async def test_registration_with_confirmation(client, capsys, monkeypatch): monkeypatch.setitem(cfg, "REGISTRATION_CONFIRMATION_REQUIRED", True) db = get_storage(client.app) url = client.app.router["auth_register"].url_for() r = await client.post(url, json={ "email": EMAIL, "password": PASSWORD, "confirm": PASSWORD }) data, error = unwrap_envelope(await r.json()) assert r.status == 200, (data, error) user = await db.get_user({"email": EMAIL}) assert user["status"] == UserStatus.CONFIRMATION_PENDING.name assert "verification link" in data["message"] # retrieves sent link by email (see monkeypatch of email in conftest.py) out, err = capsys.readouterr() link = parse_link(out) assert "/auth/confirmation/" in str(link) resp = await client.get(link) text = await resp.text() assert "welcome to fake web front-end" in text assert resp.status == 200 user = await db.get_user({"email": EMAIL}) assert user["status"] == UserStatus.ACTIVE.name await db.delete_user(user)
async def test_reset_and_confirm(client: TestClient, cfg: LoginOptions, capsys): async with NewUser(app=client.app) as user: reset_url = client.app.router["auth_reset_password"].url_for() rp = await client.post( reset_url, json={ "email": user["email"], }, ) assert rp.url.path == reset_url.path await assert_status(rp, web.HTTPOk, cfg.MSG_EMAIL_SENT.format(**user)) out, err = capsys.readouterr() confirmation_url = parse_link(out) code = URL(confirmation_url).parts[-1] # emulates user click on email url rp = await client.get(confirmation_url) assert rp.status == 200 assert (rp.url.path_qs == URL(cfg.LOGIN_REDIRECT).with_fragment( "reset-password?code=%s" % code).path_qs) # api/specs/webserver/v0/components/schemas/auth.yaml#/ResetPasswordForm reset_allowed_url = client.app.router[ "auth_reset_password_allowed"].url_for(code=code) new_password = get_random_string(5, 10) rp = await client.post( reset_allowed_url, json={ "password": new_password, "confirm": new_password, }, ) payload = await rp.json() assert rp.status == 200, payload assert rp.url.path == reset_allowed_url.path await assert_status(rp, web.HTTPOk, cfg.MSG_PASSWORD_CHANGED) # TODO: multiple flash messages # Try new password logout_url = client.app.router["auth_logout"].url_for() rp = await client.post(logout_url) assert rp.url.path == logout_url.path await assert_status(rp, web.HTTPUnauthorized, "Unauthorized") login_url = client.app.router["auth_login"].url_for() rp = await client.post( login_url, json={ "email": user["email"], "password": new_password, }, ) assert rp.url.path == login_url.path await assert_status(rp, web.HTTPOk, cfg.MSG_LOGGED_IN)
async def test_change_and_confirm(client, capsys): cfg = client.app[APP_LOGIN_CONFIG] url = client.app.router["auth_change_email"].url_for() index_url = client.app.router[INDEX_RESOURCE_NAME].url_for() login_url = client.app.router["auth_login"].url_for() logout_url = client.app.router["auth_logout"].url_for() assert index_url.path == URL(cfg.LOGIN_REDIRECT).path async with LoggedUser(client) as user: # request change email rsp = await client.post( url, json={ "email": NEW_EMAIL, }, ) assert rsp.url_obj.path == url.path await assert_status(rsp, web.HTTPOk, cfg.MSG_CHANGE_EMAIL_REQUESTED) # email sent out, err = capsys.readouterr() link = parse_link(out) # try new email but logout first rsp = await client.post(logout_url) assert rsp.url_obj.path == logout_url.path await assert_status(rsp, web.HTTPOk, cfg.MSG_LOGGED_OUT) # click email's link rsp = await client.get(link) txt = await rsp.text() assert rsp.url_obj.path == index_url.path assert ( "This is a result of disable_static_webserver fixture for product OSPARC" in txt ) rsp = await client.post( login_url, json={ "email": NEW_EMAIL, "password": user["raw_password"], }, ) payload = await rsp.json() assert rsp.url_obj.path == login_url.path await assert_status(rsp, web.HTTPOk, cfg.MSG_LOGGED_IN)
async def test_registration_with_confirmation( client: TestClient, cfg: LoginOptions, db: AsyncpgStorage, capsys, mocker, ): mocker.patch( "simcore_service_webserver.login.handlers.get_plugin_settings", return_value=LoginSettings( LOGIN_REGISTRATION_CONFIRMATION_REQUIRED=True, LOGIN_REGISTRATION_INVITATION_REQUIRED=False, ), ) url = client.app.router["auth_register"].url_for() r = await client.post(url, json={ "email": EMAIL, "password": PASSWORD, "confirm": PASSWORD }) data, error = unwrap_envelope(await r.json()) assert r.status == 200, (data, error) user = await db.get_user({"email": EMAIL}) assert user["status"] == UserStatus.CONFIRMATION_PENDING.name assert "verification link" in data["message"] # retrieves sent link by email (see monkeypatch of email in conftest.py) out, err = capsys.readouterr() link = parse_link(out) assert "/auth/confirmation/" in str(link) resp = await client.get(link) text = await resp.text() assert ( "This is a result of disable_static_webserver fixture for product OSPARC" in text) assert resp.status == 200 user = await db.get_user({"email": EMAIL}) assert user["status"] == UserStatus.ACTIVE.name await db.delete_user(user)