def test_handle_login(): # no messages in the beginning assert not flaskg._login_messages test_user1 = handle_login(flaskg.user, login_username='******', login_password='******', stage='moin') test_login_message = ['Invalid username or password.'] assert flaskg._login_messages == test_login_message assert test_user1.name0 == ANON assert not test_user1.valid # pop the message flaskg._login_messages.pop() # try with a valid user givenauth_obj = GivenAuth() flaskg.user.auth_method = 'given' givenauth_obj.user_name = 'Test_User' create_user('Test_User', 'test_pass', '*****@*****.**') test_user, bool_value = givenauth_obj.request(flaskg.user) test_user2 = handle_login(test_user, login_username='******', login_password='******', stage='moin') assert not flaskg._login_messages assert test_user2.name == [ 'Test_User', ] assert test_user2.valid
def testBugDefaultPasswd(self): """ Login via LDAP (this creates user profile and up to 1.7.0rc1 it put a default password there), then try logging in via moin login using that default password or an empty password. """ # do a LDAPAuth login (as a side effect, this autocreates the user profile): u1 = handle_login(None, username='******', password='******') assert u1 is not None assert u1.valid # now we kill the LDAP server: # self.ldap_env.slapd.stop() # now try a MoinAuth login: # try the default password that worked in 1.7 up to rc1: u2 = handle_login(None, username='******', password='******') assert u2 is None # try using no password: u2 = handle_login(None, username='******', password='') assert u2 is None # try using wrong password: u2 = handle_login(None, username='******', password='******') assert u2 is None
def testMoinLDAPFailOver(self): """ Try if it does a failover to a secondary LDAP, if the primary fails. """ # authenticate user (with primary slapd): u1 = handle_login(None, username='******', password='******') assert u1 is not None assert u1.valid # now we kill our primary LDAP server: self.ldap_envs[0].slapd.stop() # try if we can still authenticate (with the second slapd): u2 = handle_login(None, username='******', password='******') assert u2 is not None assert u2.valid
def setup_user(): """ Try to retrieve a valid user object from the request, be it either through the session or through a login. """ # init some stuff for auth processing: flaskg._login_multistage = None flaskg._login_multistage_name = None flaskg._login_messages = [] # first try setting up from session try: userobj = auth.setup_from_session() except KeyError: # error caused due to invalid cookie, recreating session session.clear() userobj = auth.setup_from_session() # then handle login/logout forms form = request.values.to_dict() if 'login_submit' in form: # this is a real form, submitted by POST userobj = auth.handle_login(userobj, **form) elif 'logout_submit' in form: # currently just a GET link userobj = auth.handle_logout(userobj) else: userobj = auth.handle_request(userobj) # if we still have no user obj, create a dummy: if not userobj: userobj = user.User(name=ANON, auth_method='invalid') # if we have a valid user we store it in the session if userobj.valid: session['user.itemid'] = userobj.itemid session['user.trusted'] = userobj.trusted session['user.auth_method'] = userobj.auth_method session['user.auth_attribs'] = userobj.auth_attribs session['user.session_token'] = userobj.get_session_token() return userobj
def testMoinLDAPLogin(self): """ Just try accessing the LDAP server and see if usera and userb are in LDAP. """ # tests that must not authenticate: u = handle_login(None, username='', password='') assert u is None u = handle_login(None, username='******', password='') assert u is None u = handle_login(None, username='******', password='******') assert u is None u = handle_login(None, username='******', password='******') assert u is None # tests that must authenticate: u1 = handle_login(None, username='******', password='******') assert u1 is not None assert u1.valid u2 = handle_login(None, username='******', password='******') assert u2 is not None assert u2.valid # check if usera and userb have different ids: assert u1.id != u2.id