def test__clean_inactive_users(self): """ Test the removal of users whose activation time is expired """ EXPUSER = '******' VALUSER = '******' EXP_CREATION_TIME = server.now_timestamp() - server.USER_ACTIVATION_TIMEOUT - 1 VALID_CREATION_TIME = server.now_timestamp() server.userdata[EXPUSER] = {server.USER_IS_ACTIVE: False, server.USER_CREATION_DATA: {server.USER_CREATION_TIME: EXP_CREATION_TIME} } server.userdata[VALUSER] = {server.USER_IS_ACTIVE: False, server.USER_CREATION_DATA: {server.USER_CREATION_TIME: VALID_CREATION_TIME} } server.Users._clean_inactive_users() self.assertNotIn(EXPUSER, server.userdata)
def setUp(self): setup_test_dir() server.reset_userdata() self.app = server.app.test_client() self.app.testing = True self.active_user = '******' self.active_user_pw = pick_rand_pw(8) _manually_create_user(self.active_user, self.active_user_pw) self.pending_user = '******' server.pending_users[self.pending_user] = {'timestamp': server.now_timestamp(), 'activation_code': 'fake-activation-code'}
def test_put_active_user_weak_password(self): """ Test put request with weak password and assures user password was not updated on disk """ recoverpass_code = 'arbitrarycode' server.userdata[self.active_user]['recoverpass_data'] = {'recoverpass_code': recoverpass_code, 'timestamp': server.now_timestamp(), } test = self.app.put(SERVER_API + 'users/{}'.format(self.active_user), data={'recoverpass_code': recoverpass_code, 'password': '******'}) self.assertEqual(test.status_code, HTTP_FORBIDDEN) self.assertNotEqual(server.userdata[self.active_user]['password'], 'weakpass')
def _manually_create_user(username, pw): """ Create an user, its server directory, and return its userdata dictionary. :param username: str :param pw: str :return: dict """ enc_pass = server._encrypt_password(pw) # Create user directory with default structure (use the server function) user_dir_state = server.init_user_directory(username) single_user_data = user_dir_state single_user_data[server.PWD] = enc_pass single_user_data[server.USER_CREATION_TIME] = server.now_timestamp() server.userdata[username] = single_user_data return single_user_data
def setUp(self): setup_test_dir() server.reset_userdata() self.app = server.app.test_client() self.app.testing = True self.active_user = '******' self.active_user_pw = '234.Cde' _manually_create_user(self.active_user, self.active_user_pw) self.inactive_username = '******' self.inactive_username_password = '******' self.inactive_username_activationcode = 'randomactivationcode' server.userdata[self.inactive_username] = { server.USER_IS_ACTIVE: False, server.PWD: self.inactive_username_password, server.USER_CREATION_DATA: {'creation_timestamp': server.now_timestamp(), 'activation_code': self.inactive_username_activationcode, }, }
def _create_file(username, user_relpath, content, update_userdata=True): """ Create an user file with path <user_relpath> and content <content> and return it's last modification time (== creation time). :param username: str :param user_relpath: str :param content: str :return: float """ filepath = userpath2serverpath(username, user_relpath) dirpath = os.path.dirname(filepath) if not os.path.isdir(dirpath): os.makedirs(dirpath) with open(filepath, 'wb') as fp: fp.write(content) mtime = server.now_timestamp() if update_userdata: server.userdata[username][server.SNAPSHOT][user_relpath] = [mtime, server.calculate_file_md5(open(filepath, 'rb'))] return mtime
def test_put_ok(self): """ Test the password recovery with correct PUT parameters. """ old_password = server.userdata[self.active_user]['password'] # Now we create an arbitrary recoverpass_code, # normally created by POST in /users/<username>/reset recoverpass_code = 'arbitrarycode' server.userdata[self.active_user]['recoverpass_data'] = { 'recoverpass_code': recoverpass_code, 'timestamp': server.now_timestamp(), } # then, put with given code and new password test = self.app.put(SERVER_API + 'users/{}'.format(self.active_user), data={'recoverpass_code': recoverpass_code, 'password': self.active_user_pw}) self.assertEqual(test.status_code, HTTP_OK) self.assertNotEqual(old_password, server.userdata[self.active_user]['password'])