Commit | Line | Data |
---|---|---|
c8ccd23e | 1 | # GNU MediaGoblin -- federated, autonomous media hosting |
cf29e8a8 | 2 | # Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. |
c8ccd23e JK |
3 | # |
4 | # This program is free software: you can redistribute it and/or modify | |
5 | # it under the terms of the GNU Affero General Public License as published by | |
6 | # the Free Software Foundation, either version 3 of the License, or | |
7 | # (at your option) any later version. | |
8 | # | |
9 | # This program is distributed in the hope that it will be useful, | |
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
12 | # GNU Affero General Public License for more details. | |
13 | # | |
14 | # You should have received a copy of the GNU Affero General Public License | |
15 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | |
16 | ||
eb396abc | 17 | import urlparse |
a3b98853 | 18 | |
c8ccd23e | 19 | from mediagoblin import mg_globals |
a3b98853 | 20 | from mediagoblin.db.models import User |
5c2ece74 | 21 | from mediagoblin.tests.tools import fixture_add_user |
377db0e7 | 22 | from mediagoblin.tools import template, mail |
9754802d | 23 | from mediagoblin.auth.lib import bcrypt_check_password |
c8ccd23e | 24 | |
377db0e7 | 25 | |
a3b98853 | 26 | class TestUserEdit(object): |
958080be | 27 | def setup(self): |
a3b98853 SS |
28 | # set up new user |
29 | self.user_password = u'toast' | |
30 | self.user = fixture_add_user(password = self.user_password) | |
a3b98853 | 31 | |
5c2ece74 CAW |
32 | def login(self, test_app): |
33 | test_app.post( | |
a3b98853 SS |
34 | '/auth/login/', { |
35 | 'username': self.user.username, | |
36 | 'password': self.user_password}) | |
37 | ||
38 | ||
5c2ece74 | 39 | def test_user_deletion(self, test_app): |
6deb589d | 40 | """Delete user via web interface""" |
5c2ece74 CAW |
41 | self.login(test_app) |
42 | ||
6deb589d SS |
43 | # Make sure user exists |
44 | assert User.query.filter_by(username=u'chris').first() | |
45 | ||
5c2ece74 | 46 | res = test_app.post('/edit/account/delete/', {'confirmed': 'y'}) |
6deb589d SS |
47 | |
48 | # Make sure user has been deleted | |
49 | assert User.query.filter_by(username=u'chris').first() == None | |
50 | ||
51 | #TODO: make sure all corresponding items comments etc have been | |
52 | # deleted too. Perhaps in submission test? | |
53 | ||
54 | #Restore user at end of test | |
55 | self.user = fixture_add_user(password = self.user_password) | |
5c2ece74 | 56 | self.login(test_app) |
6deb589d SS |
57 | |
58 | ||
5c2ece74 | 59 | def test_change_password(self, test_app): |
a3b98853 | 60 | """Test changing password correctly and incorrectly""" |
5c2ece74 CAW |
61 | self.login(test_app) |
62 | ||
a3b98853 | 63 | # test that the password can be changed |
eb396abc | 64 | template.clear_test_template_context() |
5c2ece74 | 65 | res = test_app.post( |
eb396abc | 66 | '/edit/password/', { |
a3b98853 SS |
67 | 'old_password': 'toast', |
68 | 'new_password': '123456', | |
a3b98853 | 69 | }) |
eb396abc RE |
70 | res.follow() |
71 | ||
72 | # Did we redirect to the correct page? | |
73 | assert urlparse.urlsplit(res.location)[2] == '/edit/account/' | |
a3b98853 | 74 | |
a3b98853 SS |
75 | # test_user has to be fetched again in order to have the current values |
76 | test_user = User.query.filter_by(username=u'chris').first() | |
77 | assert bcrypt_check_password('123456', test_user.pw_hash) | |
78 | # Update current user passwd | |
79 | self.user_password = '123456' | |
80 | ||
81 | # test that the password cannot be changed if the given | |
eb396abc RE |
82 | # old_password is wrong |
83 | template.clear_test_template_context() | |
5c2ece74 | 84 | test_app.post( |
eb396abc | 85 | '/edit/password/', { |
a3b98853 SS |
86 | 'old_password': 'toast', |
87 | 'new_password': '098765', | |
88 | }) | |
89 | ||
90 | test_user = User.query.filter_by(username=u'chris').first() | |
91 | assert not bcrypt_check_password('098765', test_user.pw_hash) | |
92 | ||
93 | ||
5c2ece74 | 94 | def test_change_bio_url(self, test_app): |
a3b98853 | 95 | """Test changing bio and URL""" |
5c2ece74 CAW |
96 | self.login(test_app) |
97 | ||
a3b98853 | 98 | # Test if legacy profile editing URL redirects correctly |
5c2ece74 | 99 | res = test_app.post( |
a3b98853 SS |
100 | '/edit/profile/', { |
101 | 'bio': u'I love toast!', | |
102 | 'url': u'http://dustycloud.org/'}, expect_errors=True) | |
103 | ||
104 | # Should redirect to /u/chris/edit/ | |
7d503a89 | 105 | assert res.status_int == 302 |
a3b98853 SS |
106 | assert res.headers['Location'].endswith("/u/chris/edit/") |
107 | ||
5c2ece74 | 108 | res = test_app.post( |
a3b98853 SS |
109 | '/u/chris/edit/', { |
110 | 'bio': u'I love toast!', | |
111 | 'url': u'http://dustycloud.org/'}) | |
112 | ||
113 | test_user = User.query.filter_by(username=u'chris').first() | |
7d503a89 CAW |
114 | assert test_user.bio == u'I love toast!' |
115 | assert test_user.url == u'http://dustycloud.org/' | |
a3b98853 SS |
116 | |
117 | # change a different user than the logged in (should fail with 403) | |
118 | fixture_add_user(username=u"foo") | |
5c2ece74 | 119 | res = test_app.post( |
a3b98853 SS |
120 | '/u/foo/edit/', { |
121 | 'bio': u'I love toast!', | |
122 | 'url': u'http://dustycloud.org/'}, expect_errors=True) | |
7d503a89 | 123 | assert res.status_int == 403 |
a3b98853 SS |
124 | |
125 | # test changing the bio and the URL inproperly | |
126 | too_long_bio = 150 * 'T' + 150 * 'o' + 150 * 'a' + 150 * 's' + 150* 't' | |
127 | ||
5c2ece74 | 128 | test_app.post( |
a3b98853 SS |
129 | '/u/chris/edit/', { |
130 | # more than 500 characters | |
131 | 'bio': too_long_bio, | |
132 | 'url': 'this-is-no-url'}) | |
133 | ||
134 | # Check form errors | |
7d503a89 CAW |
135 | context = template.TEMPLATE_TEST_CONTEXT[ |
136 | 'mediagoblin/edit/edit_profile.html'] | |
a3b98853 SS |
137 | form = context['form'] |
138 | ||
7d503a89 CAW |
139 | assert form.bio.errors == [ |
140 | u'Field must be between 0 and 500 characters long.'] | |
141 | assert form.url.errors == [ | |
142 | u'This address contains errors'] | |
a3b98853 | 143 | |
377db0e7 RE |
144 | def test_email_change(self, test_app): |
145 | self.login(test_app) | |
146 | ||
377db0e7 RE |
147 | # Test email already in db |
148 | template.clear_test_template_context() | |
149 | test_app.post( | |
150 | '/edit/account/', { | |
151 | 'new_email': 'chris@example.com', | |
152 | 'password': 'toast'}) | |
153 | ||
154 | # Check form errors | |
155 | context = template.TEMPLATE_TEST_CONTEXT[ | |
156 | 'mediagoblin/edit/edit_account.html'] | |
157 | assert context['form'].new_email.errors == [ | |
158 | u'Sorry, a user with that email address already exists.'] | |
159 | ||
377db0e7 RE |
160 | # Test successful email change |
161 | template.clear_test_template_context() | |
162 | res = test_app.post( | |
163 | '/edit/account/', { | |
164 | 'new_email': 'new@example.com', | |
165 | 'password': 'toast'}) | |
166 | res.follow() | |
167 | ||
168 | # Correct redirect? | |
169 | assert urlparse.urlsplit(res.location)[2] == '/u/chris/' | |
170 | ||
171 | # Make sure we get email verification and try verifying | |
172 | assert len(mail.EMAIL_TEST_INBOX) == 1 | |
173 | message = mail.EMAIL_TEST_INBOX.pop() | |
174 | assert message['To'] == 'new@example.com' | |
175 | email_context = template.TEMPLATE_TEST_CONTEXT[ | |
176 | 'mediagoblin/edit/verification.txt'] | |
177 | assert email_context['verification_url'] in \ | |
178 | message.get_payload(decode=True) | |
179 | ||
180 | path = urlparse.urlsplit(email_context['verification_url'])[2] | |
181 | assert path == u'/edit/verify_email/' | |
182 | ||
183 | ## Try verifying with bs verification key, shouldn't work | |
184 | template.clear_test_template_context() | |
185 | res = test_app.get( | |
186 | "/edit/verify_email/?token=total_bs") | |
187 | res.follow() | |
188 | ||
189 | # Correct redirect? | |
190 | assert urlparse.urlsplit(res.location)[2] == '/' | |
191 | ||
192 | # Email shouldn't be saved | |
193 | email_in_db = mg_globals.database.User.find_one( | |
194 | {'email': 'new@example.com'}) | |
195 | email = User.query.filter_by(username='chris').first().email | |
196 | assert email_in_db is None | |
197 | assert email == 'chris@example.com' | |
198 | ||
199 | # Verify email activation works | |
200 | template.clear_test_template_context() | |
201 | get_params = urlparse.urlsplit(email_context['verification_url'])[3] | |
202 | res = test_app.get('%s?%s' % (path, get_params)) | |
203 | res.follow() | |
204 | ||
205 | # New email saved? | |
206 | email = User.query.filter_by(username='chris').first().email | |
207 | assert email == 'new@example.com' | |
a3b98853 | 208 | # test changing the url inproperly |