upstream/kallithea Commit - r3630:5d8cda8e

1

# -*- coding: utf-8 -*-

1

# -*- coding: utf-8 -*-

2

from rhodecode.tests import *

2

from rhodecode.tests import *

3

from rhodecode.model.db import User, Notification

3

from rhodecode.model.db import User, Notification

4

from rhodecode.lib.utils2 import generate_api_key

4

from rhodecode.lib.utils2 import generate_api_key

5

from rhodecode.lib.auth import check_password

5

from rhodecode.lib.auth import check_password

6

from rhodecode.lib import helpers as h

6

from rhodecode.lib import helpers as h

7

from rhodecode.model import validators

7

from rhodecode.model import validators

8

9

10

class TestLoginController(TestController):

10

class TestLoginController(TestController):

11

12

def tearDown(self):

12

def tearDown(self):

13

for n in Notification.query().all():

13

for n in Notification.query().all():

14

self.Session().delete(n)

14

self.Session().delete(n)

15

16

self.Session().commit()

16

self.Session().commit()

17

self.assertEqual(Notification.query().all(), [])

17

self.assertEqual(Notification.query().all(), [])

18

19

def test_index(self):

19

def test_index(self):

20

response = self.app.get(url(controller='login', action='index'))

20

response = self.app.get(url(controller='login', action='index'))

21

self.assertEqual(response.status, '200 OK')

21

self.assertEqual(response.status, '200 OK')

22

# Test response...

22

# Test response...

23

24

def test_login_admin_ok(self):

24

def test_login_admin_ok(self):

25

response = self.app.post(url(controller='login', action='index'),

25

response = self.app.post(url(controller='login', action='index'),

26

{'username': 'test_admin',

26

{'username': 'test_admin',

27

'password': 'test12'})

27

'password': 'test12'})

28

self.assertEqual(response.status, '302 Found')

28

self.assertEqual(response.status, '302 Found')

29

self.assertEqual(response.session['rhodecode_user'].get('username'),

29

self.assertEqual(response.session['rhodecode_user'].get('username'),

30

'test_admin')

30

'test_admin')

31

response = response.follow()

31

response = response.follow()

32

self.assertTrue('%s repository' % HG_REPO in response.body)

32

response.mustcontain('/%s' % HG_REPO)

33

34

def test_login_regular_ok(self):

34

def test_login_regular_ok(self):

35

response = self.app.post(url(controller='login', action='index'),

35

response = self.app.post(url(controller='login', action='index'),

36

{'username': 'test_regular',

36

{'username': 'test_regular',

37

'password': 'test12'})

37

'password': 'test12'})

38

39

self.assertEqual(response.status, '302 Found')

39

self.assertEqual(response.status, '302 Found')

40

self.assertEqual(response.session['rhodecode_user'].get('username'),

40

self.assertEqual(response.session['rhodecode_user'].get('username'),

41

'test_regular')

41

'test_regular')

42

response = response.follow()

42

response = response.follow()

43

self.assertTrue('%s repository' % HG_REPO in response.body)

43

response.mustcontain('/%s' % HG_REPO)

44

self.assertTrue('<a title="Admin" href="/_admin">' not in response.body)

45

44

46

def test_login_ok_came_from(self):

45

def test_login_ok_came_from(self):

47

test_came_from = '/_admin/users'

46

test_came_from = '/_admin/users'

48

response = self.app.post(url(controller='login', action='index',

47

response = self.app.post(url(controller='login', action='index',

49

came_from=test_came_from),

48

came_from=test_came_from),

50

{'username': 'test_admin',

49

{'username': 'test_admin',

51

'password': 'test12'})

50

'password': 'test12'})

52

self.assertEqual(response.status, '302 Found')

51

self.assertEqual(response.status, '302 Found')

53

response = response.follow()

52

response = response.follow()

54

53

55

self.assertEqual(response.status, '200 OK')

54

self.assertEqual(response.status, '200 OK')

56

self.~~assertTrue~~('Users administration' in ~~response~~.~~body~~)

55

response.mustcontain('Users administration')

57

56

58

@parameterized.expand([

57

@parameterized.expand([

59

('data:text/html,<script>window.alert("xss")</script>',),

58

('data:text/html,<script>window.alert("xss")</script>',),

60

('mailto:test@rhodecode.org',),

59

('mailto:test@rhodecode.org',),

61

('file:///etc/passwd',),

60

('file:///etc/passwd',),

62

('ftp://some.ftp.server',),

61

('ftp://some.ftp.server',),

63

('http://other.domain',),

62

('http://other.domain',),

64

])

63

])

65

def test_login_bad_came_froms(self, url_came_from):

64

def test_login_bad_came_froms(self, url_came_from):

66

response = self.app.post(url(controller='login', action='index',

65

response = self.app.post(url(controller='login', action='index',

67

came_from=url_came_from),

66

came_from=url_came_from),

68

{'username': 'test_admin',

67

{'username': 'test_admin',

69

'password': 'test12'})

68

'password': 'test12'})

70

self.assertEqual(response.status, '302 Found')

69

self.assertEqual(response.status, '302 Found')

71

self.assertEqual(response._environ['paste.testing_variables']

70

self.assertEqual(response._environ['paste.testing_variables']

72

['tmpl_context'].came_from, '/')

71

['tmpl_context'].came_from, '/')

73

response = response.follow()

72

response = response.follow()

74

73

75

self.assertEqual(response.status, '200 OK')

74

self.assertEqual(response.status, '200 OK')

76

75

77

def test_login_short_password(self):

76

def test_login_short_password(self):

78

response = self.app.post(url(controller='login', action='index'),

77

response = self.app.post(url(controller='login', action='index'),

79

{'username': 'test_admin',

78

{'username': 'test_admin',

80

'password': 'as'})

79

'password': 'as'})

81

self.assertEqual(response.status, '200 OK')

80

self.assertEqual(response.status, '200 OK')

82

81

83

self.~~assertTrue~~('Enter 3 characters or more' in ~~response~~.~~body~~)

82

response.mustcontain('Enter 3 characters or more')

84

83

85

def test_login_wrong_username_password(self):

84

def test_login_wrong_username_password(self):

86

response = self.app.post(url(controller='login', action='index'),

85

response = self.app.post(url(controller='login', action='index'),

87

{'username': 'error',

86

{'username': 'error',

88

'password': 'test12'})

87

'password': 'test12'})

89

88

90

self.~~assertTrue~~('invalid user name' in ~~response~~.~~body~~)

89

response.mustcontain('invalid user name')

91

self.assertTrue('invalid password' in response.body)

90

response.mustcontain('invalid password')

92

91

93

#==========================================================================

92

#==========================================================================

94

# REGISTRATIONS

93

# REGISTRATIONS

95

#==========================================================================

94

#==========================================================================

96

def test_register(self):

95

def test_register(self):

97

response = self.app.get(url(controller='login', action='register'))

96

response = self.app.get(url(controller='login', action='register'))

98

self.~~assertTrue~~('Sign Up to RhodeCode' in ~~response~~.~~body~~)

97

response.mustcontain('Sign Up to RhodeCode')

99

98

100

def test_register_err_same_username(self):

99

def test_register_err_same_username(self):

101

uname = 'test_admin'

100

uname = 'test_admin'

102

response = self.app.post(url(controller='login', action='register'),

101

response = self.app.post(url(controller='login', action='register'),

103

{'username': uname,

102

{'username': uname,

104

'password': 'test12',

103

'password': 'test12',

105

'password_confirmation': 'test12',

104

'password_confirmation': 'test12',

106

'email': 'goodmail@domain.com',

105

'email': 'goodmail@domain.com',

107

'firstname': 'test',

106

'firstname': 'test',

108

'lastname': 'test'})

107

'lastname': 'test'})

109

108

110

msg = validators.ValidUsername()._messages['username_exists']

109

msg = validators.ValidUsername()._messages['username_exists']

111

msg = h.html_escape(msg % {'username': uname})

110

msg = h.html_escape(msg % {'username': uname})

112

response.mustcontain(msg)

111

response.mustcontain(msg)

113

112

114

def test_register_err_same_email(self):

113

def test_register_err_same_email(self):

115

response = self.app.post(url(controller='login', action='register'),

114

response = self.app.post(url(controller='login', action='register'),

116

{'username': 'test_admin_0',

115

{'username': 'test_admin_0',

117

'password': 'test12',

116

'password': 'test12',

118

'password_confirmation': 'test12',

117

'password_confirmation': 'test12',

119

'email': 'test_admin@mail.com',

118

'email': 'test_admin@mail.com',

120

'firstname': 'test',

119

'firstname': 'test',

121

'lastname': 'test'})

120

'lastname': 'test'})

122

121

123

msg = validators.UniqSystemEmail()()._messages['email_taken']

122

msg = validators.UniqSystemEmail()()._messages['email_taken']

124

response.mustcontain(msg)

123

response.mustcontain(msg)

125

124

126

def test_register_err_same_email_case_sensitive(self):

125

def test_register_err_same_email_case_sensitive(self):

127

response = self.app.post(url(controller='login', action='register'),

126

response = self.app.post(url(controller='login', action='register'),

128

{'username': 'test_admin_1',

127

{'username': 'test_admin_1',

129

'password': 'test12',

128

'password': 'test12',

130

'password_confirmation': 'test12',

129

'password_confirmation': 'test12',

131

'email': 'TesT_Admin@mail.COM',

130

'email': 'TesT_Admin@mail.COM',

132

'firstname': 'test',

131

'firstname': 'test',

133

'lastname': 'test'})

132

'lastname': 'test'})

134

msg = validators.UniqSystemEmail()()._messages['email_taken']

133

msg = validators.UniqSystemEmail()()._messages['email_taken']

135

response.mustcontain(msg)

134

response.mustcontain(msg)

136

135

137

def test_register_err_wrong_data(self):

136

def test_register_err_wrong_data(self):

138

response = self.app.post(url(controller='login', action='register'),

137

response = self.app.post(url(controller='login', action='register'),

139

{'username': 'xs',

138

{'username': 'xs',

140

'password': 'test',

139

'password': 'test',

141

'password_confirmation': 'test',

140

'password_confirmation': 'test',

142

'email': 'goodmailm',

141

'email': 'goodmailm',

143

'firstname': 'test',

142

'firstname': 'test',

144

'lastname': 'test'})

143

'lastname': 'test'})

145

self.assertEqual(response.status, '200 OK')

144

self.assertEqual(response.status, '200 OK')

146

response.mustcontain('An email address must contain a single @')

145

response.mustcontain('An email address must contain a single @')

147

response.mustcontain('Enter a value 6 characters long or more')

146

response.mustcontain('Enter a value 6 characters long or more')

148

147

149

def test_register_err_username(self):

148

def test_register_err_username(self):

150

response = self.app.post(url(controller='login', action='register'),

149

response = self.app.post(url(controller='login', action='register'),

151

{'username': 'error user',

150

{'username': 'error user',

152

'password': 'test12',

151

'password': 'test12',

153

'password_confirmation': 'test12',

152

'password_confirmation': 'test12',

154

'email': 'goodmailm',

153

'email': 'goodmailm',

155

'firstname': 'test',

154

'firstname': 'test',

156

'lastname': 'test'})

155

'lastname': 'test'})

157

156

158

response.mustcontain('An email address must contain a single @')

157

response.mustcontain('An email address must contain a single @')

159

response.mustcontain('Username may only contain '

158

response.mustcontain('Username may only contain '

160

'alphanumeric characters underscores, '

159

'alphanumeric characters underscores, '

161

'periods or dashes and must begin with '

160

'periods or dashes and must begin with '

162

'alphanumeric character')

161

'alphanumeric character')

163

162

164

def test_register_err_case_sensitive(self):

163

def test_register_err_case_sensitive(self):

165

usr = 'Test_Admin'

164

usr = 'Test_Admin'

166

response = self.app.post(url(controller='login', action='register'),

165

response = self.app.post(url(controller='login', action='register'),

167

{'username': usr,

166

{'username': usr,

168

'password': 'test12',

167

'password': 'test12',

169

'password_confirmation': 'test12',

168

'password_confirmation': 'test12',

170

'email': 'goodmailm',

169

'email': 'goodmailm',

171

'firstname': 'test',

170

'firstname': 'test',

172

'lastname': 'test'})

171

'lastname': 'test'})

173

172

174

response.mustcontain('An email address must contain a single @')

173

response.mustcontain('An email address must contain a single @')

175

msg = validators.ValidUsername()._messages['username_exists']

174

msg = validators.ValidUsername()._messages['username_exists']

176

msg = h.html_escape(msg % {'username': usr})

175

msg = h.html_escape(msg % {'username': usr})

177

response.mustcontain(msg)

176

response.mustcontain(msg)

178

177

179

def test_register_special_chars(self):

178

def test_register_special_chars(self):

180

response = self.app.post(url(controller='login', action='register'),

179

response = self.app.post(url(controller='login', action='register'),

181

{'username': 'xxxaxn',

180

{'username': 'xxxaxn',

182

'password': 'ąćźżąśśśś',

181

'password': 'ąćźżąśśśś',

183

'password_confirmation': 'ąćźżąśśśś',

182

'password_confirmation': 'ąćźżąśśśś',

184

'email': 'goodmailm@test.plx',

183

'email': 'goodmailm@test.plx',

185

'firstname': 'test',

184

'firstname': 'test',

186

'lastname': 'test'})

185

'lastname': 'test'})

187

186

188

msg = validators.ValidPassword()._messages['invalid_password']

187

msg = validators.ValidPassword()._messages['invalid_password']

189

response.mustcontain(msg)

188

response.mustcontain(msg)

190

189

191

def test_register_password_mismatch(self):

190

def test_register_password_mismatch(self):

192

response = self.app.post(url(controller='login', action='register'),

191

response = self.app.post(url(controller='login', action='register'),

193

{'username': 'xs',

192

{'username': 'xs',

194

'password': '123qwe',

193

'password': '123qwe',

195

'password_confirmation': 'qwe123',

194

'password_confirmation': 'qwe123',

196

'email': 'goodmailm@test.plxa',

195

'email': 'goodmailm@test.plxa',

197

'firstname': 'test',

196

'firstname': 'test',

198

'lastname': 'test'})

197

'lastname': 'test'})

199

msg = validators.ValidPasswordsMatch()._messages['password_mismatch']

198

msg = validators.ValidPasswordsMatch()._messages['password_mismatch']

200

response.mustcontain(msg)

199

response.mustcontain(msg)

201

200

202

def test_register_ok(self):

201

def test_register_ok(self):

203

username = 'test_regular4'

202

username = 'test_regular4'

204

password = 'qweqwe'

203

password = 'qweqwe'

205

email = 'marcin@test.com'

204

email = 'marcin@test.com'

206

name = 'testname'

205

name = 'testname'

207

lastname = 'testlastname'

206

lastname = 'testlastname'

208

207

209

response = self.app.post(url(controller='login', action='register'),

208

response = self.app.post(url(controller='login', action='register'),

210

{'username': username,

209

{'username': username,

211

'password': password,

210

'password': password,

212

'password_confirmation': password,

211

'password_confirmation': password,

213

'email': email,

212

'email': email,

214

'firstname': name,

213

'firstname': name,

215

'lastname': lastname,

214

'lastname': lastname,

216

'admin': True}) # This should be overriden

215

'admin': True}) # This should be overriden

217

self.assertEqual(response.status, '302 Found')

216

self.assertEqual(response.status, '302 Found')

218

self.checkSessionFlash(response, 'You have successfully registered into RhodeCode')

217

self.checkSessionFlash(response, 'You have successfully registered into RhodeCode')

219

218

220

ret = self.Session().query(User).filter(User.username == 'test_regular4').one()

219

ret = self.Session().query(User).filter(User.username == 'test_regular4').one()

221

self.assertEqual(ret.username, username)

220

self.assertEqual(ret.username, username)

222

self.assertEqual(check_password(password, ret.password), True)

221

self.assertEqual(check_password(password, ret.password), True)

223

self.assertEqual(ret.email, email)

222

self.assertEqual(ret.email, email)

224

self.assertEqual(ret.name, name)

223

self.assertEqual(ret.name, name)

225

self.assertEqual(ret.lastname, lastname)

224

self.assertEqual(ret.lastname, lastname)

226

self.assertNotEqual(ret.api_key, None)

225

self.assertNotEqual(ret.api_key, None)

227

self.assertEqual(ret.admin, False)

226

self.assertEqual(ret.admin, False)

228

227

229

def test_forgot_password_wrong_mail(self):

228

def test_forgot_password_wrong_mail(self):

230

bad_email = 'marcin@wrongmail.org'

229

bad_email = 'marcin@wrongmail.org'

231

response = self.app.post(

230

response = self.app.post(

232

url(controller='login', action='password_reset'),

231

url(controller='login', action='password_reset'),

233

{'email': bad_email, }

232

{'email': bad_email, }

234

)

233

)

235

234

236

msg = validators.ValidSystemEmail()._messages['non_existing_email']

235

msg = validators.ValidSystemEmail()._messages['non_existing_email']

237

msg = h.html_escape(msg % {'email': bad_email})

236

msg = h.html_escape(msg % {'email': bad_email})

238

response.mustcontain()

237

response.mustcontain()

239

238

240

def test_forgot_password(self):

239

def test_forgot_password(self):

241

response = self.app.get(url(controller='login',

240

response = self.app.get(url(controller='login',

242

action='password_reset'))

241

action='password_reset'))

243

self.assertEqual(response.status, '200 OK')

242

self.assertEqual(response.status, '200 OK')

244

243

245

username = 'test_password_reset_1'

244

username = 'test_password_reset_1'

246

password = 'qweqwe'

245

password = 'qweqwe'

247

email = 'marcin@python-works.com'

246

email = 'marcin@python-works.com'

248

name = 'passwd'

247

name = 'passwd'

249

lastname = 'reset'

248

lastname = 'reset'

250

249

251

new = User()

250

new = User()

252

new.username = username

251

new.username = username

253

new.password = password

252

new.password = password

254

new.email = email

253

new.email = email

255

new.name = name

254

new.name = name

256

new.lastname = lastname

255

new.lastname = lastname

257

new.api_key = generate_api_key(username)

256

new.api_key = generate_api_key(username)

258

self.Session().add(new)

257

self.Session().add(new)

259

self.Session().commit()

258

self.Session().commit()

260

259

261

response = self.app.post(url(controller='login',

260

response = self.app.post(url(controller='login',

262

action='password_reset'),

261

action='password_reset'),

263

{'email': email, })

262

{'email': email, })

264

263

265

self.checkSessionFlash(response, 'Your password reset link was sent')

264

self.checkSessionFlash(response, 'Your password reset link was sent')

266

265

267

response = response.follow()

266

response = response.follow()

268

267

269

# BAD KEY

268

# BAD KEY

270

269

271

key = "bad"

270

key = "bad"

272

response = self.app.get(url(controller='login',

271

response = self.app.get(url(controller='login',

273

action='password_reset_confirmation',

272

action='password_reset_confirmation',

274

key=key))

273

key=key))

275

self.assertEqual(response.status, '302 Found')

274

self.assertEqual(response.status, '302 Found')

276

self.assertTrue(response.location.endswith(url('reset_password')))

275

self.assertTrue(response.location.endswith(url('reset_password')))

277

276

278

# GOOD KEY

277

# GOOD KEY

279

278

280

key = User.get_by_username(username).api_key

279

key = User.get_by_username(username).api_key

281

response = self.app.get(url(controller='login',

280

response = self.app.get(url(controller='login',

282

action='password_reset_confirmation',

281

action='password_reset_confirmation',

283

key=key))

282

key=key))

284

self.assertEqual(response.status, '302 Found')

283

self.assertEqual(response.status, '302 Found')

285

self.assertTrue(response.location.endswith(url('login_home')))

284

self.assertTrue(response.location.endswith(url('login_home')))

286

285

287

self.checkSessionFlash(response,

286

self.checkSessionFlash(response,

288

('Your password reset was successful, '

287

('Your password reset was successful, '

289

'new password has been sent to your email'))

288

'new password has been sent to your email'))

290

289

291

response = response.follow()

290

response = response.follow()

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

             # -*- coding: utf-8 -*-
             from rhodecode.tests import *
             from rhodecode.model.db import User, Notification
             from rhodecode.lib.utils2 import generate_api_key
             from rhodecode.lib.auth import check_password
             from rhodecode.lib import helpers as h
             from rhodecode.model import validators
             class TestLoginController(TestController):
                 def tearDown(self):
                     for n in Notification.query().all():
                         self.Session().delete(n)
                     self.Session().commit()
                     self.assertEqual(Notification.query().all(), [])
                 def test_index(self):
                     response = self.app.get(url(controller='login', action='index'))
                     self.assertEqual(response.status, '200 OK')
                     # Test response...
                 def test_login_admin_ok(self):
                     response = self.app.post(url(controller='login', action='index'),
                                              {'username': 'test_admin',
                                               'password': 'test12'})
                     self.assertEqual(response.status, '302 Found')
                     self.assertEqual(response.session['rhodecode_user'].get('username'),
                                      'test_admin')
                     response = response.follow()
-                    self.assertTrue('%s repository' % HG_REPO in response.body)
+                    response.mustcontain('/%s' % HG_REPO)
                 def test_login_regular_ok(self):
                     response = self.app.post(url(controller='login', action='index'),
                                              {'username': 'test_regular',
                                               'password': 'test12'})
                     self.assertEqual(response.status, '302 Found')
                     self.assertEqual(response.session['rhodecode_user'].get('username'),
                                      'test_regular')
                     response = response.follow()
-                    self.assertTrue('%s repository' % HG_REPO in response.body)
+                    response.mustcontain('/%s' % HG_REPO)
-                    self.assertTrue('<a title="Admin" href="/_admin">' not in response.body)
                 def test_login_ok_came_from(self):
                     test_came_from = '/_admin/users'
                     response = self.app.post(url(controller='login', action='index',
                                                  came_from=test_came_from),
                                              {'username': 'test_admin',
                                               'password': 'test12'})
                     self.assertEqual(response.status, '302 Found')
                     response = response.follow()
                     self.assertEqual(response.status, '200 OK')
-                    self.assertTrue('Users administration' in response.body)
+                    response.mustcontain('Users administration')
                 @parameterized.expand([
                       ('data:text/html,<script>window.alert("xss")</script>',),
                       ('mailto:test@rhodecode.org',),
                       ('file:///etc/passwd',),
                       ('ftp://some.ftp.server',),
                       ('http://other.domain',),
                 ])
                 def test_login_bad_came_froms(self, url_came_from):
                     response = self.app.post(url(controller='login', action='index',
                                                  came_from=url_came_from),
                                              {'username': 'test_admin',
                                               'password': 'test12'})
                     self.assertEqual(response.status, '302 Found')
                     self.assertEqual(response._environ['paste.testing_variables']
                                      ['tmpl_context'].came_from, '/')
                     response = response.follow()
                     self.assertEqual(response.status, '200 OK')
                 def test_login_short_password(self):
                     response = self.app.post(url(controller='login', action='index'),
                                              {'username': 'test_admin',
                                               'password': 'as'})
                     self.assertEqual(response.status, '200 OK')
-                    self.assertTrue('Enter 3 characters or more' in response.body)
+                    response.mustcontain('Enter 3 characters or more')
                 def test_login_wrong_username_password(self):
                     response = self.app.post(url(controller='login', action='index'),
                                              {'username': 'error',
                                               'password': 'test12'})
-                    self.assertTrue('invalid user name' in response.body)
+                    response.mustcontain('invalid user name')
-                    self.assertTrue('invalid password' in response.body)
+                    response.mustcontain('invalid password')
                 #==========================================================================
                 # REGISTRATIONS
                 #==========================================================================
                 def test_register(self):
                     response = self.app.get(url(controller='login', action='register'))
-                    self.assertTrue('Sign Up to RhodeCode' in response.body)
+                    response.mustcontain('Sign Up to RhodeCode')
                 def test_register_err_same_username(self):
                     uname = 'test_admin'
                     response = self.app.post(url(controller='login', action='register'),
                                                         {'username': uname,
                                                          'password': 'test12',
                                                          'password_confirmation': 'test12',
                                                          'email': 'goodmail@domain.com',
                                                          'firstname': 'test',
                                                          'lastname': 'test'})
                     msg = validators.ValidUsername()._messages['username_exists']
                     msg = h.html_escape(msg % {'username': uname})
                     response.mustcontain(msg)
                 def test_register_err_same_email(self):
                     response = self.app.post(url(controller='login', action='register'),
                                                         {'username': 'test_admin_0',
                                                          'password': 'test12',
                                                          'password_confirmation': 'test12',
                                                          'email': 'test_admin@mail.com',
                                                          'firstname': 'test',
                                                          'lastname': 'test'})
                     msg = validators.UniqSystemEmail()()._messages['email_taken']
                     response.mustcontain(msg)
                 def test_register_err_same_email_case_sensitive(self):
                     response = self.app.post(url(controller='login', action='register'),
                                                         {'username': 'test_admin_1',
                                                          'password': 'test12',
                                                          'password_confirmation': 'test12',
                                                          'email': 'TesT_Admin@mail.COM',
                                                          'firstname': 'test',
                                                          'lastname': 'test'})
                     msg = validators.UniqSystemEmail()()._messages['email_taken']
                     response.mustcontain(msg)
                 def test_register_err_wrong_data(self):
                     response = self.app.post(url(controller='login', action='register'),
                                                         {'username': 'xs',
                                                          'password': 'test',
                                                          'password_confirmation': 'test',
                                                          'email': 'goodmailm',
                                                          'firstname': 'test',
                                                          'lastname': 'test'})
                     self.assertEqual(response.status, '200 OK')
                     response.mustcontain('An email address must contain a single @')
                     response.mustcontain('Enter a value 6 characters long or more')
                 def test_register_err_username(self):
                     response = self.app.post(url(controller='login', action='register'),
                                                         {'username': 'error user',
                                                          'password': 'test12',
                                                          'password_confirmation': 'test12',
                                                          'email': 'goodmailm',
                                                          'firstname': 'test',
                                                          'lastname': 'test'})
                     response.mustcontain('An email address must contain a single @')
                     response.mustcontain('Username may only contain '
                             'alphanumeric characters underscores, '
                             'periods or dashes and must begin with '
                             'alphanumeric character')
                 def test_register_err_case_sensitive(self):
                     usr = 'Test_Admin'
                     response = self.app.post(url(controller='login', action='register'),
                                                         {'username': usr,
                                                          'password': 'test12',
                                                          'password_confirmation': 'test12',
                                                          'email': 'goodmailm',
                                                          'firstname': 'test',
                                                          'lastname': 'test'})
                     response.mustcontain('An email address must contain a single @')
                     msg = validators.ValidUsername()._messages['username_exists']
                     msg = h.html_escape(msg % {'username': usr})
                     response.mustcontain(msg)
                 def test_register_special_chars(self):
                     response = self.app.post(url(controller='login', action='register'),
                                                     {'username': 'xxxaxn',
                                                      'password': 'ąćźżąśśśś',
                                                      'password_confirmation': 'ąćźżąśśśś',
                                                      'email': 'goodmailm@test.plx',
                                                      'firstname': 'test',
                                                      'lastname': 'test'})
                     msg = validators.ValidPassword()._messages['invalid_password']
                     response.mustcontain(msg)
                 def test_register_password_mismatch(self):
                     response = self.app.post(url(controller='login', action='register'),
                                                         {'username': 'xs',
                                                          'password': '123qwe',
                                                          'password_confirmation': 'qwe123',
                                                          'email': 'goodmailm@test.plxa',
                                                          'firstname': 'test',
                                                          'lastname': 'test'})
                     msg = validators.ValidPasswordsMatch()._messages['password_mismatch']
                     response.mustcontain(msg)
                 def test_register_ok(self):
                     username = 'test_regular4'
                     password = 'qweqwe'
                     email = 'marcin@test.com'
                     name = 'testname'
                     lastname = 'testlastname'
                     response = self.app.post(url(controller='login', action='register'),
                                                         {'username': username,
                                                          'password': password,
                                                          'password_confirmation': password,
                                                          'email': email,
                                                          'firstname': name,
                                                          'lastname': lastname,
                                                          'admin': True})  # This should be overriden
                     self.assertEqual(response.status, '302 Found')
                     self.checkSessionFlash(response, 'You have successfully registered into RhodeCode')
                     ret = self.Session().query(User).filter(User.username == 'test_regular4').one()
                     self.assertEqual(ret.username, username)
                     self.assertEqual(check_password(password, ret.password), True)
                     self.assertEqual(ret.email, email)
                     self.assertEqual(ret.name, name)
                     self.assertEqual(ret.lastname, lastname)
                     self.assertNotEqual(ret.api_key, None)
                     self.assertEqual(ret.admin, False)
                 def test_forgot_password_wrong_mail(self):
                     bad_email = 'marcin@wrongmail.org'
                     response = self.app.post(
                                     url(controller='login', action='password_reset'),
                                         {'email': bad_email, }
                     )
                     msg = validators.ValidSystemEmail()._messages['non_existing_email']
                     msg = h.html_escape(msg % {'email': bad_email})
                     response.mustcontain()
                 def test_forgot_password(self):
                     response = self.app.get(url(controller='login',
                                                 action='password_reset'))
                     self.assertEqual(response.status, '200 OK')
                     username = 'test_password_reset_1'
                     password = 'qweqwe'
                     email = 'marcin@python-works.com'
                     name = 'passwd'
                     lastname = 'reset'
                     new = User()
                     new.username = username
                     new.password = password
                     new.email = email
                     new.name = name
                     new.lastname = lastname
                     new.api_key = generate_api_key(username)
                     self.Session().add(new)
                     self.Session().commit()
                     response = self.app.post(url(controller='login',
                                                  action='password_reset'),
                                              {'email': email, })
                     self.checkSessionFlash(response, 'Your password reset link was sent')
                     response = response.follow()
                     # BAD KEY
                     key = "bad"
                     response = self.app.get(url(controller='login',
                                                 action='password_reset_confirmation',
                                                 key=key))
                     self.assertEqual(response.status, '302 Found')
                     self.assertTrue(response.location.endswith(url('reset_password')))
                     # GOOD KEY
                     key = User.get_by_username(username).api_key
                     response = self.app.get(url(controller='login',
                                                 action='password_reset_confirmation',
                                                 key=key))
                     self.assertEqual(response.status, '302 Found')
                     self.assertTrue(response.location.endswith(url('login_home')))
                     self.checkSessionFlash(response,
                                            ('Your password reset was successful, '
                                             'new password has been sent to your email'))
                     response = response.follow()