906 lines
33 KiB
Python
906 lines
33 KiB
Python
# authentic2 - versatile identity manager
|
|
# Copyright (C) 2010-2019 Entr'ouvert
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify it
|
|
# under the terms of the GNU Affero General Public License as published
|
|
# by the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU Affero General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU Affero General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
from datetime import date
|
|
from unittest import mock
|
|
from urllib.parse import urlparse
|
|
|
|
from django.contrib.auth import REDIRECT_FIELD_NAME, get_user_model
|
|
from django.urls import reverse
|
|
from django.utils.http import urlquote
|
|
|
|
from authentic2 import models
|
|
from authentic2.apps.journal.models import Event
|
|
from authentic2.utils import misc as utils_misc
|
|
from authentic2.validators import EmailValidator
|
|
|
|
from .utils import assert_event, get_link_from_mail
|
|
|
|
User = get_user_model()
|
|
|
|
|
|
def test_registration_success(app, db, settings, mailoutbox, external_redirect):
|
|
next_url, good_next_url = external_redirect
|
|
|
|
settings.LANGUAGE_CODE = 'en-us'
|
|
settings.DEFAULT_FROM_EMAIL = 'show only addr <noreply@example.net>'
|
|
|
|
# disable existing attributes
|
|
models.Attribute.objects.update(disabled=True)
|
|
|
|
url = utils_misc.make_url('registration_register', params={REDIRECT_FIELD_NAME: next_url})
|
|
response = app.get(url)
|
|
response.form.set('email', 'testbot@entrouvert.com')
|
|
response = response.form.submit()
|
|
|
|
assert_event('user.registration.request', email='testbot@entrouvert.com')
|
|
assert urlparse(response['Location']).path == reverse('registration_complete')
|
|
if not good_next_url:
|
|
assert not urlparse(response['Location']).query
|
|
|
|
response = response.follow()
|
|
if good_next_url:
|
|
assert response.pyquery('a[href="%s"]' % next_url)
|
|
else:
|
|
assert response.pyquery('a[href="/"]')
|
|
|
|
assert 'Follow the instructions' in response.text
|
|
assert 'testbot@entrouvert.com' in response.text
|
|
assert 'considered as spam' in response.text
|
|
assert '"noreply@example.net"' in response.text
|
|
assert 'show only addr' not in response.text
|
|
assert len(mailoutbox) == 1
|
|
|
|
link = get_link_from_mail(mailoutbox[0])
|
|
|
|
# test password validation
|
|
response = app.get(link)
|
|
response.form.set('password1', 'toto')
|
|
response.form.set('password2', 'toto')
|
|
response = response.form.submit()
|
|
assert '8 characters' in response.text
|
|
|
|
# set valid password
|
|
response.form.set('password1', 'T0==toto')
|
|
response.form.set('password2', 'T0==toto')
|
|
response = response.form.submit().maybe_follow()
|
|
if good_next_url:
|
|
assert 'You have just created an account.' in response.text
|
|
assert next_url in response.text
|
|
assert response.request.path == '/continue/'
|
|
else:
|
|
assert response.request.path == '/'
|
|
assert 'You have just created an account.' in response.text
|
|
assert User.objects.count() == 1
|
|
assert len(mailoutbox) == 2
|
|
assert 'was successful' in mailoutbox[1].body
|
|
|
|
new_user = User.objects.get()
|
|
assert_event('user.registration', user=new_user, how='email')
|
|
assert not Event.objects.filter(type__name='user.login').exists()
|
|
assert new_user.email == 'testbot@entrouvert.com'
|
|
assert new_user.username is None
|
|
assert new_user.check_password('T0==toto')
|
|
assert new_user.is_active
|
|
assert not new_user.is_staff
|
|
assert not new_user.is_superuser
|
|
assert str(app.session['_auth_user_id']) == str(new_user.pk)
|
|
|
|
response = app.get('/login/')
|
|
response.form.set('username', 'testbot@entrouvert.com')
|
|
response.form.set('password', 'T0==toto')
|
|
response = response.form.submit(name='login-password-submit')
|
|
assert urlparse(response['Location']).path == reverse('auth_homepage')
|
|
|
|
|
|
def test_registration_realm(app, db, settings, mailoutbox):
|
|
settings.LANGUAGE_CODE = 'en-us'
|
|
settings.A2_REGISTRATION_REALM = 'realm'
|
|
settings.A2_REDIRECT_WHITELIST = ['http://relying-party.org/']
|
|
settings.A2_REQUIRED_FIELDS = ['username']
|
|
|
|
# disable existing attributes
|
|
models.Attribute.objects.update(disabled=True)
|
|
|
|
next_url = 'http://relying-party.org/'
|
|
url = utils_misc.make_url('registration_register', params={REDIRECT_FIELD_NAME: next_url})
|
|
|
|
response = app.get(url)
|
|
response.form.set('email', 'testbot@entrouvert.com')
|
|
response = response.form.submit()
|
|
|
|
assert urlparse(response['Location']).path == reverse('registration_complete')
|
|
|
|
response = response.follow()
|
|
assert 'Follow the instructions' in response.text
|
|
assert 'testbot@entrouvert.com' in response.text
|
|
assert len(mailoutbox) == 1
|
|
|
|
link = get_link_from_mail(mailoutbox[0])
|
|
|
|
# register
|
|
response = app.get(link)
|
|
response.form.set('username', 'toto')
|
|
response.form.set('password1', 'T0==toto')
|
|
response.form.set('password2', 'T0==toto')
|
|
response = response.form.submit().follow()
|
|
assert 'You have just created an account.' in response.text
|
|
assert next_url in response.text
|
|
assert len(mailoutbox) == 2
|
|
assert 'was successful' in mailoutbox[1].body
|
|
|
|
# verify user has expected attributes
|
|
new_user = User.objects.get()
|
|
assert new_user.username == 'toto@realm'
|
|
assert new_user.email == 'testbot@entrouvert.com'
|
|
assert new_user.check_password('T0==toto')
|
|
assert new_user.is_active
|
|
assert not new_user.is_staff
|
|
assert not new_user.is_superuser
|
|
assert str(app.session['_auth_user_id']) == str(new_user.pk)
|
|
|
|
# test login
|
|
response = app.get('/login/')
|
|
response.form.set('username', 'testbot@entrouvert.com')
|
|
response.form.set('password', 'T0==toto')
|
|
response = response.form.submit(name='login-password-submit')
|
|
assert urlparse(response['Location']).path == reverse('auth_homepage')
|
|
|
|
|
|
def test_registration_email_validation(app, db, monkeypatch, settings):
|
|
settings.A2_VALIDATE_EMAIL_DOMAIN = True
|
|
monkeypatch.setattr(EmailValidator, 'query_mxs', lambda x, y: ['mx1.entrouvert.org'])
|
|
|
|
resp = app.get(reverse('registration_register'))
|
|
resp.form.set('email', 'testbot@entrouvert.com')
|
|
resp = resp.form.submit().follow()
|
|
assert 'Follow the instructions' in resp.text
|
|
|
|
monkeypatch.setattr(EmailValidator, 'query_mxs', lambda x, y: [])
|
|
resp = app.get(reverse('registration_register'))
|
|
resp.form.set('email', 'testbot@entrouvert.com')
|
|
resp = resp.form.submit()
|
|
assert 'domain is invalid' in resp.text
|
|
|
|
|
|
def test_username_settings(app, db, settings, mailoutbox):
|
|
settings.LANGUAGE_CODE = 'en-us'
|
|
settings.A2_REGISTRATION_FORM_USERNAME_REGEX = r'^(ab)+$'
|
|
settings.A2_REGISTRATION_FORM_USERNAME_LABEL = 'Identifiant'
|
|
settings.A2_REGISTRATION_FORM_USERNAME_HELP_TEXT = 'Bien remplir'
|
|
settings.A2_REGISTRATION_FIELDS = ['username']
|
|
settings.A2_REQUIRED_FIELDS = ['username']
|
|
|
|
# disable existing attributes
|
|
models.Attribute.objects.update(disabled=True)
|
|
|
|
response = app.get(reverse('registration_register'))
|
|
response.form.set('email', 'testbot@entrouvert.com')
|
|
response = response.form.submit()
|
|
assert urlparse(response['Location']).path == reverse('registration_complete')
|
|
|
|
response = response.follow()
|
|
assert 'Follow the instructions' in response.text
|
|
assert 'testbot@entrouvert.com' in response.text
|
|
assert len(mailoutbox) == 1
|
|
link = get_link_from_mail(mailoutbox[0])
|
|
|
|
# register
|
|
response = app.get(link)
|
|
|
|
# check form render has changed
|
|
assert response.pyquery('[for=id_username]').text() == 'Identifiant:'
|
|
for key in ['username', 'password1', 'password2']:
|
|
assert response.pyquery('[for=id_%s]' % key)
|
|
assert response.pyquery('[for=id_%s]' % key).attr('class') == 'form-field-required'
|
|
|
|
assert response.pyquery('#id_username').next('.hint').text() == 'Bien remplir'
|
|
assert not response.pyquery('.errorlist')
|
|
|
|
# check username is validated using regexp
|
|
response.form.set('username', 'abx')
|
|
response.form.set('password1', 'T0==toto')
|
|
response.form.set('password2', 'T0==toto')
|
|
response = response.form.submit()
|
|
|
|
assert 'Enter a valid value' in response.text
|
|
|
|
# check regexp accepts some valid values
|
|
response.form.set('username', 'abab')
|
|
response.form.set('password1', 'T0==toto')
|
|
response.form.set('password2', 'T0==toto')
|
|
response = response.form.submit()
|
|
assert urlparse(response['Location']).path == reverse('auth_homepage')
|
|
response = response.follow()
|
|
assert 'You have just created an account.' in response.text
|
|
assert len(mailoutbox) == 2
|
|
assert 'was successful' in mailoutbox[1].body
|
|
|
|
|
|
def test_username_is_unique(app, db, settings, mailoutbox):
|
|
settings.LANGUAGE_CODE = 'en-us'
|
|
settings.A2_REGISTRATION_FIELDS = ['username']
|
|
settings.A2_REQUIRED_FIELDS = ['username']
|
|
settings.A2_USERNAME_IS_UNIQUE = True
|
|
|
|
# disable existing attributes
|
|
models.Attribute.objects.update(disabled=True)
|
|
|
|
response = app.get(reverse('registration_register'))
|
|
response.form.set('email', 'testbot@entrouvert.com')
|
|
response = response.form.submit()
|
|
assert urlparse(response['Location']).path == reverse('registration_complete')
|
|
|
|
response = response.follow()
|
|
assert 'Follow the instructions' in response.text
|
|
assert 'testbot@entrouvert.com' in response.text
|
|
assert len(mailoutbox) == 1
|
|
|
|
link = get_link_from_mail(mailoutbox[0])
|
|
|
|
response = app.get(link)
|
|
response.form.set('username', 'john.doe')
|
|
response.form.set('password1', 'T0==toto')
|
|
response.form.set('password2', 'T0==toto')
|
|
response = response.form.submit()
|
|
assert urlparse(response['Location']).path == reverse('auth_homepage')
|
|
response = response.follow()
|
|
assert 'You have just created an account.' in response.text
|
|
assert len(mailoutbox) == 2
|
|
assert 'was successful' in mailoutbox[1].body
|
|
|
|
# logout
|
|
app.session.flush()
|
|
|
|
# try again
|
|
response = app.get(reverse('registration_register'))
|
|
response.form.set('email', 'testbot@entrouvert.com')
|
|
response = response.form.submit()
|
|
link = get_link_from_mail(mailoutbox[2])
|
|
|
|
response = app.get(link)
|
|
response = response.click('create')
|
|
|
|
response.form.set('username', 'john.doe')
|
|
response.form.set('password1', 'T0==toto')
|
|
response.form.set('password2', 'T0==toto')
|
|
response = response.form.submit()
|
|
assert 'This username is already in use. Please supply a different username.' in response.text
|
|
|
|
|
|
def test_email_is_unique(app, db, settings, mailoutbox):
|
|
settings.LANGUAGE_CODE = 'en-us'
|
|
settings.A2_EMAIL_IS_UNIQUE = True
|
|
|
|
# disable existing attributes
|
|
models.Attribute.objects.update(disabled=True)
|
|
|
|
response = app.get(reverse('registration_register'))
|
|
response.form.set('email', 'testbot@entrouvert.com')
|
|
response = response.form.submit()
|
|
assert urlparse(response['Location']).path == reverse('registration_complete')
|
|
|
|
response = response.follow()
|
|
assert 'Follow the instructions' in response.text
|
|
assert 'testbot@entrouvert.com' in response.text
|
|
assert len(mailoutbox) == 1
|
|
|
|
link = get_link_from_mail(mailoutbox[0])
|
|
|
|
response = app.get(link)
|
|
response.form.set('password1', 'T0==toto')
|
|
response.form.set('password2', 'T0==toto')
|
|
response = response.form.submit()
|
|
assert urlparse(response['Location']).path == reverse('auth_homepage')
|
|
response = response.follow()
|
|
assert 'You have just created an account.' in response.text
|
|
assert len(mailoutbox) == 2
|
|
assert 'was successful' in mailoutbox[1].body
|
|
|
|
# logout
|
|
app.session.flush()
|
|
|
|
response = app.get(reverse('registration_register'))
|
|
response.form.set('email', 'testbot@entrouvert.com')
|
|
response = response.form.submit()
|
|
assert urlparse(response['Location']).path == reverse('registration_complete')
|
|
|
|
response = response.follow()
|
|
assert 'Follow the instructions' in response.text
|
|
assert 'testbot@entrouvert.com' in response.text
|
|
assert not 'This email address is already in use.' in response.text
|
|
assert len(mailoutbox) == 3
|
|
assert 'You already have' in mailoutbox[2].body
|
|
|
|
|
|
def test_attribute_model(app, db, settings, mailoutbox):
|
|
settings.LANGUAGE_CODE = 'en-us'
|
|
# disable existing attributes
|
|
models.Attribute.objects.update(disabled=True)
|
|
|
|
models.Attribute.objects.create(label='Prénom', name='prenom', required=True, kind='string')
|
|
models.Attribute.objects.create(
|
|
label='Nom', name='nom', asked_on_registration=True, user_visible=True, kind='string'
|
|
)
|
|
models.Attribute.objects.create(label='Profession', name='profession', user_editable=True, kind='string')
|
|
|
|
response = app.get(reverse('registration_register'))
|
|
response.form.set('email', 'testbot@entrouvert.com')
|
|
response = response.form.submit()
|
|
assert urlparse(response['Location']).path == reverse('registration_complete')
|
|
|
|
response = response.follow()
|
|
assert 'Follow the instructions' in response.text
|
|
assert 'testbot@entrouvert.com' in response.text
|
|
assert len(mailoutbox) == 1
|
|
|
|
link = get_link_from_mail(mailoutbox[0])
|
|
|
|
response = app.get(link)
|
|
|
|
for key in ['prenom', 'nom', 'password1', 'password2']:
|
|
assert response.pyquery('#id_%s' % key)
|
|
|
|
response.form.set('prenom', 'John')
|
|
response.form.set('nom', 'Doe')
|
|
response.form.set('password1', 'T0==toto')
|
|
response.form.set('password2', 'T0==toto')
|
|
response = response.form.submit()
|
|
assert urlparse(response['Location']).path == reverse('auth_homepage')
|
|
response = response.follow()
|
|
assert 'You have just created an account.' in response.text
|
|
assert len(mailoutbox) == 2
|
|
assert 'was successful' in mailoutbox[1].body
|
|
|
|
response = app.get(reverse('account_management'))
|
|
|
|
assert 'Nom' in response.text
|
|
assert 'Prénom' not in response.text
|
|
|
|
response = app.get(reverse('profile_edit'))
|
|
assert 'profession' in response.form.fields
|
|
assert 'prenom' not in response.form.fields
|
|
assert 'nom' not in response.form.fields
|
|
|
|
assert response.pyquery('[for=id_profession]')
|
|
assert not response.pyquery('[for=id_profession].form-field-required')
|
|
response.form.set('profession', 'pompier')
|
|
response = response.form.submit()
|
|
assert urlparse(response['Location']).path == reverse('account_management')
|
|
|
|
response = response.follow()
|
|
|
|
assert 'Nom' in response.text
|
|
assert 'Doe' in response.text
|
|
assert 'Profession' not in response.text
|
|
assert 'pompier' not in response.text
|
|
assert 'Prénom' not in response.text
|
|
assert 'John' not in response.text
|
|
|
|
|
|
def test_registration_email_blacklist(app, settings, db):
|
|
def test_register(email):
|
|
response = app.get('/register/')
|
|
assert 'email' in response.form.fields
|
|
response.form.set('email', email)
|
|
response = response.form.submit()
|
|
return response.status_code == 302
|
|
|
|
settings.A2_REGISTRATION_EMAIL_BLACKLIST = [r'a*@example\.com']
|
|
assert not test_register('aaaa@example.com')
|
|
assert test_register('aaaa@example.com.zob')
|
|
assert test_register('baaaa@example.com')
|
|
settings.A2_REGISTRATION_EMAIL_BLACKLIST = [r'a*@example\.com', r'^ba*@example\.com$']
|
|
assert not test_register('aaaa@example.com')
|
|
assert not test_register('baaaa@example.com')
|
|
assert test_register('bbaaaa@example.com')
|
|
|
|
|
|
def test_registration_bad_email(app, db, settings):
|
|
settings.LANGUAGE_CODE = 'en-us'
|
|
|
|
response = app.post(reverse('registration_register'), params={'email': 'fred@0d..be'}, status=200)
|
|
assert 'Enter a valid email address.' in response.context['form'].errors['email']
|
|
|
|
response = app.post(reverse('registration_register'), params={'email': 'ééééé'}, status=200)
|
|
assert 'Enter a valid email address.' in response.context['form'].errors['email']
|
|
|
|
response = app.post(reverse('registration_register'), params={'email': ''}, status=200)
|
|
assert 'This field is required.' in response.context['form'].errors['email']
|
|
|
|
|
|
def test_registration_confirm_data(app, settings, db, rf):
|
|
# make first name not required
|
|
models.Attribute.objects.filter(name='first_name').update(required=False)
|
|
|
|
activation_url = utils_misc.build_activation_url(
|
|
rf.post('/register/'),
|
|
email='john.doe@example.com',
|
|
next_url='/',
|
|
first_name='John',
|
|
last_name='Doe',
|
|
no_password=True,
|
|
confirm_data=False,
|
|
)
|
|
|
|
response = app.get(activation_url, status=302)
|
|
|
|
activation_url = utils_misc.build_activation_url(
|
|
rf.post('/register/'),
|
|
email='john.doe@example.com',
|
|
next_url='/',
|
|
last_name='Doe',
|
|
no_password=True,
|
|
confirm_data=False,
|
|
)
|
|
|
|
response = app.get(activation_url, status=200)
|
|
assert 'form' in response.context
|
|
assert set(response.context['form'].fields.keys()) == {'first_name', 'last_name'}
|
|
|
|
activation_url = utils_misc.build_activation_url(
|
|
rf.post('/register/'),
|
|
email='john.doe@example.com',
|
|
next_url='/',
|
|
last_name='Doe',
|
|
no_password=True,
|
|
confirm_data='required',
|
|
)
|
|
response = app.get(activation_url, status=302)
|
|
|
|
|
|
def test_revalidate_email(app, rf, db, settings, mailoutbox):
|
|
settings.LANGUAGE_CODE = 'en-us'
|
|
|
|
# disable existing attributes
|
|
models.Attribute.objects.update(disabled=True)
|
|
url = utils_misc.build_activation_url(
|
|
rf.get('/'), 'testbot@entrouvert.com', next_url=None, valid_email=False, franceconnect=True
|
|
)
|
|
|
|
assert len(mailoutbox) == 0
|
|
# register
|
|
response = app.get(url)
|
|
response.form.set('email', 'johndoe@example.com')
|
|
response.form.set('password1', 'T0==toto')
|
|
response.form.set('password2', 'T0==toto')
|
|
response = response.form.submit()
|
|
assert urlparse(response['Location']).path == reverse('registration_complete')
|
|
response = response.follow()
|
|
assert 'Follow the instructions' in response.text
|
|
assert 'johndoe@example.com' in response.text
|
|
assert len(mailoutbox) == 1
|
|
|
|
|
|
def test_email_is_unique_multiple_objects_returned(app, db, settings, mailoutbox, rf):
|
|
settings.LANGUAGE_CODE = 'en-us'
|
|
settings.A2_REGISTRATION_EMAIL_IS_UNIQUE = True
|
|
|
|
# Create two user objects
|
|
User.objects.create(email='testbot@entrouvert.com')
|
|
User.objects.create(email='testbot@entrouvert.com')
|
|
|
|
url = utils_misc.build_activation_url(
|
|
rf.get('/'),
|
|
'testbot@entrouvert.com',
|
|
first_name='Test',
|
|
last_name='Bot',
|
|
password='ABcd12345',
|
|
next_url=None,
|
|
valid_email=False,
|
|
franceconnect=True,
|
|
)
|
|
|
|
response = app.get(url)
|
|
assert 'This email address is already in use.' in response.text
|
|
|
|
|
|
def test_username_is_unique_multiple_objects_returned(app, db, settings, mailoutbox, rf):
|
|
settings.LANGUAGE_CODE = 'en-us'
|
|
settings.A2_REGISTRATION_USERNAME_IS_UNIQUE = True
|
|
settings.A2_REQUIRED_FIELDS = ['username', 'first_name', 'last_name']
|
|
|
|
# Create two user objects
|
|
User.objects.create(username='testbot', email='testbot1@entrouvert.com')
|
|
User.objects.create(username='testbot', email='testbot2@entrouvert.com')
|
|
|
|
url = utils_misc.build_activation_url(
|
|
rf.get('/'),
|
|
'testbot@entrouvert.com',
|
|
username='testbot',
|
|
first_name='Test',
|
|
last_name='Bot',
|
|
password='ABcd12345',
|
|
next_url=None,
|
|
valid_email=False,
|
|
franceconnect=True,
|
|
)
|
|
|
|
response = app.get(url)
|
|
assert 'This username is already in use.' in response.text
|
|
|
|
|
|
def test_registration_redirect(app, db, settings, mailoutbox, external_redirect):
|
|
next_url, good_next_url = external_redirect
|
|
|
|
settings.A2_REGISTRATION_REDIRECT = 'http://cms/welcome/'
|
|
settings.LANGUAGE_CODE = 'en-us'
|
|
|
|
new_next_url = settings.A2_REGISTRATION_REDIRECT
|
|
if good_next_url:
|
|
new_next_url += '?next=' + urlquote(next_url)
|
|
|
|
# disable existing attributes
|
|
models.Attribute.objects.update(disabled=True)
|
|
|
|
url = utils_misc.make_url('registration_register', params={REDIRECT_FIELD_NAME: next_url})
|
|
response = app.get(url)
|
|
response.form.set('email', 'testbot@entrouvert.com')
|
|
response = response.form.submit()
|
|
|
|
assert urlparse(response['Location']).path == reverse('registration_complete')
|
|
|
|
response = response.follow()
|
|
assert 'Follow the instructions' in response.text
|
|
assert 'testbot@entrouvert.com' in response.text
|
|
assert len(mailoutbox) == 1
|
|
|
|
link = get_link_from_mail(mailoutbox[0])
|
|
response = app.get(link)
|
|
response.form.set('password1', 'T0==toto')
|
|
response.form.set('password2', 'T0==toto')
|
|
response = response.form.submit().follow()
|
|
|
|
assert 'You have just created an account.' in response.text
|
|
assert new_next_url in response.text
|
|
|
|
assert User.objects.count() == 1
|
|
assert len(mailoutbox) == 2
|
|
assert 'was successful' in mailoutbox[1].body
|
|
|
|
new_user = User.objects.get()
|
|
assert new_user.email == 'testbot@entrouvert.com'
|
|
assert new_user.username is None
|
|
assert new_user.check_password('T0==toto')
|
|
assert new_user.is_active
|
|
assert not new_user.is_staff
|
|
assert not new_user.is_superuser
|
|
assert str(app.session['_auth_user_id']) == str(new_user.pk)
|
|
|
|
response = app.get('/login/')
|
|
response.form.set('username', 'testbot@entrouvert.com')
|
|
response.form.set('password', 'T0==toto')
|
|
response = response.form.submit(name='login-password-submit')
|
|
assert urlparse(response['Location']).path == reverse('auth_homepage')
|
|
|
|
|
|
def test_registration_redirect_tuple(app, db, settings, mailoutbox, external_redirect):
|
|
next_url, good_next_url = external_redirect
|
|
|
|
settings.A2_REGISTRATION_REDIRECT = 'http://cms/welcome/', 'target'
|
|
|
|
new_next_url = settings.A2_REGISTRATION_REDIRECT[0]
|
|
if good_next_url:
|
|
new_next_url += '?target=' + urlquote(next_url)
|
|
|
|
# disable existing attributes
|
|
models.Attribute.objects.update(disabled=True)
|
|
|
|
url = utils_misc.make_url('registration_register', params={REDIRECT_FIELD_NAME: next_url})
|
|
response = app.get(url)
|
|
response.form.set('email', 'testbot@entrouvert.com')
|
|
response = response.form.submit()
|
|
response = response.follow()
|
|
link = get_link_from_mail(mailoutbox[0])
|
|
response = app.get(link)
|
|
response.form.set('password1', 'T0==toto')
|
|
response.form.set('password2', 'T0==toto')
|
|
response = response.form.submit().follow()
|
|
assert new_next_url in response.text
|
|
|
|
|
|
def test_registration_activate_passwords_not_equal(app, db, settings, mailoutbox):
|
|
settings.LANGUAGE_CODE = 'en-us'
|
|
settings.A2_EMAIL_IS_UNIQUE = True
|
|
|
|
response = app.get(reverse('registration_register'))
|
|
response.form.set('email', 'testbot@entrouvert.com')
|
|
response = response.form.submit()
|
|
response = response.follow()
|
|
link = get_link_from_mail(mailoutbox[0])
|
|
response = app.get(link)
|
|
response.form.set('first_name', 'john')
|
|
response.form.set('last_name', 'doe')
|
|
response.form.set('password1', 'azerty12AZ')
|
|
response.form.set('password2', 'AAAazerty12AZ')
|
|
response = response.form.submit()
|
|
assert "The two password fields didn" in response.text
|
|
|
|
|
|
def test_authentication_method(app, db, rf, hooks):
|
|
activation_url = utils_misc.build_activation_url(
|
|
rf.post('/register/'),
|
|
email='john.doe@example.com',
|
|
next_url='/',
|
|
first_name='John',
|
|
last_name='Doe',
|
|
no_password=True,
|
|
confirm_data=False,
|
|
)
|
|
app.get(activation_url)
|
|
|
|
assert len(hooks.calls['event']) == 2
|
|
assert hooks.calls['event'][-2]['kwargs']['name'] == 'registration'
|
|
assert hooks.calls['event'][-2]['kwargs']['authentication_method'] == 'email'
|
|
assert hooks.calls['event'][-1]['kwargs']['name'] == 'login'
|
|
assert hooks.calls['event'][-1]['kwargs']['how'] == 'email'
|
|
|
|
activation_url = utils_misc.build_activation_url(
|
|
rf.post('/register/'),
|
|
email='jane.doe@example.com',
|
|
next_url='/',
|
|
first_name='Jane',
|
|
last_name='Doe',
|
|
no_password=True,
|
|
authentication_method='another',
|
|
confirm_data=False,
|
|
)
|
|
app.get(activation_url)
|
|
|
|
assert len(hooks.calls['event']) == 4
|
|
assert hooks.calls['event'][-2]['kwargs']['name'] == 'registration'
|
|
assert hooks.calls['event'][-2]['kwargs']['authentication_method'] == 'another'
|
|
assert hooks.calls['event'][-1]['kwargs']['name'] == 'login'
|
|
assert hooks.calls['event'][-1]['kwargs']['how'] == 'another'
|
|
|
|
|
|
def test_registration_with_email_suggestions(app, db, settings):
|
|
url = utils_misc.make_url('registration_register')
|
|
response = app.get(url)
|
|
assert "email_domains_suggestions.js" in response.text
|
|
assert "field-live-hint" in response.text
|
|
|
|
settings.A2_SUGGESTED_EMAIL_DOMAINS = []
|
|
response = app.get(url)
|
|
assert "email_domains_suggestions.js" not in response.text
|
|
assert "field-live-hint" not in response.text
|
|
|
|
|
|
def test_registration_no_email_full_profile_no_password(app, db, rf, mailoutbox):
|
|
models.Attribute.objects.create(kind='birthdate', name='birthdate', label='birthdate', required=True)
|
|
|
|
data = {
|
|
'email': 'john.doe@example.com',
|
|
'first_name': 'John',
|
|
'last_name': 'Doe',
|
|
'confirm_data': 'required',
|
|
'no_password': True,
|
|
'valid_email': False,
|
|
'franceconnect': True,
|
|
'authentication_method': 'france-connect',
|
|
}
|
|
|
|
activation_url = utils_misc.build_activation_url(rf.post('/register/'), next_url='/', **data)
|
|
|
|
response = app.get(activation_url)
|
|
response.form.set('first_name', data['first_name'])
|
|
response.form.set('last_name', data['last_name'])
|
|
response.form.set('birthdate', '1981-01-01')
|
|
response.form.set('email', 'john.doe2@example.com')
|
|
response = response.form.submit().follow()
|
|
link = get_link_from_mail(mailoutbox[0])
|
|
response = app.get(link)
|
|
assert response.location == '/'
|
|
assert User.objects.count() == 1
|
|
user = User.objects.get()
|
|
assert user.first_name == 'John'
|
|
assert user.last_name == 'Doe'
|
|
assert user.attributes.birthdate == date(1981, 1, 1)
|
|
assert user.email == 'john.doe2@example.com'
|
|
assert user.email_verified is True
|
|
|
|
|
|
def test_registration_link_unique_use(app, db, mailoutbox):
|
|
models.Attribute.objects.update(disabled=True)
|
|
|
|
response = app.get(reverse('registration_register'))
|
|
response.form.set('email', 'testbot@entrouvert.com')
|
|
response = response.form.submit()
|
|
|
|
link = get_link_from_mail(mailoutbox[0])
|
|
|
|
response = app.get(link)
|
|
response.form.set('password1', 'T0==toto')
|
|
|
|
# accessing multiple times work
|
|
response = app.get(link)
|
|
response.form.set('password1', 'T0==toto')
|
|
response.form.set('password2', 'T0==toto')
|
|
response = response.form.submit().follow()
|
|
assert 'You have just created an account.' in response.text
|
|
|
|
response = app.get(link)
|
|
assert urlparse(response['Location']).path == reverse('registration_register')
|
|
response = response.follow()
|
|
assert 'activation key is unknown or expired' in response.text
|
|
|
|
|
|
def test_double_registration_impossible(app, db, mailoutbox):
|
|
models.Attribute.objects.update(disabled=True)
|
|
|
|
for _ in range(2):
|
|
response = app.get(reverse('registration_register'))
|
|
response.form.set('email', 'testbot@entrouvert.com')
|
|
response = response.form.submit()
|
|
assert len(mailoutbox) == 2
|
|
|
|
link1, link2 = get_link_from_mail(mailoutbox[0]), get_link_from_mail(mailoutbox[1])
|
|
|
|
response = app.get(link1)
|
|
assert urlparse(response['Location']).path == reverse('registration_register')
|
|
response = response.follow()
|
|
assert 'activation key is unknown or expired' in response.text
|
|
|
|
response = app.get(link2)
|
|
response.form.set('password1', 'T0==toto')
|
|
response.form.set('password2', 'T0==toto')
|
|
response = response.form.submit().follow()
|
|
assert 'You have just created an account.' in response.text
|
|
|
|
|
|
def test_registration_email_not_verified_required_and_unrequired_attributes(app, db, rf, mailoutbox):
|
|
models.Attribute.objects.create(
|
|
kind='birthdate', name='birthdate', label='birthdate', asked_on_registration=False
|
|
)
|
|
models.Attribute.objects.create(
|
|
kind='string', name='preferred_color', label='couleur préférée', required=True
|
|
)
|
|
|
|
data = {
|
|
'email': 'john.doe@example.com',
|
|
'first_name': 'John',
|
|
'last_name': 'Doe',
|
|
'confirm_data': 'required',
|
|
'no_password': True,
|
|
'valid_email': False,
|
|
'franceconnect': True,
|
|
'authentication_method': 'france-connect',
|
|
}
|
|
|
|
activation_url = utils_misc.build_activation_url(rf.post('/register/'), next_url='/', **data)
|
|
|
|
response = app.get(activation_url)
|
|
response.form.set('first_name', data['first_name'])
|
|
response.form.set('last_name', data['last_name'])
|
|
response.form.set('preferred_color', 'bleu')
|
|
response.form.set('email', 'john.doe2@example.com')
|
|
response = response.form.submit().follow()
|
|
link = get_link_from_mail(mailoutbox[0])
|
|
response = app.get(link)
|
|
assert response.location == '/'
|
|
assert User.objects.count() == 1
|
|
user = User.objects.get()
|
|
assert user.first_name == 'John'
|
|
assert user.last_name == 'Doe'
|
|
assert user.attributes.birthdate is None
|
|
assert user.attributes.preferred_color == 'bleu'
|
|
assert user.email == 'john.doe2@example.com'
|
|
assert user.email_verified is True
|
|
|
|
|
|
def test_honeypot(app, db, settings, mailoutbox):
|
|
settings.DEFAULT_FROM_EMAIL = 'show only addr <noreply@example.net>'
|
|
|
|
response = app.get(utils_misc.make_url('registration_register'))
|
|
response = app.post(
|
|
utils_misc.make_url('registration_register'),
|
|
params={
|
|
'email': 'testbot@entrouvert.com',
|
|
'csrfmiddlewaretoken': response.context['csrf_token'],
|
|
'robotcheck': 'a',
|
|
},
|
|
)
|
|
response = response.follow()
|
|
assert len(mailoutbox) == 0
|
|
assert 'Your registration request has been refused' in response
|
|
|
|
|
|
def test_registration_name_validation(app, db, mailoutbox):
|
|
resp = app.get(reverse('registration_register'))
|
|
resp.form.set('email', 'testbot@entrouvert.com')
|
|
resp = resp.form.submit().follow()
|
|
link = get_link_from_mail(mailoutbox[0])
|
|
resp = app.get(link)
|
|
|
|
resp.form.set('password1', 'T0==toto')
|
|
resp.form.set('password2', 'T0==toto')
|
|
resp.form.set('first_name', '01/01/1871')
|
|
resp.form.set('last_name', 'Doe')
|
|
resp = resp.form.submit()
|
|
assert 'Special characters are not allowed' in resp.text
|
|
|
|
resp.form.set('password1', 'T0==toto')
|
|
resp.form.set('password2', 'T0==toto')
|
|
resp.form.set('first_name', 'John')
|
|
resp.form.set('last_name', 'a(a')
|
|
resp = resp.form.submit()
|
|
assert 'Special characters are not allowed' in resp.text
|
|
|
|
resp.form.set('password1', 'T0==toto')
|
|
resp.form.set('password2', 'T0==toto')
|
|
resp.form.set('first_name', 'Léo')
|
|
resp.form.set('last_name', 'D\'Équerre')
|
|
resp = resp.form.submit().follow()
|
|
assert 'You have just created an account' in resp.text
|
|
|
|
|
|
def test_attribute_model_autocomplete(app, db, settings, mailoutbox):
|
|
settings.LANGUAGE_CODE = 'en-us'
|
|
|
|
response = app.get(reverse('registration_register'))
|
|
response.form.set('email', 'testbot@entrouvert.com')
|
|
response = response.form.submit()
|
|
assert urlparse(response['Location']).path == reverse('registration_complete')
|
|
|
|
link = get_link_from_mail(mailoutbox[0])
|
|
response = app.get(link)
|
|
|
|
assert response.form['first_name'].attrs['autocomplete'] == 'given-name'
|
|
assert response.form['last_name'].attrs['autocomplete'] == 'family-name'
|
|
|
|
|
|
def test_registration_race_condition(app, db, mailoutbox):
|
|
models.Attribute.objects.update(disabled=True)
|
|
|
|
response = app.get(reverse('registration_register'))
|
|
response.form.set('email', 'testbot@entrouvert.com')
|
|
response = response.form.submit()
|
|
|
|
link = get_link_from_mail(mailoutbox[0])
|
|
mailoutbox.clear()
|
|
|
|
response = app.get(link)
|
|
response.form.set('password1', 'T0==toto')
|
|
response.form.set('password2', 'T0==toto')
|
|
with mock.patch('authentic2.views.models.Token.delete', return_value=(0, {})):
|
|
response = response.form.submit().follow()
|
|
|
|
# hypothetical case where token disappeared while user has not been created
|
|
assert 'An error occured' in response.text
|
|
|
|
# real case where user was created by previous almost simultaneous request
|
|
User.objects.create(email='testbot@entrouvert.com')
|
|
response = app.get(link)
|
|
response.form.set('password1', 'T0==toto')
|
|
response.form.set('password2', 'T0==toto')
|
|
with mock.patch('authentic2.views.models.Token.delete', return_value=(0, {})):
|
|
response = response.form.submit().follow()
|
|
|
|
assert 'You have just created an account.' in response.text
|
|
assert len(mailoutbox) == 0
|
|
|
|
|
|
def test_registration_service_integration(app, service, settings):
|
|
service.home_url = 'https://portail.example.net/'
|
|
service.save()
|
|
|
|
response = app.get('/register/?next=https://portail.example.net/page/')
|
|
assert app.session['home_url'] == 'https://portail.example.net/page/'
|
|
assert app.session['service_pk'] == service.pk
|
|
assert response.context['home_ou'] == service.ou
|
|
assert response.context['home_service'] == service
|
|
assert response.context['home_url'] == 'https://portail.example.net/page/'
|