def test_timed_out_emailcheck_credentials_are_cleared_in_registration(self):
for someone in User.query.all()[:5]: # @UndefinedVariable
Credential.new(someone, 'emailcheck', str(time.time()-1)+":"+uuid4().hex, uuid4().hex)
self.assertTrue(self.countExpiredCreds('emailcheck')>=5)
form = self.prepareLoginForm()
self.controller.doRegistration(form)
self.assertTrue(self.countExpiredCreds('emailcheck')==0)
def do_add_credential(self, form):
user = self.getCurrentUser()
Credential.new(user,
form.credentialType.data,
form.identifier.data,
form.secret.data)
return self.as_dict(user)
def sendPasswordVerificationEmail(self, user):
secret=unicode(uuid4())
expiry = time.time() + 60*60*24*4
Credential.new(user, 'emailcheck', unicode(expiry), secret )
timeText = time.strftime("%a, %d %b %Y %H:%M:%S +0000", time.gmtime(expiry))
uri = "{0}/v1/verify_email/{1}".format(self.getConfig('BASE_URL'),secret)
text = """Hi, click on <a href="{0}">{0}</a> until {1} to verify your email""".format(uri, timeText)
self.mail.send_message(subject="verification", body=text, recipients=[user.email], sender=self.getConfig('SERVER_EMAIL_ADDRESS'))
def createTemporaryCredential(user,
credentialType,
expiry=fourDaysInSeconds,
additionalInfo=None):
secret = uuid4().hex
expiry = time.time() + expiry
Credential.new(user, credentialType,
str(expiry) + ":" + str(additionalInfo), secret)
return secret, expiry
def no_password_reset_for_timed_out_temporary_credential(self):
password = self.mkRandomPassword()
secret = unicode(uuid4())
user = User.getByEmail(self.usercreation_email)
Credential.new(user, 'email_for_password_reset', secret, time.time()-1)
with app.test_client() as c:
data = dict(password=password, secret=secret)
resp = c.post("/v1/password_reset", data = data)
self.assertEqual(resp.status_code, 404)
def _removeACredential(self, myUserid):
self.controller.loginInFramework(self.cred)
user = self.cred.user
Credential.new(user, "facebook", myUserid, "testsecret")
data = {"credentialType": "facebook",
"identifier": myUserid}
self.assertTrue(Credential.get("facebook", myUserid))
resp = self.controller.doRemoveCredential(FakeForm(data))
return resp
def test_expired_deregistration_certificates_are_deleted_in_deregistration_initiation(
self):
for someone in User.query.all()[:5]: # @UndefinedVariable
Credential.new(someone, 'deregister',
str(time.time() - 1) + ":" + uuid4().hex,
uuid4().hex)
self.assertTrue(self.countExpiredCreds('deregister') >= 5)
self._doDeregistrationDoit()
self.assertTrue(self.countExpiredCreds('deregister') == 0)
def successful_password_clears_the_temporary_credential(self):
password = self.mkRandomPassword()
secret = unicode(uuid4())
user = User.getByEmail(self.usercreation_email)
Credential.new(user, 'email_for_password_reset', secret, time.time()+3600)
with app.test_client() as c:
data = dict(password=password, secret=secret)
c.post("/v1/password_reset", data = data)
newcred = Credential.get('email_for_password_reset', secret)
self.assertEquals(newcred, None)
def successful_password_reset_sets_the_password(self):
password = self.mkRandomPassword()
secret = unicode(uuid4())
user = User.getByEmail(self.usercreation_email)
Credential.new(user, 'email_for_password_reset', secret, time.time()+3600)
with app.test_client() as c:
data = dict(password=password, secret=secret)
c.post("/v1/password_reset", data = data)
cred = Credential.getByUser(user, "password")
self.assertEquals(cred.secret, CredentialManager.protect_secret(password))
def do_send_password_reset_email(self, email):
user = User.getByEmail(email)
if user is None:
raise ReportedError(['Invalid email address'])
passwordResetEmailExpiration = 14400
secret=unicode(uuid4())
expirationTime = time.time() + passwordResetEmailExpiration
Credential.new(user, passwordResetCredentialType, secret, unicode(expirationTime))
self.sendPasswordResetMail(user, secret, expirationTime)
return self.simple_response("Password reset email has successfully sent.")
def test_bad_secret_clears_up_all_timed_out_temporary_credentials(self):
password = self.mkRandomPassword()
secret = uuid4().hex
for someone in User.query.all()[:5]: # @UndefinedVariable
Credential.new(someone, 'email_for_password_reset', str(time.time()-1)+":"+uuid4().hex, uuid4().hex)
self.assertTrue(self.countExpiredCreds()>=5)
data = dict(password=password, secret=secret)
self.assertReportedError(self.controller.doPasswordReset,(FakeForm(data),),
404, ['The secret has expired'])
self.assertEqual(self.countExpiredCreds(),0)
def test_valid_secret_is_accepted(self):
password = self.mkRandomPassword()
secret = uuid4().hex
user = User.getByEmail(self.userCreationEmail)
Credential.new(user, 'email_for_password_reset', str(time.time()+3600), secret)
with app.test_client() as client:
data = dict(password=password, secret=secret)
resp = client.post("/v1/password_reset", data = data)
self.assertEqual(resp.status_code, 200)
respData = self.fromJson(resp)
self.assertEqual("Password successfully changed",respData['message'])
def test_valid_secret_is_accepted(self):
password = self.mkRandomPassword()
secret = uuid4().hex
user = User.getByEmail(self.userCreationEmail)
Credential.new(user, 'email_for_password_reset',
str(time.time() + 3600), secret)
with app.test_client() as client:
data = dict(password=password, secret=secret)
resp = client.post("/v1/password_reset", data=data)
self.assertEqual(resp.status_code, 200)
respData = self.fromJson(resp)
self.assertEqual("Password successfully changed",
respData['message'])
def the_credential_is_actually_deleted(self):
with app.test_client() as c:
self.login(c)
user = User.getByEmail(self.usercreation_email)
credId = self.randString
Credential.new(user, "facebook", credId, "testsecret")
self.assertTrue(Credential.get("facebook", credId))
data = {
"credentialType": "facebook",
"identifier": credId,
}
c.post(config.base_url + "/v1/remove_credential", data=data)
self.assertFalse(Credential.get("facebook", credId))
def a_credential_can_be_deleted(self):
with app.test_client() as c:
self.login(c)
user = User.getByEmail(self.usercreation_email)
credId = self.randString
Credential.new(user, "facebook", credId, "testsecret")
self.assertTrue(Credential.get("facebook", credId))
data = {
"credentialType": "facebook",
"identifier": credId,
}
resp = c.post(config.base_url + "/v1/remove_credential", data=data)
self.assertEqual(200, resp.status_code)
self.assertEqual('{"message": "credential removed"}', self.getResponseText(resp))
def test_the_credential_is_actually_deleted(self):
with app.test_client() as client:
self.login(client)
user = User.getByEmail(self.userCreationEmail)
credId = self.randString
Credential.new(user, "facebook", credId, "testsecret")
self.assertTrue(Credential.get("facebook", credId))
data = {
"csrf_token": self.getCSRF(client),
"credentialType": "facebook",
"identifier": credId,
}
client.post(config.BASE_URL + "/v1/remove_credential", data=data)
self.assertFalse(Credential.get("facebook", credId))
def you_should_give_valid_identifier_for_credential_deletion(self):
with app.test_client() as c:
self.login(c)
user = User.getByEmail(self.usercreation_email)
credId = self.randString
Credential.new(user, "facebook", credId, "testsecret")
self.assertTrue(Credential.get("facebook", credId))
data = {
"identifier": credId+"no",
"credentialType": "facebook",
}
resp = c.post(config.base_url + "/v1/remove_credential", data=data)
self.assertEqual(404, resp.status_code)
self.assertEqual('{"errors": ["No such credential"]}', self.getResponseText(resp))
def test_a_credential_can_be_deleted(self):
with app.test_client() as client:
self.login(client)
user = User.getByEmail(self.userCreationEmail)
credId = self.randString
Credential.new(user, "facebook", credId, "testsecret")
self.assertTrue(Credential.get("facebook", credId))
data = {
"csrf_token": self.getCSRF(client),
"credentialType": "facebook",
"identifier": credId,
}
resp = client.post(config.BASE_URL + "/v1/remove_credential", data=data)
self.assertEqual(200, resp.status_code)
self.assertEqual('{"message": "credential removed"}', self.getResponseText(resp))
def test_you_should_give_valid_identifier_for_credential_deletion(self):
with app.test_client() as client:
self.login(client)
user = User.getByEmail(self.userCreationEmail)
credId = self.randString
Credential.new(user, "facebook", credId, "testsecret")
self.assertTrue(Credential.get("facebook", credId))
data = {
"csrf_token": self.getCSRF(client),
"identifier": credId+"no",
"credentialType": "facebook",
}
resp = client.post(config.BASE_URL + "/v1/remove_credential", data=data)
self.assertEqual(404, resp.status_code)
self.assertEqual('{"errors": ["No such credential"]}', self.getResponseText(resp))
def you_have_to_use_the_credentials_used_for_login_to_deregister(self):
with app.test_client() as c:
self.login(c)
user = User.getByEmail(self.usercreation_email)
self.setupUserCreationData()
Credential.new(user, "password", self.usercreation_userid, self.usercreation_password)
data = dict(
csrf_token= self.getCSRF(c),
credentialType= "password",
identifier= self.usercreation_userid,
secret = self.usercreation_password
)
resp = c.post(config.base_url+'/deregister', data=data)
self.assertEquals(resp.status_code, 400)
self.assertEqual('{"errors": ["You should use your login credentials to deregister"]}', self.getResponseText(resp))
def bad_secret_clears_up_all_timed_out_temporary_credentials(self):
password = self.mkRandomPassword()
secret = unicode(uuid4())
for someone in User.query.all()[:5]: # @UndefinedVariable
Credential.new(someone, 'email_for_password_reset', unicode(uuid4()), time.time()-1)
with app.test_client() as c:
data = dict(password=password, secret=secret)
c.post("/v1/password_reset", data = data)
expiredcreds = []
now = time.time()
creds = Credential.query.filter_by(credentialType='email_for_password_reset') # @UndefinedVariable
for c in creds:
if (float(c.secret) < now):
expiredcreds.append(c)
self.assertEqual(expiredcreds,[])
def createUserAndLoginWithCert(self):
identifier, digest, cert = self.getCertAttributes()
user = self.createUserWithCredentials()
secret = digest
cred = Credential.new(user, "certificate", identifier, secret)
resp = self.sslLoginWithCert(cert)
return resp, cred
def doPasswordReset(self, form):
Credential.deleteExpired(self.passwordResetCredentialType)
cred = Credential.getBySecret(
self.passwordResetCredentialType, form.secret.data)
if cred is None or (cred.getExpirationTime() < time.time()):
raise ReportedError([theSecretHasExpired], 404)
passcred = Credential.getByUser(cred.user, 'password')
protectedSecret = CredentialManager.protect_secret(form.password.data)
if not passcred:
passcred = Credential.new(cred.user, "password", cred.user.email, protectedSecret)
else:
passcred.secret = protectedSecret
cred.rm()
return self.simple_response(passwordSuccessfullyChanged)
def doPasswordReset(self, form):
Credential.deleteExpired(self.passwordResetCredentialType)
cred = Credential.getBySecret(
self.passwordResetCredentialType, form.secret.data)
if cred is None or (cred.getExpirationTime() < time.time()):
raise ReportedError([theSecretHasExpired], 404)
passcred = Credential.getByUser(cred.user, 'password')
protectedSecret = CredentialManager.protect_secret(form.password.data)
if not passcred:
passcred = Credential.new(cred.user, "password", cred.user.email, protectedSecret)
else:
passcred.secret = protectedSecret
cred.rm()
return self.simple_response(passwordSuccessfullyChanged)
def create_user_with_creds(cls, credtype, identifier, secret, email, digest=None):
user = User.new(email, digest)
protected = cls.protect_secret(secret)
Credential.new(user, credtype, identifier, protected)
return user
def createUserAndLoginWithCert(self):
certAttrs = self.getCertAttributes()
cred = self.createUserWithCredentials()
Credential.new(cred.user, "certificate", certAttrs.identifier, certAttrs.digest)
resp = self.sslLoginWithCert(certAttrs.cert)
return resp
def addCertCredentialToUser(self, cert, user):
identifier, digest = self.parseCert(cert)
Credential.new(user, "certificate", identifier, digest)
def addCredToUser(cls, user, credtype, identifier, secret):
protected = cls.protect_secret(secret)
cred = Credential.new(user, credtype, identifier, protected)
cred.save()
return cred
def test_expired_deregistration_certificates_are_deleted_in_deregistration_initiation(self):
for someone in User.query.all()[:5]: # @UndefinedVariable
Credential.new(someone, 'deregister', str(time.time()-1)+":"+uuid4().hex, uuid4().hex)
self.assertTrue(self.countExpiredCreds('deregister')>=5)
self._doDeregistrationDoit()
self.assertTrue(self.countExpiredCreds('deregister')==0)
def addCertCredentialToUser(self, cert, user):
identifier = self.getIdentifier(cert)
digest = self.getDigest(cert)
Credential.new(user, "certificate", identifier, digest)