def test_should_redirect_after_mobile_number_confirm( client_request, mocker, mock_update_user_attribute, mock_check_verify_code, fake_uuid, phone_number_to_register_with, ): user_before = create_user(fake_uuid) user_after = create_user(fake_uuid) user_before['current_session_id'] = str(uuid.UUID(int=1)) user_after['current_session_id'] = str(uuid.UUID(int=2)) # first time (login decorator) return normally, second time (after 2FA return with new session id) mocker.patch('app.user_api_client.get_user', side_effect=[user_before, user_after]) with client_request.session_transaction() as session: session['new-mob-password-confirmed'] = True session['new-mob'] = phone_number_to_register_with session['current_session_id'] = user_before['current_session_id'] client_request.post( 'main.user_profile_mobile_number_confirm', _data={'two_factor_code': '12345'}, _expected_status=302, _expected_redirect=url_for( 'main.user_profile', _external=True, ) ) # make sure the current_session_id has changed to what the API returned with client_request.session_transaction() as session: assert session['current_session_id'] == user_after['current_session_id']
def setup(cls): cls.course1 = conftest.create_course(1) cls.course2 = conftest.create_course(2) cls.course_no_submissions = conftest.create_course(3) cls.course_no_exercises = conftest.create_course(4) cls.ex1_1 = conftest.create_exercise(cls.course1, 1, 1) cls.ex1_2 = conftest.create_exercise(cls.course1, 2, 2) cls.ex2_1 = conftest.create_exercise(cls.course2, 1, 3) cls.ex3_1 = conftest.create_exercise(cls.course_no_submissions, 1, 4) cls.user1 = conftest.create_user(index=1) cls.user2 = conftest.create_user(index=2) conftest.create_usercourse(cls.user1, cls.course1) conftest.create_usercourse(cls.user1, cls.course2) conftest.create_usercourse(cls.user2, cls.course1) solution = conftest.create_solution cls.s1 = solution(cls.ex1_1, cls.user1) cls.s2 = solution(cls.ex1_1, cls.user1, code='Other submission') cls.s3 = solution(cls.ex1_1, cls.user2) cls.s4 = solution(cls.ex1_2, cls.user1) cls.s5 = solution(cls.ex2_1, cls.user1)
def test_authenticate_error(app: Devicehub): """Tests the authenticate method with wrong token values.""" with app.app_context(): MESSAGE = 'Provide a suitable token.' create_user() # Token doesn't exist with pytest.raises(Unauthorized, message=MESSAGE): app.auth.authenticate(token=str(uuid4())) # Wrong token format with pytest.raises(Unauthorized, message=MESSAGE): app.auth.authenticate(token='this is a wrong uuid')
def test_verify_user(client): """Test verify User token route""" username = "******" password = "******" verified_user = create_user(username, password, is_verified=False) add_user_to_db(verified_user) verified_user.id = 0 token = verified_user.get_email_token() no_token_rv = client.get('/verify', follow_redirects=True) assert no_token_rv.status_code == 401 assert b'Please log in' in no_token_rv.data invalid_rv = client.get('/verify?token={}'.format("token"), follow_redirects=True) assert invalid_rv.status_code == 401 assert b'Please log in' in invalid_rv.data valid_rv = client.get('/verify?token={}'.format(token), follow_redirects=True) assert valid_rv.status_code == 200 assert verified_user.is_verified is True assert b'This is a restricted page! <User %b>' % username.encode('utf-8') \ in valid_rv.data
def test_login_success(client: Client, app: Devicehub): """ Tests successfully performing login. This checks that: - User is returned. - User has token. - User has not the password. """ with app.app_context(): create_user() user, _ = client.post({ 'email': '*****@*****.**', 'password': '******' }, uri='/users/login', status=200) assert user['email'] == '*****@*****.**' assert UUID(b64decode(user['token'].encode()).decode()[:-1]) assert 'password' not in user
def test_login_failure(client: Client, app: Devicehub): """Tests performing wrong login.""" # Wrong password with app.app_context(): create_user() client.post({ 'email': '*****@*****.**', 'password': '******' }, uri='/users/login/', status=WrongCredentials) # Wrong URI client.post({}, uri='/wrong-uri', status=NotFound) # Malformed data client.post({}, uri='/users/login/', status=ValidationError) client.post({ 'email': 'this is not an email', 'password': '******' }, uri='/users/login/', status=ValidationError)
def test_author(): """ Checks the default created author. Note that the author can be accessed after inserting the row. """ user = create_user() g.user = user e = EventWithOneDevice(device=Device()) db.session.add(e) assert e.author is None assert e.author_id is None db.session.commit() assert e.author == user
def test_login_success(client: Client, app: Devicehub): """Tests successfully performing login. This checks that: - User is returned. - User has token. - User has not the password. """ with app.app_context(): create_user() user, _ = client.post({ 'email': '*****@*****.**', 'password': '******' }, uri='/users/login/', status=200) assert user['email'] == '*****@*****.**' assert UUID(auth.Auth.decode(user['token'])) assert 'password' not in user assert user['individuals'][0]['name'] == 'Timmy' assert user['individuals'][0]['type'] == 'Person' assert len(user['individuals']) == 1 assert user['inventories'][0]['id'] == 'test'
def test_authorized_request(client): """Test authorized requests""" username = "******" password = "******" add_user_to_db(create_user(username, password)) login_rv = client.post('/login', data=dict(username=username, password=password), follow_redirects=True) get_index = client.get('/') assert get_index.status_code == 200 get_files = client.get('/files') assert get_files.status_code == 200
def test_get_file_by_id(client, s3_fixture): username = '******' user_id = 0 file_id = 0 file_2_id = 1 invalid_file_id = 9 password = '******' file_name = 'test.pdf' file_2_name = 'test2.pdf' file_desc = 'This is a test file description' (s3_client, s3) = s3_fixture s3_client.create_bucket(Bucket=TEST_S3_BUCKET) user = create_user(username, password) user.id = user_id add_user_to_db(user) file = create_file(name=file_name, id=file_id, desc=file_desc, username=username, user_id=user_id) file_2 = create_file(name=file_2_name, id=file_2_id, username=username, user_id=user_id) add_file_to_db(file) add_file_to_db(file_2) s3.Bucket(TEST_S3_BUCKET).put_object(Key=file.key, Body=io.BytesIO(b'this is a test')) client.post('/login', data=dict(username=username, password=password)) invalid_file_id_rv = client.get('/files/{}'.format(invalid_file_id)) assert b'File does not exist' in invalid_file_id_rv.data file_not_in_bucket_rv = client.get('/files/{}'.format(file_2_id)) assert b'File not in your folder' in file_not_in_bucket_rv.data valid_get_rv = client.get('/files/{}'.format(file_id)) assert valid_get_rv.status_code == 200 assert file_desc in valid_get_rv.data.decode("utf-8")
def test_delete_user(client, s3_fixture): """Delete a User and that User's bucket""" s3_client = s3_fixture[0] s3_client.create_bucket(Bucket=TEST_S3_BUCKET) username = "******" password = "******" add_user_to_db(create_user(username, password)) valid_login_rv = client.post('/login', data=dict(username=username, password=password), follow_redirects=True) delete_rv = client.delete('/user/delete') assert delete_rv.status_code == 200 assert b'User deleted' in delete_rv.data
def test_edit_file_by_id(client, s3_fixture): username = '******' user_id = 0 password = '******' file_name = 'test.pdf' file_id = 0 file_desc = "This will change." file_desc_changed = "This is changed." file_desc_too_long = "t" * 131 invalid_file_id = 9 file = create_file(name=file_name, id=file_id, username=username, user_id=user_id, desc=file_desc) add_user_to_db(create_user(username, password)) add_file_to_db(file) client.post('/login', data=dict(username=username, password=password)) invalid_file_id_rv = client.patch('/files/{}/edit'.format(invalid_file_id)) assert b'File does not exist' in invalid_file_id_rv.data missing_form_rv = client.patch('/files/{}/edit'.format(file_id)) assert b'Missing part of your form' in missing_form_rv.data assert missing_form_rv.status_code == 400 too_long_desc_rv = client.patch('/files/{}/edit'.format(file_id), data=dict(body=file_desc_too_long)) assert b'File description must be less than 130 characters' \ in too_long_desc_rv.data assert too_long_desc_rv.status_code == 400 file_edit_rv = client.patch('/files/{}/edit'.format(file_id), data=dict(body=file_desc_changed)) assert file.body == file_desc_changed assert b'File edited!' in file_edit_rv.data assert file_edit_rv.status_code == 200
def test_read_related( self, student_user: User, solution: Solution, exercise: Exercise, ): solution2 = conftest.create_solution(student_user, exercise) student_user2 = conftest.create_user(index=1) messages = [ conftest.create_notification(student_user, solution), conftest.create_notification(student_user, solution), conftest.create_notification(student_user, solution), conftest.create_notification(student_user, solution2), conftest.create_notification(student_user2, solution), ] assert all(not n.viewed for n in messages) notifications.read_related(solution.id, student_user) # peewee... messages = [Notification.get_by_id(n.id) for n in messages] assert all(n.viewed for n in messages[:3]) assert all(not n.viewed for n in messages[3:])
def test_logout_user(client): """Test User logout""" username = "******" password = "******" add_user_to_db(create_user(username, password)) valid_login_rv = client.post('/login', data=dict(username=username, password=password), follow_redirects=True) logged_in_rv = client.get('/') assert logged_in_rv.status_code == 200 logout_rv = client.get('/logout') assert b'Logged out' in logout_rv.data logged_out_rv = client.get('/', follow_redirects=True) assert logged_out_rv.status_code == 401 assert b'Please log in' in logged_out_rv.data
def test_unverified_login(client): """ Test unverified login and resend verification email NOTE: This test will fail if your SendGrid API key is not set """ username = "******" password = "******" email = "*****@*****.**" unverified_user = create_user(username, password, is_verified=False) unverified_user.email = "*****@*****.**" add_user_to_db(unverified_user) unverified_login_rv = client.post('/login', data=dict(username=username, password=password), follow_redirects=True) assert unverified_login_rv.status_code == 401 assert b'Please verify your account. We just sent another email' \ in unverified_login_rv.data
def test_delete_file_by_id(client, s3_fixture): username = '******' user_id = 0 password = '******' file_id = 0 file_2_id = 1 invalid_file_id = 9 file_name = 'test.pdf' file_2_name = 'test2.pdf' (s3_client, s3) = s3_fixture s3_client.create_bucket(Bucket=TEST_S3_BUCKET) add_user_to_db(create_user(username, password)) file = create_file(name=file_name, id=file_id, username=username, user_id=user_id) file_2 = create_file(name=file_2_name, id=file_2_id, username=username, user_id=user_id) add_file_to_db(file) add_file_to_db(file_2) client.post('/login', data=dict(username=username, password=password)) invalid_file_id_rv = client.delete( '/files/{}/delete'.format(invalid_file_id)) assert b'File does not exist' in invalid_file_id_rv.data delete_file_rv = client.delete('/files/{}/delete'.format(file_id)) assert delete_file_rv.status_code == 200 assert b'File removed' in delete_file_rv.data
def test_login_user(client): """Test login user""" username = "******" password = "******" add_user_to_db(create_user(username, password)) valid_login_rv = client.post('/login', data=dict(username=username, password=password), follow_redirects=True) assert valid_login_rv.status_code == 200 invalid_login_rv = client.post('/login', data=dict(username="******", password="******"), follow_redirects=True) assert invalid_login_rv.status_code == 400 invalid_form_rv = client.post('/login', data=dict(username=username), follow_redirects=True) assert invalid_form_rv.status_code == 400
def test_hash_password(app: Devicehub): """Tests correct password hashing and equaling.""" with app.app_context(): user = create_user() assert isinstance(user.password, Password) assert user.password == 'foo'
def test_hash_password(): """Tests correct password hashing and equaling.""" user = create_user() assert isinstance(user.password, Password) assert user.password == 'foo'
def test_upload_file(client, s3_fixture): username = '******' password = '******' invalid_file_name = 'test.txt' valid_file_name = 'test.pdf' invalid_file_desc = "test" * 50 (s3_client, s3) = s3_fixture s3_client.create_bucket(Bucket=TEST_S3_BUCKET) s3.Bucket(TEST_S3_BUCKET).put_object(Key=username + '/') add_user_to_db(create_user(username, password)) client.post('/login', data=dict(username=username, password=password)) # Form missing file missing_file_rv = client.post('/files', follow_redirects=True) assert missing_file_rv.status_code == 400 assert b'Missing part of your form' in missing_file_rv.data # Invalid file type invalid_file_type_rv = client.post( '/files', data=dict(text="This is a file", date="some date", file=(io.BytesIO(b'this is a test'), invalid_file_name)), follow_redirects=True) assert invalid_file_type_rv.status_code == 400 assert b'Invalid file type' in invalid_file_type_rv.data # File missing name missing_filename_rv = client.post( '/files', data=dict(text="This is a file", date="some date", file=(io.BytesIO(b'this is a test'), '')), follow_redirects=True) assert missing_filename_rv.status_code == 400 assert b'missing file name' in missing_filename_rv.data # File description too long invalid_file_desc_rv = client.post( '/files', data=dict(text=invalid_file_desc, date="some date", file=(io.BytesIO(b'this is a test'), valid_file_name)), follow_redirects=True) assert invalid_file_desc_rv.status_code == 400 assert b'File description must be less than 130 characters' \ in invalid_file_desc_rv.data # Valid file post post_file_rv = client.post('/files', data=dict(text="This is a file", date="some date", file=(io.BytesIO(b'this is a test'), valid_file_name)), follow_redirects=True) assert post_file_rv.status_code == 200 assert b'Uploaded %b' % valid_file_name.encode('utf-8') \ in post_file_rv.data # Filename already exists file_exists_rv = client.post('/files', data=dict(text="This is a file", date="some date", file=(io.BytesIO(b'this is a test'), valid_file_name)), follow_redirects=True) assert file_exists_rv.status_code == 400 assert b'You already have a file with that name' in file_exists_rv.data
def test_member(request,accounts,invitations,bilateral,client,variant,settings): from idapi.backendviews import get_members, update_members from accounts.models import Account, NestedGroup, Invitation, EMailConfirmation from ekklesia.data import json_decrypt, json_encrypt from django.conf import settings import os, json twofactor = variant=='2fac' setattr(settings, 'TWO_FACTOR_SIGNUP',twofactor) #setattr(settings, 'DEBUG',True) Invitation.objects.create(code='inv6',secret='password6',uuid='uid6',status=Invitation.REGISTERING) Invitation.objects.create(code='inv7',secret='password7',uuid='uid7',status=Invitation.REGISTERING) Invitation.objects.create(code='inv8',secret='password8',uuid='uid8',status=Invitation.REGISTERING) member6 = create_user(username='******',status=Account.NEWMEMBER,is_active=False, email='member6@localhost',uuid='uid6') member7 = create_user(username='******',status=Account.NEWMEMBER,is_active=False, email='member7@localhost',uuid='uid7') member8 = create_user(username='******',status=Account.NEWMEMBER,is_active=False, email='member8@localhost',uuid='uid8') conf8 = EMailConfirmation.objects.create(user=member8, confirmation_key='key8') activate = ['activate'] if twofactor else [] response, members = api(client,'backend/members/?new=1',user='******') assert response.status_code == 200 members, encrypted, signed, result = json_decrypt(members,bilateral['id2']) assert encrypted and signed data = [['uid6','password6'],['uid7','password7']] assert members == dict(fields=['uuid']+activate, version=[1, 0], format='member', data=data if twofactor else [v[:-1] for v in data]) response, members = api(client,'backend/members/',user='******') assert response.status_code == 200 #members = get_members(crypto=bilateral['id1']) members, encrypted, signed, result = json_decrypt(members,bilateral['id2']) assert encrypted and signed data = [['uid1',''],['uid2',''],['uid3','']]+data assert members == dict(fields=['uuid']+activate, version=[1, 0], format='member', data=data if twofactor else [v[:-1] for v in data]) # change data by upload data = [['uid1','eligible',1,[2],''],['uid2','member',1,[3],''],['uid3','deleted',0,[],''], ['uid6','member',1,[0],True],['uid7','deleted',0,[],False]] members = dict(fields=['uuid','status','verified','departments']+activate, version=[1, 0], format='member', # data=[['uid1',0,0,2],['uid2',1,1,3],['uid3',1,1,4]]) data=data if twofactor else [v[:-1] for v in data]) departments = dict(fields=('id','parent','name','depth'), version=[1, 0], format='department', # data=[[1,None,'root',1],[2,1,'sub',2],[3,2,'subsub',4],[4,1,'sub2',2],[5,None,'root2',1],[6,5,'r2sub',2]]) data=[[1,None,'r00t',1],[2,1,'s0b',2],[3,2,'s0bsub',3],[5,2,'s0bsub2',3],[6,None,'r00t2',1],[7,6,'r2s0b',2]]) members, result = json_encrypt(members,bilateral['id2'],encrypt=['foo@localhost'],sign=True) #data, encrypted, signed, result = json_decrypt(members,bilateral['id1']) departments, result = json_encrypt(departments,bilateral['id2'],encrypt=['foo@localhost'],sign=True) response, result = api(client,'backend/members/','post',user='******', data=dict(members=members,departments=departments)) assert response.status_code == 200 root = NestedGroup.objects.get(syncid=1) assert root.name=='r00t' and root.is_root() and root.level==1 sub = NestedGroup.objects.get(syncid=2) assert sub.name=='s0b' and sub.parent==root and sub.level==2 ssub = NestedGroup.objects.get(syncid=3) assert ssub.name=='s0bsub' and ssub.parent==sub and ssub.level==3 assert not NestedGroup.objects.filter(syncid=4).exists() ssub2 = NestedGroup.objects.get(syncid=5) assert ssub2.name=='s0bsub2' and ssub2.parent==sub and ssub2.level==3 root2 = NestedGroup.objects.get(syncid=6) assert root2.name=='r00t2' and root2.is_root() and root2.level==1 r2sub = NestedGroup.objects.get(syncid=7) assert r2sub.name=='r2s0b' and r2sub.parent==root2 and r2sub.level==2 indep = NestedGroup.objects.get(name='indep') assert indep.syncid is None and indep.level==1 m = Account.objects.get(uuid='uid3') assert m.status==Account.DELETED assert list(m.nested_groups.all())==[indep] m = Account.objects.get(uuid='uid1') assert m.status==Account.ELIGIBLE and m.verified assert list(m.nested_groups.all())==[sub] m = Account.objects.get(uuid='uid2') assert m.status==Account.MEMBER and m.verified assert set(m.nested_groups.all())==set([ssub,indep]) m = Account.objects.get(uuid='uid6') assert m.status==Account.MEMBER and m.verified assert not m.nested_groups.count() inv = Invitation.objects.get(uuid='uid6') assert inv.status==Invitation.REGISTERED assert not Account.objects.filter(uuid='uid7').exists() m = Account.objects.get(uuid='uid8') assert m.status==Account.NEWMEMBER inv = Invitation.objects.get(uuid='uid8') assert inv.status==Invitation.REGISTERING response, members = api(client,'backend/members/',user='******') assert response.status_code == 200 members, encrypted, signed, result = json_decrypt(members,bilateral['id2']) assert encrypted and signed data = [['uid1',''],['uid2',''],['uid6','']] if not twofactor: data = [v[:-1] for v in data] assert listset_equal(members['data'], data) assert members == dict(fields=['uuid']+activate, version=[1, 0], format='member', data=members['data'])
def test_authenticate_success(app: Devicehub): """Checks the authenticate method.""" with app.app_context(): user = create_user() response_user = app.auth.authenticate(token=str(user.token)) assert response_user == user
def test_assign_individual_user(): """Tests assigning an individual to an user.""" user = create_user() assert len(user.individuals) == 1 assert next(iter(user.individuals)).name == 'Timmy'