2 # GNU MediaGoblin -- federated, autonomous media hosting
3 # Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License as published by
7 # the Free Software Foundation, either version 3 of the License, or
8 # (at your option) any later version.
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU Affero General Public License for more details.
15 # You should have received a copy of the GNU Affero General Public License
16 # along with this program. If not, see <http://www.gnu.org/licenses/>.
23 import six
.moves
.urllib
.parse
as urlparse
25 from mediagoblin
import mg_globals
26 from mediagoblin
.db
.models
import User
27 from mediagoblin
.tests
.tools
import get_app
, fixture_add_user
28 from mediagoblin
.tools
import template
, mail
29 from mediagoblin
.auth
import tools
as auth_tools
32 def test_register_views(test_app
):
34 Massive test function that all our registration-related views all work.
36 # Test doing a simple GET on the page
37 # -----------------------------------
39 test_app
.get('/auth/register/')
40 # Make sure it rendered with the appropriate template
41 assert 'mediagoblin/auth/register.html' in template
.TEMPLATE_TEST_CONTEXT
43 # Try to register without providing anything, should error
44 # --------------------------------------------------------
46 template
.clear_test_template_context()
48 '/auth/register/', {})
49 context
= template
.TEMPLATE_TEST_CONTEXT
['mediagoblin/auth/register.html']
50 form
= context
['register_form']
51 assert form
.username
.errors
== [u
'This field is required.']
52 assert form
.password
.errors
== [u
'This field is required.']
53 assert form
.email
.errors
== [u
'This field is required.']
55 # Try to register with fields that are known to be invalid
56 # --------------------------------------------------------
59 template
.clear_test_template_context()
65 context
= template
.TEMPLATE_TEST_CONTEXT
['mediagoblin/auth/register.html']
66 form
= context
['register_form']
68 assert form
.username
.errors
== [u
'Field must be between 3 and 30 characters long.']
69 assert form
.password
.errors
== [u
'Field must be between 5 and 1024 characters long.']
72 template
.clear_test_template_context()
76 'email': 'lollerskates'})
77 context
= template
.TEMPLATE_TEST_CONTEXT
['mediagoblin/auth/register.html']
78 form
= context
['register_form']
80 assert form
.username
.errors
== [u
'This field does not take email addresses.']
81 assert form
.email
.errors
== [u
'This field requires an email address.']
83 ## At this point there should be no users in the database ;)
84 assert User
.query
.count() == 0
88 template
.clear_test_template_context()
89 response
= test_app
.post(
91 'username': u
'angrygirl',
92 'password': 'iamsoangry',
93 'email': 'angrygrrl@example.org'})
96 ## Did we redirect to the proper page? Use the right template?
97 assert urlparse
.urlsplit(response
.location
)[2] == '/u/angrygirl/'
98 assert 'mediagoblin/user_pages/user_nonactive.html' in template
.TEMPLATE_TEST_CONTEXT
100 ## Make sure user is in place
101 new_user
= mg_globals
.database
.User
.query
.filter_by(
102 username
=u
'angrygirl').first()
105 ## Make sure that the proper privileges are granted on registration
107 assert new_user
.has_privilege(u
'commenter')
108 assert new_user
.has_privilege(u
'uploader')
109 assert new_user
.has_privilege(u
'reporter')
110 assert not new_user
.has_privilege(u
'active')
111 ## Make sure user is logged in
112 request
= template
.TEMPLATE_TEST_CONTEXT
[
113 'mediagoblin/user_pages/user_nonactive.html']['request']
114 assert request
.session
['user_id'] == six
.text_type(new_user
.id)
116 ## Make sure we get email confirmation, and try verifying
117 assert len(mail
.EMAIL_TEST_INBOX
) == 1
118 message
= mail
.EMAIL_TEST_INBOX
.pop()
119 assert message
['To'] == 'angrygrrl@example.org'
120 email_context
= template
.TEMPLATE_TEST_CONTEXT
[
121 'mediagoblin/auth/verification_email.txt']
122 assert email_context
['verification_url'] in message
.get_payload(decode
=True)
124 path
= urlparse
.urlsplit(email_context
['verification_url'])[2]
125 get_params
= urlparse
.urlsplit(email_context
['verification_url'])[3]
126 assert path
== u
'/auth/verify_email/'
127 parsed_get_params
= urlparse
.parse_qs(get_params
)
129 ## Try verifying with bs verification key, shouldn't work
130 template
.clear_test_template_context()
131 response
= test_app
.get(
132 "/auth/verify_email/?token=total_bs")
136 assert urlparse
.urlsplit(response
.location
)[2] == '/'
138 # assert context['verification_successful'] == True
139 # TODO: Would be good to test messages here when we can do so...
140 new_user
= mg_globals
.database
.User
.query
.filter_by(
141 username
=u
'angrygirl').first()
144 ## Verify the email activation works
145 template
.clear_test_template_context()
146 response
= test_app
.get("%s?%s" % (path
, get_params
))
148 context
= template
.TEMPLATE_TEST_CONTEXT
[
149 'mediagoblin/user_pages/user.html']
150 # assert context['verification_successful'] == True
151 # TODO: Would be good to test messages here when we can do so...
152 new_user
= mg_globals
.database
.User
.query
.filter_by(
153 username
=u
'angrygirl').first()
158 ## We shouldn't be able to register with that user twice
159 template
.clear_test_template_context()
160 response
= test_app
.post(
162 'username': u
'angrygirl',
163 'password': 'iamsoangry2',
164 'email': 'angrygrrl2@example.org'})
166 context
= template
.TEMPLATE_TEST_CONTEXT
[
167 'mediagoblin/auth/register.html']
168 form
= context
['register_form']
169 assert form
.username
.errors
== [
170 u
'Sorry, a user with that name already exists.']
172 ## TODO: Also check for double instances of an email address?
174 ### Oops, forgot the password
175 # -------------------
176 template
.clear_test_template_context()
177 response
= test_app
.post(
178 '/auth/forgot_password/',
179 {'username': u
'angrygirl'})
182 ## Did we redirect to the proper page? Use the right template?
183 assert urlparse
.urlsplit(response
.location
)[2] == '/auth/login/'
184 assert 'mediagoblin/auth/login.html' in template
.TEMPLATE_TEST_CONTEXT
186 ## Make sure link to change password is sent by email
187 assert len(mail
.EMAIL_TEST_INBOX
) == 1
188 message
= mail
.EMAIL_TEST_INBOX
.pop()
189 assert message
['To'] == 'angrygrrl@example.org'
190 email_context
= template
.TEMPLATE_TEST_CONTEXT
[
191 'mediagoblin/plugins/basic_auth/fp_verification_email.txt']
192 #TODO - change the name of verification_url to something forgot-password-ish
193 assert email_context
['verification_url'] in message
.get_payload(decode
=True)
195 path
= urlparse
.urlsplit(email_context
['verification_url'])[2]
196 get_params
= urlparse
.urlsplit(email_context
['verification_url'])[3]
197 parsed_get_params
= urlparse
.parse_qs(get_params
)
198 assert path
== u
'/auth/forgot_password/verify/'
200 ## Try using a bs password-changing verification key, shouldn't work
201 template
.clear_test_template_context()
202 response
= test_app
.get(
203 "/auth/forgot_password/verify/?token=total_bs")
207 assert urlparse
.urlsplit(response
.location
)[2] == '/'
209 ## Verify step 1 of password-change works -- can see form to change password
210 template
.clear_test_template_context()
211 response
= test_app
.get("%s?%s" % (path
, get_params
))
212 assert 'mediagoblin/plugins/basic_auth/change_fp.html' in \
213 template
.TEMPLATE_TEST_CONTEXT
215 ## Verify step 2.1 of password-change works -- report success to user
216 template
.clear_test_template_context()
217 response
= test_app
.post(
218 '/auth/forgot_password/verify/', {
219 'password': 'iamveryveryangry',
220 'token': parsed_get_params
['token']})
222 assert 'mediagoblin/auth/login.html' in template
.TEMPLATE_TEST_CONTEXT
224 ## Verify step 2.2 of password-change works -- login w/ new password success
225 template
.clear_test_template_context()
226 response
= test_app
.post(
228 'username': u
'angrygirl',
229 'password': 'iamveryveryangry'})
231 # User should be redirected
233 assert urlparse
.urlsplit(response
.location
)[2] == '/'
234 assert 'mediagoblin/root.html' in template
.TEMPLATE_TEST_CONTEXT
237 def test_authentication_views(test_app
):
239 Test logging in and logging out
242 test_user
= fixture_add_user()
247 test_app
.get('/auth/login/')
248 assert 'mediagoblin/auth/login.html' in template
.TEMPLATE_TEST_CONTEXT
250 # Failed login - blank form
251 # -------------------------
252 template
.clear_test_template_context()
253 response
= test_app
.post('/auth/login/')
254 context
= template
.TEMPLATE_TEST_CONTEXT
['mediagoblin/auth/login.html']
255 form
= context
['login_form']
256 assert form
.username
.errors
== [u
'This field is required.']
258 # Failed login - blank user
259 # -------------------------
260 template
.clear_test_template_context()
261 response
= test_app
.post(
263 'password': u
'toast'})
264 context
= template
.TEMPLATE_TEST_CONTEXT
['mediagoblin/auth/login.html']
265 form
= context
['login_form']
266 assert form
.username
.errors
== [u
'This field is required.']
268 # Failed login - blank password
269 # -----------------------------
270 template
.clear_test_template_context()
271 response
= test_app
.post(
273 'username': u
'chris'})
274 assert 'mediagoblin/auth/login.html' in template
.TEMPLATE_TEST_CONTEXT
276 # Failed login - bad user
277 # -----------------------
278 template
.clear_test_template_context()
279 response
= test_app
.post(
281 'username': u
'steve',
282 'password': 'toast'})
283 context
= template
.TEMPLATE_TEST_CONTEXT
['mediagoblin/auth/login.html']
284 assert context
['login_failed']
286 # Failed login - bad password
287 # ---------------------------
288 template
.clear_test_template_context()
289 response
= test_app
.post(
291 'username': u
'chris',
292 'password': 'jam_and_ham'})
293 context
= template
.TEMPLATE_TEST_CONTEXT
['mediagoblin/auth/login.html']
294 assert context
['login_failed']
298 template
.clear_test_template_context()
299 response
= test_app
.post(
301 'username': u
'chris',
302 'password': 'toast'})
304 # User should be redirected
306 assert urlparse
.urlsplit(response
.location
)[2] == '/'
307 assert 'mediagoblin/root.html' in template
.TEMPLATE_TEST_CONTEXT
309 # Make sure user is in the session
310 context
= template
.TEMPLATE_TEST_CONTEXT
['mediagoblin/root.html']
311 session
= context
['request'].session
312 assert session
['user_id'] == six
.text_type(test_user
.id)
316 template
.clear_test_template_context()
317 response
= test_app
.get('/auth/logout/')
319 # Should be redirected to index page
321 assert urlparse
.urlsplit(response
.location
)[2] == '/'
322 assert 'mediagoblin/root.html' in template
.TEMPLATE_TEST_CONTEXT
324 # Make sure the user is not in the session
325 context
= template
.TEMPLATE_TEST_CONTEXT
['mediagoblin/root.html']
326 session
= context
['request'].session
327 assert 'user_id' not in session
329 # User is redirected to custom URL if POST['next'] is set
330 # -------------------------------------------------------
331 template
.clear_test_template_context()
332 response
= test_app
.post(
334 'username': u
'chris',
336 'next' : '/u/chris/'})
337 assert urlparse
.urlsplit(response
.location
)[2] == '/u/chris/'
340 def authentication_disabled_app(request
):
343 mgoblin_config
=pkg_resources
.resource_filename(
344 'mediagoblin.tests.auth_configs',
345 'authentication_disabled_appconfig.ini'))
348 def test_authentication_disabled_app(authentication_disabled_app
):
349 # app.auth should = false
351 assert mg_globals
.app
.auth
is False
353 # Try to visit register page
354 template
.clear_test_template_context()
355 response
= authentication_disabled_app
.get('/auth/register/')
359 assert urlparse
.urlsplit(response
.location
)[2] == '/'
360 assert 'mediagoblin/root.html' in template
.TEMPLATE_TEST_CONTEXT
362 # Try to vist login page
363 template
.clear_test_template_context()
364 response
= authentication_disabled_app
.get('/auth/login/')
368 assert urlparse
.urlsplit(response
.location
)[2] == '/'
369 assert 'mediagoblin/root.html' in template
.TEMPLATE_TEST_CONTEXT
371 ## Test check_login_simple should return None
372 assert auth_tools
.check_login_simple('test', 'simple') is None
374 # Try to visit the forgot password page
375 template
.clear_test_template_context()
376 response
= authentication_disabled_app
.get('/auth/register/')
380 assert urlparse
.urlsplit(response
.location
)[2] == '/'
381 assert 'mediagoblin/root.html' in template
.TEMPLATE_TEST_CONTEXT