def create_user(cls, username, password, first_name, last_name,
institution, email):
salt = gen_salt()
hashed_pass = hash_password(password, salt)
user = User(username=username,
password=hashed_pass,
salt=salt,
first_name=first_name,
last_name=last_name,
institution=institution,
email=email)
user.save()
return user
def create_user(cls, username, password, first_name, last_name, institution, email):
salt = gen_salt()
hashed_pass = hash_password(password, salt)
user = User(
username=username,
password=hashed_pass,
salt=salt,
first_name=first_name,
last_name=last_name,
institution=institution,
email=email,
)
user.save()
return user
def test_fails_with_bad_token(self):
user = User(
username='******',
password='******',
salt='salt',
).save()
with pytest.raises(ValidationError):
SessionService.create_session(user, 1234)
def test_returns_none_when_session_does_not_exist(self):
User(
username='******',
password='******',
salt='salt',
).save()
session = SessionService.get_session_by_token('token')
assert session is None
def test_fails_silently_when_session_does_not_exist(self):
user = User(
username='******',
password='******',
salt='salt',
).save()
result = SessionService.delete_session_by_user(user)
assert result is False
with pytest.raises(Session.DoesNotExist):
Session.objects.get(user=user)
def test_creates_session(self):
user = User(
username='******',
password='******',
salt='salt',
).save()
result = SessionService.create_session(user, 'token')
session = Session.objects.get(user=user)
assert result is True
assert session.user.username == 'username'
assert session.token == 'token'
def test_returns_none_when_user_does_not_exist(self):
User(
username='******',
first_name='first',
last_name='last',
salt="$2a$12$DG39IJLyK/8DQ18Zz/GclO",
password=
"******",
institution='university',
email='*****@*****.**',
).save()
user = UserService.get_user('not_a_username')
assert user is None
def test_returns_session_when_session_exists(self):
user = User(
username='******',
password='******',
salt='salt',
).save()
Session(
user=user,
token='token',
).save()
session = SessionService.get_session_by_token('token')
assert session is not None
assert session.user.username == 'username'
assert session.token == 'token'
def test_gets_user_that_exists(self, mock_get_user):
mock_get_user.return_value = User(
username='******',
password='******',
salt='salt',
)
res = self.app.get(
self.route % 'username',
headers=self.headers,
)
assert res.status_code == 200
assert mock_get_user.called_with('username')
json_data = json.loads(res.get_data().decode())
assert json_data.get('username') == 'username'
def test_non_required_output(self):
user = User(
username='******',
password='******',
salt='salt',
is_admin=False,
)
js = UserViewMapper.to_json_from_model(user)
assert js['username'] == 'username'
assert js['first_name'] is None
assert js['last_name'] is None
assert js['institution'] is None
assert js['email'] is None
assert js['is_admin'] is False
assert 'password' not in js
assert 'salt' not in js
def test_deletes_session_when_session_exists(self):
user = User(
username='******',
password='******',
salt='salt',
).save()
Session(
user=user,
token='token',
).save()
session = Session.objects.get(user=user)
assert session is not None
result = SessionService.delete_session_by_user(user)
assert result is True
with pytest.raises(Session.DoesNotExist):
Session.objects.get(user=user)
def test_good_login_with_session_succeeds(self):
user = User(
username='******',
password='******',
salt='salt',
)
self.mock_get_session_by_user.return_value = Session(
user=user,
token='token',
)
token = AuthService.attempt_login('username', 'password')
assert token == 'token'
assert self.mock_get_user.call_count == 1
assert self.mock_hash_password.call_count == 1
assert self.mock_get_session_by_user.call_count == 1
assert self.mock_gen_token.call_count == 0
assert self.mock_create_session.call_count == 0
def test_bad_password_with_session_fails(self):
user = User(
username='******',
password='******',
salt='salt',
)
self.mock_get_session_by_user.return_value = Session(
user=user,
token='token',
)
self.mock_hash_password.return_value = 'wrong_hashed_pass'
token = AuthService.attempt_login('username', 'not_my_password')
assert token is None
assert self.mock_get_user.call_count == 1
assert self.mock_hash_password.call_count == 1
assert self.mock_get_session_by_user.call_count == 0
assert self.mock_gen_token.call_count == 0
assert self.mock_create_session.call_count == 0
def test_correct_json_output(self):
user = User(
username='******',
password='******',
salt='salt',
first_name='first',
last_name='last',
institution='university',
email='*****@*****.**',
is_admin=False,
)
js = UserViewMapper.to_json_from_model(user)
assert js['username'] == 'username'
assert js['first_name'] == 'first'
assert js['last_name'] == 'last'
assert js['institution'] == 'university'
assert js['email'] == '*****@*****.**'
assert js['is_admin'] is False
assert 'password' not in js
assert 'salt' not in js
def setUp(self):
self.hash_password_patch = mock.patch(
'ncr.services.auth.hash_password', return_value='hashed_pass')
self.gen_token_patch = mock.patch('ncr.services.auth.gen_token',
return_value='generated_token')
self.get_user_patch = mock.patch(
'ncr.services.auth.UserService.get_user',
return_value=User(username='******',
password='******',
salt='salt'))
self.get_session_by_user_patch = mock.patch(
'ncr.services.auth.SessionService.get_session_by_user',
return_value=None)
self.create_session_patch = mock.patch(
'ncr.services.auth.SessionService.create_session')
self.mock_hash_password = self.hash_password_patch.start()
self.mock_gen_token = self.gen_token_patch.start()
self.mock_get_user = self.get_user_patch.start()
self.mock_get_session_by_user = \
self.get_session_by_user_patch.start()
self.mock_create_session = self.create_session_patch.start()
def test_raises_not_implemented_error_on_invocation(self):
user = User(username='******', password='******', salt='salt')
with pytest.raises(NotImplementedError):
ViewMapper.to_json_from_model(user)
def to_model_from_json(cls, js):
return User(**js)