin=True)
assert u.is_admin()
u = create_user(dbsession, init.config.registry, email="*****@*****.**")
assert not u.is_admin()
b = browser
b.visit(web_server + "/login")
b.fill("username", "*****@*****.**")
b.fill("password", PASSWORD)
b.find_by_name("login_email").click()
assert not b.is_element_visible_by_css("#nav-admin")
b.visit(web_server + "/admin/")
assert b.is_element_visible_by_css("#forbidden")
def test_non_admin_user_denied(web_server, browser, dbsession, init):
"""The second user should not see admin link nor get to the admin page."""
with transaction.manager:
u = create_user(dbsession, init.config.registry, admin=True)
assert u.is_admin()
u = create_user(dbsession, init.config.registry, email="*****@*****.**")
assert not u.is_admin()
b = browser
b.visit(web_server + "/login")
b.fill("username", "*****@*****.**")
b.fill("password", PASSWORD)
b.find_by_name("login_email").click()
assert not b.is_element_visible_by_css("#nav-admin")
b.visit(web_server + "/admin/")
assert b.is_element_visible_by_css("#forbidden")
def test_delete_user_cancel(browser, web_server, init, dbsession):
"""Delete a user, but back off on the confirmation screen."""
b = browser
create_logged_in_user(dbsession, init.config.registry, web_server, browser, admin=True)
# Create another user who we are going to delete
with transaction.manager:
create_user(dbsession, init.config.registry, email="*****@*****.**")
b.find_by_css("#nav-admin").click()
b.find_by_css("#latest-user-shortcut").click()
b.find_by_css("#btn-crud-delete").click()
b.find_by_css("#btn-delete-no").click()
# Back to the show page
assert b.is_element_present_by_css("#crud-show")
with transaction.manager:
assert dbsession.query(User).count() == 2
def test_add_user_existing_email(browser, web_server, init, dbsession):
"""Add a user but there already exists one with the same email."""
with transaction.manager:
create_user(dbsession, init.config.registry, email="*****@*****.**")
b = browser
create_logged_in_user(dbsession, init.config.registry, web_server, browser, admin=True)
b.find_by_css("#nav-admin").click()
b.find_by_css("#btn-panel-add-user").click()
# b.fill("username", "test2")
b.fill("email", "*****@*****.**")
b.fill("password", "secret")
b.fill("password-confirm", "secret")
b.find_by_name("add").click()
assert b.is_element_present_by_css("#error-deformField1") # Email address already taken
def test_forget_password(web_server, browser, dbsession, init):
"""Reset password by email."""
with transaction.manager:
create_user(dbsession, init.config.registry)
b = browser
b.visit(web_server)
b.click_link_by_text("Sign in")
assert b.is_element_present_by_css("#login-form")
b.click_link_by_text("Forgot your password?")
assert b.is_element_present_by_css("#forgot-password-form")
b.fill("email", EMAIL)
b.find_by_name("submit").click()
assert b.is_element_present_by_css("#msg-check-email")
with transaction.manager:
user = get_user(dbsession)
activation_code = user.activation.code
b.visit("{}/reset-password/{}".format(web_server, activation_code))
assert b.is_element_present_by_css("#reset-password-form")
# Friendly name should be visible
assert b.is_text_present("*****@*****.**")
b.fill("password", "yyy")
b.fill("password-confirm", "yyy")
b.find_by_name("submit").click()
assert b.is_element_present_by_css("#msg-password-reset-complete")
b.fill("username", EMAIL)
b.fill("password", "yyy")
b.find_by_name("login_email").click()
assert b.is_element_present_by_css("#nav-logout")
def test_forget_password(web_server, browser, dbsession, init):
"""Reset password by email."""
with transaction.manager:
create_user(dbsession, init.config.registry)
b = browser
b.visit(web_server)
b.click_link_by_text("Sign in")
assert b.is_element_present_by_css("#login-form")
b.click_link_by_text("Forgot your password?")
assert b.is_element_present_by_css("#forgot-password-form")
b.fill("email", EMAIL)
b.find_by_name("submit").click()
assert b.is_element_present_by_css("#msg-check-email")
with transaction.manager:
user = get_user(dbsession)
activation_code = user.activation.code
b.visit("{}/reset-password/{}".format(web_server, activation_code))
assert b.is_element_present_by_css("#reset-password-form")
# Friendly name should be visible
assert b.is_text_present("*****@*****.**")
b.fill("password", "yyy")
b.fill("password-confirm", "yyy")
b.find_by_name("submit").click()
assert b.is_element_present_by_css("#msg-password-reset-complete")
b.fill("username", EMAIL)
b.fill("password", "yyy")
b.find_by_name("login_email").click()
assert b.is_element_present_by_css("#nav-logout")
def test_starter_eth(dbsession, registry, eth_network_id, web3: Web3, eth_service: EthereumService, house_address, starter_eth):
"""Test the user gets some starter ETH when signing up."""
with transaction.manager:
user = create_user(dbsession, registry)
setup_user_account(user)
# Let all the events completed
success, fail = eth_service.run_event_cycle()
assert success >= 1
assert fail == 0
# When op is confirmed, the user account is correctly credited
with transaction.manager:
user = dbsession.query(User).first()
txid = user.user_data["starter_asset_txs"][0]["eth"]
confirm_transaction(web3, txid)
# Let the transfer come through
eth_service.run_event_cycle()
with transaction.manager:
user = dbsession.query(User).first()
client = get_rpc_client(web3)
asset = get_ether_asset(dbsession)
ua = user.owned_crypto_addresses.first()
address = bin_to_eth_address(ua.address.address)
# Sanity check we get events from starter deposit
logs = client.get_logs(from_block=0, address=[address])
ops = list(user.owned_crypto_operations)
# The event was processed on log level
assert len(logs) == 1
# The last user operation is deposit
depo = ops[-1]
assert isinstance(depo.crypto_operation, CryptoAddressDeposit)
opid = depo.crypto_operation.id
# Wait deposit to confirm
wait_for_op_confirmations(eth_service, opid)
with transaction.manager:
# User ETH balance is expected
asset = get_ether_asset(dbsession)
user = dbsession.query(User).first()
ua = user.owned_crypto_addresses.first()
caccout = ua.address.get_account(asset)
assert caccout.account.get_balance() == Decimal("0.1")
def test_logout(web_server, browser, dbsession, init):
"""Log out."""
with transaction.manager:
create_user(dbsession, init.config.registry)
b = browser
b.visit("{}/{}".format(web_server, "login"))
assert b.is_element_visible_by_css("#login-form")
b.fill("username", EMAIL)
b.fill("password", PASSWORD)
b.find_by_name("login_email").click()
b.find_by_css("#nav-logout").click()
# Anonynous again
assert not b.is_element_visible_by_css("#nav-logout")
# We should see the log in form
assert b.is_element_visible_by_css("#login-form")
def test_forget_password_expired_token(web_server, browser, dbsession, init):
"""Reset password by email."""
with transaction.manager:
create_user(dbsession, init.config.registry)
b = browser
b.visit(web_server + "/forgot-password")
assert b.is_element_present_by_css("#forgot-password-form")
b.fill("email", EMAIL)
b.find_by_name("submit").click()
assert b.is_element_present_by_css("#msg-check-email")
with transaction.manager:
user = get_user(dbsession)
activation = user.activation
activation.expires_at = now() - timedelta(days=365)
activation_code = activation.code
b.visit("{}/reset-password/{}".format(web_server, activation_code))
assert b.is_element_present_by_css("#not-found")
def test_forget_password_expired_token(web_server, browser, dbsession, init):
"""Reset password by email."""
with transaction.manager:
create_user(dbsession, init.config.registry)
b = browser
b.visit(web_server + "/forgot-password")
assert b.is_element_present_by_css("#forgot-password-form")
b.fill("email", EMAIL)
b.find_by_name("submit").click()
assert b.is_element_present_by_css("#msg-check-email")
with transaction.manager:
user = get_user(dbsession)
activation = user.activation
activation.expires_at = now() - timedelta(days=365)
activation_code = activation.code
b.visit("{}/reset-password/{}".format(web_server, activation_code))
assert b.is_element_present_by_css("#not-found")
def test_login_forget_password_email_send(web_server, browser, dbsession, init):
"""Send out the reset password by email, but do not answer to it, instead directly login."""
with transaction.manager:
create_user(dbsession, init.config.registry)
b = browser
b.visit(web_server)
b.find_by_css("#nav-sign-in").click()
assert b.is_element_present_by_css("#login-form")
b.click_link_by_text("Forgot your password?")
assert b.is_element_present_by_css("#forgot-password-form")
b.fill("email", EMAIL)
b.find_by_name("submit").click()
b.visit("{}/login".format(web_server))
b.fill("username", EMAIL)
b.fill("password", PASSWORD)
b.find_by_name("login_email").click()
assert b.is_element_present_by_css("#msg-you-are-logged-in")
def test_logout(web_server, browser, dbsession, init):
"""Log out."""
with transaction.manager:
create_user(dbsession, init.config.registry)
b = browser
b.visit("{}/{}".format(web_server, "login"))
assert b.is_element_present_by_css("#login-form")
b.fill("username", EMAIL)
b.fill("password", PASSWORD)
b.find_by_name("login_email").click()
assert b.is_element_present_by_css("#msg-you-are-logged-in")
b.find_by_css("#nav-logout").click()
# Anonynous again
assert b.is_element_present_by_css("#msg-logged-out")
assert not b.is_element_present_by_css("#nav-logout")
# We should see the log in form
assert b.is_element_present_by_css("#login-form")
def test_forget_password_disabled_user(web_server, browser, dbsession, init):
"""Reset password by email."""
with transaction.manager:
u = create_user(dbsession, init.config.registry)
u.enabled = False
b = browser
b.visit(web_server + "/login")
assert b.is_element_present_by_css("#login-form")
b.click_link_by_text("Forgot your password?")
assert b.is_element_present_by_css("#forgot-password-form")
b.fill("email", EMAIL)
b.find_by_name("submit").click()
assert b.is_element_present_by_css("#msg-cannot-reset-password")
def test_forget_password_disabled_user(web_server, browser, dbsession, init):
"""Reset password by email."""
with transaction.manager:
u = create_user(dbsession, init.config.registry)
u.enabled = False
b = browser
b.visit(web_server + "/login")
assert b.is_element_present_by_css("#login-form")
b.click_link_by_text("Forgot your password?")
assert b.is_element_present_by_css("#forgot-password-form")
b.fill("email", EMAIL)
b.find_by_name("submit").click()
assert b.is_element_present_by_css("#msg-cannot-reset-password")
def test_pagination(web_server, browser, dbsession, init):
with transaction.manager:
create_logged_in_user(dbsession,
init.config.registry,
web_server,
browser,
admin=True)
for index in range(1, 101):
u = create_user(dbsession,
init.config.registry,
email="example{}@example.com".format(index))
dbsession.add(u)
# quick check total users
assert dbsession.query(User).count() == 101
b = browser
b.visit(web_server + "/admin/models/user/listing")
# pagination should show correct number of total
assert b.is_text_present("Total 101 items")
assert b.is_text_present("Page #1 (1-20 of 101)")
# page should show 20 rows (default size)
assert len(b.find_by_css("tr.crud-row")) == 20
# first email should be last created
assert b.find_by_css(
"td.crud-column-email").first.text == "*****@*****.**"
# pager should show 2 buttons, first 2 are disabled
assert len(b.find_by_css(".pager li")) == 4
assert len(b.find_by_css(".pager li.disabled")) == 2
# click to next and repeat the above tests
b.find_by_css(".pager li")[2].click()
assert b.is_text_present("Total 101 items")
assert b.is_text_present("Page #2 (21-40 of 101)")
assert len(b.find_by_css("tr.crud-row")) == 20
assert b.find_by_css(
"td.crud-column-email").first.text == "*****@*****.**"
assert len(b.find_by_css(".pager li")) == 4
assert len(b.find_by_css(".pager li.disabled")) == 0
def test_facebook_login_disabled_user(web_server, browser, dbsession, init):
"""Logged in user which is not enabled should give an error.."""
with transaction.manager:
u = create_user(dbsession, init.config.registry, email=os.environ["FACEBOOK_USER"])
u.enabled = False
b = browser
b.visit(web_server)
b.click_link_by_text("Sign in")
assert b.is_element_visible_by_css("#login-form")
b.find_by_css(".btn-login-facebook").click()
do_facebook_login_if_facebook_didnt_log_us_already(browser)
assert b.is_element_present_by_css("#msg-cannot-login-social-media-user")
def wallet_user(dbsession, registry, mock_eth_service) -> dict:
"""Create a user having a wallet in place with some faux tokens."""
details = {
"email": "*****@*****.**",
"password": "******"
}
with transaction.manager:
user = create_user(dbsession, registry, email=details["email"], password=details["password"])
setup_user_account(user, do_mainnet=True)
details["user_id"] = user.id
success_op_count, failed_op_count = mock_create_addresses(mock_eth_service, dbsession)
assert success_op_count == 1
assert failed_op_count == 0
return details
def test_get_user_account_operations(dbsession, registry, eth_network_id):
"""get_active_operations() gives sane results."""
with transaction.manager:
user = create_user(dbsession, registry)
setup_user_account(user, do_mainnet=True)
operations = UserCryptoOperation.get_active_operations(user)
assert operations.count() == 2
# Ticking operation off shortens the lsit
op = operations.first()
op.mark_complete()
operations = UserCryptoOperation.get_active_operations(user)
assert operations.count() == 1
op = operations.first()
op.mark_complete()
assert operations.count() == 0
def test_user_account_top_up(dbsession, registry):
with transaction.manager:
network = AssetNetwork(name="Foo Bank")
dbsession.add(network)
dbsession.flush()
asset = Asset(name="US Dollar", symbol="USD", asset_class=AssetClass.fiat)
network.assets.append(asset)
dbsession.flush()
assert asset.id
user = create_user(dbsession, registry)
dbsession.flush()
oa = UserOwnedAccount.create_for_user(user=user, asset=asset)
dbsession.flush()
oa.account.do_withdraw_or_deposit(Decimal("+100"), "Topping up")
def test_facebook_login_disabled_user(web_server, browser, dbsession, init):
"""Logged in user which is not enabled should give an error.."""
with transaction.manager:
u = create_user(dbsession, init.config.registry, email=os.environ["FACEBOOK_USER"])
u.enabled = False
b = browser
b.visit(web_server)
b.click_link_by_text("Sign in")
assert b.is_element_visible_by_css("#login-form")
b.find_by_css(".btn-login-facebook").click()
do_facebook_login_if_facebook_didnt_log_us_already(browser)
assert b.is_element_present_by_css("#msg-cannot-login-social-media-user")
def test_get_user_account_operations(dbsession, registry, eth_network_id):
"""get_active_operations() gives sane results."""
with transaction.manager:
user = create_user(dbsession, registry)
setup_user_account(user)
operations = UserCryptoOperation.get_active_operations(user)
assert operations.count() == 2
# Ticking operation off shortens the lsit
op = operations.first()
op.mark_complete()
operations = UserCryptoOperation.get_active_operations(user)
assert operations.count() == 1
op = operations.first()
op.mark_complete()
assert operations.count() == 0
def wallet_user(dbsession, registry, mock_eth_service) -> dict:
"""Create a user having a wallet in place with some faux tokens."""
details = {
"email": "*****@*****.**",
"password": "******"
}
with transaction.manager:
user = create_user(dbsession, registry, email=details["email"], password=details["password"])
setup_user_account(user)
details["user_id"] = user.id
success_op_count, failed_op_count = mock_create_addresses(mock_eth_service, dbsession)
assert success_op_count == 1
assert failed_op_count == 0
return details
def test_enter_admin(web_server, browser, dbsession, init):
"""The first user can open the admin page."""
with transaction.manager:
u = create_user(dbsession, init.config.registry)
site_creator = get_site_creator(init.config.registry)
site_creator.init_empty_site(dbsession, u)
assert u.is_admin()
b = browser
b.visit(web_server + "/login")
b.fill("username", EMAIL)
b.fill("password", PASSWORD)
b.find_by_name("login_email").click()
assert b.is_element_visible_by_css("#nav-admin")
b.find_by_css("#nav-admin").click()
assert b.is_element_present_by_css("#admin-main")
def test_enter_admin(web_server, browser, dbsession, init):
"""The first user can open the admin page."""
with transaction.manager:
u = create_user(dbsession, init.config.registry)
site_creator = get_site_creator(init.config.registry)
site_creator.init_empty_site(dbsession, u)
assert u.is_admin()
b = browser
b.visit(web_server + "/login")
b.fill("username", EMAIL)
b.fill("password", PASSWORD)
b.find_by_name("login_email").click()
assert b.is_element_visible_by_css("#nav-admin")
b.find_by_css("#nav-admin").click()
assert b.is_element_present_by_css("#admin-main")
def test_setup_user_account(dbsession, registry, eth_service, testnet_service,
eth_network_id):
"""See that we create primary and testnet address."""
with transaction.manager:
user = create_user(dbsession, registry)
assert user.owned_crypto_addresses.count() == 0 # 2 addresses
setup_user_account(user, do_mainnet=True)
assert user.owned_crypto_addresses.count() == 2 # 2 addresses
assert user.owned_crypto_operations.count() == 2 # 2 account creations
def _create_address(web3, dbsession, opid):
with transaction.manager:
op = dbsession.query(CryptoOperation).get(opid)
assert isinstance(op.address, CryptoAddress)
op.address.address = eth_address_to_bin(TEST_ADDRESS)
op.mark_performed()
op.mark_complete()
with mock.patch("websauna.wallet.ethereum.ops.create_address",
new=_create_address):
# Create address on main net
success_op_count, failed_op_count = eth_service.run_waiting_operations(
)
assert success_op_count == 1
assert failed_op_count == 0
# Create address on test net
success_op_count, failed_op_count = testnet_service.run_waiting_operations(
)
assert success_op_count == 1
assert failed_op_count == 0
# Make sure more addresses is not get created when we are called again
with transaction.manager:
user = dbsession.query(User).first()
setup_user_account(user, do_mainnet=True)
assert user.owned_crypto_addresses.count() == 2 # 2 addresses
assert user.owned_crypto_operations.count() == 2 # 2 account creations
def populated_mailing_list(mailgun, dbsession, registry, mailing_list):
with transaction.manager:
create_user(dbsession, registry)
import_all_users(mailgun, dbsession, mailing_list)
return mailing_list
def user_id(dbsession, registry):
with transaction.manager:
user = create_user(dbsession, registry)
return user.id
def test_starter_token(dbsession, registry, eth_network_id, web3: Web3,
eth_service: EthereumService, house_address, toybox):
"""See that a fresh user account is supplied with some play assets."""
with transaction.manager:
user = create_user(dbsession, registry)
setup_user_account(user, do_mainnet=True)
# Let all the events completed
success, fail = eth_service.run_event_cycle()
assert success == 1
assert fail == 0
# We need another event cycle to process the initial asset transfers
with transaction.manager:
user = dbsession.query(User).first()
opid = user.user_data["starter_asset_txs"][0]["toybox"]
assert opid
wait_for_op_confirmations(eth_service, opid)
# Let the transfer come through
eth_service.run_event_cycle()
# Make sure we confirm the deposit
with transaction.manager:
user = dbsession.query(User).first()
user_depo = user.owned_crypto_operations.join(
CryptoOperation).filter_by(
operation_type=CryptoOperationType.deposit).first()
opid = user_depo.crypto_operation.id
wait_for_op_confirmations(eth_service, opid)
with transaction.manager:
# Sanity check our token contract posts us logs
user = dbsession.query(User).first()
client = get_rpc_client(web3)
asset = dbsession.query(Asset).get(toybox)
address = bin_to_eth_address(asset.external_id)
network = dbsession.query(AssetNetwork).get(eth_network_id)
user_address = UserCryptoAddress.get_default(user, network).address
house_address = dbsession.query(CryptoAddress).get(house_address)
house = bin_to_eth_address(house_address.address)
token = Token.get(web3, address)
# Check we correctly resolved low level logs
token_logs = client.get_logs(from_block=0, address=[address])
wallet_logs = client.get_logs(from_block=0, address=[house])
assert len(token_logs) > 0
assert len(wallet_logs) > 0
# Check contract state matches
assert token.contract.call().balanceOf(house) == 9990
assert token.contract.call().balanceOf(
bin_to_eth_address(user_address.address)) == 10
# Check our internal book keeping matches
assert house_address.get_account(asset).account.get_balance() == 9990
assert user_address.get_account(asset).account.get_balance() == 10
def user_id(dbsession, registry):
"""Create a sample user."""
with transaction.manager:
user = create_user(dbsession, registry)
user.user_data["phone_number"] = "+15551231234"
return user.id
def user_id(dbsession, registry):
"""Create a sample user."""
with transaction.manager:
user = create_user(dbsession, registry)
return user.id
def user_id(dbsession, registry):
"""Create a sample user."""
with transaction.manager:
user = create_user(dbsession, registry)
return user.id
