def testInsecurePostIsNotRejectedInDevelopmentMode(self):
"""A C{POST} via HTTP is not rejected when in development mode."""
self.config.set('service', 'development', 'true')
with login(None, None, self.transact) as session:
resource = VerifyUserPasswordResource(None, session, 'user')
payload = dumps({'password': '******'})
headers = {'Content-Length': [str(len(payload))],
'Content-Type': ['application/json']}
request = FakeRequest(method='POST', headers=Headers(headers),
body=payload)
self.assertEqual(NOT_DONE_YET, resource.render(request))
yield resource.deferred
self.assertEqual(request.code, http.OK)
def testPostWithExtraCrapInPayloadReturnsBadRequest(self):
"""
A C{POST} to C{/users/user/verify} with unexpected data in the payload
returns a 400 Bad Request.
"""
with login(None, None, self.transact) as session:
resource = VerifyUserPasswordResource(None, session, 'user')
payload = dumps({'password': '******', 'foo': 'bar'})
headers = {'Content-Length': [str(len(payload))],
'Content-Type': ['application/json'],
'X-Forwarded-Protocol': ['https']}
request = FakeRequest(method='POST', headers=Headers(headers),
body=payload)
self.assertEqual(NOT_DONE_YET, resource.render(request))
yield resource.deferred
self.assertEqual(request.code, http.BAD_REQUEST)
def testInsecurePostIsRejected(self):
"""A C{POST} via HTTP is rejected if not in development mode."""
self.config.set('service', 'development', 'false')
with login(None, None, self.transact) as session:
resource = VerifyUserPasswordResource(None, session, 'user')
payload = ''
headers = {'Content-Length': [str(len(payload))],
'Content-Type': ['application/json']}
request = FakeRequest(method='POST', headers=Headers(headers),
body=payload)
self.assertEqual(NOT_DONE_YET, resource.render(request))
yield resource.deferred
self.assertEqual(request.code, http.BAD_REQUEST)
self.assertEqual(
request.getResponseHeader('X-FluidDB-Message'),
'/users/<username>/verify requests must use HTTPS')
def testPostWithUnknownUsernameReturnsNotFound(self):
"""
A C{POST} to C{/users/user/verify} with an unknown username returns a
404 Not Found.
"""
with login(None, None, self.transact) as session:
resource = VerifyUserPasswordResource(None, session, 'unknown')
payload = dumps({'password': '******'})
headers = {'Content-Length': [str(len(payload))],
'Content-Type': ['application/json'],
'X-Forwarded-Protocol': ['https']}
request = FakeRequest(method='POST', headers=Headers(headers),
body=payload)
self.assertEqual(NOT_DONE_YET, resource.render(request))
yield resource.deferred
self.assertEqual(request.code, http.NOT_FOUND)
def testPostWithIncorrectPasswordReturnsFalse(self):
"""
A C{POST} to C{/users/user/verify} with the incorrect password returns
a C{{'valid': False}} response.
"""
with login(None, None, self.transact) as session:
resource = VerifyUserPasswordResource(None, session, 'user')
payload = dumps({'password': '******'})
headers = {'Content-Length': [str(len(payload))],
'Content-Type': ['application/json'],
'X-Forwarded-Protocol': ['https']}
request = FakeRequest(method='POST', headers=Headers(headers),
body=payload)
self.assertEqual(NOT_DONE_YET, resource.render(request))
yield resource.deferred
self.assertEqual(request.code, http.OK)
self.assertEqual(loads(request.response), {'valid': False})
def testPostWithCorrectPasswordReturnsCorrectFullname(self):
"""
A C{POST} to C{/users/user/verify} with the correct password returns a
JSON object with the user's correct full name.
"""
with login(None, None, self.transact) as session:
resource = VerifyUserPasswordResource(None, session, 'user')
payload = dumps({'password': '******'})
headers = {'Content-Length': [str(len(payload))],
'Content-Type': ['application/json'],
'X-Forwarded-Protocol': ['https']}
request = FakeRequest(method='POST', headers=Headers(headers),
body=payload)
self.assertEqual(NOT_DONE_YET, resource.render(request))
yield resource.deferred
self.assertEqual(request.code, http.OK)
result = loads(request.response)
self.assertEqual(u'Peter Parker', result['fullname'])
def testPostWithCorrectPasswordDoesNotCauseALogWarning(self):
"""
A C{POST} to C{/users/user/verify} with the correct password should
not cause a complaint about unknown return payload fields in the
logging system.
"""
with login(None, None, self.transact) as session:
resource = VerifyUserPasswordResource(None, session, 'user')
payload = dumps({'password': '******'})
headers = {'Content-Length': [str(len(payload))],
'Content-Type': ['application/json'],
'X-Forwarded-Protocol': ['https']}
request = FakeRequest(method='POST', headers=Headers(headers),
body=payload)
self.assertEqual(NOT_DONE_YET, resource.render(request))
yield resource.deferred
logOutput = self.log.getvalue()
self.assertNotIn("unknown response payload field 'renewalToken'",
logOutput)
self.assertNotIn("unknown response payload field 'accessToken'",
logOutput)
def testPostWithCorrectPasswordReturnsCorrectKeys(self):
"""
A C{POST} to C{/users/user/verify} with the correct password returns a
JSON object with all the expected keys, including valid = True.
"""
with login(None, None, self.transact) as session:
resource = VerifyUserPasswordResource(None, session, 'user')
payload = dumps({'password': '******'})
headers = {'Content-Length': [str(len(payload))],
'Content-Type': ['application/json'],
'X-Forwarded-Protocol': ['https']}
request = FakeRequest(method='POST', headers=Headers(headers),
body=payload)
self.assertEqual(NOT_DONE_YET, resource.render(request))
yield resource.deferred
self.assertEqual(request.code, http.OK)
result = loads(request.response)
self.assertEqual(
['accessToken', 'fullname', 'renewalToken', 'role', 'valid'],
sorted(result.keys()))
self.assertTrue(result['valid'])