tests: add more password registration related tests

2014-12-28 15:19:03 +01:00 · 2014-12-28 15:19:03 +01:00 · 9ae34f4c8c
parent a9a378845c
commit 9ae34f4c8c
1 changed files with 99 additions and 1 deletions
--- a/tests/test_register.py
+++ b/tests/test_register.py
@ -1,4 +1,5 @@
 import hashlib
+import re
 import shutil
 from quixote import cleanup

@ -18,7 +19,6 @@ def setup_module(module):
    pub.cfg['identities'] = {'creation': 'self'}
    pub.write_cfg()

-
 def teardown_module(module):
    global pub
    shutil.rmtree(pub.APP_DIR)
@ -33,6 +33,11 @@ def test_no_user_registration():
    pub.cfg['identities'] = {'creation': 'self'}
    pub.write_cfg()

+def test_link_on_login_page():
+    app = get_app(pub)
+    page = app.get('/login/')
+    assert '/register/' in page.body
+
 def test_no_password():
    app = get_app(pub)
    page = app.get('/register/')
@ -133,3 +138,96 @@ def test_user_notification():
    assert emails.get('Welcome to example.net')
    assert emails.get('Welcome to example.net').get('kwargs').get('email_rcpt') == 'foo@localhost'
    assert account.password in emails.get('Welcome to example.net').get('args')[0]
+
+def test_user_login():
+    pub.cfg['identities'] = {'creation': 'self', 'notify-on-register': False}
+    pub.user_class.wipe()
+    PasswordAccount.wipe()
+    pub.cfg['passwords'] = {'generate': False, 'hashing_algo': 'sha256'}
+    pub.write_cfg()
+    do_user_registration()
+
+    # wrong password
+    app = get_app(pub)
+    resp = app.get('/login/')
+    resp.forms[0]['username'] = 'foo'
+    resp.forms[0]['password'] = 'foo'
+    resp = resp.forms[0].submit()
+    assert 'Invalid credentials' in resp.body
+
+    # correct passwod
+    app = get_app(pub)
+    resp = app.get('/login/')
+    resp.forms[0]['username'] = 'foo'
+    resp.forms[0]['password'] = 'bar'
+    resp = resp.forms[0].submit()
+    assert resp.location == 'http://example.net/'
+
+def test_forgotten():
+    pub.cfg['identities'] = {'creation': 'self', 'notify-on-register': False}
+    pub.user_class.wipe()
+    PasswordAccount.wipe()
+    pub.cfg['passwords'] = {'generate': False, 'hashing_algo': 'sha256'}
+    pub.write_cfg()
+    do_user_registration()
+
+    app = get_app(pub)
+    resp = app.get('/login/')
+    assert '/ident/password/forgotten' in resp.body
+
+    resp = app.get('/ident/password/forgotten')
+    resp.forms[0]['username'] = 'bar' # this account doesn't exist
+    resp = resp.forms[0].submit()
+    assert 'There is no user with that name or it has no email contact.'
+
+    resp = app.get('/ident/password/forgotten')
+    resp.forms[0]['username'] = 'foo' # this account doesn't have an email
+    resp = resp.forms[0].submit()
+    assert 'There is no user with that name or it has no email contact.'
+
+    user = pub.user_class.get(1)
+    user.email = 'foo@localhost'
+    user.store()
+
+    resp = app.get('/ident/password/forgotten')
+    resp.forms[0]['username'] = 'foo'
+    resp = resp.forms[0].submit()
+    assert 'A token for changing your password has been emailed to you.' in resp.body
+
+    assert emails.get('Change Password Request')
+    assert emails.get('Change Password Request')['kwargs']['email_rcpt'] == 'foo@localhost'
+    body = emails.get('Change Password Request')['args'][0]
+
+    confirm_urls = re.findall(r'http://.*\w',  body)
+    assert 'a=cfmpw' in confirm_urls[0]
+    assert 'a=cxlpw' in confirm_urls[1]
+
+    # cancel request
+    resp = app.get(confirm_urls[1])
+    assert 'Your request has been cancelled' in resp.body
+
+    resp = app.get(confirm_urls[1])
+    assert 'The token you submitted does not exist' in resp.body
+
+    # new forgotten request
+    resp = app.get('/ident/password/forgotten')
+    resp.forms[0]['username'] = 'foo'
+    resp = resp.forms[0].submit()
+    assert 'A token for changing your password has been emailed to you.' in resp.body
+
+    body = emails.get('Change Password Request')['args'][0]
+    confirm_urls = re.findall(r'http://.*\w',  body)
+    assert 'a=cfmpw' in confirm_urls[0]
+    assert 'a=cxlpw' in confirm_urls[1]
+
+    resp = app.get(confirm_urls[0])
+    assert 'New password sent by email' in resp.body
+    assert emails.get('Your new password')
+
+    # check new password is working
+    new_password = re.findall('password: (.*)\n', emails.get('Your new password')['args'][0])[0]
+    resp = app.get('/login/')
+    resp.forms[0]['username'] = 'foo'
+    resp.forms[0]['password'] = new_password
+    resp = resp.forms[0].submit()
+    assert resp.status_int == 302