def test_password_hashing(): u = create_user_with_permissions() assert u.pass_hash assert u.pass_salt # test a new random salt every time a password is set (by default) oldsalt = u.pass_salt oldhash = u.pass_hash u.password = '******' assert oldsalt != u.pass_salt assert oldhash != u.pass_hash # use a custom salt u.set_password('foobar', 'mysalt') assert u.pass_salt == 'mysalt' # using the same password and salt should result in the same hash oldsalt = u.pass_salt oldhash = u.pass_hash u.set_password('foobar', 'mysalt') assert oldsalt == u.pass_salt assert oldhash == u.pass_hash # now make sure the application salt will be taken into account if set try: settings.components.auth.password_salt = '123456' u.set_password('foobar', 'mysalt') assert oldsalt == u.pass_salt, u.pass_salt # hash is different b/c of the application salt assert oldhash != u.pass_hash finally: settings.components.auth.password_salt = None
def test_user_validate(): u = create_user_with_permissions() u.password = u'testpass123' db.sess.commit() assert User.validate(u.login_id, u'bad_password') is None assert User.validate(u'bad_login', u'testpass123') is None assert User.validate(u.login_id, u'testpass123').id == u.id
def test_ok(self): # add another user so that we can be sure we are not deleting the # user the Client is currently logged in as, which would cause a 302 user_id = create_user_with_permissions().id # add a group so we get 200s when working with it instead of 302s group_id = Group.add(name=u'TestUsersManage.test_ok-group').id # get a list of permissions (there should be at least one) so we have a real id permission_id = Permission.pairs('id:name', Permission.name)[0][0] routes = ( '/users/add', '/users/login', '/users/recover-password', '/users/change-password', '/users/edit/%s' % user_id, '/users/manage', '/users/permissions/%s' % user_id, '/groups/add', '/groups/edit/%s' % group_id, '/groups/manage', '/permissions/manage', '/permissions/edit/%s' % permission_id, ) for route in routes: yield self.check_code, 200, route routes = ( '/users/delete/%s' % user_id, '/groups/delete/%s' % group_id, ) for route in routes: yield self.check_code, 302, route
def setup_class(cls): cls.c = Client(ag.wsgi_test_app, BaseResponse) cls.user = create_user_with_permissions() cls.user.reset_required = True db.sess.commit() cls.userid = login_client_as_user(cls.c, cls.user.login_id, cls.user.text_password, validate_login_response=False)
def test_cleared_login(self): super_user = create_user_with_permissions(super_user=True) ta = TestApp(ag.wsgi_test_app) topost = { 'login_id': super_user.login_id, 'password': super_user.text_password, 'login-form-submit-flag': '1' } r = ta.post('/users/login', topost) assert 'auth-manage' in r.user.perms user = create_user_with_permissions() topost = { 'login_id': user.login_id, 'password': user.text_password, 'login-form-submit-flag': '1' } r = ta.post('/users/login', topost) assert len(r.user.perms) == 0
def setup_class(cls): permissions = [ 'ugp_approved_grp', 'ugp_not_approved', 'ugp_denied_grp'] for permission in permissions: Permission.add(name=six.text_type(permission)) cls.user = create_user_with_permissions(u'ugp_approved', u'ugp_denied') cls.user2 = create_user_with_permissions(u'ugp_approved') cls.g1 = Group.add(name=u'ugp_g1') cls.g2 = Group.add(name=u'ugp_g2') Group.assign_permissions_by_name(u'ugp_g1', (u'ugp_approved_grp', u'ugp_denied', u'ugp_denied_grp')) Group.assign_permissions_by_name(u'ugp_g2', None, u'ugp_denied_grp') cls.user.groups.append(cls.g1) cls.user.groups.append(cls.g2) db.sess.commit() cls.perm_approved_grp = Permission.get_by(name=u'ugp_approved_grp') cls.perm_denied = Permission.get_by(name=u'ugp_denied') cls.perm_denied_grp = Permission.get_by(name=u'ugp_denied_grp')
def test_user_update(): u = create_user_with_permissions() current_hash = u.pass_hash u = User.edit(u.id, pass_hash=u'123456') assert u.pass_hash == current_hash u.reset_required = False db.sess.commit() u = User.edit(u.id, email_notify=True) assert not u.reset_required u = User.edit(u.id, password='******') assert u.reset_required
def test_inactive_user(self): user = create_user_with_permissions() user.inactive_flag = True db.sess.commit() topost = { 'email_address': user.email_address, 'lost-password-form-submit-flag': 'submitted', } r = self.c.post('users/recover-password', data=topost) assert r.status_code == 200, r.status assert b'Did not find a user with email address:' in r.data
def test_user_group_assignment(): g1 = Group.add_iu(name=u'group_for_testing_%s' % randchars(15)) g2 = Group.add_iu(name=u'group_for_testing_%s' % randchars(15)) u = create_user_with_permissions() assert u.groups == [] User.edit(u.id, assigned_groups=[g1.id, g2.id]) assert len(u.groups) == 2 assert len(g1.users) == len(g2.users) == 1 User.edit(u.id, assigned_groups=g2.id) assert len(u.groups) == 1 assert u.groups[0].id == g2.id
def test_inactive_property(): user = create_user_with_permissions() user.inactive_flag = True assert user.inactive user.inactive_flag = False user.inactive_date = datetime.datetime(2050, 10, 10) assert not user.inactive user.inactive_date = datetime.datetime(2000, 10, 10) assert user.inactive
def login_client_with_permissions(client, approved_perms=None, denied_perms=None, super_user=False): """ Creates a user with the given permissions and then logs in with said user. """ from compstack.auth.lib.testing import create_user_with_permissions, login_client_as_user # create user user = create_user_with_permissions(approved_perms, denied_perms, super_user) # save id for later since the request to the app will kill the session user_id = user.id # login with the user login_client_as_user(client, user.login_id, user.text_password) return user_id
def test_password_validate(): u = create_user_with_permissions() password = u.text_password assert u.validate_password(password) assert not u.validate_password('foobar')
def test_super_edit(self): su = create_user_with_permissions(super_user=True) r = self.c.get('users/edit/%s' % su.id) assert r.status_code == 200, r.status assert b'Edit User' in r.data
def test_no_super_edit(self): su = create_user_with_permissions(super_user=True) r = self.c.get('users/edit/%s' % su.id) assert r.status_code == 403, r.status
def test_super_delete(self): su = create_user_with_permissions(super_user=True) req, r = self.c.get('users/delete/%s' % su.id, follow_redirects=True) assert r.status_code == 200, r.status assert b'User deleted' in r.data assert req.url.endswith('users/manage')
def test_user_unique(): u1 = create_user_with_permissions() u2 = User.add_iu(login_id=u1.login_id, email_address='*****@*****.**' % u1.login_id) assert u2 is None, '%s, %s' % (u1.id, u2.id) u2 = User.add_iu(login_id='test%s' % u1.login_id, email_address=u1.email_address) assert u2 is None
def setUp(self): # create a user self.user = create_user_with_permissions()
def test_password_reset(self): """ has to be done in the same test function so that order is assured""" user = create_user_with_permissions() r = self.c.get('users/recover-password') assert r.status_code == 200, r.status assert b'Recover Password' in r.data # setup the mock objects so we can test the email getting sent out tt = minimock.TraceTracker() smtplib.SMTP = minimock.Mock('smtplib.SMTP', tracker=None) smtplib.SMTP.mock_returns = minimock.Mock('smtp_connection', tracker=tt) # test posting to the restore password view db.sess.expire(user) topost = { 'email_address': user.email_address, 'lost-password-form-submit-flag': 'submitted', } req, r = self.c.post('users/recover-password', data=topost, follow_redirects=True) assert r.status_code == 200, r.status assert b'email with a link to reset your password has been sent' in r.data, r.data assert req.url == 'http://localhost/' # test the mock strings (i.e. test the email that was sent out) db.sess.expire(user) assert tt.check('Called smtp_connection.sendmail(...%s...has been issu' 'ed to reset the password...' % user.email_address) # restore the mocked objects minimock.restore() # now test resetting the password r = self.c.get('/users/reset-password/%s/%s' % (user.login_id, user.pass_reset_key)) assert r.status_code == 200, r.status_code assert b'Reset Password' in r.data assert b'Please choose a new password to complete the reset request' in r.data # expire the date db.sess.expire(user) orig_reset_ts = user.pass_reset_ts user.pass_reset_ts = datetime.datetime(2000, 10, 10) db.sess.commit() # check expired message req, resp = self.c.get('/users/reset-password/%s/%s' % (user.login_id, user.pass_reset_key), follow_redirects=True) assert resp.status_code == 200, resp.status assert b'Recover Password' in resp.data assert b'password reset link expired, use the form below to resend reset link' in resp.data assert req.url.endswith('users/recover-password') # unexpire the date db.sess.expire(user) user.pass_reset_ts = orig_reset_ts db.sess.commit() # check posting the new passwords topost = { 'password': '******', 'password-confirm': 'TestPassword2', 'new-password-form-submit-flag': 'submitted', } req, r = self.c.post('/users/reset-password/%s/%s' % (user.login_id, user.pass_reset_key), data=topost, follow_redirects=True) assert r.status_code == 200, r.status assert b'Your password has been reset successfully' in r.data assert req.url == 'http://localhost/'
def test_user_get_by_login(): u = create_user_with_permissions() obj = User.get_by(login_id=u.login_id) assert u.id == obj.id
def test_user_name_or_login(): u = create_user_with_permissions() assert u.name_or_login == u.login_id u.name_first = u'testname' assert u.name != '' assert u.name_or_login == u.name
def setup_class(cls): cls.c = Client(ag.wsgi_test_app, BaseResponse) cls.userid = login_client_with_permissions(cls.c, u'prof-test-1', u'prof-test-2') cls.userid2 = create_user_with_permissions().id
def test_user_get_by_email(): u = create_user_with_permissions() obj = User.get_by_email(u.email_address) assert u.id == obj.id obj = User.get_by_email((u'%s' % u.email_address).upper()) assert u.id == obj.id
def test_super_edit_forbidden(self): u = create_user_with_permissions(super_user=True) r = self.c.get('users/edit/%s' % u.id) assert r.status_code == 403, r.status