mediagoblin/tests/test_basic_auth.py

   1 # GNU MediaGoblin -- federated, autonomous media hosting
   2 # Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
   3 #
   4 # This program is free software: you can redistribute it and/or modify
   5 # it under the terms of the GNU Affero General Public License as published by
   6 # the Free Software Foundation, either version 3 of the License, or
   7 # (at your option) any later version.
   8 #
   9 # This program is distributed in the hope that it will be useful,
  10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 # GNU Affero General Public License for more details.
  13 #
  14 # You should have received a copy of the GNU Affero General Public License
  15 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
  16 import urlparse
  17 import datetime
  18 import pkg_resources
  19 import pytest
  20
  21 from mediagoblin.plugins.basic_auth import lib as auth_lib
  22 from mediagoblin import mg_globals
  23 from mediagoblin.tools import template, mail
  24 from mediagoblin.tests.tools import get_app, fixture_add_user
  25 from mediagoblin.tools.testing import _activate_testing
  26
  27 _activate_testing()
  28
  29
  30 ########################
  31 # Test bcrypt auth funcs
  32 ########################
  33
  34
  35 def test_bcrypt_check_password():
  36     # Check known 'lollerskates' password against check function
  37     assert auth_lib.bcrypt_check_password(
  38         'lollerskates',
  39         '$2a$12$PXU03zfrVCujBhVeICTwtOaHTUs5FFwsscvSSTJkqx/2RQ0Lhy/nO')
  40
  41     assert not auth_lib.bcrypt_check_password(
  42         'notthepassword',
  43         '$2a$12$PXU03zfrVCujBhVeICTwtOaHTUs5FFwsscvSSTJkqx/2RQ0Lhy/nO')
  44
  45     # Same thing, but with extra fake salt.
  46     assert not auth_lib.bcrypt_check_password(
  47         'notthepassword',
  48         '$2a$12$ELVlnw3z1FMu6CEGs/L8XO8vl0BuWSlUHgh0rUrry9DUXGMUNWwl6',
  49         '3><7R45417')
  50
  51
  52 def test_bcrypt_gen_password_hash():
  53     pw = 'youwillneverguessthis'
  54
  55     # Normal password hash generation, and check on that hash
  56     hashed_pw = auth_lib.bcrypt_gen_password_hash(pw)
  57     assert auth_lib.bcrypt_check_password(
  58         pw, hashed_pw)
  59     assert not auth_lib.bcrypt_check_password(
  60         'notthepassword', hashed_pw)
  61
  62     # Same thing, extra salt.
  63     hashed_pw = auth_lib.bcrypt_gen_password_hash(pw, '3><7R45417')
  64     assert auth_lib.bcrypt_check_password(
  65         pw, hashed_pw, '3><7R45417')
  66     assert not auth_lib.bcrypt_check_password(
  67         'notthepassword', hashed_pw, '3><7R45417')
  68
  69
  70 @pytest.fixture()
  71 def context_modified_app(request):
  72     return get_app(
  73         request,
  74         mgoblin_config=pkg_resources.resource_filename(
  75             'mediagoblin.tests', 'basic_auth_appconfig.ini'))
  76
  77
  78 def test_fp_view(context_modified_app):
  79     ### Oops, forgot the password
  80     # -------------------
  81     ## Register a user
  82     fixture_add_user(active_user=True)
  83
  84     template.clear_test_template_context()
  85     response = context_modified_app.post(
  86         '/auth/forgot_password/',
  87         {'username': u'chris'})
  88     response.follow()
  89
  90     ## Did we redirect to the proper page?  Use the right template?
  91     assert urlparse.urlsplit(response.location)[2] == '/auth/login/'
  92     assert 'mediagoblin/auth/login.html' in template.TEMPLATE_TEST_CONTEXT
  93
  94     ## Make sure link to change password is sent by email
  95     assert len(mail.EMAIL_TEST_INBOX) == 1
  96     message = mail.EMAIL_TEST_INBOX.pop()
  97     assert message['To'] == 'chris@example.com'
  98     email_context = template.TEMPLATE_TEST_CONTEXT[
  99         'mediagoblin/auth/fp_verification_email.txt']
 100     #TODO - change the name of verification_url to something
 101     # forgot-password-ish
 102     assert email_context['verification_url'] in \
 103         message.get_payload(decode=True)
 104
 105     path = urlparse.urlsplit(email_context['verification_url'])[2]
 106     get_params = urlparse.urlsplit(email_context['verification_url'])[3]
 107     assert path == u'/auth/forgot_password/verify/'
 108     parsed_get_params = urlparse.parse_qs(get_params)
 109
 110     # user should have matching parameters
 111     new_user = mg_globals.database.User.find_one({'username': u'chris'})
 112     assert parsed_get_params['userid'] == [unicode(new_user.id)]
 113     assert parsed_get_params['token'] == [new_user.fp_verification_key]
 114
 115     ### The forgotten password token should be set to expire in ~ 10 days
 116     # A few ticks have expired so there are only 9 full days left...
 117     assert (new_user.fp_token_expire - datetime.datetime.now()).days == 9
 118
 119     ## Try using a bs password-changing verification key, shouldn't work
 120     template.clear_test_template_context()
 121     response = context_modified_app.get(
 122         "/auth/forgot_password/verify/?userid=%s&token=total_bs" % unicode(
 123             new_user.id), status=404)
 124     assert response.status.split()[0] == u'404'  # status="404 NOT FOUND"
 125
 126     ## Try using an expired token to change password, shouldn't work
 127     template.clear_test_template_context()
 128     new_user = mg_globals.database.User.find_one({'username': u'chris'})
 129     real_token_expiration = new_user.fp_token_expire
 130     new_user.fp_token_expire = datetime.datetime.now()
 131     new_user.save()
 132     response = context_modified_app.get("%s?%s" % (path, get_params),
 133                                         status=404)
 134     assert response.status.split()[0] == u'404'  # status="404 NOT FOUND"
 135     new_user.fp_token_expire = real_token_expiration
 136     new_user.save()
 137
 138     ## Verify step 1 of password-change works -- can see form to
 139     ## change password
 140     template.clear_test_template_context()
 141     response = context_modified_app.get("%s?%s" % (path, get_params))
 142     assert 'mediagoblin/plugins/basic_auth/change_fp.html' \
 143             in template.TEMPLATE_TEST_CONTEXT
 144
 145     ## Verify step 2.1 of password-change works -- report success to user
 146     template.clear_test_template_context()
 147     response = context_modified_app.post(
 148         '/auth/forgot_password/verify/', {
 149             'userid': parsed_get_params['userid'],
 150             'password': 'iamveryveryhappy',
 151             'token': parsed_get_params['token']})
 152     response.follow()
 153     assert 'mediagoblin/auth/login.html' in template.TEMPLATE_TEST_CONTEXT
 154
 155     ## Verify step 2.2 of password-change works -- login w/ new password
 156     ## success
 157     template.clear_test_template_context()
 158     response = context_modified_app.post(
 159         '/auth/login/', {
 160             'username': u'chris',
 161             'password': 'iamveryveryhappy'})
 162
 163     # User should be redirected
 164     response.follow()
 165     assert urlparse.urlsplit(response.location)[2] == '/'
 166     assert 'mediagoblin/root.html' in template.TEMPLATE_TEST_CONTEXT