##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
pytest: Remove oauth related tests.
johbo -
r39:0aab9a51 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,391 +1,341 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2010-2016 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21 import pytest
22 22
23 23 from rhodecode.lib import helpers as h
24 24 from rhodecode.model.db import User, UserFollowing, Repository, UserApiKeys
25 25 from rhodecode.model.meta import Session
26 26 from rhodecode.tests import (
27 27 TestController, url, TEST_USER_ADMIN_LOGIN, TEST_USER_REGULAR_EMAIL,
28 28 assert_session_flash)
29 29 from rhodecode.tests.fixture import Fixture
30 30 from rhodecode.tests.utils import AssertResponse
31 31
32 32 fixture = Fixture()
33 33
34 34
35 35 class TestMyAccountController(TestController):
36 36 test_user_1 = 'testme'
37 37 destroy_users = set()
38 38
39 39 @classmethod
40 40 def teardown_class(cls):
41 41 fixture.destroy_users(cls.destroy_users)
42 42
43 43 def test_my_account(self):
44 44 self.log_user()
45 45 response = self.app.get(url('my_account'))
46 46
47 47 response.mustcontain('test_admin')
48 48 response.mustcontain('href="/_admin/my_account/edit"')
49 49
50 50 def test_logout_form_contains_csrf(self, autologin_user, csrf_token):
51 51 response = self.app.get(url('my_account'))
52 52 assert_response = AssertResponse(response)
53 53 element = assert_response.get_element('.logout #csrf_token')
54 54 assert element.value == csrf_token
55 55
56 56 def test_my_account_edit(self):
57 57 self.log_user()
58 58 response = self.app.get(url('my_account_edit'))
59 59
60 60 response.mustcontain('value="test_admin')
61 61
62 62 def test_my_account_my_repos(self):
63 63 self.log_user()
64 64 response = self.app.get(url('my_account_repos'))
65 65 repos = Repository.query().filter(
66 66 Repository.user == User.get_by_username(
67 67 TEST_USER_ADMIN_LOGIN)).all()
68 68 for repo in repos:
69 69 response.mustcontain('"name_raw": "%s"' % repo.repo_name)
70 70
71 71 def test_my_account_my_watched(self):
72 72 self.log_user()
73 73 response = self.app.get(url('my_account_watched'))
74 74
75 75 repos = UserFollowing.query().filter(
76 76 UserFollowing.user == User.get_by_username(
77 77 TEST_USER_ADMIN_LOGIN)).all()
78 78 for repo in repos:
79 79 response.mustcontain(
80 80 '"name_raw": "%s"' % repo.follows_repository.repo_name)
81 81
82 82 @pytest.mark.backends("git", "hg")
83 83 def test_my_account_my_pullrequests(self, pr_util):
84 84 self.log_user()
85 85 response = self.app.get(url('my_account_pullrequests'))
86 86 response.mustcontain('You currently have no open pull requests.')
87 87
88 88 pr = pr_util.create_pull_request()
89 89 response = self.app.get(url('my_account_pullrequests'))
90 90 response.mustcontain('Pull request #%d opened' % pr.pull_request_id)
91 91
92 92 def test_my_account_my_emails(self):
93 93 self.log_user()
94 94 response = self.app.get(url('my_account_emails'))
95 95 response.mustcontain('No additional emails specified')
96 96
97 97 def test_my_account_my_emails_add_existing_email(self):
98 98 self.log_user()
99 99 response = self.app.get(url('my_account_emails'))
100 100 response.mustcontain('No additional emails specified')
101 101 response = self.app.post(url('my_account_emails'),
102 102 {'new_email': TEST_USER_REGULAR_EMAIL,
103 103 'csrf_token': self.csrf_token})
104 104 assert_session_flash(response, 'This e-mail address is already taken')
105 105
106 106 def test_my_account_my_emails_add_mising_email_in_form(self):
107 107 self.log_user()
108 108 response = self.app.get(url('my_account_emails'))
109 109 response.mustcontain('No additional emails specified')
110 110 response = self.app.post(url('my_account_emails'),
111 111 {'csrf_token': self.csrf_token})
112 112 assert_session_flash(response, 'Please enter an email address')
113 113
114 114 def test_my_account_my_emails_add_remove(self):
115 115 self.log_user()
116 116 response = self.app.get(url('my_account_emails'))
117 117 response.mustcontain('No additional emails specified')
118 118
119 119 response = self.app.post(url('my_account_emails'),
120 120 {'new_email': 'foo@barz.com',
121 121 'csrf_token': self.csrf_token})
122 122
123 123 response = self.app.get(url('my_account_emails'))
124 124
125 125 from rhodecode.model.db import UserEmailMap
126 126 email_id = UserEmailMap.query().filter(
127 127 UserEmailMap.user == User.get_by_username(
128 128 TEST_USER_ADMIN_LOGIN)).filter(
129 129 UserEmailMap.email == 'foo@barz.com').one().email_id
130 130
131 131 response.mustcontain('foo@barz.com')
132 132 response.mustcontain('<input id="del_email_id" name="del_email_id" '
133 133 'type="hidden" value="%s" />' % email_id)
134 134
135 135 response = self.app.post(
136 136 url('my_account_emails'), {
137 137 'del_email_id': email_id, '_method': 'delete',
138 138 'csrf_token': self.csrf_token})
139 139 assert_session_flash(response, 'Removed email address from user account')
140 140 response = self.app.get(url('my_account_emails'))
141 141 response.mustcontain('No additional emails specified')
142 142
143 143 @pytest.mark.parametrize(
144 144 "name, attrs", [
145 145 ('firstname', {'firstname': 'new_username'}),
146 146 ('lastname', {'lastname': 'new_username'}),
147 147 ('admin', {'admin': True}),
148 148 ('admin', {'admin': False}),
149 149 ('extern_type', {'extern_type': 'ldap'}),
150 150 ('extern_type', {'extern_type': None}),
151 151 # ('extern_name', {'extern_name': 'test'}),
152 152 # ('extern_name', {'extern_name': None}),
153 153 ('active', {'active': False}),
154 154 ('active', {'active': True}),
155 155 ('email', {'email': 'some@email.com'}),
156 156 ])
157 157 def test_my_account_update(self, name, attrs):
158 158 usr = fixture.create_user(self.test_user_1, password='qweqwe',
159 159 email='testme@rhodecode.org',
160 160 extern_type='rhodecode',
161 161 extern_name=self.test_user_1,
162 162 skip_if_exists=True)
163 163 self.destroy_users.add(self.test_user_1)
164 164
165 165 params = usr.get_api_data() # current user data
166 166 user_id = usr.user_id
167 167 self.log_user(username=self.test_user_1, password='qweqwe')
168 168
169 169 params.update({'password_confirmation': ''})
170 170 params.update({'new_password': ''})
171 171 params.update({'extern_type': 'rhodecode'})
172 172 params.update({'extern_name': self.test_user_1})
173 173 params.update({'csrf_token': self.csrf_token})
174 174
175 175 params.update(attrs)
176 176 # my account page cannot set language param yet, only for admins
177 177 del params['language']
178 178 response = self.app.post(url('my_account'), params)
179 179
180 180 assert_session_flash(
181 181 response, 'Your account was updated successfully')
182 182
183 183 del params['csrf_token']
184 184
185 185 updated_user = User.get_by_username(self.test_user_1)
186 186 updated_params = updated_user.get_api_data()
187 187 updated_params.update({'password_confirmation': ''})
188 188 updated_params.update({'new_password': ''})
189 189
190 190 params['last_login'] = updated_params['last_login']
191 191 # my account page cannot set language param yet, only for admins
192 192 # but we get this info from API anyway
193 193 params['language'] = updated_params['language']
194 194
195 195 if name == 'email':
196 196 params['emails'] = [attrs['email']]
197 197 if name == 'extern_type':
198 198 # cannot update this via form, expected value is original one
199 199 params['extern_type'] = "rhodecode"
200 200 if name == 'extern_name':
201 201 # cannot update this via form, expected value is original one
202 202 params['extern_name'] = str(user_id)
203 203 if name == 'active':
204 204 # my account cannot deactivate account
205 205 params['active'] = True
206 206 if name == 'admin':
207 207 # my account cannot make you an admin !
208 208 params['admin'] = False
209 209
210 210 assert params == updated_params
211 211
212 212 def test_my_account_update_err_email_exists(self):
213 213 self.log_user()
214 214
215 215 new_email = 'test_regular@mail.com' # already exisitn email
216 216 response = self.app.post(url('my_account'),
217 217 params={
218 218 'username': 'test_admin',
219 219 'new_password': 'test12',
220 220 'password_confirmation': 'test122',
221 221 'firstname': 'NewName',
222 222 'lastname': 'NewLastname',
223 223 'email': new_email,
224 224 'csrf_token': self.csrf_token,
225 225 })
226 226
227 227 response.mustcontain('This e-mail address is already taken')
228 228
229 229 def test_my_account_update_err(self):
230 230 self.log_user('test_regular2', 'test12')
231 231
232 232 new_email = 'newmail.pl'
233 233 response = self.app.post(url('my_account'),
234 234 params={
235 235 'username': 'test_admin',
236 236 'new_password': 'test12',
237 237 'password_confirmation': 'test122',
238 238 'firstname': 'NewName',
239 239 'lastname': 'NewLastname',
240 240 'email': new_email,
241 241 'csrf_token': self.csrf_token,
242 242 })
243 243
244 244 response.mustcontain('An email address must contain a single @')
245 245 from rhodecode.model import validators
246 246 msg = validators.ValidUsername(
247 247 edit=False, old_data={})._messages['username_exists']
248 248 msg = h.html_escape(msg % {'username': 'test_admin'})
249 249 response.mustcontain(u"%s" % msg)
250 250
251 251 def test_my_account_auth_tokens(self):
252 252 usr = self.log_user('test_regular2', 'test12')
253 253 user = User.get(usr['user_id'])
254 254 response = self.app.get(url('my_account_auth_tokens'))
255 255 response.mustcontain(user.api_key)
256 256 response.mustcontain('expires: never')
257 257
258 258 @pytest.mark.parametrize("desc, lifetime", [
259 259 ('forever', -1),
260 260 ('5mins', 60*5),
261 261 ('30days', 60*60*24*30),
262 262 ])
263 263 def test_my_account_add_auth_tokens(self, desc, lifetime):
264 264 usr = self.log_user('test_regular2', 'test12')
265 265 user = User.get(usr['user_id'])
266 266 response = self.app.post(url('my_account_auth_tokens'),
267 267 {'description': desc, 'lifetime': lifetime,
268 268 'csrf_token': self.csrf_token})
269 269 assert_session_flash(response, 'Auth token successfully created')
270 270 try:
271 271 response = response.follow()
272 272 user = User.get(usr['user_id'])
273 273 for auth_token in user.auth_tokens:
274 274 response.mustcontain(auth_token)
275 275 finally:
276 276 for auth_token in UserApiKeys.query().all():
277 277 Session().delete(auth_token)
278 278 Session().commit()
279 279
280 280 def test_my_account_remove_auth_token(self):
281 281 # TODO: without this cleanup it fails when run with the whole
282 282 # test suite, so there must be some interference with other tests.
283 283 UserApiKeys.query().delete()
284 284
285 285 usr = self.log_user('test_regular2', 'test12')
286 286 User.get(usr['user_id'])
287 287 response = self.app.post(url('my_account_auth_tokens'),
288 288 {'description': 'desc', 'lifetime': -1,
289 289 'csrf_token': self.csrf_token})
290 290 assert_session_flash(response, 'Auth token successfully created')
291 291 response = response.follow()
292 292
293 293 # now delete our key
294 294 keys = UserApiKeys.query().all()
295 295 assert 1 == len(keys)
296 296
297 297 response = self.app.post(
298 298 url('my_account_auth_tokens'),
299 299 {'_method': 'delete', 'del_auth_token': keys[0].api_key,
300 300 'csrf_token': self.csrf_token})
301 301 assert_session_flash(response, 'Auth token successfully deleted')
302 302 keys = UserApiKeys.query().all()
303 303 assert 0 == len(keys)
304 304
305 305 def test_my_account_reset_main_auth_token(self):
306 306 usr = self.log_user('test_regular2', 'test12')
307 307 user = User.get(usr['user_id'])
308 308 api_key = user.api_key
309 309 response = self.app.get(url('my_account_auth_tokens'))
310 310 response.mustcontain(api_key)
311 311 response.mustcontain('expires: never')
312 312
313 313 response = self.app.post(
314 314 url('my_account_auth_tokens'),
315 315 {'_method': 'delete', 'del_auth_token_builtin': api_key,
316 316 'csrf_token': self.csrf_token})
317 317 assert_session_flash(response, 'Auth token successfully reset')
318 318 response = response.follow()
319 319 response.mustcontain(no=[api_key])
320 320
321 321 def test_password_is_updated_in_session_on_password_change(
322 322 self, user_util):
323 323 old_password = 'abcdef123'
324 324 new_password = 'abcdef124'
325 325
326 326 user = user_util.create_user(password=old_password)
327 327 session = self.log_user(user.username, old_password)
328 328 old_password_hash = session['password']
329 329
330 330 form_data = {
331 331 'current_password': old_password,
332 332 'new_password': new_password,
333 333 'new_password_confirmation': new_password,
334 334 'csrf_token': self.csrf_token
335 335 }
336 336 self.app.post(url('my_account_password'), form_data)
337 337
338 338 response = self.app.get(url('home'))
339 339 new_password_hash = response.session['rhodecode_user']['password']
340 340
341 341 assert old_password_hash != new_password_hash
342
343 def test_my_account_oauth_tokens_empty(self):
344 usr = self.log_user('test_regular2', 'test12')
345 User.get(usr['user_id'])
346 response = self.app.get(url('my_account_oauth'))
347 response.mustcontain(no=['Connect with GitHub'])
348 response.mustcontain('You have no accounts linked yet')
349
350 def test_my_account_oauth_tokens_present(self):
351 from rhodecode.model.db import ExternalIdentity
352 usr = self.log_user('test_regular2', 'test12')
353 user = User.get(usr['user_id'])
354
355 ex_identity = ExternalIdentity()
356 ex_identity.external_id = '55'
357 ex_identity.provider_name = 'twitter'
358 ex_identity.local_user_id = user.user_id
359 db_session = Session()
360 db_session.add(ex_identity)
361 Session.flush()
362 db_session.commit()
363 try:
364 response = self.app.get(url('my_account_oauth'))
365 response.mustcontain('twitter',
366 no=['You have no accounts linked yet'])
367 finally:
368 db_session = Session()
369 db_session.delete(ex_identity)
370 db_session.commit()
371
372 def test_my_account_oauth_tokens_delete(self):
373 from rhodecode.model.db import ExternalIdentity
374 usr = self.log_user('test_regular2', 'test12')
375 user = User.get(usr['user_id'])
376
377 ex_identity = ExternalIdentity()
378 ex_identity.external_id = '99'
379 ex_identity.provider_name = 'twitter'
380 ex_identity.local_user_id = user.user_id
381 db_session = Session()
382 db_session.add(ex_identity)
383 Session.flush()
384 db_session.commit()
385 assert ExternalIdentity.query().count() == 1
386 response = self.app.post(
387 url('my_account_oauth', provider_name='twitter',
388 external_id='99'),
389 {'_method': 'delete', 'csrf_token': self.csrf_token})
390 assert_session_flash(response, 'OAuth token successfully deleted')
391 assert ExternalIdentity.query().count() == 0
General Comments 0
You need to be logged in to leave comments. Login now