def test_user_with_many_methods(active_user_with_many_otp_methods):
active_user, _ = active_user_with_many_otp_methods
mfa_method = active_user.mfa_methods.filter(is_primary=True).first()
client = TrenchAPIClient()
client.authenticate_multi_factor(mfa_method=mfa_method, user=active_user)
response = client.get(path="/auth/mfa/user-active-methods/")
assert len(response.data) == 4
def test_login_disabled_user(inactive_user):
client = TrenchAPIClient()
response = client.authenticate(user=inactive_user)
assert response.status_code == HTTP_400_BAD_REQUEST
assert ("Unable to login with provided credentials."
or "User account is disabled."
in response.data.get("non_field_errors"))
def test_get_jwt_without_otp(active_user):
client = TrenchAPIClient()
response = client.authenticate(user=active_user)
assert response.status_code == HTTP_200_OK
assert client.get_username_from_jwt(response=response) == getattr(
active_user,
User.USERNAME_FIELD,
)
def test_get_ephemeral_token(active_user_with_email_otp):
client = TrenchAPIClient()
response = client.authenticate(user=active_user_with_email_otp)
assert response.status_code == HTTP_200_OK
assert (user_token_generator.check_token(
user=None,
token=client._extract_ephemeral_token_from_response(response=response),
) == active_user_with_email_otp)
def test_auth_token_first_step(active_user_with_email_otp):
client = TrenchAPIClient()
response = client.authenticate(user=active_user_with_email_otp,
path=client.PATH_AUTH_TOKEN_LOGIN)
assert response.status_code == HTTP_200_OK
assert (user_token_generator.check_token(
user=None,
token=client._extract_ephemeral_token_from_response(response)) ==
active_user_with_email_otp)
def test_auth_token_both_steps(active_user_with_email_otp):
client = TrenchAPIClient()
mfa_method = active_user_with_email_otp.mfa_methods.first()
response = client.authenticate_multi_factor(
user=active_user_with_email_otp,
mfa_method=mfa_method,
path=client.PATH_AUTH_TOKEN_LOGIN,
path_2nd_factor=client.PATH_AUTH_TOKEN_LOGIN_CODE,
)
assert response.status_code == HTTP_200_OK
assert response.data.get("auth_token") is not None
def test_login_missing_field(active_user):
client = TrenchAPIClient()
response = client.post(
path=client.PATH_AUTH_JWT_LOGIN,
data={
"username": "",
"password": "******",
},
format="json",
)
assert response.status_code == HTTP_400_BAD_REQUEST
assert "This field may not be blank." in response.data.get(
User.USERNAME_FIELD)
def test_add_user_mfa(active_user):
client = TrenchAPIClient()
client.authenticate(user=active_user)
secret = create_secret_command()
response = client.post(
path="/auth/email/activate/",
data={
"secret": secret,
"code": create_otp_command(secret=secret, interval=60).now(),
"user": getattr(active_user, active_user.USERNAME_FIELD),
},
format="json",
)
assert response.status_code == HTTP_200_OK
def test_login_wrong_password(active_user):
client = TrenchAPIClient()
response = client.post(
path=client.PATH_AUTH_JWT_LOGIN,
data={
"username": getattr(
active_user,
User.USERNAME_FIELD,
),
"password": "******",
},
format="json",
)
assert response.status_code == HTTP_400_BAD_REQUEST
assert response.data.get(
"error") == "Unable to login with provided credentials."
def test_deactivated_user(deactivated_user_with_email_otp):
client = TrenchAPIClient()
response = client.authenticate(user=deactivated_user_with_email_otp)
assert response.status_code == HTTP_400_BAD_REQUEST