|
1
|
|
|
""" |
|
2
|
|
|
:Copyright: 2006-2021 Jochen Kupperschmidt |
|
3
|
|
|
:License: Revised BSD (see `LICENSE` file for details) |
|
4
|
|
|
""" |
|
5
|
|
|
|
|
6
|
|
|
import pytest |
|
7
|
|
|
|
|
8
|
|
|
from byceps.database import db |
|
9
|
|
|
from byceps.services.authorization import service as authorization_service |
|
10
|
|
|
from byceps.services.user import service as user_service |
|
11
|
|
|
from byceps.services.verification_token import ( |
|
12
|
|
|
service as verification_token_service, |
|
13
|
|
|
) |
|
14
|
|
|
|
|
15
|
|
|
from tests.helpers import http_client |
|
16
|
|
|
|
|
17
|
|
|
|
|
18
|
|
|
@pytest.fixture(scope='module') |
|
19
|
|
|
def user1(make_user): |
|
20
|
|
|
return make_user( |
|
21
|
|
|
'EAC-User1', email_address='[email protected]', initialized=False |
|
22
|
|
|
) |
|
23
|
|
|
|
|
24
|
|
|
|
|
25
|
|
|
@pytest.fixture(scope='module') |
|
26
|
|
|
def user2(make_user): |
|
27
|
|
|
return make_user('EAC-User2', initialized=False) |
|
28
|
|
|
|
|
29
|
|
|
|
|
30
|
|
|
@pytest.fixture(scope='module') |
|
31
|
|
|
def user3(make_user): |
|
32
|
|
|
return make_user( |
|
33
|
|
|
'EAC-User3', email_address='[email protected]', initialized=True |
|
34
|
|
|
) |
|
35
|
|
|
|
|
36
|
|
|
|
|
37
|
|
|
@pytest.fixture(scope='module') |
|
38
|
|
|
def user4(make_user): |
|
39
|
|
|
return make_user('EAC-User4', initialized=True) |
|
40
|
|
|
|
|
41
|
|
|
|
|
42
|
|
|
@pytest.fixture(scope='module') |
|
43
|
|
|
def user5(make_user): |
|
44
|
|
|
return make_user( |
|
45
|
|
|
'EAC-User5', email_address='[email protected]', initialized=True |
|
46
|
|
|
) |
|
47
|
|
|
|
|
48
|
|
|
|
|
49
|
|
|
@pytest.fixture |
|
50
|
|
|
def role(admin_app, site, user1, user2): |
|
51
|
|
|
role = authorization_service.create_role('board_user', 'Board User') |
|
52
|
|
|
|
|
53
|
|
|
yield role |
|
54
|
|
|
|
|
55
|
|
|
for user in user1, user2: |
|
56
|
|
|
authorization_service.deassign_all_roles_from_user(user.id) |
|
57
|
|
|
|
|
58
|
|
|
authorization_service.delete_role(role.id) |
|
59
|
|
|
|
|
60
|
|
|
|
|
61
|
|
|
def test_valid_token(site_app, user1, role): |
|
62
|
|
|
user_id = user1.id |
|
63
|
|
|
|
|
64
|
|
|
user_before = user_service.get_db_user(user_id) |
|
65
|
|
|
assert not user_before.email_address_verified |
|
66
|
|
|
assert not user_before.initialized |
|
67
|
|
|
|
|
68
|
|
|
token = create_confirmation_token(user_id, '[email protected]') |
|
69
|
|
|
|
|
70
|
|
|
# -------------------------------- # |
|
71
|
|
|
|
|
72
|
|
|
response = confirm(site_app, token) |
|
73
|
|
|
|
|
74
|
|
|
# -------------------------------- # |
|
75
|
|
|
|
|
76
|
|
|
assert response.status_code == 302 |
|
77
|
|
|
|
|
78
|
|
|
user_after = user_service.get_db_user(user_id) |
|
79
|
|
|
assert user_before.email_address_verified |
|
80
|
|
|
assert user_after.initialized |
|
81
|
|
|
|
|
82
|
|
|
assert get_role_ids(user_id) == {'board_user'} |
|
83
|
|
|
|
|
84
|
|
|
|
|
85
|
|
|
def test_unknown_token(site_app, site, user2, role): |
|
86
|
|
|
user_id = user2.id |
|
87
|
|
|
|
|
88
|
|
|
user_before = user_service.get_db_user(user_id) |
|
89
|
|
|
assert not user_before.initialized |
|
90
|
|
|
|
|
91
|
|
|
unknown_token = 'wZdSLzkT-zRf2x2T6AR7yGa3Nc_X3Nn3F3XGPvPtOhw' |
|
92
|
|
|
|
|
93
|
|
|
# -------------------------------- # |
|
94
|
|
|
|
|
95
|
|
|
response = confirm(site_app, unknown_token) |
|
96
|
|
|
|
|
97
|
|
|
# -------------------------------- # |
|
98
|
|
|
|
|
99
|
|
|
assert response.status_code == 404 |
|
100
|
|
|
|
|
101
|
|
|
user_after = user_service.get_db_user(user_id) |
|
102
|
|
|
assert not user_after.initialized |
|
103
|
|
|
|
|
104
|
|
|
assert get_role_ids(user_id) == set() |
|
105
|
|
|
|
|
106
|
|
|
|
|
107
|
|
|
def test_initialized_user(site_app, user3, role): |
|
108
|
|
|
user_id = user3.id |
|
109
|
|
|
|
|
110
|
|
|
user_before = user_service.get_db_user(user_id) |
|
111
|
|
|
assert not user_before.email_address_verified |
|
112
|
|
|
assert user_before.initialized |
|
113
|
|
|
|
|
114
|
|
|
token = create_confirmation_token(user_id, '[email protected]') |
|
115
|
|
|
|
|
116
|
|
|
# -------------------------------- # |
|
117
|
|
|
|
|
118
|
|
|
response = confirm(site_app, token) |
|
119
|
|
|
|
|
120
|
|
|
# -------------------------------- # |
|
121
|
|
|
|
|
122
|
|
|
assert response.status_code == 302 |
|
123
|
|
|
|
|
124
|
|
|
user_after = user_service.get_db_user(user_id) |
|
125
|
|
|
assert user_before.email_address_verified |
|
126
|
|
|
assert user_after.initialized |
|
127
|
|
|
|
|
128
|
|
|
|
|
129
|
|
|
def test_account_without_email_address(site_app, site, user4, role): |
|
130
|
|
|
user_id = user4.id |
|
131
|
|
|
|
|
132
|
|
|
user_with_email_address = user_service.get_db_user(user_id) |
|
133
|
|
|
user_with_email_address.email_address = None |
|
134
|
|
|
db.session.commit() |
|
135
|
|
|
|
|
136
|
|
|
user_before = user_service.get_db_user(user_id) |
|
137
|
|
|
assert user_before.email_address is None |
|
138
|
|
|
assert not user_before.email_address_verified |
|
139
|
|
|
assert user_before.initialized |
|
140
|
|
|
|
|
141
|
|
|
token = create_confirmation_token(user_id, '[email protected]') |
|
142
|
|
|
|
|
143
|
|
|
# -------------------------------- # |
|
144
|
|
|
|
|
145
|
|
|
response = confirm(site_app, token) |
|
146
|
|
|
|
|
147
|
|
|
# -------------------------------- # |
|
148
|
|
|
|
|
149
|
|
|
assert response.status_code == 302 |
|
150
|
|
|
|
|
151
|
|
|
user_after = user_service.get_db_user(user_id) |
|
152
|
|
|
assert not user_before.email_address_verified |
|
153
|
|
|
|
|
154
|
|
|
|
|
155
|
|
|
def test_different_user_and_token_email_addresses(site_app, site, user5, role): |
|
156
|
|
|
user_id = user5.id |
|
157
|
|
|
|
|
158
|
|
|
user_before = user_service.get_db_user(user_id) |
|
159
|
|
|
assert not user_before.email_address_verified |
|
160
|
|
|
assert user_before.initialized |
|
161
|
|
|
|
|
162
|
|
|
token = create_confirmation_token(user_id, '[email protected]') |
|
163
|
|
|
|
|
164
|
|
|
# -------------------------------- # |
|
165
|
|
|
|
|
166
|
|
|
response = confirm(site_app, token) |
|
167
|
|
|
|
|
168
|
|
|
# -------------------------------- # |
|
169
|
|
|
|
|
170
|
|
|
assert response.status_code == 302 |
|
171
|
|
|
|
|
172
|
|
|
user_after = user_service.get_db_user(user_id) |
|
173
|
|
|
assert not user_before.email_address_verified |
|
174
|
|
|
|
|
175
|
|
|
|
|
176
|
|
|
# helpers |
|
177
|
|
|
|
|
178
|
|
|
|
|
179
|
|
|
def confirm(app, token): |
|
180
|
|
|
url = f'/users/email_address/confirmation/{token}' |
|
181
|
|
|
with http_client(app) as client: |
|
182
|
|
|
return client.get(url) |
|
183
|
|
|
|
|
184
|
|
|
|
|
185
|
|
|
def get_role_ids(user_id): |
|
186
|
|
|
return authorization_service.find_role_ids_for_user(user_id) |
|
187
|
|
|
|
|
188
|
|
|
|
|
189
|
|
|
def create_confirmation_token(user_id, email_address): |
|
190
|
|
|
token = verification_token_service.create_for_email_address_confirmation( |
|
191
|
|
|
user_id, email_address |
|
192
|
|
|
) |
|
193
|
|
|
return token.token |
|
194
|
|
|
|
byceps /
byceps
