Show More
| @@ -1,67 +1,67 b'' | |||||
| 1 | import pytest |
|
1 | import pytest | |
|
|
2 | import mock | |||
| 2 |
|
3 | |||
|
|
4 | from rhodecode.lib.type_utils import AttributeDict | |||
| 3 | from rhodecode.model.meta import Session |
|
5 | from rhodecode.model.meta import Session | |
| 4 | from rhodecode.tests.fixture import Fixture |
|
6 | from rhodecode.tests.fixture import Fixture | |
| 5 | from rhodecode.tests.routes import route_path |
|
7 | from rhodecode.tests.routes import route_path | |
| 6 | from rhodecode.model.settings import SettingsModel |
|
8 | from rhodecode.model.settings import SettingsModel | |
| 7 |
|
9 | |||
| 8 | fixture = Fixture() |
|
10 | fixture = Fixture() | |
| 9 |
|
11 | |||
| 10 |
|
12 | |||
| 11 | @pytest.mark.usefixtures('app') |
|
13 | @pytest.mark.usefixtures('app') | |
| 12 | class Test2FA(object): |
|
14 | class Test2FA(object): | |
| 13 | @classmethod |
|
15 | @classmethod | |
| 14 | def setup_class(cls): |
|
16 | def setup_class(cls): | |
| 15 | cls.password = 'valid-one' |
|
17 | cls.password = 'valid-one' | |
| 16 |
|
18 | |||
| 17 | @classmethod |
|
|||
| 18 | def teardown_class(cls): |
|
|||
| 19 | SettingsModel().create_or_update_setting('auth_rhodecode_global_2fa', False) |
|
|||
| 20 |
|
||||
| 21 | def test_redirect_to_2fa_setup_if_enabled_for_user(self, user_util): |
|
19 | def test_redirect_to_2fa_setup_if_enabled_for_user(self, user_util): | |
| 22 | user = user_util.create_user(password=self.password) |
|
20 | user = user_util.create_user(password=self.password) | |
| 23 | user.has_enabled_2fa = True |
|
21 | user.has_enabled_2fa = True | |
| 24 | self.app.post( |
|
22 | self.app.post( | |
| 25 | route_path('login'), |
|
23 | route_path('login'), | |
| 26 | {'username': user.username, |
|
24 | {'username': user.username, | |
| 27 | 'password': self.password}) |
|
25 | 'password': self.password}) | |
| 28 |
|
26 | |||
| 29 | response = self.app.get('/') |
|
27 | response = self.app.get('/') | |
| 30 | assert response.status_code == 302 |
|
28 | assert response.status_code == 302 | |
| 31 | assert response.location.endswith(route_path('setup_2fa')) |
|
29 | assert response.location.endswith(route_path('setup_2fa')) | |
| 32 |
|
30 | |||
| 33 | def test_redirect_to_2fa_check_if_2fa_configured(self, user_util): |
|
31 | def test_redirect_to_2fa_check_if_2fa_configured(self, user_util): | |
| 34 | user = user_util.create_user(password=self.password) |
|
32 | user = user_util.create_user(password=self.password) | |
| 35 | user.has_enabled_2fa = True |
|
33 | user.has_enabled_2fa = True | |
| 36 | user.init_secret_2fa() |
|
34 | user.init_secret_2fa() | |
| 37 | Session().add(user) |
|
35 | Session().add(user) | |
| 38 | Session().commit() |
|
36 | Session().commit() | |
| 39 | self.app.post( |
|
37 | self.app.post( | |
| 40 | route_path('login'), |
|
38 | route_path('login'), | |
| 41 | {'username': user.username, |
|
39 | {'username': user.username, | |
| 42 | 'password': self.password}) |
|
40 | 'password': self.password}) | |
| 43 | response = self.app.get('/') |
|
41 | response = self.app.get('/') | |
| 44 | assert response.status_code == 302 |
|
42 | assert response.status_code == 302 | |
| 45 | assert response.location.endswith(route_path('check_2fa')) |
|
43 | assert response.location.endswith(route_path('check_2fa')) | |
| 46 |
|
44 | |||
| 47 | def test_2fa_recovery_codes_works_only_once(self, user_util): |
|
45 | def test_2fa_recovery_codes_works_only_once(self, user_util): | |
| 48 | user = user_util.create_user(password=self.password) |
|
46 | user = user_util.create_user(password=self.password) | |
| 49 | user.has_enabled_2fa = True |
|
47 | user.has_enabled_2fa = True | |
| 50 | user.init_secret_2fa() |
|
48 | user.init_secret_2fa() | |
| 51 | recovery_code_to_check = user.init_2fa_recovery_codes()[0] |
|
49 | recovery_code_to_check = user.init_2fa_recovery_codes()[0] | |
| 52 | Session().add(user) |
|
50 | Session().add(user) | |
| 53 | Session().commit() |
|
51 | Session().commit() | |
| 54 | self.app.post( |
|
52 | self.app.post( | |
| 55 | route_path('login'), |
|
53 | route_path('login'), | |
| 56 | {'username': user.username, |
|
54 | {'username': user.username, | |
| 57 | 'password': self.password}) |
|
55 | 'password': self.password}) | |
| 58 | response = self.app.post(route_path('check_2fa'), {'totp': recovery_code_to_check}) |
|
56 | response = self.app.post(route_path('check_2fa'), {'totp': recovery_code_to_check}) | |
| 59 | assert response.status_code == 302 |
|
57 | assert response.status_code == 302 | |
| 60 | response = self.app.post(route_path('check_2fa'), {'totp': recovery_code_to_check}) |
|
58 | response = self.app.post(route_path('check_2fa'), {'totp': recovery_code_to_check}) | |
| 61 | response.mustcontain('Code is invalid. Try again!') |
|
59 | response.mustcontain('Code is invalid. Try again!') | |
| 62 |
|
60 | |||
| 63 | def test_2fa_state_when_forced_by_admin(self, user_util): |
|
61 | def test_2fa_state_when_forced_by_admin(self, user_util): | |
| 64 | user = user_util.create_user(password=self.password) |
|
62 | user = user_util.create_user(password=self.password) | |
| 65 | user.has_enabled_2fa = False |
|
63 | user.has_enabled_2fa = False | |
| 66 | SettingsModel().create_or_update_setting('auth_rhodecode_global_2fa', True) |
|
64 | with mock.patch.object( | |
| 67 | assert user.has_enabled_2fa |
|
65 | SettingsModel, 'get_setting_by_name', lambda *a, **kw: AttributeDict(app_settings_value=True)): | |
|
|
66 | ||||
|
|
67 | assert user.has_enabled_2fa | |||
General Comments 0
You need to be logged in to leave comments.
Login now