##// END OF EJS Templates
fix(db-bootstrap): don't store LFS/largefiles data into DB as they are controlled now via .ini files
fix(db-bootstrap): don't store LFS/largefiles data into DB as they are controlled now via .ini files

File last commit:

r5173:95a4b30f default
r5605:b5407486 default
Show More
test_my_account_auth_tokens.py
98 lines | 3.6 KiB | text/x-python | PythonLexer
/ rhodecode / apps / my_account / tests / test_my_account_auth_tokens.py
copyrights: updated for 2023
r5088 # Copyright (C) 2010-2023 RhodeCode GmbH
my-account-auth-tokens: moved into pyramid apps....
r1505 #
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License, version 3
# (only), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# This program is dual-licensed. If you wish to learn more about the
# RhodeCode Enterprise Edition, including its added features, Support services,
# and proprietary license terms, please see https://rhodecode.com/licenses/
import pytest
from rhodecode.apps._base import ADMIN_PREFIX
from rhodecode.model.db import User
from rhodecode.tests import (
tests: refactor code to use a single test url generator
r5173 TestController, assert_session_flash)
my-account-auth-tokens: moved into pyramid apps....
r1505 from rhodecode.tests.fixture import Fixture
tests: refactor code to use a single test url generator
r5173 from rhodecode.tests.routes import route_path
my-account-auth-tokens: moved into pyramid apps....
r1505
tests: refactor code to use a single test url generator
r5173 fixture = Fixture()
my-account-auth-tokens: moved into pyramid apps....
r1505
class TestMyAccountAuthTokens(TestController):
def test_my_account_auth_tokens(self):
usr = self.log_user('test_regular2', 'test12')
user = User.get(usr['user_id'])
response = self.app.get(route_path('my_account_auth_tokens'))
for token in user.auth_tokens:
users: added more secure way for fetching authentication tokens....
r4316 response.mustcontain(token[:4])
my-account-auth-tokens: moved into pyramid apps....
r1505 response.mustcontain('never')
def test_my_account_add_auth_tokens_wrong_csrf(self, user_util):
user = user_util.create_user(password='qweqwe')
self.log_user(user.username, 'qweqwe')
self.app.post(
route_path('my_account_auth_tokens_add'),
{'description': 'desc', 'lifetime': -1}, status=403)
@pytest.mark.parametrize("desc, lifetime", [
('forever', -1),
('5mins', 60*5),
('30days', 60*60*24*30),
])
def test_my_account_add_auth_tokens(self, desc, lifetime, user_util):
user = user_util.create_user(password='qweqwe')
user_id = user.user_id
self.log_user(user.username, 'qweqwe')
response = self.app.post(
route_path('my_account_auth_tokens_add'),
{'description': desc, 'lifetime': lifetime,
'csrf_token': self.csrf_token})
assert_session_flash(response, 'Auth token successfully created')
response = response.follow()
user = User.get(user_id)
for auth_token in user.auth_tokens:
users: added more secure way for fetching authentication tokens....
r4316 response.mustcontain(auth_token[:4])
my-account-auth-tokens: moved into pyramid apps....
r1505
def test_my_account_delete_auth_token(self, user_util):
user = user_util.create_user(password='qweqwe')
user_id = user.user_id
self.log_user(user.username, 'qweqwe')
user = User.get(user_id)
user: deprecated usage of api_keys....
r1953 keys = user.get_auth_tokens()
my-account-auth-tokens: moved into pyramid apps....
r1505 assert 2 == len(keys)
response = self.app.post(
route_path('my_account_auth_tokens_add'),
{'description': 'desc', 'lifetime': -1,
'csrf_token': self.csrf_token})
assert_session_flash(response, 'Auth token successfully created')
response.follow()
user = User.get(user_id)
user: deprecated usage of api_keys....
r1953 keys = user.get_auth_tokens()
my-account-auth-tokens: moved into pyramid apps....
r1505 assert 3 == len(keys)
response = self.app.post(
route_path('my_account_auth_tokens_delete'),
my-account: use audit logs for email and token actions.
r1820 {'del_auth_token': keys[0].user_api_key_id, 'csrf_token': self.csrf_token})
my-account-auth-tokens: moved into pyramid apps....
r1505 assert_session_flash(response, 'Auth token successfully deleted')
user = User.get(user_id)
user: deprecated usage of api_keys....
r1953 keys = user.auth_tokens
my-account-auth-tokens: moved into pyramid apps....
r1505 assert 2 == len(keys)