test_login.py
291 lines
| 13.3 KiB
| text/x-python
|
PythonLexer
r728 | # -*- coding: utf-8 -*- | |||
r547 | from rhodecode.tests import * | |||
r1732 | from rhodecode.model.db import User, Notification | |||
r2109 | from rhodecode.lib.utils2 import generate_api_key | |||
r547 | from rhodecode.lib.auth import check_password | |||
r2467 | from rhodecode.lib import helpers as h | |||
from rhodecode.model import validators | ||||
r547 | ||||
r2109 | ||||
r547 | class TestLoginController(TestController): | |||
r1732 | def tearDown(self): | |||
for n in Notification.query().all(): | ||||
r2529 | self.Session().delete(n) | |||
r1732 | ||||
r2529 | self.Session().commit() | |||
r1732 | self.assertEqual(Notification.query().all(), []) | |||
r547 | def test_index(self): | |||
response = self.app.get(url(controller='login', action='index')) | ||||
r1418 | self.assertEqual(response.status, '200 OK') | |||
r547 | # Test response... | |||
def test_login_admin_ok(self): | ||||
response = self.app.post(url(controller='login', action='index'), | ||||
r2467 | {'username': 'test_admin', | |||
'password': 'test12'}) | ||||
r1418 | self.assertEqual(response.status, '302 Found') | |||
r2467 | self.assertEqual(response.session['rhodecode_user'].get('username'), | |||
r1418 | 'test_admin') | |||
r547 | response = response.follow() | |||
r1418 | self.assertTrue('%s repository' % HG_REPO in response.body) | |||
r659 | ||||
r547 | def test_login_regular_ok(self): | |||
response = self.app.post(url(controller='login', action='index'), | ||||
r2467 | {'username': 'test_regular', | |||
'password': 'test12'}) | ||||
r1418 | ||||
self.assertEqual(response.status, '302 Found') | ||||
r2467 | self.assertEqual(response.session['rhodecode_user'].get('username'), | |||
r1418 | 'test_regular') | |||
r547 | response = response.follow() | |||
r1418 | self.assertTrue('%s repository' % HG_REPO in response.body) | |||
self.assertTrue('<a title="Admin" href="/_admin">' not in response.body) | ||||
r659 | ||||
r547 | def test_login_ok_came_from(self): | |||
test_came_from = '/_admin/users' | ||||
r1418 | response = self.app.post(url(controller='login', action='index', | |||
came_from=test_came_from), | ||||
r2467 | {'username': 'test_admin', | |||
'password': 'test12'}) | ||||
r1418 | self.assertEqual(response.status, '302 Found') | |||
r547 | response = response.follow() | |||
r659 | ||||
r1418 | self.assertEqual(response.status, '200 OK') | |||
self.assertTrue('Users administration' in response.body) | ||||
r659 | ||||
r2679 | @parameterized.expand([ | |||
('data:text/html,<script>window.alert("xss")</script>',), | ||||
('mailto:test@rhodecode.org',), | ||||
('file:///etc/passwd',), | ||||
('ftp://some.ftp.server',), | ||||
('http://other.domain',), | ||||
]) | ||||
def test_login_bad_came_froms(self, url_came_from): | ||||
response = self.app.post(url(controller='login', action='index', | ||||
came_from=url_came_from), | ||||
{'username': 'test_admin', | ||||
'password': 'test12'}) | ||||
self.assertEqual(response.status, '302 Found') | ||||
self.assertEqual(response._environ['paste.testing_variables'] | ||||
['tmpl_context'].came_from, '/') | ||||
response = response.follow() | ||||
self.assertEqual(response.status, '200 OK') | ||||
r547 | def test_login_short_password(self): | |||
response = self.app.post(url(controller='login', action='index'), | ||||
r2467 | {'username': 'test_admin', | |||
'password': 'as'}) | ||||
r1366 | self.assertEqual(response.status, '200 OK') | |||
r1418 | ||||
r1366 | self.assertTrue('Enter 3 characters or more' in response.body) | |||
r547 | ||||
def test_login_wrong_username_password(self): | ||||
response = self.app.post(url(controller='login', action='index'), | ||||
r2467 | {'username': 'error', | |||
'password': 'test12'}) | ||||
r659 | ||||
r1418 | self.assertTrue('invalid user name' in response.body) | |||
self.assertTrue('invalid password' in response.body) | ||||
r659 | ||||
r723 | #========================================================================== | |||
# REGISTRATIONS | ||||
#========================================================================== | ||||
r547 | def test_register(self): | |||
response = self.app.get(url(controller='login', action='register')) | ||||
r1418 | self.assertTrue('Sign Up to RhodeCode' in response.body) | |||
r659 | ||||
r547 | def test_register_err_same_username(self): | |||
r2467 | uname = 'test_admin' | |||
r547 | response = self.app.post(url(controller='login', action='register'), | |||
r2467 | {'username': uname, | |||
'password': 'test12', | ||||
'password_confirmation': 'test12', | ||||
'email': 'goodmail@domain.com', | ||||
r2595 | 'firstname': 'test', | |||
r2467 | 'lastname': 'test'}) | |||
r659 | ||||
r2467 | msg = validators.ValidUsername()._messages['username_exists'] | |||
msg = h.html_escape(msg % {'username': uname}) | ||||
response.mustcontain(msg) | ||||
r659 | ||||
r745 | def test_register_err_same_email(self): | |||
response = self.app.post(url(controller='login', action='register'), | ||||
r2467 | {'username': 'test_admin_0', | |||
'password': 'test12', | ||||
'password_confirmation': 'test12', | ||||
'email': 'test_admin@mail.com', | ||||
r2595 | 'firstname': 'test', | |||
r2467 | 'lastname': 'test'}) | |||
r745 | ||||
r2467 | msg = validators.UniqSystemEmail()()._messages['email_taken'] | |||
response.mustcontain(msg) | ||||
r745 | ||||
def test_register_err_same_email_case_sensitive(self): | ||||
response = self.app.post(url(controller='login', action='register'), | ||||
r2467 | {'username': 'test_admin_1', | |||
'password': 'test12', | ||||
'password_confirmation': 'test12', | ||||
'email': 'TesT_Admin@mail.COM', | ||||
r2595 | 'firstname': 'test', | |||
r2467 | 'lastname': 'test'}) | |||
msg = validators.UniqSystemEmail()()._messages['email_taken'] | ||||
response.mustcontain(msg) | ||||
r745 | ||||
r547 | def test_register_err_wrong_data(self): | |||
response = self.app.post(url(controller='login', action='register'), | ||||
r2467 | {'username': 'xs', | |||
'password': 'test', | ||||
'password_confirmation': 'test', | ||||
'email': 'goodmailm', | ||||
r2595 | 'firstname': 'test', | |||
r2467 | 'lastname': 'test'}) | |||
self.assertEqual(response.status, '200 OK') | ||||
r2248 | response.mustcontain('An email address must contain a single @') | |||
response.mustcontain('Enter a value 6 characters long or more') | ||||
r659 | ||||
r745 | def test_register_err_username(self): | |||
response = self.app.post(url(controller='login', action='register'), | ||||
r2467 | {'username': 'error user', | |||
'password': 'test12', | ||||
'password_confirmation': 'test12', | ||||
'email': 'goodmailm', | ||||
r2595 | 'firstname': 'test', | |||
r2467 | 'lastname': 'test'}) | |||
r745 | ||||
r2248 | response.mustcontain('An email address must contain a single @') | |||
response.mustcontain('Username may only contain ' | ||||
r1021 | 'alphanumeric characters underscores, ' | |||
'periods or dashes and must begin with ' | ||||
r2248 | 'alphanumeric character') | |||
r745 | ||||
def test_register_err_case_sensitive(self): | ||||
r2467 | usr = 'Test_Admin' | |||
r745 | response = self.app.post(url(controller='login', action='register'), | |||
r2467 | {'username': usr, | |||
'password': 'test12', | ||||
'password_confirmation': 'test12', | ||||
'email': 'goodmailm', | ||||
r2595 | 'firstname': 'test', | |||
r2467 | 'lastname': 'test'}) | |||
r745 | ||||
r2467 | response.mustcontain('An email address must contain a single @') | |||
msg = validators.ValidUsername()._messages['username_exists'] | ||||
msg = h.html_escape(msg % {'username': usr}) | ||||
response.mustcontain(msg) | ||||
r745 | ||||
r723 | def test_register_special_chars(self): | |||
response = self.app.post(url(controller='login', action='register'), | ||||
r2467 | {'username': 'xxxaxn', | |||
'password': 'ąćźżąśśśś', | ||||
'password_confirmation': 'ąćźżąśśśś', | ||||
'email': 'goodmailm@test.plx', | ||||
r2595 | 'firstname': 'test', | |||
r2467 | 'lastname': 'test'}) | |||
r723 | ||||
r2467 | msg = validators.ValidPassword()._messages['invalid_password'] | |||
response.mustcontain(msg) | ||||
r723 | ||||
def test_register_password_mismatch(self): | ||||
response = self.app.post(url(controller='login', action='register'), | ||||
r2467 | {'username': 'xs', | |||
'password': '123qwe', | ||||
'password_confirmation': 'qwe123', | ||||
'email': 'goodmailm@test.plxa', | ||||
r2595 | 'firstname': 'test', | |||
r2467 | 'lastname': 'test'}) | |||
msg = validators.ValidPasswordsMatch()._messages['password_mismatch'] | ||||
response.mustcontain(msg) | ||||
r659 | ||||
r547 | def test_register_ok(self): | |||
username = 'test_regular4' | ||||
password = 'qweqwe' | ||||
email = 'marcin@test.com' | ||||
name = 'testname' | ||||
lastname = 'testlastname' | ||||
r659 | ||||
r547 | response = self.app.post(url(controller='login', action='register'), | |||
r2467 | {'username': username, | |||
'password': password, | ||||
'password_confirmation': password, | ||||
'email': email, | ||||
r2595 | 'firstname': name, | |||
r2467 | 'lastname': lastname, | |||
'admin': True}) # This should be overriden | ||||
r2248 | self.assertEqual(response.status, '302 Found') | |||
r3498 | self.checkSessionFlash(response, 'You have successfully registered into RhodeCode') | |||
r659 | ||||
r2529 | ret = self.Session().query(User).filter(User.username == 'test_regular4').one() | |||
r2248 | self.assertEqual(ret.username, username) | |||
self.assertEqual(check_password(password, ret.password), True) | ||||
self.assertEqual(ret.email, email) | ||||
self.assertEqual(ret.name, name) | ||||
self.assertEqual(ret.lastname, lastname) | ||||
self.assertNotEqual(ret.api_key, None) | ||||
self.assertEqual(ret.admin, False) | ||||
r659 | ||||
def test_forgot_password_wrong_mail(self): | ||||
r2467 | bad_email = 'marcin@wrongmail.org' | |||
r2248 | response = self.app.post( | |||
url(controller='login', action='password_reset'), | ||||
r2467 | {'email': bad_email, } | |||
r2248 | ) | |||
r659 | ||||
r2467 | msg = validators.ValidSystemEmail()._messages['non_existing_email'] | |||
msg = h.html_escape(msg % {'email': bad_email}) | ||||
response.mustcontain() | ||||
r659 | ||||
r547 | def test_forgot_password(self): | |||
r1418 | response = self.app.get(url(controller='login', | |||
action='password_reset')) | ||||
r2248 | self.assertEqual(response.status, '200 OK') | |||
r547 | ||||
username = 'test_password_reset_1' | ||||
password = 'qweqwe' | ||||
email = 'marcin@python-works.com' | ||||
name = 'passwd' | ||||
lastname = 'reset' | ||||
r659 | ||||
r1418 | new = User() | |||
new.username = username | ||||
new.password = password | ||||
new.email = email | ||||
new.name = name | ||||
new.lastname = lastname | ||||
new.api_key = generate_api_key(username) | ||||
r2529 | self.Session().add(new) | |||
self.Session().commit() | ||||
r1418 | ||||
response = self.app.post(url(controller='login', | ||||
action='password_reset'), | ||||
r2467 | {'email': email, }) | |||
r1418 | ||||
self.checkSessionFlash(response, 'Your password reset link was sent') | ||||
response = response.follow() | ||||
# BAD KEY | ||||
key = "bad" | ||||
response = self.app.get(url(controller='login', | ||||
action='password_reset_confirmation', | ||||
key=key)) | ||||
self.assertEqual(response.status, '302 Found') | ||||
self.assertTrue(response.location.endswith(url('reset_password'))) | ||||
# GOOD KEY | ||||
r1530 | key = User.get_by_username(username).api_key | |||
r1418 | response = self.app.get(url(controller='login', | |||
action='password_reset_confirmation', | ||||
key=key)) | ||||
self.assertEqual(response.status, '302 Found') | ||||
self.assertTrue(response.location.endswith(url('login_home'))) | ||||
self.checkSessionFlash(response, | ||||
('Your password reset was successful, ' | ||||
'new password has been sent to your email')) | ||||
response = response.follow() | ||||