async def test_registration_with_confirmation(client, capsys):
db = cfg.STORAGE
url = url_for('auth_registration')
r = await client.get(url)
r = await client.post(url,
data={
'email': EMAIL,
'password': PASSWORD,
'confirm': PASSWORD,
'csrf_token': await get_csrf(r),
})
assert r.status == 200
assert r.url_obj.path == str(url_for('auth_registration_requested'))
user = await db.get_user({'email': EMAIL})
assert user['status'] == 'confirmation'
out, err = capsys.readouterr()
link = parse_link(out)
r = await client.get(link)
assert r.url_obj.path == str(url_for(cfg.LOGIN_REDIRECT))
assert cfg.MSG_ACTIVATED in await r.text()
assert cfg.MSG_LOGGED_IN in await r.text()
user = await db.get_user({'email': EMAIL})
assert user['status'] == 'active'
user = await db.get_user({'email': EMAIL})
await db.delete_user(user)
async def test_success(client):
url = url_for('auth_change_password')
login_url = url_for('auth_login')
r = await client.get(url)
async with LoggedUser(client) as user:
r = await client.post(url, data={
'cur_password': user['raw_password'],
'new_password': NEW_PASSWORD,
'confirm': NEW_PASSWORD,
'csrf_token': await get_csrf(r),
})
assert r.url_obj.path == url.path
assert r.status == 200
assert cfg.MSG_PASSWORD_CHANGED in await r.text()
r = await client.get(url_for('auth_logout'))
assert r.status == 200
assert r.url_obj.path == login_url.path
r = await client.post(login_url, data={
'email': user['email'],
'password': NEW_PASSWORD,
'csrf_token': await get_csrf(r),
})
assert r.status == 200
assert r.url_obj.path == url_for(cfg.LOGIN_REDIRECT).path
assert cfg.MSG_LOGGED_IN in await r.text()
async def log_client_in(client, user_data=None):
user = await create_user(user_data)
url = url_for('auth_login')
r = await client.get(url)
assert r.status == 200
r = await client.post(url,
data={
'email': user['email'],
'password': user['raw_password'],
'csrf_token': await get_csrf(r),
})
assert cfg.MSG_LOGGED_IN in await r.text()
assert r.url_obj.path == url_for(cfg.LOGIN_REDIRECT).path
return user
async def test_registration_without_confirmation(client, monkeypatch):
monkeypatch.setitem(cfg, 'REGISTRATION_CONFIRMATION_REQUIRED', False)
db = cfg.STORAGE
url = url_for('auth_registration')
r = await client.get(url)
r = await client.post(url,
data={
'email': EMAIL,
'password': PASSWORD,
'confirm': PASSWORD,
'csrf_token': await get_csrf(r),
})
assert r.status == 200
assert r.url_obj.path == str(url_for(cfg.LOGIN_REDIRECT))
assert cfg.MSG_LOGGED_IN in await r.text()
user = await db.get_user({'email': EMAIL})
await db.delete_user(user)
async def test_registration_with_expired_confirmation(client, monkeypatch):
monkeypatch.setitem(cfg, 'REGISTRATION_CONFIRMATION_LIFETIME', -1)
db = cfg.STORAGE
url = url_for('auth_registration')
r = await client.get(url)
async with NewUser({'status': 'confirmation'}) as user:
confirmation = await db.create_confirmation(user, 'registration')
r = await client.post(url,
data={
'email': user['email'],
'password': user['raw_password'],
'confirm': user['raw_password'],
'csrf_token': await get_csrf(r),
})
await db.delete_confirmation(confirmation)
assert r.status == 200
assert r.url_obj.path == str(url_for('auth_registration_requested'))
async def test_logout(client):
login_url = url_for('auth_login')
change_email_url = url_for('auth_change_email')
user = await log_client_in(client)
# try to access protected page
r = await client.get(change_email_url)
assert r.url_obj.path == change_email_url.path
# logout
r = await client.get(url_for('auth_logout'))
assert r.status == 200
assert r.url_obj.path == login_url.path
# and try again
r = await client.get(change_email_url)
assert r.url_obj.path == login_url.path
await cfg.STORAGE.delete_user(user)
async def test_unknown_email(client):
url = url_for('auth_reset_password')
r = await client.get(url)
assert r.url_obj.path == url.path
assert cfg.MSG_UNKNOWN_EMAIL not in await r.text()
r = await client.post(url,
data={
'email': EMAIL,
'csrf_token': await get_csrf(r),
})
assert r.status == 200
assert r.url_obj.path == url.path
assert cfg.MSG_UNKNOWN_EMAIL in await r.text()
async def test_wrong_current_password(client):
url = url_for('auth_change_password')
r = await client.get(url)
async with LoggedUser(client):
r = await client.post(url, data={
'cur_password': '******',
'new_password': NEW_PASSWORD,
'confirm': NEW_PASSWORD,
'csrf_token': await get_csrf(r),
})
assert r.url_obj.path == url.path
assert r.status == 200
assert cfg.MSG_WRONG_PASSWORD in await r.text()
async def test_inactive_user(client):
url = url_for('auth_reset_password')
r = await client.get(url)
assert cfg.MSG_ACTIVATION_REQUIRED not in await r.text()
async with NewUser({'status': 'confirmation'}) as user:
r = await client.post(url,
data={
'email': user['email'],
'csrf_token': await get_csrf(r),
})
assert r.status == 200
assert r.url_obj.path == url.path
assert cfg.MSG_ACTIVATION_REQUIRED in await r.text()
async def test_cnange_and_confirm(client, capsys):
url = url_for('auth_change_email')
login_url = url_for('auth_login')
r = await client.get(url)
async with LoggedUser(client) as user:
r = await client.post(url,
data={
'email': NEW_EMAIL,
'csrf_token': await get_csrf(r),
})
assert r.status == 200
assert r.url_obj.path == url.path
assert cfg.MSG_CHANGE_EMAIL_REQUESTED in await r.text()
out, err = capsys.readouterr()
link = parse_link(out)
r = await client.get(link)
assert r.status == 200
assert r.url_obj.path == url.path
assert cfg.MSG_EMAIL_CHANGED in await r.text()
r = await client.get(url_for('auth_logout'))
assert r.status == 200
assert r.url_obj.path == login_url.path
r = await client.post(login_url,
data={
'email': NEW_EMAIL,
'password': user['raw_password'],
'csrf_token': await get_csrf(r),
})
assert r.status == 200
assert r.url_obj.path == url_for(cfg.LOGIN_REDIRECT).path
assert cfg.MSG_LOGGED_IN in await r.text()
async def test_banned_user(client):
url = url_for('auth_reset_password')
r = await client.get(url)
assert r.url_obj.path == url.path
assert cfg.MSG_USER_BANNED not in await r.text()
async with NewUser({'status': 'banned'}) as user:
r = await client.post(url,
data={
'email': user['email'],
'csrf_token': await get_csrf(r),
})
assert r.status == 200
assert r.url_obj.path == url.path
assert cfg.MSG_USER_BANNED in await r.text()
async def test_registration_with_existing_email(client):
url = url_for('auth_registration')
r = await client.get(url)
assert cfg.MSG_EMAIL_EXISTS not in await r.text()
async with NewUser() as user:
r = await client.post(url,
data={
'email': user['email'],
'password': user['raw_password'],
'confirm': user['raw_password'],
'csrf_token': await get_csrf(r),
})
assert r.status == 200
assert r.url_obj.path == url.path
assert cfg.MSG_EMAIL_EXISTS in await r.text()
async def test_csrf(client):
reset_url = url_for('auth_reset_password')
r = await client.post(reset_url, data={
'email': EMAIL,
})
assert r.url_obj.path == reset_url.path
assert r.status == 200
assert 'CSRF token missing' in await r.text()
r = await client.post(reset_url,
data={
'email': EMAIL,
'csrf_token': '##wrong',
})
assert r.url_obj.path == reset_url.path
assert r.status == 200
assert 'CSRF failed' in await r.text()
async def test_too_often(client):
db = cfg.STORAGE
url = url_for('auth_reset_password')
r = await client.get(url)
assert cfg.MSG_OFTEN_RESET_PASSWORD not in await r.text()
async with NewUser() as user:
confirmation = await db.create_confirmation(user, 'reset_password')
r = await client.post(url,
data={
'email': user['email'],
'csrf_token': await get_csrf(r),
})
await db.delete_confirmation(confirmation)
assert r.status == 200
assert r.url_obj.path == url.path
assert cfg.MSG_OFTEN_RESET_PASSWORD in await r.text()
async def test_csrf(client):
url = url_for('auth_change_email')
async with LoggedUser(client):
r = await client.post(url, data={
'email': NEW_EMAIL,
})
assert r.url_obj.path == url.path
assert r.status == 200
assert 'CSRF token missing' in await r.text()
r = await client.post(url,
data={
'email': NEW_EMAIL,
'csrf_token': '##wrong',
})
assert r.url_obj.path == url.path
assert r.status == 200
assert 'CSRF failed' in await r.text()
async def test_regitration_csrf(client):
url = url_for('auth_registration')
r = await client.post(url,
data={
'email': EMAIL,
'password': PASSWORD,
'confirm': PASSWORD,
})
assert r.status == 200
assert 'CSRF token missing' in await r.text()
r = await client.post(url,
data={
'email': EMAIL,
'password': PASSWORD,
'confirm': PASSWORD,
'csrf_token': '##wrong',
})
assert r.status == 200
assert 'CSRF failed' in await r.text()
async def test_csrf(client):
url = url_for('auth_change_password')
async with LoggedUser(client) as user:
r = await client.post(url, data={
'cur_password': user['raw_password'],
'new_password': NEW_PASSWORD,
'confirm': NEW_PASSWORD,
})
assert r.url_obj.path == url.path
assert r.status == 200
assert 'CSRF token missing' in await r.text()
r = await client.post(url, data={
'cur_password': user['raw_password'],
'new_password': NEW_PASSWORD,
'confirm': NEW_PASSWORD,
'csrf_token': '##wrong',
})
assert r.url_obj.path == url.path
assert r.status == 200
assert 'CSRF failed' in await r.text()
async def test_reset_and_confirm(client, capsys):
url = url_for('auth_reset_password')
login_url = url_for('auth_login')
r = await client.get(url)
async with NewUser() as user:
r = await client.post(url,
data={
'email': user['email'],
'csrf_token': await get_csrf(r),
})
assert r.status == 200
assert r.url_obj.path == url_for('auth_reset_password_requested').path
out, err = capsys.readouterr()
confirmation_url = parse_link(out)
r = await client.get(confirmation_url)
assert r.status == 200
new_password = get_random_string(10)
r = await client.post(confirmation_url,
data={
'password': new_password,
'confirm': new_password,
'csrf_token': await get_csrf(r),
})
assert r.status == 200
assert r.url_obj.path == url_for(cfg.LOGIN_REDIRECT).path
assert cfg.MSG_PASSWORD_CHANGED in await r.text()
assert cfg.MSG_LOGGED_IN in await r.text()
r = await client.get(url_for('auth_logout'))
assert r.status == 200
assert r.url_obj.path == login_url.path
r = await client.post(login_url,
data={
'email': user['email'],
'password': new_password,
'csrf_token': await get_csrf(r),
})
assert r.status == 200
assert r.url_obj.path == url_for(cfg.LOGIN_REDIRECT).path
assert cfg.MSG_LOGGED_IN in await r.text()
async def test_form_availibility(client):
url = url_for('auth_change_email')
async with LoggedUser(client):
r = await client.get(url)
assert r.status == 200
assert r.url_obj.path == url.path
async def test_form_availibility(client):
reset_url = url_for('auth_reset_password')
r = await client.get(reset_url)
assert r.status == 200
assert r.url_obj.path == reset_url.path
async def test_regitration_availibility(client):
r = await client.get(url_for('auth_registration'))
assert r.status == 200
async def test_guest_access(client):
r = await client.get(url_for('auth_change_email'))
assert r.status == 200
assert r.url_obj.path == url_for('auth_login').path
