def test_activate_invalid_user(self): from horus.views import RegisterController from pyramid_mailer.interfaces import IMailer from pyramid_mailer.mailer import DummyMailer from horus.interfaces import IUserClass from horus.tests.models import User from horus.interfaces import IActivationClass from horus.tests.models import Activation self.config.registry.registerUtility(Activation, IActivationClass) self.config.registry.registerUtility(User, IUserClass) self.config.include('horus') self.config.add_route('index', '/') self.config.registry.registerUtility(DummyMailer(), IMailer) bad_act = Activation() user = User(username='******', email='*****@*****.**') user.activation = Activation() user.password = '******' user2 = User(username='******', email='*****@*****.**') user2.activation = bad_act user2.password = '******' self.session.add(user) self.session.add(user2) self.session.flush() request = testing.DummyRequest() request.matchdict = Mock() def get(val, ret): if val == 'code': return bad_act.code elif val == 'user_id': return user.id request.matchdict.get = get controller = RegisterController(request) response = controller.activate() new_user1 = User.get_by_username(request, 'sontek') new_user2 = User.get_by_username(request, 'jessie') assert not new_user1.is_activated assert not new_user2.is_activated assert response.status_int == 404
def test_inactive_login(self): """Make sure inactive users can't sign in.""" from horus.tests.models import User from horus.tests.models import Activation admin = User(username='******', email='*****@*****.**') admin.activation = Activation() admin.password = '******' self.session.add(admin) self.session.flush() res = self.app.get('/login') csrf = res.form.fields['csrf_token'][0].value if six.PY3: csrf = clean_byte_string(csrf) res = self.app.post( str('/login'), { 'submit': True, 'username': '******', 'password': '******', 'csrf_token': csrf }) assert b'Your account is not active, please check your e-mail.' \ in res.body
def test_get_all_users(self): from horus.tests.models import User user = User(username='******', email='*****@*****.**') user.password = '******' user2 = User(username='******', email='*****@*****.**') user2.password = '******' self.session.add(user) self.session.add(user2) self.session.commit() request = testing.DummyRequest() users = User.get_all(request) assert len(users.all()) == 2
def test_forgot_password_invalid_password(self): from horus.views import ForgotPasswordController from pyramid_mailer.interfaces import IMailer from pyramid_mailer.mailer import DummyMailer from horus.interfaces import IUserClass from horus.tests.models import User self.config.registry.registerUtility(User, IUserClass) self.config.add_route('index', '/') self.config.include('horus') self.config.registry.registerUtility(DummyMailer(), IMailer) user = User(username='******', password='******', email='*****@*****.**') user.password = '******' self.session.add(user) self.session.flush() request = self.get_csrf_request(post={ 'email': 'sontek' }, request_method='POST') request.user = None view = ForgotPasswordController(request) response = view.forgot_password() assert len(response['errors']) == 1
def test_forgot_password_valid_user(self): from horus.views import ForgotPasswordController from pyramid_mailer.interfaces import IMailer from pyramid_mailer.mailer import DummyMailer from horus.interfaces import IUserClass from horus.tests.models import User self.config.registry.registerUtility(User, IUserClass) self.config.add_route('index', '/') self.config.include('horus') self.config.registry.registerUtility(DummyMailer(), IMailer) user = User(username='******', password='******', email='*****@*****.**') user.password = '******' self.session.add(user) self.session.flush() request = self.get_csrf_request(post={ 'email': '*****@*****.**' }, request_method='POST') request.user = None view = ForgotPasswordController(request) with patch('horus.views.FlashMessage') as FlashMessage: response = view.forgot_password() FlashMessage.assert_called_with(request, view.Str.reset_password_email_sent, kind="success") assert response.status_int == 302
def test_activate_invalid(self): from horus.views import RegisterController from pyramid_mailer.interfaces import IMailer from pyramid_mailer.mailer import DummyMailer from horus.interfaces import IUserClass from horus.tests.models import User from horus.interfaces import IActivationClass from horus.tests.models import Activation self.config.registry.registerUtility(Activation, IActivationClass) self.config.registry.registerUtility(User, IUserClass) self.config.include('horus') self.config.add_route('index', '/') self.config.registry.registerUtility(DummyMailer(), IMailer) user = User(username='******', email='*****@*****.**') user.password = '******' user.activation = Activation() self.session.add(user) self.session.flush() request = testing.DummyRequest() request.matchdict = Mock() get = Mock() get.return_value = 'invalid' request.matchdict.get = get controller = RegisterController(request) response = controller.activate() user = User.get_by_username(request, 'sontek') assert not user.is_activated assert response.status_int == 404
def test_register_existing_user(self): from horus.views import RegisterController from pyramid_mailer.mailer import DummyMailer from pyramid_mailer.interfaces import IMailer from horus.interfaces import IUserClass from horus.tests.models import User from horus.interfaces import IActivationClass from horus.tests.models import Activation self.config.registry.registerUtility(Activation, IActivationClass) self.config.registry.registerUtility(User, IUserClass) self.config.include('horus') self.config.registry.registerUtility(DummyMailer(), IMailer) self.config.add_route('index', '/') admin = User(username='******', email='*****@*****.**') admin.password = '******' self.session.add(admin) self.session.flush() request = self.get_csrf_request(post={ 'username': '******', 'password': { 'password': '******', 'password-confirm': 'test123', }, 'email': '*****@*****.**' }, request_method='POST') view = RegisterController(request) adict = view.register() assert isinstance(adict, dict) assert adict['errors']
def test_inactive_login_fails(self): """Make sure we can't log in with an inactive user.""" from horus.tests.models import User from horus.interfaces import IUserClass from horus.interfaces import IActivationClass from horus.tests.models import Activation self.config.registry.registerUtility(Activation, IActivationClass) self.config.registry.registerUtility(User, IUserClass) user = User(username='******', email='*****@*****.**') user.password = '******' user.activation = Activation() self.session.add(user) self.session.flush() from horus.views import AuthController self.config.add_route('index', '/') self.config.include('horus') self.config.registry.settings['horus.login_redirect'] = 'index' self.config.registry.settings['horus.logout_redirect'] = 'index' request = self.get_csrf_request(post={ 'submit': True, 'username': '******', 'password': '******', }, request_method='POST') view = AuthController(request) with patch('horus.views.FlashMessage') as FlashMessage: view.login() FlashMessage.assert_called_with(request, 'Your account is not active, please check your e-mail.', kind='error')
def test_login_succeeds(self): """Make sure we can log in.""" from horus.tests.models import User from horus.interfaces import IUserClass from horus.interfaces import IActivationClass from horus.tests.models import Activation self.config.registry.registerUtility(Activation, IActivationClass) self.config.registry.registerUtility(User, IUserClass) self.config.registry.settings['horus.login_redirect'] = 'index' self.config.registry.settings['horus.logout_redirect'] = 'index' admin = User(username='******', email='*****@*****.**') admin.password = '******' self.session.add(admin) self.session.flush() from horus.views import AuthController self.config.add_route('index', '/') self.config.include('horus') request = self.get_csrf_request(post={ 'submit': True, 'username': '******', 'password': '******', }, request_method='POST') view = AuthController(request) response = view.login() assert response.status_int == 302
def test_profile_update_profile_invalid(self): from horus.views import ProfileController from horus.interfaces import IUserClass from horus.interfaces import IActivationClass from horus.interfaces import IProfileSchema from horus.tests.models import User from horus.tests.models import Activation from horus.tests.schemas import ProfileSchema self.config.registry.registerUtility(Activation, IActivationClass) self.config.registry.registerUtility(User, IUserClass) self.config.registry.registerUtility(ProfileSchema, IProfileSchema) self.config.add_route('index', '/') self.config.include('horus') user = User(username='******', email='*****@*****.**') user.password = '******' self.session.add(user) self.session.flush() request = self.get_csrf_request(request_method='POST') request.context = user request.matchdict = Mock() get = Mock() get.return_value = user.id request.matchdict.get = get view = ProfileController(request) response = view.edit_profile() assert len(response['errors']) == 3
def test_profile_bad_id(self): from horus.views import ProfileController from horus.interfaces import IUserClass from horus.interfaces import IActivationClass from horus.tests.models import User from horus.tests.models import Activation self.config.registry.registerUtility(User, IUserClass) self.config.registry.registerUtility(Activation, IActivationClass) self.config.add_route('index', '/') self.config.include('horus') user = User(username='******', email='*****@*****.**') user.password = '******' self.session.add(user) self.session.flush() request = testing.DummyRequest() request.user = Mock() request.matchdict = Mock() get = Mock() get.return_value = 99 request.matchdict.get = get view = ProfileController(request) response = view.profile() assert response.status_int == 404
def test_activate_multiple_users(self): from horus.views import RegisterController from pyramid_mailer.interfaces import IMailer from pyramid_mailer.mailer import DummyMailer from horus.interfaces import IUserClass from horus.tests.models import User from horus.interfaces import IActivationClass from horus.tests.models import Activation self.config.registry.registerUtility(Activation, IActivationClass) self.config.registry.registerUtility(User, IUserClass) self.config.include('horus') self.config.add_route('index', '/') self.config.registry.registerUtility(DummyMailer(), IMailer) user = User(username='******', email='*****@*****.**') user.activation = Activation() user.password = '******' user1 = User(username='******', email='*****@*****.**') user1.activation = Activation() user1.password = '******' self.session.add(user) self.session.add(user1) self.session.flush() request = testing.DummyRequest() request.matchdict = Mock() def get(key, default): if key == 'code': return user1.activation.code else: return user1.id request.matchdict.get = get controller = RegisterController(request) response = controller.activate() user = User.get_by_username(request, 'sontek1') activations = Activation.get_all(request) assert len(activations.all()) == 1 assert user.is_activated assert response.status_int == 302
def test_password_hashing(self): from horus.tests.models import User user1 = User(username='******', email='*****@*****.**') user1.password = '******' self.session.add(user1) self.session.flush() assert user1.password != 'password' assert user1.salt is not None
def test_acl(self): from horus.tests.models import User from pyramid.security import Allow user1 = User(username='******', email='*****@*****.**') user1.password = '******' self.session.add(user1) self.session.flush() assert user1.__acl__ == [(Allow, 'user:%s' % user1.id, 'access_user')]
def test_get_user_by_activation_with_multiple_users(self): from horus.tests.models import User from horus.tests.models import Activation user1 = User(username='******', email='*****@*****.**') user2 = User(username='******', email='*****@*****.**') user1.password = '******' user2.password = '******' activation = Activation() user2.activation = activation self.session.add(user1) self.session.add(user2) self.session.commit() request = testing.DummyRequest() new_user = User.get_by_activation(request, activation) assert new_user == user2
def test_profile_update_password(self): from horus.views import ProfileController from hem.interfaces import IDBSession from horus.events import ProfileUpdatedEvent from horus.models import crypt from horus.interfaces import IUserClass from horus.tests.models import User from horus.interfaces import IActivationClass from horus.tests.models import Activation self.config.registry.registerUtility(Activation, IActivationClass) self.config.registry.registerUtility(User, IUserClass) self.config.add_route('index', '/') self.config.include('horus') user = User(username='******', email='*****@*****.**') user.password = '******' self.session.add(user) self.session.flush() def handle_profile_updated(event): request = event.request session = request.registry.getUtility(IDBSession) session.commit() self.config.add_subscriber(handle_profile_updated, ProfileUpdatedEvent) request = self.get_csrf_request(post={ 'email': '*****@*****.**', 'password': { 'password': '******', 'password-confirm': 'test123', }, }, request_method='POST') request.context = user request.matchdict = Mock() get = Mock() get.return_value = user.id request.matchdict.get = get view = ProfileController(request) view.edit_profile() new_user = User.get_by_id(request, user.id) assert new_user.email == '*****@*****.**' assert not crypt.check(user.password, 'temp' + user.salt)
def test_reset_password_valid_user(self): from horus.views import ForgotPasswordController from hem.interfaces import IDBSession from horus.events import PasswordResetEvent from pyramid_mailer.interfaces import IMailer from pyramid_mailer.mailer import DummyMailer from horus.models import crypt from horus.interfaces import IUserClass from horus.interfaces import IActivationClass from horus.tests.models import User from horus.tests.models import Activation self.config.registry.registerUtility(User, IUserClass) self.config.registry.registerUtility(Activation, IActivationClass) self.config.add_route('index', '/') self.config.include('horus') self.config.registry.registerUtility(DummyMailer(), IMailer) user = User(username='******', email='*****@*****.**') user.password = '******' user.activation = Activation() self.session.add(user) self.session.flush() request = self.get_csrf_request(post={ 'password': { 'password': '******', 'password-confirm': 'test123', }, }, request_method='POST') request.matchdict = Mock() get = Mock() get.return_value = user.activation.code request.matchdict.get = get request.user = None def handle_password_reset(event): request = event.request session = request.registry.getUtility(IDBSession) session.commit() self.config.add_subscriber(handle_password_reset, PasswordResetEvent) view = ForgotPasswordController(request) response = view.reset_password() assert not crypt.check(user.password, 'temp' + user.salt) assert response.status_int == 302
def test_get_user_by_invalid_email(self): from horus.tests.models import User user = User(username='******', email='*****@*****.**') user.password = '******' self.session.add(user) self.session.commit() request = testing.DummyRequest() new_user = User.get_by_email(request, '*****@*****.**') assert new_user == None
def test_get_user_by_id(self): from horus.tests.models import User user = User(username='******', email='*****@*****.**') user.password = '******' self.session.add(user) self.session.commit() request = testing.DummyRequest() new_user = User.get_by_id(request, user.id) assert new_user == user
def test_get_valid_user_by_security_code(self): from horus.tests.models import User user = User(username='******', email='*****@*****.**') user.password = '******' self.session.add(user) self.session.commit() request = testing.DummyRequest() new_user = User.get_by_security_code(request, user.security_code) assert user == new_user
def test_get_user_activation(self): from horus.tests.models import Activation from horus.tests.models import User user1 = User(username='******', email='*****@*****.**') user2 = User(username='******', email='*****@*****.**') user1.password = '******' user2.password = '******' activation = Activation() user2.activation = activation self.session.add(user1) self.session.add(user2) self.session.commit() request = testing.DummyRequest() new_user = User.get_by_username(request, 'sontek2') new_activation = Activation.get_by_code(request, activation.code) assert activation == new_activation assert new_user.activation == new_activation
def test_group_finder_no_groups(self): from horus import groupfinder from horus.tests.models import User from horus.tests.models import Group group = Group(name='foo', description='bar') user1 = User(username='******', email='*****@*****.**') user2 = User(username='******', email='*****@*****.**') user1.password = '******' user2.password = '******' group.users.append(user1) self.session.add(group) self.session.add(user1) self.session.add(user2) self.session.flush() request = Mock() request.user = user2 results = groupfinder(2, request) assert len(results) == 1 assert 'user:%s' % (user2.id) in results
def test_get_user_by_activation(self): from horus.tests.models import User from horus.tests.models import Activation user = User(username='******', email='*****@*****.**') user.password = '******' activation = Activation() user.activation = activation self.session.add(user) self.session.commit() request = testing.DummyRequest() new_user = User.get_by_activation(request, activation) assert new_user == user
def test_get_all(self): from horus.tests.models import Group from horus.tests.models import User user = User(username='******', email='*****@*****.**') user.password = '******' self.session.add(user) group = Group(name='admin', description='group for admins') group.users.append(user) self.session.add(group) self.session.commit() request = testing.DummyRequest() groups = Group.get_all(request) assert len(groups.all()) == 1
def test_user_factory(self): from horus.resources import UserFactory from horus.tests.models import User from horus.interfaces import IUserClass self.config.registry.registerUtility(User, IUserClass) user = User(username='******', email='*****@*****.**') user.password = '******' self.session.add(user) self.session.commit() request = testing.DummyRequest() factory = UserFactory(request) fact_user = factory[user.id] assert factory.request == request assert user == fact_user
def test_reset_password_invalid_password(self): from horus.views import ForgotPasswordController from pyramid_mailer.interfaces import IMailer from pyramid_mailer.mailer import DummyMailer from horus.interfaces import IUserClass from horus.interfaces import IActivationClass from horus.tests.models import User from horus.tests.models import Activation self.config.registry.registerUtility(User, IUserClass) self.config.registry.registerUtility(Activation, IActivationClass) self.config.add_route('index', '/') self.config.include('horus') self.config.registry.registerUtility(DummyMailer(), IMailer) user = User(username='******', password='******', email='*****@*****.**') user.password = '******' user.activation = Activation() self.session.add(user) self.session.flush() request = self.get_csrf_request(post={ 'Password': { 'Password': '******', 'Password-confirm': 't', }, }, request_method='POST') request.matchdict = Mock() get = Mock() get.return_value = user.activation.code request.matchdict.get = get request.user = None view = ForgotPasswordController(request) response = view.reset_password() assert len(response['errors']) == 1
def test_reset_password_loads(self): from horus.views import ForgotPasswordController from pyramid_mailer.interfaces import IMailer from pyramid_mailer.mailer import DummyMailer from horus.interfaces import IUserClass from horus.tests.models import User from horus.tests.models import Activation from horus.interfaces import IActivationClass self.config.registry.registerUtility(User, IUserClass) self.config.registry.registerUtility(Activation, IActivationClass) self.config.add_route('index', '/') self.config.include('horus') self.config.registry.registerUtility(DummyMailer(), IMailer) user = User(username='******', password='******', email='*****@*****.**') user.password = '******' user.activation = Activation() self.session.add(user) self.session.flush() request = testing.DummyRequest() request.matchdict = Mock() get = Mock() get.return_value = user.activation.code request.matchdict.get = get request.user = None view = ForgotPasswordController(request) response = view.reset_password() assert response.get('form', None) assert 'sontek' in response['form']
def test_valid_login(self): """ Call the login view, make sure routes are working """ from horus.tests.models import User admin = User(username='******', email='*****@*****.**') admin.password = '******' self.session.add(admin) self.session.flush() res = self.app.get('/login') csrf = res.form.fields['csrf_token'][0].value if six.PY3: csrf = clean_byte_string(csrf) res = self.app.post( str('/login'), { 'submit': True, 'username': '******', 'password': '******', 'csrf_token': csrf }) assert res.status_int == 302