Пример #1
0
    def test_superuser_may_add_user(self):
        USERNAME = '******'

        resp = self.post('%sadd/' % self.USER_UI_URL, data={'add-is-user-username': USERNAME,
                                                            'add-is-user-password': '******'})
        assert_http_redirect(resp)
        assert_true(User.objects.filter(username=USERNAME).exists())
Пример #2
0
    def test_user_should_be_authorized_with_two_factor_authentication(
            self, user):
        login_resp = self.post(self.UI_TWO_FACTOR_LOGIN_URL, {
            'username': '******',
            'password': '******'
        })

        assert_http_redirect(login_resp)
        resp_location = login_resp['Location']
        assert_equal(resp_location[:resp_location.find('?')],
                     settings.TWO_FACTOR_REDIRECT_URL)
        assert_false(login_resp.wsgi_request.user.is_authenticated)

        token = login_resp.wsgi_request.token
        assert_true(token.two_factor_code is not None)
        assert_false(token.is_authenticated)
        # the code value needs to be overwritted, so that its value could be used for next request
        token.two_factor_code = make_password('12345',
                                              salt=Token.TWO_FACTOR_CODE_SALT)
        token.save()

        code_check_resp = self.post(self.UI_CODE_CHECK_LOGIN_URL,
                                    {'code': '12345'})

        assert_http_redirect(code_check_resp)
        assert_equal(code_check_resp['location'], '/accounts/profile/')
        assert_true(code_check_resp.wsgi_request.token.is_authenticated)
        assert_true(code_check_resp.wsgi_request.user.is_authenticated)
        assert_equal(code_check_resp.wsgi_request.user, user)
Пример #3
0
    def test_superuser_may_add_user(self):
        USERNAME = '******'

        resp = self.post('%sadd/' % self.USER_UI_URL, data={'add-is-user-username': USERNAME,
                                                            'add-is-user-password': '******'})
        assert_http_redirect(resp)
        assert_true(User.objects.filter(username=USERNAME).exists())
Пример #4
0
    def test_group_permission_shound_not_be_over_limit(self):
        group_a = Group.objects.create(name='group A')
        group_b = Group.objects.create(name='group B')
        group_c = Group.objects.create(name='group C')

        resp = self.post(
            '/group/{}/'.format(group_a.pk), {
                'detail-is-group-name': 'group A',
                'detail-is-group-fgroups': [group_b.pk],
                'detail-is-group-fperms': []
            })
        assert_http_redirect(resp)

        resp = self.post(
            '/group/{}/'.format(group_b.pk), {
                'detail-is-group-name': 'group B',
                'detail-is-group-fgroups': [group_c.pk],
                'detail-is-group-fperms': []
            })
        assert_http_ok(resp)

        with override_settings(PERM_GROUP_MAX_LEVEL=3):
            resp = self.post(
                '/group/{}/'.format(group_b.pk), {
                    'detail-is-group-name': 'group B',
                    'detail-is-group-fgroups': [group_c.pk],
                    'detail-is-group-fperms': []
                })
            assert_http_redirect(resp)
Пример #5
0
 def authorize(self, username, password):
     assert_http_redirect(
         self.post(config.LOGIN_URL, {
             config.USERNAME: username,
             config.PASSWORD: password
         },
                   content_type=MULTIPART_CONTENT))
Пример #6
0
 def test_user_should_not_be_authorized_via_cookie_if_cookie_is_turned_off(
         self, user):
     resp = self.post(self.UI_LOGIN_URL, {
         'username': '******',
         'password': '******'
     })
     assert_http_redirect(resp)
     assert_http_redirect(self.get(self.INDEX_URL))
Пример #7
0
 def test_user_should_be_authorized_with_changed_cookie_name(self, user):
     resp = self.post(self.UI_LOGIN_URL, {
         'username': '******',
         'password': '******'
     })
     assert_http_redirect(resp)
     assert_in('ChangedAuthorization', self.c.cookies)
     assert_http_ok(self.get(self.INDEX_URL))
Пример #8
0
    def test_user_with_permission_may_add_user(self):
        self.logged_user.user.perms.add_perm('core.issue_tracker.UserIsCore.create')

        USERNAME = '******'

        resp = self.post('%sadd/' % self.USER_UI_URL, data={'add-is-user-username': USERNAME,
                                                            'add-is-user-password': '******'})
        assert_http_redirect(resp)
        assert_true(User.objects.filter(username=USERNAME).exists())
Пример #9
0
 def test_user_should_be_logged_out_via_cookies(self, user):
     resp = self.post(self.UI_LOGIN_URL, {
         'username': '******',
         'password': '******'
     })
     assert_http_redirect(resp)
     assert_http_ok(self.get(self.INDEX_URL))
     assert_http_ok(self.get(self.UI_LOGOUT_URL))
     assert_http_redirect(self.get(self.INDEX_URL))
Пример #10
0
 def test_user_should_not_be_authorized_via_cookie_if_cookie_has_not_allowed_header(
         self, user):
     resp = self.post(self.UI_LOGIN_URL, {
         'username': '******',
         'password': '******'
     })
     assert_http_redirect(resp)
     assert_http_ok(self.get(self.INDEX_URL))
     assert_in('Authorization', self.c.cookies)
     Token.objects.all().update(allowed_cookie=False)
     assert_http_redirect(self.get(self.INDEX_URL))
Пример #11
0
    def test_send_two_factor_token_should_be_called_for_two_factor_login(
            self, send_two_factor_token):
        self.create_user()
        login_resp = self.post(self.UI_TWO_FACTOR_LOGIN_URL, {
            'username': '******',
            'password': '******'
        })

        assert_http_redirect(login_resp)
        send_two_factor_token.assert_called_once_with(
            login_resp.wsgi_request.token, self.CODE)
Пример #12
0
 def test_user_should_be_authorized_via_cookie(self, user):
     assert_http_redirect(self.get(self.INDEX_URL))
     resp = self.post(self.UI_LOGIN_URL, {
         'username': '******',
         'password': '******'
     })
     assert_http_redirect(resp)
     assert_http_ok(self.get(self.INDEX_URL))
     assert_in('Authorization', self.c.cookies)
     assert_false(Token.objects.last().allowed_header)
     assert_true(Token.objects.last().allowed_cookie)
Пример #13
0
 def test_token_type_should_be_required(self, user):
     resp = self.post(self.API_LOGIN_URL, {
         'username': '******',
         'password': '******'
     })
     assert_http_ok(resp)
     assert_http_ok(
         self.get(self.INDEX_URL,
                  headers={
                      'HTTP_AUTHORIZATION':
                      'Bearer {}'.format(resp.json()['token'])
                  }))
     assert_http_redirect(
         self.get(self.INDEX_URL,
                  headers={'HTTP_AUTHORIZATION': resp.json()['token']}))
Пример #14
0
 def test_user_should_not_be_authorized_via_http_header_if_headers_are_turned_off(
         self, user):
     resp = self.post(self.API_LOGIN_URL, {
         'username': '******',
         'password': '******'
     })
     assert_http_ok(resp)
     assert_in('token', resp.json())
     assert_http_redirect(
         self.get(self.INDEX_URL,
                  headers={
                      'HTTP_AUTHORIZATION':
                      'Bearer {}'.format(resp.json()['token'])
                  }))
     assert_false(self.client.cookies)
Пример #15
0
 def test_user_should_be_authorized_via_http_header(self, user):
     assert_http_redirect(self.get(self.INDEX_URL))
     resp = self.post(self.API_LOGIN_URL, {
         'username': '******',
         'password': '******'
     })
     assert_http_ok(resp)
     assert_in('token', resp.json())
     assert_http_ok(
         self.get(self.INDEX_URL,
                  headers={
                      'HTTP_AUTHORIZATION':
                      'Bearer {}'.format(resp.json()['token'])
                  }))
     assert_not_in('Authorization', self.c.cookies)
     assert_true(Token.objects.last().allowed_header)
     assert_false(Token.objects.last().allowed_cookie)
Пример #16
0
 def test_token_should_be_expired(self, user):
     resp = self.post(self.API_LOGIN_URL, {
         'username': '******',
         'password': '******'
     })
     assert_http_ok(resp)
     token = resp.json()['token']
     resp = self.get(
         self.INDEX_URL,
         headers={'HTTP_AUTHORIZATION': 'Bearer {}'.format(token)})
     assert_in('X-Authorization-Expiration', resp)
     assert_true(resp['X-Authorization-Expiration'].startswith('0:59'))
     with freeze_time(timezone.now() + timedelta(hours=1), tick=True):
         assert_http_redirect(
             self.get(self.INDEX_URL,
                      headers={
                          'HTTP_AUTHORIZATION': 'Bearer {}'.format(token),
                      }))
Пример #17
0
 def test_user_should_be_logged_out_via_http_header(self, user):
     resp = self.post(self.API_LOGIN_URL, {
         'username': '******',
         'password': '******'
     })
     assert_http_ok(resp)
     token = resp.json()['token']
     assert_http_ok(
         self.get(self.INDEX_URL,
                  headers={'HTTP_AUTHORIZATION':
                           'Bearer {}'.format(token)}))
     assert_http_accepted(
         self.delete(
             self.API_LOGIN_URL,
             headers={'HTTP_AUTHORIZATION': 'Bearer {}'.format(token)}))
     assert_http_redirect(
         self.get(self.INDEX_URL,
                  headers={'HTTP_AUTHORIZATION':
                           'Bearer {}'.format(token)}))
Пример #18
0
 def test_user_should_be_authorized_with_changed_header_name(self, user):
     resp = self.post(self.API_LOGIN_URL, {
         'username': '******',
         'password': '******'
     })
     assert_http_ok(resp)
     assert_in('token', resp.json())
     assert_http_ok(
         self.get(self.INDEX_URL,
                  headers={
                      'HTTP_X_AUTHORIZATION':
                      'Bearer {}'.format(resp.json()['token'])
                  }))
     assert_http_redirect(
         self.get(self.INDEX_URL,
                  headers={
                      'HTTP_AUTHORIZATION':
                      'Bearer {}'.format(resp.json()['token'])
                  }))
Пример #19
0
    def test_group_permission_shoud_not_have_cycles(self):
        group_a = Group.objects.create(name='group A')
        group_b = Group.objects.create(name='group B')

        resp = self.post(
            '/group/{}/'.format(group_a.pk), {
                'detail-is-group-name': 'group A',
                'detail-is-group-fgroups': [group_b.pk],
                'detail-is-group-fperms': []
            })
        assert_http_redirect(resp)

        resp = self.post(
            '/group/{}/'.format(group_b.pk), {
                'detail-is-group-name': 'group B',
                'detail-is-group-fgroups': [group_a.pk],
                'detail-is-group-fperms': []
            })
        assert_http_ok(resp)
Пример #20
0
 def test_user_should_not_be_authorized_via_header_if_token_has_not_allowed_header(
         self, user):
     resp = self.post(self.API_LOGIN_URL, {
         'username': '******',
         'password': '******'
     })
     assert_http_ok(resp)
     assert_http_ok(
         self.get(self.INDEX_URL,
                  headers={
                      'HTTP_AUTHORIZATION':
                      'Bearer {}'.format(resp.json()['token'])
                  }))
     Token.objects.all().update(allowed_header=False)
     assert_http_redirect(
         self.get(self.INDEX_URL,
                  headers={
                      'HTTP_AUTHORIZATION':
                      'Bearer {}'.format(resp.json()['token'])
                  }))
Пример #21
0
    def test_user_should_not_be_logged_in_two_factor_for_invalid_code(
            self, user):
        login_resp = self.post(self.UI_TWO_FACTOR_LOGIN_URL, {
            'username': '******',
            'password': '******'
        })

        assert_http_redirect(login_resp)
        # the code value needs to be overwritten, so that its value could be used for next request
        login_resp.wsgi_request.token.two_factor_code = make_password(
            '12345', salt=Token.TWO_FACTOR_CODE_SALT)
        login_resp.wsgi_request.token.save()

        code_check_resp = self.post(self.UI_CODE_CHECK_LOGIN_URL,
                                    {'code': 'other_code'})

        assert_http_ok(code_check_resp)
        assert_in(
            _('The inserted value does not correspond to the sent code.'),
            code_check_resp._container[0].decode('utf8'))
        assert_false(code_check_resp.wsgi_request.token.is_authenticated)
Пример #22
0
 def test_user_should_log_and_logout_to_the_administration(self, user):
     assert_http_redirect(self.get(self.INDEX_URL))
     resp = self.post(self.LOGIN_URL, {'username': '******', 'password': '******'})
     assert_http_redirect(resp)
     assert_http_ok(self.get(self.INDEX_URL))
     assert_in('Authorization', self.c.cookies)
     assert_false(Token.objects.last().allowed_header)
     assert_true(Token.objects.last().allowed_cookie)
     assert_http_ok(self.get(self.LOGOUT_URL))
     assert_http_redirect(self.get(self.INDEX_URL))
Пример #23
0
 def test_non_logged_user_should_receive_302(self):
     resp = self.get(self.USER_UI_URL)
     assert_http_redirect(resp)
Пример #24
0
 def authorize(self, username, password):
     resp = self.post('/login/', {
         'username': username,
         'password': password
     })
     assert_http_redirect(resp)
Пример #25
0
 def test_non_logged_user_should_receive_302(self):
     resp = self.get('/user/')
     assert_http_redirect(resp)
Пример #26
0
 def test_non_logged_user_should_receive_302(self):
     resp = self.get(self.USER_UI_URL)
     assert_http_redirect(resp)
Пример #27
0
 def authorize(self, username, password):
     assert_http_redirect(
         self.post(config.LOGIN_URL, {
             config.USERNAME: username,
             config.PASSWORD: password
         }))
Пример #28
0
 def authorize(self, username, password):
     resp = self.post(config.LOGIN_URL, {config.USERNAME: username, config.PASSWORD: password})
     assert_http_redirect(resp)