def test_failed_pass_change_with_incorrect_old_password(self):
oldpassword = random_password(self.rd)
newpassword = random_password(self.rd)
data = {
"oldpassword": oldpassword,
"newpassword1": newpassword,
"newpassword2": newpassword,
}
self.client.post(reverse("research settings"), data)
self.assertTrue(get_user(self.client).is_authenticated)
def test_trying_wrong_password(self):
new_password = random_password(self.rd)
# change user's password
response = self.client.post(
self.url,
{
"oldpassword": random_password(self.rd),
"newpassword1": new_password,
"newpassword2": new_password,
},
)
self.assertTrue(get_user(self.client).is_authenticated)
def test_invalid_login(self):
# Meepy visits the login page, but enters the incorrect username.
self.go_to_login_page()
initial_url = self.browser.current_url
self.get_userbox().send_keys(random_username(self.rd))
self.get_passbox().send_keys(self.password)
self.get_passbox().send_keys(Keys.ENTER)
self.wait_for(lambda: self.assertIn("Username does not exist.", self.
browser.page_source))
self.assertEqual(self.browser.current_url, initial_url)
# Meepy enters the correct username, but the incorrect password
self.get_userbox().clear()
self.get_userbox().send_keys(self.username)
self.get_passbox().send_keys(random_password(self.rd))
self.get_passbox().send_keys(Keys.ENTER)
self.wait_for(lambda: self.assertIn(
"Sorry, that login was invalid. Please try again.",
self.browser.page_source,
))
self.assertEqual(self.browser.current_url, initial_url)
# Meepy enters the correct username and password, and logs in successfully
self.get_userbox().clear()
self.get_passbox().clear()
self.get_userbox().send_keys(self.username)
self.get_passbox().send_keys(self.password)
self.get_passbox().send_keys(Keys.ENTER)
self.wait_for(lambda: self.assertIn("Dashboard", self.browser.title))
def test_invalid_login(self):
# Try to log in as a nonexistent user
form = ResearchLoginForm(data=self.form_data)
self.assertFalse(form.is_valid())
# Try to log in as a deactivated user
user = User.objects.create_user(username=self.username,
email=self.email,
password=self.password)
form = ResearchLoginForm(data=self.form_data)
self.assertTrue(form.is_valid())
user.is_active = False
user.save()
form = ResearchLoginForm(data=self.form_data)
self.assertFalse(form.is_valid())
# Try to log in with an invalid password
data = {
"username": self.username,
"password": random_password(self.rd)
}
form = ResearchLoginForm(data=data)
self.assertFalse(form.is_valid())
def setUp(self):
super().setUp(preauth=True)
# Create some compendium entries as user 1
test_tag = CompendiumEntryTag.objects.create(tagname="test_tag")
test_author = Author.objects.create(authorname="test_author")
self.data = {
"title": "test article",
"url": "https://www.example.com",
"edit-entry": "",
"tags": [test_tag.id],
"authors": [test_author.id],
}
self.create_compendium_entries(self.data, 3)
self.client.logout()
# Create a second user, and add some entries as that user
email2 = random_email(self.rd)
username2 = random_username(self.rd)
password2 = random_password(self.rd)
self.user2 = User.objects.create_user(email=email2,
username=username2,
password=password2)
self.client.force_login(self.user2)
self.create_compendium_entries(self.data, 3)
def test_password_invalidation(self):
user = User.objects.create_user(
username=self.username, email=self.email, password=self.password,
)
min_len = settings.MIN_PASSWORD_LENGTH
max_len = settings.MAX_PASSWORD_LENGTH
# Password too short
password = random_password(self.rd)[: min_len - 1].encode("utf-8")
with self.assertRaises(ValidationError):
validate_password(password)
# Password too long
password = b64encode(token_bytes(200))[: max_len + 1]
with self.assertRaises(ValidationError):
validate_password(password)
# Password is too similar to user information
with self.assertRaises(ValidationError):
validate_password(password, user=user)
# Password is too common
with self.assertRaises(ValidationError):
validate_password("password12345")
with self.assertRaises(ValidationError):
validate_password("1234567890")
def setUp(self):
super().setUp()
# Create some example tags for testing
self.tag_ids = []
for tagname in ("test_tag_A", "test_tag_B", "test_tag_C"):
if not CompendiumEntryTag.objects.filter(tagname=tagname).exists():
new_tag = CompendiumEntryTag.objects.create(tagname=tagname)
self.tag_ids.append(new_tag.id)
self.title = random_password(self.rd)
self.abstract = random_password(self.rd)
self.url = "https://example.com"
self.data = {
"title": self.title,
"abstract": self.abstract,
"url": self.url,
"tags": [self.tag_ids[0]],
}
def test_invalid_logins(self):
# Attempt to login as a nonexistent user
self.client.login(username=self.username, password=self.password)
self.assertFalse(get_user(self.client).is_authenticated)
# Attempt to login as an existing user but with an invalid password
User.objects.create_user(username=self.username,
email=self.email,
password=self.password)
self.client.login(username=self.username,
password=random_password(self.rd))
self.assertFalse(get_user(self.client).is_authenticated)
def test_password_change(self):
"""
Ensure that the ChangePasswordForm correctly validates the user input
when they enter their original password, and the new passwords match.
"""
newpass = random_password(self.rd)
data = {
"oldpassword": self.password,
"newpassword1": newpass,
"newpassword2": newpass,
}
form = PasswordChangeForm(data=data)
self.assertTrue(form.is_valid())
def test_password_change_should_logout(self):
new_password = random_password(self.rd)
# change user's password
response = self.client.post(
self.url,
{
"oldpassword": self.password,
"newpassword1": new_password,
"newpassword2": new_password,
},
)
self.assertFalse(get_user(self.client).is_authenticated)
def test_logout_on_password_change(self):
response = self.client.get(reverse("research settings"))
self.assertTemplateUsed(response, "base.html")
# try to change password with correct credentials
newpassword = random_password(self.rd)
data = {
"oldpassword": self.password,
"newpassword1": newpassword,
"newpassword2": newpassword,
}
self.client.post(reverse("research settings"), data)
self.assertFalse(get_user(self.client).is_authenticated)
def test_navigation_to_password_change_form(self):
self.browser.get(self.live_server_url + reverse("research dashboard"))
# Meepy clicks the profile button in the navbar, and then clicks the settings
# button.
navbar = self.browser.find_element_by_id("navbar")
profile_button = navbar.find_element_by_id(
"user-profile-dropdown-button")
self.browser.execute_script("arguments[0].click();", profile_button)
menu = navbar.find_element_by_id("user-profile-dropdown-menu")
settings_button = menu.find_element_by_id("user-settings")
self.browser.execute_script("arguments[0].click();", settings_button)
self.wait_for(lambda: self.assertIn("Settings", self.browser.title))
# Meepy then clicks on change password link
change_password_link = self.browser.find_element_by_id(
"change-password-link")
self.browser.execute_script("arguments[0].click();",
change_password_link)
# Meepy enters her current and new password (twice) and she should be
# logged out on successful change of password
oldpass_box = self.browser.find_element_by_id("id_oldpassword")
newpass1_box = self.browser.find_element_by_id("id_newpassword1")
newpass2_box = self.browser.find_element_by_id("id_newpassword2")
self.assertEqual(oldpass_box.get_attribute("placeholder"),
"Your old Password")
self.assertEqual(newpass1_box.get_attribute("placeholder"),
"New Password")
self.assertEqual(newpass2_box.get_attribute("placeholder"),
"Confirm New Password")
newpass = random_password(self.rd)
oldpass_box.send_keys(self.password)
newpass1_box.send_keys(newpass)
newpass2_box.send_keys(newpass)
newpass2_box.send_keys(Keys.ENTER)
self.wait_for(lambda: self.assertIn("Login", self.browser.title))
def test_invalid_login(self):
### Use a nonexistent username
login_data = {
"username": random_username(self.rd),
"password": self.password
}
self.client.post(reverse("research login"), login_data)
self.assertFalse(get_user(self.client).is_authenticated)
### Use an existing username, but an incorrect password
original_db_entry = User.objects.get(username=self.username).password
login_data = {
"username": self.username,
"password": random_password(self.rd)
}
self.client.post(reverse("research login"), login_data)
self.assertFalse(get_user(self.client).is_authenticated)
# Database should not have changed
self.assertEqual(original_db_entry,
User.objects.get(username=self.username).password)
def test_passwords_must_match(self):
self.data["password_2"] = random_password(self.rd)
self.assertFalse(SignupForm(data=self.data).is_valid())
