Blame tests/test_pagure_flask_ui_login.py

Pierre-Yves Chibon 0b1c13
# -*- coding: utf-8 -*-
Pierre-Yves Chibon 0b1c13
Pierre-Yves Chibon 0b1c13
"""
Pierre-Yves Chibon 0b1c13
 (c) 2016 - Copyright Red Hat Inc
Pierre-Yves Chibon 0b1c13
Pierre-Yves Chibon 0b1c13
 Authors:
Pierre-Yves Chibon 0b1c13
   Pierre-Yves Chibon <pingou@pingoured.fr></pingou@pingoured.fr>
farhaanbukhsh 96d198
   Farhaan Bukhsh <farhaan.bukhsh@gmail.com></farhaan.bukhsh@gmail.com>
Pierre-Yves Chibon 0b1c13
Pierre-Yves Chibon 0b1c13
"""
Pierre-Yves Chibon 0b1c13
Pierre-Yves Chibon 67d1cc
from __future__ import unicode_literals, absolute_import
Aurélien Bompard 626417
Pierre-Yves Chibon 0b1c13
import datetime
Pierre-Yves Chibon eac364
import hashlib
Pierre-Yves Chibon 0b1c13
import json
Pierre-Yves Chibon 0b1c13
import unittest
Pierre-Yves Chibon 0b1c13
import shutil
Pierre-Yves Chibon 0b1c13
import sys
Pierre-Yves Chibon 0b1c13
import tempfile
Pierre-Yves Chibon 0b1c13
import os
Pierre-Yves Chibon 0b1c13
Pierre-Yves Chibon 450dd6
import flask
Pierre-Yves Chibon 0b1c13
import pygit2
Aurélien Bompard 626417
import six
Pierre-Yves Chibon 33ff8d
from mock import patch, MagicMock
Pierre-Yves Chibon 0b1c13
Pierre-Yves Chibon 73d120
sys.path.insert(
Pierre-Yves Chibon 73d120
    0, os.path.join(os.path.dirname(os.path.abspath(__file__)), "..")
Pierre-Yves Chibon 73d120
)
Pierre-Yves Chibon 0b1c13
Pierre-Yves Chibon 930073
import pagure.lib.query
Pierre-Yves Chibon 0b1c13
import tests
Pierre-Yves Chibon 0b1c13
from pagure.lib.repo import PagureRepo
Pierre-Yves Chibon 0b1c13
Pierre-Yves Chibon b94671
import pagure.ui.login
Pierre-Yves Chibon b94671
Pierre-Yves Chibon 0b1c13
Clement Verna 109c4b
class PagureFlaskLogintests(tests.SimplePagureTest):
Pierre-Yves Chibon 0b1c13
    """ Tests for flask app controller of pagure """
Pierre-Yves Chibon 0b1c13
Pierre-Yves Chibon bcc20e
    def setUp(self):
Pierre-Yves Chibon bcc20e
        """ Create the application with PAGURE_AUTH being local. """
Pierre-Yves Chibon bcc20e
        super(PagureFlaskLogintests, self).setUp()
Pierre-Yves Chibon bcc20e
Pierre-Yves Chibon 73d120
        app = pagure.flask_app.create_app(
Pierre-Yves Chibon 73d120
            {"DB_URL": self.dbpath, "PAGURE_AUTH": "local"}
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon bcc20e
        # Remove the log handlers for the tests
Pierre-Yves Chibon bcc20e
        app.logger.handlers = []
Pierre-Yves Chibon bcc20e
Pierre-Yves Chibon bcc20e
        self.app = app.test_client()
Pierre-Yves Chibon bcc20e
Pierre-Yves Chibon 73d120
    @patch.dict("pagure.config.config", {"PAGURE_AUTH": "local"})
Pierre-Yves Chibon bcc20e
    def test_front_page(self):
Pierre-Yves Chibon bcc20e
        """ Test the front page. """
Pierre-Yves Chibon bcc20e
        # First access the front page
Pierre-Yves Chibon 73d120
        output = self.app.get("/")
Pierre-Yves Chibon bcc20e
        self.assertEqual(output.status_code, 200)
Pierre-Yves Chibon 73d120
        self.assertIn(
Pierre-Yves Chibon 73d120
            "<title>Home - Pagure</title>", output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon bcc20e
Pierre-Yves Chibon 73d120
    @patch.dict("pagure.config.config", {"PAGURE_AUTH": "local"})
Pierre-Yves Chibon 73d120
    @patch("pagure.lib.notify.send_email", MagicMock(return_value=True))
Pierre-Yves Chibon b94671
    def test_new_user(self):
Pierre-Yves Chibon b94671
        """ Test the new_user endpoint. """
Pierre-Yves Chibon b94671
Pierre-Yves Chibon b94671
        # Check before:
Pierre-Yves Chibon 930073
        items = pagure.lib.query.search_user(self.session)
Pierre-Yves Chibon b94671
        self.assertEqual(2, len(items))
Pierre-Yves Chibon b94671
Pierre-Yves Chibon b94671
        # First access the new user page
Pierre-Yves Chibon 73d120
        output = self.app.get("/user/new")
Pierre-Yves Chibon b94671
        self.assertEqual(output.status_code, 200)
Pierre-Yves Chibon b94671
        self.assertIn(
Pierre-Yves Chibon 73d120
            "<title>New user - Pagure</title>", output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon 73d120
        self.assertIn(
Pierre-Yves Chibon 73d120
            '<form action="/user/new" method="post">',</form>
Pierre-Yves Chibon 73d120
            output.get_data(as_text=True),
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon b94671
Pierre-Yves Chibon b94671
        # Create the form to send there
Pierre-Yves Chibon b94671
Pierre-Yves Chibon b94671
        # This has all the data needed
Pierre-Yves Chibon b94671
        data = {
Pierre-Yves Chibon 73d120
            "user": "foo",
Pierre-Yves Chibon 73d120
            "fullname": "user foo",
Pierre-Yves Chibon 73d120
            "email_address": "foo@bar.com",
Pierre-Yves Chibon 73d120
            "password": "barpass",
Pierre-Yves Chibon 73d120
            "confirm_password": "barpass",
Pierre-Yves Chibon b94671
        }
Pierre-Yves Chibon b94671
Pierre-Yves Chibon b94671
        # Submit this form  -  Doesn't work since there is no csrf token
Pierre-Yves Chibon 73d120
        output = self.app.post("/user/new", data=data)
Pierre-Yves Chibon b94671
        self.assertEqual(output.status_code, 200)
Pierre-Yves Chibon b94671
        self.assertIn(
Pierre-Yves Chibon 73d120
            "<title>New user - Pagure</title>", output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon 73d120
        self.assertIn(
Pierre-Yves Chibon 73d120
            '<form action="/user/new" method="post">',</form>
Pierre-Yves Chibon 73d120
            output.get_data(as_text=True),
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon b94671
Pierre-Yves Chibon 73d120
        csrf_token = (
Pierre-Yves Chibon 73d120
            output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
            .split('name="csrf_token" type="hidden" value="')[1]
Pierre-Yves Chibon 73d120
            .split('">')[0]
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon b94671
Pierre-Yves Chibon b94671
        # Submit the form with the csrf token
Pierre-Yves Chibon 73d120
        data["csrf_token"] = csrf_token
Pierre-Yves Chibon 73d120
        output = self.app.post("/user/new", data=data, follow_redirects=True)
Pierre-Yves Chibon b94671
        self.assertEqual(output.status_code, 200)
Pierre-Yves Chibon b94671
        self.assertIn(
Pierre-Yves Chibon 73d120
            "<title>New user - Pagure</title>", output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon 73d120
        self.assertIn(
Pierre-Yves Chibon 73d120
            '<form action="/user/new" method="post">',</form>
Pierre-Yves Chibon 73d120
            output.get_data(as_text=True),
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon 73d120
        self.assertIn("Username already taken.", output.get_data(as_text=True))
Pierre-Yves Chibon b94671
Pierre-Yves Chibon 5f96cd
        # Submit the form with another username
Pierre-Yves Chibon 73d120
        data["user"] = "foouser"
Pierre-Yves Chibon 73d120
        output = self.app.post("/user/new", data=data, follow_redirects=True)
Pierre-Yves Chibon b94671
        self.assertEqual(output.status_code, 200)
Pierre-Yves Chibon 73d120
        self.assertIn(
Pierre-Yves Chibon 73d120
            "<title>New user - Pagure</title>", output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon 73d120
        self.assertIn(
Pierre-Yves Chibon 73d120
            "Email address already taken.", output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon 5f96cd
Pierre-Yves Chibon 5f96cd
        # Submit the form with proper data
Pierre-Yves Chibon 73d120
        data["email_address"] = "foo@example.com"
Pierre-Yves Chibon 73d120
        output = self.app.post("/user/new", data=data, follow_redirects=True)
Pierre-Yves Chibon 5f96cd
        self.assertEqual(output.status_code, 200)
Pierre-Yves Chibon b94671
        self.assertIn(
Pierre-Yves Chibon 73d120
            "<title>Login - Pagure</title>", output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon 73d120
        self.assertIn(
Pierre-Yves Chibon 73d120
            "User created, please check your email to activate the account",
Pierre-Yves Chibon 73d120
            output.get_data(as_text=True),
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon b94671
Pierre-Yves Chibon b94671
        # Check after:
Pierre-Yves Chibon 930073
        items = pagure.lib.query.search_user(self.session)
Farhaan Bukhsh ecae95
        self.assertEqual(3, len(items))
Pierre-Yves Chibon b94671
Pierre-Yves Chibon 73d120
    @patch.dict("pagure.config.config", {"PAGURE_AUTH": "local"})
Pierre-Yves Chibon 73d120
    @patch.dict("pagure.config.config", {"CHECK_SESSION_IP": False})
Pierre-Yves Chibon a4c666
    def test_do_login(self):
Pierre-Yves Chibon a4c666
        """ Test the do_login endpoint. """
Pierre-Yves Chibon a4c666
Pierre-Yves Chibon 73d120
        output = self.app.get("/login/")
Pierre-Yves Chibon a4c666
        self.assertEqual(output.status_code, 200)
Pierre-Yves Chibon a4c666
        self.assertIn(
Pierre-Yves Chibon 73d120
            "<title>Login - Pagure</title>", output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon 73d120
        self.assertIn(
Pierre-Yves Chibon 73d120
            '<form action="/dologin" method="post">',</form>
Pierre-Yves Chibon 73d120
            output.get_data(as_text=True),
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon a4c666
Pierre-Yves Chibon a4c666
        # This has all the data needed
Pierre-Yves Chibon 73d120
        data = {"username": "foouser", "password": "barpass"}
Pierre-Yves Chibon a4c666
Pierre-Yves Chibon a4c666
        # Submit this form  -  Doesn't work since there is no csrf token
Pierre-Yves Chibon 73d120
        output = self.app.post("/dologin", data=data, follow_redirects=True)
Pierre-Yves Chibon a4c666
        self.assertEqual(output.status_code, 200)
Pierre-Yves Chibon a4c666
        self.assertIn(
Pierre-Yves Chibon 73d120
            "<title>Login - Pagure</title>", output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon 73d120
        self.assertIn(
Pierre-Yves Chibon 73d120
            '<form action="/dologin" method="post">',</form>
Pierre-Yves Chibon 73d120
            output.get_data(as_text=True),
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon 73d120
        self.assertIn(
Pierre-Yves Chibon 73d120
            "Insufficient information provided", output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon a4c666
Pierre-Yves Chibon 73d120
        csrf_token = (
Pierre-Yves Chibon 73d120
            output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
            .split('name="csrf_token" type="hidden" value="')[1]
Pierre-Yves Chibon 73d120
            .split('">')[0]
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon a4c666
Pierre-Yves Chibon a4c666
        # Submit the form with the csrf token  -  but invalid user
Pierre-Yves Chibon 73d120
        data["csrf_token"] = csrf_token
Pierre-Yves Chibon 73d120
        output = self.app.post("/dologin", data=data, follow_redirects=True)
Pierre-Yves Chibon a4c666
        self.assertEqual(output.status_code, 200)
Pierre-Yves Chibon a4c666
        self.assertIn(
Pierre-Yves Chibon 73d120
            "<title>Login - Pagure</title>", output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon 73d120
        self.assertIn(
Pierre-Yves Chibon 73d120
            '<form action="/dologin" method="post">',</form>
Pierre-Yves Chibon 73d120
            output.get_data(as_text=True),
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon 73d120
        self.assertIn(
Pierre-Yves Chibon 73d120
            "Username or password invalid.", output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon a4c666
Pierre-Yves Chibon a4c666
        # Create a local user
Pierre-Yves Chibon a4c666
        self.test_new_user()
Pierre-Yves Chibon a4c666
Pierre-Yves Chibon 930073
        items = pagure.lib.query.search_user(self.session)
Farhaan Bukhsh ecae95
        self.assertEqual(3, len(items))
Pierre-Yves Chibon a4c666
Pierre-Yves Chibon 3deace
        # Submit the form with the csrf token  -  but user not confirmed
Pierre-Yves Chibon 73d120
        data["csrf_token"] = csrf_token
Pierre-Yves Chibon 73d120
        output = self.app.post("/dologin", data=data, follow_redirects=True)
Pierre-Yves Chibon a4c666
        self.assertEqual(output.status_code, 200)
Pierre-Yves Chibon a4c666
        self.assertIn(
Pierre-Yves Chibon 73d120
            "<title>Login - Pagure</title>", output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon a4c666
        self.assertIn(
Pierre-Yves Chibon 73d120
            '<form action="/dologin" method="post">',</form>
Pierre-Yves Chibon 73d120
            output.get_data(as_text=True),
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon 73d120
        self.assertIn(
Pierre-Yves Chibon 73d120
            "Invalid user, did you confirm the creation with the url "
Pierre-Yves Chibon 73d120
            "provided by email?",
Pierre-Yves Chibon 73d120
            output.get_data(as_text=True),
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon a4c666
Pierre-Yves Chibon 3deace
        # User in the DB, csrf provided  -  but wrong password submitted
Pierre-Yves Chibon 73d120
        data["password"] = "password"
Pierre-Yves Chibon 73d120
        output = self.app.post("/dologin", data=data, follow_redirects=True)
farhaanbukhsh fa9239
        self.assertEqual(output.status_code, 200)
farhaanbukhsh fa9239
        self.assertIn(
Pierre-Yves Chibon 73d120
            "<title>Login - Pagure</title>", output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon 73d120
        self.assertIn(
Pierre-Yves Chibon 73d120
            '<form action="/dologin" method="post">',</form>
Pierre-Yves Chibon 73d120
            output.get_data(as_text=True),
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon 73d120
        self.assertIn(
Pierre-Yves Chibon 73d120
            "Username or password invalid.", output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
        )
farhaanbukhsh fa9239
farhaanbukhsh 66f5d8
        # When account is not confirmed i.e user_obj != None
Pierre-Yves Chibon 73d120
        data["password"] = "barpass"
Pierre-Yves Chibon 73d120
        output = self.app.post("/dologin", data=data, follow_redirects=True)
farhaanbukhsh 66f5d8
        self.assertEqual(output.status_code, 200)
farhaanbukhsh 66f5d8
        self.assertIn(
Pierre-Yves Chibon 73d120
            "<title>Login - Pagure</title>", output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon 73d120
        self.assertIn(
Pierre-Yves Chibon 73d120
            '<form action="/dologin" method="post">',</form>
Pierre-Yves Chibon 73d120
            output.get_data(as_text=True),
Pierre-Yves Chibon 73d120
        )
farhaanbukhsh 66f5d8
        self.assertIn(
Pierre-Yves Chibon 73d120
            "Invalid user, did you confirm the creation with the url "
Pierre-Yves Chibon 73d120
            "provided by email?",
Pierre-Yves Chibon 73d120
            output.get_data(as_text=True),
Pierre-Yves Chibon 73d120
        )
farhaanbukhsh fa9239
Pierre-Yves Chibon 9b9f29
        # Confirm the user so that we can log in
Aurélien Bompard 13bcde
        self.session.commit()
Pierre-Yves Chibon 73d120
        item = pagure.lib.query.search_user(self.session, username="foouser")
Pierre-Yves Chibon 73d120
        self.assertEqual(item.user, "foouser")
Pierre-Yves Chibon 9b9f29
        self.assertNotEqual(item.token, None)
Pierre-Yves Chibon 9b9f29
Pierre-Yves Chibon 9b9f29
        # Remove the token
Pierre-Yves Chibon 9b9f29
        item.token = None
Pierre-Yves Chibon 9b9f29
        self.session.add(item)
Pierre-Yves Chibon b130e5
        self.session.commit()
Pierre-Yves Chibon 9b9f29
Pierre-Yves Chibon 9b9f29
        # Check the user
Pierre-Yves Chibon 73d120
        item = pagure.lib.query.search_user(self.session, username="foouser")
Pierre-Yves Chibon 73d120
        self.assertEqual(item.user, "foouser")
Pierre-Yves Chibon 9b9f29
        self.assertEqual(item.token, None)
Pierre-Yves Chibon 9b9f29
Pierre-Yves Chibon 9b9f29
        # Login but cannot save the session to the DB due to the missing IP
Pierre-Yves Chibon 9b9f29
        # address in the flask request
Pierre-Yves Chibon 73d120
        data["password"] = "barpass"
Pierre-Yves Chibon 73d120
        output = self.app.post("/dologin", data=data, follow_redirects=True)
Pierre-Yves Chibon 9b9f29
        self.assertEqual(output.status_code, 200)
Aurélien Bompard 626417
        output_text = output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
        self.assertIn("<title>Home - Pagure</title>", output_text)
Pierre-Yves Chibon 450dd6
Pierre-Yves Chibon 450dd6
        # I'm not sure if the change was in flask or werkzeug, but in older
Pierre-Yves Chibon 450dd6
        # version flask.request.remote_addr was returning None, while it
Pierre-Yves Chibon 450dd6
        # now returns 127.0.0.1 making our logic pass where it used to
Pierre-Yves Chibon 450dd6
        # partly fail
Pierre-Yves Chibon 73d120
        if hasattr(flask, "__version__"):
Pierre-Yves Chibon 73d120
            flask_v = tuple(int(el) for el in flask.__version__.split("."))
Aurélien Bompard 13bcde
            if flask_v < (0, 12, 0):
Pierre-Yves Chibon d5b214
                self.assertIn(
Ryan Lerch ca4b80
                    '
Pierre-Yves Chibon 73d120
                    'href="/login/?next=http://localhost/">',
Pierre-Yves Chibon 73d120
                    output_text,
Pierre-Yves Chibon 73d120
                )
Pierre-Yves Chibon d5b214
                self.assertIn(
Pierre-Yves Chibon 73d120
                    "Could not set the session in the db, please report "
Pierre-Yves Chibon 73d120
                    "this error to an admin",
Pierre-Yves Chibon 73d120
                    output_text,
Pierre-Yves Chibon 73d120
                )
Pierre-Yves Chibon d5b214
            else:
Pierre-Yves Chibon d5b214
                self.assertIn(
Pierre-Yves Chibon d5b214
                    '
Pierre-Yves Chibon 73d120
                    'href="/logout/?next=http://localhost/dashboard/projects">',
Pierre-Yves Chibon 73d120
                    output_text,
Pierre-Yves Chibon 73d120
                )
Pierre-Yves Chibon 9b9f29
Pierre-Yves Chibon 7cc953
        # Make the password invalid
Aurélien Bompard 13bcde
        self.session.commit()
Pierre-Yves Chibon 73d120
        item = pagure.lib.query.search_user(self.session, username="foouser")
Pierre-Yves Chibon 73d120
        self.assertEqual(item.user, "foouser")
Pierre-Yves Chibon 73d120
        self.assertTrue(item.password.startswith("$2$"))
Pierre-Yves Chibon 7cc953
Pierre-Yves Chibon 7cc953
        # Remove the $2$
Pierre-Yves Chibon 7cc953
        item.password = item.password[3:]
Pierre-Yves Chibon 7cc953
        self.session.add(item)
Pierre-Yves Chibon b130e5
        self.session.commit()
Pierre-Yves Chibon 7cc953
Pierre-Yves Chibon 7cc953
        # Check the password
Aurélien Bompard 13bcde
        self.session.commit()
Pierre-Yves Chibon 73d120
        item = pagure.lib.query.search_user(self.session, username="foouser")
Pierre-Yves Chibon 73d120
        self.assertEqual(item.user, "foouser")
Pierre-Yves Chibon 73d120
        self.assertFalse(item.password.startswith("$2$"))
Pierre-Yves Chibon 7cc953
Pierre-Yves Chibon 7cc953
        # Try login again
Pierre-Yves Chibon b130e5
        output = self.app.post(
Pierre-Yves Chibon 73d120
            "/dologin",
Pierre-Yves Chibon 73d120
            data=data,
Pierre-Yves Chibon 73d120
            follow_redirects=True,
Pierre-Yves Chibon 73d120
            environ_base={"REMOTE_ADDR": "127.0.0.1"},
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon 7cc953
        self.assertEqual(output.status_code, 200)
Pierre-Yves Chibon 7cc953
        self.assertIn(
Pierre-Yves Chibon 73d120
            "<title>Login - Pagure</title>", output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon 73d120
        self.assertIn(
Pierre-Yves Chibon 73d120
            '<form action="/dologin" method="post">',</form>
Pierre-Yves Chibon 73d120
            output.get_data(as_text=True),
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon 73d120
        self.assertIn(
Pierre-Yves Chibon 73d120
            "Username or password of invalid format.",
Pierre-Yves Chibon 73d120
            output.get_data(as_text=True),
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon 7cc953
Pierre-Yves Chibon b130e5
        # Check the password is still not of a known version
Aurélien Bompard 13bcde
        self.session.commit()
Pierre-Yves Chibon 73d120
        item = pagure.lib.query.search_user(self.session, username="foouser")
Pierre-Yves Chibon 73d120
        self.assertEqual(item.user, "foouser")
Pierre-Yves Chibon 73d120
        self.assertFalse(item.password.startswith("$1$"))
Pierre-Yves Chibon 73d120
        self.assertFalse(item.password.startswith("$2$"))
Pierre-Yves Chibon eac364
Pierre-Yves Chibon eac364
        # V1 password
Pierre-Yves Chibon 73d120
        password = "%s%s" % ("barpass", None)
Aurélien Bompard 619e2a
        if isinstance(password, six.text_type):
Pierre-Yves Chibon 73d120
            password = password.encode("utf-8")
Aurélien Bompard 626417
        password = hashlib.sha512(password).hexdigest().encode("utf-8")
Pierre-Yves Chibon eac364
        item.token = None
Pierre-Yves Chibon 73d120
        item.password = b"$1$" + password
Pierre-Yves Chibon eac364
        self.session.add(item)
Pierre-Yves Chibon b130e5
        self.session.commit()
Pierre-Yves Chibon eac364
Pierre-Yves Chibon eac364
        # Check the password
Aurélien Bompard 13bcde
        self.session.commit()
Pierre-Yves Chibon 73d120
        item = pagure.lib.query.search_user(self.session, username="foouser")
Pierre-Yves Chibon 73d120
        self.assertEqual(item.user, "foouser")
Pierre-Yves Chibon 73d120
        self.assertTrue(item.password.startswith(b"$1$"))
Pierre-Yves Chibon eac364
Pierre-Yves Chibon eac364
        # Log in with a v1 password
Pierre-Yves Chibon 73d120
        output = self.app.post(
Pierre-Yves Chibon 73d120
            "/dologin",
Pierre-Yves Chibon 73d120
            data=data,
Pierre-Yves Chibon 73d120
            follow_redirects=True,
Pierre-Yves Chibon 73d120
            environ_base={"REMOTE_ADDR": "127.0.0.1"},
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon eac364
        self.assertEqual(output.status_code, 200)
Aurélien Bompard 626417
        output_text = output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
        self.assertIn("<title>Home - Pagure</title>", output_text)
Pierre-Yves Chibon 73d120
        self.assertIn("Welcome foouser", output_text)
Pierre-Yves Chibon 73d120
        self.assertIn("Activity", output_text)
Pierre-Yves Chibon 450dd6
Pierre-Yves Chibon b130e5
        # Check the password got upgraded to version 2
Aurélien Bompard 13bcde
        self.session.commit()
Pierre-Yves Chibon 73d120
        item = pagure.lib.query.search_user(self.session, username="foouser")
Pierre-Yves Chibon 73d120
        self.assertEqual(item.user, "foouser")
Pierre-Yves Chibon 73d120
        self.assertTrue(item.password.startswith("$2$"))
Pierre-Yves Chibon b130e5
Aurélien Bompard d90ed4
        # We have set the REMOTE_ADDR in the request, so this works with all
Aurélien Bompard d90ed4
        # versions of Flask.
Aurélien Bompard d90ed4
        self.assertIn(
Aurélien Bompard d90ed4
            '
Pierre-Yves Chibon 73d120
            'href="/logout/?next=http://localhost/dashboard/projects">',
Pierre-Yves Chibon 73d120
            output_text,
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon 7cc953
Pierre-Yves Chibon 73d120
    @patch.dict("pagure.config.config", {"PAGURE_AUTH": "local"})
Pierre-Yves Chibon 73d120
    @patch.dict("pagure.config.config", {"CHECK_SESSION_IP": False})
Pierre-Yves Chibon 1baa7f
    def test_do_login_and_redirect(self):
Pierre-Yves Chibon 1baa7f
        """ Test the do_login endpoint with a non-default redirect. """
Pierre-Yves Chibon 1baa7f
        # This has all the data needed
Pierre-Yves Chibon 1baa7f
        data = {
Pierre-Yves Chibon 73d120
            "username": "foouser",
Pierre-Yves Chibon 73d120
            "password": "barpass",
Pierre-Yves Chibon 73d120
            "csrf_token": self.get_csrf(url="/login/"),
Pierre-Yves Chibon 73d120
            "next_url": "http://localhost/test/",
Pierre-Yves Chibon 1baa7f
        }
Pierre-Yves Chibon 1baa7f
Pierre-Yves Chibon 1baa7f
        # Create a local user
Pierre-Yves Chibon 1baa7f
        self.test_new_user()
Pierre-Yves Chibon 1baa7f
        self.session.commit()
Pierre-Yves Chibon 1baa7f
Pierre-Yves Chibon 1baa7f
        # Confirm the user so that we can log in
Pierre-Yves Chibon 73d120
        item = pagure.lib.query.search_user(self.session, username="foouser")
Pierre-Yves Chibon 73d120
        self.assertEqual(item.user, "foouser")
Pierre-Yves Chibon 1baa7f
        self.assertNotEqual(item.token, None)
Pierre-Yves Chibon 1baa7f
Pierre-Yves Chibon 1baa7f
        # Remove the token
Pierre-Yves Chibon 1baa7f
        item.token = None
Pierre-Yves Chibon 1baa7f
        self.session.add(item)
Pierre-Yves Chibon 1baa7f
        self.session.commit()
Pierre-Yves Chibon 1baa7f
Pierre-Yves Chibon 1baa7f
        # Check the user
Pierre-Yves Chibon 73d120
        item = pagure.lib.query.search_user(self.session, username="foouser")
Pierre-Yves Chibon 73d120
        self.assertEqual(item.user, "foouser")
Pierre-Yves Chibon 1baa7f
        self.assertEqual(item.token, None)
Pierre-Yves Chibon 1baa7f
Pierre-Yves Chibon 1baa7f
        # Add a test project to the user
Pierre-Yves Chibon 74da3a
        tests.create_projects(self.session, user_id=3)
Pierre-Yves Chibon 73d120
        tests.create_projects_git(os.path.join(self.path, "repos"))
Pierre-Yves Chibon 73d120
        output = self.app.get("/test")
Pierre-Yves Chibon 1baa7f
        output_text = output.get_data(as_text=True)
Pierre-Yves Chibon 1baa7f
        self.assertEqual(output.status_code, 200)
Pierre-Yves Chibon 73d120
        self.assertIn("<title>Overview - test - Pagure</title>", output_text)
Pierre-Yves Chibon 1baa7f
Pierre-Yves Chibon 1baa7f
        # Login and redirect to the test project
Pierre-Yves Chibon 1baa7f
        output = self.app.post(
Pierre-Yves Chibon 73d120
            "/dologin",
Pierre-Yves Chibon 73d120
            data=data,
Pierre-Yves Chibon 73d120
            follow_redirects=True,
Pierre-Yves Chibon 73d120
            environ_base={"REMOTE_ADDR": "127.0.0.1"},
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon 1baa7f
        self.assertEqual(output.status_code, 200)
Pierre-Yves Chibon 1baa7f
        output_text = output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
        self.assertIn("<title>Overview - test - Pagure</title>", output_text)
Pierre-Yves Chibon 1baa7f
        self.assertIn(
Pierre-Yves Chibon 1baa7f
            '
Pierre-Yves Chibon 73d120
            'href="/logout/?next=http://localhost/test/">',
Pierre-Yves Chibon 73d120
            output_text,
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon 1baa7f
        self.assertIn(
Pierre-Yves Chibon 73d120
            'Settings', output_text
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon 1baa7f
Pierre-Yves Chibon 73d120
    @patch.dict("pagure.config.config", {"PAGURE_AUTH": "local"})
Pierre-Yves Chibon 73d120
    @patch.dict("pagure.config.config", {"CHECK_SESSION_IP": False})
Pierre-Yves Chibon 1baa7f
    def test_has_settings(self):
Pierre-Yves Chibon 1baa7f
        """ Test that user can see the Settings button when they are logged
Pierre-Yves Chibon 1baa7f
        in. """
Pierre-Yves Chibon 1baa7f
        # Create a local user
Pierre-Yves Chibon 1baa7f
        self.test_new_user()
Pierre-Yves Chibon 1baa7f
        self.session.commit()
Pierre-Yves Chibon 1baa7f
Pierre-Yves Chibon 1baa7f
        # Remove the token
Pierre-Yves Chibon 73d120
        item = pagure.lib.query.search_user(self.session, username="foouser")
Pierre-Yves Chibon 1baa7f
        item.token = None
Pierre-Yves Chibon 1baa7f
        self.session.add(item)
Pierre-Yves Chibon 1baa7f
        self.session.commit()
Pierre-Yves Chibon 1baa7f
Pierre-Yves Chibon 1baa7f
        # Check the user
Pierre-Yves Chibon 73d120
        item = pagure.lib.query.search_user(self.session, username="foouser")
Pierre-Yves Chibon 73d120
        self.assertEqual(item.user, "foouser")
Pierre-Yves Chibon 1baa7f
        self.assertEqual(item.token, None)
Pierre-Yves Chibon 1baa7f
Pierre-Yves Chibon 1baa7f
        # Add a test project to the user
Pierre-Yves Chibon 1baa7f
        tests.create_projects(self.session)
Pierre-Yves Chibon 73d120
        tests.create_projects_git(os.path.join(self.path, "repos"))
Pierre-Yves Chibon 73d120
        output = self.app.get("/test")
Pierre-Yves Chibon 1baa7f
        output_text = output.get_data(as_text=True)
Pierre-Yves Chibon 1baa7f
        self.assertEqual(output.status_code, 200)
Pierre-Yves Chibon 73d120
        self.assertIn("<title>Overview - test - Pagure</title>", output_text)
Pierre-Yves Chibon 1baa7f
Pierre-Yves Chibon 1baa7f
        # Login and redirect to the test project
Pierre-Yves Chibon 73d120
        user = tests.FakeUser(username="pingou")
Pierre-Yves Chibon 1baa7f
        with tests.user_set(self.app.application, user):
Pierre-Yves Chibon 73d120
            output = self.app.get("/test")
Pierre-Yves Chibon 1baa7f
            self.assertEqual(output.status_code, 200)
Pierre-Yves Chibon 1baa7f
            output_text = output.get_data(as_text=True)
Pierre-Yves Chibon 1baa7f
            self.assertIn(
Pierre-Yves Chibon 73d120
                "<title>Overview - test - Pagure</title>", output_text
Pierre-Yves Chibon 73d120
            )
Pierre-Yves Chibon 1baa7f
            self.assertIn(
Pierre-Yves Chibon 73d120
                'Settings', output_text
Pierre-Yves Chibon 73d120
            )
Pierre-Yves Chibon 1baa7f
Pierre-Yves Chibon 73d120
    @patch.dict("pagure.config.config", {"PAGURE_AUTH": "local"})
Pierre-Yves Chibon 73d120
    @patch("pagure.lib.notify.send_email", MagicMock(return_value=True))
Farhaan Bukhsh ecae95
    def test_non_ascii_password(self):
Farhaan Bukhsh ecae95
        """ Test login and create user functionality when the password is
Farhaan Bukhsh ecae95
            non-ascii.
Farhaan Bukhsh ecae95
        """
Farhaan Bukhsh ecae95
Farhaan Bukhsh ecae95
        # Check before:
Pierre-Yves Chibon 930073
        items = pagure.lib.query.search_user(self.session)
Farhaan Bukhsh ecae95
        self.assertEqual(2, len(items))
Farhaan Bukhsh ecae95
Farhaan Bukhsh ecae95
        # First access the new user page
Pierre-Yves Chibon 73d120
        output = self.app.get("/user/new")
Farhaan Bukhsh ecae95
        self.assertEqual(output.status_code, 200)
Aurélien Bompard 626417
        output_text = output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
        self.assertIn("<title>New user - Pagure</title>", output_text)
Pierre-Yves Chibon 73d120
        self.assertIn('<form action="/user/new" method="post">', output_text)</form>
Farhaan Bukhsh ecae95
Farhaan Bukhsh ecae95
        # Create the form to send there
Farhaan Bukhsh ecae95
        # This has all the data needed
Farhaan Bukhsh ecae95
Farhaan Bukhsh ecae95
        data = {
Pierre-Yves Chibon 73d120
            "user": "foo",
Pierre-Yves Chibon 73d120
            "fullname": "user foo",
Pierre-Yves Chibon 73d120
            "email_address": "foo@bar.com",
Pierre-Yves Chibon 73d120
            "password": "ö",
Pierre-Yves Chibon 73d120
            "confirm_password": "ö",
Farhaan Bukhsh ecae95
        }
Farhaan Bukhsh ecae95
Farhaan Bukhsh ecae95
        # Submit this form  -  Doesn't work since there is no csrf token
Pierre-Yves Chibon 73d120
        output = self.app.post("/user/new", data=data)
Farhaan Bukhsh ecae95
        self.assertEqual(output.status_code, 200)
Aurélien Bompard 626417
        output_text = output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
        self.assertIn("<title>New user - Pagure</title>", output_text)
Pierre-Yves Chibon 73d120
        self.assertIn('<form action="/user/new" method="post">', output_text)</form>
Farhaan Bukhsh ecae95
Aurélien Bompard 626417
        csrf_token = output_text.split(
Pierre-Yves Chibon 73d120
            'name="csrf_token" type="hidden" value="'
Pierre-Yves Chibon 73d120
        )[1].split('">')[0]
Farhaan Bukhsh ecae95
Farhaan Bukhsh ecae95
        # Submit the form with the csrf token
Pierre-Yves Chibon 73d120
        data["csrf_token"] = csrf_token
Pierre-Yves Chibon 73d120
        output = self.app.post("/user/new", data=data, follow_redirects=True)
Farhaan Bukhsh ecae95
        self.assertEqual(output.status_code, 200)
Aurélien Bompard 626417
        output_text = output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
        self.assertIn("<title>New user - Pagure</title>", output_text)
Pierre-Yves Chibon 73d120
        self.assertIn('<form action="/user/new" method="post">', output_text)</form>
Pierre-Yves Chibon 73d120
        self.assertIn("Username already taken.", output_text)
Farhaan Bukhsh ecae95
Farhaan Bukhsh ecae95
        # Submit the form with another username
Pierre-Yves Chibon 73d120
        data["user"] = "foobar"
Pierre-Yves Chibon 73d120
        output = self.app.post("/user/new", data=data, follow_redirects=True)
Farhaan Bukhsh ecae95
        self.assertEqual(output.status_code, 200)
Aurélien Bompard 626417
        output_text = output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
        self.assertIn("<title>New user - Pagure</title>", output_text)
Pierre-Yves Chibon 73d120
        self.assertIn("Email address already taken.", output_text)
Farhaan Bukhsh ecae95
Farhaan Bukhsh ecae95
        # Submit the form with proper data
Pierre-Yves Chibon 73d120
        data["email_address"] = "foobar@foobar.com"
Pierre-Yves Chibon 73d120
        output = self.app.post("/user/new", data=data, follow_redirects=True)
Farhaan Bukhsh ecae95
        self.assertEqual(output.status_code, 200)
Aurélien Bompard 626417
        output_text = output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
        self.assertIn("<title>Login - Pagure</title>", output_text)
Farhaan Bukhsh ecae95
        self.assertIn(
Pierre-Yves Chibon 73d120
            "User created, please check your email to activate the account",
Pierre-Yves Chibon 73d120
            output_text,
Pierre-Yves Chibon 73d120
        )
Farhaan Bukhsh ecae95
Farhaan Bukhsh ecae95
        # Check after:
Pierre-Yves Chibon 930073
        items = pagure.lib.query.search_user(self.session)
Farhaan Bukhsh ecae95
        self.assertEqual(3, len(items))
Farhaan Bukhsh ecae95
Farhaan Bukhsh ecae95
        # Checking for the /login page
Pierre-Yves Chibon 73d120
        output = self.app.get("/login/")
Farhaan Bukhsh ecae95
        self.assertEqual(output.status_code, 200)
Aurélien Bompard 626417
        output_text = output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
        self.assertIn("<title>Login - Pagure</title>", output_text)
Pierre-Yves Chibon 73d120
        self.assertIn('<form action="/dologin" method="post">', output_text)</form>
Farhaan Bukhsh ecae95
Farhaan Bukhsh ecae95
        # This has all the data needed
Pierre-Yves Chibon 73d120
        data = {"username": "foob_bar", "password": "ö"}
Farhaan Bukhsh ecae95
Farhaan Bukhsh ecae95
        # Submit this form  -  Doesn't work since there is no csrf token
Pierre-Yves Chibon 73d120
        output = self.app.post("/dologin", data=data, follow_redirects=True)
Farhaan Bukhsh ecae95
        self.assertEqual(output.status_code, 200)
Aurélien Bompard 626417
        output_text = output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
        self.assertIn("<title>Login - Pagure</title>", output_text)
Pierre-Yves Chibon 73d120
        self.assertIn('<form action="/dologin" method="post">', output_text)</form>
Pierre-Yves Chibon 73d120
        self.assertIn("Insufficient information provided", output_text)
Farhaan Bukhsh ecae95
Farhaan Bukhsh ecae95
        # Submit the form with the csrf token  -  but invalid user
Pierre-Yves Chibon 73d120
        data["csrf_token"] = csrf_token
Pierre-Yves Chibon 73d120
        output = self.app.post("/dologin", data=data, follow_redirects=True)
Farhaan Bukhsh ecae95
        self.assertEqual(output.status_code, 200)
Aurélien Bompard 626417
        output_text = output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
        self.assertIn("<title>Login - Pagure</title>", output_text)
Pierre-Yves Chibon 73d120
        self.assertIn('<form action="/dologin" method="post">', output_text)</form>
Pierre-Yves Chibon 73d120
        self.assertIn("Username or password invalid.", output_text)
Farhaan Bukhsh ecae95
Farhaan Bukhsh ecae95
        # Submit the form with the csrf token  -  but user not confirmed
Pierre-Yves Chibon 73d120
        data["username"] = "foobar"
Pierre-Yves Chibon 73d120
        output = self.app.post("/dologin", data=data, follow_redirects=True)
Farhaan Bukhsh ecae95
        self.assertEqual(output.status_code, 200)
Aurélien Bompard 626417
        output_text = output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
        self.assertIn("<title>Login - Pagure</title>", output_text)
Pierre-Yves Chibon 73d120
        self.assertIn('<form action="/dologin" method="post">', output_text)</form>
Farhaan Bukhsh ecae95
        self.assertIn(
Pierre-Yves Chibon 73d120
            "Invalid user, did you confirm the creation with the url "
Pierre-Yves Chibon 73d120
            "provided by email?",
Pierre-Yves Chibon 73d120
            output_text,
Pierre-Yves Chibon 73d120
        )
Farhaan Bukhsh ecae95
Farhaan Bukhsh ecae95
        # User in the DB, csrf provided  -  but wrong password submitted
Pierre-Yves Chibon 73d120
        data["password"] = "öö"
Pierre-Yves Chibon 73d120
        output = self.app.post("/dologin", data=data, follow_redirects=True)
Farhaan Bukhsh ecae95
        self.assertEqual(output.status_code, 200)
Aurélien Bompard 626417
        output_text = output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
        self.assertIn("<title>Login - Pagure</title>", output_text)
Pierre-Yves Chibon 73d120
        self.assertIn('<form action="/dologin" method="post">', output_text)</form>
Pierre-Yves Chibon 73d120
        self.assertIn("Username or password invalid.", output_text)
Farhaan Bukhsh ecae95
Farhaan Bukhsh ecae95
        # When account is not confirmed i.e user_obj != None
Pierre-Yves Chibon 73d120
        data["password"] = "ö"
Pierre-Yves Chibon 73d120
        output = self.app.post("/dologin", data=data, follow_redirects=True)
Farhaan Bukhsh ecae95
        self.assertEqual(output.status_code, 200)
Aurélien Bompard 626417
        output_text = output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
        self.assertIn("<title>Login - Pagure</title>", output_text)
Pierre-Yves Chibon 73d120
        self.assertIn('<form action="/dologin" method="post">', output_text)</form>
Farhaan Bukhsh ecae95
        self.assertIn(
Pierre-Yves Chibon 73d120
            "Invalid user, did you confirm the creation with the url "
Pierre-Yves Chibon 73d120
            "provided by email?",
Pierre-Yves Chibon 73d120
            output_text,
Pierre-Yves Chibon 73d120
        )
Farhaan Bukhsh ecae95
Farhaan Bukhsh ecae95
        # Confirm the user so that we can log in
Pierre-Yves Chibon 73d120
        item = pagure.lib.query.search_user(self.session, username="foobar")
Pierre-Yves Chibon 73d120
        self.assertEqual(item.user, "foobar")
Farhaan Bukhsh ecae95
        self.assertNotEqual(item.token, None)
Farhaan Bukhsh ecae95
Farhaan Bukhsh ecae95
        # Remove the token
Farhaan Bukhsh ecae95
        item.token = None
Farhaan Bukhsh ecae95
        self.session.add(item)
Farhaan Bukhsh ecae95
        self.session.commit()
Farhaan Bukhsh ecae95
Farhaan Bukhsh ecae95
        # Login but cannot save the session to the DB due to the missing IP
Farhaan Bukhsh ecae95
        # address in the flask request
Pierre-Yves Chibon 73d120
        data["password"] = "ö"
Pierre-Yves Chibon 73d120
        output = self.app.post("/dologin", data=data, follow_redirects=True)
Farhaan Bukhsh ecae95
        self.assertEqual(output.status_code, 200)
Aurélien Bompard 626417
        output_text = output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
        self.assertIn("<title>Home - Pagure</title>", output_text)
Pierre-Yves Chibon d5b214
Pierre-Yves Chibon d5b214
        # I'm not sure if the change was in flask or werkzeug, but in older
Pierre-Yves Chibon d5b214
        # version flask.request.remote_addr was returning None, while it
Pierre-Yves Chibon d5b214
        # now returns 127.0.0.1 making our logic pass where it used to
Pierre-Yves Chibon d5b214
        # partly fail
Pierre-Yves Chibon 73d120
        if hasattr(flask, "__version__"):
Pierre-Yves Chibon 73d120
            flask_v = tuple(int(el) for el in flask.__version__.split("."))
Pierre-Yves Chibon d5b214
            if flask_v <= (0, 12, 0):
Pierre-Yves Chibon d5b214
                self.assertIn(
Ryan Lerch ca4b80
                    '
Pierre-Yves Chibon 73d120
                    'href="/login/?next=http://localhost/">',
Pierre-Yves Chibon 73d120
                    output_text,
Pierre-Yves Chibon 73d120
                )
Pierre-Yves Chibon d5b214
                self.assertIn(
Pierre-Yves Chibon 73d120
                    "Could not set the session in the db, please report "
Pierre-Yves Chibon 73d120
                    "this error to an admin",
Pierre-Yves Chibon 73d120
                    output_text,
Pierre-Yves Chibon 73d120
                )
Pierre-Yves Chibon d5b214
            else:
Pierre-Yves Chibon d5b214
                self.assertIn(
Pierre-Yves Chibon d5b214
                    '
Pierre-Yves Chibon 73d120
                    'href="/logout/?next=http://localhost/dashboard/projects">',
Pierre-Yves Chibon 73d120
                    output_text,
Pierre-Yves Chibon 73d120
                )
Farhaan Bukhsh ecae95
Farhaan Bukhsh ecae95
        # Check the user
Pierre-Yves Chibon 73d120
        item = pagure.lib.query.search_user(self.session, username="foobar")
Pierre-Yves Chibon 73d120
        self.assertEqual(item.user, "foobar")
Farhaan Bukhsh ecae95
        self.assertEqual(item.token, None)
Farhaan Bukhsh ecae95
Pierre-Yves Chibon 10fbdf
    def test_confirm_user(self):
Pierre-Yves Chibon 10fbdf
        """ Test the confirm_user endpoint. """
Pierre-Yves Chibon 10fbdf
Pierre-Yves Chibon 73d120
        output = self.app.get("/confirm/foo", follow_redirects=True)
Pierre-Yves Chibon 10fbdf
        self.assertEqual(output.status_code, 200)
Pierre-Yves Chibon 10fbdf
        self.assertIn(
Pierre-Yves Chibon 73d120
            "<title>Home - Pagure</title>", output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon 73d120
        self.assertIn(
Pierre-Yves Chibon 73d120
            "No user associated with this token.",
Pierre-Yves Chibon 73d120
            output.get_data(as_text=True),
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon 10fbdf
Pierre-Yves Chibon 10fbdf
        # Create a local user
Pierre-Yves Chibon 10fbdf
        self.test_new_user()
Pierre-Yves Chibon 10fbdf
Pierre-Yves Chibon 930073
        items = pagure.lib.query.search_user(self.session)
Farhaan Bukhsh ecae95
        self.assertEqual(3, len(items))
Pierre-Yves Chibon 73d120
        item = pagure.lib.query.search_user(self.session, username="foouser")
Pierre-Yves Chibon 73d120
        self.assertEqual(item.user, "foouser")
Pierre-Yves Chibon 73d120
        self.assertTrue(item.password.startswith("$2$"))
Pierre-Yves Chibon 10fbdf
        self.assertNotEqual(item.token, None)
Pierre-Yves Chibon 10fbdf
Pierre-Yves Chibon 10fbdf
        output = self.app.get(
Pierre-Yves Chibon 73d120
            "/confirm/%s" % item.token, follow_redirects=True
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon 10fbdf
        self.assertEqual(output.status_code, 200)
Pierre-Yves Chibon 10fbdf
        self.assertIn(
Pierre-Yves Chibon 73d120
            "<title>Login - Pagure</title>", output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon 73d120
        self.assertIn(
Pierre-Yves Chibon 73d120
            "Email confirmed, account activated", output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon 10fbdf
Pierre-Yves Chibon 73d120
    @patch.dict("pagure.config.config", {"PAGURE_AUTH": "local"})
Pierre-Yves Chibon 73d120
    @patch("pagure.lib.notify.send_email", MagicMock(return_value=True))
Pierre-Yves Chibon db170c
    def test_lost_password(self):
Pierre-Yves Chibon db170c
        """ Test the lost_password endpoint. """
Pierre-Yves Chibon db170c
Pierre-Yves Chibon 73d120
        output = self.app.get("/password/lost")
Pierre-Yves Chibon db170c
        self.assertEqual(output.status_code, 200)
Pierre-Yves Chibon db170c
        self.assertIn(
Pierre-Yves Chibon 73d120
            "<title>Lost password - Pagure</title>",
Pierre-Yves Chibon 73d120
            output.get_data(as_text=True),
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon 73d120
        self.assertIn(
Pierre-Yves Chibon 73d120
            '<form action="/password/lost" method="post">',</form>
Pierre-Yves Chibon 73d120
            output.get_data(as_text=True),
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon db170c
Pierre-Yves Chibon db170c
        # Prepare the data to send
Pierre-Yves Chibon 73d120
        data = {"username": "foouser"}
Pierre-Yves Chibon db170c
Pierre-Yves Chibon db170c
        # Missing CSRF
Pierre-Yves Chibon 73d120
        output = self.app.post("/password/lost", data=data)
Pierre-Yves Chibon db170c
        self.assertEqual(output.status_code, 200)
Pierre-Yves Chibon db170c
        self.assertIn(
Pierre-Yves Chibon 73d120
            "<title>Lost password - Pagure</title>",
Pierre-Yves Chibon 73d120
            output.get_data(as_text=True),
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon 73d120
        self.assertIn(
Pierre-Yves Chibon 73d120
            '<form action="/password/lost" method="post">',</form>
Pierre-Yves Chibon 73d120
            output.get_data(as_text=True),
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon db170c
Pierre-Yves Chibon 73d120
        csrf_token = (
Pierre-Yves Chibon 73d120
            output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
            .split('name="csrf_token" type="hidden" value="')[1]
Pierre-Yves Chibon 73d120
            .split('">')[0]
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon db170c
Pierre-Yves Chibon db170c
        # With the CSRF  -  But invalid user
Pierre-Yves Chibon 73d120
        data["csrf_token"] = csrf_token
Pierre-Yves Chibon db170c
        output = self.app.post(
Pierre-Yves Chibon 73d120
            "/password/lost", data=data, follow_redirects=True
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon db170c
        self.assertEqual(output.status_code, 200)
Pierre-Yves Chibon 73d120
        self.assertIn(
Pierre-Yves Chibon 73d120
            "<title>Login - Pagure</title>", output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon 73d120
        self.assertIn("Username invalid.", output.get_data(as_text=True))
Pierre-Yves Chibon db170c
Pierre-Yves Chibon db170c
        # With the CSRF and a valid user
Pierre-Yves Chibon 73d120
        data["username"] = "foo"
Pierre-Yves Chibon db170c
        output = self.app.post(
Pierre-Yves Chibon 73d120
            "/password/lost", data=data, follow_redirects=True
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon db170c
        self.assertEqual(output.status_code, 200)
Pierre-Yves Chibon db170c
        self.assertIn(
Pierre-Yves Chibon 73d120
            "<title>Login - Pagure</title>", output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon 73d120
        self.assertIn(
Pierre-Yves Chibon 73d120
            "Check your email to finish changing your password",
Pierre-Yves Chibon 73d120
            output.get_data(as_text=True),
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon db170c
Pierre-Yves Chibon db170c
        # With the CSRF and a valid user  -  but too quick after the last one
Pierre-Yves Chibon 73d120
        data["username"] = "foo"
Pierre-Yves Chibon db170c
        output = self.app.post(
Pierre-Yves Chibon 73d120
            "/password/lost", data=data, follow_redirects=True
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon db170c
        self.assertEqual(output.status_code, 200)
Pierre-Yves Chibon db170c
        self.assertIn(
Pierre-Yves Chibon 73d120
            "<title>Login - Pagure</title>", output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon 73d120
        self.assertIn(
Pierre-Yves Chibon 73d120
            "An email was sent to you less than 3 minutes ago, did you "
Pierre-Yves Chibon 73d120
            "check your spam folder? Otherwise, try again after some time.",
Pierre-Yves Chibon 73d120
            output.get_data(as_text=True),
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon db170c
Pierre-Yves Chibon 73d120
    @patch.dict("pagure.config.config", {"PAGURE_AUTH": "local"})
Pierre-Yves Chibon 73d120
    @patch("pagure.lib.notify.send_email", MagicMock(return_value=True))
Pierre-Yves Chibon c3ff39
    def test_reset_password(self):
Pierre-Yves Chibon c3ff39
        """ Test the reset_password endpoint. """
Pierre-Yves Chibon c3ff39
Pierre-Yves Chibon 73d120
        output = self.app.get("/password/reset/foo", follow_redirects=True)
Pierre-Yves Chibon c3ff39
        self.assertEqual(output.status_code, 200)
Pierre-Yves Chibon 73d120
        self.assertIn(
Pierre-Yves Chibon 73d120
            "<title>Login - Pagure</title>", output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon 73d120
        self.assertIn(
Pierre-Yves Chibon 73d120
            "No user associated with this token.",
Pierre-Yves Chibon 73d120
            output.get_data(as_text=True),
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon 73d120
        self.assertIn(
Pierre-Yves Chibon 73d120
            '<form action="/dologin" method="post">',</form>
Pierre-Yves Chibon 73d120
            output.get_data(as_text=True),
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon c3ff39
Pierre-Yves Chibon c3ff39
        self.test_lost_password()
Pierre-Yves Chibon c3ff39
        self.test_new_user()
Pierre-Yves Chibon c3ff39
Pierre-Yves Chibon c3ff39
        # Check the password
Pierre-Yves Chibon 73d120
        item = pagure.lib.query.search_user(self.session, username="foouser")
Pierre-Yves Chibon 73d120
        self.assertEqual(item.user, "foouser")
Pierre-Yves Chibon c3ff39
        self.assertNotEqual(item.token, None)
Pierre-Yves Chibon 73d120
        self.assertTrue(item.password.startswith("$2$"))
Pierre-Yves Chibon c3ff39
Pierre-Yves Chibon c3ff39
        old_password = item.password
Pierre-Yves Chibon c3ff39
        token = item.token
Pierre-Yves Chibon c3ff39
Pierre-Yves Chibon c3ff39
        output = self.app.get(
Pierre-Yves Chibon 73d120
            "/password/reset/%s" % token, follow_redirects=True
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon c3ff39
        self.assertEqual(output.status_code, 200)
Pierre-Yves Chibon c3ff39
        self.assertIn(
Pierre-Yves Chibon 73d120
            "<title>Change password - Pagure</title>",
Pierre-Yves Chibon 73d120
            output.get_data(as_text=True),
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon 73d120
        self.assertIn(
Pierre-Yves Chibon 73d120
            '
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon c3ff39
Pierre-Yves Chibon 73d120
        data = {"password": "passwd", "confirm_password": "passwd"}
Pierre-Yves Chibon c3ff39
Pierre-Yves Chibon c3ff39
        # Missing CSRF
Pierre-Yves Chibon c3ff39
        output = self.app.post(
Pierre-Yves Chibon 73d120
            "/password/reset/%s" % token, data=data, follow_redirects=True
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon c3ff39
        self.assertEqual(output.status_code, 200)
Pierre-Yves Chibon c3ff39
        self.assertIn(
Pierre-Yves Chibon 73d120
            "<title>Change password - Pagure</title>",
Pierre-Yves Chibon 73d120
            output.get_data(as_text=True),
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon 73d120
        self.assertIn(
Pierre-Yves Chibon 73d120
            '
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon c3ff39
Pierre-Yves Chibon 73d120
        csrf_token = (
Pierre-Yves Chibon 73d120
            output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
            .split('name="csrf_token" type="hidden" value="')[1]
Pierre-Yves Chibon 73d120
            .split('">')[0]
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon c3ff39
Pierre-Yves Chibon c3ff39
        # With CSRF
Pierre-Yves Chibon 73d120
        data["csrf_token"] = csrf_token
Pierre-Yves Chibon c3ff39
        output = self.app.post(
Pierre-Yves Chibon 73d120
            "/password/reset/%s" % token, data=data, follow_redirects=True
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon c3ff39
        self.assertEqual(output.status_code, 200)
Pierre-Yves Chibon 73d120
        self.assertIn(
Pierre-Yves Chibon 73d120
            "<title>Login - Pagure</title>", output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon 73d120
        self.assertIn("Password changed", output.get_data(as_text=True))
Pierre-Yves Chibon 73d120
Pierre-Yves Chibon 73d120
    @patch(
Pierre-Yves Chibon 73d120
        "pagure.ui.login._check_session_cookie", MagicMock(return_value=True)
Pierre-Yves Chibon 73d120
    )
Pierre-Yves Chibon 73d120
    @patch.dict("pagure.config.config", {"PAGURE_AUTH": "local"})
Pierre-Yves Chibon 23b43c
    def test_change_password(self):
Pierre-Yves Chibon 23b43c
        """ Test the change_password endpoint. """
Pierre-Yves Chibon 23b43c
Pierre-Yves Chibon 23b43c
        # Not logged in, redirects
Pierre-Yves Chibon 73d120
        output = self.app.get("/password/change", follow_redirects=True)
Pierre-Yves Chibon 23b43c
        self.assertEqual(output.status_code, 200)
Pierre-Yves Chibon 73d120
        self.assertIn(
Pierre-Yves Chibon 73d120
            "<title>Login - Pagure</title>", output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon 73d120
        self.assertIn(
Pierre-Yves Chibon 73d120
            '<form action="/dologin" method="post">',</form>
Pierre-Yves Chibon 73d120
            output.get_data(as_text=True),
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon 23b43c
Pierre-Yves Chibon 23b43c
        user = tests.FakeUser()
Pierre-Yves Chibon b130e5
        with tests.user_set(self.app.application, user):
Pierre-Yves Chibon 73d120
            output = self.app.get("/password/change")
Pierre-Yves Chibon 23b43c
            self.assertEqual(output.status_code, 404)
Pierre-Yves Chibon 73d120
            self.assertIn("User not found", output.get_data(as_text=True))
Pierre-Yves Chibon 23b43c
Pierre-Yves Chibon 73d120
        user = tests.FakeUser(username="foo")
Pierre-Yves Chibon b130e5
        with tests.user_set(self.app.application, user):
Pierre-Yves Chibon 73d120
            output = self.app.get("/password/change")
Pierre-Yves Chibon 23b43c
            self.assertEqual(output.status_code, 200)
farhaanbukhsh 19ad5f
            self.assertIn(
Pierre-Yves Chibon 73d120
                "<title>Change password - Pagure</title>",
Pierre-Yves Chibon 73d120
                output.get_data(as_text=True),
Pierre-Yves Chibon 73d120
            )
Pierre-Yves Chibon 23b43c
            self.assertIn(
Pierre-Yves Chibon 73d120
                '<form action="/password/change" method="post">',</form>
Pierre-Yves Chibon 73d120
                output.get_data(as_text=True),
Pierre-Yves Chibon 73d120
            )
Pierre-Yves Chibon 23b43c
Pierre-Yves Chibon 23b43c
            data = {
Pierre-Yves Chibon 73d120
                "old_password": "foo",
Pierre-Yves Chibon 73d120
                "password": "foo",
Pierre-Yves Chibon 73d120
                "confirm_password": "foo",
Pierre-Yves Chibon 23b43c
            }
Pierre-Yves Chibon 23b43c
Pierre-Yves Chibon 23b43c
            # No CSRF token
Pierre-Yves Chibon 73d120
            output = self.app.post("/password/change", data=data)
Pierre-Yves Chibon 23b43c
            self.assertEqual(output.status_code, 200)
farhaanbukhsh 19ad5f
            self.assertIn(
Pierre-Yves Chibon 73d120
                "<title>Change password - Pagure</title>",
Pierre-Yves Chibon 73d120
                output.get_data(as_text=True),
Pierre-Yves Chibon 73d120
            )
Pierre-Yves Chibon 23b43c
            self.assertIn(
Pierre-Yves Chibon 73d120
                '<form action="/password/change" method="post">',</form>
Pierre-Yves Chibon 73d120
                output.get_data(as_text=True),
Pierre-Yves Chibon 73d120
            )
Pierre-Yves Chibon 23b43c
Pierre-Yves Chibon 73d120
            csrf_token = (
Pierre-Yves Chibon 73d120
                output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
                .split('name="csrf_token" type="hidden" value="')[1]
Pierre-Yves Chibon 73d120
                .split('">')[0]
Pierre-Yves Chibon 73d120
            )
Pierre-Yves Chibon 23b43c
Pierre-Yves Chibon 23b43c
            # With CSRF  -  Invalid password format
Pierre-Yves Chibon 73d120
            data["csrf_token"] = csrf_token
Pierre-Yves Chibon 23b43c
            output = self.app.post(
Pierre-Yves Chibon 73d120
                "/password/change", data=data, follow_redirects=True
Pierre-Yves Chibon 73d120
            )
Pierre-Yves Chibon 23b43c
            self.assertEqual(output.status_code, 200)
Pierre-Yves Chibon 23b43c
            self.assertIn(
Pierre-Yves Chibon 73d120
                "<title>Home - Pagure</title>", output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
            )
Pierre-Yves Chibon 73d120
            self.assertIn(
Pierre-Yves Chibon 73d120
                "Could not update your password, either user or password "
Pierre-Yves Chibon 73d120
                "could not be checked",
Pierre-Yves Chibon 73d120
                output.get_data(as_text=True),
Pierre-Yves Chibon 73d120
            )
Pierre-Yves Chibon 23b43c
Pierre-Yves Chibon 23b43c
        self.test_new_user()
Pierre-Yves Chibon 23b43c
Pierre-Yves Chibon 23b43c
        # Remove token of foouser
Pierre-Yves Chibon 73d120
        item = pagure.lib.query.search_user(self.session, username="foouser")
Pierre-Yves Chibon 73d120
        self.assertEqual(item.user, "foouser")
Pierre-Yves Chibon 23b43c
        self.assertNotEqual(item.token, None)
Pierre-Yves Chibon 73d120
        self.assertTrue(item.password.startswith("$2$"))
Pierre-Yves Chibon 23b43c
        item.token = None
Pierre-Yves Chibon 23b43c
        self.session.add(item)
Pierre-Yves Chibon 23b43c
        self.session.commit()
Pierre-Yves Chibon 23b43c
Pierre-Yves Chibon 73d120
        user = tests.FakeUser(username="foouser")
Pierre-Yves Chibon b130e5
        with tests.user_set(self.app.application, user):
Pierre-Yves Chibon 73d120
            output = self.app.get("/password/change")
Pierre-Yves Chibon 23b43c
            self.assertEqual(output.status_code, 200)
farhaanbukhsh 19ad5f
            self.assertIn(
Pierre-Yves Chibon 73d120
                "<title>Change password - Pagure</title>",
Pierre-Yves Chibon 73d120
                output.get_data(as_text=True),
Pierre-Yves Chibon 73d120
            )
Pierre-Yves Chibon 23b43c
            self.assertIn(
Pierre-Yves Chibon 73d120
                '<form action="/password/change" method="post">',</form>
Pierre-Yves Chibon 73d120
                output.get_data(as_text=True),
Pierre-Yves Chibon 73d120
            )
Pierre-Yves Chibon 23b43c
Pierre-Yves Chibon 23b43c
            data = {
Pierre-Yves Chibon 73d120
                "old_password": "foo",
Pierre-Yves Chibon 73d120
                "password": "foo",
Pierre-Yves Chibon 73d120
                "confirm_password": "foo",
Pierre-Yves Chibon 23b43c
            }
Pierre-Yves Chibon 23b43c
Pierre-Yves Chibon 23b43c
            # No CSRF token
Pierre-Yves Chibon 73d120
            output = self.app.post("/password/change", data=data)
Pierre-Yves Chibon 23b43c
            self.assertEqual(output.status_code, 200)
farhaanbukhsh 19ad5f
            self.assertIn(
Pierre-Yves Chibon 73d120
                "<title>Change password - Pagure</title>",
Pierre-Yves Chibon 73d120
                output.get_data(as_text=True),
Pierre-Yves Chibon 73d120
            )
Pierre-Yves Chibon 23b43c
            self.assertIn(
Pierre-Yves Chibon 73d120
                '<form action="/password/change" method="post">',</form>
Pierre-Yves Chibon 73d120
                output.get_data(as_text=True),
Pierre-Yves Chibon 73d120
            )
Pierre-Yves Chibon 23b43c
Pierre-Yves Chibon 73d120
            csrf_token = (
Pierre-Yves Chibon 73d120
                output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
                .split('name="csrf_token" type="hidden" value="')[1]
Pierre-Yves Chibon 73d120
                .split('">')[0]
Pierre-Yves Chibon 73d120
            )
Pierre-Yves Chibon 23b43c
Pierre-Yves Chibon 23b43c
            # With CSRF  -  Incorrect password
Pierre-Yves Chibon 73d120
            data["csrf_token"] = csrf_token
Pierre-Yves Chibon 23b43c
            output = self.app.post(
Pierre-Yves Chibon 73d120
                "/password/change", data=data, follow_redirects=True
Pierre-Yves Chibon 73d120
            )
Pierre-Yves Chibon 23b43c
            self.assertEqual(output.status_code, 200)
Pierre-Yves Chibon 23b43c
            self.assertIn(
Pierre-Yves Chibon 73d120
                "<title>Home - Pagure</title>", output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
            )
Pierre-Yves Chibon 73d120
            self.assertIn(
Pierre-Yves Chibon 73d120
                "Could not update your password, either user or password "
Pierre-Yves Chibon 73d120
                "could not be checked",
Pierre-Yves Chibon 73d120
                output.get_data(as_text=True),
Pierre-Yves Chibon 73d120
            )
Pierre-Yves Chibon 23b43c
Pierre-Yves Chibon 23b43c
            # With CSRF  -  Correct password
Pierre-Yves Chibon 73d120
            data["old_password"] = "barpass"
Pierre-Yves Chibon 23b43c
            output = self.app.post(
Pierre-Yves Chibon 73d120
                "/password/change", data=data, follow_redirects=True
Pierre-Yves Chibon 73d120
            )
Pierre-Yves Chibon 23b43c
            self.assertEqual(output.status_code, 200)
Pierre-Yves Chibon 73d120
            self.assertIn(
Pierre-Yves Chibon 73d120
                "<title>Home - Pagure</title>", output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
            )
Pierre-Yves Chibon 73d120
            self.assertIn("Password changed", output.get_data(as_text=True))
Pierre-Yves Chibon 23b43c
Pierre-Yves Chibon 73d120
    @patch.dict("pagure.config.config", {"PAGURE_AUTH": "local"})
Pierre-Yves Chibon d25b69
    def test_logout(self):
Pierre-Yves Chibon d25b69
        """ Test the auth_logout endpoint for local login. """
Pierre-Yves Chibon d25b69
Pierre-Yves Chibon 73d120
        output = self.app.get("/logout/", follow_redirects=True)
Pierre-Yves Chibon d25b69
        self.assertEqual(output.status_code, 200)
Pierre-Yves Chibon 73d120
        self.assertIn(
Pierre-Yves Chibon 73d120
            "<title>Home - Pagure</title>", output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon 73d120
        self.assertNotIn(
Pierre-Yves Chibon 73d120
            "You have been logged out", output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon d25b69
        self.assertIn(
Ryan Lerch ca4b80
            '
Pierre-Yves Chibon 73d120
            'href="/login/?next=http://localhost/">',
Pierre-Yves Chibon 73d120
            output.get_data(as_text=True),
Pierre-Yves Chibon 73d120
        )
Pierre-Yves Chibon d25b69
Pierre-Yves Chibon 73d120
        user = tests.FakeUser(username="foo")
Pierre-Yves Chibon b130e5
        with tests.user_set(self.app.application, user):
Pierre-Yves Chibon 73d120
            output = self.app.get("/logout/", follow_redirects=True)
Pierre-Yves Chibon d25b69
            self.assertEqual(output.status_code, 200)
Pierre-Yves Chibon 73d120
            self.assertIn(
Pierre-Yves Chibon 73d120
                "<title>Home - Pagure</title>", output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
            )
Pierre-Yves Chibon 73d120
            self.assertIn(
Pierre-Yves Chibon 73d120
                "You have been logged out", output.get_data(as_text=True)
Pierre-Yves Chibon 73d120
            )
Pierre-Yves Chibon d25b69
            # Due to the way the tests are running we do not actually
Pierre-Yves Chibon d25b69
            # log out
Pierre-Yves Chibon d25b69
            self.assertIn(
Ryan Lerch 336cd6
                '
Ryan Lerch 336cd6
                'http://localhost/dashboard/projects">Log Out',
Pierre-Yves Chibon 73d120
                output.get_data(as_text=True),
Pierre-Yves Chibon 73d120
            )
Pierre-Yves Chibon d25b69
Pierre-Yves Chibon 73d120
    @patch.dict("pagure.config.config", {"PAGURE_AUTH": "local"})
Pedro Lima 951fd7
    def test_settings_admin_session_timedout(self):
Pedro Lima 951fd7
        """ Test the admin_session_timedout with settings endpoint. """
Pierre-Yves Chibon b130e5
        lifetime = pagure.config.config.get(
Pierre-Yves Chibon 73d120
            "ADMIN_SESSION_LIFETIME", datetime.timedelta(minutes=15)
Pierre-Yves Chibon 73d120
        )
Pedro Lima 951fd7
        td1 = datetime.timedelta(minutes=1)
Pedro Lima 951fd7
        # session already expired
Pierre-Yves Chibon 73d120
        user = tests.FakeUser(username="foo")
Pierre-Yves Chibon 480388
        user.login_time = datetime.datetime.utcnow() - lifetime - td1
Pierre-Yves Chibon b130e5
        with tests.user_set(self.app.application, user):
Pedro Lima 951fd7
            # not following the redirect because user_set contextmanager
Pedro Lima 951fd7
            # will run again for the login page and set back the user
Pedro Lima 951fd7
            # which results in a loop, since admin_session_timedout will
Pedro Lima 951fd7
            # redirect again for the login page
Pierre-Yves Chibon 73d120
            output = self.app.get("/settings/")
Pedro Lima 951fd7
            self.assertEqual(output.status_code, 302)
Pierre-Yves Chibon 73d120
            self.assertIn("http://localhost/login/", output.location)
Pedro Lima 951fd7
        # session did not expire
Pierre-Yves Chibon 480388
        user.login_time = datetime.datetime.utcnow() - lifetime + td1
Pierre-Yves Chibon b130e5
        with tests.user_set(self.app.application, user):
Pierre-Yves Chibon 73d120
            output = self.app.get("/settings/")
Pedro Lima 951fd7
            self.assertEqual(output.status_code, 200)
Pedro Lima 951fd7
Pierre-Yves Chibon 73d120
    @patch("flask.flash")
Pierre-Yves Chibon 73d120
    @patch("flask.g")
Pierre-Yves Chibon 73d120
    @patch("flask.session")
Pierre-Yves Chibon b130e5
    def test_admin_session_timedout(self, session, g, flash):
Pedro Lima 951fd7
        """ Test the call to admin_session_timedout. """
Pierre-Yves Chibon b130e5
        lifetime = pagure.config.config.get(
Pierre-Yves Chibon 73d120
            "ADMIN_SESSION_LIFETIME", datetime.timedelta(minutes=15)
Pierre-Yves Chibon 73d120
        )
Pedro Lima 951fd7
        td1 = datetime.timedelta(minutes=1)
Pedro Lima 951fd7
        # session already expired
Pierre-Yves Chibon 73d120
        user = tests.FakeUser(username="foo")
Pierre-Yves Chibon 480388
        user.login_time = datetime.datetime.utcnow() - lifetime - td1
Pedro Lima 951fd7
        g.fas_user = user
Pierre-Yves Chibon b130e5
        self.assertTrue(pagure.flask_app.admin_session_timedout())
Pedro Lima 951fd7
        # session did not expire
Pierre-Yves Chibon 480388
        user.login_time = datetime.datetime.utcnow() - lifetime + td1
Pedro Lima 951fd7
        g.fas_user = user
Pierre-Yves Chibon b130e5
        self.assertFalse(pagure.flask_app.admin_session_timedout())
Pedro Lima 951fd7
Pierre-Yves Chibon 73d120
    @patch.dict("pagure.config.config", {"PAGURE_AUTH": "local"})
Patrick Uiterwijk ce6d6d
    def test_force_logout(self):
Patrick Uiterwijk ce6d6d
        """ Test forcing logout. """
Pierre-Yves Chibon 73d120
        user = tests.FakeUser(username="foo")
Patrick Uiterwijk ce6d6d
        with tests.user_set(self.app.application, user, keep_get_user=True):
Patrick Uiterwijk ce6d6d
            # Test that accessing settings works
Pierre-Yves Chibon 73d120
            output = self.app.get("/settings")
Patrick Uiterwijk ce6d6d
            self.assertEqual(output.status_code, 200)
Patrick Uiterwijk ce6d6d
Patrick Uiterwijk ce6d6d
            # Now logout everywhere
Pierre-Yves Chibon 73d120
            data = {"csrf_token": self.get_csrf()}
Pierre-Yves Chibon 73d120
            output = self.app.post("/settings/forcelogout/", data=data)
Patrick Uiterwijk ce6d6d
            self.assertEqual(output.status_code, 302)
Pierre-Yves Chibon 73d120
            self.assertEqual(
Pierre-Yves Chibon 73d120
                output.headers["Location"], "http://localhost/settings"
Pierre-Yves Chibon 73d120
            )
Patrick Uiterwijk ce6d6d
Patrick Uiterwijk ce6d6d
            # We should now get redirected to index, because our session became
Patrick Uiterwijk ce6d6d
            # invalid
Pierre-Yves Chibon 73d120
            output = self.app.get("/settings")
Pierre-Yves Chibon 73d120
            self.assertEqual(output.headers["Location"], "http://localhost/")
Patrick Uiterwijk ce6d6d
Patrick Uiterwijk ce6d6d
            # After changing the login_time to now, the session should again be
Patrick Uiterwijk ce6d6d
            # valid
Patrick Uiterwijk ce6d6d
            user.login_time = datetime.datetime.utcnow()
Pierre-Yves Chibon 73d120
            output = self.app.get("/")
Ryan Lerch 336cd6
            self.assertEqual(output.status_code, 302)
Patrick Uiterwijk ce6d6d
Patrick Uiterwijk ce6d6d
Pierre-Yves Chibon 73d120
if __name__ == "__main__":
Pierre-Yves Chibon 393f31
    unittest.main(verbosity=2)