def test_profile_changing_email_with_valid_data_updates_email():
user = FakeUser(email=None, password=None)
request = DummyRequest(post={'__formid__': 'email'},
authenticated_user=user)
controller = ProfileController(request)
controller.forms['email'] = form_validating_to({'email': '*****@*****.**'})
controller.profile()
assert user.email == '*****@*****.**'
def test_profile_changing_password_with_invalid_data_returns_form():
user = FakeUser(email=None, password=None)
request = DummyRequest(post={'__formid__': 'password'},
authenticated_user=user)
controller = ProfileController(request)
controller.forms['password'] = invalid_form()
result = controller.profile()
assert 'password_form' in result
def test_profile_changing_password_with_valid_data_updates_password():
user = FakeUser(email=None, password=None)
request = DummyRequest(post={'__formid__': 'password'},
authenticated_user=user)
controller = ProfileController(request)
controller.forms['password'] = form_validating_to({'new_password': '******'})
controller.profile()
assert user.password == 'secrets!'
def test_profile_changing_email_with_valid_data_updates_email():
user = FakeUser(email=None, password=None)
request = DummyRequest(post={'__formid__': 'email'},
authenticated_user=user)
controller = ProfileController(request)
controller.forms['email'] = form_validating_to({'email': '*****@*****.**'})
controller.profile()
assert user.email == '*****@*****.**'
def test_profile_changing_password_with_invalid_data_does_not_update_password():
user = FakeUser(email=None, password=None)
request = DummyRequest(post={'__formid__': 'password'},
authenticated_user=user)
controller = ProfileController(request)
controller.forms['password'] = invalid_form()
controller.profile()
assert user.password is None
def test_profile_changing_password_with_valid_data_redirects():
user = FakeUser(email=None, password=None)
request = DummyRequest(post={'__formid__': 'password'},
authenticated_user=user)
controller = ProfileController(request)
controller.forms['password'] = form_validating_to({'new_password': '******'})
result = controller.profile()
assert isinstance(result, httpexceptions.HTTPFound)
def test_profile_changing_password_with_valid_data_updates_password():
user = FakeUser(email=None, password=None)
request = DummyRequest(post={'__formid__': 'password'},
authenticated_user=user)
controller = ProfileController(request)
controller.forms['password'] = form_validating_to({'new_password': '******'})
controller.profile()
assert user.password == 'secrets!'
def test_profile_changing_password_with_invalid_data_returns_form():
user = FakeUser(email=None, password=None)
request = DummyRequest(post={'__formid__': 'password'},
authenticated_user=user)
controller = ProfileController(request)
controller.forms['password'] = invalid_form()
result = controller.profile()
assert 'password_form' in result
def test_profile_changing_password_with_invalid_data_does_not_update_password():
user = FakeUser(email=None, password=None)
request = DummyRequest(post={'__formid__': 'password'},
authenticated_user=user)
controller = ProfileController(request)
controller.forms['password'] = invalid_form()
controller.profile()
assert user.password is None
def test_edit_profile_with_validation_failure(authn_policy, form_validator):
"""If form validation fails, return the error object."""
authn_policy.authenticated_userid.return_value = "johndoe"
form_validator.return_value = ({"errors": "BOOM!"}, None)
request = DummyRequest(method='POST')
profile = ProfileController(request)
result = profile.edit_profile()
assert result == {"errors": "BOOM!"}
def test_edit_profile_with_validation_failure(authn_policy, form_validator):
"""If form validation fails, return the error object."""
authn_policy.authenticated_userid.return_value = "johndoe"
form_validator.return_value = ({"errors": "BOOM!"}, None)
request = DummyRequest(method='POST')
profile = ProfileController(request)
result = profile.edit_profile()
assert result == {"errors": "BOOM!"}
def test_profile_changing_password_with_valid_data_redirects():
user = FakeUser(email=None, password=None)
request = DummyRequest(post={'__formid__': 'password'},
authenticated_user=user)
controller = ProfileController(request)
controller.forms['password'] = form_validating_to({'new_password': '******'})
result = controller.profile()
assert isinstance(result, httpexceptions.HTTPFound)
def test_subscription_update(self, config, dummy_db_session):
"""Make sure that the new status is written into the DB."""
request = _get_fake_request('acct:john@doe', 'smith', True, True)
configure(config)
with patch('h.accounts.views.Subscriptions') as mock_subs:
mock_subs.get_by_id = MagicMock()
mock_subs.get_by_id.return_value = Mock(active=True)
profile = ProfileController(request)
profile.edit_profile()
assert dummy_db_session.added
def test_edit_profile_successfully(authn_policy, form_validator, user_model):
"""edit_profile() returns a dict with key "form" when successful."""
authn_policy.authenticated_userid.return_value = "johndoe"
form_validator.return_value = (None, {"username": "******", "pwd": "password", "subscriptions": ""})
user_model.validate_user.return_value = True
user_model.get_by_id.return_value = FakeUser(email="*****@*****.**")
request = DummyRequest(method="POST")
profile = ProfileController(request)
result = profile.edit_profile()
assert result == {"model": {"email": "*****@*****.**"}}
def test_disable_user_sets_random_password(form_validator, user_model):
"""Check if the user is disabled."""
request = DummyRequest(method='POST')
form_validator.return_value = (None, {"username": "******", "pwd": "doe"})
user = FakeUser(password='******')
user_model.get_user.return_value = user
profile = ProfileController(request)
profile.disable_user()
assert user.password == user_model.generate_random_password.return_value
def test_disable_user_sets_random_password(form_validator, user_model):
"""Check if the user is disabled."""
request = DummyRequest(method='POST')
form_validator.return_value = (None, {"username": "******", "pwd": "doe"})
user = FakeUser(password='******')
user_model.get_user.return_value = user
profile = ProfileController(request)
profile.disable_user()
assert user.password == user_model.generate_random_password.return_value
def test_subscription_update(config, dummy_db_session):
"""
Make sure that the new status is written into the DB
"""
request = _get_fake_request('acct:john@doe', 'smith', True, True)
configure(config)
with patch('h.accounts.views.Subscriptions') as mock_subs:
mock_subs.get_by_id = MagicMock()
mock_subs.get_by_id.return_value = Mock(active=True)
profile = ProfileController(request)
profile.edit_profile()
assert dummy_db_session.added
def test_disable_user_with_invalid_password(form_validator, user_model):
"""Make sure our disable_user call validates the user password."""
request = Mock(method='POST', authenticated_userid='john')
form_validator.return_value = (None, {"username": "******", "pwd": "doe"})
# With an invalid password, validate_user() returns False.
user_model.validate_user.return_value = False
profile = ProfileController(request)
result = profile.disable_user()
assert result['code'] == 401
assert any('pwd' in err for err in result['errors'])
def test_profile_invalid_password(self, config, user_model):
"""Make sure our edit_profile call validates the user password."""
request = _get_fake_request('john', 'doe')
configure(config)
# With an invalid password, get_user returns None
user_model.get_user.return_value = None
profile = ProfileController(request)
result = profile.edit_profile()
assert result['code'] == 401
assert any('pwd' in err for err in result['errors'])
def test_disable_user_with_invalid_password(form_validator, user_model):
"""Make sure our disable_user call validates the user password."""
request = DummyRequest(method='POST')
form_validator.return_value = (None, {"username": "******", "pwd": "doe"})
# With an invalid password, get_user returns None
user_model.get_user.return_value = None
profile = ProfileController(request)
result = profile.disable_user()
assert result['code'] == 401
assert any('pwd' in err for err in result['errors'])
def test_disable_user_with_invalid_password(form_validator, user_model):
"""Make sure our disable_user call validates the user password."""
request = DummyRequest(method='POST')
form_validator.return_value = (None, {"username": "******", "pwd": "doe"})
# With an invalid password, get_user returns None
user_model.get_user.return_value = None
profile = ProfileController(request)
result = profile.disable_user()
assert result['code'] == 401
assert any('pwd' in err for err in result['errors'])
def test_profile_invalid_password(config, user_model):
"""Make sure our edit_profile call validates the user password"""
request = _get_fake_request('john', 'doe')
configure(config)
# With an invalid password, get_user returns None
user_model.get_user.return_value = None
profile = ProfileController(request)
result = profile.edit_profile()
assert result['code'] == 401
assert any('pwd' in err for err in result['errors'])
def test_user_disabled(config, user_model):
"""
Check if the user is disabled
"""
request = _get_fake_request('john', 'doe')
configure(config)
user = FakeUser(password='******')
user_model.get_user.return_value = user
profile = ProfileController(request)
profile.disable_user()
assert user.password == user_model.generate_random_password.return_value
def test_edit_profile_invalid_password(authn_policy, form_validator, user_model):
"""Make sure our edit_profile call validates the user password."""
authn_policy.authenticated_userid.return_value = "johndoe"
form_validator.return_value = (None, {"username": "******", "pwd": "blah", "subscriptions": ""})
# Mock an invalid password
user_model.validate_user.return_value = False
request = DummyRequest(method="POST")
profile = ProfileController(request)
result = profile.edit_profile()
assert result["code"] == 401
assert any("pwd" in err for err in result["errors"])
def test_profile_invalid_password():
""" Make sure our edit_profile call validates the user password
"""
request = _get_fake_request('john', 'doe')
with testConfig() as config:
configure(config)
with patch('horus.models.UserMixin') as mock_user:
with patch('horus.lib.FlashMessage') as mock_flash:
mock_user.get_user = MagicMock(side_effect=_bad_password)
profile = ProfileController(request)
profile.User = mock_user
profile.edit_profile()
assert mock_flash.called_with(request, _('Invalid password.'), kind='error')
def test_user_disabled(config, user_model):
"""
Check if the user is disabled
"""
request = _get_fake_request('john', 'doe')
configure(config)
user = FakeUser(password='******')
user_model.get_user.return_value = user
profile = ProfileController(request)
profile.disable_user()
assert user.password == user_model.generate_random_password.return_value
def test_subscription_update():
"""Make sure that the new status is written into the DB
"""
request = _get_fake_request('acct:john@doe', 'smith', True, True)
print "request", request.POST
with testConfig() as config:
configure(config)
with patch('h.accounts.views.Subscriptions') as mock_subs:
mock_subs.get_by_id = MagicMock()
mock_subs.get_by_id.return_value = Mock(active=True)
profile = ProfileController(request)
profile.db = Mock()
profile.db.add = MagicMock(name='add')
profile.edit_profile()
assert profile.db.add.called
def test_subscription_update():
"""Make sure that the new status is written into the DB
"""
request = _get_fake_request('acct:john@doe', 'smith', True, True)
print "request", request.POST
with testConfig() as config:
configure(config)
with patch('h.accounts.views.Subscriptions') as mock_subs:
mock_subs.get_by_id = MagicMock()
mock_subs.get_by_id.return_value = Mock(active=True)
profile = ProfileController(request)
profile.db = Mock()
profile.db.add = MagicMock(name='add')
profile.edit_profile()
assert profile.db.add.called
def test_profile_calls_super():
"""Make sure our method calls the superclasses edit_profile
if the validations are successful
"""
request = _get_fake_request('john', 'smith')
with testConfig() as config:
configure(config)
with patch('horus.models.UserMixin') as mock_user:
with patch('horus.views.ProfileController.edit_profile') as mock_super_profile:
mock_user.get_user = MagicMock(side_effect=_good_password_simple)
profile = ProfileController(request)
profile.User = mock_user
profile.edit_profile()
assert profile.request.context is True
assert mock_super_profile.called
def test_profile_invalid_password():
""" Make sure our edit_profile call validates the user password
"""
request = _get_fake_request('john', 'doe')
with testConfig() as config:
configure(config)
with patch('horus.models.UserMixin') as mock_user:
with patch('horus.lib.FlashMessage') as mock_flash:
mock_user.get_user = MagicMock(side_effect=_bad_password)
profile = ProfileController(request)
profile.User = mock_user
profile.edit_profile()
assert mock_flash.called_with(request,
_('Invalid password.'),
kind='error')
def test_edit_profile_successfully(self, config, user_model):
"""edit_profile() returns a dict with key "form" when successful."""
configure(config)
profile = ProfileController(DummyRequest())
with patch(
"h.accounts.views._validate_edit_profile_request") as validate:
validate.return_value = {
"username": "******",
"pwd": "password",
"subscriptions": []
}
result = profile.edit_profile()
assert "form" in result
assert "errors" not in result
def test_profile_400s_with_bogus_formid():
user = FakeUser()
request = DummyRequest(post={'__formid__': 'hax0rs'},
authenticated_user=user)
with pytest.raises(httpexceptions.HTTPBadRequest):
ProfileController(request).profile()
def test_disable_invalid_password():
""" Make sure our disable_user call validates the user password
"""
request = _get_fake_request('john', 'doe')
with testConfig() as config:
configure(config)
with patch('horus.models.UserMixin') as mock_user:
with patch('horus.lib.FlashMessage') as mock_flash:
with patch('h.accounts.schemas.EditProfileSchema') as mock_schema:
mock_schema.validator = MagicMock(name='validator')
mock_user.get_user = MagicMock(side_effect=_bad_password)
profile = ProfileController(request)
profile.User = mock_user
profile.disable_user()
assert mock_flash.called_with(request, _('Invalid password.'), kind='error')
def test_edit_profile_successfully(authn_policy, form_validator, user_model):
"""edit_profile() returns a dict with key "form" when successful."""
authn_policy.authenticated_userid.return_value = "johndoe"
form_validator.return_value = (None, {
"username": "******",
"pwd": "password",
"subscriptions": "",
})
user_model.validate_user.return_value = True
user_model.get_by_id.return_value = FakeUser(email="*****@*****.**")
request = DummyRequest(method='POST')
profile = ProfileController(request)
result = profile.edit_profile()
assert result == {"model": {"email": "*****@*****.**"}}
def test_subscription_update(authn_policy, form_validator, subscriptions_model, user_model):
"""Make sure that the new status is written into the DB."""
authn_policy.authenticated_userid.return_value = "acct:john@doe"
form_validator.return_value = (
None,
{"username": "******", "pwd": "smith", "subscriptions": '{"active":true,"uri":"acct:john@doe","id":1}'},
)
mock_sub = Mock(active=False, uri="acct:john@doe")
subscriptions_model.get_by_id.return_value = mock_sub
user_model.get_by_id.return_value = FakeUser(email="john@doe")
request = DummyRequest(method="POST")
profile = ProfileController(request)
result = profile.edit_profile()
assert mock_sub.active is True
assert result == {"model": {"email": "john@doe"}}
def test_profile_calls_super():
"""Make sure our method calls the superclasses edit_profile
if the validations are successful
"""
request = _get_fake_request('john', 'smith')
with testConfig() as config:
configure(config)
with patch('horus.models.UserMixin') as mock_user:
with patch('horus.views.ProfileController.edit_profile'
) as mock_super_profile:
mock_user.get_user = MagicMock(
side_effect=_good_password_simple)
profile = ProfileController(request)
profile.User = mock_user
profile.edit_profile()
assert profile.request.context is True
assert mock_super_profile.called
def test_user_disabled():
"""Check if the disabled user flag is set
"""
request = _get_fake_request('john', 'doe')
with testConfig() as config:
configure(config)
with patch('horus.models.UserMixin') as mock_user:
with patch('horus.lib.FlashMessage') as mock_flash:
with patch('h.accounts.schemas.EditProfileSchema') as mock_schema:
mock_schema.validator = MagicMock(name='validator')
mock_user.get_user = MagicMock(side_effect=_good_password)
profile = ProfileController(request)
profile.User = mock_user
profile.db = FakeDB()
profile.db.add = MagicMock(name='add')
profile.disable_user()
assert profile.db.add.called
def test_profile_returns_email(authn_policy, user_model):
"""The profile should include the user's email."""
request = DummyRequest()
authn_policy.authenticated_userid.return_value = "acct:[email protected]"
user_model.get_by_id.return_value = FakeUser(email="*****@*****.**")
result = ProfileController(request).profile()
assert result["model"]["email"] == "*****@*****.**"
def test_edit_profile_invalid_password(authn_policy, form_validator, user_model):
"""Make sure our edit_profile call validates the user password."""
authn_policy.authenticated_userid.return_value = "johndoe"
form_validator.return_value = (None, {
"username": "******",
"pwd": "blah",
"subscriptions": "",
})
# Mock an invalid password
user_model.validate_user.return_value = False
request = DummyRequest(method='POST')
profile = ProfileController(request)
result = profile.edit_profile()
assert result['code'] == 401
assert any('pwd' in err for err in result['errors'])
def test_profile_returns_subscriptions(authn_policy, subscriptions_model):
"""The profile should include the user's subscriptions."""
request = DummyRequest()
authn_policy.authenticated_userid.return_value = "acct:[email protected]"
subscriptions_model.get_subscriptions_for_uri.return_value = \
{"some": "data"}
result = ProfileController(request).profile()
assert result["model"]["subscriptions"] == {"some": "data"}
def test_subscription_update(authn_policy, form_validator,
subscriptions_model, user_model):
"""Make sure that the new status is written into the DB."""
authn_policy.authenticated_userid.return_value = "acct:john@doe"
form_validator.return_value = (None, {
"username": "******",
"pwd": "smith",
"subscriptions": '{"active":true,"uri":"acct:john@doe","id":1}',
})
mock_sub = Mock(active=False, uri="acct:john@doe")
subscriptions_model.get_by_id.return_value = mock_sub
user_model.get_by_userid.return_value = FakeUser(email="john@doe")
request = DummyRequest(method='POST')
profile = ProfileController(request)
result = profile.edit_profile()
assert mock_sub.active is True
assert result == {"model": {"email": "john@doe"}}
def test_disable_invalid_password():
""" Make sure our disable_user call validates the user password
"""
request = _get_fake_request('john', 'doe')
with testConfig() as config:
configure(config)
with patch('horus.models.UserMixin') as mock_user:
with patch('horus.lib.FlashMessage') as mock_flash:
with patch(
'h.accounts.schemas.EditProfileSchema') as mock_schema:
mock_schema.validator = MagicMock(name='validator')
mock_user.get_user = MagicMock(side_effect=_bad_password)
profile = ProfileController(request)
profile.User = mock_user
profile.disable_user()
assert mock_flash.called_with(request,
_('Invalid password.'),
kind='error')
def test_profile_looks_up_by_logged_in_user(authn_policy, user_model):
"""
When fetching the profile, look up email for the logged in user.
(And don't, for example, use a 'username' passed to us in params.)
"""
request = DummyRequest()
authn_policy.authenticated_userid.return_value = "acct:[email protected]"
ProfileController(request).profile()
user_model.get_by_id.assert_called_with(request, "acct:[email protected]")
def test_unsubscribe_sets_active_to_False(Subscriptions):
"""It sets the active field of the subscription to False."""
Subscriptions.get_by_id.return_value = Mock(
uri='acct:[email protected]', active=True)
request = MagicMock(
authenticated_userid='acct:[email protected]',
GET={'subscription_id': 'subscription_id'}
)
ProfileController(request).unsubscribe()
assert Subscriptions.get_by_id.return_value.active is False
def test_unsubscribe_not_authorized(Subscriptions):
"""If you try to unsubscribe someone else's subscription you get a 401."""
Subscriptions.get_by_id.return_value = Mock(
uri='acct:[email protected]', active=True)
request = MagicMock(
authenticated_userid='acct:[email protected]',
GET={'subscription_id': 'subscription_id'}
)
with pytest.raises(httpexceptions.HTTPUnauthorized):
ProfileController(request).unsubscribe()
assert Subscriptions.get_by_id.return_value.active is True
def test_edit_profile_with_validation_failure(self, config, user_model):
"""If validation raises edit_profile() should return an error.
If _validate_edit_profile_request() raises an exception then
edit_profile() should return a dict with an "errors" list containing a
list of the error(s) from the exception's .errors property.
"""
configure(config)
profile = ProfileController(DummyRequest())
errors = [
("email", ["That email is invalid", "That email is taken"]),
("emailAgain", "The emails must match."),
("password", ["That password is wrong"])
]
with patch(
"h.accounts.views._validate_edit_profile_request") as validate:
validate.side_effect = (
views._InvalidEditProfileRequestError(errors=errors))
result = profile.edit_profile()
assert result["errors"] == errors
def test_user_disabled():
"""Check if the disabled user flag is set
"""
request = _get_fake_request('john', 'doe')
with testConfig() as config:
configure(config)
with patch('horus.models.UserMixin') as mock_user:
with patch('horus.lib.FlashMessage') as mock_flash:
with patch(
'h.accounts.schemas.EditProfileSchema') as mock_schema:
mock_schema.validator = MagicMock(name='validator')
mock_user.get_user = MagicMock(side_effect=_good_password)
profile = ProfileController(request)
profile.User = mock_user
profile.db = FakeDB()
profile.db.add = MagicMock(name='add')
profile.disable_user()
assert profile.db.add.called
def test_disable_user_with_no_authenticated_user():
exc = ProfileController(Mock(authenticated_userid=None)).disable_user()
assert isinstance(exc, httpexceptions.HTTPUnauthorized)
def test_profile_404s_if_not_logged_in():
request = DummyRequest(authenticated_user=None)
with pytest.raises(httpexceptions.HTTPNotFound):
ProfileController(request).profile()
