From 7a98eb73d9f1b05cc34e4780707498f16f1d010b Mon Sep 17 00:00:00 2001 From: Rodney Ewing Date: Thu, 16 May 2013 19:01:45 -0700 Subject: existing test all passing now --- mediagoblin/tests/test_basic_auth.py | 166 +++++++++++++++++++++++++++++++++++ 1 file changed, 166 insertions(+) create mode 100644 mediagoblin/tests/test_basic_auth.py (limited to 'mediagoblin/tests/test_basic_auth.py') diff --git a/mediagoblin/tests/test_basic_auth.py b/mediagoblin/tests/test_basic_auth.py new file mode 100644 index 00000000..20098ab7 --- /dev/null +++ b/mediagoblin/tests/test_basic_auth.py @@ -0,0 +1,166 @@ +# GNU MediaGoblin -- federated, autonomous media hosting +# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +import urlparse +import datetime +import pkg_resources +import pytest + +from mediagoblin.plugins.basic_auth import lib as auth_lib +from mediagoblin import mg_globals +from mediagoblin.tools import template, mail +from mediagoblin.tests.tools import get_app, fixture_add_user +from mediagoblin.tools.testing import _activate_testing + +_activate_testing() + + +######################## +# Test bcrypt auth funcs +######################## + + +def test_bcrypt_check_password(): + # Check known 'lollerskates' password against check function + assert auth_lib.bcrypt_check_password( + 'lollerskates', + '$2a$12$PXU03zfrVCujBhVeICTwtOaHTUs5FFwsscvSSTJkqx/2RQ0Lhy/nO') + + assert not auth_lib.bcrypt_check_password( + 'notthepassword', + '$2a$12$PXU03zfrVCujBhVeICTwtOaHTUs5FFwsscvSSTJkqx/2RQ0Lhy/nO') + + # Same thing, but with extra fake salt. + assert not auth_lib.bcrypt_check_password( + 'notthepassword', + '$2a$12$ELVlnw3z1FMu6CEGs/L8XO8vl0BuWSlUHgh0rUrry9DUXGMUNWwl6', + '3><7R45417') + + +def test_bcrypt_gen_password_hash(): + pw = 'youwillneverguessthis' + + # Normal password hash generation, and check on that hash + hashed_pw = auth_lib.bcrypt_gen_password_hash(pw) + assert auth_lib.bcrypt_check_password( + pw, hashed_pw) + assert not auth_lib.bcrypt_check_password( + 'notthepassword', hashed_pw) + + # Same thing, extra salt. + hashed_pw = auth_lib.bcrypt_gen_password_hash(pw, '3><7R45417') + assert auth_lib.bcrypt_check_password( + pw, hashed_pw, '3><7R45417') + assert not auth_lib.bcrypt_check_password( + 'notthepassword', hashed_pw, '3><7R45417') + + +@pytest.fixture() +def context_modified_app(request): + return get_app( + request, + mgoblin_config=pkg_resources.resource_filename( + 'mediagoblin.tests', 'basic_auth_appconfig.ini')) + + +def test_fp_view(context_modified_app): + ### Oops, forgot the password + # ------------------- + ## Register a user + fixture_add_user(active_user=True) + + template.clear_test_template_context() + response = context_modified_app.post( + '/auth/forgot_password/', + {'username': u'chris'}) + response.follow() + + ## Did we redirect to the proper page? Use the right template? + assert urlparse.urlsplit(response.location)[2] == '/auth/login/' + assert 'mediagoblin/auth/login.html' in template.TEMPLATE_TEST_CONTEXT + + ## Make sure link to change password is sent by email + assert len(mail.EMAIL_TEST_INBOX) == 1 + message = mail.EMAIL_TEST_INBOX.pop() + assert message['To'] == 'chris@example.com' + email_context = template.TEMPLATE_TEST_CONTEXT[ + 'mediagoblin/auth/fp_verification_email.txt'] + #TODO - change the name of verification_url to something + # forgot-password-ish + assert email_context['verification_url'] in \ + message.get_payload(decode=True) + + path = urlparse.urlsplit(email_context['verification_url'])[2] + get_params = urlparse.urlsplit(email_context['verification_url'])[3] + assert path == u'/auth/forgot_password/verify/' + parsed_get_params = urlparse.parse_qs(get_params) + + # user should have matching parameters + new_user = mg_globals.database.User.find_one({'username': u'chris'}) + assert parsed_get_params['userid'] == [unicode(new_user.id)] + assert parsed_get_params['token'] == [new_user.fp_verification_key] + + ### The forgotten password token should be set to expire in ~ 10 days + # A few ticks have expired so there are only 9 full days left... + assert (new_user.fp_token_expire - datetime.datetime.now()).days == 9 + + ## Try using a bs password-changing verification key, shouldn't work + template.clear_test_template_context() + response = context_modified_app.get( + "/auth/forgot_password/verify/?userid=%s&token=total_bs" % unicode( + new_user.id), status=404) + assert response.status.split()[0] == u'404' # status="404 NOT FOUND" + + ## Try using an expired token to change password, shouldn't work + template.clear_test_template_context() + new_user = mg_globals.database.User.find_one({'username': u'chris'}) + real_token_expiration = new_user.fp_token_expire + new_user.fp_token_expire = datetime.datetime.now() + new_user.save() + response = context_modified_app.get("%s?%s" % (path, get_params), + status=404) + assert response.status.split()[0] == u'404' # status="404 NOT FOUND" + new_user.fp_token_expire = real_token_expiration + new_user.save() + + ## Verify step 1 of password-change works -- can see form to + ## change password + template.clear_test_template_context() + response = context_modified_app.get("%s?%s" % (path, get_params)) + assert 'mediagoblin/plugins/basic_auth/change_fp.html' \ + in template.TEMPLATE_TEST_CONTEXT + + ## Verify step 2.1 of password-change works -- report success to user + template.clear_test_template_context() + response = context_modified_app.post( + '/auth/forgot_password/verify/', { + 'userid': parsed_get_params['userid'], + 'password': 'iamveryveryhappy', + 'token': parsed_get_params['token']}) + response.follow() + assert 'mediagoblin/auth/login.html' in template.TEMPLATE_TEST_CONTEXT + + ## Verify step 2.2 of password-change works -- login w/ new password + ## success + template.clear_test_template_context() + response = context_modified_app.post( + '/auth/login/', { + 'username': u'chris', + 'password': 'iamveryveryhappy'}) + + # User should be redirected + response.follow() + assert urlparse.urlsplit(response.location)[2] == '/' + assert 'mediagoblin/root.html' in template.TEMPLATE_TEST_CONTEXT -- cgit v1.2.3 From dfd3f561af07e5108317992f6ae836858e3cd0bf Mon Sep 17 00:00:00 2001 From: Rodney Ewing Date: Fri, 17 May 2013 10:20:46 -0700 Subject: added tests for no_auth feature --- mediagoblin/tests/test_basic_auth.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'mediagoblin/tests/test_basic_auth.py') diff --git a/mediagoblin/tests/test_basic_auth.py b/mediagoblin/tests/test_basic_auth.py index 20098ab7..a985c315 100644 --- a/mediagoblin/tests/test_basic_auth.py +++ b/mediagoblin/tests/test_basic_auth.py @@ -72,15 +72,15 @@ def context_modified_app(request): return get_app( request, mgoblin_config=pkg_resources.resource_filename( - 'mediagoblin.tests', 'basic_auth_appconfig.ini')) + 'mediagoblin.tests.auth_configs', 'basic_auth_appconfig.ini')) def test_fp_view(context_modified_app): ### Oops, forgot the password - # ------------------- ## Register a user fixture_add_user(active_user=True) + # ------------------- template.clear_test_template_context() response = context_modified_app.post( '/auth/forgot_password/', -- cgit v1.2.3 From f339b76a4ee04571bd0a94d20a5d53d7f3d8d235 Mon Sep 17 00:00:00 2001 From: Rodney Ewing Date: Fri, 24 May 2013 18:09:57 -0700 Subject: moving forgot_password views back to gmg/auth and cleanup --- mediagoblin/tests/test_basic_auth.py | 107 ----------------------------------- 1 file changed, 107 deletions(-) (limited to 'mediagoblin/tests/test_basic_auth.py') diff --git a/mediagoblin/tests/test_basic_auth.py b/mediagoblin/tests/test_basic_auth.py index a985c315..1b76aa3f 100644 --- a/mediagoblin/tests/test_basic_auth.py +++ b/mediagoblin/tests/test_basic_auth.py @@ -13,15 +13,7 @@ # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . -import urlparse -import datetime -import pkg_resources -import pytest - from mediagoblin.plugins.basic_auth import lib as auth_lib -from mediagoblin import mg_globals -from mediagoblin.tools import template, mail -from mediagoblin.tests.tools import get_app, fixture_add_user from mediagoblin.tools.testing import _activate_testing _activate_testing() @@ -65,102 +57,3 @@ def test_bcrypt_gen_password_hash(): pw, hashed_pw, '3><7R45417') assert not auth_lib.bcrypt_check_password( 'notthepassword', hashed_pw, '3><7R45417') - - -@pytest.fixture() -def context_modified_app(request): - return get_app( - request, - mgoblin_config=pkg_resources.resource_filename( - 'mediagoblin.tests.auth_configs', 'basic_auth_appconfig.ini')) - - -def test_fp_view(context_modified_app): - ### Oops, forgot the password - ## Register a user - fixture_add_user(active_user=True) - - # ------------------- - template.clear_test_template_context() - response = context_modified_app.post( - '/auth/forgot_password/', - {'username': u'chris'}) - response.follow() - - ## Did we redirect to the proper page? Use the right template? - assert urlparse.urlsplit(response.location)[2] == '/auth/login/' - assert 'mediagoblin/auth/login.html' in template.TEMPLATE_TEST_CONTEXT - - ## Make sure link to change password is sent by email - assert len(mail.EMAIL_TEST_INBOX) == 1 - message = mail.EMAIL_TEST_INBOX.pop() - assert message['To'] == 'chris@example.com' - email_context = template.TEMPLATE_TEST_CONTEXT[ - 'mediagoblin/auth/fp_verification_email.txt'] - #TODO - change the name of verification_url to something - # forgot-password-ish - assert email_context['verification_url'] in \ - message.get_payload(decode=True) - - path = urlparse.urlsplit(email_context['verification_url'])[2] - get_params = urlparse.urlsplit(email_context['verification_url'])[3] - assert path == u'/auth/forgot_password/verify/' - parsed_get_params = urlparse.parse_qs(get_params) - - # user should have matching parameters - new_user = mg_globals.database.User.find_one({'username': u'chris'}) - assert parsed_get_params['userid'] == [unicode(new_user.id)] - assert parsed_get_params['token'] == [new_user.fp_verification_key] - - ### The forgotten password token should be set to expire in ~ 10 days - # A few ticks have expired so there are only 9 full days left... - assert (new_user.fp_token_expire - datetime.datetime.now()).days == 9 - - ## Try using a bs password-changing verification key, shouldn't work - template.clear_test_template_context() - response = context_modified_app.get( - "/auth/forgot_password/verify/?userid=%s&token=total_bs" % unicode( - new_user.id), status=404) - assert response.status.split()[0] == u'404' # status="404 NOT FOUND" - - ## Try using an expired token to change password, shouldn't work - template.clear_test_template_context() - new_user = mg_globals.database.User.find_one({'username': u'chris'}) - real_token_expiration = new_user.fp_token_expire - new_user.fp_token_expire = datetime.datetime.now() - new_user.save() - response = context_modified_app.get("%s?%s" % (path, get_params), - status=404) - assert response.status.split()[0] == u'404' # status="404 NOT FOUND" - new_user.fp_token_expire = real_token_expiration - new_user.save() - - ## Verify step 1 of password-change works -- can see form to - ## change password - template.clear_test_template_context() - response = context_modified_app.get("%s?%s" % (path, get_params)) - assert 'mediagoblin/plugins/basic_auth/change_fp.html' \ - in template.TEMPLATE_TEST_CONTEXT - - ## Verify step 2.1 of password-change works -- report success to user - template.clear_test_template_context() - response = context_modified_app.post( - '/auth/forgot_password/verify/', { - 'userid': parsed_get_params['userid'], - 'password': 'iamveryveryhappy', - 'token': parsed_get_params['token']}) - response.follow() - assert 'mediagoblin/auth/login.html' in template.TEMPLATE_TEST_CONTEXT - - ## Verify step 2.2 of password-change works -- login w/ new password - ## success - template.clear_test_template_context() - response = context_modified_app.post( - '/auth/login/', { - 'username': u'chris', - 'password': 'iamveryveryhappy'}) - - # User should be redirected - response.follow() - assert urlparse.urlsplit(response.location)[2] == '/' - assert 'mediagoblin/root.html' in template.TEMPLATE_TEST_CONTEXT -- cgit v1.2.3 From 3bcdc49088a9fe779b1b95fb1dc42d9ef0c4de00 Mon Sep 17 00:00:00 2001 From: Rodney Ewing Date: Mon, 27 May 2013 08:43:12 -0700 Subject: renamed lib to tools --- mediagoblin/tests/test_basic_auth.py | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'mediagoblin/tests/test_basic_auth.py') diff --git a/mediagoblin/tests/test_basic_auth.py b/mediagoblin/tests/test_basic_auth.py index 1b76aa3f..cdd80fca 100644 --- a/mediagoblin/tests/test_basic_auth.py +++ b/mediagoblin/tests/test_basic_auth.py @@ -13,7 +13,7 @@ # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . -from mediagoblin.plugins.basic_auth import lib as auth_lib +from mediagoblin.plugins.basic_auth import tools as auth_tools from mediagoblin.tools.testing import _activate_testing _activate_testing() @@ -26,16 +26,16 @@ _activate_testing() def test_bcrypt_check_password(): # Check known 'lollerskates' password against check function - assert auth_lib.bcrypt_check_password( + assert auth_tools.bcrypt_check_password( 'lollerskates', '$2a$12$PXU03zfrVCujBhVeICTwtOaHTUs5FFwsscvSSTJkqx/2RQ0Lhy/nO') - assert not auth_lib.bcrypt_check_password( + assert not auth_tools.bcrypt_check_password( 'notthepassword', '$2a$12$PXU03zfrVCujBhVeICTwtOaHTUs5FFwsscvSSTJkqx/2RQ0Lhy/nO') # Same thing, but with extra fake salt. - assert not auth_lib.bcrypt_check_password( + assert not auth_tools.bcrypt_check_password( 'notthepassword', '$2a$12$ELVlnw3z1FMu6CEGs/L8XO8vl0BuWSlUHgh0rUrry9DUXGMUNWwl6', '3><7R45417') @@ -45,15 +45,15 @@ def test_bcrypt_gen_password_hash(): pw = 'youwillneverguessthis' # Normal password hash generation, and check on that hash - hashed_pw = auth_lib.bcrypt_gen_password_hash(pw) - assert auth_lib.bcrypt_check_password( + hashed_pw = auth_tools.bcrypt_gen_password_hash(pw) + assert auth_tools.bcrypt_check_password( pw, hashed_pw) - assert not auth_lib.bcrypt_check_password( + assert not auth_tools.bcrypt_check_password( 'notthepassword', hashed_pw) # Same thing, extra salt. - hashed_pw = auth_lib.bcrypt_gen_password_hash(pw, '3><7R45417') - assert auth_lib.bcrypt_check_password( + hashed_pw = auth_tools.bcrypt_gen_password_hash(pw, '3><7R45417') + assert auth_tools.bcrypt_check_password( pw, hashed_pw, '3><7R45417') - assert not auth_lib.bcrypt_check_password( + assert not auth_tools.bcrypt_check_password( 'notthepassword', hashed_pw, '3><7R45417') -- cgit v1.2.3