##// END OF EJS Templates
fixed login tests
marcink -
r3630:5d8cda8e beta
parent child Browse files
Show More
@@ -1,291 +1,290 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2 from rhodecode.tests import *
2 from rhodecode.tests import *
3 from rhodecode.model.db import User, Notification
3 from rhodecode.model.db import User, Notification
4 from rhodecode.lib.utils2 import generate_api_key
4 from rhodecode.lib.utils2 import generate_api_key
5 from rhodecode.lib.auth import check_password
5 from rhodecode.lib.auth import check_password
6 from rhodecode.lib import helpers as h
6 from rhodecode.lib import helpers as h
7 from rhodecode.model import validators
7 from rhodecode.model import validators
8
8
9
9
10 class TestLoginController(TestController):
10 class TestLoginController(TestController):
11
11
12 def tearDown(self):
12 def tearDown(self):
13 for n in Notification.query().all():
13 for n in Notification.query().all():
14 self.Session().delete(n)
14 self.Session().delete(n)
15
15
16 self.Session().commit()
16 self.Session().commit()
17 self.assertEqual(Notification.query().all(), [])
17 self.assertEqual(Notification.query().all(), [])
18
18
19 def test_index(self):
19 def test_index(self):
20 response = self.app.get(url(controller='login', action='index'))
20 response = self.app.get(url(controller='login', action='index'))
21 self.assertEqual(response.status, '200 OK')
21 self.assertEqual(response.status, '200 OK')
22 # Test response...
22 # Test response...
23
23
24 def test_login_admin_ok(self):
24 def test_login_admin_ok(self):
25 response = self.app.post(url(controller='login', action='index'),
25 response = self.app.post(url(controller='login', action='index'),
26 {'username': 'test_admin',
26 {'username': 'test_admin',
27 'password': 'test12'})
27 'password': 'test12'})
28 self.assertEqual(response.status, '302 Found')
28 self.assertEqual(response.status, '302 Found')
29 self.assertEqual(response.session['rhodecode_user'].get('username'),
29 self.assertEqual(response.session['rhodecode_user'].get('username'),
30 'test_admin')
30 'test_admin')
31 response = response.follow()
31 response = response.follow()
32 self.assertTrue('%s repository' % HG_REPO in response.body)
32 response.mustcontain('/%s' % HG_REPO)
33
33
34 def test_login_regular_ok(self):
34 def test_login_regular_ok(self):
35 response = self.app.post(url(controller='login', action='index'),
35 response = self.app.post(url(controller='login', action='index'),
36 {'username': 'test_regular',
36 {'username': 'test_regular',
37 'password': 'test12'})
37 'password': 'test12'})
38
38
39 self.assertEqual(response.status, '302 Found')
39 self.assertEqual(response.status, '302 Found')
40 self.assertEqual(response.session['rhodecode_user'].get('username'),
40 self.assertEqual(response.session['rhodecode_user'].get('username'),
41 'test_regular')
41 'test_regular')
42 response = response.follow()
42 response = response.follow()
43 self.assertTrue('%s repository' % HG_REPO in response.body)
43 response.mustcontain('/%s' % HG_REPO)
44 self.assertTrue('<a title="Admin" href="/_admin">' not in response.body)
45
44
46 def test_login_ok_came_from(self):
45 def test_login_ok_came_from(self):
47 test_came_from = '/_admin/users'
46 test_came_from = '/_admin/users'
48 response = self.app.post(url(controller='login', action='index',
47 response = self.app.post(url(controller='login', action='index',
49 came_from=test_came_from),
48 came_from=test_came_from),
50 {'username': 'test_admin',
49 {'username': 'test_admin',
51 'password': 'test12'})
50 'password': 'test12'})
52 self.assertEqual(response.status, '302 Found')
51 self.assertEqual(response.status, '302 Found')
53 response = response.follow()
52 response = response.follow()
54
53
55 self.assertEqual(response.status, '200 OK')
54 self.assertEqual(response.status, '200 OK')
56 self.assertTrue('Users administration' in response.body)
55 response.mustcontain('Users administration')
57
56
58 @parameterized.expand([
57 @parameterized.expand([
59 ('data:text/html,<script>window.alert("xss")</script>',),
58 ('data:text/html,<script>window.alert("xss")</script>',),
60 ('mailto:test@rhodecode.org',),
59 ('mailto:test@rhodecode.org',),
61 ('file:///etc/passwd',),
60 ('file:///etc/passwd',),
62 ('ftp://some.ftp.server',),
61 ('ftp://some.ftp.server',),
63 ('http://other.domain',),
62 ('http://other.domain',),
64 ])
63 ])
65 def test_login_bad_came_froms(self, url_came_from):
64 def test_login_bad_came_froms(self, url_came_from):
66 response = self.app.post(url(controller='login', action='index',
65 response = self.app.post(url(controller='login', action='index',
67 came_from=url_came_from),
66 came_from=url_came_from),
68 {'username': 'test_admin',
67 {'username': 'test_admin',
69 'password': 'test12'})
68 'password': 'test12'})
70 self.assertEqual(response.status, '302 Found')
69 self.assertEqual(response.status, '302 Found')
71 self.assertEqual(response._environ['paste.testing_variables']
70 self.assertEqual(response._environ['paste.testing_variables']
72 ['tmpl_context'].came_from, '/')
71 ['tmpl_context'].came_from, '/')
73 response = response.follow()
72 response = response.follow()
74
73
75 self.assertEqual(response.status, '200 OK')
74 self.assertEqual(response.status, '200 OK')
76
75
77 def test_login_short_password(self):
76 def test_login_short_password(self):
78 response = self.app.post(url(controller='login', action='index'),
77 response = self.app.post(url(controller='login', action='index'),
79 {'username': 'test_admin',
78 {'username': 'test_admin',
80 'password': 'as'})
79 'password': 'as'})
81 self.assertEqual(response.status, '200 OK')
80 self.assertEqual(response.status, '200 OK')
82
81
83 self.assertTrue('Enter 3 characters or more' in response.body)
82 response.mustcontain('Enter 3 characters or more')
84
83
85 def test_login_wrong_username_password(self):
84 def test_login_wrong_username_password(self):
86 response = self.app.post(url(controller='login', action='index'),
85 response = self.app.post(url(controller='login', action='index'),
87 {'username': 'error',
86 {'username': 'error',
88 'password': 'test12'})
87 'password': 'test12'})
89
88
90 self.assertTrue('invalid user name' in response.body)
89 response.mustcontain('invalid user name')
91 self.assertTrue('invalid password' in response.body)
90 response.mustcontain('invalid password')
92
91
93 #==========================================================================
92 #==========================================================================
94 # REGISTRATIONS
93 # REGISTRATIONS
95 #==========================================================================
94 #==========================================================================
96 def test_register(self):
95 def test_register(self):
97 response = self.app.get(url(controller='login', action='register'))
96 response = self.app.get(url(controller='login', action='register'))
98 self.assertTrue('Sign Up to RhodeCode' in response.body)
97 response.mustcontain('Sign Up to RhodeCode')
99
98
100 def test_register_err_same_username(self):
99 def test_register_err_same_username(self):
101 uname = 'test_admin'
100 uname = 'test_admin'
102 response = self.app.post(url(controller='login', action='register'),
101 response = self.app.post(url(controller='login', action='register'),
103 {'username': uname,
102 {'username': uname,
104 'password': 'test12',
103 'password': 'test12',
105 'password_confirmation': 'test12',
104 'password_confirmation': 'test12',
106 'email': 'goodmail@domain.com',
105 'email': 'goodmail@domain.com',
107 'firstname': 'test',
106 'firstname': 'test',
108 'lastname': 'test'})
107 'lastname': 'test'})
109
108
110 msg = validators.ValidUsername()._messages['username_exists']
109 msg = validators.ValidUsername()._messages['username_exists']
111 msg = h.html_escape(msg % {'username': uname})
110 msg = h.html_escape(msg % {'username': uname})
112 response.mustcontain(msg)
111 response.mustcontain(msg)
113
112
114 def test_register_err_same_email(self):
113 def test_register_err_same_email(self):
115 response = self.app.post(url(controller='login', action='register'),
114 response = self.app.post(url(controller='login', action='register'),
116 {'username': 'test_admin_0',
115 {'username': 'test_admin_0',
117 'password': 'test12',
116 'password': 'test12',
118 'password_confirmation': 'test12',
117 'password_confirmation': 'test12',
119 'email': 'test_admin@mail.com',
118 'email': 'test_admin@mail.com',
120 'firstname': 'test',
119 'firstname': 'test',
121 'lastname': 'test'})
120 'lastname': 'test'})
122
121
123 msg = validators.UniqSystemEmail()()._messages['email_taken']
122 msg = validators.UniqSystemEmail()()._messages['email_taken']
124 response.mustcontain(msg)
123 response.mustcontain(msg)
125
124
126 def test_register_err_same_email_case_sensitive(self):
125 def test_register_err_same_email_case_sensitive(self):
127 response = self.app.post(url(controller='login', action='register'),
126 response = self.app.post(url(controller='login', action='register'),
128 {'username': 'test_admin_1',
127 {'username': 'test_admin_1',
129 'password': 'test12',
128 'password': 'test12',
130 'password_confirmation': 'test12',
129 'password_confirmation': 'test12',
131 'email': 'TesT_Admin@mail.COM',
130 'email': 'TesT_Admin@mail.COM',
132 'firstname': 'test',
131 'firstname': 'test',
133 'lastname': 'test'})
132 'lastname': 'test'})
134 msg = validators.UniqSystemEmail()()._messages['email_taken']
133 msg = validators.UniqSystemEmail()()._messages['email_taken']
135 response.mustcontain(msg)
134 response.mustcontain(msg)
136
135
137 def test_register_err_wrong_data(self):
136 def test_register_err_wrong_data(self):
138 response = self.app.post(url(controller='login', action='register'),
137 response = self.app.post(url(controller='login', action='register'),
139 {'username': 'xs',
138 {'username': 'xs',
140 'password': 'test',
139 'password': 'test',
141 'password_confirmation': 'test',
140 'password_confirmation': 'test',
142 'email': 'goodmailm',
141 'email': 'goodmailm',
143 'firstname': 'test',
142 'firstname': 'test',
144 'lastname': 'test'})
143 'lastname': 'test'})
145 self.assertEqual(response.status, '200 OK')
144 self.assertEqual(response.status, '200 OK')
146 response.mustcontain('An email address must contain a single @')
145 response.mustcontain('An email address must contain a single @')
147 response.mustcontain('Enter a value 6 characters long or more')
146 response.mustcontain('Enter a value 6 characters long or more')
148
147
149 def test_register_err_username(self):
148 def test_register_err_username(self):
150 response = self.app.post(url(controller='login', action='register'),
149 response = self.app.post(url(controller='login', action='register'),
151 {'username': 'error user',
150 {'username': 'error user',
152 'password': 'test12',
151 'password': 'test12',
153 'password_confirmation': 'test12',
152 'password_confirmation': 'test12',
154 'email': 'goodmailm',
153 'email': 'goodmailm',
155 'firstname': 'test',
154 'firstname': 'test',
156 'lastname': 'test'})
155 'lastname': 'test'})
157
156
158 response.mustcontain('An email address must contain a single @')
157 response.mustcontain('An email address must contain a single @')
159 response.mustcontain('Username may only contain '
158 response.mustcontain('Username may only contain '
160 'alphanumeric characters underscores, '
159 'alphanumeric characters underscores, '
161 'periods or dashes and must begin with '
160 'periods or dashes and must begin with '
162 'alphanumeric character')
161 'alphanumeric character')
163
162
164 def test_register_err_case_sensitive(self):
163 def test_register_err_case_sensitive(self):
165 usr = 'Test_Admin'
164 usr = 'Test_Admin'
166 response = self.app.post(url(controller='login', action='register'),
165 response = self.app.post(url(controller='login', action='register'),
167 {'username': usr,
166 {'username': usr,
168 'password': 'test12',
167 'password': 'test12',
169 'password_confirmation': 'test12',
168 'password_confirmation': 'test12',
170 'email': 'goodmailm',
169 'email': 'goodmailm',
171 'firstname': 'test',
170 'firstname': 'test',
172 'lastname': 'test'})
171 'lastname': 'test'})
173
172
174 response.mustcontain('An email address must contain a single @')
173 response.mustcontain('An email address must contain a single @')
175 msg = validators.ValidUsername()._messages['username_exists']
174 msg = validators.ValidUsername()._messages['username_exists']
176 msg = h.html_escape(msg % {'username': usr})
175 msg = h.html_escape(msg % {'username': usr})
177 response.mustcontain(msg)
176 response.mustcontain(msg)
178
177
179 def test_register_special_chars(self):
178 def test_register_special_chars(self):
180 response = self.app.post(url(controller='login', action='register'),
179 response = self.app.post(url(controller='login', action='register'),
181 {'username': 'xxxaxn',
180 {'username': 'xxxaxn',
182 'password': 'Δ…Δ‡ΕΊΕΌΔ…Ε›Ε›Ε›Ε›',
181 'password': 'Δ…Δ‡ΕΊΕΌΔ…Ε›Ε›Ε›Ε›',
183 'password_confirmation': 'Δ…Δ‡ΕΊΕΌΔ…Ε›Ε›Ε›Ε›',
182 'password_confirmation': 'Δ…Δ‡ΕΊΕΌΔ…Ε›Ε›Ε›Ε›',
184 'email': 'goodmailm@test.plx',
183 'email': 'goodmailm@test.plx',
185 'firstname': 'test',
184 'firstname': 'test',
186 'lastname': 'test'})
185 'lastname': 'test'})
187
186
188 msg = validators.ValidPassword()._messages['invalid_password']
187 msg = validators.ValidPassword()._messages['invalid_password']
189 response.mustcontain(msg)
188 response.mustcontain(msg)
190
189
191 def test_register_password_mismatch(self):
190 def test_register_password_mismatch(self):
192 response = self.app.post(url(controller='login', action='register'),
191 response = self.app.post(url(controller='login', action='register'),
193 {'username': 'xs',
192 {'username': 'xs',
194 'password': '123qwe',
193 'password': '123qwe',
195 'password_confirmation': 'qwe123',
194 'password_confirmation': 'qwe123',
196 'email': 'goodmailm@test.plxa',
195 'email': 'goodmailm@test.plxa',
197 'firstname': 'test',
196 'firstname': 'test',
198 'lastname': 'test'})
197 'lastname': 'test'})
199 msg = validators.ValidPasswordsMatch()._messages['password_mismatch']
198 msg = validators.ValidPasswordsMatch()._messages['password_mismatch']
200 response.mustcontain(msg)
199 response.mustcontain(msg)
201
200
202 def test_register_ok(self):
201 def test_register_ok(self):
203 username = 'test_regular4'
202 username = 'test_regular4'
204 password = 'qweqwe'
203 password = 'qweqwe'
205 email = 'marcin@test.com'
204 email = 'marcin@test.com'
206 name = 'testname'
205 name = 'testname'
207 lastname = 'testlastname'
206 lastname = 'testlastname'
208
207
209 response = self.app.post(url(controller='login', action='register'),
208 response = self.app.post(url(controller='login', action='register'),
210 {'username': username,
209 {'username': username,
211 'password': password,
210 'password': password,
212 'password_confirmation': password,
211 'password_confirmation': password,
213 'email': email,
212 'email': email,
214 'firstname': name,
213 'firstname': name,
215 'lastname': lastname,
214 'lastname': lastname,
216 'admin': True}) # This should be overriden
215 'admin': True}) # This should be overriden
217 self.assertEqual(response.status, '302 Found')
216 self.assertEqual(response.status, '302 Found')
218 self.checkSessionFlash(response, 'You have successfully registered into RhodeCode')
217 self.checkSessionFlash(response, 'You have successfully registered into RhodeCode')
219
218
220 ret = self.Session().query(User).filter(User.username == 'test_regular4').one()
219 ret = self.Session().query(User).filter(User.username == 'test_regular4').one()
221 self.assertEqual(ret.username, username)
220 self.assertEqual(ret.username, username)
222 self.assertEqual(check_password(password, ret.password), True)
221 self.assertEqual(check_password(password, ret.password), True)
223 self.assertEqual(ret.email, email)
222 self.assertEqual(ret.email, email)
224 self.assertEqual(ret.name, name)
223 self.assertEqual(ret.name, name)
225 self.assertEqual(ret.lastname, lastname)
224 self.assertEqual(ret.lastname, lastname)
226 self.assertNotEqual(ret.api_key, None)
225 self.assertNotEqual(ret.api_key, None)
227 self.assertEqual(ret.admin, False)
226 self.assertEqual(ret.admin, False)
228
227
229 def test_forgot_password_wrong_mail(self):
228 def test_forgot_password_wrong_mail(self):
230 bad_email = 'marcin@wrongmail.org'
229 bad_email = 'marcin@wrongmail.org'
231 response = self.app.post(
230 response = self.app.post(
232 url(controller='login', action='password_reset'),
231 url(controller='login', action='password_reset'),
233 {'email': bad_email, }
232 {'email': bad_email, }
234 )
233 )
235
234
236 msg = validators.ValidSystemEmail()._messages['non_existing_email']
235 msg = validators.ValidSystemEmail()._messages['non_existing_email']
237 msg = h.html_escape(msg % {'email': bad_email})
236 msg = h.html_escape(msg % {'email': bad_email})
238 response.mustcontain()
237 response.mustcontain()
239
238
240 def test_forgot_password(self):
239 def test_forgot_password(self):
241 response = self.app.get(url(controller='login',
240 response = self.app.get(url(controller='login',
242 action='password_reset'))
241 action='password_reset'))
243 self.assertEqual(response.status, '200 OK')
242 self.assertEqual(response.status, '200 OK')
244
243
245 username = 'test_password_reset_1'
244 username = 'test_password_reset_1'
246 password = 'qweqwe'
245 password = 'qweqwe'
247 email = 'marcin@python-works.com'
246 email = 'marcin@python-works.com'
248 name = 'passwd'
247 name = 'passwd'
249 lastname = 'reset'
248 lastname = 'reset'
250
249
251 new = User()
250 new = User()
252 new.username = username
251 new.username = username
253 new.password = password
252 new.password = password
254 new.email = email
253 new.email = email
255 new.name = name
254 new.name = name
256 new.lastname = lastname
255 new.lastname = lastname
257 new.api_key = generate_api_key(username)
256 new.api_key = generate_api_key(username)
258 self.Session().add(new)
257 self.Session().add(new)
259 self.Session().commit()
258 self.Session().commit()
260
259
261 response = self.app.post(url(controller='login',
260 response = self.app.post(url(controller='login',
262 action='password_reset'),
261 action='password_reset'),
263 {'email': email, })
262 {'email': email, })
264
263
265 self.checkSessionFlash(response, 'Your password reset link was sent')
264 self.checkSessionFlash(response, 'Your password reset link was sent')
266
265
267 response = response.follow()
266 response = response.follow()
268
267
269 # BAD KEY
268 # BAD KEY
270
269
271 key = "bad"
270 key = "bad"
272 response = self.app.get(url(controller='login',
271 response = self.app.get(url(controller='login',
273 action='password_reset_confirmation',
272 action='password_reset_confirmation',
274 key=key))
273 key=key))
275 self.assertEqual(response.status, '302 Found')
274 self.assertEqual(response.status, '302 Found')
276 self.assertTrue(response.location.endswith(url('reset_password')))
275 self.assertTrue(response.location.endswith(url('reset_password')))
277
276
278 # GOOD KEY
277 # GOOD KEY
279
278
280 key = User.get_by_username(username).api_key
279 key = User.get_by_username(username).api_key
281 response = self.app.get(url(controller='login',
280 response = self.app.get(url(controller='login',
282 action='password_reset_confirmation',
281 action='password_reset_confirmation',
283 key=key))
282 key=key))
284 self.assertEqual(response.status, '302 Found')
283 self.assertEqual(response.status, '302 Found')
285 self.assertTrue(response.location.endswith(url('login_home')))
284 self.assertTrue(response.location.endswith(url('login_home')))
286
285
287 self.checkSessionFlash(response,
286 self.checkSessionFlash(response,
288 ('Your password reset was successful, '
287 ('Your password reset was successful, '
289 'new password has been sent to your email'))
288 'new password has been sent to your email'))
290
289
291 response = response.follow()
290 response = response.follow()
General Comments 0
You need to be logged in to leave comments. Login now