pytest: Use hardcoded login URLs in tests....
johbo -
r40:bc180d4b default
Not Reviewed
Show More
Add another comment
TODOs: 0 unresolved 0 Resolved
COMMENTS: 0 General 0 Inline
@@ -43,6 +43,7
43 import pytest
43 import pytest
44
44
45 from rhodecode import is_windows
45 from rhodecode import is_windows
46 from rhodecode.config.routing import ADMIN_PREFIX
46 from rhodecode.model.meta import Session
47 from rhodecode.model.meta import Session
47 from rhodecode.model.db import User
48 from rhodecode.model.db import User
48 from rhodecode.lib import auth
49 from rhodecode.lib import auth
@@ -177,10 +178,10
177
178
178 def login_user_session(
179 def login_user_session(
179 app, username=TEST_USER_ADMIN_LOGIN, password=TEST_USER_ADMIN_PASS):
180 app, username=TEST_USER_ADMIN_LOGIN, password=TEST_USER_ADMIN_PASS):
180 response = app.post(url(controller='login', action='index'),
181 from rhodecode.tests.functional.test_login import login_url
181 {'username': username,
182 response = app.post(
182 'password': password})
183 login_url,
183
184 {'username': username, 'password': password})
184 if 'invalid user name' in response.body:
185 if 'invalid user name' in response.body:
185 pytest.fail('could not login using %s %s' % (username, password))
186 pytest.fail('could not login using %s %s' % (username, password))
186
187
@@ -194,9 +195,8
194
195
195
196
196 def logout_user_session(app, csrf_token):
197 def logout_user_session(app, csrf_token):
197 app.post(
198 from rhodecode.tests.functional.test_login import logut_url
198 url(controller='login', action='logout'),
199 app.post(logut_url, {'csrf_token': csrf_token}, status=302)
199 {'csrf_token': csrf_token}, status=302)
200
200
201
201
202 def login_user(app, username=TEST_USER_ADMIN_LOGIN,
202 def login_user(app, username=TEST_USER_ADMIN_LOGIN,
@@ -22,6 +22,7
22 import pytest
22 import pytest
23
23
24 import rhodecode
24 import rhodecode
25 from rhodecode.config.routing import ADMIN_PREFIX
25 from rhodecode.lib.utils2 import md5
26 from rhodecode.lib.utils2 import md5
26 from rhodecode.model.db import RhodeCodeUi
27 from rhodecode.model.db import RhodeCodeUi
27 from rhodecode.model.meta import Session
28 from rhodecode.model.meta import Session
@@ -157,7 +158,7
157 'csrf_token': csrf_token,
158 'csrf_token': csrf_token,
158 })
159 })
159
160
160 response = self.app.get(url('register'))
161 response = self.app.get(ADMIN_PREFIX + '/register')
161 response.mustcontain('captcha')
162 response.mustcontain('captcha')
162
163
163 def test_captcha_deactivate(self, csrf_token):
164 def test_captcha_deactivate(self, csrf_token):
@@ -167,7 +168,7
167 'csrf_token': csrf_token,
168 'csrf_token': csrf_token,
168 })
169 })
169
170
170 response = self.app.get(url('register'))
171 response = self.app.get(ADMIN_PREFIX + '/register')
171 response.mustcontain(no=['captcha'])
172 response.mustcontain(no=['captcha'])
172
173
173 def test_title_change(self, csrf_token):
174 def test_title_change(self, csrf_token):
@@ -23,9 +23,11
23 import mock
23 import mock
24 import pytest
24 import pytest
25
25
26 from rhodecode.config.routing import ADMIN_PREFIX
26 from rhodecode.tests import (
27 from rhodecode.tests import (
27 assert_session_flash, url, HG_REPO, TEST_USER_ADMIN_LOGIN)
28 assert_session_flash, url, HG_REPO, TEST_USER_ADMIN_LOGIN)
28 from rhodecode.tests.fixture import Fixture
29 from rhodecode.tests.fixture import Fixture
30 from rhodecode.tests.utils import AssertResponse, get_session_from_response
29 from rhodecode.lib.auth import check_password, generate_auth_token
31 from rhodecode.lib.auth import check_password, generate_auth_token
30 from rhodecode.lib import helpers as h
32 from rhodecode.lib import helpers as h
31 from rhodecode.model.auth_token import AuthTokenModel
33 from rhodecode.model.auth_token import AuthTokenModel
@@ -35,6 +37,14
35
37
36 fixture = Fixture()
38 fixture = Fixture()
37
39
40 # Hardcode URLs because we don't have a request object to use
41 # pyramids URL generation methods.
42 login_url = ADMIN_PREFIX + '/login'
43 logut_url = ADMIN_PREFIX + '/logout'
44 register_url = ADMIN_PREFIX + '/register'
45 pwd_reset_url = ADMIN_PREFIX + '/password_reset'
46 pwd_reset_confirm_url = ADMIN_PREFIX + '/password_reset_confirmation'
47
38
48
39 @pytest.mark.usefixtures('app')
49 @pytest.mark.usefixtures('app')
40 class TestLoginController:
50 class TestLoginController:
@@ -52,37 +62,38
52 assert Notification.query().all() == []
62 assert Notification.query().all() == []
53
63
54 def test_index(self):
64 def test_index(self):
55 response = self.app.get(url(controller='login', action='index'))
65 response = self.app.get(login_url)
56 assert response.status == '200 OK'
66 assert response.status == '200 OK'
57 # Test response...
67 # Test response...
58
68
59 def test_login_admin_ok(self):
69 def test_login_admin_ok(self):
60 response = self.app.post(url(controller='login', action='index'),
70 response = self.app.post(login_url,
61 {'username': 'test_admin',
71 {'username': 'test_admin',
62 'password': 'test12'})
72 'password': 'test12'})
63 assert response.status == '302 Found'
73 assert response.status == '302 Found'
64 username = response.session['rhodecode_user'].get('username')
74 session = get_session_from_response(response)
75 username = session['rhodecode_user'].get('username')
65 assert username == 'test_admin'
76 assert username == 'test_admin'
66 response = response.follow()
77 response = response.follow()
67 response.mustcontain('/%s' % HG_REPO)
78 response.mustcontain('/%s' % HG_REPO)
68
79
69 def test_login_regular_ok(self):
80 def test_login_regular_ok(self):
70 response = self.app.post(url(controller='login', action='index'),
81 response = self.app.post(login_url,
71 {'username': 'test_regular',
82 {'username': 'test_regular',
72 'password': 'test12'})
83 'password': 'test12'})
73
84
74 assert response.status == '302 Found'
85 assert response.status == '302 Found'
75 username = response.session['rhodecode_user'].get('username')
86 session = get_session_from_response(response)
87 username = session['rhodecode_user'].get('username')
76 assert username == 'test_regular'
88 assert username == 'test_regular'
77 response = response.follow()
89 response = response.follow()
78 response.mustcontain('/%s' % HG_REPO)
90 response.mustcontain('/%s' % HG_REPO)
79
91
80 def test_login_ok_came_from(self):
92 def test_login_ok_came_from(self):
81 test_came_from = '/_admin/users?branch=stable'
93 test_came_from = '/_admin/users?branch=stable'
82 response = self.app.post(url(controller='login', action='index',
94 _url = '{}?came_from={}'.format(login_url, test_came_from)
83 came_from=test_came_from),
95 response = self.app.post(
84 {'username': 'test_admin',
96 _url, {'username': 'test_admin', 'password': 'test12'})
85 'password': 'test12'})
86 assert response.status == '302 Found'
97 assert response.status == '302 Found'
87 assert 'branch=stable' in response.location
98 assert 'branch=stable' in response.location
88 response = response.follow()
99 response = response.follow()
@@ -100,33 +111,30
100 assert 'branch=stable' in response_query[0][1]
111 assert 'branch=stable' in response_query[0][1]
101
112
102 def test_login_form_with_get_args(self):
113 def test_login_form_with_get_args(self):
103 kwargs = {'branch': 'stable'}
114 _url = '{}?came_from=/_admin/users,branch=stable'.format(login_url)
104 response = self.app.get(
115 response = self.app.get(_url)
105 url(controller='login', action='index',
116 assert 'branch%3Dstable' in response.form.action
106 came_from='/_admin/users', **kwargs))
107 assert 'branch=stable' in response.form.action
108
117
109 @pytest.mark.parametrize("url_came_from", [
118 @pytest.mark.parametrize("url_came_from", [
110 ('data:text/html,<script>window.alert("xss")</script>',),
119 'data:text/html,<script>window.alert("xss")</script>',
111 ('mailto:test@rhodecode.org',),
120 'mailto:test@rhodecode.org',
112 ('file:///etc/passwd',),
121 'file:///etc/passwd',
113 ('ftp://some.ftp.server',),
122 'ftp://some.ftp.server',
114 ('http://other.domain',),
123 'http://other.domain',
115 ('/\r\nX-Forwarded-Host: http://example.org',),
124 '/\r\nX-Forwarded-Host: http://example.org',
116 ])
125 ])
117 def test_login_bad_came_froms(self, url_came_from):
126 def test_login_bad_came_froms(self, url_came_from):
118 response = self.app.post(url(controller='login', action='index',
127 _url = '{}?came_from={}'.format(login_url, url_came_from)
119 came_from=url_came_from),
128 response = self.app.post(
120 {'username': 'test_admin',
129 _url,
121 'password': 'test12'})
130 {'username': 'test_admin', 'password': 'test12'})
122 assert response.status == '302 Found'
131 assert response.status == '302 Found'
123 assert response.tmpl_context.came_from == '/'
124
125 response = response.follow()
132 response = response.follow()
126 assert response.status == '200 OK'
133 assert response.status == '200 OK'
134 assert response.request.path == '/'
127
135
128 def test_login_short_password(self):
136 def test_login_short_password(self):
129 response = self.app.post(url(controller='login', action='index'),
137 response = self.app.post(login_url,
130 {'username': 'test_admin',
138 {'username': 'test_admin',
131 'password': 'as'})
139 'password': 'as'})
132 assert response.status == '200 OK'
140 assert response.status == '200 OK'
@@ -135,7 +143,7
135
143
136 def test_login_wrong_non_ascii_password(self, user_regular):
144 def test_login_wrong_non_ascii_password(self, user_regular):
137 response = self.app.post(
145 response = self.app.post(
138 url(controller='login', action='index'),
146 login_url,
139 {'username': user_regular.username,
147 {'username': user_regular.username,
140 'password': u'invalid-non-asci\xe4'.encode('utf8')})
148 'password': u'invalid-non-asci\xe4'.encode('utf8')})
141
149
@@ -146,13 +154,13
146 password = u'valid-non-ascii\xe4'
154 password = u'valid-non-ascii\xe4'
147 user = user_util.create_user(password=password)
155 user = user_util.create_user(password=password)
148 response = self.app.post(
156 response = self.app.post(
149 url(controller='login', action='index'),
157 login_url,
150 {'username': user.username,
158 {'username': user.username,
151 'password': password.encode('utf-8')})
159 'password': password.encode('utf-8')})
152 assert response.status_code == 302
160 assert response.status_code == 302
153
161
154 def test_login_wrong_username_password(self):
162 def test_login_wrong_username_password(self):
155 response = self.app.post(url(controller='login', action='index'),
163 response = self.app.post(login_url,
156 {'username': 'error',
164 {'username': 'error',
157 'password': 'test12'})
165 'password': 'test12'})
158
166
@@ -170,12 +178,13
170 Session().add(user)
178 Session().add(user)
171 Session().commit()
179 Session().commit()
172 self.destroy_users.add(temp_user)
180 self.destroy_users.add(temp_user)
173 response = self.app.post(url(controller='login', action='index'),
181 response = self.app.post(login_url,
174 {'username': temp_user,
182 {'username': temp_user,
175 'password': 'test123'})
183 'password': 'test123'})
176
184
177 assert response.status == '302 Found'
185 assert response.status == '302 Found'
178 username = response.session['rhodecode_user'].get('username')
186 session = get_session_from_response(response)
187 username = session['rhodecode_user'].get('username')
179 assert username == temp_user
188 assert username == temp_user
180 response = response.follow()
189 response = response.follow()
181 response.mustcontain('/%s' % HG_REPO)
190 response.mustcontain('/%s' % HG_REPO)
@@ -186,13 +195,13
186
195
187 # REGISTRATIONS
196 # REGISTRATIONS
188 def test_register(self):
197 def test_register(self):
189 response = self.app.get(url(controller='login', action='register'))
198 response = self.app.get(register_url)
190 response.mustcontain('Create an Account')
199 response.mustcontain('Create an Account')
191
200
192 def test_register_err_same_username(self):
201 def test_register_err_same_username(self):
193 uname = 'test_admin'
202 uname = 'test_admin'
194 response = self.app.post(
203 response = self.app.post(
195 url(controller='login', action='register'),
204 register_url,
196 {
205 {
197 'username': uname,
206 'username': uname,
198 'password': 'test12',
207 'password': 'test12',
@@ -203,13 +212,14
203 }
212 }
204 )
213 )
205
214
215 assertr = AssertResponse(response)
206 msg = validators.ValidUsername()._messages['username_exists']
216 msg = validators.ValidUsername()._messages['username_exists']
207 msg = h.html_escape(msg % {'username': uname})
217 msg = msg % {'username': uname}
208 response.mustcontain(msg)
218 assertr.element_contains('#username+.error-message', msg)
209
219
210 def test_register_err_same_email(self):
220 def test_register_err_same_email(self):
211 response = self.app.post(
221 response = self.app.post(
212 url(controller='login', action='register'),
222 register_url,
213 {
223 {
214 'username': 'test_admin_0',
224 'username': 'test_admin_0',
215 'password': 'test12',
225 'password': 'test12',
@@ -220,12 +230,13
220 }
230 }
221 )
231 )
222
232
233 assertr = AssertResponse(response)
223 msg = validators.UniqSystemEmail()()._messages['email_taken']
234 msg = validators.UniqSystemEmail()()._messages['email_taken']
224 response.mustcontain(msg)
235 assertr.element_contains('#email+.error-message', msg)
225
236
226 def test_register_err_same_email_case_sensitive(self):
237 def test_register_err_same_email_case_sensitive(self):
227 response = self.app.post(
238 response = self.app.post(
228 url(controller='login', action='register'),
239 register_url,
229 {
240 {
230 'username': 'test_admin_1',
241 'username': 'test_admin_1',
231 'password': 'test12',
242 'password': 'test12',
@@ -235,12 +246,13
235 'lastname': 'test'
246 'lastname': 'test'
236 }
247 }
237 )
248 )
249 assertr = AssertResponse(response)
238 msg = validators.UniqSystemEmail()()._messages['email_taken']
250 msg = validators.UniqSystemEmail()()._messages['email_taken']
239 response.mustcontain(msg)
251 assertr.element_contains('#email+.error-message', msg)
240
252
241 def test_register_err_wrong_data(self):
253 def test_register_err_wrong_data(self):
242 response = self.app.post(
254 response = self.app.post(
243 url(controller='login', action='register'),
255 register_url,
244 {
256 {
245 'username': 'xs',
257 'username': 'xs',
246 'password': 'test',
258 'password': 'test',
@@ -256,7 +268,7
256
268
257 def test_register_err_username(self):
269 def test_register_err_username(self):
258 response = self.app.post(
270 response = self.app.post(
259 url(controller='login', action='register'),
271 register_url,
260 {
272 {
261 'username': 'error user',
273 'username': 'error user',
262 'password': 'test12',
274 'password': 'test12',
@@ -277,7 +289,7
277 def test_register_err_case_sensitive(self):
289 def test_register_err_case_sensitive(self):
278 usr = 'Test_Admin'
290 usr = 'Test_Admin'
279 response = self.app.post(
291 response = self.app.post(
280 url(controller='login', action='register'),
292 register_url,
281 {
293 {
282 'username': usr,
294 'username': usr,
283 'password': 'test12',
295 'password': 'test12',
@@ -288,14 +300,14
288 }
300 }
289 )
301 )
290
302
291 response.mustcontain('An email address must contain a single @')
303 assertr = AssertResponse(response)
292 msg = validators.ValidUsername()._messages['username_exists']
304 msg = validators.ValidUsername()._messages['username_exists']
293 msg = h.html_escape(msg % {'username': usr})
305 msg = msg % {'username': usr}
294 response.mustcontain(msg)
306 assertr.element_contains('#username+.error-message', msg)
295
307
296 def test_register_special_chars(self):
308 def test_register_special_chars(self):
297 response = self.app.post(
309 response = self.app.post(
298 url(controller='login', action='register'),
310 register_url,
299 {
311 {
300 'username': 'xxxaxn',
312 'username': 'xxxaxn',
301 'password': 'ąćźżąśśśś',
313 'password': 'ąćźżąśśśś',
@@ -311,7 +323,7
311
323
312 def test_register_password_mismatch(self):
324 def test_register_password_mismatch(self):
313 response = self.app.post(
325 response = self.app.post(
314 url(controller='login', action='register'),
326 register_url,
315 {
327 {
316 'username': 'xs',
328 'username': 'xs',
317 'password': '123qwe',
329 'password': '123qwe',
@@ -332,7 +344,7
332 lastname = 'testlastname'
344 lastname = 'testlastname'
333
345
334 response = self.app.post(
346 response = self.app.post(
335 url(controller='login', action='register'),
347 register_url,
336 {
348 {
337 'username': username,
349 'username': username,
338 'password': password,
350 'password': password,
@@ -360,7 +372,7
360 def test_forgot_password_wrong_mail(self):
372 def test_forgot_password_wrong_mail(self):
361 bad_email = 'marcin@wrongmail.org'
373 bad_email = 'marcin@wrongmail.org'
362 response = self.app.post(
374 response = self.app.post(
363 url(controller='login', action='password_reset'),
375 pwd_reset_url,
364 {'email': bad_email, }
376 {'email': bad_email, }
365 )
377 )
366
378
@@ -369,8 +381,7
369 response.mustcontain()
381 response.mustcontain()
370
382
371 def test_forgot_password(self):
383 def test_forgot_password(self):
372 response = self.app.get(url(controller='login',
384 response = self.app.get(pwd_reset_url)
373 action='password_reset'))
374 assert response.status == '200 OK'
385 assert response.status == '200 OK'
375
386
376 username = 'test_password_reset_1'
387 username = 'test_password_reset_1'
@@ -389,8 +400,7
389 Session().add(new)
400 Session().add(new)
390 Session().commit()
401 Session().commit()
391
402
392 response = self.app.post(url(controller='login',
403 response = self.app.post(pwd_reset_url,
393 action='password_reset'),
394 {'email': email, })
404 {'email': email, })
395
405
396 assert_session_flash(
406 assert_session_flash(
@@ -401,20 +411,18
401 # BAD KEY
411 # BAD KEY
402
412
403 key = "bad"
413 key = "bad"
404 response = self.app.get(url(controller='login',
414 confirm_url = '{}?key={}'.format(pwd_reset_confirm_url, key)
405 action='password_reset_confirmation',
415 response = self.app.get(confirm_url)
406 key=key))
407 assert response.status == '302 Found'
416 assert response.status == '302 Found'
408 assert response.location.endswith(url('reset_password'))
417 assert response.location.endswith(pwd_reset_url)
409
418
410 # GOOD KEY
419 # GOOD KEY
411
420
412 key = User.get_by_username(username).api_key
421 key = User.get_by_username(username).api_key
413 response = self.app.get(url(controller='login',
422 confirm_url = '{}?key={}'.format(pwd_reset_confirm_url, key)
414 action='password_reset_confirmation',
423 response = self.app.get(confirm_url)
415 key=key))
416 assert response.status == '302 Found'
424 assert response.status == '302 Found'
417 assert response.location.endswith(url('login_home'))
425 assert response.location.endswith(login_url)
418
426
419 assert_session_flash(
427 assert_session_flash(
420 response,
428 response,
@@ -99,12 +99,13
99 in response) != pr_merge_enabled
99 in response) != pr_merge_enabled
100
100
101 def test_close_status_visibility(self, pr_util, csrf_token):
101 def test_close_status_visibility(self, pr_util, csrf_token):
102 from rhodecode.tests.functional.test_login import login_url, logut_url
102 # Logout
103 # Logout
103 response = self.app.post(
104 response = self.app.post(
104 url(controller='login', action='logout'),
105 logut_url,
105 params={'csrf_token': csrf_token})
106 params={'csrf_token': csrf_token})
106 # Login as regular user
107 # Login as regular user
107 response = self.app.post(url(controller='login', action='index'),
108 response = self.app.post(login_url,
108 {'username': 'test_regular',
109 {'username': 'test_regular',
109 'password': 'test12'})
110 'password': 'test12'})
110
111
Comments 0
You need to be logged in to leave comments. Login now