Show More
| @@ -1,67 +1,67 b'' | |||
|
|
1 | 1 | import pytest |
|
|
2 | import mock | |
|
|
2 | 3 | |
|
|
4 | from rhodecode.lib.type_utils import AttributeDict | |
|
|
3 | 5 | from rhodecode.model.meta import Session |
|
|
4 | 6 | from rhodecode.tests.fixture import Fixture |
|
|
5 | 7 | from rhodecode.tests.routes import route_path |
|
|
6 | 8 | from rhodecode.model.settings import SettingsModel |
|
|
7 | 9 | |
|
|
8 | 10 | fixture = Fixture() |
|
|
9 | 11 | |
|
|
10 | 12 | |
|
|
11 | 13 | @pytest.mark.usefixtures('app') |
|
|
12 | 14 | class Test2FA(object): |
|
|
13 | 15 | @classmethod |
|
|
14 | 16 | def setup_class(cls): |
|
|
15 | 17 | cls.password = 'valid-one' |
|
|
16 | 18 | |
|
|
17 | @classmethod | |
|
|
18 | def teardown_class(cls): | |
|
|
19 | SettingsModel().create_or_update_setting('auth_rhodecode_global_2fa', False) | |
|
|
20 | ||
|
|
21 | 19 | def test_redirect_to_2fa_setup_if_enabled_for_user(self, user_util): |
|
|
22 | 20 | user = user_util.create_user(password=self.password) |
|
|
23 | 21 | user.has_enabled_2fa = True |
|
|
24 | 22 | self.app.post( |
|
|
25 | 23 | route_path('login'), |
|
|
26 | 24 | {'username': user.username, |
|
|
27 | 25 | 'password': self.password}) |
|
|
28 | 26 | |
|
|
29 | 27 | response = self.app.get('/') |
|
|
30 | 28 | assert response.status_code == 302 |
|
|
31 | 29 | assert response.location.endswith(route_path('setup_2fa')) |
|
|
32 | 30 | |
|
|
33 | 31 | def test_redirect_to_2fa_check_if_2fa_configured(self, user_util): |
|
|
34 | 32 | user = user_util.create_user(password=self.password) |
|
|
35 | 33 | user.has_enabled_2fa = True |
|
|
36 | 34 | user.init_secret_2fa() |
|
|
37 | 35 | Session().add(user) |
|
|
38 | 36 | Session().commit() |
|
|
39 | 37 | self.app.post( |
|
|
40 | 38 | route_path('login'), |
|
|
41 | 39 | {'username': user.username, |
|
|
42 | 40 | 'password': self.password}) |
|
|
43 | 41 | response = self.app.get('/') |
|
|
44 | 42 | assert response.status_code == 302 |
|
|
45 | 43 | assert response.location.endswith(route_path('check_2fa')) |
|
|
46 | 44 | |
|
|
47 | 45 | def test_2fa_recovery_codes_works_only_once(self, user_util): |
|
|
48 | 46 | user = user_util.create_user(password=self.password) |
|
|
49 | 47 | user.has_enabled_2fa = True |
|
|
50 | 48 | user.init_secret_2fa() |
|
|
51 | 49 | recovery_code_to_check = user.init_2fa_recovery_codes()[0] |
|
|
52 | 50 | Session().add(user) |
|
|
53 | 51 | Session().commit() |
|
|
54 | 52 | self.app.post( |
|
|
55 | 53 | route_path('login'), |
|
|
56 | 54 | {'username': user.username, |
|
|
57 | 55 | 'password': self.password}) |
|
|
58 | 56 | response = self.app.post(route_path('check_2fa'), {'totp': recovery_code_to_check}) |
|
|
59 | 57 | assert response.status_code == 302 |
|
|
60 | 58 | response = self.app.post(route_path('check_2fa'), {'totp': recovery_code_to_check}) |
|
|
61 | 59 | response.mustcontain('Code is invalid. Try again!') |
|
|
62 | 60 | |
|
|
63 | 61 | def test_2fa_state_when_forced_by_admin(self, user_util): |
|
|
64 | 62 | user = user_util.create_user(password=self.password) |
|
|
65 | 63 | user.has_enabled_2fa = False |
|
|
66 | SettingsModel().create_or_update_setting('auth_rhodecode_global_2fa', True) | |
|
|
67 | assert user.has_enabled_2fa | |
|
|
64 | with mock.patch.object( | |
|
|
65 | SettingsModel, 'get_setting_by_name', lambda *a, **kw: AttributeDict(app_settings_value=True)): | |
|
|
66 | ||
|
|
67 | assert user.has_enabled_2fa | |
General Comments 0
You need to be logged in to leave comments.
Login now