async def test_registration_with_confirmation(client, capsys, monkeypatch):
monkeypatch.setitem(cfg, "REGISTRATION_CONFIRMATION_REQUIRED", True)
db = get_storage(client.app)
url = client.app.router["auth_register"].url_for()
r = await client.post(url,
json={
"email": EMAIL,
"password": PASSWORD,
"confirm": PASSWORD
})
data, error = unwrap_envelope(await r.json())
assert r.status == 200, (data, error)
user = await db.get_user({"email": EMAIL})
assert user["status"] == UserStatus.CONFIRMATION_PENDING.name
assert "verification link" in data["message"]
# retrieves sent link by email (see monkeypatch of email in conftest.py)
out, err = capsys.readouterr()
link = parse_link(out)
assert "/auth/confirmation/" in str(link)
resp = await client.get(link)
text = await resp.text()
assert "welcome to fake web front-end" in text
assert resp.status == 200
user = await db.get_user({"email": EMAIL})
assert user["status"] == UserStatus.ACTIVE.name
await db.delete_user(user)
async def test_reset_and_confirm(client: TestClient, cfg: LoginOptions,
capsys):
async with NewUser(app=client.app) as user:
reset_url = client.app.router["auth_reset_password"].url_for()
rp = await client.post(
reset_url,
json={
"email": user["email"],
},
)
assert rp.url.path == reset_url.path
await assert_status(rp, web.HTTPOk, cfg.MSG_EMAIL_SENT.format(**user))
out, err = capsys.readouterr()
confirmation_url = parse_link(out)
code = URL(confirmation_url).parts[-1]
# emulates user click on email url
rp = await client.get(confirmation_url)
assert rp.status == 200
assert (rp.url.path_qs == URL(cfg.LOGIN_REDIRECT).with_fragment(
"reset-password?code=%s" % code).path_qs)
# api/specs/webserver/v0/components/schemas/auth.yaml#/ResetPasswordForm
reset_allowed_url = client.app.router[
"auth_reset_password_allowed"].url_for(code=code)
new_password = get_random_string(5, 10)
rp = await client.post(
reset_allowed_url,
json={
"password": new_password,
"confirm": new_password,
},
)
payload = await rp.json()
assert rp.status == 200, payload
assert rp.url.path == reset_allowed_url.path
await assert_status(rp, web.HTTPOk, cfg.MSG_PASSWORD_CHANGED)
# TODO: multiple flash messages
# Try new password
logout_url = client.app.router["auth_logout"].url_for()
rp = await client.post(logout_url)
assert rp.url.path == logout_url.path
await assert_status(rp, web.HTTPUnauthorized, "Unauthorized")
login_url = client.app.router["auth_login"].url_for()
rp = await client.post(
login_url,
json={
"email": user["email"],
"password": new_password,
},
)
assert rp.url.path == login_url.path
await assert_status(rp, web.HTTPOk, cfg.MSG_LOGGED_IN)
async def test_change_and_confirm(client, capsys):
cfg = client.app[APP_LOGIN_CONFIG]
url = client.app.router["auth_change_email"].url_for()
index_url = client.app.router[INDEX_RESOURCE_NAME].url_for()
login_url = client.app.router["auth_login"].url_for()
logout_url = client.app.router["auth_logout"].url_for()
assert index_url.path == URL(cfg.LOGIN_REDIRECT).path
async with LoggedUser(client) as user:
# request change email
rsp = await client.post(
url,
json={
"email": NEW_EMAIL,
},
)
assert rsp.url_obj.path == url.path
await assert_status(rsp, web.HTTPOk, cfg.MSG_CHANGE_EMAIL_REQUESTED)
# email sent
out, err = capsys.readouterr()
link = parse_link(out)
# try new email but logout first
rsp = await client.post(logout_url)
assert rsp.url_obj.path == logout_url.path
await assert_status(rsp, web.HTTPOk, cfg.MSG_LOGGED_OUT)
# click email's link
rsp = await client.get(link)
txt = await rsp.text()
assert rsp.url_obj.path == index_url.path
assert (
"This is a result of disable_static_webserver fixture for product OSPARC"
in txt
)
rsp = await client.post(
login_url,
json={
"email": NEW_EMAIL,
"password": user["raw_password"],
},
)
payload = await rsp.json()
assert rsp.url_obj.path == login_url.path
await assert_status(rsp, web.HTTPOk, cfg.MSG_LOGGED_IN)
async def test_registration_with_confirmation(
client: TestClient,
cfg: LoginOptions,
db: AsyncpgStorage,
capsys,
mocker,
):
mocker.patch(
"simcore_service_webserver.login.handlers.get_plugin_settings",
return_value=LoginSettings(
LOGIN_REGISTRATION_CONFIRMATION_REQUIRED=True,
LOGIN_REGISTRATION_INVITATION_REQUIRED=False,
),
)
url = client.app.router["auth_register"].url_for()
r = await client.post(url,
json={
"email": EMAIL,
"password": PASSWORD,
"confirm": PASSWORD
})
data, error = unwrap_envelope(await r.json())
assert r.status == 200, (data, error)
user = await db.get_user({"email": EMAIL})
assert user["status"] == UserStatus.CONFIRMATION_PENDING.name
assert "verification link" in data["message"]
# retrieves sent link by email (see monkeypatch of email in conftest.py)
out, err = capsys.readouterr()
link = parse_link(out)
assert "/auth/confirmation/" in str(link)
resp = await client.get(link)
text = await resp.text()
assert (
"This is a result of disable_static_webserver fixture for product OSPARC"
in text)
assert resp.status == 200
user = await db.get_user({"email": EMAIL})
assert user["status"] == UserStatus.ACTIVE.name
await db.delete_user(user)
