async def test_registration_with_confirmation(client, capsys, monkeypatch): monkeypatch.setitem(cfg, "REGISTRATION_CONFIRMATION_REQUIRED", True) db = get_storage(client.app) url = client.app.router["auth_register"].url_for() r = await client.post(url, json={ "email": EMAIL, "password": PASSWORD, "confirm": PASSWORD }) data, error = unwrap_envelope(await r.json()) assert r.status == 200, (data, error) user = await db.get_user({"email": EMAIL}) assert user["status"] == UserStatus.CONFIRMATION_PENDING.name assert "verification link" in data["message"] # retrieves sent link by email (see monkeypatch of email in conftest.py) out, err = capsys.readouterr() link = parse_link(out) assert "/auth/confirmation/" in str(link) resp = await client.get(link) text = await resp.text() assert "welcome to fake web front-end" in text assert resp.status == 200 user = await db.get_user({"email": EMAIL}) assert user["status"] == UserStatus.ACTIVE.name await db.delete_user(user)
async def is_user_guest(app: web.Application, user_id: int) -> bool: """Returns True if the user exists and is a GUEST""" db = get_storage(app) user = await db.get_user({"id": user_id}) if not user: logger.warning("Could not find user with id '%s'", user_id) return False return bool(UserRole(user["role"]) == UserRole.GUEST)
async def test_registration_with_existing_email(client): db = get_storage(client.app) url = client.app.router['auth_register'].url_for() async with NewUser() as user: r = await client.post(url, json={ 'email': user['email'], 'password': user['raw_password'], 'confirm': user['raw_password'] }) await assert_error(r, web.HTTPConflict, cfg.MSG_EMAIL_EXISTS)
async def delete_user(app: web.Application, user_id: int) -> None: """Deletes a user from the database if the user exists""" db = get_storage(app) user = await db.get_user({"id": user_id}) if not user: logger.warning( "User with id '%s' could not be deleted because it does not exist", user_id ) return await db.delete_user(user)
async def test_registration_with_invitation( client, is_invitation_required, has_valid_invitation, expected_response, ): from servicelib.application_keys import APP_CONFIG_KEY from simcore_service_webserver.login.config import CONFIG_SECTION_NAME client.app[APP_CONFIG_KEY][CONFIG_SECTION_NAME] = { "registration_confirmation_required": False, "registration_invitation_required": is_invitation_required, } # # User gets an email with a link as # https:/some-web-address.io/#/registration/?invitation={code} # # Front end then creates the following request # async with NewInvitation(client) as confirmation: print(get_confirmation_info(confirmation)) url = client.app.router["auth_register"].url_for() r = await client.post( url, json={ "email": EMAIL, "password": PASSWORD, "confirm": PASSWORD, "invitation": confirmation["code"] if has_valid_invitation else "WRONG_CODE", }, ) await assert_status(r, expected_response) # check optional fields in body if not has_valid_invitation or not is_invitation_required: r = await client.post(url, json={ "email": "new-user" + EMAIL, "password": PASSWORD }) await assert_status(r, expected_response) if is_invitation_required and has_valid_invitation: db = get_storage(client.app) assert not await db.get_confirmation(confirmation)
async def test_registration_with_existing_email(client): db = get_storage(client.app) url = client.app.router["auth_register"].url_for() async with NewUser() as user: r = await client.post( url, json={ "email": user["email"], "password": user["raw_password"], "confirm": user["raw_password"], }, ) await assert_error(r, web.HTTPConflict, cfg.MSG_EMAIL_EXISTS)
async def test_registration_without_confirmation(client, monkeypatch): monkeypatch.setitem(cfg, "REGISTRATION_CONFIRMATION_REQUIRED", False) db = get_storage(client.app) url = client.app.router["auth_register"].url_for() r = await client.post( url, json={"email": EMAIL, "password": PASSWORD, "confirm": PASSWORD} ) data, error = unwrap_envelope(await r.json()) assert r.status == 200, (data, error) assert cfg.MSG_LOGGED_IN in data["message"] user = await db.get_user({"email": EMAIL}) assert user await db.delete_user(user)
async def test_registration_with_expired_confirmation(client, monkeypatch): monkeypatch.setitem(cfg, 'REGISTRATION_CONFIRMATION_REQUIRED', True) monkeypatch.setitem(cfg, 'REGISTRATION_CONFIRMATION_LIFETIME', -1) db = get_storage(client.app) url = client.app.router['auth_register'].url_for() async with NewUser({'status': UserStatus.CONFIRMATION_PENDING.name}) as user: confirmation = await db.create_confirmation(user, ConfirmationAction.REGISTRATION.name) r = await client.post(url, json={ 'email': user['email'], 'password': user['raw_password'], 'confirm': user['raw_password'], }) await db.delete_confirmation(confirmation) await assert_error(r, web.HTTPConflict, cfg.MSG_EMAIL_EXISTS)
async def delete_user(app: web.Application, user_id: int) -> None: """Deletes a user from the database if the user exists""" # FIXME: user cannot be deleted without deleting first all ist project # otherwise this function will raise asyncpg.exceptions.ForeignKeyViolationError # Consider "marking" users as deleted and havning a background job that # cleans it up db: AsyncpgStorage = get_storage(app) user = await db.get_user({"id": user_id}) if not user: logger.warning( "User with id '%s' could not be deleted because it does not exist", user_id) return await db.delete_user(user) # This user might be cached in the auth. If so, any request # with this user-id will get thru producing unexpected side-effects clean_auth_policy_cache(app)
async def test_registration_with_expired_confirmation(client, monkeypatch): monkeypatch.setitem(cfg, "REGISTRATION_CONFIRMATION_REQUIRED", True) monkeypatch.setitem(cfg, "REGISTRATION_CONFIRMATION_LIFETIME", -1) db = get_storage(client.app) url = client.app.router["auth_register"].url_for() async with NewUser({"status": UserStatus.CONFIRMATION_PENDING.name}) as user: confirmation = await db.create_confirmation( user, ConfirmationAction.REGISTRATION.name) r = await client.post( url, json={ "email": user["email"], "password": user["raw_password"], "confirm": user["raw_password"], }, ) await db.delete_confirmation(confirmation) await assert_error(r, web.HTTPConflict, cfg.MSG_EMAIL_EXISTS)
async def test_logout(client): db = get_storage(client.app) logout_url = client.app.router["auth_logout"].url_for() protected_url = client.app.router["auth_change_email"].url_for() async with LoggedUser(client) as user: # try to access protected page r = await client.post(protected_url, json={"email": user["email"]}) assert r.url_obj.path == protected_url.path await assert_status(r, web.HTTPOk) # logout r = await client.post(logout_url) assert r.url_obj.path == logout_url.path await assert_status(r, web.HTTPOk) # and try again r = await client.post(protected_url) assert r.url_obj.path == protected_url.path await assert_status(r, web.HTTPUnauthorized) await db.delete_user(user)
def __init__(self, params=None, app: web.Application = None): self.params = params self.user = None self.db = get_storage(app) if app else cfg.STORAGE # FIXME: