def test_register_default_values(client, cleanup_dummy_user): """Verify that the default attributes are added to the user""" result = client.post( '/register', data={ "firstname": "First", "lastname": "Last", "username": "******", "password": "******", "password_confirm": "password", }, ) assert result.status_code == 302 ipa = maybe_ipa_login(current_app, session, "dummy", "password") user = ipa.user_show("dummy") # Creation time assert "fascreationtime" in user assert user["fascreationtime"][0] # Locale assert "faslocale" in user assert user["faslocale"][0] == current_app.config["USER_DEFAULTS"][ "user_locale"] # Timezone assert "fastimezone" in user assert (user["fastimezone"][0] == current_app.config["USER_DEFAULTS"] ["user_timezone"])
def login(): form = LoginUserForm() if form.validate_on_submit(): username = form.username.data password = form.password.data try: # This call will set the cookie itself, we don't have to. ipa = maybe_ipa_login(app, session, username, password) except python_freeipa.exceptions.PasswordExpired: flash('Password expired. Please reset it.', 'danger') return redirect(url_for('password_reset', username=username)) except python_freeipa.exceptions.Unauthorized as e: form.errors['non_field_errors'] = [e.message] except python_freeipa.exceptions.FreeIPAError as e: # If we made it here, we hit something weird not caught above. We didn't # bomb out, but we don't have IPA creds, either. app.logger.error( f'An unhandled error {e.__class__.__name__} happened while logging in user ' f'{username}: {e.message}') form.errors['non_field_errors'] = [ 'Could not log in to the IPA server.' ] else: if ipa: flash(f'Welcome, {username}!', 'success') return redirect(url_for('user', username=username)) else: app.logger.error( f'An unhandled situation happened while logging in user {username}: ' f'could not connect to the IPA server') form.errors['non_field_errors'] = [ 'Could not log in to the IPA server.' ] return render_template('login.html', login_form=form)
def login(): username = request.form.get('username') password = request.form.get('password') if not username or not password: flash('Please provide both a username and a password.', 'red') return redirect(url_for('root')) try: # This call will set the cookie itself, we don't have to. ipa = maybe_ipa_login(app, session, username, password) except python_freeipa.exceptions.PasswordExpired: flash('Password expired. Please reset it.', 'red') return redirect(url_for('password_reset')) except python_freeipa.exceptions.Unauthorized as e: flash(str(e), 'red') return redirect(url_for('root')) if ipa: flash('Welcome, %s!' % username, 'green') return redirect(url_for('user', username=username)) # If we made it here, we hit something weird not caught above. We didn't # bomb out, but we don't have IPA creds, either. Boot us back to /. flash('Could not log in to the IPA server.', 'red') return redirect(url_for('root'))
def logged_in_dummy_user(client, dummy_user): with client.session_transaction() as sess: ipa = maybe_ipa_login(app, sess, "dummy", "dummy_password") yield ipa ipa.logout() with client.session_transaction() as sess: sess.clear()
def test_ipa_login(client, dummy_user): with client.session_transaction() as sess: ipa = maybe_ipa_login(current_app, sess, "dummy", "dummy_password") assert ipa is not None with client.session_transaction() as sess: assert sess.get('securitas_session') assert sess.get('securitas_ipa_server_hostname') == "ipa.example.com" assert sess.get('securitas_username') == "dummy" # Test that the session is valid Fernet ipa_session = Fernet(current_app.config['FERNET_SECRET']).decrypt( sess.get('securitas_session')) assert str(ipa_session, 'ascii').startswith("MagBearerToken=")
def test_with_ipa(client, dummy_user): """Test the with_ipa decorator""" view = mock.Mock() with current_app.test_request_context('/'): ipa = maybe_ipa_login(current_app, session, "dummy", "dummy_password") wrapped = with_ipa(current_app, session)(view) wrapped("arg") view.assert_called_once() assert "ipa" in view.call_args_list[0][1] assert isinstance(view.call_args_list[0][1]["ipa"], ipa.__class__) assert "arg" in view.call_args_list[0][0] assert "ipa" in g assert isinstance(g.ipa, ipa.__class__) assert "current_user" in g assert g.current_user.username == "dummy"