test_2fa.py
67 lines
| 2.5 KiB
| text/x-python
|
PythonLexer
r5360 | import pytest | |||
r5378 | import mock | |||
r5360 | ||||
r5378 | from rhodecode.lib.type_utils import AttributeDict | |||
r5360 | from rhodecode.model.meta import Session | |||
r5607 | from rhodecode.tests.fixtures.rc_fixture import Fixture | |||
r5360 | from rhodecode.tests.routes import route_path | |||
from rhodecode.model.settings import SettingsModel | ||||
fixture = Fixture() | ||||
@pytest.mark.usefixtures('app') | ||||
class Test2FA(object): | ||||
@classmethod | ||||
def setup_class(cls): | ||||
cls.password = 'valid-one' | ||||
def test_redirect_to_2fa_setup_if_enabled_for_user(self, user_util): | ||||
user = user_util.create_user(password=self.password) | ||||
user.has_enabled_2fa = True | ||||
self.app.post( | ||||
route_path('login'), | ||||
{'username': user.username, | ||||
'password': self.password}) | ||||
response = self.app.get('/') | ||||
assert response.status_code == 302 | ||||
assert response.location.endswith(route_path('setup_2fa')) | ||||
def test_redirect_to_2fa_check_if_2fa_configured(self, user_util): | ||||
user = user_util.create_user(password=self.password) | ||||
user.has_enabled_2fa = True | ||||
r5367 | user.init_secret_2fa() | |||
r5360 | Session().add(user) | |||
Session().commit() | ||||
self.app.post( | ||||
route_path('login'), | ||||
{'username': user.username, | ||||
'password': self.password}) | ||||
response = self.app.get('/') | ||||
assert response.status_code == 302 | ||||
assert response.location.endswith(route_path('check_2fa')) | ||||
def test_2fa_recovery_codes_works_only_once(self, user_util): | ||||
user = user_util.create_user(password=self.password) | ||||
user.has_enabled_2fa = True | ||||
r5367 | user.init_secret_2fa() | |||
r5377 | recovery_code_to_check = user.init_2fa_recovery_codes()[0] | |||
r5360 | Session().add(user) | |||
Session().commit() | ||||
self.app.post( | ||||
route_path('login'), | ||||
{'username': user.username, | ||||
'password': self.password}) | ||||
r5377 | response = self.app.post(route_path('check_2fa'), {'totp': recovery_code_to_check}) | |||
r5360 | assert response.status_code == 302 | |||
r5377 | response = self.app.post(route_path('check_2fa'), {'totp': recovery_code_to_check}) | |||
r5360 | response.mustcontain('Code is invalid. Try again!') | |||
def test_2fa_state_when_forced_by_admin(self, user_util): | ||||
user = user_util.create_user(password=self.password) | ||||
user.has_enabled_2fa = False | ||||
r5378 | with mock.patch.object( | |||
SettingsModel, 'get_setting_by_name', lambda *a, **kw: AttributeDict(app_settings_value=True)): | ||||
assert user.has_enabled_2fa | ||||