def test_change_password_good_is_password_changed(self):
from c2cgeoportal_geoportal.views.login import Login
import crypt
request = self._create_request_obj(
params={"lang": "en"},
POST={
"login": "******",
"oldPassword": "******",
"newPassword": "******",
"confirmNewPassword": "******",
},
)
from c2cgeoportal_commons.models import DBSession
from c2cgeoportal_commons.models.static import User
user = DBSession.query(User).filter_by(username="******").one()
assert user.is_password_changed is False
assert user._password == crypt.crypt("__test_user1", user._password)
login = Login(request)
self.assertNotEqual(login.change_password(), None)
user = DBSession.query(User).filter_by(username="******").one()
assert user.is_password_changed is True
assert user._password == crypt.crypt("1234", user._password)
def test_wrong_loginresetpassword(self):
from c2cgeoportal_geoportal.views.login import Login
from c2cgeoportal_commons.models import DBSession
from c2cgeoportal_commons.models.static import User
user = DBSession.query(User).filter_by(username="******").one()
_2fa_totp_secret = pyotp.random_base32()
totp = pyotp.TOTP(_2fa_totp_secret)
user.tech_data["2fa_totp_secret"] = _2fa_totp_secret
user.is_password_changed = True
request = self._create_request_obj(POST={"otp": totp.now()})
with pytest.raises(pyramid.httpexceptions.HTTPBadRequest):
Login(request).loginresetpassword()
request = self._create_request_obj(POST={"login": "******"})
with pytest.raises(pyramid.httpexceptions.HTTPBadRequest):
Login(request).loginresetpassword()
request = self._create_request_obj(POST={
"login": "******",
"otp": totp.now()
})
with pytest.raises(pyramid.httpexceptions.HTTPUnauthorized):
Login(request).loginresetpassword()
request = self._create_request_obj(POST={
"login": "******",
"otp": "wrong"
})
with pytest.raises(pyramid.httpexceptions.HTTPUnauthorized):
Login(request).loginresetpassword()
def test_new_user(self):
from c2cgeoportal_geoportal.views.login import Login
from c2cgeoportal_commons.models import DBSession
from c2cgeoportal_commons.models.static import User
request = self._create_request_obj(POST={
"login": "******",
"password": "******"
})
response = Login(request).login()
response_json = json.loads(response.body.decode("utf-8"))
assert "Cookie" not in dict(response.headers)
totp = pyotp.TOTP(response_json["two_factor_totp_secret"])
del response_json["two_factor_totp_secret"]
del response_json["otp_uri"]
assert response_json == {
"username": "******",
"is_password_changed": False,
"two_factor_enable": True,
}
user = DBSession.query(User).filter_by(username="******").one()
assert user.is_password_changed is False
request = self._create_request_obj(
POST={
"login": "******",
"oldPassword": "******",
"newPassword": "******",
"confirmNewPassword": "******",
"otp": totp.now(),
})
response = Login(request).change_password()
assert "Cookie" in dict(response.headers)
assert set(user.tech_data.keys()) == {"2fa_totp_secret"}
assert user.is_password_changed is True
assert json.loads(response.body.decode("utf-8")) == {
"email": "*****@*****.**",
"functionalities": {},
"is_intranet": False,
"roles": [],
"two_factor_enable": True,
"username": "******",
}
request = self._create_request_obj(POST={
"login": "******",
"password": "******",
"otp": totp.now()
})
response = Login(request).login()
assert "Cookie" in dict(response.headers)
assert json.loads(response.body.decode("utf-8")) == {
"username": "******",
"email": "*****@*****.**",
"is_intranet": False,
"two_factor_enable": True,
"roles": [],
"functionalities": {},
}
def test_logout_no_auth(self):
from pyramid.httpexceptions import HTTPUnauthorized
from c2cgeoportal_geoportal.views.login import Login
request = self._create_request_obj(path="/",
params={"came_from": "/came_from"})
login = Login(request)
with pytest.raises(HTTPUnauthorized):
login.logout()
def test_reset_password(self):
from c2cgeoportal_commons.models import DBSession
from c2cgeoportal_commons.models.static import User
from c2cgeoportal_geoportal.views.login import Login
request = self._create_request_obj(POST={"login": "******"})
user, username, password, _ = Login(request)._loginresetpassword()
assert user.temp_password is not None
assert username == "__test_user1"
request = self._create_request_obj(POST={
"login": username,
"password": password
})
response = Login(request).login()
assert response.status_int == 200
assert json.loads(response.body.decode("utf-8")) == {
"username": "******",
"is_password_changed": False,
"two_factor_enable": True,
}
request = self._create_request_obj(
POST={
"login": username,
"oldPassword": password,
"newPassword": "******",
"confirmNewPassword": "******",
})
response = Login(request).change_password()
assert json.loads(response.body.decode("utf-8")) == {
"username": "******",
"email": "*****@*****.**",
"is_intranet": False,
"two_factor_enable": False,
"roles": [{
"name": "__test_role1",
"id": self.role1_id
}],
"functionalities": {},
}
user = DBSession.query(User).filter(
User.username == "__test_user1").first()
self.assertIsNone(user.temp_password)
self.assertIsNotNone(user.password)
self.assertNotEqual(len(user.password), 0)
def test_change_password_different(self):
from pyramid.httpexceptions import HTTPBadRequest
from c2cgeoportal_geoportal.views.login import Login
request = self._create_request_obj(
username="******",
params={"lang": "en"},
POST={
"oldPassword": "******",
"newPassword": "******",
"confirmNewPassword": "******"
},
)
login = Login(request)
with pytest.raises(HTTPBadRequest):
login.change_password()
def test_password_change_2fa(self):
from c2cgeoportal_geoportal.views.login import Login
url = None
request = create_dummy_request()
request.POST = {"login": "******", "password": "******"}
request.GET = {
"client_id": "qgis",
"client_secret": "1234",
"redirect_uri": "http://127.0.0.1:7070/",
"response_type": "code",
"type": "oauth2",
}
request.method = "POST"
request.body = ""
pyramid.testing.setUp(request=request, registry=init_registry())
request.registry.settings["authentication"] = {"two_factor": True}
try:
response = Login(request).login()
LOG.error(response.text)
assert False
except HTTPFound as http_exception:
url = http_exception.headers["Location"]
assert url == "http://example.com/notlogin/view?"
def test_wrong_firstlogin(self):
from c2cgeoportal_geoportal.views.login import Login
request = self._create_request_obj(POST={"login": "******"})
with pytest.raises(pyramid.httpexceptions.HTTPBadRequest):
Login(request).login()
request = self._create_request_obj(POST={"password": "******"})
with pytest.raises(pyramid.httpexceptions.HTTPBadRequest):
Login(request).login()
request = self._create_request_obj(POST={
"login": "******",
"password": "******"
})
with pytest.raises(pyramid.httpexceptions.HTTPUnauthorized):
Login(request).login()
def test_change_password_no_params(self):
from pyramid.httpexceptions import HTTPBadRequest
from c2cgeoportal_geoportal.views.login import Login
request = self._create_request_obj(username="******",
params={"lang": "en"},
POST={})
login = Login(request)
self.assertRaises(HTTPBadRequest, login.change_password)
def test_wrong_login_change_password(self):
from c2cgeoportal_geoportal.views.login import Login
from c2cgeoportal_commons.models import DBSession
from c2cgeoportal_commons.models.static import User
user = DBSession.query(User).filter_by(username="******").one()
user.tech_data["2fa_totp_secret"] = pyotp.random_base32()
user.is_password_changed = True
request = self._create_request_obj(username="******",
POST={
"newPassword": "******",
"confirmNewPassword": "******"
})
with pytest.raises(pyramid.httpexceptions.HTTPBadRequest):
Login(request).change_password()
request = self._create_request_obj(username="******",
POST={
"oldPassword": "******",
"confirmNewPassword": "******"
})
with pytest.raises(pyramid.httpexceptions.HTTPBadRequest):
Login(request).change_password()
request = self._create_request_obj(username="******",
POST={
"oldPassword": "******",
"newPassword": "******"
})
with pytest.raises(pyramid.httpexceptions.HTTPBadRequest):
Login(request).change_password()
request = self._create_request_obj(
username="******",
POST={
"oldPassword": "******",
"newPassword": "******",
"confirmNewPassword": "******"
},
)
with pytest.raises(pyramid.httpexceptions.HTTPBadRequest):
Login(request).change_password()
def test_logout(self):
from c2cgeoportal_commons.models import DBSession
from c2cgeoportal_commons.models.static import User
from c2cgeoportal_geoportal.views.login import Login
request = self._create_request_obj(path="/")
request.user = DBSession.query(User).filter_by(
username="******").one()
response = Login(request).logout()
assert response.status_int == 200
assert response.body.decode("utf-8") == "true"
request = self._create_request_obj(path="/")
request.route_url = lambda url: "/dummy/route/url"
request.user = DBSession.query(User).filter_by(
username="******").one()
response = Login(request).logout()
assert response.status_int == 200
assert response.body.decode("utf-8") == "true"
def test_login(self):
from pyramid.httpexceptions import HTTPUnauthorized
from c2cgeoportal_geoportal.views.login import Login
from c2cgeoportal_commons.models import DBSession
from c2cgeoportal_commons.models.static import User
user = DBSession.query(User).filter_by(username="******").one()
user.is_password_changed = True
request = self._create_request_obj(params={"came_from": "/came_from"},
POST={
"login": "******",
"password": "******"
})
response = Login(request).login()
assert response.status_int == 302
assert response.headers["Location"] == "/came_from"
request = self._create_request_obj(POST={
"login": "******",
"password": "******"
})
response = Login(request).login()
assert response.status_int == 200
assert json.loads(response.body.decode("utf-8")) == {
"username": "******",
"email": "*****@*****.**",
"is_intranet": False,
"two_factor_enable": False,
"roles": [{
"name": "__test_role1",
"id": self.role1_id
}],
"functionalities": {},
}
request = self._create_request_obj(POST={
"login": "******",
"password": "******"
})
login = Login(request)
self.assertRaises(HTTPUnauthorized, login.login)
def test_intranet(self):
from tests import DummyRequest
from c2cgeoportal_geoportal.views.login import Login
request = DummyRequest()
request.registry.settings = {
"intranet": {
"networks": ["192.168.1.0/255.255.255.0"]
}
}
request.user = None
login = Login(request)
self.assertEqual(
login.loginuser(), {
"is_intranet": False,
"functionalities": {},
"two_factor_enable": False
})
request.client_addr = "192.168.1.20"
login = Login(request)
self.assertEqual(login.loginuser(), {
"is_intranet": True,
"functionalities": {},
"two_factor_enable": False
})
class G:
id = 123
def __init__(self, name, functionalities):
self.name = name
self.functionalities = functionalities
class U:
username = "******"
is_password_changed = True
email = "*****@*****.**"
def __init__(self, role="__test_role", functionalities=None):
if functionalities is None:
functionalities = []
self.roles = [G(role, functionalities)]
request.user = U()
login = Login(request)
request.client_addr = "192.168.2.20"
self.assertEqual(
login.loginuser(),
{
"email": "*****@*****.**",
"functionalities": {},
"is_intranet": False,
"roles": [{
"id": 123,
"name": "__test_role"
}],
"two_factor_enable": False,
"username": "******",
},
)
login = Login(request)
request.client_addr = "192.168.1.20"
self.assertEqual(
login.loginuser(),
{
"email": "*****@*****.**",
"functionalities": {},
"is_intranet": True,
"roles": [{
"id": 123,
"name": "__test_role"
}],
"two_factor_enable": False,
"username": "******",
},
)
def test_login_0(self):
from tests import DummyRequest
from c2cgeoportal_geoportal.views.login import Login
request = DummyRequest()
request.is_valid_referer = True
request.user = None
login = Login(request)
request.path = "/for_test"
responce = login.loginform403()
assert responce["came_from"] == "/for_test"
request.params = {"came_from": "/for_a_second_test"}
login = Login(request)
responce = login.loginform()
assert responce["came_from"] == "/for_a_second_test"
login = Login(request)
request.params = {}
responce = login.loginform()
assert responce["came_from"] == "/"
request.registry.settings = {
"functionalities": {
"available_in_templates": ["func"]
},
"admin_interface": {
"available_functionalities": [{
"name": "func"
}]
},
}
fill_tech_user_functionality("anonymous", (("func", "anon"),
("toto", "anon_value2")))
fill_tech_user_functionality("registered", (("func", "reg"), ))
login = Login(request)
self.assertEqual(login.loginuser()["functionalities"],
{"func": ["anon"]})
class R:
id = 123
def __init__(self, name, functionalities):
self.name = name
self.functionalities = functionalities
class U:
username = "******"
is_password_changed = True
email = "*****@*****.**"
settings_role = None
def __init__(self, role="__test_role", functionalities=None):
if functionalities is None:
functionalities = []
self.roles = [R(role, functionalities)]
request.user = U()
login = Login(request)
expected = {
"username": "******",
"email": "*****@*****.**",
"is_intranet": False,
"two_factor_enable": False,
"roles": [{
"name": "__test_role",
"id": 123
}],
"functionalities": {
"func": ["reg"]
},
}
self.assertEqual(login.loginuser(), expected)
class F:
name = "func"
value = "value"
request.user = U("__test_role2", [F()])
login = Login(request)
expected = {
"username": "******",
"email": "*****@*****.**",
"is_intranet": False,
"two_factor_enable": False,
"roles": [{
"name": "__test_role2",
"id": 123
}],
"functionalities": {
"func": ["value"]
},
}
self.assertEqual(login.loginuser(), expected)
def test_oauth2_protocol(self):
from c2cgeoportal_commons.models import DBSession
from c2cgeoportal_commons.models.static import User
from c2cgeoportal_geoportal.views.login import Login
# Test login form
request = create_dummy_request()
request.params = {
"client_id": "qgis",
"redirect_uri": "http://127.0.0.1:7070/",
"response_type": "token",
}
response = Login(request).oauth2loginform()
assert response["login_params"] == {
"client_id": "qgis",
"redirect_uri": "http://127.0.0.1:7070/",
"response_type": "token",
"type": "oauth2",
}
# Test login
url = None
request = create_dummy_request(authentication=True)
request.POST = {"login": "******", "password": "******"}
request.GET = {
"client_id": "qgis",
"client_secret": "1234",
"redirect_uri": "http://127.0.0.1:7070/",
"response_type": "code",
"type": "oauth2",
}
request.method = "POST"
request.body = ""
try:
response = Login(request).login()
LOG.error(response.text)
assert False
except HTTPFound as http_exception:
url = http_exception.headers["Location"]
url_split = urllib.parse.urlsplit(url)
query = dict(urllib.parse.parse_qsl(url_split.query))
assert "code" in query
code = query["code"]
# Test get token
request = create_dummy_request(authentication=True)
request.POST = {
"client_id": "qgis",
"client_secret": "1234",
"code": code,
"grant_type": "authorization_code",
"redirect_uri": "http://127.0.0.1:7070/",
}
request.body = urllib.parse.urlencode(request.POST)
request.method = "POST"
response = Login(request).oauth2token()
assert response.headers["Content-Type"] == "application/json"
assert response.headers["Pragma"] == "no-cache"
assert response.headers["Vary"] == "Origin"
assert response.headers[
"Cache-Control"] == "max-age=10, no-store, public"
data = json.loads(response.body)
assert set(data.keys()) == {
"access_token", "expires_in", "token_type", "refresh_token"
}
assert data["expires_in"] == 3600
assert data["token_type"] == "Bearer"
access_token = data["access_token"]
refresh_token = data["refresh_token"]
# Test is login
request = create_dummy_request(authentication=True)
request.headers["Authorization"] = "Bearer " + access_token
response = Login(request).loginuser()
assert set(response.keys()) == {
"functionalities",
"is_intranet",
"two_factor_enable",
"username",
"email",
"roles",
}
assert response["username"] == "__test_user1"
# Test refresh token
request = create_dummy_request()
request.POST = {
"client_id": "qgis",
"client_secret": "1234",
"grant_type": "refresh_token",
"refresh_token": refresh_token,
}
request.body = urllib.parse.urlencode(request.POST)
request.method = "POST"
response = Login(request).oauth2token()
data = json.loads(response.body)
assert set(data.keys()) == {
"access_token", "expires_in", "token_type", "refresh_token",
"scope"
}
assert data["expires_in"] == 3600
assert data["token_type"] == "Bearer"
assert data["access_token"] != access_token
assert data["refresh_token"] != refresh_token
access_token = data["access_token"]
# Test is login with new token
request = create_dummy_request()
request.headers["Authorization"] = "Bearer " + access_token
response = Login(request).loginuser()
assert set(response.keys()) == {
"functionalities",
"is_intranet",
"two_factor_enable",
"username",
"email",
"roles",
}
assert response["username"] == "__test_user1"
def test_notlogin(self):
from c2cgeoportal_geoportal.views.login import Login
request = create_dummy_request()
response = Login(request).notlogin()
assert response == {"lang": "fr"}