Show More
@@ -1,67 +1,67 b'' | |||||
1 | import pytest |
|
1 | import pytest | |
|
2 | import mock | |||
2 |
|
3 | |||
|
4 | from rhodecode.lib.type_utils import AttributeDict | |||
3 | from rhodecode.model.meta import Session |
|
5 | from rhodecode.model.meta import Session | |
4 | from rhodecode.tests.fixture import Fixture |
|
6 | from rhodecode.tests.fixture import Fixture | |
5 | from rhodecode.tests.routes import route_path |
|
7 | from rhodecode.tests.routes import route_path | |
6 | from rhodecode.model.settings import SettingsModel |
|
8 | from rhodecode.model.settings import SettingsModel | |
7 |
|
9 | |||
8 | fixture = Fixture() |
|
10 | fixture = Fixture() | |
9 |
|
11 | |||
10 |
|
12 | |||
11 | @pytest.mark.usefixtures('app') |
|
13 | @pytest.mark.usefixtures('app') | |
12 | class Test2FA(object): |
|
14 | class Test2FA(object): | |
13 | @classmethod |
|
15 | @classmethod | |
14 | def setup_class(cls): |
|
16 | def setup_class(cls): | |
15 | cls.password = 'valid-one' |
|
17 | cls.password = 'valid-one' | |
16 |
|
18 | |||
17 | @classmethod |
|
|||
18 | def teardown_class(cls): |
|
|||
19 | SettingsModel().create_or_update_setting('auth_rhodecode_global_2fa', False) |
|
|||
20 |
|
||||
21 | def test_redirect_to_2fa_setup_if_enabled_for_user(self, user_util): |
|
19 | def test_redirect_to_2fa_setup_if_enabled_for_user(self, user_util): | |
22 | user = user_util.create_user(password=self.password) |
|
20 | user = user_util.create_user(password=self.password) | |
23 | user.has_enabled_2fa = True |
|
21 | user.has_enabled_2fa = True | |
24 | self.app.post( |
|
22 | self.app.post( | |
25 | route_path('login'), |
|
23 | route_path('login'), | |
26 | {'username': user.username, |
|
24 | {'username': user.username, | |
27 | 'password': self.password}) |
|
25 | 'password': self.password}) | |
28 |
|
26 | |||
29 | response = self.app.get('/') |
|
27 | response = self.app.get('/') | |
30 | assert response.status_code == 302 |
|
28 | assert response.status_code == 302 | |
31 | assert response.location.endswith(route_path('setup_2fa')) |
|
29 | assert response.location.endswith(route_path('setup_2fa')) | |
32 |
|
30 | |||
33 | def test_redirect_to_2fa_check_if_2fa_configured(self, user_util): |
|
31 | def test_redirect_to_2fa_check_if_2fa_configured(self, user_util): | |
34 | user = user_util.create_user(password=self.password) |
|
32 | user = user_util.create_user(password=self.password) | |
35 | user.has_enabled_2fa = True |
|
33 | user.has_enabled_2fa = True | |
36 | user.init_secret_2fa() |
|
34 | user.init_secret_2fa() | |
37 | Session().add(user) |
|
35 | Session().add(user) | |
38 | Session().commit() |
|
36 | Session().commit() | |
39 | self.app.post( |
|
37 | self.app.post( | |
40 | route_path('login'), |
|
38 | route_path('login'), | |
41 | {'username': user.username, |
|
39 | {'username': user.username, | |
42 | 'password': self.password}) |
|
40 | 'password': self.password}) | |
43 | response = self.app.get('/') |
|
41 | response = self.app.get('/') | |
44 | assert response.status_code == 302 |
|
42 | assert response.status_code == 302 | |
45 | assert response.location.endswith(route_path('check_2fa')) |
|
43 | assert response.location.endswith(route_path('check_2fa')) | |
46 |
|
44 | |||
47 | def test_2fa_recovery_codes_works_only_once(self, user_util): |
|
45 | def test_2fa_recovery_codes_works_only_once(self, user_util): | |
48 | user = user_util.create_user(password=self.password) |
|
46 | user = user_util.create_user(password=self.password) | |
49 | user.has_enabled_2fa = True |
|
47 | user.has_enabled_2fa = True | |
50 | user.init_secret_2fa() |
|
48 | user.init_secret_2fa() | |
51 | recovery_code_to_check = user.init_2fa_recovery_codes()[0] |
|
49 | recovery_code_to_check = user.init_2fa_recovery_codes()[0] | |
52 | Session().add(user) |
|
50 | Session().add(user) | |
53 | Session().commit() |
|
51 | Session().commit() | |
54 | self.app.post( |
|
52 | self.app.post( | |
55 | route_path('login'), |
|
53 | route_path('login'), | |
56 | {'username': user.username, |
|
54 | {'username': user.username, | |
57 | 'password': self.password}) |
|
55 | 'password': self.password}) | |
58 | response = self.app.post(route_path('check_2fa'), {'totp': recovery_code_to_check}) |
|
56 | response = self.app.post(route_path('check_2fa'), {'totp': recovery_code_to_check}) | |
59 | assert response.status_code == 302 |
|
57 | assert response.status_code == 302 | |
60 | response = self.app.post(route_path('check_2fa'), {'totp': recovery_code_to_check}) |
|
58 | response = self.app.post(route_path('check_2fa'), {'totp': recovery_code_to_check}) | |
61 | response.mustcontain('Code is invalid. Try again!') |
|
59 | response.mustcontain('Code is invalid. Try again!') | |
62 |
|
60 | |||
63 | def test_2fa_state_when_forced_by_admin(self, user_util): |
|
61 | def test_2fa_state_when_forced_by_admin(self, user_util): | |
64 | user = user_util.create_user(password=self.password) |
|
62 | user = user_util.create_user(password=self.password) | |
65 | user.has_enabled_2fa = False |
|
63 | user.has_enabled_2fa = False | |
66 | SettingsModel().create_or_update_setting('auth_rhodecode_global_2fa', True) |
|
64 | with mock.patch.object( | |
|
65 | SettingsModel, 'get_setting_by_name', lambda *a, **kw: AttributeDict(app_settings_value=True)): | |||
|
66 | ||||
67 | assert user.has_enabled_2fa |
|
67 | assert user.has_enabled_2fa |
General Comments 0
You need to be logged in to leave comments.
Login now