def test_save_success(self):
self.request.context = User.by_id(2)
# add a property that will get updated on save_success()
self.request.context.set_property(key=u'foo', value=u'var')
result = self.view.save_success(self.APPSTRUCT)
self.assertIsInstance(result, HTTPFound)
self.assertEqual(result.location, '/user/2/')
user = User.by_id(2)
self.assertEqual(user.email, '*****@*****.**')
self.assertTrue(verify('new_secret', user.password))
self.assertEqual(user.fullname, u'Foö Bar')
self.assertEqual(user.affiliate, u'Aff')
self.assertEqual(user.billing_email, '*****@*****.**')
self.assertEqual(user.valid_to, date(2014, 2, 1))
self.assertEqual(user.last_payment, date(2014, 1, 1))
self.assertEqual(user.groups,
[Group.by_id(1), Group.by_id(3)
]) # enabled user stays enabled # noqa
self.assertEqual(user.get_property('foo'), 'bar')
self.assertEqual(user.get_property('baz'), 'bam')
self.assertEqual(user.get_property('empty'), None)
with self.assertRaises(KeyError):
user.get_property('bimt') # removed property
self.assertEqual(
self.request.session.pop_flash(),
[u'User "*****@*****.**" modified.'],
)
def test_verify_wrong_type(self):
from pyramid_bimt.security import generate
from pyramid_bimt.security import encrypt
from pyramid_bimt.security import verify
generated_pass = generate()
encrypted_pass = encrypt(generated_pass)
self.assertFalse(verify(object(), encrypted_pass))
def test_verify_none(self):
from pyramid_bimt.security import generate
from pyramid_bimt.security import encrypt
from pyramid_bimt.security import verify
generated_pass = generate()
encrypted_pass = encrypt(generated_pass)
self.assertFalse(verify(None, encrypted_pass))
def test_verify(self):
from pyramid_bimt.security import generate
from pyramid_bimt.security import encrypt
from pyramid_bimt.security import verify
generated_pass = generate()
encrypted_pass = encrypt(generated_pass)
self.assertTrue(verify(generated_pass, encrypted_pass))
def test_invalid_cyphertext(self):
"""Test handling of an invalid cyphertext stored in DB."""
from pyramid_bimt.security import verify
self.assertFalse(verify('foo', 'invalid'))
# error is not raised, but it is written to log so we get notified
self.assertEqual(len(handler.records), 1)
self.assertEqual(handler.records[0].message,
'hash could not be identified')
def test_empty_password_field(self):
self.request.context = User.by_id(2)
# simulate that password field was left empty
appstruct = copy.deepcopy(self.APPSTRUCT)
appstruct['password'] = ''
# submit form
self.view.save_success(appstruct)
# assert that secret fields remained unchanged
user = User.by_id(2)
self.assertEqual(user.email, '*****@*****.**')
self.assertTrue(verify('secret', user.password))
def login_success(self, appstruct):
came_from = self.request.params.get('came_from',
self.request.application_url)
email = appstruct.get('email', '').lower()
password = appstruct.get('password')
user = User.by_email(email)
if (password is not None and user is not None
and verify(password, user.password)):
headers = remember(self.request, user.email)
self.request.registry.notify(
UserLoggedIn(self.request,
user,
comment=self.user_agent_info()) # noqa
)
return HTTPFound(location=came_from, headers=headers)
self.request.session.flash(u'Login failed.', 'error')
def test_submit_success(self, UserCreated):
result = self.view.submit_success(self.APPSTRUCT)
self.assertIsInstance(result, HTTPFound)
self.assertEqual(result.location, '/user/4/')
self.assertTrue(self.request.registry.notify.called)
user = User.by_id(4)
self.assertEqual(user.email, '*****@*****.**')
self.assertTrue(verify('secret', user.password))
self.assertEqual(user.fullname, u'Foö Bar')
self.assertEqual(user.affiliate, u'Aff')
self.assertEqual(user.billing_email, '*****@*****.**')
self.assertEqual(user.valid_to, date(2014, 2, 1))
self.assertEqual(user.last_payment, date(2014, 1, 1))
self.assertEqual(user.groups, [
Group.by_id(1),
])
self.assertEqual(user.get_property('foo'), 'bar')
UserCreated.assert_called_with(self.request, user, 'secret',
u'Created manually by [email protected]')
self.assertEqual(self.request.session.pop_flash(),
[u'User "*****@*****.**" added.'])