Show More
@@ -1,291 +1,291 b'' | |||
|
1 | 1 | # -*- coding: utf-8 -*- |
|
2 | 2 | from rhodecode.tests import * |
|
3 | 3 | from rhodecode.model.db import User, Notification |
|
4 | 4 | from rhodecode.lib.utils2 import generate_api_key |
|
5 | 5 | from rhodecode.lib.auth import check_password |
|
6 | 6 | from rhodecode.lib import helpers as h |
|
7 | 7 | from rhodecode.model import validators |
|
8 | 8 | |
|
9 | 9 | |
|
10 | 10 | class TestLoginController(TestController): |
|
11 | 11 | |
|
12 | 12 | def tearDown(self): |
|
13 | 13 | for n in Notification.query().all(): |
|
14 | 14 | self.Session().delete(n) |
|
15 | 15 | |
|
16 | 16 | self.Session().commit() |
|
17 | 17 | self.assertEqual(Notification.query().all(), []) |
|
18 | 18 | |
|
19 | 19 | def test_index(self): |
|
20 | 20 | response = self.app.get(url(controller='login', action='index')) |
|
21 | 21 | self.assertEqual(response.status, '200 OK') |
|
22 | 22 | # Test response... |
|
23 | 23 | |
|
24 | 24 | def test_login_admin_ok(self): |
|
25 | 25 | response = self.app.post(url(controller='login', action='index'), |
|
26 | 26 | {'username': 'test_admin', |
|
27 | 27 | 'password': 'test12'}) |
|
28 | 28 | self.assertEqual(response.status, '302 Found') |
|
29 | 29 | self.assertEqual(response.session['rhodecode_user'].get('username'), |
|
30 | 30 | 'test_admin') |
|
31 | 31 | response = response.follow() |
|
32 | 32 | self.assertTrue('%s repository' % HG_REPO in response.body) |
|
33 | 33 | |
|
34 | 34 | def test_login_regular_ok(self): |
|
35 | 35 | response = self.app.post(url(controller='login', action='index'), |
|
36 | 36 | {'username': 'test_regular', |
|
37 | 37 | 'password': 'test12'}) |
|
38 | 38 | |
|
39 | 39 | self.assertEqual(response.status, '302 Found') |
|
40 | 40 | self.assertEqual(response.session['rhodecode_user'].get('username'), |
|
41 | 41 | 'test_regular') |
|
42 | 42 | response = response.follow() |
|
43 | 43 | self.assertTrue('%s repository' % HG_REPO in response.body) |
|
44 | 44 | self.assertTrue('<a title="Admin" href="/_admin">' not in response.body) |
|
45 | 45 | |
|
46 | 46 | def test_login_ok_came_from(self): |
|
47 | 47 | test_came_from = '/_admin/users' |
|
48 | 48 | response = self.app.post(url(controller='login', action='index', |
|
49 | 49 | came_from=test_came_from), |
|
50 | 50 | {'username': 'test_admin', |
|
51 | 51 | 'password': 'test12'}) |
|
52 | 52 | self.assertEqual(response.status, '302 Found') |
|
53 | 53 | response = response.follow() |
|
54 | 54 | |
|
55 | 55 | self.assertEqual(response.status, '200 OK') |
|
56 | 56 | self.assertTrue('Users administration' in response.body) |
|
57 | 57 | |
|
58 | 58 | @parameterized.expand([ |
|
59 | 59 | ('data:text/html,<script>window.alert("xss")</script>',), |
|
60 | 60 | ('mailto:test@rhodecode.org',), |
|
61 | 61 | ('file:///etc/passwd',), |
|
62 | 62 | ('ftp://some.ftp.server',), |
|
63 | 63 | ('http://other.domain',), |
|
64 | 64 | ]) |
|
65 | 65 | def test_login_bad_came_froms(self, url_came_from): |
|
66 | 66 | response = self.app.post(url(controller='login', action='index', |
|
67 | 67 | came_from=url_came_from), |
|
68 | 68 | {'username': 'test_admin', |
|
69 | 69 | 'password': 'test12'}) |
|
70 | 70 | self.assertEqual(response.status, '302 Found') |
|
71 | 71 | self.assertEqual(response._environ['paste.testing_variables'] |
|
72 | 72 | ['tmpl_context'].came_from, '/') |
|
73 | 73 | response = response.follow() |
|
74 | 74 | |
|
75 | 75 | self.assertEqual(response.status, '200 OK') |
|
76 | 76 | |
|
77 | 77 | def test_login_short_password(self): |
|
78 | 78 | response = self.app.post(url(controller='login', action='index'), |
|
79 | 79 | {'username': 'test_admin', |
|
80 | 80 | 'password': 'as'}) |
|
81 | 81 | self.assertEqual(response.status, '200 OK') |
|
82 | 82 | |
|
83 | 83 | self.assertTrue('Enter 3 characters or more' in response.body) |
|
84 | 84 | |
|
85 | 85 | def test_login_wrong_username_password(self): |
|
86 | 86 | response = self.app.post(url(controller='login', action='index'), |
|
87 | 87 | {'username': 'error', |
|
88 | 88 | 'password': 'test12'}) |
|
89 | 89 | |
|
90 | 90 | self.assertTrue('invalid user name' in response.body) |
|
91 | 91 | self.assertTrue('invalid password' in response.body) |
|
92 | 92 | |
|
93 | 93 | #========================================================================== |
|
94 | 94 | # REGISTRATIONS |
|
95 | 95 | #========================================================================== |
|
96 | 96 | def test_register(self): |
|
97 | 97 | response = self.app.get(url(controller='login', action='register')) |
|
98 | 98 | self.assertTrue('Sign Up to RhodeCode' in response.body) |
|
99 | 99 | |
|
100 | 100 | def test_register_err_same_username(self): |
|
101 | 101 | uname = 'test_admin' |
|
102 | 102 | response = self.app.post(url(controller='login', action='register'), |
|
103 | 103 | {'username': uname, |
|
104 | 104 | 'password': 'test12', |
|
105 | 105 | 'password_confirmation': 'test12', |
|
106 | 106 | 'email': 'goodmail@domain.com', |
|
107 | 107 | 'firstname': 'test', |
|
108 | 108 | 'lastname': 'test'}) |
|
109 | 109 | |
|
110 | 110 | msg = validators.ValidUsername()._messages['username_exists'] |
|
111 | 111 | msg = h.html_escape(msg % {'username': uname}) |
|
112 | 112 | response.mustcontain(msg) |
|
113 | 113 | |
|
114 | 114 | def test_register_err_same_email(self): |
|
115 | 115 | response = self.app.post(url(controller='login', action='register'), |
|
116 | 116 | {'username': 'test_admin_0', |
|
117 | 117 | 'password': 'test12', |
|
118 | 118 | 'password_confirmation': 'test12', |
|
119 | 119 | 'email': 'test_admin@mail.com', |
|
120 | 120 | 'firstname': 'test', |
|
121 | 121 | 'lastname': 'test'}) |
|
122 | 122 | |
|
123 | 123 | msg = validators.UniqSystemEmail()()._messages['email_taken'] |
|
124 | 124 | response.mustcontain(msg) |
|
125 | 125 | |
|
126 | 126 | def test_register_err_same_email_case_sensitive(self): |
|
127 | 127 | response = self.app.post(url(controller='login', action='register'), |
|
128 | 128 | {'username': 'test_admin_1', |
|
129 | 129 | 'password': 'test12', |
|
130 | 130 | 'password_confirmation': 'test12', |
|
131 | 131 | 'email': 'TesT_Admin@mail.COM', |
|
132 | 132 | 'firstname': 'test', |
|
133 | 133 | 'lastname': 'test'}) |
|
134 | 134 | msg = validators.UniqSystemEmail()()._messages['email_taken'] |
|
135 | 135 | response.mustcontain(msg) |
|
136 | 136 | |
|
137 | 137 | def test_register_err_wrong_data(self): |
|
138 | 138 | response = self.app.post(url(controller='login', action='register'), |
|
139 | 139 | {'username': 'xs', |
|
140 | 140 | 'password': 'test', |
|
141 | 141 | 'password_confirmation': 'test', |
|
142 | 142 | 'email': 'goodmailm', |
|
143 | 143 | 'firstname': 'test', |
|
144 | 144 | 'lastname': 'test'}) |
|
145 | 145 | self.assertEqual(response.status, '200 OK') |
|
146 | 146 | response.mustcontain('An email address must contain a single @') |
|
147 | 147 | response.mustcontain('Enter a value 6 characters long or more') |
|
148 | 148 | |
|
149 | 149 | def test_register_err_username(self): |
|
150 | 150 | response = self.app.post(url(controller='login', action='register'), |
|
151 | 151 | {'username': 'error user', |
|
152 | 152 | 'password': 'test12', |
|
153 | 153 | 'password_confirmation': 'test12', |
|
154 | 154 | 'email': 'goodmailm', |
|
155 | 155 | 'firstname': 'test', |
|
156 | 156 | 'lastname': 'test'}) |
|
157 | 157 | |
|
158 | 158 | response.mustcontain('An email address must contain a single @') |
|
159 | 159 | response.mustcontain('Username may only contain ' |
|
160 | 160 | 'alphanumeric characters underscores, ' |
|
161 | 161 | 'periods or dashes and must begin with ' |
|
162 | 162 | 'alphanumeric character') |
|
163 | 163 | |
|
164 | 164 | def test_register_err_case_sensitive(self): |
|
165 | 165 | usr = 'Test_Admin' |
|
166 | 166 | response = self.app.post(url(controller='login', action='register'), |
|
167 | 167 | {'username': usr, |
|
168 | 168 | 'password': 'test12', |
|
169 | 169 | 'password_confirmation': 'test12', |
|
170 | 170 | 'email': 'goodmailm', |
|
171 | 171 | 'firstname': 'test', |
|
172 | 172 | 'lastname': 'test'}) |
|
173 | 173 | |
|
174 | 174 | response.mustcontain('An email address must contain a single @') |
|
175 | 175 | msg = validators.ValidUsername()._messages['username_exists'] |
|
176 | 176 | msg = h.html_escape(msg % {'username': usr}) |
|
177 | 177 | response.mustcontain(msg) |
|
178 | 178 | |
|
179 | 179 | def test_register_special_chars(self): |
|
180 | 180 | response = self.app.post(url(controller='login', action='register'), |
|
181 | 181 | {'username': 'xxxaxn', |
|
182 | 182 | 'password': 'Δ ΔΕΊΕΌΔ ΕΕΕΕ', |
|
183 | 183 | 'password_confirmation': 'Δ ΔΕΊΕΌΔ ΕΕΕΕ', |
|
184 | 184 | 'email': 'goodmailm@test.plx', |
|
185 | 185 | 'firstname': 'test', |
|
186 | 186 | 'lastname': 'test'}) |
|
187 | 187 | |
|
188 | 188 | msg = validators.ValidPassword()._messages['invalid_password'] |
|
189 | 189 | response.mustcontain(msg) |
|
190 | 190 | |
|
191 | 191 | def test_register_password_mismatch(self): |
|
192 | 192 | response = self.app.post(url(controller='login', action='register'), |
|
193 | 193 | {'username': 'xs', |
|
194 | 194 | 'password': '123qwe', |
|
195 | 195 | 'password_confirmation': 'qwe123', |
|
196 | 196 | 'email': 'goodmailm@test.plxa', |
|
197 | 197 | 'firstname': 'test', |
|
198 | 198 | 'lastname': 'test'}) |
|
199 | 199 | msg = validators.ValidPasswordsMatch()._messages['password_mismatch'] |
|
200 | 200 | response.mustcontain(msg) |
|
201 | 201 | |
|
202 | 202 | def test_register_ok(self): |
|
203 | 203 | username = 'test_regular4' |
|
204 | 204 | password = 'qweqwe' |
|
205 | 205 | email = 'marcin@test.com' |
|
206 | 206 | name = 'testname' |
|
207 | 207 | lastname = 'testlastname' |
|
208 | 208 | |
|
209 | 209 | response = self.app.post(url(controller='login', action='register'), |
|
210 | 210 | {'username': username, |
|
211 | 211 | 'password': password, |
|
212 | 212 | 'password_confirmation': password, |
|
213 | 213 | 'email': email, |
|
214 | 214 | 'firstname': name, |
|
215 | 215 | 'lastname': lastname, |
|
216 | 216 | 'admin': True}) # This should be overriden |
|
217 | 217 | self.assertEqual(response.status, '302 Found') |
|
218 |
self.checkSessionFlash(response, 'You have successfully registered into |
|
|
218 | self.checkSessionFlash(response, 'You have successfully registered into RhodeCode') | |
|
219 | 219 | |
|
220 | 220 | ret = self.Session().query(User).filter(User.username == 'test_regular4').one() |
|
221 | 221 | self.assertEqual(ret.username, username) |
|
222 | 222 | self.assertEqual(check_password(password, ret.password), True) |
|
223 | 223 | self.assertEqual(ret.email, email) |
|
224 | 224 | self.assertEqual(ret.name, name) |
|
225 | 225 | self.assertEqual(ret.lastname, lastname) |
|
226 | 226 | self.assertNotEqual(ret.api_key, None) |
|
227 | 227 | self.assertEqual(ret.admin, False) |
|
228 | 228 | |
|
229 | 229 | def test_forgot_password_wrong_mail(self): |
|
230 | 230 | bad_email = 'marcin@wrongmail.org' |
|
231 | 231 | response = self.app.post( |
|
232 | 232 | url(controller='login', action='password_reset'), |
|
233 | 233 | {'email': bad_email, } |
|
234 | 234 | ) |
|
235 | 235 | |
|
236 | 236 | msg = validators.ValidSystemEmail()._messages['non_existing_email'] |
|
237 | 237 | msg = h.html_escape(msg % {'email': bad_email}) |
|
238 | 238 | response.mustcontain() |
|
239 | 239 | |
|
240 | 240 | def test_forgot_password(self): |
|
241 | 241 | response = self.app.get(url(controller='login', |
|
242 | 242 | action='password_reset')) |
|
243 | 243 | self.assertEqual(response.status, '200 OK') |
|
244 | 244 | |
|
245 | 245 | username = 'test_password_reset_1' |
|
246 | 246 | password = 'qweqwe' |
|
247 | 247 | email = 'marcin@python-works.com' |
|
248 | 248 | name = 'passwd' |
|
249 | 249 | lastname = 'reset' |
|
250 | 250 | |
|
251 | 251 | new = User() |
|
252 | 252 | new.username = username |
|
253 | 253 | new.password = password |
|
254 | 254 | new.email = email |
|
255 | 255 | new.name = name |
|
256 | 256 | new.lastname = lastname |
|
257 | 257 | new.api_key = generate_api_key(username) |
|
258 | 258 | self.Session().add(new) |
|
259 | 259 | self.Session().commit() |
|
260 | 260 | |
|
261 | 261 | response = self.app.post(url(controller='login', |
|
262 | 262 | action='password_reset'), |
|
263 | 263 | {'email': email, }) |
|
264 | 264 | |
|
265 | 265 | self.checkSessionFlash(response, 'Your password reset link was sent') |
|
266 | 266 | |
|
267 | 267 | response = response.follow() |
|
268 | 268 | |
|
269 | 269 | # BAD KEY |
|
270 | 270 | |
|
271 | 271 | key = "bad" |
|
272 | 272 | response = self.app.get(url(controller='login', |
|
273 | 273 | action='password_reset_confirmation', |
|
274 | 274 | key=key)) |
|
275 | 275 | self.assertEqual(response.status, '302 Found') |
|
276 | 276 | self.assertTrue(response.location.endswith(url('reset_password'))) |
|
277 | 277 | |
|
278 | 278 | # GOOD KEY |
|
279 | 279 | |
|
280 | 280 | key = User.get_by_username(username).api_key |
|
281 | 281 | response = self.app.get(url(controller='login', |
|
282 | 282 | action='password_reset_confirmation', |
|
283 | 283 | key=key)) |
|
284 | 284 | self.assertEqual(response.status, '302 Found') |
|
285 | 285 | self.assertTrue(response.location.endswith(url('login_home'))) |
|
286 | 286 | |
|
287 | 287 | self.checkSessionFlash(response, |
|
288 | 288 | ('Your password reset was successful, ' |
|
289 | 289 | 'new password has been sent to your email')) |
|
290 | 290 | |
|
291 | 291 | response = response.follow() |
General Comments 0
You need to be logged in to leave comments.
Login now