def test_create_new_user(configure_model, pymongo_connection, freeze_time):
login = pytest.faux.gen_alpha()
password = pytest.faux.gen_alphanumeric()
email = pytest.faux.gen_email()
full_name = pytest.faux.gen_alphanumeric()
role_id = pytest.faux.gen_uuid()
new_user = user.UserModel.make_user(login, password, email, full_name,
role_id)
db_user = pymongo_connection.db.user.find_one({"_id": new_user._id})
assert db_user
assert new_user.login == db_user["login"]
assert new_user.email == db_user["email"]
assert new_user.password_hash == db_user["password_hash"]
assert new_user.full_name == db_user["full_name"]
assert new_user.role_id == db_user["role_id"]
assert new_user.model_id == db_user["model_id"]
assert new_user.initiator_id == db_user["initiator_id"]
assert new_user.version == db_user["version"]
assert new_user.initiator_id == db_user["initiator_id"]
assert new_user.time_created == db_user["time_created"]
assert new_user.time_deleted == db_user["time_deleted"]
assert new_user._id != new_user.model_id
assert not new_user.time_deleted
for value in db_user.values():
assert password != value
for value in new_user.__dict__.values():
assert password != value
assert passwords.compare_passwords(password, new_user.password_hash)
def authenticate(self, user_name, password):
user_model = self.require_user_model(user_name)
if not passwords.compare_passwords(password, user_model.password_hash):
LOG.warning("Password mismatch for user with login %s", user_name)
raise exceptions.Unauthorized
token_model = token.TokenModel.create(user_model.model_id)
return token_model
def authenticate(user_name, password):
"""Authenticate user by username/password pair. Return a token if OK."""
user_model = user.UserModel.find_by_login(user_name)
if not user_model:
LOG.warning("Cannot find not deleted user with login %s", user_name)
raise exceptions.Unauthorized
if not passwords.compare_passwords(password, user_model.password_hash):
LOG.warning("Password mismatch for user with login %s", user_name)
raise exceptions.Unauthorized
token_model = token.TokenModel.create(user_model.model_id)
return token_model
def test_create_new_user(
pymongo_connection, email, new_password_message, sudo_client_v1,
freeze_time, valid_post_request
):
response = sudo_client_v1.post("/v1/user/", data=valid_post_request)
db_user = pymongo_connection.db.user.find(
{"login": valid_post_request["login"]}
)
assert db_user.count() == 1
db_user = db_user[0]
assert response.status_code == 200
data = response.json
assert data["id"] == db_user["model_id"]
assert data["model"] == "user"
assert data["version"] == db_user["version"]
assert data["version"] == 1
assert data["time_updated"] == db_user["time_created"]
assert data["time_updated"] == int(freeze_time.return_value)
assert data["time_deleted"] == db_user["time_deleted"]
assert data["time_deleted"] == 0
assert data["initiator_id"] == db_user["initiator_id"]
assert data["data"]["login"] == db_user["login"]
assert data["data"]["login"] == valid_post_request["login"]
assert data["data"]["email"] == db_user["email"]
assert data["data"]["email"] == valid_post_request["email"]
assert data["data"]["full_name"] == valid_post_request["full_name"]
assert data["data"]["full_name"] == db_user["full_name"]
assert data["data"]["role_id"] == valid_post_request["role_id"]
assert data["data"]["role_id"] == db_user["role_id"]
assert len(email.sendmail.mock_calls) == 1
to, cc, password = email.sendmail.call_args[0][-1]
assert to == [db_user["email"]]
assert cc == []
assert passwords.compare_passwords(password, db_user["password_hash"])
assert password not in db_user.values()
def test_update_password(reset_token):
new_password = pytest.faux.gen_alphanumeric()
reset_token.consume(new_password)
new_user = user.UserModel.find_by_model_id(reset_token.user_id)
assert passwords.compare_passwords(new_password, new_user.password_hash)
def test_password_hashing(password):
hashed = passwords.hash_password(password)
assert passwords.compare_passwords(password, hashed)