##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
pytest: Use hardcoded login URLs in tests....
johbo -
r40:bc180d4b default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -43,6 +43,7 b' from nose.plugins.skip import SkipTest'
43 43 import pytest
44 44
45 45 from rhodecode import is_windows
46 from rhodecode.config.routing import ADMIN_PREFIX
46 47 from rhodecode.model.meta import Session
47 48 from rhodecode.model.db import User
48 49 from rhodecode.lib import auth
@@ -177,10 +178,10 b' class TestController(object):'
177 178
178 179 def login_user_session(
179 180 app, username=TEST_USER_ADMIN_LOGIN, password=TEST_USER_ADMIN_PASS):
180 response = app.post(url(controller='login', action='index'),
181 {'username': username,
182 'password': password})
183
181 from rhodecode.tests.functional.test_login import login_url
182 response = app.post(
183 login_url,
184 {'username': username, 'password': password})
184 185 if 'invalid user name' in response.body:
185 186 pytest.fail('could not login using %s %s' % (username, password))
186 187
@@ -194,9 +195,8 b' def login_user_session('
194 195
195 196
196 197 def logout_user_session(app, csrf_token):
197 app.post(
198 url(controller='login', action='logout'),
199 {'csrf_token': csrf_token}, status=302)
198 from rhodecode.tests.functional.test_login import logut_url
199 app.post(logut_url, {'csrf_token': csrf_token}, status=302)
200 200
201 201
202 202 def login_user(app, username=TEST_USER_ADMIN_LOGIN,
Show file before | Show file after | Hide comments
@@ -22,6 +22,7 b' import mock'
22 22 import pytest
23 23
24 24 import rhodecode
25 from rhodecode.config.routing import ADMIN_PREFIX
25 26 from rhodecode.lib.utils2 import md5
26 27 from rhodecode.model.db import RhodeCodeUi
27 28 from rhodecode.model.meta import Session
@@ -157,7 +158,7 b' class TestAdminSettingsGlobal:'
157 158 'csrf_token': csrf_token,
158 159 })
159 160
160 response = self.app.get(url('register'))
161 response = self.app.get(ADMIN_PREFIX + '/register')
161 162 response.mustcontain('captcha')
162 163
163 164 def test_captcha_deactivate(self, csrf_token):
@@ -167,7 +168,7 b' class TestAdminSettingsGlobal:'
167 168 'csrf_token': csrf_token,
168 169 })
169 170
170 response = self.app.get(url('register'))
171 response = self.app.get(ADMIN_PREFIX + '/register')
171 172 response.mustcontain(no=['captcha'])
172 173
173 174 def test_title_change(self, csrf_token):
Show file before | Show file after | Hide comments
@@ -23,9 +23,11 b' import urlparse'
23 23 import mock
24 24 import pytest
25 25
26 from rhodecode.config.routing import ADMIN_PREFIX
26 27 from rhodecode.tests import (
27 28 assert_session_flash, url, HG_REPO, TEST_USER_ADMIN_LOGIN)
28 29 from rhodecode.tests.fixture import Fixture
30 from rhodecode.tests.utils import AssertResponse, get_session_from_response
29 31 from rhodecode.lib.auth import check_password, generate_auth_token
30 32 from rhodecode.lib import helpers as h
31 33 from rhodecode.model.auth_token import AuthTokenModel
@@ -35,6 +37,14 b' from rhodecode.model.meta import Session'
35 37
36 38 fixture = Fixture()
37 39
40 # Hardcode URLs because we don't have a request object to use
41 # pyramids URL generation methods.
42 login_url = ADMIN_PREFIX + '/login'
43 logut_url = ADMIN_PREFIX + '/logout'
44 register_url = ADMIN_PREFIX + '/register'
45 pwd_reset_url = ADMIN_PREFIX + '/password_reset'
46 pwd_reset_confirm_url = ADMIN_PREFIX + '/password_reset_confirmation'
47
38 48
39 49 @pytest.mark.usefixtures('app')
40 50 class TestLoginController:
@@ -52,37 +62,38 b' class TestLoginController:'
52 62 assert Notification.query().all() == []
53 63
54 64 def test_index(self):
55 response = self.app.get(url(controller='login', action='index'))
65 response = self.app.get(login_url)
56 66 assert response.status == '200 OK'
57 67 # Test response...
58 68
59 69 def test_login_admin_ok(self):
60 response = self.app.post(url(controller='login', action='index'),
70 response = self.app.post(login_url,
61 71 {'username': 'test_admin',
62 72 'password': 'test12'})
63 73 assert response.status == '302 Found'
64 username = response.session['rhodecode_user'].get('username')
74 session = get_session_from_response(response)
75 username = session['rhodecode_user'].get('username')
65 76 assert username == 'test_admin'
66 77 response = response.follow()
67 78 response.mustcontain('/%s' % HG_REPO)
68 79
69 80 def test_login_regular_ok(self):
70 response = self.app.post(url(controller='login', action='index'),
81 response = self.app.post(login_url,
71 82 {'username': 'test_regular',
72 83 'password': 'test12'})
73 84
74 85 assert response.status == '302 Found'
75 username = response.session['rhodecode_user'].get('username')
86 session = get_session_from_response(response)
87 username = session['rhodecode_user'].get('username')
76 88 assert username == 'test_regular'
77 89 response = response.follow()
78 90 response.mustcontain('/%s' % HG_REPO)
79 91
80 92 def test_login_ok_came_from(self):
81 93 test_came_from = '/_admin/users?branch=stable'
82 response = self.app.post(url(controller='login', action='index',
83 came_from=test_came_from),
84 {'username': 'test_admin',
85 'password': 'test12'})
94 _url = '{}?came_from={}'.format(login_url, test_came_from)
95 response = self.app.post(
96 _url, {'username': 'test_admin', 'password': 'test12'})
86 97 assert response.status == '302 Found'
87 98 assert 'branch=stable' in response.location
88 99 response = response.follow()
@@ -100,33 +111,30 b' class TestLoginController:'
100 111 assert 'branch=stable' in response_query[0][1]
101 112
102 113 def test_login_form_with_get_args(self):
103 kwargs = {'branch': 'stable'}
104 response = self.app.get(
105 url(controller='login', action='index',
106 came_from='/_admin/users', **kwargs))
107 assert 'branch=stable' in response.form.action
114 _url = '{}?came_from=/_admin/users,branch=stable'.format(login_url)
115 response = self.app.get(_url)
116 assert 'branch%3Dstable' in response.form.action
108 117
109 118 @pytest.mark.parametrize("url_came_from", [
110 ('data:text/html,<script>window.alert("xss")</script>',),
111 ('mailto:test@rhodecode.org',),
112 ('file:///etc/passwd',),
113 ('ftp://some.ftp.server',),
114 ('http://other.domain',),
115 ('/\r\nX-Forwarded-Host: http://example.org',),
119 'data:text/html,<script>window.alert("xss")</script>',
120 'mailto:test@rhodecode.org',
121 'file:///etc/passwd',
122 'ftp://some.ftp.server',
123 'http://other.domain',
124 '/\r\nX-Forwarded-Host: http://example.org',
116 125 ])
117 126 def test_login_bad_came_froms(self, url_came_from):
118 response = self.app.post(url(controller='login', action='index',
119 came_from=url_came_from),
120 {'username': 'test_admin',
121 'password': 'test12'})
127 _url = '{}?came_from={}'.format(login_url, url_came_from)
128 response = self.app.post(
129 _url,
130 {'username': 'test_admin', 'password': 'test12'})
122 131 assert response.status == '302 Found'
123 assert response.tmpl_context.came_from == '/'
124
125 132 response = response.follow()
126 133 assert response.status == '200 OK'
134 assert response.request.path == '/'
127 135
128 136 def test_login_short_password(self):
129 response = self.app.post(url(controller='login', action='index'),
137 response = self.app.post(login_url,
130 138 {'username': 'test_admin',
131 139 'password': 'as'})
132 140 assert response.status == '200 OK'
@@ -135,7 +143,7 b' class TestLoginController:'
135 143
136 144 def test_login_wrong_non_ascii_password(self, user_regular):
137 145 response = self.app.post(
138 url(controller='login', action='index'),
146 login_url,
139 147 {'username': user_regular.username,
140 148 'password': u'invalid-non-asci\xe4'.encode('utf8')})
141 149
@@ -146,13 +154,13 b' class TestLoginController:'
146 154 password = u'valid-non-ascii\xe4'
147 155 user = user_util.create_user(password=password)
148 156 response = self.app.post(
149 url(controller='login', action='index'),
157 login_url,
150 158 {'username': user.username,
151 159 'password': password.encode('utf-8')})
152 160 assert response.status_code == 302
153 161
154 162 def test_login_wrong_username_password(self):
155 response = self.app.post(url(controller='login', action='index'),
163 response = self.app.post(login_url,
156 164 {'username': 'error',
157 165 'password': 'test12'})
158 166
@@ -170,12 +178,13 b' class TestLoginController:'
170 178 Session().add(user)
171 179 Session().commit()
172 180 self.destroy_users.add(temp_user)
173 response = self.app.post(url(controller='login', action='index'),
181 response = self.app.post(login_url,
174 182 {'username': temp_user,
175 183 'password': 'test123'})
176 184
177 185 assert response.status == '302 Found'
178 username = response.session['rhodecode_user'].get('username')
186 session = get_session_from_response(response)
187 username = session['rhodecode_user'].get('username')
179 188 assert username == temp_user
180 189 response = response.follow()
181 190 response.mustcontain('/%s' % HG_REPO)
@@ -186,13 +195,13 b' class TestLoginController:'
186 195
187 196 # REGISTRATIONS
188 197 def test_register(self):
189 response = self.app.get(url(controller='login', action='register'))
198 response = self.app.get(register_url)
190 199 response.mustcontain('Create an Account')
191 200
192 201 def test_register_err_same_username(self):
193 202 uname = 'test_admin'
194 203 response = self.app.post(
195 url(controller='login', action='register'),
204 register_url,
196 205 {
197 206 'username': uname,
198 207 'password': 'test12',
@@ -203,13 +212,14 b' class TestLoginController:'
203 212 }
204 213 )
205 214
215 assertr = AssertResponse(response)
206 216 msg = validators.ValidUsername()._messages['username_exists']
207 msg = h.html_escape(msg % {'username': uname})
208 response.mustcontain(msg)
217 msg = msg % {'username': uname}
218 assertr.element_contains('#username+.error-message', msg)
209 219
210 220 def test_register_err_same_email(self):
211 221 response = self.app.post(
212 url(controller='login', action='register'),
222 register_url,
213 223 {
214 224 'username': 'test_admin_0',
215 225 'password': 'test12',
@@ -220,12 +230,13 b' class TestLoginController:'
220 230 }
221 231 )
222 232
233 assertr = AssertResponse(response)
223 234 msg = validators.UniqSystemEmail()()._messages['email_taken']
224 response.mustcontain(msg)
235 assertr.element_contains('#email+.error-message', msg)
225 236
226 237 def test_register_err_same_email_case_sensitive(self):
227 238 response = self.app.post(
228 url(controller='login', action='register'),
239 register_url,
229 240 {
230 241 'username': 'test_admin_1',
231 242 'password': 'test12',
@@ -235,12 +246,13 b' class TestLoginController:'
235 246 'lastname': 'test'
236 247 }
237 248 )
249 assertr = AssertResponse(response)
238 250 msg = validators.UniqSystemEmail()()._messages['email_taken']
239 response.mustcontain(msg)
251 assertr.element_contains('#email+.error-message', msg)
240 252
241 253 def test_register_err_wrong_data(self):
242 254 response = self.app.post(
243 url(controller='login', action='register'),
255 register_url,
244 256 {
245 257 'username': 'xs',
246 258 'password': 'test',
@@ -256,7 +268,7 b' class TestLoginController:'
256 268
257 269 def test_register_err_username(self):
258 270 response = self.app.post(
259 url(controller='login', action='register'),
271 register_url,
260 272 {
261 273 'username': 'error user',
262 274 'password': 'test12',
@@ -277,7 +289,7 b' class TestLoginController:'
277 289 def test_register_err_case_sensitive(self):
278 290 usr = 'Test_Admin'
279 291 response = self.app.post(
280 url(controller='login', action='register'),
292 register_url,
281 293 {
282 294 'username': usr,
283 295 'password': 'test12',
@@ -288,14 +300,14 b' class TestLoginController:'
288 300 }
289 301 )
290 302
291 response.mustcontain('An email address must contain a single @')
303 assertr = AssertResponse(response)
292 304 msg = validators.ValidUsername()._messages['username_exists']
293 msg = h.html_escape(msg % {'username': usr})
294 response.mustcontain(msg)
305 msg = msg % {'username': usr}
306 assertr.element_contains('#username+.error-message', msg)
295 307
296 308 def test_register_special_chars(self):
297 309 response = self.app.post(
298 url(controller='login', action='register'),
310 register_url,
299 311 {
300 312 'username': 'xxxaxn',
301 313 'password': 'ąćźżąśśśś',
@@ -311,7 +323,7 b' class TestLoginController:'
311 323
312 324 def test_register_password_mismatch(self):
313 325 response = self.app.post(
314 url(controller='login', action='register'),
326 register_url,
315 327 {
316 328 'username': 'xs',
317 329 'password': '123qwe',
@@ -332,7 +344,7 b' class TestLoginController:'
332 344 lastname = 'testlastname'
333 345
334 346 response = self.app.post(
335 url(controller='login', action='register'),
347 register_url,
336 348 {
337 349 'username': username,
338 350 'password': password,
@@ -360,7 +372,7 b' class TestLoginController:'
360 372 def test_forgot_password_wrong_mail(self):
361 373 bad_email = 'marcin@wrongmail.org'
362 374 response = self.app.post(
363 url(controller='login', action='password_reset'),
375 pwd_reset_url,
364 376 {'email': bad_email, }
365 377 )
366 378
@@ -369,8 +381,7 b' class TestLoginController:'
369 381 response.mustcontain()
370 382
371 383 def test_forgot_password(self):
372 response = self.app.get(url(controller='login',
373 action='password_reset'))
384 response = self.app.get(pwd_reset_url)
374 385 assert response.status == '200 OK'
375 386
376 387 username = 'test_password_reset_1'
@@ -389,8 +400,7 b' class TestLoginController:'
389 400 Session().add(new)
390 401 Session().commit()
391 402
392 response = self.app.post(url(controller='login',
393 action='password_reset'),
403 response = self.app.post(pwd_reset_url,
394 404 {'email': email, })
395 405
396 406 assert_session_flash(
@@ -401,20 +411,18 b' class TestLoginController:'
401 411 # BAD KEY
402 412
403 413 key = "bad"
404 response = self.app.get(url(controller='login',
405 action='password_reset_confirmation',
406 key=key))
414 confirm_url = '{}?key={}'.format(pwd_reset_confirm_url, key)
415 response = self.app.get(confirm_url)
407 416 assert response.status == '302 Found'
408 assert response.location.endswith(url('reset_password'))
417 assert response.location.endswith(pwd_reset_url)
409 418
410 419 # GOOD KEY
411 420
412 421 key = User.get_by_username(username).api_key
413 response = self.app.get(url(controller='login',
414 action='password_reset_confirmation',
415 key=key))
422 confirm_url = '{}?key={}'.format(pwd_reset_confirm_url, key)
423 response = self.app.get(confirm_url)
416 424 assert response.status == '302 Found'
417 assert response.location.endswith(url('login_home'))
425 assert response.location.endswith(login_url)
418 426
419 427 assert_session_flash(
420 428 response,
Show file before | Show file after | Hide comments
@@ -99,12 +99,13 b' class TestPullrequestsController:'
99 99 in response) != pr_merge_enabled
100 100
101 101 def test_close_status_visibility(self, pr_util, csrf_token):
102 from rhodecode.tests.functional.test_login import login_url, logut_url
102 103 # Logout
103 104 response = self.app.post(
104 url(controller='login', action='logout'),
105 logut_url,
105 106 params={'csrf_token': csrf_token})
106 107 # Login as regular user
107 response = self.app.post(url(controller='login', action='index'),
108 response = self.app.post(login_url,
108 109 {'username': 'test_regular',
109 110 'password': 'test12'})
110 111
General Comments 0
You need to be logged in to leave comments. Login now