1 # GNU MediaGoblin -- federated, autonomous media hosting
2 # Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
4 # This program is free software: you can redistribute it and/or modify
5 # it under the terms of the GNU Affero General Public License as published by
6 # the Free Software Foundation, either version 3 of the License, or
7 # (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU Affero General Public License for more details.
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
21 from mediagoblin
.plugins
.basic_auth
import lib
as auth_lib
22 from mediagoblin
import mg_globals
23 from mediagoblin
.tools
import template
, mail
24 from mediagoblin
.tests
.tools
import get_app
, fixture_add_user
25 from mediagoblin
.tools
.testing
import _activate_testing
30 ########################
31 # Test bcrypt auth funcs
32 ########################
35 def test_bcrypt_check_password():
36 # Check known 'lollerskates' password against check function
37 assert auth_lib
.bcrypt_check_password(
39 '$2a$12$PXU03zfrVCujBhVeICTwtOaHTUs5FFwsscvSSTJkqx/2RQ0Lhy/nO')
41 assert not auth_lib
.bcrypt_check_password(
43 '$2a$12$PXU03zfrVCujBhVeICTwtOaHTUs5FFwsscvSSTJkqx/2RQ0Lhy/nO')
45 # Same thing, but with extra fake salt.
46 assert not auth_lib
.bcrypt_check_password(
48 '$2a$12$ELVlnw3z1FMu6CEGs/L8XO8vl0BuWSlUHgh0rUrry9DUXGMUNWwl6',
52 def test_bcrypt_gen_password_hash():
53 pw
= 'youwillneverguessthis'
55 # Normal password hash generation, and check on that hash
56 hashed_pw
= auth_lib
.bcrypt_gen_password_hash(pw
)
57 assert auth_lib
.bcrypt_check_password(
59 assert not auth_lib
.bcrypt_check_password(
60 'notthepassword', hashed_pw
)
62 # Same thing, extra salt.
63 hashed_pw
= auth_lib
.bcrypt_gen_password_hash(pw
, '3><7R45417')
64 assert auth_lib
.bcrypt_check_password(
65 pw
, hashed_pw
, '3><7R45417')
66 assert not auth_lib
.bcrypt_check_password(
67 'notthepassword', hashed_pw
, '3><7R45417')
71 def context_modified_app(request
):
74 mgoblin_config
=pkg_resources
.resource_filename(
75 'mediagoblin.tests', 'basic_auth_appconfig.ini'))
78 def test_fp_view(context_modified_app
):
79 ### Oops, forgot the password
82 fixture_add_user(active_user
=True)
84 template
.clear_test_template_context()
85 response
= context_modified_app
.post(
86 '/auth/forgot_password/',
87 {'username': u
'chris'})
90 ## Did we redirect to the proper page? Use the right template?
91 assert urlparse
.urlsplit(response
.location
)[2] == '/auth/login/'
92 assert 'mediagoblin/auth/login.html' in template
.TEMPLATE_TEST_CONTEXT
94 ## Make sure link to change password is sent by email
95 assert len(mail
.EMAIL_TEST_INBOX
) == 1
96 message
= mail
.EMAIL_TEST_INBOX
.pop()
97 assert message
['To'] == 'chris@example.com'
98 email_context
= template
.TEMPLATE_TEST_CONTEXT
[
99 'mediagoblin/auth/fp_verification_email.txt']
100 #TODO - change the name of verification_url to something
101 # forgot-password-ish
102 assert email_context
['verification_url'] in \
103 message
.get_payload(decode
=True)
105 path
= urlparse
.urlsplit(email_context
['verification_url'])[2]
106 get_params
= urlparse
.urlsplit(email_context
['verification_url'])[3]
107 assert path
== u
'/auth/forgot_password/verify/'
108 parsed_get_params
= urlparse
.parse_qs(get_params
)
110 # user should have matching parameters
111 new_user
= mg_globals
.database
.User
.find_one({'username': u
'chris'})
112 assert parsed_get_params
['userid'] == [unicode(new_user
.id)]
113 assert parsed_get_params
['token'] == [new_user
.fp_verification_key
]
115 ### The forgotten password token should be set to expire in ~ 10 days
116 # A few ticks have expired so there are only 9 full days left...
117 assert (new_user
.fp_token_expire
- datetime
.datetime
.now()).days
== 9
119 ## Try using a bs password-changing verification key, shouldn't work
120 template
.clear_test_template_context()
121 response
= context_modified_app
.get(
122 "/auth/forgot_password/verify/?userid=%s&token=total_bs" % unicode(
123 new_user
.id), status
=404)
124 assert response
.status
.split()[0] == u
'404' # status="404 NOT FOUND"
126 ## Try using an expired token to change password, shouldn't work
127 template
.clear_test_template_context()
128 new_user
= mg_globals
.database
.User
.find_one({'username': u
'chris'})
129 real_token_expiration
= new_user
.fp_token_expire
130 new_user
.fp_token_expire
= datetime
.datetime
.now()
132 response
= context_modified_app
.get("%s?%s" % (path
, get_params
),
134 assert response
.status
.split()[0] == u
'404' # status="404 NOT FOUND"
135 new_user
.fp_token_expire
= real_token_expiration
138 ## Verify step 1 of password-change works -- can see form to
140 template
.clear_test_template_context()
141 response
= context_modified_app
.get("%s?%s" % (path
, get_params
))
142 assert 'mediagoblin/plugins/basic_auth/change_fp.html' \
143 in template
.TEMPLATE_TEST_CONTEXT
145 ## Verify step 2.1 of password-change works -- report success to user
146 template
.clear_test_template_context()
147 response
= context_modified_app
.post(
148 '/auth/forgot_password/verify/', {
149 'userid': parsed_get_params
['userid'],
150 'password': 'iamveryveryhappy',
151 'token': parsed_get_params
['token']})
153 assert 'mediagoblin/auth/login.html' in template
.TEMPLATE_TEST_CONTEXT
155 ## Verify step 2.2 of password-change works -- login w/ new password
157 template
.clear_test_template_context()
158 response
= context_modified_app
.post(
160 'username': u
'chris',
161 'password': 'iamveryveryhappy'})
163 # User should be redirected
165 assert urlparse
.urlsplit(response
.location
)[2] == '/'
166 assert 'mediagoblin/root.html' in template
.TEMPLATE_TEST_CONTEXT