##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
tests: fixed tests case when we tested token deletion and purged all tokens in the system.
marcink -
r1419:6c1aa54d default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,396 +1,400 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2
2
3 # Copyright (C) 2010-2017 RhodeCode GmbH
3 # Copyright (C) 2010-2017 RhodeCode GmbH
4 #
4 #
5 # This program is free software: you can redistribute it and/or modify
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
7 # (only), as published by the Free Software Foundation.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU Affero General Public License
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
16 #
17 # This program is dual-licensed. If you wish to learn more about the
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
20
21 import pytest
21 import pytest
22
22
23 from rhodecode.lib import helpers as h
23 from rhodecode.lib import helpers as h
24 from rhodecode.lib.auth import check_password
24 from rhodecode.lib.auth import check_password
25 from rhodecode.model.db import User, UserFollowing, Repository, UserApiKeys
25 from rhodecode.model.db import User, UserFollowing, Repository, UserApiKeys
26 from rhodecode.model.meta import Session
26 from rhodecode.model.meta import Session
27 from rhodecode.tests import (
27 from rhodecode.tests import (
28 TestController, url, TEST_USER_ADMIN_LOGIN, TEST_USER_REGULAR_EMAIL,
28 TestController, url, TEST_USER_ADMIN_LOGIN, TEST_USER_REGULAR_EMAIL,
29 assert_session_flash)
29 assert_session_flash)
30 from rhodecode.tests.fixture import Fixture
30 from rhodecode.tests.fixture import Fixture
31 from rhodecode.tests.utils import AssertResponse
31 from rhodecode.tests.utils import AssertResponse
32
32
33 fixture = Fixture()
33 fixture = Fixture()
34
34
35
35
36 class TestMyAccountController(TestController):
36 class TestMyAccountController(TestController):
37 test_user_1 = 'testme'
37 test_user_1 = 'testme'
38 test_user_1_password = '0jd83nHNS/d23n'
38 test_user_1_password = '0jd83nHNS/d23n'
39 destroy_users = set()
39 destroy_users = set()
40
40
41 @classmethod
41 @classmethod
42 def teardown_class(cls):
42 def teardown_class(cls):
43 fixture.destroy_users(cls.destroy_users)
43 fixture.destroy_users(cls.destroy_users)
44
44
45 def test_my_account(self):
45 def test_my_account(self):
46 self.log_user()
46 self.log_user()
47 response = self.app.get(url('my_account'))
47 response = self.app.get(url('my_account'))
48
48
49 response.mustcontain('test_admin')
49 response.mustcontain('test_admin')
50 response.mustcontain('href="/_admin/my_account/edit"')
50 response.mustcontain('href="/_admin/my_account/edit"')
51
51
52 def test_logout_form_contains_csrf(self, autologin_user, csrf_token):
52 def test_logout_form_contains_csrf(self, autologin_user, csrf_token):
53 response = self.app.get(url('my_account'))
53 response = self.app.get(url('my_account'))
54 assert_response = AssertResponse(response)
54 assert_response = AssertResponse(response)
55 element = assert_response.get_element('.logout #csrf_token')
55 element = assert_response.get_element('.logout #csrf_token')
56 assert element.value == csrf_token
56 assert element.value == csrf_token
57
57
58 def test_my_account_edit(self):
58 def test_my_account_edit(self):
59 self.log_user()
59 self.log_user()
60 response = self.app.get(url('my_account_edit'))
60 response = self.app.get(url('my_account_edit'))
61
61
62 response.mustcontain('value="test_admin')
62 response.mustcontain('value="test_admin')
63
63
64 def test_my_account_my_repos(self):
64 def test_my_account_my_repos(self):
65 self.log_user()
65 self.log_user()
66 response = self.app.get(url('my_account_repos'))
66 response = self.app.get(url('my_account_repos'))
67 repos = Repository.query().filter(
67 repos = Repository.query().filter(
68 Repository.user == User.get_by_username(
68 Repository.user == User.get_by_username(
69 TEST_USER_ADMIN_LOGIN)).all()
69 TEST_USER_ADMIN_LOGIN)).all()
70 for repo in repos:
70 for repo in repos:
71 response.mustcontain('"name_raw": "%s"' % repo.repo_name)
71 response.mustcontain('"name_raw": "%s"' % repo.repo_name)
72
72
73 def test_my_account_my_watched(self):
73 def test_my_account_my_watched(self):
74 self.log_user()
74 self.log_user()
75 response = self.app.get(url('my_account_watched'))
75 response = self.app.get(url('my_account_watched'))
76
76
77 repos = UserFollowing.query().filter(
77 repos = UserFollowing.query().filter(
78 UserFollowing.user == User.get_by_username(
78 UserFollowing.user == User.get_by_username(
79 TEST_USER_ADMIN_LOGIN)).all()
79 TEST_USER_ADMIN_LOGIN)).all()
80 for repo in repos:
80 for repo in repos:
81 response.mustcontain(
81 response.mustcontain(
82 '"name_raw": "%s"' % repo.follows_repository.repo_name)
82 '"name_raw": "%s"' % repo.follows_repository.repo_name)
83
83
84 @pytest.mark.backends("git", "hg")
84 @pytest.mark.backends("git", "hg")
85 def test_my_account_my_pullrequests(self, pr_util):
85 def test_my_account_my_pullrequests(self, pr_util):
86 self.log_user()
86 self.log_user()
87 response = self.app.get(url('my_account_pullrequests'))
87 response = self.app.get(url('my_account_pullrequests'))
88 response.mustcontain('There are currently no open pull '
88 response.mustcontain('There are currently no open pull '
89 'requests requiring your participation.')
89 'requests requiring your participation.')
90
90
91 pr = pr_util.create_pull_request(title='TestMyAccountPR')
91 pr = pr_util.create_pull_request(title='TestMyAccountPR')
92 response = self.app.get(url('my_account_pullrequests'))
92 response = self.app.get(url('my_account_pullrequests'))
93 response.mustcontain('"name_raw": %s' % pr.pull_request_id)
93 response.mustcontain('"name_raw": %s' % pr.pull_request_id)
94 response.mustcontain('TestMyAccountPR')
94 response.mustcontain('TestMyAccountPR')
95
95
96 def test_my_account_my_emails(self):
96 def test_my_account_my_emails(self):
97 self.log_user()
97 self.log_user()
98 response = self.app.get(url('my_account_emails'))
98 response = self.app.get(url('my_account_emails'))
99 response.mustcontain('No additional emails specified')
99 response.mustcontain('No additional emails specified')
100
100
101 def test_my_account_my_emails_add_existing_email(self):
101 def test_my_account_my_emails_add_existing_email(self):
102 self.log_user()
102 self.log_user()
103 response = self.app.get(url('my_account_emails'))
103 response = self.app.get(url('my_account_emails'))
104 response.mustcontain('No additional emails specified')
104 response.mustcontain('No additional emails specified')
105 response = self.app.post(url('my_account_emails'),
105 response = self.app.post(url('my_account_emails'),
106 {'new_email': TEST_USER_REGULAR_EMAIL,
106 {'new_email': TEST_USER_REGULAR_EMAIL,
107 'csrf_token': self.csrf_token})
107 'csrf_token': self.csrf_token})
108 assert_session_flash(response, 'This e-mail address is already taken')
108 assert_session_flash(response, 'This e-mail address is already taken')
109
109
110 def test_my_account_my_emails_add_mising_email_in_form(self):
110 def test_my_account_my_emails_add_mising_email_in_form(self):
111 self.log_user()
111 self.log_user()
112 response = self.app.get(url('my_account_emails'))
112 response = self.app.get(url('my_account_emails'))
113 response.mustcontain('No additional emails specified')
113 response.mustcontain('No additional emails specified')
114 response = self.app.post(url('my_account_emails'),
114 response = self.app.post(url('my_account_emails'),
115 {'csrf_token': self.csrf_token})
115 {'csrf_token': self.csrf_token})
116 assert_session_flash(response, 'Please enter an email address')
116 assert_session_flash(response, 'Please enter an email address')
117
117
118 def test_my_account_my_emails_add_remove(self):
118 def test_my_account_my_emails_add_remove(self):
119 self.log_user()
119 self.log_user()
120 response = self.app.get(url('my_account_emails'))
120 response = self.app.get(url('my_account_emails'))
121 response.mustcontain('No additional emails specified')
121 response.mustcontain('No additional emails specified')
122
122
123 response = self.app.post(url('my_account_emails'),
123 response = self.app.post(url('my_account_emails'),
124 {'new_email': 'foo@barz.com',
124 {'new_email': 'foo@barz.com',
125 'csrf_token': self.csrf_token})
125 'csrf_token': self.csrf_token})
126
126
127 response = self.app.get(url('my_account_emails'))
127 response = self.app.get(url('my_account_emails'))
128
128
129 from rhodecode.model.db import UserEmailMap
129 from rhodecode.model.db import UserEmailMap
130 email_id = UserEmailMap.query().filter(
130 email_id = UserEmailMap.query().filter(
131 UserEmailMap.user == User.get_by_username(
131 UserEmailMap.user == User.get_by_username(
132 TEST_USER_ADMIN_LOGIN)).filter(
132 TEST_USER_ADMIN_LOGIN)).filter(
133 UserEmailMap.email == 'foo@barz.com').one().email_id
133 UserEmailMap.email == 'foo@barz.com').one().email_id
134
134
135 response.mustcontain('foo@barz.com')
135 response.mustcontain('foo@barz.com')
136 response.mustcontain('<input id="del_email_id" name="del_email_id" '
136 response.mustcontain('<input id="del_email_id" name="del_email_id" '
137 'type="hidden" value="%s" />' % email_id)
137 'type="hidden" value="%s" />' % email_id)
138
138
139 response = self.app.post(
139 response = self.app.post(
140 url('my_account_emails'), {
140 url('my_account_emails'), {
141 'del_email_id': email_id, '_method': 'delete',
141 'del_email_id': email_id, '_method': 'delete',
142 'csrf_token': self.csrf_token})
142 'csrf_token': self.csrf_token})
143 assert_session_flash(response, 'Removed email address from user account')
143 assert_session_flash(response, 'Removed email address from user account')
144 response = self.app.get(url('my_account_emails'))
144 response = self.app.get(url('my_account_emails'))
145 response.mustcontain('No additional emails specified')
145 response.mustcontain('No additional emails specified')
146
146
147 @pytest.mark.parametrize(
147 @pytest.mark.parametrize(
148 "name, attrs", [
148 "name, attrs", [
149 ('firstname', {'firstname': 'new_username'}),
149 ('firstname', {'firstname': 'new_username'}),
150 ('lastname', {'lastname': 'new_username'}),
150 ('lastname', {'lastname': 'new_username'}),
151 ('admin', {'admin': True}),
151 ('admin', {'admin': True}),
152 ('admin', {'admin': False}),
152 ('admin', {'admin': False}),
153 ('extern_type', {'extern_type': 'ldap'}),
153 ('extern_type', {'extern_type': 'ldap'}),
154 ('extern_type', {'extern_type': None}),
154 ('extern_type', {'extern_type': None}),
155 # ('extern_name', {'extern_name': 'test'}),
155 # ('extern_name', {'extern_name': 'test'}),
156 # ('extern_name', {'extern_name': None}),
156 # ('extern_name', {'extern_name': None}),
157 ('active', {'active': False}),
157 ('active', {'active': False}),
158 ('active', {'active': True}),
158 ('active', {'active': True}),
159 ('email', {'email': 'some@email.com'}),
159 ('email', {'email': 'some@email.com'}),
160 ])
160 ])
161 def test_my_account_update(self, name, attrs):
161 def test_my_account_update(self, name, attrs):
162 usr = fixture.create_user(self.test_user_1,
162 usr = fixture.create_user(self.test_user_1,
163 password=self.test_user_1_password,
163 password=self.test_user_1_password,
164 email='testme@rhodecode.org',
164 email='testme@rhodecode.org',
165 extern_type='rhodecode',
165 extern_type='rhodecode',
166 extern_name=self.test_user_1,
166 extern_name=self.test_user_1,
167 skip_if_exists=True)
167 skip_if_exists=True)
168 self.destroy_users.add(self.test_user_1)
168 self.destroy_users.add(self.test_user_1)
169
169
170 params = usr.get_api_data() # current user data
170 params = usr.get_api_data() # current user data
171 user_id = usr.user_id
171 user_id = usr.user_id
172 self.log_user(
172 self.log_user(
173 username=self.test_user_1, password=self.test_user_1_password)
173 username=self.test_user_1, password=self.test_user_1_password)
174
174
175 params.update({'password_confirmation': ''})
175 params.update({'password_confirmation': ''})
176 params.update({'new_password': ''})
176 params.update({'new_password': ''})
177 params.update({'extern_type': 'rhodecode'})
177 params.update({'extern_type': 'rhodecode'})
178 params.update({'extern_name': self.test_user_1})
178 params.update({'extern_name': self.test_user_1})
179 params.update({'csrf_token': self.csrf_token})
179 params.update({'csrf_token': self.csrf_token})
180
180
181 params.update(attrs)
181 params.update(attrs)
182 # my account page cannot set language param yet, only for admins
182 # my account page cannot set language param yet, only for admins
183 del params['language']
183 del params['language']
184 response = self.app.post(url('my_account'), params)
184 response = self.app.post(url('my_account'), params)
185
185
186 assert_session_flash(
186 assert_session_flash(
187 response, 'Your account was updated successfully')
187 response, 'Your account was updated successfully')
188
188
189 del params['csrf_token']
189 del params['csrf_token']
190
190
191 updated_user = User.get_by_username(self.test_user_1)
191 updated_user = User.get_by_username(self.test_user_1)
192 updated_params = updated_user.get_api_data()
192 updated_params = updated_user.get_api_data()
193 updated_params.update({'password_confirmation': ''})
193 updated_params.update({'password_confirmation': ''})
194 updated_params.update({'new_password': ''})
194 updated_params.update({'new_password': ''})
195
195
196 params['last_login'] = updated_params['last_login']
196 params['last_login'] = updated_params['last_login']
197 # my account page cannot set language param yet, only for admins
197 # my account page cannot set language param yet, only for admins
198 # but we get this info from API anyway
198 # but we get this info from API anyway
199 params['language'] = updated_params['language']
199 params['language'] = updated_params['language']
200
200
201 if name == 'email':
201 if name == 'email':
202 params['emails'] = [attrs['email']]
202 params['emails'] = [attrs['email']]
203 if name == 'extern_type':
203 if name == 'extern_type':
204 # cannot update this via form, expected value is original one
204 # cannot update this via form, expected value is original one
205 params['extern_type'] = "rhodecode"
205 params['extern_type'] = "rhodecode"
206 if name == 'extern_name':
206 if name == 'extern_name':
207 # cannot update this via form, expected value is original one
207 # cannot update this via form, expected value is original one
208 params['extern_name'] = str(user_id)
208 params['extern_name'] = str(user_id)
209 if name == 'active':
209 if name == 'active':
210 # my account cannot deactivate account
210 # my account cannot deactivate account
211 params['active'] = True
211 params['active'] = True
212 if name == 'admin':
212 if name == 'admin':
213 # my account cannot make you an admin !
213 # my account cannot make you an admin !
214 params['admin'] = False
214 params['admin'] = False
215
215
216 assert params == updated_params
216 assert params == updated_params
217
217
218 def test_my_account_update_err_email_exists(self):
218 def test_my_account_update_err_email_exists(self):
219 self.log_user()
219 self.log_user()
220
220
221 new_email = 'test_regular@mail.com' # already exisitn email
221 new_email = 'test_regular@mail.com' # already exisitn email
222 response = self.app.post(url('my_account'),
222 response = self.app.post(url('my_account'),
223 params={
223 params={
224 'username': 'test_admin',
224 'username': 'test_admin',
225 'new_password': 'test12',
225 'new_password': 'test12',
226 'password_confirmation': 'test122',
226 'password_confirmation': 'test122',
227 'firstname': 'NewName',
227 'firstname': 'NewName',
228 'lastname': 'NewLastname',
228 'lastname': 'NewLastname',
229 'email': new_email,
229 'email': new_email,
230 'csrf_token': self.csrf_token,
230 'csrf_token': self.csrf_token,
231 })
231 })
232
232
233 response.mustcontain('This e-mail address is already taken')
233 response.mustcontain('This e-mail address is already taken')
234
234
235 def test_my_account_update_err(self):
235 def test_my_account_update_err(self):
236 self.log_user('test_regular2', 'test12')
236 self.log_user('test_regular2', 'test12')
237
237
238 new_email = 'newmail.pl'
238 new_email = 'newmail.pl'
239 response = self.app.post(url('my_account'),
239 response = self.app.post(url('my_account'),
240 params={
240 params={
241 'username': 'test_admin',
241 'username': 'test_admin',
242 'new_password': 'test12',
242 'new_password': 'test12',
243 'password_confirmation': 'test122',
243 'password_confirmation': 'test122',
244 'firstname': 'NewName',
244 'firstname': 'NewName',
245 'lastname': 'NewLastname',
245 'lastname': 'NewLastname',
246 'email': new_email,
246 'email': new_email,
247 'csrf_token': self.csrf_token,
247 'csrf_token': self.csrf_token,
248 })
248 })
249
249
250 response.mustcontain('An email address must contain a single @')
250 response.mustcontain('An email address must contain a single @')
251 from rhodecode.model import validators
251 from rhodecode.model import validators
252 msg = validators.ValidUsername(
252 msg = validators.ValidUsername(
253 edit=False, old_data={})._messages['username_exists']
253 edit=False, old_data={})._messages['username_exists']
254 msg = h.html_escape(msg % {'username': 'test_admin'})
254 msg = h.html_escape(msg % {'username': 'test_admin'})
255 response.mustcontain(u"%s" % msg)
255 response.mustcontain(u"%s" % msg)
256
256
257 def test_my_account_auth_tokens(self):
257 def test_my_account_auth_tokens(self):
258 usr = self.log_user('test_regular2', 'test12')
258 usr = self.log_user('test_regular2', 'test12')
259 user = User.get(usr['user_id'])
259 user = User.get(usr['user_id'])
260 response = self.app.get(url('my_account_auth_tokens'))
260 response = self.app.get(url('my_account_auth_tokens'))
261 response.mustcontain(user.api_key)
261 response.mustcontain(user.api_key)
262 response.mustcontain('expires: never')
262 response.mustcontain('expires: never')
263
263
264 @pytest.mark.parametrize("desc, lifetime", [
264 @pytest.mark.parametrize("desc, lifetime", [
265 ('forever', -1),
265 ('forever', -1),
266 ('5mins', 60*5),
266 ('5mins', 60*5),
267 ('30days', 60*60*24*30),
267 ('30days', 60*60*24*30),
268 ])
268 ])
269 def test_my_account_add_auth_tokens(self, desc, lifetime):
269 def test_my_account_add_auth_tokens(self, desc, lifetime):
270 usr = self.log_user('test_regular2', 'test12')
270 usr = self.log_user('test_regular2', 'test12')
271 user = User.get(usr['user_id'])
271 user = User.get(usr['user_id'])
272 response = self.app.post(url('my_account_auth_tokens'),
272 response = self.app.post(url('my_account_auth_tokens'),
273 {'description': desc, 'lifetime': lifetime,
273 {'description': desc, 'lifetime': lifetime,
274 'csrf_token': self.csrf_token})
274 'csrf_token': self.csrf_token})
275 assert_session_flash(response, 'Auth token successfully created')
275 assert_session_flash(response, 'Auth token successfully created')
276 try:
276 try:
277 response = response.follow()
277 response = response.follow()
278 user = User.get(usr['user_id'])
278 user = User.get(usr['user_id'])
279 for auth_token in user.auth_tokens:
279 for auth_token in user.auth_tokens:
280 response.mustcontain(auth_token)
280 response.mustcontain(auth_token)
281 finally:
281 finally:
282 for auth_token in UserApiKeys.query().all():
282 for auth_token in UserApiKeys.query().all():
283 Session().delete(auth_token)
283 Session().delete(auth_token)
284 Session().commit()
284 Session().commit()
285
285
286 def test_my_account_remove_auth_token(self):
286 def test_my_account_remove_auth_token(self, user_util):
287 # TODO: without this cleanup it fails when run with the whole
287 user = user_util.create_user(password=self.test_user_1_password)
288 # test suite, so there must be some interference with other tests.
288 user_id = user.user_id
289 UserApiKeys.query().delete()
289 self.log_user(user.username, self.test_user_1_password)
290
290
291 usr = self.log_user('test_regular2', 'test12')
291 user = User.get(user_id)
292 User.get(usr['user_id'])
292 keys = user.extra_auth_tokens
293 assert 1 == len(keys)
294
293 response = self.app.post(url('my_account_auth_tokens'),
295 response = self.app.post(url('my_account_auth_tokens'),
294 {'description': 'desc', 'lifetime': -1,
296 {'description': 'desc', 'lifetime': -1,
295 'csrf_token': self.csrf_token})
297 'csrf_token': self.csrf_token})
296 assert_session_flash(response, 'Auth token successfully created')
298 assert_session_flash(response, 'Auth token successfully created')
297 response = response.follow()
299 response.follow()
298
300
299 # now delete our key
301 user = User.get(user_id)
300 keys = UserApiKeys.query().all()
302 keys = user.extra_auth_tokens
301 assert 1 == len(keys)
303 assert 2 == len(keys)
302
304
303 response = self.app.post(
305 response = self.app.post(
304 url('my_account_auth_tokens'),
306 url('my_account_auth_tokens'),
305 {'_method': 'delete', 'del_auth_token': keys[0].api_key,
307 {'_method': 'delete', 'del_auth_token': keys[0].api_key,
306 'csrf_token': self.csrf_token})
308 'csrf_token': self.csrf_token})
307 assert_session_flash(response, 'Auth token successfully deleted')
309 assert_session_flash(response, 'Auth token successfully deleted')
308 keys = UserApiKeys.query().all()
310
309 assert 0 == len(keys)
311 user = User.get(user_id)
312 keys = user.extra_auth_tokens
313 assert 1 == len(keys)
310
314
311 def test_my_account_reset_main_auth_token(self):
315 def test_my_account_reset_main_auth_token(self):
312 usr = self.log_user('test_regular2', 'test12')
316 usr = self.log_user('test_regular2', 'test12')
313 user = User.get(usr['user_id'])
317 user = User.get(usr['user_id'])
314 api_key = user.api_key
318 api_key = user.api_key
315 response = self.app.get(url('my_account_auth_tokens'))
319 response = self.app.get(url('my_account_auth_tokens'))
316 response.mustcontain(api_key)
320 response.mustcontain(api_key)
317 response.mustcontain('expires: never')
321 response.mustcontain('expires: never')
318
322
319 response = self.app.post(
323 response = self.app.post(
320 url('my_account_auth_tokens'),
324 url('my_account_auth_tokens'),
321 {'_method': 'delete', 'del_auth_token_builtin': api_key,
325 {'_method': 'delete', 'del_auth_token_builtin': api_key,
322 'csrf_token': self.csrf_token})
326 'csrf_token': self.csrf_token})
323 assert_session_flash(response, 'Auth token successfully reset')
327 assert_session_flash(response, 'Auth token successfully reset')
324 response = response.follow()
328 response = response.follow()
325 response.mustcontain(no=[api_key])
329 response.mustcontain(no=[api_key])
326
330
327 def test_valid_change_password(self, user_util):
331 def test_valid_change_password(self, user_util):
328 new_password = 'my_new_valid_password'
332 new_password = 'my_new_valid_password'
329 user = user_util.create_user(password=self.test_user_1_password)
333 user = user_util.create_user(password=self.test_user_1_password)
330 session = self.log_user(user.username, self.test_user_1_password)
334 session = self.log_user(user.username, self.test_user_1_password)
331 form_data = [
335 form_data = [
332 ('current_password', self.test_user_1_password),
336 ('current_password', self.test_user_1_password),
333 ('__start__', 'new_password:mapping'),
337 ('__start__', 'new_password:mapping'),
334 ('new_password', new_password),
338 ('new_password', new_password),
335 ('new_password-confirm', new_password),
339 ('new_password-confirm', new_password),
336 ('__end__', 'new_password:mapping'),
340 ('__end__', 'new_password:mapping'),
337 ('csrf_token', self.csrf_token),
341 ('csrf_token', self.csrf_token),
338 ]
342 ]
339 response = self.app.post(url('my_account_password'), form_data).follow()
343 response = self.app.post(url('my_account_password'), form_data).follow()
340 assert 'Successfully updated password' in response
344 assert 'Successfully updated password' in response
341
345
342 # check_password depends on user being in session
346 # check_password depends on user being in session
343 Session().add(user)
347 Session().add(user)
344 try:
348 try:
345 assert check_password(new_password, user.password)
349 assert check_password(new_password, user.password)
346 finally:
350 finally:
347 Session().expunge(user)
351 Session().expunge(user)
348
352
349 @pytest.mark.parametrize('current_pw,new_pw,confirm_pw', [
353 @pytest.mark.parametrize('current_pw,new_pw,confirm_pw', [
350 ('', 'abcdef123', 'abcdef123'),
354 ('', 'abcdef123', 'abcdef123'),
351 ('wrong_pw', 'abcdef123', 'abcdef123'),
355 ('wrong_pw', 'abcdef123', 'abcdef123'),
352 (test_user_1_password, test_user_1_password, test_user_1_password),
356 (test_user_1_password, test_user_1_password, test_user_1_password),
353 (test_user_1_password, '', ''),
357 (test_user_1_password, '', ''),
354 (test_user_1_password, 'abcdef123', ''),
358 (test_user_1_password, 'abcdef123', ''),
355 (test_user_1_password, '', 'abcdef123'),
359 (test_user_1_password, '', 'abcdef123'),
356 (test_user_1_password, 'not_the', 'same_pw'),
360 (test_user_1_password, 'not_the', 'same_pw'),
357 (test_user_1_password, 'short', 'short'),
361 (test_user_1_password, 'short', 'short'),
358 ])
362 ])
359 def test_invalid_change_password(self, current_pw, new_pw, confirm_pw,
363 def test_invalid_change_password(self, current_pw, new_pw, confirm_pw,
360 user_util):
364 user_util):
361 user = user_util.create_user(password=self.test_user_1_password)
365 user = user_util.create_user(password=self.test_user_1_password)
362 session = self.log_user(user.username, self.test_user_1_password)
366 session = self.log_user(user.username, self.test_user_1_password)
363 old_password_hash = session['password']
367 old_password_hash = session['password']
364 form_data = [
368 form_data = [
365 ('current_password', current_pw),
369 ('current_password', current_pw),
366 ('__start__', 'new_password:mapping'),
370 ('__start__', 'new_password:mapping'),
367 ('new_password', new_pw),
371 ('new_password', new_pw),
368 ('new_password-confirm', confirm_pw),
372 ('new_password-confirm', confirm_pw),
369 ('__end__', 'new_password:mapping'),
373 ('__end__', 'new_password:mapping'),
370 ('csrf_token', self.csrf_token),
374 ('csrf_token', self.csrf_token),
371 ]
375 ]
372 response = self.app.post(url('my_account_password'), form_data)
376 response = self.app.post(url('my_account_password'), form_data)
373 assert 'Error occurred' in response
377 assert 'Error occurred' in response
374
378
375 def test_password_is_updated_in_session_on_password_change(self, user_util):
379 def test_password_is_updated_in_session_on_password_change(self, user_util):
376 old_password = 'abcdef123'
380 old_password = 'abcdef123'
377 new_password = 'abcdef124'
381 new_password = 'abcdef124'
378
382
379 user = user_util.create_user(password=old_password)
383 user = user_util.create_user(password=old_password)
380 session = self.log_user(user.username, old_password)
384 session = self.log_user(user.username, old_password)
381 old_password_hash = session['password']
385 old_password_hash = session['password']
382
386
383 form_data = [
387 form_data = [
384 ('current_password', old_password),
388 ('current_password', old_password),
385 ('__start__', 'new_password:mapping'),
389 ('__start__', 'new_password:mapping'),
386 ('new_password', new_password),
390 ('new_password', new_password),
387 ('new_password-confirm', new_password),
391 ('new_password-confirm', new_password),
388 ('__end__', 'new_password:mapping'),
392 ('__end__', 'new_password:mapping'),
389 ('csrf_token', self.csrf_token),
393 ('csrf_token', self.csrf_token),
390 ]
394 ]
391 self.app.post(url('my_account_password'), form_data)
395 self.app.post(url('my_account_password'), form_data)
392
396
393 response = self.app.get(url('home'))
397 response = self.app.get(url('home'))
394 new_password_hash = response.session['rhodecode_user']['password']
398 new_password_hash = response.session['rhodecode_user']['password']
395
399
396 assert old_password_hash != new_password_hash
400 assert old_password_hash != new_password_hash
General Comments 0
You need to be logged in to leave comments. Login now