Skip to content
Snippets Groups Projects
Normal view Permalink
test_session.py 6.19 KiB
Newer Older
  • Learn to ignore specific revisions
    • Julian's avatar
    Add a few unit tests as well as integration tests that cover almost all views....
    Julian committed
    1 2 3 
    import time
import unittest
    Julian's avatar
    Replace get_current_user/is_valid_session with request.user  
    Julian committed
    4 
    from flask import url_for, request
    Julian's avatar
    Add a few unit tests as well as integration tests that cover almost all views....
    Julian committed
    5 6 
    
# These imports are required, because otherwise we get circular imports?!
    Julian's avatar
    Move User, Group and Mail models from LDAP to DB  
    Julian committed
    7 
    from uffd import user
    Julian's avatar
    Add a few unit tests as well as integration tests that cover almost all views....
    Julian committed
    8
    Julian's avatar
    Replace get_current_user/is_valid_session with request.user  
    Julian committed
    9 
    from uffd.session.views import login_required
    Julian's avatar
    Implemented device login for OAuth2 authorizations  
    Julian committed
    10 11 
    from uffd.session.models import DeviceLoginConfirmation
from uffd.oauth2.models import OAuth2DeviceLoginInitiation
    Julian's avatar
    Add a few unit tests as well as integration tests that cover almost all views....
    Julian committed
    12 13 14 15 16 17 18 19 20 21 22 23 24 25 
    from uffd import create_app, db

from utils import dump, UffdTestCase

class TestSession(UffdTestCase):
	def setUpApp(self):
		self.app.config['SESSION_LIFETIME_SECONDS'] = 2

		@self.app.route('/test_login_required')
		@login_required()
		def test_login_required():
			return 'SUCCESS', 200

		@self.app.route('/test_group_required1')
    Julian's avatar
    Refactor permission checking and differenciate login and selfservice access  
    Julian committed
    26 
    		@login_required(lambda: request.user.is_in_group('users'))
    Julian's avatar
    Add a few unit tests as well as integration tests that cover almost all views....
    Julian committed
    27 28 29 30 
    		def test_group_required1():
			return 'SUCCESS', 200

		@self.app.route('/test_group_required2')
    Julian's avatar
    Refactor permission checking and differenciate login and selfservice access  
    Julian committed
    31 
    		@login_required(lambda: request.user.is_in_group('notagroup'))
    Julian's avatar
    Add a few unit tests as well as integration tests that cover almost all views....
    Julian committed
    32 33 34 35 36 
    		def test_group_required2():
			return 'SUCCESS', 200

	def setUp(self):
		super().setUp()
    Julian's avatar
    Replace get_current_user/is_valid_session with request.user  
    Julian committed
    37 
    		self.assertIsNone(request.user)
    Julian's avatar
    Add a few unit tests as well as integration tests that cover almost all views....
    Julian committed
    38 39 
    
	def login(self):
    sistason's avatar
    Rework of the tests  
    sistason committed
    40 
    		self.login_as('user')
    Julian's avatar
    Replace get_current_user/is_valid_session with request.user  
    Julian committed
    41 
    		self.assertIsNotNone(request.user)
    Julian's avatar
    Add a few unit tests as well as integration tests that cover almost all views....
    Julian committed
    42
    sistason's avatar
    Rework of the tests  
    sistason committed
    43 
    	def assertLoggedIn(self):
    Julian's avatar
    Replace get_current_user/is_valid_session with request.user  
    Julian committed
    44 
    		self.assertIsNotNone(request.user)
    sistason's avatar
    Rework of the tests  
    sistason committed
    45 46 
    		self.assertEqual(self.client.get(path=url_for('test_login_required'), follow_redirects=True).data, b'SUCCESS')
		self.assertEqual(request.user.loginname, self.get_user().loginname)
    Julian's avatar
    Add a few unit tests as well as integration tests that cover almost all views....
    Julian committed
    47
    sistason's avatar
    Rework of the tests  
    sistason committed
    48 
    	def assertLoggedOut(self):
    Julian's avatar
    Replace get_current_user/is_valid_session with request.user  
    Julian committed
    49 
    		self.assertIsNone(request.user)
    Julian's avatar
    Add a few unit tests as well as integration tests that cover almost all views....
    Julian committed
    50 
    		self.assertNotEqual(self.client.get(path=url_for('test_login_required'),
    sistason's avatar
    Rework of the tests  
    sistason committed
    51 
    							follow_redirects=True).data, b'SUCCESS')
    Julian's avatar
    Replace get_current_user/is_valid_session with request.user  
    Julian committed
    52 
    		self.assertEqual(request.user, None)
    Julian's avatar
    Add a few unit tests as well as integration tests that cover almost all views....
    Julian committed
    53 54 
    
	def test_login(self):
    sistason's avatar
    Rework of the tests  
    sistason committed
    55 
    		self.assertLoggedOut()
    Julian's avatar
    Add a few unit tests as well as integration tests that cover almost all views....
    Julian committed
    56 57 58 
    		r = self.client.get(path=url_for('session.login'), follow_redirects=True)
		dump('login', r)
		self.assertEqual(r.status_code, 200)
    sistason's avatar
    Rework of the tests  
    sistason committed
    59 
    		r = self.login_as('user')
    Julian's avatar
    Add a few unit tests as well as integration tests that cover almost all views....
    Julian committed
    60 61 
    		dump('login_post', r)
		self.assertEqual(r.status_code, 200)
    sistason's avatar
    Rework of the tests  
    sistason committed
    62 
    		self.assertLoggedIn()
    Julian's avatar
    Add a few unit tests as well as integration tests that cover almost all views....
    Julian committed
    63
    Julian's avatar
    Auto-convert loginnames to lowercase on login and password reset  
    Julian committed
    64 65 
    	def test_titlecase_password(self):
		r = self.client.post(path=url_for('session.login'),
    Julian's avatar
    Move User, Group and Mail models from LDAP to DB  
    Julian committed
    66 
    			data={'loginname': self.get_user().loginname.title(), 'password': 'userpassword'}, follow_redirects=True)
    Julian's avatar
    Auto-convert loginnames to lowercase on login and password reset  
    Julian committed
    67 68 69 
    		self.assertEqual(r.status_code, 200)
		self.assertLoggedIn()
    Julian's avatar
    Add a few unit tests as well as integration tests that cover almost all views....
    Julian committed
    70 
    	def test_redirect(self):
    sistason's avatar
    Rework of the tests  
    sistason committed
    71 
    		r = self.login_as('user', ref=url_for('test_login_required'))
    Julian's avatar
    Add a few unit tests as well as integration tests that cover almost all views....
    Julian committed
    72 73 74 75 76 
    		self.assertEqual(r.status_code, 200)
		self.assertEqual(r.data, b'SUCCESS')

	def test_wrong_password(self):
		r = self.client.post(path=url_for('session.login'),
    Julian's avatar
    Move User, Group and Mail models from LDAP to DB  
    Julian committed
    77 
    							data={'loginname': self.get_user().loginname, 'password': 'wrongpassword'},
    sistason's avatar
    Rework of the tests  
    sistason committed
    78 
    							follow_redirects=True)
    Julian's avatar
    Add a few unit tests as well as integration tests that cover almost all views....
    Julian committed
    79 80 
    		dump('login_wrong_password', r)
		self.assertEqual(r.status_code, 200)
    sistason's avatar
    Rework of the tests  
    sistason committed
    81 
    		self.assertLoggedOut()
    Julian's avatar
    Add a few unit tests as well as integration tests that cover almost all views....
    Julian committed
    82 83 84 
    
	def test_empty_password(self):
		r = self.client.post(path=url_for('session.login'),
    Julian's avatar
    Move User, Group and Mail models from LDAP to DB  
    Julian committed
    85 
    			data={'loginname': self.get_user().loginname, 'password': ''}, follow_redirects=True)
    Julian's avatar
    Add a few unit tests as well as integration tests that cover almost all views....
    Julian committed
    86 87 
    		dump('login_empty_password', r)
		self.assertEqual(r.status_code, 200)
    sistason's avatar
    Rework of the tests  
    sistason committed
    88 
    		self.assertLoggedOut()
    Julian's avatar
    Add a few unit tests as well as integration tests that cover almost all views....
    Julian committed
    89
    Julian's avatar
    Catch LDAPSASLPrepError on login  
    Julian committed
    90 91 92 
    	# Regression test for #100 (uncatched LDAPSASLPrepError)
	def test_saslprep_invalid_password(self):
		r = self.client.post(path=url_for('session.login'),
    Julian's avatar
    Move User, Group and Mail models from LDAP to DB  
    Julian committed
    93 
    			data={'loginname': 'testuser', 'password': 'wrongpassword\n'}, follow_redirects=True)
    Julian's avatar
    Catch LDAPSASLPrepError on login  
    Julian committed
    94 95 96 97 
    		dump('login_saslprep_invalid_password', r)
		self.assertEqual(r.status_code, 200)
		self.assertLoggedOut()
    Julian's avatar
    Add a few unit tests as well as integration tests that cover almost all views....
    Julian committed
    98 99 
    	def test_wrong_user(self):
		r = self.client.post(path=url_for('session.login'),
    Julian's avatar
    Move User, Group and Mail models from LDAP to DB  
    Julian committed
    100 
    							data={'loginname': 'nouser', 'password': 'userpassword'},
    sistason's avatar
    Rework of the tests  
    sistason committed
    101 
    							follow_redirects=True)
    Julian's avatar
    Add a few unit tests as well as integration tests that cover almost all views....
    Julian committed
    102 103 
    		dump('login_wrong_user', r)
		self.assertEqual(r.status_code, 200)
    sistason's avatar
    Rework of the tests  
    sistason committed
    104 
    		self.assertLoggedOut()
    Julian's avatar
    Add a few unit tests as well as integration tests that cover almost all views....
    Julian committed
    105 106 107 
    
	def test_empty_user(self):
		r = self.client.post(path=url_for('session.login'),
    Julian's avatar
    Move User, Group and Mail models from LDAP to DB  
    Julian committed
    108 
    			data={'loginname': '', 'password': 'userpassword'}, follow_redirects=True)
    Julian's avatar
    Add a few unit tests as well as integration tests that cover almost all views....
    Julian committed
    109 110 
    		dump('login_empty_user', r)
		self.assertEqual(r.status_code, 200)
    sistason's avatar
    Rework of the tests  
    sistason committed
    111 
    		self.assertLoggedOut()
    Julian's avatar
    Add a few unit tests as well as integration tests that cover almost all views....
    Julian committed
    112 113 114 115 116 117 
    
	def test_no_access(self):
		r = self.client.post(path=url_for('session.login'),
			data={'loginname': 'testservice', 'password': 'servicepassword'}, follow_redirects=True)
		dump('login_no_access', r)
		self.assertEqual(r.status_code, 200)
    sistason's avatar
    Rework of the tests  
    sistason committed
    118 
    		self.assertLoggedOut()
    Julian's avatar
    Add a few unit tests as well as integration tests that cover almost all views....
    Julian committed
    119 120 121 122 
    
	def test_group_required(self):
		self.login()
		self.assertEqual(self.client.get(path=url_for('test_group_required1'),
    sistason's avatar
    Rework of the tests  
    sistason committed
    123 
    										follow_redirects=True).data, b'SUCCESS')
    Julian's avatar
    Add a few unit tests as well as integration tests that cover almost all views....
    Julian committed
    124 
    		self.assertNotEqual(self.client.get(path=url_for('test_group_required2'),
    sistason's avatar
    Rework of the tests  
    sistason committed
    125 
    											follow_redirects=True).data, b'SUCCESS')
    Julian's avatar
    Add a few unit tests as well as integration tests that cover almost all views....
    Julian committed
    126 127 128 129 130 131 
    
	def test_logout(self):
		self.login()
		r = self.client.get(path=url_for('session.logout'), follow_redirects=True)
		dump('logout', r)
		self.assertEqual(r.status_code, 200)
    sistason's avatar
    Rework of the tests  
    sistason committed
    132 
    		self.assertLoggedOut()
    Julian's avatar
    Add a few unit tests as well as integration tests that cover almost all views....
    Julian committed
    133 134 135 136 137 
    
	@unittest.skip('See #29')
	def test_timeout(self):
		self.login()
		time.sleep(3)
    sistason's avatar
    Rework of the tests  
    sistason committed
    138 
    		self.assertLoggedOut()
    Julian's avatar
    Add a few unit tests as well as integration tests that cover almost all views....
    Julian committed
    139 140 141 142 
    
	def test_ratelimit(self):
		for i in range(20):
			self.client.post(path=url_for('session.login'),
    Julian's avatar
    Move User, Group and Mail models from LDAP to DB  
    Julian committed
    143 
    							data={'loginname': self.get_user().loginname,
    sistason's avatar
    Rework of the tests  
    sistason committed
    144 145 
    								'password': 'wrongpassword_%i'%i}, follow_redirects=True)
		r = self.login_as('user')
    Julian's avatar
    Add a few unit tests as well as integration tests that cover almost all views....
    Julian committed
    146 147 
    		dump('login_ratelimit', r)
		self.assertEqual(r.status_code, 200)
    Julian's avatar
    Replace get_current_user/is_valid_session with request.user  
    Julian committed
    148 
    		self.assertIsNone(request.user)
    Julian's avatar
    Add OpenLDAP support in unit tests  
    Julian committed
    149
    Julian's avatar
    Implemented device login for OAuth2 authorizations  
    Julian committed
    150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 
    	def test_deviceauth(self):
		self.app.config['OAUTH2_CLIENTS'] = {
			'test': {'client_secret': 'testsecret', 'redirect_uris': ['http://localhost:5009/callback', 'http://localhost:5009/callback2']},
		}
		initiation = OAuth2DeviceLoginInitiation(oauth2_client_id='test')
		db.session.add(initiation)
		db.session.commit()
		code = initiation.code
		self.login()
		r = self.client.get(path=url_for('session.deviceauth'), follow_redirects=True)
		dump('deviceauth', r)
		self.assertEqual(r.status_code, 200)
		r = self.client.get(path=url_for('session.deviceauth', **{'initiation-code': code}), follow_redirects=True)
		dump('deviceauth_check', r)
		self.assertEqual(r.status_code, 200)
		self.assertIn(b'test', r.data)
		r = self.client.post(path=url_for('session.deviceauth_submit'), data={'initiation-code': code}, follow_redirects=True)
		dump('deviceauth_submit', r)
		self.assertEqual(r.status_code, 200)
		initiation = OAuth2DeviceLoginInitiation.query.filter_by(code=code).one()
		self.assertEqual(len(initiation.confirmations), 1)
		self.assertEqual(initiation.confirmations[0].user.loginname, 'testuser')
		self.assertIn(initiation.confirmations[0].code.encode(), r.data)
		r = self.client.get(path=url_for('session.deviceauth_finish'), follow_redirects=True)
		self.assertEqual(r.status_code, 200)
		self.assertEqual(DeviceLoginConfirmation.query.all(), [])

    Impressum - Datenschutzerklärung