def test_basic_login(db):
# Create our test user using signup
test_basic_signup(db)
with auth_api_session() as (auth_api, metadata_interceptor):
reply = auth_api.Login(auth_pb2.LoginReq(user="******"))
assert reply.next_step == auth_pb2.LoginRes.LoginStep.SENT_LOGIN_EMAIL
# backdoor to find login token
with session_scope() as session:
entry = session.query(LoginToken).one()
login_token = entry.token
with auth_api_session() as (auth_api, metadata_interceptor):
reply = auth_api.CompleteTokenLogin(
auth_pb2.CompleteTokenLoginReq(login_token=login_token))
reply_token = get_session_cookie_token(metadata_interceptor)
with session_scope() as session:
token = (session.query(UserSession).filter(
User.username == "frodo").filter(
UserSession.token == reply_token).one_or_none())
assert token
# log out
with auth_api_session() as (auth_api, metadata_interceptor):
reply = auth_api.Deauthenticate(
empty_pb2.Empty(),
metadata=(("cookie", f"couchers-sesh={reply_token}"), ))
def test_logout_invalid_token(db):
# Create our test user using signup
test_basic_signup(db)
with auth_api_session() as (auth_api, metadata_interceptor):
reply = auth_api.Login(auth_pb2.LoginReq(user="******"))
assert reply.next_step == auth_pb2.LoginRes.LoginStep.SENT_LOGIN_EMAIL
# backdoor to find login token
with session_scope() as session:
entry = session.query(LoginToken).one()
login_token = entry.token
with auth_api_session() as (auth_api, metadata_interceptor):
auth_api.CompleteTokenLogin(
auth_pb2.CompleteTokenLoginReq(login_token=login_token))
reply_token = get_session_cookie_token(metadata_interceptor)
# delete all login tokens
with session_scope() as session:
session.query(LoginToken).delete()
# log out with non-existent token should still return a valid result
with auth_api_session() as (auth_api, metadata_interceptor):
auth_api.Deauthenticate(empty_pb2.Empty(),
metadata=(("cookie",
f"couchers-sesh={reply_token}"), ))
reply_token = get_session_cookie_token(metadata_interceptor)
# make sure we set an empty cookie
assert reply_token == ""
def test_login_tokens_invalidate_after_use(db):
test_basic_signup(db)
with auth_api_session(db) as auth_api:
reply = auth_api.Login(auth_pb2.LoginReq(user="******"))
assert reply.next_step == auth_pb2.LoginRes.LoginStep.SENT_LOGIN_EMAIL
with session_scope(db) as session:
login_token = session.query(LoginToken).one_or_none().token
with auth_api_session(db) as auth_api:
session_token = auth_api.CompleteTokenLogin(
auth_pb2.CompleteTokenLoginReq(login_token=login_token)).token
with auth_api_session(db) as auth_api, pytest.raises(grpc.RpcError):
# check we can't login again
auth_api.CompleteTokenLogin(
auth_pb2.CompleteTokenLoginReq(login_token=login_token))
def test_banned_user(db):
test_basic_signup(db)
with auth_api_session() as (auth_api, metadata_interceptor):
reply = auth_api.Login(auth_pb2.LoginReq(user="******"))
assert reply.next_step == auth_pb2.LoginRes.LoginStep.SENT_LOGIN_EMAIL
with session_scope() as session:
login_token = session.query(LoginToken).one().token
with session_scope() as session:
session.query(User).one().is_banned = True
with auth_api_session() as (auth_api, metadata_interceptor):
with pytest.raises(grpc.RpcError):
auth_api.CompleteTokenLogin(
auth_pb2.CompleteTokenLoginReq(login_token=login_token))
def test_basic_login(temp_db_session):
# Create our test user using signup
test_basic_signup(temp_db_session)
with auth_api_session(temp_db_session) as auth_api:
reply = auth_api.Login(auth_pb2.LoginReq(user="******"))
assert reply.next_step == 1 # SENT_LOGIN_EMAIL
# backdoor to find login token
entry = temp_db_session().query(LoginToken).one_or_none()
login_token = entry.token
with auth_api_session(temp_db_session) as auth_api:
reply = auth_api.CompleteTokenLogin(
auth_pb2.CompleteTokenLoginReq(login_token=login_token))
assert isinstance(reply.token, str)
session_token = reply.token
# log out
with auth_api_session(temp_db_session) as auth_api:
reply = auth_api.Deauthenticate(
auth_pb2.DeAuthReq(token=session_token))
