Remove <br/> from safe string indicating that CSRF cooking is missing.
[larjonas-mediagoblin.git] / mediagoblin / tests / test_basic_auth.py
blob3a42e40775172c69ec91bbe223363b13131f8b98
1 # GNU MediaGoblin -- federated, autonomous media hosting
2 # Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
4 # This program is free software: you can redistribute it and/or modify
5 # it under the terms of the GNU Affero General Public License as published by
6 # the Free Software Foundation, either version 3 of the License, or
7 # (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU Affero General Public License for more details.
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
17 import six.moves.urllib.parse as urlparse
19 from mediagoblin.db.models import User, LocalUser
20 from mediagoblin.plugins.basic_auth import tools as auth_tools
21 from mediagoblin.tests.tools import fixture_add_user
22 from mediagoblin.tools import template
23 from mediagoblin.tools.testing import _activate_testing
25 _activate_testing()
28 ########################
29 # Test bcrypt auth funcs
30 ########################
33 def test_bcrypt_check_password():
34 # Check known 'lollerskates' password against check function
35 assert auth_tools.bcrypt_check_password(
36 'lollerskates',
37 '$2a$12$PXU03zfrVCujBhVeICTwtOaHTUs5FFwsscvSSTJkqx/2RQ0Lhy/nO')
39 assert not auth_tools.bcrypt_check_password(
40 'notthepassword',
41 '$2a$12$PXU03zfrVCujBhVeICTwtOaHTUs5FFwsscvSSTJkqx/2RQ0Lhy/nO')
43 # Same thing, but with extra fake salt.
44 assert not auth_tools.bcrypt_check_password(
45 'notthepassword',
46 '$2a$12$ELVlnw3z1FMu6CEGs/L8XO8vl0BuWSlUHgh0rUrry9DUXGMUNWwl6',
47 '3><7R45417')
50 def test_bcrypt_gen_password_hash():
51 pw = 'youwillneverguessthis'
53 # Normal password hash generation, and check on that hash
54 hashed_pw = auth_tools.bcrypt_gen_password_hash(pw)
55 assert auth_tools.bcrypt_check_password(
56 pw, hashed_pw)
57 assert not auth_tools.bcrypt_check_password(
58 'notthepassword', hashed_pw)
60 # Same thing, extra salt.
61 hashed_pw = auth_tools.bcrypt_gen_password_hash(pw, '3><7R45417')
62 assert auth_tools.bcrypt_check_password(
63 pw, hashed_pw, '3><7R45417')
64 assert not auth_tools.bcrypt_check_password(
65 'notthepassword', hashed_pw, '3><7R45417')
68 def test_change_password(test_app):
69 """Test changing password correctly and incorrectly"""
70 test_user = fixture_add_user(
71 password=u'toast',
72 privileges=[u'active'])
74 test_app.post(
75 '/auth/login/', {
76 'username': u'chris',
77 'password': u'toast'})
79 # test that the password can be changed
80 res = test_app.post(
81 '/edit/password/', {
82 'old_password': 'toast',
83 'new_password': '123456',
85 res.follow()
87 # Did we redirect to the correct page?
88 assert urlparse.urlsplit(res.location)[2] == '/edit/account/'
90 # test_user has to be fetched again in order to have the current values
91 test_user = LocalUser.query.filter(LocalUser.username==u'chris').first()
92 assert auth_tools.bcrypt_check_password('123456', test_user.pw_hash)
94 # test that the password cannot be changed if the given
95 # old_password is wrong
96 template.clear_test_template_context()
97 test_app.post(
98 '/edit/password/', {
99 'old_password': 'toast',
100 'new_password': '098765',
103 test_user = LocalUser.query.filter(LocalUser.username==u'chris').first()
104 assert not auth_tools.bcrypt_check_password('098765', test_user.pw_hash)