def test_login_inactive(user, extended_app):
"""Log in inactive user."""
assert is_user_logged(extended_app) is False
authenticate(extended_app)
assert is_user_logged(extended_app) is True
def test_afteremailchange_xhr(db_session, afteremailchange_app): # pylint:disable=redefined-outer-name
"""Change email with valid data."""
app = afteremailchange_app
authenticate(app)
email = DEFAULT_USER['email']
new_email = '*****@*****.**'
user = db_session.query(User).filter(User.email == email).one()
res = app.get('/email/change')
res = app.post(
'/email/change',
{
'csrf_token': res.form['csrf_token'].value,
'email': new_email},
xhr=True)
assert res.json['status'] is True
assert res.json['url'] == EVENT_PATH.format(AfterEmailChange)
transaction.commit()
user = db_session.query(User).filter(User.email == email).one()
assert user.new_email == new_email
assert user.email == email
assert user.email_change_key is not None
def test_login_inactive(user, extended_app):
"""Log in inactive user."""
assert is_user_logged(extended_app) is False
authenticate(extended_app)
assert is_user_logged(extended_app) is True
def test_email_valid_xhr(db_session, active_user, default_app):
"""Change email with valid data."""
app = default_app
authenticate(app)
email = DEFAULT_USER['email']
new_email = '*****@*****.**'
user = db_session.query(User).filter(User.email == email).one()
res = app.get('/email/change')
res = app.post(
'/email/change',
{
'csrf_token': res.form['csrf_token'].value,
'email': new_email},
xhr=True)
assert res.json['status'] is True
transaction.commit()
user = db_session.query(User).filter(User.email == email).one()
assert user.new_email == new_email
assert user.email == email
assert user.email_change_key is not None
def test_afteremailchange_xhr(db_session, afteremailchange_app): # pylint:disable=redefined-outer-name
"""Change email with valid data."""
app = afteremailchange_app
authenticate(app)
email = DEFAULT_USER["email"]
new_email = "*****@*****.**"
user = db_session.query(User).filter(User.email == email).one()
res = app.get("/email/change")
res = app.post(
"/email/change",
{
"csrf_token": res.form["csrf_token"].value,
"email": new_email
},
xhr=True,
)
assert res.json["status"] is True
assert res.json["url"] == EVENT_PATH.format(AfterEmailChange)
transaction.commit()
user = db_session.query(User).filter(User.email == email).one()
assert user.new_email == new_email
assert user.email == email
assert user.email_change_key is not None
def test_afteremailchangeactivation(db_session, active_user,
afteremailchange_app):
"""Confirm email change view with redirect from AfterEmailChangeActivation."""
app = afteremailchange_app
# login user
authenticate(app)
email = DEFAULT_USER['email']
user = db_session.query(User).filter(User.email == email).one()
new_email = text_type('*****@*****.**')
user.set_new_email(new_email)
transaction.commit()
user = db_session.merge(user)
res = app.get('/email/change/' + user.email_change_key)
assert res.status_code == 302
assert res.location == EVENT_URL.format(AfterEmailChangeActivation)
with pytest.raises(NoResultFound):
# there is no user with old email
db_session.query(User).filter(User.email == email).one()
user = db_session.query(User).filter(User.email == new_email).one()
assert not user.email_change_key
def test_afteremailchange_xhr(db_session, active_user, afteremailchange_app):
"""Change email with valid data."""
app = afteremailchange_app
authenticate(app)
email = DEFAULT_USER['email']
new_email = '*****@*****.**'
user = db_session.query(User).filter(User.email == email).one()
res = app.get('/email/change')
res = app.post('/email/change', {
'csrf_token': res.form['csrf_token'].value,
'email': new_email
},
xhr=True)
assert res.json['status'] is True
assert res.json['url'] == EVENT_PATH.format(AfterEmailChange)
transaction.commit()
user = db_session.query(User).filter(User.email == email).one()
assert user.new_email == new_email
assert user.email == email
assert user.email_change_key is not None
def test_logout(active_user, extended_app):
"""Check logout action."""
authenticate(extended_app)
assert is_user_logged(extended_app) is True
extended_app.get('/logout', status=303)
assert is_user_logged(extended_app) is False
res = extended_app.get('/secret', status=302)
assert res.status_code == 302
def test_logout(active_user, extended_app): # pylint:disable=unused-argument
"""Check logout action."""
authenticate(extended_app)
assert is_user_logged(extended_app) is True
extended_app.get('/logout', status=303)
assert is_user_logged(extended_app) is False
res = extended_app.get('/secret', status=302)
assert res.status_code == 302
def test_logout(active_user, extended_app): # pylint:disable=unused-argument
"""Check logout action."""
authenticate(extended_app)
assert is_user_logged(extended_app) is True
extended_app.get("/logout", status=303)
assert is_user_logged(extended_app) is False
res = extended_app.get("/secret", status=302)
assert res.status_code == 302
def test_automatic_logout(active_user, short_config, short_app): # pylint:disable=unused-argument
"""Test automatic logout."""
timeout = short_config.registry['config']['fullauth']['AuthTkt']['timeout'] + 1
authenticate(short_app)
# Simulating inactivity
time.sleep(timeout)
res = short_app.get('/email/change')
assert res.headers['Location'] == 'http://localhost/login?after=%2Femail%2Fchange'
res = res.follow()
assert res.form
def test_wrong_email(db_session, active_user, default_app, invalid_email):
"""Change email with incorrect email."""
app = default_app
# login user
authenticate(app)
res = app.get('/email/change')
form = res.form
form['email'] = invalid_email
res = form.submit()
assert 'Error! Incorrect e-mail format' in res
def test_empty_email(db_session, active_user, default_app):
"""Try to change email with empty value."""
app = default_app
# login user
authenticate(app)
res = app.get('/email/change')
form = res.form
form['email'] = ''
res = form.submit()
assert 'Error! E-mail is empty' in res
def test_empty_email(default_app):
"""Try to change email with empty value."""
app = default_app
# login user
authenticate(app)
res = app.get("/email/change")
form = res.form
form["email"] = ""
res = form.submit()
assert "Error! E-mail is empty" in res
def test_empty_email(db_session, active_user, default_app):
"""Try to change email with empty value."""
app = default_app
# login user
authenticate(app)
res = app.get('/email/change')
form = res.form
form['email'] = ''
res = form.submit()
assert 'Error! E-mail is empty' in res
def test_wrong_email(default_app, invalid_email):
"""Change email with incorrect email."""
app = default_app
# login user
authenticate(app)
res = app.get("/email/change")
form = res.form
form["email"] = invalid_email
res = form.submit()
assert "Error! Incorrect e-mail format" in res
def test_wrong_email(db_session, active_user, default_app, invalid_email):
"""Change email with incorrect email."""
app = default_app
# login user
authenticate(app)
res = app.get('/email/change')
form = res.form
form['email'] = invalid_email
res = form.submit()
assert 'Error! Incorrect e-mail format' in res
def test_default_login_forbidden(active_user, authable_app):
"""After successful login, user should get 403 on secret page."""
authable_app.get('/secret', status=302)
forbidden = authable_app.get('/secret', xhr=True, status=403)
assert forbidden.json['status'] is False
authenticate(authable_app)
authable_app.get('/secret', status=403)
# go back to secret page
forbidden = authable_app.get('/secret', xhr=True, status=403)
# no permission, but logged.
assert forbidden.json['status'] is False
assert 'login_url' not in forbidden.json
def test_logout_login(active_user, extended_config, extended_app): # pylint:disable=unused-argument
"""Check logout action with configured logout redirection."""
extended_config.registry["fullauth"]["redirects"]["logout"] = "login"
authenticate(extended_app)
assert is_user_logged(extended_app) is True
res = extended_app.get("/logout", status=303)
assert is_user_logged(extended_app) is False
# redirection should be done to login page.
assert "/login" in res.location
res = extended_app.get("/secret", status=302)
assert res.status_code == 302
def test_automatic_logout(active_user, short_config, short_app): # pylint:disable=unused-argument
"""Test automatic logout."""
timeout = short_config.registry["fullauth"]["authtkt"]["timeout"] + 1
authenticate(short_app)
# Simulating inactivity
time.sleep(timeout)
res = short_app.get("/email/change")
assert res.headers[
"Location"] == "http://localhost/login?after=%2Femail%2Fchange"
res = res.follow()
assert res.form
def test_default_login_forbidden(active_user, authable_app):
"""After successful login, user should get 403 on secret page."""
authable_app.get('/secret', status=302)
forbidden = authable_app.get('/secret', xhr=True, status=403)
assert forbidden.json['status'] is False
authenticate(authable_app)
authable_app.get('/secret', status=403)
# go back to secret page
forbidden = authable_app.get('/secret', xhr=True, status=403)
# no permission, but logged.
assert forbidden.json['status'] is False
assert 'login_url' not in forbidden.json
def test_logout_login(active_user, extended_config, extended_app): # pylint:disable=unused-argument
"""Check logout action with configured logout redirection."""
extended_config.registry['config'].fullauth.redirects.logout = 'login'
authenticate(extended_app)
assert is_user_logged(extended_app) is True
res = extended_app.get('/logout', status=303)
assert is_user_logged(extended_app) is False
# redirection should be done to login page.
assert '/login' in res.location
res = extended_app.get('/secret', status=302)
assert res.status_code == 302
def test_logout_login(active_user, extended_config, extended_app):
"""Check logout action with configured logout redirection."""
extended_config.registry['config'].fullauth.redirects.logout = 'login'
authenticate(extended_app)
assert is_user_logged(extended_app) is True
res = extended_app.get('/logout', status=303)
assert is_user_logged(extended_app) is False
# redirection should be done to login page.
assert '/login' in res.location
res = extended_app.get('/secret', status=302)
assert res.status_code == 302
def test_automatic_logout(active_user, short_config, short_app):
"""Test automatic logout."""
timeout = short_config.registry['config']['fullauth']['AuthTkt'][
'timeout'] + 1
authenticate(short_app)
# Simulating inactivity
time.sleep(timeout)
res = short_app.get('/email/change')
assert res.headers[
'Location'] == 'http://localhost/login?after=%2Femail%2Fchange'
res = res.follow()
assert res.form
def test_email_view_logged(db_session, default_app):
"""Simple get for change email view."""
app = default_app
db_session.close()
# Session are de-syncronised
# login user
authenticate(app)
res = app.get("/email/change")
assert res.status_code == 200
assert res.form
assert res.form["email"]
def test_email_view_logged(db_session, active_user, default_app):
"""Simple get for change email view."""
app = default_app
db_session.close()
# Session are de-syncronised
# login user
authenticate(app)
res = app.get('/email/change')
assert res.status_code == 200
assert res.form
assert res.form['email']
def test_account_activation(user, db_session, default_app):
"""Activate user."""
user = db_session.merge(user)
default_app.get('/register/activate/' + user.activate_key)
transaction.commit()
user = db_session.query(User).filter(User.email == user.email).one()
assert not user.activate_key
assert user.is_active
assert user.activated_at
authenticate(default_app)
assert is_user_logged(default_app) is True
def test_account_activation(user, db_session, default_app):
"""Activate user."""
user = db_session.merge(user)
default_app.get('/register/activate/' + user.activate_key)
transaction.commit()
user = db_session.query(User).filter(User.email == user.email).one()
assert not user.activate_key
assert user.is_active
assert user.activated_at
authenticate(default_app)
assert is_user_logged(default_app) is True
def test_afteractivate(user, db_session, afteractivate_app): # pylint:disable=redefined-outer-name
"""Activate user adn check redirect through AfterActivate."""
user = db_session.merge(user)
res = afteractivate_app.get('/register/activate/' + user.activate_key)
assert res.location == EVENT_URL.format(AfterActivate)
transaction.commit()
user = db_session.query(User).filter(User.email == user.email).one()
assert not user.activate_key
assert user.is_active
assert user.activated_at
authenticate(afteractivate_app)
assert is_user_logged(afteractivate_app) is True
def test_afteractivate(user, db_session, afteractivate_app):
"""Activate user adn check redirect through AfterActivate."""
user = db_session.merge(user)
res = afteractivate_app.get('/register/activate/' + user.activate_key)
assert res.location == EVENT_URL.format(AfterActivate)
transaction.commit()
user = db_session.query(User).filter(User.email == user.email).one()
assert not user.activate_key
assert user.is_active
assert user.activated_at
authenticate(afteractivate_app)
assert is_user_logged(afteractivate_app) is True
def test_beforeemailchange_error(active_user, beforeemailchange_app):
"""Raise AttributeError from BeforeEmailChange event."""
app = beforeemailchange_app
authenticate(app)
new_email = '*****@*****.**'
res = app.get('/email/change')
res = app.post('/email/change', {
'csrf_token': res.form['csrf_token'].value,
'email': new_email
},
xhr=True)
assert res.json['status'] is False
assert res.json['msg'] == 'BeforeEmailChange'
def test_beforeemailchange_error(beforeemailchange_app): # pylint:disable=redefined-outer-name
"""Raise AttributeError from BeforeEmailChange event."""
app = beforeemailchange_app
authenticate(app)
new_email = '*****@*****.**'
res = app.get('/email/change')
res = app.post(
'/email/change',
{
'csrf_token': res.form['csrf_token'].value,
'email': new_email},
xhr=True)
assert res.json['status'] is False
assert res.json['msg'] == 'BeforeEmailChange'
def test_email_proceed_wrong_key(db_session, default_app):
"""Try to confirm email change view with wrong key."""
app = default_app
# login user
authenticate(app)
email = DEFAULT_USER["email"]
user = db_session.query(User).filter(User.email == email).one()
new_email = "*****@*****.**"
user.set_new_email(new_email)
transaction.commit()
user = db_session.merge(user)
res = app.get("/email/change/" + user.email_change_key + "randomchars", status=404)
assert res.status_code == 404
def test_login_redirect(active_user, afterlogin_app):
"""Log in and test redirect from AfterLogIn."""
assert is_user_logged(afterlogin_app) is False
res = authenticate(afterlogin_app)
assert res.location == EVENT_URL.format(AfterLogIn)
assert is_user_logged(afterlogin_app) is True
def test_login_redirect(afterlogin_app): # pylint:disable=redefined-outer-name
"""Log in and test redirect from AfterLogIn."""
assert is_user_logged(afterlogin_app) is False
res = authenticate(afterlogin_app)
assert res.location == EVENT_URL.format(AfterLogIn)
assert is_user_logged(afterlogin_app) is True
def test_login_redirect(afterlogin_app): # pylint:disable=redefined-outer-name
"""Log in and test redirect from AfterLogIn."""
assert is_user_logged(afterlogin_app) is False
res = authenticate(afterlogin_app)
assert res.location == EVENT_URL.format(AfterLogIn)
assert is_user_logged(afterlogin_app) is True
def test_email_proceed_wrong_key(db_session, active_user, default_app):
"""Try to confirm email change view with wrong key."""
app = default_app
# login user
authenticate(app)
email = DEFAULT_USER['email']
user = db_session.query(User).filter(User.email == email).one()
new_email = text_type('*****@*****.**')
user.set_new_email(new_email)
transaction.commit()
user = db_session.merge(user)
res = app.get(
'/email/change/' + user.email_change_key + 'randomchars', status=404)
assert res.status_code == 404
def test_login_redirect(active_user, afterlogin_app):
"""Log in and test redirect from AfterLogIn."""
assert is_user_logged(afterlogin_app) is False
res = authenticate(afterlogin_app)
assert res.location == EVENT_URL.format(AfterLogIn)
assert is_user_logged(afterlogin_app) is True
def test_login_remember(active_user, extended_app):
"""Login user and mark remember me field."""
res = extended_app.get('/login')
assert is_user_logged(extended_app) is False
res = authenticate(extended_app, remember=True)
assert is_user_logged(extended_app) is True
assert 'Max-Age=' in str(res)
def test_existing_email(db_session, active_user, default_app):
"""Try to change email to existing one email."""
# add other user
existing_email = text_type("*****@*****.**")
db_session.add(
User(email=existing_email,
password=text_type("somepassword"),
address_ip=DEFAULT_USER['address_ip']))
transaction.commit()
# login user
authenticate(default_app)
# submit request!
res = default_app.get('/email/change')
form = res.form
form['email'] = existing_email
res = form.submit()
assert 'Error! User with this email exists' in res
def test_login_remember(extended_app):
"""Login user and mark remember me field."""
res = extended_app.get("/login")
assert is_user_logged(extended_app) is False
res = authenticate(extended_app, remember=True)
assert is_user_logged(extended_app) is True
assert "Max-Age=" in str(res)
def test_login_remember(active_user, extended_app):
"""Login user and mark remember me field."""
res = extended_app.get('/login')
assert is_user_logged(extended_app) is False
res = authenticate(extended_app, remember=True)
assert is_user_logged(extended_app) is True
assert 'Max-Age=' in str(res)
def test_beforeemailchange_error(beforeemailchange_app, ): # pylint:disable=redefined-outer-name
"""Raise AttributeError from BeforeEmailChange event."""
app = beforeemailchange_app
authenticate(app)
new_email = "*****@*****.**"
res = app.get("/email/change")
res = app.post(
"/email/change",
{
"csrf_token": res.form["csrf_token"].value,
"email": new_email
},
xhr=True,
)
assert res.json["status"] is False
assert res.json["msg"] == "BeforeEmailChange"
def test_existing_email(db_session, active_user, default_app):
"""Try to change email to existing one email."""
# add other user
existing_email = text_type("*****@*****.**")
db_session.add(
User(
email=existing_email,
password=text_type("somepassword"),
address_ip=DEFAULT_USER['address_ip']
))
transaction.commit()
# login user
authenticate(default_app)
# submit request!
res = default_app.get('/email/change')
form = res.form
form['email'] = existing_email
res = form.submit()
assert 'Error! User with this email exists' in res
def test_existing_email(db_session, default_app):
"""Try to change email to existing one email."""
# add other user
existing_email = "*****@*****.**"
db_session.add(
User(
email=existing_email,
password="******",
address_ip=DEFAULT_USER["address_ip"],
)
)
transaction.commit()
# login user
authenticate(default_app)
# submit request!
res = default_app.get("/email/change")
form = res.form
form["email"] = existing_email
res = form.submit()
assert "Error! User with this email exists" in res
def test_login(active_user, extended_app):
"""Actually log in test."""
res = extended_app.get('/secret', status=302)
res = res.follow()
res = extended_app.get('/login?after=%2Fsecret')
assert is_user_logged(extended_app) is False
res = authenticate(extended_app)
assert 'Max-Age=' not in str(res)
assert is_user_logged(extended_app) is True
def test_login_ok(extended_app, email):
"""Actually log in test."""
res = extended_app.get("/secret", status=302)
res = res.follow()
res = extended_app.get("/login?after=%2Fsecret")
assert is_user_logged(extended_app) is False
res = authenticate(extended_app, email=email)
assert "Max-Age=" not in str(res)
assert is_user_logged(extended_app) is True
def test_login_ok(active_user, extended_app, email):
"""Actually log in test."""
res = extended_app.get('/secret', status=302)
res = res.follow()
res = extended_app.get('/login?after=%2Fsecret')
assert is_user_logged(extended_app) is False
res = authenticate(extended_app, email=email)
assert 'Max-Age=' not in str(res)
assert is_user_logged(extended_app) is True
def test_email_valid(db_session, active_user, default_app):
"""Change email with valid data."""
app = default_app
authenticate(app)
email = DEFAULT_USER['email']
new_email = '*****@*****.**'
user = db_session.query(User).filter(User.email == email).one()
res = app.get('/email/change')
form = res.form
form['email'] = new_email
res = form.submit()
assert res
transaction.commit()
user = db_session.query(User).filter(User.email == email).one()
assert user.new_email == new_email
assert user.email == email
assert user.email_change_key is not None
def test_email_valid(db_session, default_app):
"""Change email with valid data."""
app = default_app
authenticate(app)
email = DEFAULT_USER["email"]
new_email = "*****@*****.**"
user = db_session.query(User).filter(User.email == email).one()
res = app.get("/email/change")
form = res.form
form["email"] = new_email
res = form.submit()
assert res
transaction.commit()
user = db_session.query(User).filter(User.email == email).one()
assert user.new_email == new_email
assert user.email == email
assert user.email_change_key is not None
def test_afteremailchange(db_session, afteremailchange_app): # pylint:disable=redefined-outer-name
"""Redirect after successful email change request."""
app = afteremailchange_app
authenticate(app)
email = DEFAULT_USER['email']
new_email = '*****@*****.**'
user = db_session.query(User).filter(User.email == email).one()
res = app.get('/email/change')
form = res.form
form['email'] = new_email
res = form.submit()
assert res.location == EVENT_URL.format(AfterEmailChange)
transaction.commit()
user = db_session.query(User).filter(User.email == email).one()
assert user.new_email == new_email
assert user.email == email
assert user.email_change_key is not None
def test_login_invalid_cookie(db_session, active_user, extended_app):
"""Test access login page by deleted user."""
res = authenticate(extended_app)
assert 'Max-Age=' not in str(res)
assert is_user_logged(extended_app) is True
db_session.delete(active_user)
transaction.commit()
# will rise Attribute error
res = extended_app.get('/login')
assert res.status_code == 200, "Should stay since user is no longer valid!"
def test_email_proceed(db_session, active_user, default_app):
"""Confirm email change view."""
app = default_app
# login user
authenticate(app)
email = DEFAULT_USER['email']
user = db_session.query(User).filter(User.email == email).one()
new_email = text_type('*****@*****.**')
user.set_new_email(new_email)
transaction.commit()
user = db_session.merge(user)
res = app.get('/email/change/' + user.email_change_key)
assert res.status_code == 303
with pytest.raises(NoResultFound):
# there is no user with old email
db_session.query(User).filter(User.email == email).one()
user = db_session.query(User).filter(User.email == new_email).one()
assert not user.email_change_key
def test_afteremailchangeactivation(db_session, afteremailchange_app): # pylint:disable=redefined-outer-name
"""Confirm email change view with redirect from AfterEmailChangeActivation."""
app = afteremailchange_app
# login user
authenticate(app)
email = DEFAULT_USER['email']
user = db_session.query(User).filter(User.email == email).one()
new_email = text_type('*****@*****.**')
user.set_new_email(new_email)
transaction.commit()
user = db_session.merge(user)
res = app.get('/email/change/' + user.email_change_key)
assert res.status_code == 302
assert res.location == EVENT_URL.format(AfterEmailChangeActivation)
with pytest.raises(NoResultFound):
# there is no user with old email
db_session.query(User).filter(User.email == email).one()
user = db_session.query(User).filter(User.email == new_email).one()
assert not user.email_change_key
def test_default_login_redirectaway(active_user, authable_app):
"""After successful login, access to login page should result in redirect."""
authenticate(authable_app)
res = authable_app.get('/login', status=303)
assert res.location == 'http://localhost/'
def test_default_login_redirect_from_event(active_user, alreadyloggedin_app):
"""After successful login, access to login page should result in redirect."""
authenticate(alreadyloggedin_app)
res = alreadyloggedin_app.get('/login', status=302)
assert res.location == EVENT_URL.format(AlreadyLoggedIn)
def test_login_wrong(active_user, user_kwargs, extended_app):
"""Use wrong password during authentication."""
res = authenticate(extended_app, response_code=200, **user_kwargs)
assert 'Error! Wrong e-mail or password.' in res
assert res
def test_default_login_redirect_from_event(alreadyloggedin_app): # pylint:disable=redefined-outer-name
"""After successful login, access to login page should result in redirect."""
authenticate(alreadyloggedin_app)
res = alreadyloggedin_app.get('/login', status=302)
assert res.location == EVENT_URL.format(AlreadyLoggedIn)