150 lines
6.1 KiB
Python
150 lines
6.1 KiB
Python
# authentic2 - versatile identity manager
|
|
# Copyright (C) 2010-2019 Entr'ouvert
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify it
|
|
# under the terms of the GNU Affero General Public License as published
|
|
# by the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU Affero General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU Affero General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
# authentic2
|
|
|
|
from utils import login, logout, get_link_from_mail
|
|
import pytest
|
|
|
|
from django.core.urlresolvers import reverse
|
|
from django.utils.html import escape
|
|
from django.utils.six.moves.urllib.parse import urlparse
|
|
|
|
from authentic2.custom_user.models import User
|
|
|
|
pytestmark = pytest.mark.django_db
|
|
|
|
|
|
def test_profile(app, simple_user):
|
|
page = login(app, simple_user, path=reverse('account_management'))
|
|
assert simple_user.first_name in page
|
|
assert simple_user.last_name in page
|
|
|
|
|
|
def test_password_change(app, simple_user):
|
|
page = login(app, simple_user, path=reverse('auth_password_change'))
|
|
page = page.form.submit('cancel').follow()
|
|
|
|
|
|
def test_account_delete(app, simple_user, mailoutbox):
|
|
assert simple_user.is_active
|
|
assert not len(mailoutbox)
|
|
page = login(app, simple_user, path=reverse('delete_account'))
|
|
page.form.submit(name='submit').follow()
|
|
assert len(mailoutbox) == 1
|
|
link = get_link_from_mail(mailoutbox[0])
|
|
assert 'Validate account deletion request on testserver' == mailoutbox[0].subject
|
|
assert [simple_user.email] == mailoutbox[0].to
|
|
page = app.get(link)
|
|
# FIXME: webtest does not set the Referer header, so the logout page will always ask for
|
|
# confirmation under tests
|
|
response = page.form.submit(name='delete').follow()
|
|
response = response.form.submit()
|
|
assert not User.objects.get(pk=simple_user.pk).is_active
|
|
assert len(mailoutbox) == 2
|
|
assert 'Account deletion on testserver' == mailoutbox[1].subject
|
|
assert [simple_user.email] == mailoutbox[0].to
|
|
assert urlparse(response.location).path == '/'
|
|
response = response.follow().follow()
|
|
assert response.request.url.endswith('/login/?next=/')
|
|
|
|
|
|
def test_account_delete_when_logged_out(app, simple_user, mailoutbox):
|
|
assert simple_user.is_active
|
|
assert not len(mailoutbox)
|
|
page = login(app, simple_user, path=reverse('delete_account'))
|
|
page.form.submit(name='submit').follow()
|
|
assert len(mailoutbox) == 1
|
|
link = get_link_from_mail(mailoutbox[0])
|
|
logout(app)
|
|
page = app.get(link)
|
|
assert 'You are about to delete the account of <strong>%s</strong>.' % \
|
|
escape(simple_user.get_full_name()) in page.text
|
|
response = page.form.submit(name='delete').follow().follow()
|
|
assert not User.objects.get(pk=simple_user.pk).is_active
|
|
assert len(mailoutbox) == 2
|
|
assert 'Account deletion on testserver' == mailoutbox[1].subject
|
|
assert [simple_user.email] == mailoutbox[0].to
|
|
assert "Deletion performed" in response.text
|
|
|
|
|
|
def test_account_delete_by_other_user(app, simple_user, user_ou1, mailoutbox):
|
|
assert simple_user.is_active
|
|
assert user_ou1.is_active
|
|
assert not len(mailoutbox)
|
|
page = login(app, simple_user, path=reverse('delete_account'))
|
|
page.form.submit(name='submit').follow()
|
|
assert len(mailoutbox) == 1
|
|
link = get_link_from_mail(mailoutbox[0])
|
|
logout(app)
|
|
login(app, user_ou1, path=reverse('account_management'))
|
|
page = app.get(link)
|
|
assert 'You are about to delete the account of <strong>%s</strong>.' % \
|
|
escape(simple_user.get_full_name()) in page.text
|
|
response = page.form.submit(name='delete').follow()
|
|
assert not User.objects.get(pk=simple_user.pk).is_active
|
|
assert User.objects.get(pk=user_ou1.pk).is_active
|
|
assert "Deletion performed" in response.text
|
|
assert len(mailoutbox) == 2
|
|
assert 'Account deletion on testserver' == mailoutbox[1].subject
|
|
assert [simple_user.email] == mailoutbox[0].to
|
|
|
|
|
|
def test_account_delete_fake_token(app, simple_user, mailoutbox):
|
|
response = app.get(reverse('validate_deletion', kwargs={'deletion_token': 'thisismostlikelynotavalidtoken'})).follow().follow()
|
|
assert "The account deletion request is invalid, try again" in response.text
|
|
|
|
|
|
def test_account_delete_expired_token(app, simple_user, mailoutbox, freezer):
|
|
freezer.move_to('2019-08-01')
|
|
page = login(app, simple_user, path=reverse('delete_account'))
|
|
page.form.submit(name='submit').follow()
|
|
freezer.move_to('2019-08-04') # Too late...
|
|
link = get_link_from_mail(mailoutbox[0])
|
|
response = app.get(link).follow()
|
|
assert "The account deletion request is too old, try again" in response.text
|
|
|
|
|
|
def test_account_delete_valid_token_unexistent_user(app, simple_user, mailoutbox):
|
|
page = login(app, simple_user, path=reverse('delete_account'))
|
|
page.form.submit(name='submit').follow()
|
|
link = get_link_from_mail(mailoutbox[0])
|
|
simple_user.delete()
|
|
response = app.get(link).follow().follow()
|
|
assert 'This account has previously been deleted.' in response.text
|
|
|
|
|
|
def test_account_delete_valid_token_inactive_user(app, simple_user, mailoutbox):
|
|
page = login(app, simple_user, path=reverse('delete_account'))
|
|
page.form.submit(name='submit').follow()
|
|
link = get_link_from_mail(mailoutbox[0])
|
|
simple_user.is_active = False
|
|
simple_user.save()
|
|
response = app.get(link).follow()
|
|
assert "This account had previously been deactivated" in response.text
|
|
|
|
|
|
def test_login_invalid_next(app):
|
|
app.get(reverse('auth_login') + '?next=plop')
|
|
|
|
|
|
def test_custom_account(settings, app, simple_user):
|
|
response = login(app, simple_user, path=reverse('account_management'))
|
|
assert response.status_code == 200
|
|
settings.A2_ACCOUNTS_URL = 'http://combo/account/'
|
|
response = app.get(reverse('account_management'))
|
|
assert response.status_code == 302
|
|
assert response['Location'] == settings.A2_ACCOUNTS_URL
|