Пример #1
0
    def test_userflags(self):
        """Ensure user flags are set as expected.

        """
        user1 = create_account('user1', '*****@*****.**', 'Password')
        self.assertIsNotNone(user1)

        # Not active by default
        self.assertFalse(get_user(user1).get('active'))
        # TTL should be set
        self.assertIsNotNone(get_user(user1).get('ttl'))
        # Activate
        self.assertTrue(activate(user1))
        self.assertTrue(get_user(user1).get('active'))
        self.assertIsNone(get_user(user1).get('ttl'))
        # Deactivate
        self.assertTrue(activate(user1, False))
        self.assertFalse(get_user(user1).get('active'))
        # Invalid
        self.assertFalse(activate(None))
        self.assertFalse(activate(K.NIL_VALUE))

        # Banning, not by default
        self.assertFalse(get_user(user1).get('banned'))
        # Ban
        self.assertTrue(ban(user1))
        self.assertTrue(get_user(user1).get('banned'))
        # Un-ban
        self.assertTrue(ban(user1, False))
        self.assertFalse(get_user(user1).get('banned'))
        # Invalid
        self.assertFalse(ban(None))
        self.assertFalse(ban(K.NIL_VALUE))

        # OP (Over powered or Operator?) Account should not be op
        self.assertFalse(get_user(user1).get('op'))
        # Bite
        self.assertTrue(bite(user1))
        self.assertTrue(get_user(user1).get('op'))
        # Un-bite
        self.assertTrue(bite(user1, False))
        self.assertFalse(get_user(user1).get('op'))
        # Invalid
        self.assertFalse(bite(None))
        self.assertFalse(bite(K.NIL_VALUE))

        # Muted, can't post, not by default
        self.assertFalse(get_user(user1).get('muted'))
        # Mute
        self.assertTrue(mute(user1))
        self.assertTrue(get_user(user1).get('muted'))
        # Un-mute
        self.assertTrue(mute(user1, False))
        self.assertFalse(get_user(user1).get('muted'))
        # Invalid
        self.assertFalse(mute(None))
        self.assertFalse(mute(K.NIL_VALUE))
Пример #2
0
    def test_userflags(self):
        """Ensure user flags are set as expected.

        """
        user1 = create_account('user1', '*****@*****.**', 'Password')
        self.assertIsNotNone(user1)

        # Not active by default
        self.assertFalse(get_user(user1).get('active'))
        # TTL should be set
        self.assertIsNotNone(get_user(user1).get('ttl'))
        # Activate
        self.assertTrue(activate(user1))
        self.assertTrue(get_user(user1).get('active'))
        self.assertIsNone(get_user(user1).get('ttl'))
        # Deactivate
        self.assertTrue(activate(user1, False))
        self.assertFalse(get_user(user1).get('active'))
        # Invalid
        self.assertFalse(activate(None))
        self.assertFalse(activate(K.NIL_VALUE))

        # Banning, not by default
        self.assertFalse(get_user(user1).get('banned'))
        # Ban
        self.assertTrue(ban(user1))
        self.assertTrue(get_user(user1).get('banned'))
        # Un-ban
        self.assertTrue(ban(user1, False))
        self.assertFalse(get_user(user1).get('banned'))
        # Invalid
        self.assertFalse(ban(None))
        self.assertFalse(ban(K.NIL_VALUE))

        # OP (Over powered or Operator?) Account should not be op
        self.assertFalse(get_user(user1).get('op'))
        # Bite
        self.assertTrue(bite(user1))
        self.assertTrue(get_user(user1).get('op'))
        # Un-bite
        self.assertTrue(bite(user1, False))
        self.assertFalse(get_user(user1).get('op'))
        # Invalid
        self.assertFalse(bite(None))
        self.assertFalse(bite(K.NIL_VALUE))

        # Muted, can't post, not by default
        self.assertFalse(get_user(user1).get('muted'))
        # Mute
        self.assertTrue(mute(user1))
        self.assertTrue(get_user(user1).get('muted'))
        # Un-mute
        self.assertTrue(mute(user1, False))
        self.assertFalse(get_user(user1).get('muted'))
        # Invalid
        self.assertFalse(mute(None))
        self.assertFalse(mute(K.NIL_VALUE))
Пример #3
0
    def test_stats(self):
        """Ensure the ``pjuu.auth.stats``s exposed stats are correct.

        """
        stats = dict(get_stats())

        self.assertEqual(stats.get('Total users'), 0)
        self.assertEqual(stats.get('Total active users'), 0)
        self.assertEqual(stats.get('Total banned users'), 0)
        self.assertEqual(stats.get('Total muted users'), 0)
        self.assertEqual(stats.get('Total OP users'), 0)
        self.assertEqual(stats.get('Newest users'), [])

        create_account('user1', '*****@*****.**', 'Password')

        user2 = create_account('user2', '*****@*****.**', 'Password')
        activate(user2)

        user3 = create_account('user3', '*****@*****.**', 'Password')
        activate(user3)
        ban(user3)

        user4 = create_account('user4', '*****@*****.**', 'Password')
        activate(user4)
        mute(user4)

        user5 = create_account('user5', '*****@*****.**', 'Password')
        bite(user5)

        # Turn in to dict for easier checking.
        stats = dict(get_stats())

        # URL string to ensure links are being added in to newest users
        self.assertEqual(stats.get('Total users'), 5)
        self.assertEqual(stats.get('Total active users'), 3)
        self.assertEqual(stats.get('Total banned users'), 1)
        self.assertEqual(stats.get('Total muted users'), 1)
        self.assertEqual(stats.get('Total OP users'), 1)

        user_list = ['user5', 'user4', 'user3', 'user2', 'user1']
        newest_users = stats.get('Newest users')

        for i in xrange(len(newest_users)):
            self.assertIn(user_list[i], newest_users[i])
Пример #4
0
    def test_stats(self):
        """Ensure the ``pjuu.auth.stats``s exposed stats are correct.

        """
        stats = dict(get_stats())

        self.assertEqual(stats.get('Total users'), 0)
        self.assertEqual(stats.get('Total active users'), 0)
        self.assertEqual(stats.get('Total banned users'), 0)
        self.assertEqual(stats.get('Total muted users'), 0)
        self.assertEqual(stats.get('Total OP users'), 0)
        self.assertEqual(stats.get('Newest users'), [])

        create_account('user1', '*****@*****.**', 'Password')

        user2 = create_account('user2', '*****@*****.**', 'Password')
        activate(user2)

        user3 = create_account('user3', '*****@*****.**', 'Password')
        activate(user3)
        ban(user3)

        user4 = create_account('user4', '*****@*****.**', 'Password')
        activate(user4)
        mute(user4)

        user5 = create_account('user5', '*****@*****.**', 'Password')
        bite(user5)

        # Turn in to dict for easier checking.
        stats = dict(get_stats())

        # URL string to ensure links are being added in to newest users
        self.assertEqual(stats.get('Total users'), 5)
        self.assertEqual(stats.get('Total active users'), 3)
        self.assertEqual(stats.get('Total banned users'), 1)
        self.assertEqual(stats.get('Total muted users'), 1)
        self.assertEqual(stats.get('Total OP users'), 1)

        user_list = ['user5', 'user4', 'user3', 'user2', 'user1']
        newest_users = stats.get('Newest users')

        for i in xrange(len(newest_users)):
            self.assertIn(user_list[i], newest_users[i])
Пример #5
0
    def test_signin_signout(self):
        """
        These functions will test the signin and signout endpoints. We will use
        url_for so that we can change the URIs in the future.
        """
        # Test that we can GET the signin page
        resp = self.client.get(url_for('auth.signin'))
        # We should get a 200 with an error message if we were not successful
        self.assertEqual(resp.status_code, 200)

        # There is no user in the system check that we can't authenticate
        resp = self.client.post(url_for('auth.signin'), data={
            'username': '******',
            'password': '******'
        })
        # We should get a 200 with an error message if we were not successful
        self.assertEqual(resp.status_code, 200)
        self.assertIn('Invalid user name or password', resp.data)

        # Why we are here we will just check that logging in doesn't raise an
        # issue if not logged in
        resp = self.client.get(url_for('auth.signout'))
        # We should be 302 redirected to /signin
        self.assertEqual(resp.status_code, 302)
        # There is nothing we can really check as we do not flash() as message

        # Create a test user and try loggin in, should fail as the user isn't
        # activated
        user1 = create_account('user1', '*****@*****.**', 'Password')
        resp = self.client.post(url_for('auth.signin'), data={
            'username': '******',
            'password': '******'
        })
        # We should get a 200 with an information message
        self.assertEqual(resp.status_code, 200)
        self.assertIn('Please activate your account', resp.data)

        # Activate account
        self.assertTrue(activate(user1))

        resp = self.client.post(url_for('auth.signin'), data={
            'username': '******',
            'password': '******',
            'keep_signed_in': True
        })
        # Check we are redirected
        self.assertEqual(resp.status_code, 302)

        # Log back out
        self.client.get(url_for('auth.signout'))

        # Test that the correct warning is shown if the user is banned
        self.assertTrue(ban(user1))
        resp = self.client.post(url_for('auth.signin'), data={
            'username': '******',
            'password': '******'
        })
        # We should get a 200 with an information message
        self.assertEqual(resp.status_code, 200)
        self.assertIn('You\'re a very naughty boy!', resp.data)
        # Lets unban the user now so we can carry on
        self.assertTrue(ban(user1, False))

        # Now the user is active and not banned actualy log in
        resp = self.client.post(url_for('auth.signin'), data={
            'username': '******',
            'password': '******'
        }, follow_redirects=True)
        self.assertEqual(resp.status_code, 200)
        self.assertIn('<h1>Feed</h1>', resp.data)

        # Attempt to try and get back to login when we are already logged in
        resp = self.client.get(url_for('auth.signin'))
        self.assertEqual(resp.status_code, 302)

        # Now we are logged in lets just ensure logout doesn't do anything daft
        # We should be redirected back to /
        resp = self.client.get(url_for('auth.signout'), follow_redirects=True)
        # We should have been 302 redirected to /signin
        self.assertEqual(resp.status_code, 200)
        self.assertIn('Successfully signed out', resp.data)

        # Lets try and cheat the system
        # Attempt invalid Password
        resp = self.client.post(url_for('auth.signin'), data={
            'username': '******',
            'password': '******'
        }, follow_redirects=True)
        # We should get a 200 with an error message if we were not successful
        self.assertEqual(resp.status_code, 200)
        self.assertIn('Invalid user name or password', resp.data)

        # Attempt user does not exist
        resp = self.client.post(url_for('auth.signin'), data={
            'username': '******',
            'password': '******'
        })
        # We should get a 200 with an error message if we were not successful
        self.assertEqual(resp.status_code, 200)
        self.assertIn('Invalid user name or password', resp.data)

        # Log the user in and ensure they are logged out if there account
        # is banned during using the site and not just at login
        resp = self.client.post(url_for('auth.signin'), data={
            'username': '******',
            'password': '******'
        }, follow_redirects=True)
        self.assertEqual(resp.status_code, 200)
        self.assertIn('<h1>Feed</h1>', resp.data)
        # Lets go to another view, we will check out profile and look for our
        # username
        resp = self.client.get(url_for('users.settings_profile'))
        self.assertEqual(resp.status_code, 200)
        self.assertIn('*****@*****.**', resp.data)
        # Let's ban the user now
        self.assertTrue(ban(user1))
        # Attempt to get to the feed
        resp = self.client.get(url_for('users.feed'), follow_redirects=True)
        # We should be redirected to signin with the standard message
        self.assertEqual(resp.status_code, 200)
        self.assertIn('You\'re a very naughty boy!', resp.data)

        # Adding test from form.validate() == False in signup
        # Coverage
        resp = self.client.post(url_for('auth.signin'), data={
            'username': '',
            'password': ''
        }, follow_redirects=True)
        self.assertEqual(resp.status_code, 200)
        self.assertIn('Invalid user name or password', resp.data)

        # Log in with user1 and remove the session part way through
        resp = self.client.post(url_for('auth.signin'), data={
            'username': '******',
            'password': '******'
        }, follow_redirects=True)
        self.assertEqual(resp.status_code, 200)

        # Find the Set-Cookie header so we can parse then delete it
        session_id = None
        for header in resp.headers:
            if header[0] == 'Set-Cookie':
                session_id = parse_cookie(header[1])['session']
                rs.delete(session_id)

        resp = self.client.get(url_for('users.profile', username='******'),
                               follow_redirects=True)
        self.assertIn('You need to be logged in to view that', resp.data)

        # Find the Set-Cookie header so we can parse it and check the session
        # identifier has been updated
        for header in resp.headers:
            if header[0] == 'Set-Cookie':
                self.assertNotEqual(session_id,
                                    parse_cookie(header[1])['session'])
Пример #6
0
    def test_signin_signout(self):
        """
        These functions will test the signin and signout endpoints. We will use
        url_for so that we can change the URIs in the future.
        """
        # Test that we can GET the signin page
        resp = self.client.get(url_for("auth.signin"))
        # We should get a 200 with an error message if we were not successful
        self.assertEqual(resp.status_code, 200)

        # There is no user in the system check that we can't authenticate
        resp = self.client.post(url_for("auth.signin"), data={"username": "******", "password": "******"})
        # We should get a 200 with an error message if we were not successful
        self.assertEqual(resp.status_code, 200)
        self.assertIn("Invalid user name or password", resp.data)

        # Why we are here we will just check that logging in doesn't raise an
        # issue if not logged in
        resp = self.client.get(url_for("auth.signout"))
        # We should be 302 redirected to /signin
        self.assertEqual(resp.status_code, 302)
        # There is nothing we can really check as we do not flash() as message

        # Create a test user and try loggin in, should fail as the user isn't
        # activated
        user1 = create_account("user1", "*****@*****.**", "Password")
        resp = self.client.post(url_for("auth.signin"), data={"username": "******", "password": "******"})
        # We should get a 200 with an information message
        self.assertEqual(resp.status_code, 200)
        self.assertIn("Please activate your account", resp.data)

        # Activate account
        self.assertTrue(activate(user1))

        resp = self.client.post(
            url_for("auth.signin"),
            data={"username": "******", "password": "******", "keep_signed_in": True},
            follow_redirects=True,
        )
        # Check we are redirected
        self.assertEqual(resp.status_code, 200)
        self.assertIn("<title>Feed - Pjuu</title>", resp.data)

        # Log back out
        self.client.get(url_for("auth.signout"))

        # Test that the user has additional spaces striped from their names
        resp = self.client.post(
            url_for("auth.signin"),
            data={"username": "******", "password": "******", "keep_signed_in": True},
            follow_redirects=True,
        )
        # Check we are redirected
        self.assertEqual(resp.status_code, 200)
        self.assertIn("<title>Feed - Pjuu</title>", resp.data)

        # Log back out
        self.client.get(url_for("auth.signout"))

        # Test that the correct warning is shown if the user is banned
        self.assertTrue(ban(user1))
        resp = self.client.post(url_for("auth.signin"), data={"username": "******", "password": "******"})
        # We should get a 200 with an information message
        self.assertEqual(resp.status_code, 200)
        self.assertIn("You're a very naughty boy!", resp.data)
        # Lets unban the user now so we can carry on
        self.assertTrue(ban(user1, False))

        # Now the user is active and not banned actualy log in
        resp = self.client.post(
            url_for("auth.signin"), data={"username": "******", "password": "******"}, follow_redirects=True
        )
        self.assertEqual(resp.status_code, 200)
        self.assertIn("<h1>Feed</h1>", resp.data)

        # Attempt to try and get back to login when we are already logged in
        resp = self.client.get(url_for("auth.signin"))
        self.assertEqual(resp.status_code, 302)

        # Now we are logged in lets just ensure logout doesn't do anything daft
        # We should be redirected back to /
        resp = self.client.get(url_for("auth.signout"), follow_redirects=True)
        # We should have been 302 redirected to /signin
        self.assertEqual(resp.status_code, 200)
        self.assertIn("Successfully signed out", resp.data)

        # Lets try and cheat the system
        # Attempt invalid Password
        resp = self.client.post(
            url_for("auth.signin"), data={"username": "******", "password": "******"}, follow_redirects=True
        )
        # We should get a 200 with an error message if we were not successful
        self.assertEqual(resp.status_code, 200)
        self.assertIn("Invalid user name or password", resp.data)

        # Attempt user does not exist
        resp = self.client.post(url_for("auth.signin"), data={"username": "******", "password": "******"})
        # We should get a 200 with an error message if we were not successful
        self.assertEqual(resp.status_code, 200)
        self.assertIn("Invalid user name or password", resp.data)

        # Log the user in and ensure they are logged out if there account
        # is banned during using the site and not just at login
        resp = self.client.post(
            url_for("auth.signin"), data={"username": "******", "password": "******"}, follow_redirects=True
        )
        self.assertEqual(resp.status_code, 200)
        self.assertIn("<h1>Feed</h1>", resp.data)
        # Lets go to another view, we will check out profile and look for our
        # username
        resp = self.client.get(url_for("users.settings_profile"))
        self.assertEqual(resp.status_code, 200)
        self.assertIn("*****@*****.**", resp.data)
        # Let's ban the user now
        self.assertTrue(ban(user1))
        # Attempt to get to the feed
        resp = self.client.get(url_for("users.feed"), follow_redirects=True)
        # We should be redirected to signin with the standard message
        self.assertEqual(resp.status_code, 200)
        self.assertIn("You're a very naughty boy!", resp.data)

        # Adding test from form.validate() == False in signup
        # Coverage
        resp = self.client.post(url_for("auth.signin"), data={"username": "", "password": ""}, follow_redirects=True)
        self.assertEqual(resp.status_code, 200)
        self.assertIn("Invalid user name or password", resp.data)

        # Log in with user1 and remove the session part way through
        resp = self.client.post(
            url_for("auth.signin"), data={"username": "******", "password": "******"}, follow_redirects=True
        )
        self.assertEqual(resp.status_code, 200)
Пример #7
0
    def test_signin_signout(self):
        """
        These functions will test the signin and signout endpoints. We will use
        url_for so that we can change the URIs in the future.
        """
        # Test that we can GET the signin page
        resp = self.client.get(url_for('auth.signin'))
        # We should get a 200 with an error message if we were not successful
        self.assertEqual(resp.status_code, 200)

        # There is no user in the system check that we can't authenticate
        resp = self.client.post(url_for('auth.signin'),
                                data={
                                    'username': '******',
                                    'password': '******'
                                })
        # We should get a 200 with an error message if we were not successful
        self.assertEqual(resp.status_code, 200)
        self.assertIn('Invalid user name or password', resp.data)

        # Why we are here we will just check that logging in doesn't raise an
        # issue if not logged in
        resp = self.client.get(url_for('auth.signout'))
        # We should be 302 redirected to /signin
        self.assertEqual(resp.status_code, 302)
        # There is nothing we can really check as we do not flash() as message

        # Create a test user and try loggin in, should fail as the user isn't
        # activated
        user1 = create_account('user1', '*****@*****.**', 'Password')
        resp = self.client.post(url_for('auth.signin'),
                                data={
                                    'username': '******',
                                    'password': '******'
                                })
        # We should get a 200 with an information message
        self.assertEqual(resp.status_code, 200)
        self.assertIn('Please activate your account', resp.data)

        # Activate account
        self.assertTrue(activate(user1))

        resp = self.client.post(url_for('auth.signin'),
                                data={
                                    'username': '******',
                                    'password': '******',
                                    'keep_signed_in': True
                                },
                                follow_redirects=True)
        # Check we are redirected
        self.assertEqual(resp.status_code, 200)
        self.assertIn("<title>Feed - Pjuu</title>", resp.data)

        # Log back out
        self.client.get(url_for('auth.signout'))

        # Test that the user has additional spaces striped from their names
        resp = self.client.post(url_for('auth.signin'),
                                data={
                                    'username': '******',
                                    'password': '******',
                                    'keep_signed_in': True
                                },
                                follow_redirects=True)
        # Check we are redirected
        self.assertEqual(resp.status_code, 200)
        self.assertIn("<title>Feed - Pjuu</title>", resp.data)

        # Log back out
        self.client.get(url_for('auth.signout'))

        # Test that the correct warning is shown if the user is banned
        self.assertTrue(ban(user1))
        resp = self.client.post(url_for('auth.signin'),
                                data={
                                    'username': '******',
                                    'password': '******'
                                })
        # We should get a 200 with an information message
        self.assertEqual(resp.status_code, 200)
        self.assertIn('You\'re a very naughty boy!', resp.data)
        # Lets unban the user now so we can carry on
        self.assertTrue(ban(user1, False))

        # Now the user is active and not banned actualy log in
        resp = self.client.post(url_for('auth.signin'),
                                data={
                                    'username': '******',
                                    'password': '******'
                                },
                                follow_redirects=True)
        self.assertEqual(resp.status_code, 200)
        self.assertIn('<h1>Feed</h1>', resp.data)

        # Attempt to try and get back to login when we are already logged in
        resp = self.client.get(url_for('auth.signin'))
        self.assertEqual(resp.status_code, 302)

        # Now we are logged in lets just ensure logout doesn't do anything daft
        # We should be redirected back to /
        resp = self.client.get(url_for('auth.signout'), follow_redirects=True)
        # We should have been 302 redirected to /signin
        self.assertEqual(resp.status_code, 200)
        self.assertIn('Successfully signed out', resp.data)

        # Lets try and cheat the system
        # Attempt invalid Password
        resp = self.client.post(url_for('auth.signin'),
                                data={
                                    'username': '******',
                                    'password': '******'
                                },
                                follow_redirects=True)
        # We should get a 200 with an error message if we were not successful
        self.assertEqual(resp.status_code, 200)
        self.assertIn('Invalid user name or password', resp.data)

        # Attempt user does not exist
        resp = self.client.post(url_for('auth.signin'),
                                data={
                                    'username': '******',
                                    'password': '******'
                                })
        # We should get a 200 with an error message if we were not successful
        self.assertEqual(resp.status_code, 200)
        self.assertIn('Invalid user name or password', resp.data)

        # Log the user in and ensure they are logged out if there account
        # is banned during using the site and not just at login
        resp = self.client.post(url_for('auth.signin'),
                                data={
                                    'username': '******',
                                    'password': '******'
                                },
                                follow_redirects=True)
        self.assertEqual(resp.status_code, 200)
        self.assertIn('<h1>Feed</h1>', resp.data)
        # Lets go to another view, we will check out profile and look for our
        # username
        resp = self.client.get(url_for('users.settings_profile'))
        self.assertEqual(resp.status_code, 200)
        self.assertIn('*****@*****.**', resp.data)
        # Let's ban the user now
        self.assertTrue(ban(user1))
        # Attempt to get to the feed
        resp = self.client.get(url_for('users.feed'), follow_redirects=True)
        # We should be redirected to signin with the standard message
        self.assertEqual(resp.status_code, 200)
        self.assertIn('You\'re a very naughty boy!', resp.data)

        # Adding test from form.validate() == False in signup
        # Coverage
        resp = self.client.post(url_for('auth.signin'),
                                data={
                                    'username': '',
                                    'password': ''
                                },
                                follow_redirects=True)
        self.assertEqual(resp.status_code, 200)
        self.assertIn('Invalid user name or password', resp.data)

        # Log in with user1 and remove the session part way through
        resp = self.client.post(url_for('auth.signin'),
                                data={
                                    'username': '******',
                                    'password': '******'
                                },
                                follow_redirects=True)
        self.assertEqual(resp.status_code, 200)