def test_user_retrieval_from_token(self):
clock = testutil.MockDatetime()
u = self.make_user("userid1", "credential version 0")
token = tokens.AuthToken.for_user(u, clock)
retrieved = tokens.AuthToken.get_user_for_value(
token.value, user_models.UserData.get_from_user_id, clock)
self.assertEquals(retrieved.key(), u.key())
def test_auth_token_parses(self):
clock = testutil.MockDatetime()
u = self.make_user("userid1", "credential version 0")
token = tokens.AuthToken.for_user(u, clock)
parsed = tokens.AuthToken.for_value(token.value)
time_to_expiry = datetime.timedelta(30)
self.assertTrue(parsed.is_valid(u, time_to_expiry, clock))
def test_pw_reset_token_does_not_reset_pw_until_used(self):
clock = testutil.MockDatetime()
u = self.make_user("userid1")
u.set_password("seekrit one")
pw_token = tokens.PasswordResetToken.for_user(u, clock)
self.assertTrue(pw_token.is_valid(u, datetime.timedelta(1), clock))
# Didn't use the token-just issued it, so the existing pw should work
self.assertTrue(u.validate_password("seekrit one"))
def test_pw_reset_token_resets_on_subsequent_creations(self):
clock = testutil.MockDatetime()
u = self.make_user("userid1", "credential version 0")
token1 = tokens.PasswordResetToken.for_user(u, clock)
self.assertTrue(token1.is_valid(u, datetime.timedelta(1), clock))
token2 = tokens.PasswordResetToken.for_user(u, clock)
self.assertFalse(token1.is_valid(u, datetime.timedelta(1), clock))
self.assertTrue(token2.is_valid(u, datetime.timedelta(1), clock))
def test_pw_reset_token_should_be_single_use(self):
clock = testutil.MockDatetime()
u = self.make_user("userid1")
u.set_password("seekrit one")
pw_token = tokens.PasswordResetToken.for_user(u, clock)
self.assertTrue(pw_token.is_valid(u, datetime.timedelta(1), clock))
u.set_password("seekrit two")
self.assertFalse(pw_token.is_valid(u, datetime.timedelta(1), clock))
def test_token_invalidates_properly(self):
clock = testutil.MockDatetime()
u = self.make_user("userid1", "credential version 0")
token = tokens.AuthToken.for_user(u, clock)
time_to_expiry = datetime.timedelta(30)
self.assertTrue(token.is_valid(u, time_to_expiry, clock))
# Pretend the user changed her password.
u.credential_version = "credential version 1"
u.put()
self.assertFalse(token.is_valid(u, time_to_expiry, clock))
def test_token_expires_properly(self):
clock = testutil.MockDatetime()
u = self.make_user("userid1", "credential version 0")
token = tokens.AuthToken.for_user(u, clock)
time_to_expiry = datetime.timedelta(30)
self.assertTrue(token.is_valid(u, time_to_expiry, clock))
# The day before expiry
clock.advance_days(29)
self.assertTrue(token.is_valid(u, time_to_expiry, clock))
# Right at expiring point!
clock.advance_days(1)
self.assertTrue(token.is_valid(u, time_to_expiry, clock))
# Tick - it's now stale.
clock.advance(datetime.timedelta(seconds=1))
self.assertFalse(token.is_valid(u, time_to_expiry, clock))
def test_timestamp_creation(self):
clock = testutil.MockDatetime()
def assertDatetimeSerializes():
now = clock.utcnow()
timestamp = tokens._to_timestamp(now)
self.assertEquals(now, tokens._from_timestamp(timestamp))
assertDatetimeSerializes()
clock.advance_days(1)
assertDatetimeSerializes()
clock.advance_days(30)
assertDatetimeSerializes()
clock.advance_days(366)
assertDatetimeSerializes()
clock.advance(datetime.timedelta(seconds=1))
assertDatetimeSerializes()
clock.advance(datetime.timedelta(microseconds=1))
assertDatetimeSerializes()
def test_releasing_usernames(self):
clock = testutil.MockDatetime()
u1 = self.make_user("bob")
u2 = self.make_user("robert")
# u1 gets "superbob", but changes his mind.
self.assertTrue(u1.claim_username("superbob", clock))
self.assertEqual("superbob", u1.username)
self.assertTrue(u1.claim_username("ultrabob", clock))
self.assertEqual("ultrabob", u1.username)
# TOTAL HACK - for some reason without this read (which shouldn't
# actually have any side effect), the following assert fails because
# there's no strong consistency ensured on the HRD.
db.get([u1.key()])
self.assertEqual(u1.user_id,
UserData.get_from_username("ultrabob").user_id)
self.assertEqual(None, UserData.get_from_username("superbob"))
# Usernames go into a holding pool, even after they're released
self.assertFalse(u2.claim_username("superbob", clock))
# Note that the original owner can't even have it back
self.assertFalse(u1.claim_username("superbob", clock))
# Still no good at the border of the holding period
clock.advance(UniqueUsername.HOLDING_PERIOD_DELTA)
self.assertFalse(u2.claim_username("superbob", clock))
# OK - now u2 can have it.
clock.advance_days(1)
self.assertTrue(u2.claim_username("superbob", clock))
self.assertEqual("superbob", u2.username)
db.get([u2.key()])
self.assertEqual(u2.user_id,
UserData.get_from_username("superbob").user_id)