##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
tests: fixed tests case when we tested token deletion and purged all tokens in the system.
marcink -
r1419:6c1aa54d default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,396 +1,400 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2010-2017 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21 import pytest
22 22
23 23 from rhodecode.lib import helpers as h
24 24 from rhodecode.lib.auth import check_password
25 25 from rhodecode.model.db import User, UserFollowing, Repository, UserApiKeys
26 26 from rhodecode.model.meta import Session
27 27 from rhodecode.tests import (
28 28 TestController, url, TEST_USER_ADMIN_LOGIN, TEST_USER_REGULAR_EMAIL,
29 29 assert_session_flash)
30 30 from rhodecode.tests.fixture import Fixture
31 31 from rhodecode.tests.utils import AssertResponse
32 32
33 33 fixture = Fixture()
34 34
35 35
36 36 class TestMyAccountController(TestController):
37 37 test_user_1 = 'testme'
38 38 test_user_1_password = '0jd83nHNS/d23n'
39 39 destroy_users = set()
40 40
41 41 @classmethod
42 42 def teardown_class(cls):
43 43 fixture.destroy_users(cls.destroy_users)
44 44
45 45 def test_my_account(self):
46 46 self.log_user()
47 47 response = self.app.get(url('my_account'))
48 48
49 49 response.mustcontain('test_admin')
50 50 response.mustcontain('href="/_admin/my_account/edit"')
51 51
52 52 def test_logout_form_contains_csrf(self, autologin_user, csrf_token):
53 53 response = self.app.get(url('my_account'))
54 54 assert_response = AssertResponse(response)
55 55 element = assert_response.get_element('.logout #csrf_token')
56 56 assert element.value == csrf_token
57 57
58 58 def test_my_account_edit(self):
59 59 self.log_user()
60 60 response = self.app.get(url('my_account_edit'))
61 61
62 62 response.mustcontain('value="test_admin')
63 63
64 64 def test_my_account_my_repos(self):
65 65 self.log_user()
66 66 response = self.app.get(url('my_account_repos'))
67 67 repos = Repository.query().filter(
68 68 Repository.user == User.get_by_username(
69 69 TEST_USER_ADMIN_LOGIN)).all()
70 70 for repo in repos:
71 71 response.mustcontain('"name_raw": "%s"' % repo.repo_name)
72 72
73 73 def test_my_account_my_watched(self):
74 74 self.log_user()
75 75 response = self.app.get(url('my_account_watched'))
76 76
77 77 repos = UserFollowing.query().filter(
78 78 UserFollowing.user == User.get_by_username(
79 79 TEST_USER_ADMIN_LOGIN)).all()
80 80 for repo in repos:
81 81 response.mustcontain(
82 82 '"name_raw": "%s"' % repo.follows_repository.repo_name)
83 83
84 84 @pytest.mark.backends("git", "hg")
85 85 def test_my_account_my_pullrequests(self, pr_util):
86 86 self.log_user()
87 87 response = self.app.get(url('my_account_pullrequests'))
88 88 response.mustcontain('There are currently no open pull '
89 89 'requests requiring your participation.')
90 90
91 91 pr = pr_util.create_pull_request(title='TestMyAccountPR')
92 92 response = self.app.get(url('my_account_pullrequests'))
93 93 response.mustcontain('"name_raw": %s' % pr.pull_request_id)
94 94 response.mustcontain('TestMyAccountPR')
95 95
96 96 def test_my_account_my_emails(self):
97 97 self.log_user()
98 98 response = self.app.get(url('my_account_emails'))
99 99 response.mustcontain('No additional emails specified')
100 100
101 101 def test_my_account_my_emails_add_existing_email(self):
102 102 self.log_user()
103 103 response = self.app.get(url('my_account_emails'))
104 104 response.mustcontain('No additional emails specified')
105 105 response = self.app.post(url('my_account_emails'),
106 106 {'new_email': TEST_USER_REGULAR_EMAIL,
107 107 'csrf_token': self.csrf_token})
108 108 assert_session_flash(response, 'This e-mail address is already taken')
109 109
110 110 def test_my_account_my_emails_add_mising_email_in_form(self):
111 111 self.log_user()
112 112 response = self.app.get(url('my_account_emails'))
113 113 response.mustcontain('No additional emails specified')
114 114 response = self.app.post(url('my_account_emails'),
115 115 {'csrf_token': self.csrf_token})
116 116 assert_session_flash(response, 'Please enter an email address')
117 117
118 118 def test_my_account_my_emails_add_remove(self):
119 119 self.log_user()
120 120 response = self.app.get(url('my_account_emails'))
121 121 response.mustcontain('No additional emails specified')
122 122
123 123 response = self.app.post(url('my_account_emails'),
124 124 {'new_email': 'foo@barz.com',
125 125 'csrf_token': self.csrf_token})
126 126
127 127 response = self.app.get(url('my_account_emails'))
128 128
129 129 from rhodecode.model.db import UserEmailMap
130 130 email_id = UserEmailMap.query().filter(
131 131 UserEmailMap.user == User.get_by_username(
132 132 TEST_USER_ADMIN_LOGIN)).filter(
133 133 UserEmailMap.email == 'foo@barz.com').one().email_id
134 134
135 135 response.mustcontain('foo@barz.com')
136 136 response.mustcontain('<input id="del_email_id" name="del_email_id" '
137 137 'type="hidden" value="%s" />' % email_id)
138 138
139 139 response = self.app.post(
140 140 url('my_account_emails'), {
141 141 'del_email_id': email_id, '_method': 'delete',
142 142 'csrf_token': self.csrf_token})
143 143 assert_session_flash(response, 'Removed email address from user account')
144 144 response = self.app.get(url('my_account_emails'))
145 145 response.mustcontain('No additional emails specified')
146 146
147 147 @pytest.mark.parametrize(
148 148 "name, attrs", [
149 149 ('firstname', {'firstname': 'new_username'}),
150 150 ('lastname', {'lastname': 'new_username'}),
151 151 ('admin', {'admin': True}),
152 152 ('admin', {'admin': False}),
153 153 ('extern_type', {'extern_type': 'ldap'}),
154 154 ('extern_type', {'extern_type': None}),
155 155 # ('extern_name', {'extern_name': 'test'}),
156 156 # ('extern_name', {'extern_name': None}),
157 157 ('active', {'active': False}),
158 158 ('active', {'active': True}),
159 159 ('email', {'email': 'some@email.com'}),
160 160 ])
161 161 def test_my_account_update(self, name, attrs):
162 162 usr = fixture.create_user(self.test_user_1,
163 163 password=self.test_user_1_password,
164 164 email='testme@rhodecode.org',
165 165 extern_type='rhodecode',
166 166 extern_name=self.test_user_1,
167 167 skip_if_exists=True)
168 168 self.destroy_users.add(self.test_user_1)
169 169
170 170 params = usr.get_api_data() # current user data
171 171 user_id = usr.user_id
172 172 self.log_user(
173 173 username=self.test_user_1, password=self.test_user_1_password)
174 174
175 175 params.update({'password_confirmation': ''})
176 176 params.update({'new_password': ''})
177 177 params.update({'extern_type': 'rhodecode'})
178 178 params.update({'extern_name': self.test_user_1})
179 179 params.update({'csrf_token': self.csrf_token})
180 180
181 181 params.update(attrs)
182 182 # my account page cannot set language param yet, only for admins
183 183 del params['language']
184 184 response = self.app.post(url('my_account'), params)
185 185
186 186 assert_session_flash(
187 187 response, 'Your account was updated successfully')
188 188
189 189 del params['csrf_token']
190 190
191 191 updated_user = User.get_by_username(self.test_user_1)
192 192 updated_params = updated_user.get_api_data()
193 193 updated_params.update({'password_confirmation': ''})
194 194 updated_params.update({'new_password': ''})
195 195
196 196 params['last_login'] = updated_params['last_login']
197 197 # my account page cannot set language param yet, only for admins
198 198 # but we get this info from API anyway
199 199 params['language'] = updated_params['language']
200 200
201 201 if name == 'email':
202 202 params['emails'] = [attrs['email']]
203 203 if name == 'extern_type':
204 204 # cannot update this via form, expected value is original one
205 205 params['extern_type'] = "rhodecode"
206 206 if name == 'extern_name':
207 207 # cannot update this via form, expected value is original one
208 208 params['extern_name'] = str(user_id)
209 209 if name == 'active':
210 210 # my account cannot deactivate account
211 211 params['active'] = True
212 212 if name == 'admin':
213 213 # my account cannot make you an admin !
214 214 params['admin'] = False
215 215
216 216 assert params == updated_params
217 217
218 218 def test_my_account_update_err_email_exists(self):
219 219 self.log_user()
220 220
221 221 new_email = 'test_regular@mail.com' # already exisitn email
222 222 response = self.app.post(url('my_account'),
223 223 params={
224 224 'username': 'test_admin',
225 225 'new_password': 'test12',
226 226 'password_confirmation': 'test122',
227 227 'firstname': 'NewName',
228 228 'lastname': 'NewLastname',
229 229 'email': new_email,
230 230 'csrf_token': self.csrf_token,
231 231 })
232 232
233 233 response.mustcontain('This e-mail address is already taken')
234 234
235 235 def test_my_account_update_err(self):
236 236 self.log_user('test_regular2', 'test12')
237 237
238 238 new_email = 'newmail.pl'
239 239 response = self.app.post(url('my_account'),
240 240 params={
241 241 'username': 'test_admin',
242 242 'new_password': 'test12',
243 243 'password_confirmation': 'test122',
244 244 'firstname': 'NewName',
245 245 'lastname': 'NewLastname',
246 246 'email': new_email,
247 247 'csrf_token': self.csrf_token,
248 248 })
249 249
250 250 response.mustcontain('An email address must contain a single @')
251 251 from rhodecode.model import validators
252 252 msg = validators.ValidUsername(
253 253 edit=False, old_data={})._messages['username_exists']
254 254 msg = h.html_escape(msg % {'username': 'test_admin'})
255 255 response.mustcontain(u"%s" % msg)
256 256
257 257 def test_my_account_auth_tokens(self):
258 258 usr = self.log_user('test_regular2', 'test12')
259 259 user = User.get(usr['user_id'])
260 260 response = self.app.get(url('my_account_auth_tokens'))
261 261 response.mustcontain(user.api_key)
262 262 response.mustcontain('expires: never')
263 263
264 264 @pytest.mark.parametrize("desc, lifetime", [
265 265 ('forever', -1),
266 266 ('5mins', 60*5),
267 267 ('30days', 60*60*24*30),
268 268 ])
269 269 def test_my_account_add_auth_tokens(self, desc, lifetime):
270 270 usr = self.log_user('test_regular2', 'test12')
271 271 user = User.get(usr['user_id'])
272 272 response = self.app.post(url('my_account_auth_tokens'),
273 273 {'description': desc, 'lifetime': lifetime,
274 274 'csrf_token': self.csrf_token})
275 275 assert_session_flash(response, 'Auth token successfully created')
276 276 try:
277 277 response = response.follow()
278 278 user = User.get(usr['user_id'])
279 279 for auth_token in user.auth_tokens:
280 280 response.mustcontain(auth_token)
281 281 finally:
282 282 for auth_token in UserApiKeys.query().all():
283 283 Session().delete(auth_token)
284 284 Session().commit()
285 285
286 def test_my_account_remove_auth_token(self):
287 # TODO: without this cleanup it fails when run with the whole
288 # test suite, so there must be some interference with other tests.
289 UserApiKeys.query().delete()
286 def test_my_account_remove_auth_token(self, user_util):
287 user = user_util.create_user(password=self.test_user_1_password)
288 user_id = user.user_id
289 self.log_user(user.username, self.test_user_1_password)
290 290
291 usr = self.log_user('test_regular2', 'test12')
292 User.get(usr['user_id'])
291 user = User.get(user_id)
292 keys = user.extra_auth_tokens
293 assert 1 == len(keys)
294
293 295 response = self.app.post(url('my_account_auth_tokens'),
294 296 {'description': 'desc', 'lifetime': -1,
295 297 'csrf_token': self.csrf_token})
296 298 assert_session_flash(response, 'Auth token successfully created')
297 response = response.follow()
299 response.follow()
298 300
299 # now delete our key
300 keys = UserApiKeys.query().all()
301 assert 1 == len(keys)
301 user = User.get(user_id)
302 keys = user.extra_auth_tokens
303 assert 2 == len(keys)
302 304
303 305 response = self.app.post(
304 306 url('my_account_auth_tokens'),
305 307 {'_method': 'delete', 'del_auth_token': keys[0].api_key,
306 308 'csrf_token': self.csrf_token})
307 309 assert_session_flash(response, 'Auth token successfully deleted')
308 keys = UserApiKeys.query().all()
309 assert 0 == len(keys)
310
311 user = User.get(user_id)
312 keys = user.extra_auth_tokens
313 assert 1 == len(keys)
310 314
311 315 def test_my_account_reset_main_auth_token(self):
312 316 usr = self.log_user('test_regular2', 'test12')
313 317 user = User.get(usr['user_id'])
314 318 api_key = user.api_key
315 319 response = self.app.get(url('my_account_auth_tokens'))
316 320 response.mustcontain(api_key)
317 321 response.mustcontain('expires: never')
318 322
319 323 response = self.app.post(
320 324 url('my_account_auth_tokens'),
321 325 {'_method': 'delete', 'del_auth_token_builtin': api_key,
322 326 'csrf_token': self.csrf_token})
323 327 assert_session_flash(response, 'Auth token successfully reset')
324 328 response = response.follow()
325 329 response.mustcontain(no=[api_key])
326 330
327 331 def test_valid_change_password(self, user_util):
328 332 new_password = 'my_new_valid_password'
329 333 user = user_util.create_user(password=self.test_user_1_password)
330 334 session = self.log_user(user.username, self.test_user_1_password)
331 335 form_data = [
332 336 ('current_password', self.test_user_1_password),
333 337 ('__start__', 'new_password:mapping'),
334 338 ('new_password', new_password),
335 339 ('new_password-confirm', new_password),
336 340 ('__end__', 'new_password:mapping'),
337 341 ('csrf_token', self.csrf_token),
338 342 ]
339 343 response = self.app.post(url('my_account_password'), form_data).follow()
340 344 assert 'Successfully updated password' in response
341 345
342 346 # check_password depends on user being in session
343 347 Session().add(user)
344 348 try:
345 349 assert check_password(new_password, user.password)
346 350 finally:
347 351 Session().expunge(user)
348 352
349 353 @pytest.mark.parametrize('current_pw,new_pw,confirm_pw', [
350 354 ('', 'abcdef123', 'abcdef123'),
351 355 ('wrong_pw', 'abcdef123', 'abcdef123'),
352 356 (test_user_1_password, test_user_1_password, test_user_1_password),
353 357 (test_user_1_password, '', ''),
354 358 (test_user_1_password, 'abcdef123', ''),
355 359 (test_user_1_password, '', 'abcdef123'),
356 360 (test_user_1_password, 'not_the', 'same_pw'),
357 361 (test_user_1_password, 'short', 'short'),
358 362 ])
359 363 def test_invalid_change_password(self, current_pw, new_pw, confirm_pw,
360 364 user_util):
361 365 user = user_util.create_user(password=self.test_user_1_password)
362 366 session = self.log_user(user.username, self.test_user_1_password)
363 367 old_password_hash = session['password']
364 368 form_data = [
365 369 ('current_password', current_pw),
366 370 ('__start__', 'new_password:mapping'),
367 371 ('new_password', new_pw),
368 372 ('new_password-confirm', confirm_pw),
369 373 ('__end__', 'new_password:mapping'),
370 374 ('csrf_token', self.csrf_token),
371 375 ]
372 376 response = self.app.post(url('my_account_password'), form_data)
373 377 assert 'Error occurred' in response
374 378
375 379 def test_password_is_updated_in_session_on_password_change(self, user_util):
376 380 old_password = 'abcdef123'
377 381 new_password = 'abcdef124'
378 382
379 383 user = user_util.create_user(password=old_password)
380 384 session = self.log_user(user.username, old_password)
381 385 old_password_hash = session['password']
382 386
383 387 form_data = [
384 388 ('current_password', old_password),
385 389 ('__start__', 'new_password:mapping'),
386 390 ('new_password', new_password),
387 391 ('new_password-confirm', new_password),
388 392 ('__end__', 'new_password:mapping'),
389 393 ('csrf_token', self.csrf_token),
390 394 ]
391 395 self.app.post(url('my_account_password'), form_data)
392 396
393 397 response = self.app.get(url('home'))
394 398 new_password_hash = response.session['rhodecode_user']['password']
395 399
396 400 assert old_password_hash != new_password_hash
General Comments 0
You need to be logged in to leave comments. Login now