def test_verify_pin_allow_empty(self):
al = AccountLinking(trusted_keys=[],
db=self.db,
salt="my_salt",
email_sender_create_account=EmailFake(),
email_sender_pin_recovery=EmailFake(),
pin_verify="((?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%]).{6,20})",
pin_empty=False)
assert al._verify_pin("") is False
def setup(self):
self.test_idp = "my_idp"
self.test_id = "my_id"
self.account_linking_request = IdRequest({"id": self.test_id, "idp": self.test_idp,
"redirect_endpoint": "https://client.example.com/redirect"})
self.db = ALDatasetDatabase()
self.al = AccountLinking(
trusted_keys=[],
db=self.db,
salt="my_salt",
email_sender_create_account=EmailFake(),
email_sender_pin_recovery=EmailFake(),
pin_verify="((?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%]).{6,20})",
pin_empty=True)
class TestAL(object):
def create_account(self, pin, email="my_email", id=None, idp=None):
if id or idp:
request = IdRequest({"id": id or self.test_id, "idp": idp or self.test_idp,
"redirect_endpoint": "https://client.example.com/redirect"})
else:
request = self.account_linking_request
ticket = self.al.create_ticket(request)
self.al.create_account_step1(email, ticket)
assert self.al.email_sender_create_account.email_to == email
assert self.al.email_sender_create_account.token is not None
token = self.al.email_sender_create_account.token
verified_token = self.al.create_account_step2(token)
assert verified_token == token
self.al.create_account_step3(token, pin)
@pytest.fixture(autouse=True)
def setup(self):
self.test_idp = "my_idp"
self.test_id = "my_id"
self.account_linking_request = IdRequest({"id": self.test_id, "idp": self.test_idp,
"redirect_endpoint": "https://client.example.com/redirect"})
self.db = ALDatasetDatabase()
self.al = AccountLinking(
trusted_keys=[],
db=self.db,
salt="my_salt",
email_sender_create_account=EmailFake(),
email_sender_pin_recovery=EmailFake(),
pin_verify="((?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%]).{6,20})",
pin_empty=True)
def test_get_uuid_should_raise_key_exception_for_unknown_key(self):
with pytest.raises(ALserviceNoSuchKey):
self.al.get_uuid("unknown")
def test_create_account_step1_should_raise_ticket_exception_for_unknown_ticket(self):
with pytest.raises(ALserviceTicketError):
self.al.create_account_step1("my_email", "unknown")
def test_create_account_step2_should_raise_token_exception_for_unknown_token(self):
with pytest.raises(ALserviceTokenError):
self.al.create_account_step2("unknown")
def test_create_account_step2_should_raise_ticket_exception_for_unknown_token_and_unknown_ticket(self):
with pytest.raises(ALserviceTicketError):
self.al.create_account_step2("unknown_token.unknown_ticket")
def test_create_account_step2_should_raise_token_exception_for_unknown_token_and_known_ticket(self):
ticket = self.al.create_ticket(self.account_linking_request)
with pytest.raises(ALserviceTokenError):
self.al.create_account_step2("unknown_token.{}".format(ticket))
def test_create_account_step3_should_raise_token_exception_for_unknown_token(self):
with pytest.raises(ALserviceTokenError):
self.al.create_account_step3("incorrect_token", "")
def test_create_account_step3_should_raise_token_exception_for_unknown_token_and_unknown_ticket(self):
with pytest.raises(ALserviceTokenError):
self.al.create_account_step3("incorrect_token.incorrect_ticket", "")
def test_create_account_step3_should_raise_ticket_exception_for_unknown_token_and_known_ticket(self):
ticket = self.al.create_ticket(self.account_linking_request)
self.al.create_account_step1("my_email", ticket)
token = self.al.email_sender_create_account.token
verified_token = self.al.create_account_step2(token)
broken_token = "{}.unknown_ticket".format(verified_token.split(".")[0], "incorrect_ticket")
with pytest.raises(ALserviceTicketError):
self.al.create_account_step3(broken_token, "")
@pytest.mark.parametrize("pin", ["", "#NotSoEasy1", "ALiteBitHarder#2!435345#fdgdfg"])
def test_create_account_flow(self, pin):
self.create_account(pin)
uuid_1 = self.al.get_uuid(self.account_linking_request.key)
uuid_2 = self.al.get_uuid(self.account_linking_request.key)
assert uuid_1 == uuid_2
def test_create_account_step3_should_raise_exception_if_account_already_exists(self):
pin = ""
email = "*****@*****.**"
self.create_account(pin, email)
ticket = self.al.create_ticket(self.account_linking_request)
self.al.create_account_step1(email, ticket)
token = self.al.email_sender_create_account.token
token = self.al.create_account_step2(token)
with pytest.raises(ALserviceAccountExists):
self.al.create_account_step3(token, pin)
def test_link_key_should_raise_exception_if_wrong_pin_is_used(self):
pin = ""
self.create_account(pin)
ticket = self.al.create_ticket(
IdRequest({"id": "my_id", "idp": self.test_idp, "redirect_endpoint": "my_redirect"}))
with pytest.raises(ALserviceAuthenticationError):
self.al.link_key("my_email", "wrong_pin", ticket)
def test_link_key_should_raise_exception_if_wrong_email_is_used(self):
pin = ""
self.create_account(pin)
ticket = self.al.create_ticket(self.account_linking_request)
with pytest.raises(ALserviceAuthenticationError):
self.al.link_key("_wrong_my_email", pin, ticket)
@pytest.mark.parametrize("pin", ["", "#NotSoEasy1", "ALiteBitHarder#2!435345#fdgdfg"])
def test_change_account_linking(self, pin):
email = "*****@*****.**"
self.create_account(pin, email)
new_request = IdRequest({"id": "new_id", "idp": self.account_linking_request["idp"],
"redirect_endpoint": self.account_linking_request["redirect_endpoint"]})
ticket = self.al.create_ticket(new_request)
self.al.create_account_step1("my_email", ticket)
token = self.al.email_sender_create_account.token
self.al.create_account_step2(token)
self.al.link_key(email, pin, ticket)
uuid_1 = self.al.get_uuid(new_request.key)
uuid_2 = self.al.get_uuid(new_request.key)
assert uuid_1 == uuid_2
# the old key has been removed
with pytest.raises(ALserviceNoSuchKey):
self.al.get_uuid(self.test_id)
def test_change_pin_step1_should_raise_exception_for_unknown_email(self):
pin = "asdkhAas3#"
self.create_account(pin)
with pytest.raises(ALserviceAuthenticationError):
self.al.change_pin_step1("unknown", pin)
def test_change_pin_step1_should_raise_exception_for_wrong_pin(self):
pin = "asdkhAas3#"
email = "*****@*****.**"
self.create_account(pin, email)
with pytest.raises(ALserviceAuthenticationError):
self.al.change_pin_step1(email, pin + "_wrong")
def test_change_pin_step2_should_raise_exception_for_wrong_old_pin(self):
pin = "asdkhAas3#"
email = "*****@*****.**"
self.create_account(pin, email)
self.al.change_pin_step1(email, pin)
token = self.al.email_sender_pin_recovery.token
with pytest.raises(ALserviceAuthenticationError):
self.al.change_pin_step2(token, pin + "_wrong", pin + "_new")
def test_change_pin_step2_should_raise_exception_for_unknown_token(self):
pin = "asdkhAas3#"
email = "*****@*****.**"
self.create_account(pin, email)
self.al.change_pin_step1(email, pin)
with pytest.raises(ALserviceAuthenticationError):
self.al.change_pin_step2("unknown", pin, pin + "_new")
def test_change_pin(self):
pin = "#A4534j5khtfdgkjhgkjdfsh#"
self.create_account(pin)
self.al.change_pin_step1("my_email", pin)
token = self.al.email_sender_pin_recovery.token
new_pin = "my_new_piAAn123123#!"
self.al.change_pin_step2(token, pin, new_pin)
ticket = self.al.create_ticket(self.account_linking_request)
self.al.link_key("my_email", new_pin, ticket)
uuid_1 = self.al.get_uuid(self.account_linking_request.key)
uuid_2 = self.al.get_uuid(self.account_linking_request.key)
assert uuid_1 == uuid_2
@pytest.mark.parametrize("invalid_pin", [
None,
"NotOK",
])
def test_verify_pin_for_invalid_pin(self, invalid_pin):
assert self.al._verify_pin(invalid_pin) is False
@pytest.mark.parametrize("valid_pin", [
"aP1n##",
""
])
def test_verify_pin(self, valid_pin):
# should not raise an exception
self.al._verify_pin(valid_pin)
def test_verify_pin_allow_empty(self):
al = AccountLinking(trusted_keys=[],
db=self.db,
salt="my_salt",
email_sender_create_account=EmailFake(),
email_sender_pin_recovery=EmailFake(),
pin_verify="((?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%]).{6,20})",
pin_empty=False)
assert al._verify_pin("") is False
