def test_user_with_many_methods(active_user_with_many_otp_methods): active_user, _ = active_user_with_many_otp_methods mfa_method = active_user.mfa_methods.filter(is_primary=True).first() client = TrenchAPIClient() client.authenticate_multi_factor(mfa_method=mfa_method, user=active_user) response = client.get(path="/auth/mfa/user-active-methods/") assert len(response.data) == 4
def test_login_disabled_user(inactive_user): client = TrenchAPIClient() response = client.authenticate(user=inactive_user) assert response.status_code == HTTP_400_BAD_REQUEST assert ("Unable to login with provided credentials." or "User account is disabled." in response.data.get("non_field_errors"))
def test_get_jwt_without_otp(active_user): client = TrenchAPIClient() response = client.authenticate(user=active_user) assert response.status_code == HTTP_200_OK assert client.get_username_from_jwt(response=response) == getattr( active_user, User.USERNAME_FIELD, )
def test_get_ephemeral_token(active_user_with_email_otp): client = TrenchAPIClient() response = client.authenticate(user=active_user_with_email_otp) assert response.status_code == HTTP_200_OK assert (user_token_generator.check_token( user=None, token=client._extract_ephemeral_token_from_response(response=response), ) == active_user_with_email_otp)
def test_auth_token_first_step(active_user_with_email_otp): client = TrenchAPIClient() response = client.authenticate(user=active_user_with_email_otp, path=client.PATH_AUTH_TOKEN_LOGIN) assert response.status_code == HTTP_200_OK assert (user_token_generator.check_token( user=None, token=client._extract_ephemeral_token_from_response(response)) == active_user_with_email_otp)
def test_auth_token_both_steps(active_user_with_email_otp): client = TrenchAPIClient() mfa_method = active_user_with_email_otp.mfa_methods.first() response = client.authenticate_multi_factor( user=active_user_with_email_otp, mfa_method=mfa_method, path=client.PATH_AUTH_TOKEN_LOGIN, path_2nd_factor=client.PATH_AUTH_TOKEN_LOGIN_CODE, ) assert response.status_code == HTTP_200_OK assert response.data.get("auth_token") is not None
def test_login_missing_field(active_user): client = TrenchAPIClient() response = client.post( path=client.PATH_AUTH_JWT_LOGIN, data={ "username": "", "password": "******", }, format="json", ) assert response.status_code == HTTP_400_BAD_REQUEST assert "This field may not be blank." in response.data.get( User.USERNAME_FIELD)
def test_add_user_mfa(active_user): client = TrenchAPIClient() client.authenticate(user=active_user) secret = create_secret_command() response = client.post( path="/auth/email/activate/", data={ "secret": secret, "code": create_otp_command(secret=secret, interval=60).now(), "user": getattr(active_user, active_user.USERNAME_FIELD), }, format="json", ) assert response.status_code == HTTP_200_OK
def test_login_wrong_password(active_user): client = TrenchAPIClient() response = client.post( path=client.PATH_AUTH_JWT_LOGIN, data={ "username": getattr( active_user, User.USERNAME_FIELD, ), "password": "******", }, format="json", ) assert response.status_code == HTTP_400_BAD_REQUEST assert response.data.get( "error") == "Unable to login with provided credentials."
def test_deactivated_user(deactivated_user_with_email_otp): client = TrenchAPIClient() response = client.authenticate(user=deactivated_user_with_email_otp) assert response.status_code == HTTP_400_BAD_REQUEST