search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Switch from "cp --no-clobber" to "cp -n" for bsd compatibility
[larjonas-mediagoblin.git] / mediagoblin / tests / test_auth.py
blob5ce6768886de8983209664d92b993df912f965ea
1
2 # GNU MediaGoblin -- federated, autonomous media hosting
3 # Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
4 #
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License as published by
7 # the Free Software Foundation, either version 3 of the License, or
8 # (at your option) any later version.
9 #
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU Affero General Public License for more details.
14 #
15 # You should have received a copy of the GNU Affero General Public License
16 # along with this program. If not, see <http://www.gnu.org/licenses/>.
17
18 import pkg_resources
19 import pytest
20
21 import six
22
23 import six.moves.urllib.parse as urlparse
24
25 from mediagoblin import mg_globals
26 from mediagoblin.db.models import User
27 from mediagoblin.tests.tools import get_app, fixture_add_user
28 from mediagoblin.tools import template, mail
29 from mediagoblin.auth import tools as auth_tools
30
31
32 def test_register_views(test_app):
33 """
34 Massive test function that all our registration-related views all work.
35 """
36 # Test doing a simple GET on the page
37 # -----------------------------------
38
39 test_app.get('/auth/register/')
40 # Make sure it rendered with the appropriate template
41 assert 'mediagoblin/auth/register.html' in template.TEMPLATE_TEST_CONTEXT
42
43 # Try to register without providing anything, should error
44 # --------------------------------------------------------
45
46 template.clear_test_template_context()
47 test_app.post(
48 '/auth/register/', {})
49 context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/register.html']
50 form = context['register_form']
51 assert form.username.errors == [u'This field is required.']
52 assert form.password.errors == [u'This field is required.']
53 assert form.email.errors == [u'This field is required.']
54
55 # Try to register with fields that are known to be invalid
56 # --------------------------------------------------------
57
58 ## too short
59 template.clear_test_template_context()
60 test_app.post(
61 '/auth/register/', {
62 'username': 'l',
63 'password': 'o',
64 'email': 'l'})
65 context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/register.html']
66 form = context['register_form']
67
68 assert form.username.errors == [u'Field must be between 3 and 30 characters long.']
69 assert form.password.errors == [u'Field must be between 5 and 1024 characters long.']
70
71 ## bad form
72 template.clear_test_template_context()
73 test_app.post(
74 '/auth/register/', {
75 'username': '@_@',
76 'email': 'lollerskates'})
77 context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/register.html']
78 form = context['register_form']
79
80 assert form.username.errors == [u'This field does not take email addresses.']
81 assert form.email.errors == [u'This field requires an email address.']
82
83 ## At this point there should be no users in the database ;)
84 assert User.query.count() == 0
85
86 # Successful register
87 # -------------------
88 template.clear_test_template_context()
89 response = test_app.post(
90 '/auth/register/', {
91 'username': u'angrygirl',
92 'password': 'iamsoangry',
93 'email': 'angrygrrl@example.org'})
94 response.follow()
95
96 ## Did we redirect to the proper page? Use the right template?
97 assert urlparse.urlsplit(response.location)[2] == '/u/angrygirl/'
98 assert 'mediagoblin/user_pages/user_nonactive.html' in template.TEMPLATE_TEST_CONTEXT
99
100 ## Make sure user is in place
101 new_user = mg_globals.database.User.query.filter_by(
102 username=u'angrygirl').first()
103 assert new_user
104
105 ## Make sure that the proper privileges are granted on registration
106
107 assert new_user.has_privilege(u'commenter')
108 assert new_user.has_privilege(u'uploader')
109 assert new_user.has_privilege(u'reporter')
110 assert not new_user.has_privilege(u'active')
111 ## Make sure user is logged in
112 request = template.TEMPLATE_TEST_CONTEXT[
113 'mediagoblin/user_pages/user_nonactive.html']['request']
114 assert request.session['user_id'] == six.text_type(new_user.id)
115
116 ## Make sure we get email confirmation, and try verifying
117 assert len(mail.EMAIL_TEST_INBOX) == 1
118 message = mail.EMAIL_TEST_INBOX.pop()
119 assert message['To'] == 'angrygrrl@example.org'
120 email_context = template.TEMPLATE_TEST_CONTEXT[
121 'mediagoblin/auth/verification_email.txt']
122 assert email_context['verification_url'].encode('ascii') in message.get_payload(decode=True)
123
124 path = urlparse.urlsplit(email_context['verification_url'])[2]
125 get_params = urlparse.urlsplit(email_context['verification_url'])[3]
126 assert path == u'/auth/verify_email/'
127 parsed_get_params = urlparse.parse_qs(get_params)
128
129 ## Try verifying with bs verification key, shouldn't work
130 template.clear_test_template_context()
131 response = test_app.get(
132 "/auth/verify_email/?token=total_bs")
133 response.follow()
134
135 # Correct redirect?
136 assert urlparse.urlsplit(response.location)[2] == '/'
137
138 # assert context['verification_successful'] == True
139 # TODO: Would be good to test messages here when we can do so...
140 new_user = mg_globals.database.User.query.filter_by(
141 username=u'angrygirl').first()
142 assert new_user
143
144 ## Verify the email activation works
145 template.clear_test_template_context()
146 response = test_app.get("%s?%s" % (path, get_params))
147 response.follow()
148 context = template.TEMPLATE_TEST_CONTEXT[
149 'mediagoblin/user_pages/user.html']
150 # assert context['verification_successful'] == True
151 # TODO: Would be good to test messages here when we can do so...
152 new_user = mg_globals.database.User.query.filter_by(
153 username=u'angrygirl').first()
154 assert new_user
155
156 # Uniqueness checks
157 # -----------------
158 ## We shouldn't be able to register with that user twice
159 template.clear_test_template_context()
160 response = test_app.post(
161 '/auth/register/', {
162 'username': u'angrygirl',
163 'password': 'iamsoangry2',
164 'email': 'angrygrrl2@example.org'})
165
166 context = template.TEMPLATE_TEST_CONTEXT[
167 'mediagoblin/auth/register.html']
168 form = context['register_form']
169 assert form.username.errors == [
170 u'Sorry, a user with that name already exists.']
171
172 ## TODO: Also check for double instances of an email address?
173
174 ### Oops, forgot the password
175 # -------------------
176 template.clear_test_template_context()
177 response = test_app.post(
178 '/auth/forgot_password/',
179 {'username': u'angrygirl'})
180 response.follow()
181
182 ## Did we redirect to the proper page? Use the right template?
183 assert urlparse.urlsplit(response.location)[2] == '/auth/login/'
184 assert 'mediagoblin/auth/login.html' in template.TEMPLATE_TEST_CONTEXT
185
186 ## Make sure link to change password is sent by email
187 assert len(mail.EMAIL_TEST_INBOX) == 1
188 message = mail.EMAIL_TEST_INBOX.pop()
189 assert message['To'] == 'angrygrrl@example.org'
190 email_context = template.TEMPLATE_TEST_CONTEXT[
191 'mediagoblin/plugins/basic_auth/fp_verification_email.txt']
192 #TODO - change the name of verification_url to something forgot-password-ish
193 assert email_context['verification_url'].encode('ascii') in message.get_payload(decode=True)
194
195 path = urlparse.urlsplit(email_context['verification_url'])[2]
196 get_params = urlparse.urlsplit(email_context['verification_url'])[3]
197 parsed_get_params = urlparse.parse_qs(get_params)
198 assert path == u'/auth/forgot_password/verify/'
199
200 ## Try using a bs password-changing verification key, shouldn't work
201 template.clear_test_template_context()
202 response = test_app.get(
203 "/auth/forgot_password/verify/?token=total_bs")
204 response.follow()
205
206 # Correct redirect?
207 assert urlparse.urlsplit(response.location)[2] == '/'
208
209 ## Verify step 1 of password-change works -- can see form to change password
210 template.clear_test_template_context()
211 response = test_app.get("%s?%s" % (path, get_params))
212 assert 'mediagoblin/plugins/basic_auth/change_fp.html' in \
213 template.TEMPLATE_TEST_CONTEXT
214
215 ## Verify step 2.1 of password-change works -- report success to user
216 template.clear_test_template_context()
217 response = test_app.post(
218 '/auth/forgot_password/verify/', {
219 'password': 'iamveryveryangry',
220 'token': parsed_get_params['token']})
221 response.follow()
222 assert 'mediagoblin/auth/login.html' in template.TEMPLATE_TEST_CONTEXT
223
224 ## Verify step 2.2 of password-change works -- login w/ new password success
225 template.clear_test_template_context()
226 response = test_app.post(
227 '/auth/login/', {
228 'username': u'angrygirl',
229 'password': 'iamveryveryangry'})
230
231 # User should be redirected
232 response.follow()
233 assert urlparse.urlsplit(response.location)[2] == '/'
234 assert 'mediagoblin/root.html' in template.TEMPLATE_TEST_CONTEXT
235
236 def test_authentication_views(test_app):
237 """
238 Test logging in and logging out
239 """
240 # Make a new user
241 test_user = fixture_add_user()
242
243
244 # Get login
245 # ---------
246 test_app.get('/auth/login/')
247 assert 'mediagoblin/auth/login.html' in template.TEMPLATE_TEST_CONTEXT
248
249 # Failed login - blank form
250 # -------------------------
251 template.clear_test_template_context()
252 response = test_app.post('/auth/login/')
253 context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/login.html']
254 form = context['login_form']
255 assert form.username.errors == [u'This field is required.']
256
257 # Failed login - blank user
258 # -------------------------
259 template.clear_test_template_context()
260 response = test_app.post(
261 '/auth/login/', {
262 'password': u'toast'})
263 context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/login.html']
264 form = context['login_form']
265 assert form.username.errors == [u'This field is required.']
266
267 # Failed login - blank password
268 # -----------------------------
269 template.clear_test_template_context()
270 response = test_app.post(
271 '/auth/login/', {
272 'username': u'chris'})
273 assert 'mediagoblin/auth/login.html' in template.TEMPLATE_TEST_CONTEXT
274
275 # Failed login - bad user
276 # -----------------------
277 template.clear_test_template_context()
278 response = test_app.post(
279 '/auth/login/', {
280 'username': u'steve',
281 'password': 'toast'})
282 context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/login.html']
283 assert context['login_failed']
284
285 # Failed login - bad password
286 # ---------------------------
287 template.clear_test_template_context()
288 response = test_app.post(
289 '/auth/login/', {
290 'username': u'chris',
291 'password': 'jam_and_ham'})
292 context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/login.html']
293 assert context['login_failed']
294
295 # Successful login
296 # ----------------
297 template.clear_test_template_context()
298 response = test_app.post(
299 '/auth/login/', {
300 'username': u'chris',
301 'password': 'toast'})
302
303 # User should be redirected
304 response.follow()
305 assert urlparse.urlsplit(response.location)[2] == '/'
306 assert 'mediagoblin/root.html' in template.TEMPLATE_TEST_CONTEXT
307
308 # Make sure user is in the session
309 context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/root.html']
310 session = context['request'].session
311 assert session['user_id'] == six.text_type(test_user.id)
312
313 # Successful logout
314 # -----------------
315 template.clear_test_template_context()
316 response = test_app.get('/auth/logout/')
317
318 # Should be redirected to index page
319 response.follow()
320 assert urlparse.urlsplit(response.location)[2] == '/'
321 assert 'mediagoblin/root.html' in template.TEMPLATE_TEST_CONTEXT
322
323 # Make sure the user is not in the session
324 context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/root.html']
325 session = context['request'].session
326 assert 'user_id' not in session
327
328 # User is redirected to custom URL if POST['next'] is set
329 # -------------------------------------------------------
330 template.clear_test_template_context()
331 response = test_app.post(
332 '/auth/login/', {
333 'username': u'chris',
334 'password': 'toast',
335 'next' : '/u/chris/'})
336 assert urlparse.urlsplit(response.location)[2] == '/u/chris/'
337
338 ## Verify that username is lowercased on login attempt
339 template.clear_test_template_context()
340 response = test_app.post(
341 '/auth/login/', {
342 'username': u'ANDREW',
343 'password': 'fuselage'})
344 context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/login.html']
345 form = context['login_form']
346
347 # Username should no longer be uppercased; it should be lowercased
348 assert not form.username.data == u'ANDREW'
349 assert form.username.data == u'andrew'
350
351 @pytest.fixture()
352 def authentication_disabled_app(request):
353 return get_app(
354 request,
355 mgoblin_config=pkg_resources.resource_filename(
356 'mediagoblin.tests.auth_configs',
357 'authentication_disabled_appconfig.ini'))
358
359
360 def test_authentication_disabled_app(authentication_disabled_app):
361 # app.auth should = false
362 assert mg_globals
363 assert mg_globals.app.auth is False
364
365 # Try to visit register page
366 template.clear_test_template_context()
367 response = authentication_disabled_app.get('/auth/register/')
368 response.follow()
369
370 # Correct redirect?
371 assert urlparse.urlsplit(response.location)[2] == '/'
372 assert 'mediagoblin/root.html' in template.TEMPLATE_TEST_CONTEXT
373
374 # Try to vist login page
375 template.clear_test_template_context()
376 response = authentication_disabled_app.get('/auth/login/')
377 response.follow()
378
379 # Correct redirect?
380 assert urlparse.urlsplit(response.location)[2] == '/'
381 assert 'mediagoblin/root.html' in template.TEMPLATE_TEST_CONTEXT
382
383 ## Test check_login_simple should return None
384 assert auth_tools.check_login_simple('test', 'simple') is None
385
386 # Try to visit the forgot password page
387 template.clear_test_template_context()
388 response = authentication_disabled_app.get('/auth/register/')
389 response.follow()
390
391 # Correct redirect?
392 assert urlparse.urlsplit(response.location)[2] == '/'
393 assert 'mediagoblin/root.html' in template.TEMPLATE_TEST_CONTEXT
LArjona's clone of GNU MediaGoblin (https://www.mediagoblin.org/)