def test_success_url_uses_came_from(self): self.request.form.update({ 'came_from': self.portal.absolute_url() + '/foobar' }) view = SecureLoginView(self.portal, self.request) opts = json.loads(view.options()) self.assertTrue('/foobar' in opts['successUrl'])
def test_success_url_is_dashboard(self): registry = queryUtility(IRegistry) registry['plone.two_factor_enabled'] = True registry['castle.plivo_auth_id'] = u'foobar' view = SecureLoginView(self.portal, self.request) opts = json.loads(view.options()) self.assertTrue('@@dashboard' in opts['successUrl'])
def test_get_options(self): registry = queryUtility(IRegistry) registry['plone.two_factor_enabled'] = True registry['castle.plivo_auth_id'] = u'foobar' view = SecureLoginView(self.portal, self.request) opts = json.loads(view.options()) self.assertTrue(opts['twoFactorEnabled']) self.assertEquals(len(opts['supportedAuthSchemes']), 2)
def test_success_url_uses_came_from(self): registry = queryUtility(IRegistry) registry['plone.two_factor_enabled'] = True registry['castle.plivo_auth_id'] = u'foobar' self.request.form.update( {'came_from': self.portal.absolute_url() + '/foobar'}) view = SecureLoginView(self.portal, self.request) opts = json.loads(view.options()) self.assertTrue('/foobar' in opts['successUrl'])
def test_password_history(self): pass1 = 'N1C3P@$$w0rd' pass2 = 'P@$$w0rd2018' editableUser = api.user.get(username=TEST_USER_NAME) editableUser.setMemberProperties( {'password_date': DateTime('01/10/2011')}) login(self.portal, TEST_USER_NAME) # -----Change password----- self.request.form.update({ 'apiMethod': 'set_password', 'username': TEST_USER_NAME, 'existing_password': TEST_USER_PASSWORD, 'new_password': pass1 }) view = SecureLoginView(self.portal, self.request) result = json.loads(view()) self.assertTrue(result['success']) logout() # -----Try logging in with new password----- self.request.form.update({ 'apiMethod': 'login', 'username': TEST_USER_NAME, 'password': pass1 }) view = SecureLoginView(self.portal, self.request) result = json.loads(view()) self.assertFalse(result['resetpassword']) # -----Change password again----- login(self.portal, TEST_USER_NAME) self.request.form.update({ 'apiMethod': 'set_password', 'username': TEST_USER_NAME, 'existing_password': pass1, 'new_password': pass2 }) view = SecureLoginView(self.portal, self.request) result = json.loads(view()) self.assertTrue(result['success']) # -----Try to change password back----- self.request.form.update({ 'apiMethod': 'set_password', 'username': TEST_USER_NAME, 'existing_password': pass2, 'new_password': pass1 }) view = SecureLoginView(self.portal, self.request) result = json.loads(view()) self.assertFalse(result['success'])
def test_send_text_message_with_code(self): view = SecureLoginView(self.portal, self.request) view() # REQUESTING_AUTH_CODE state responses.add( responses.POST, "https://api.plivo.com/v1/Account/foobar_auth_id/Message/", body='{"success": true}', content_type="application/json") registry = queryUtility(IRegistry) registry['castle.plivo_auth_id'] = u'foobar_auth_id' registry['castle.plivo_auth_token'] = u'foobar_auth_token' registry['castle.plivo_phone_number'] = u'15555555555' user = api.user.get(username=TEST_USER_NAME) user.setMemberProperties(mapping={ 'phone_number': '19999999999', }) self.request.form.update({ 'authType': 'sms', 'username': TEST_USER_NAME }) self.request.REQUEST_METHOD = 'POST' result = json.loads(view()) self.assertTrue(result['success']) self.assertEquals(len(responses.calls), 1) text_body = json.loads(responses.calls[0].request.body) self.assertTrue('code:' in text_body['text']) self.assertEquals(text_body['dst'], '19999999999') self.assertEquals(text_body['src'], '15555555555')
def test_initial_login(self): self.request.form.update({ 'username': TEST_USER_NAME, 'password': TEST_USER_PASSWORD }) view = SecureLoginView(self.portal, self.request) result = json.loads(view()) self.assertTrue(result['success'])
def test_authorize_code_required_for_login(self): self.request.form.update({ 'username': TEST_USER_NAME, 'password': TEST_USER_PASSWORD }) view = SecureLoginView(self.portal, self.request) view.auth.issue_2factor_code(TEST_USER_NAME) result = json.loads(view()) self.assertFalse(result['success'])
def test_authorize_code_fails(self): view = SecureLoginView(self.portal, self.request) view() # REQUESTING_AUTH_CODE state self.request.form.update({ 'authType': 'email', 'username': TEST_USER_NAME }) self.request.REQUEST_METHOD = 'POST' view = SecureLoginView(self.portal, self.request) view() # CHECK_CREDENTIALS state self.request.form.update({ 'username': TEST_USER_NAME, 'password': TEST_USER_PASSWORD, 'code': 'foobar' }) result = json.loads(view()) self.assertFalse(result['success'])
def test_authorize_code_fails(self): self.request.form.update({ 'apiMethod': 'authorize_code', 'username': TEST_USER_NAME, 'code': 'foobar' }) view = SecureLoginView(self.portal, self.request) result = json.loads(view()) self.assertFalse(result['success'])
def test_login_success_without_two_factor(self): registry = getUtility(IRegistry) registry['plone.two_factor_enabled'] = False self.request.form.update({ 'username': TEST_USER_NAME, 'password': TEST_USER_PASSWORD }) view = SecureLoginView(self.portal, self.request) result = json.loads(view()) self.assertTrue(result['success'])
def test_initial_login(self): view = SecureLoginView(self.portal, self.request) view() # CHECK_CREDENTIALS state self.request.form.update({ 'username': TEST_USER_NAME, 'password': TEST_USER_PASSWORD }) self.request.REQUEST_METHOD = 'POST' result = json.loads(view()) self.assertTrue(result['success'])
def test_authorize_code_succeeds(self): self.request.form.update({ 'apiMethod': 'authorize_code', 'username': TEST_USER_NAME }) view = SecureLoginView(self.portal, self.request) code = view.auth.issue_2factor_code(TEST_USER_NAME) self.request.form.update({'code': code}) result = json.loads(view()) self.assertTrue(result['success'])
def test_authorize_code_required_for_login(self): registry = getUtility(IRegistry) registry['plone.two_factor_enabled'] = True self.request.form.update({ 'apiMethod': 'login', 'username': TEST_USER_NAME, 'password': TEST_USER_PASSWORD }) view = SecureLoginView(self.portal, self.request) result = json.loads(view()) self.assertFalse(result['success'])
def test_long_password(self): longpass = '******' self.request.form.update({ 'apiMethod': 'set_password', 'username': TEST_USER_NAME, 'existing_password': TEST_USER_PASSWORD, 'new_password': longpass }) view = SecureLoginView(self.portal, self.request) result = json.loads(view()) self.assertTrue(result['success'])
def test_login_failure(self): self.request.form.update({ 'apiMethod': 'login', 'username': TEST_USER_NAME, 'password': '******' }) view = SecureLoginView(self.portal, self.request) code = view.auth.issue_2factor_code(TEST_USER_NAME) self.request.form.update({'code': code}) result = json.loads(view()) self.assertFalse(result['success'])
def test_setting_enabled_no_urls(self): api.portal.set_registry_record( name='plone.only_allow_login_to_backend_urls', value=True) api.portal.set_registry_record(name='plone.backend_url', value=()) self.request.form.update({ 'apiMethod': 'login', 'username': TEST_USER_NAME, 'password': TEST_USER_PASSWORD }) view = SecureLoginView(self.portal, self.request) result = json.loads(view()) self.assertTrue(result['success'])
def test_expired_login(self): editableUser = api.user.get(username=TEST_USER_NAME) editableUser.setMemberProperties( {'password_date': DateTime('01/10/2011')}) self.request.form.update({ 'apiMethod': 'login', 'username': TEST_USER_NAME, 'password': TEST_USER_PASSWORD }) view = SecureLoginView(self.portal, self.request) result = json.loads(view()) self.assertTrue(result['resetpassword'])
def test_authorize_code_succeeds(self): view = SecureLoginView(self.portal, self.request) view() # REQUESTING_AUTH_CODE state self.request.form.update({ 'authType': 'email', 'username': TEST_USER_NAME }) self.request.REQUEST_METHOD = 'POST' view = SecureLoginView(self.portal, self.request) view() # CHECK_CREDENTIALS state code = cache.get( view.auth.get_2factor_code_key(TEST_USER_NAME))['code'] self.request.form.update({ 'username': TEST_USER_NAME, 'password': TEST_USER_PASSWORD, 'code': code }) self.request.REQUEST_METHOD = 'POST' result = json.loads(view()) self.assertTrue(result['success'])
def test_country_code_not_allowed(self): registry = getUtility(IRegistry) registry['plone.two_factor_enabled'] = False registry['plone.restrict_logins_to_countries'] = (u'US',) self.request.environ['HTTP_CF_IPCOUNTRY'] = 'AF' self.request.form.update({ 'username': TEST_USER_NAME, 'password': TEST_USER_PASSWORD }) view = SecureLoginView(self.portal, self.request) result = json.loads(view()) self.assertFalse(result['success']) self.assertTrue(result['countryBlocked'])
def test_setting_enabled_no_urls(self): api.portal.set_registry_record( name='plone.only_allow_login_to_backend_urls', value=True) api.portal.set_registry_record(name='plone.backend_url', value=()) view = SecureLoginView(self.portal, self.request) view() # CHECK_CREDENTIALS state self.request.form.update({ 'username': TEST_USER_NAME, 'password': TEST_USER_PASSWORD }) self.request.REQUEST_METHOD = 'POST' result = json.loads(view()) self.assertTrue(result['success'])
def test_login_success(self): registry = getUtility(IRegistry) registry['plone.two_factor_enabled'] = True self.request.form.update({ 'apiMethod': 'login', 'username': TEST_USER_NAME, 'password': TEST_USER_PASSWORD }) view = SecureLoginView(self.portal, self.request) code = view.auth.issue_2factor_code(TEST_USER_NAME) self.request.form.update({'code': code}) result = json.loads(view()) self.assertTrue(result['success'])
def test_send_email_with_code(self): view = SecureLoginView(self.portal, self.request) view() # REQUESTING_AUTH_CODE state self.request.form.update({ 'authType': 'email', 'username': TEST_USER_NAME }) self.request.REQUEST_METHOD = 'POST' json.loads(view()) mailhost = self.portal.MailHost self.assertEqual(len(mailhost.messages), 1)
def test_send_email_with_code(self): self.auth.set_secure_flow_state(self.auth.REQUESTING_AUTH_CODE) self.request.form.update({ 'authType': 'email', 'username': TEST_USER_NAME }) user = api.user.get(username=TEST_USER_NAME) user.setMemberProperties(mapping={'email': '*****@*****.**', }) view = SecureLoginView(self.portal, self.request) json.loads(view()) mailhost = self.portal.MailHost self.assertEqual(len(mailhost.messages), 1)
def test_expired_login(self): editableUser = api.user.get(username=TEST_USER_NAME) editableUser.setMemberProperties( {'password_date': DateTime('01/10/2011')}) view = SecureLoginView(self.portal, self.request) view() # CHECK_CREDENTIALS state update_password_expiry(self.portal) self.request.form.update({ 'username': TEST_USER_NAME, 'password': TEST_USER_PASSWORD }) self.request.REQUEST_METHOD = 'POST' result = json.loads(view()) self.assertTrue(result['changePasswordRequired'])
def test_setting_disabled(self): api.portal.set_registry_record( name='plone.only_allow_login_to_backend_urls', value=False) api.portal.set_registry_record(name='plone.backend_url', value=(unicode(''), )) view = SecureLoginView(self.portal, self.request) view() # call the view once to set initial state self.request.form.update({ 'username': TEST_USER_NAME, 'password': TEST_USER_PASSWORD }) self.request.REQUEST_METHOD = 'POST' result = json.loads(view()) self.assertTrue(result['success'])
def test_password_reset_password_does_not_match(self): registry = getUtility(IRegistry) registry['plone.two_factor_enabled'] = False login(self.portal, TEST_USER_NAME) self.request.form.update({ 'apiMethod': 'set_password', 'username': TEST_USER_NAME, 'existing_password': '******', 'new_password': '******', '_authenticator': createToken() }) view = SecureLoginView(self.portal, self.request) result = json.loads(view()) self.assertFalse(result['success'])
def test_whitelist(self): editableUser = api.user.get(username=TEST_USER_NAME) editableUser.setMemberProperties( {'password_date': DateTime('01/10/2011')}) api.portal.set_registry_record( name='plone.pwexpiry_whitelisted_users', value=[editableUser.getId().decode('utf-8')]) self.request.form.update({ 'apiMethod': 'login', 'username': TEST_USER_NAME, 'password': TEST_USER_PASSWORD }) view = SecureLoginView(self.portal, self.request) result = json.loads(view()) self.assertFalse(result['resetpassword'])
def test_whitelist(self): editableUser = api.user.get(username=TEST_USER_NAME) editableUser.setMemberProperties( {'password_date': DateTime('01/10/2011')}) api.portal.set_registry_record( name='plone.pwexpiry_whitelisted_users', value=[editableUser.getId().decode('utf-8')]) view = SecureLoginView(self.portal, self.request) view() # CHECK_CREDENTIALS state self.request.form.update({ 'username': TEST_USER_NAME, 'password': TEST_USER_PASSWORD }) self.request.REQUEST_METHOD = 'POST' result = json.loads(view()) self.assertTrue(result['success'])
def test_setting_enabled_good_url(self): api.portal.set_registry_record( name='plone.only_allow_login_to_backend_urls', value=True) api.portal.set_registry_record( name='plone.backend_url', value=(unicode('http://dummydomain/castle'), unicode('http://nohost/plone'), unicode('http://vpn.example.com'))) self.request.form.update({ 'apiMethod': 'login', 'username': TEST_USER_NAME, 'password': TEST_USER_PASSWORD }) view = SecureLoginView(self.portal, self.request) result = json.loads(view()) self.assertTrue(result['success'])