1
|
|
|
""" |
2
|
|
|
:Copyright: 2006-2020 Jochen Kupperschmidt |
3
|
|
|
:License: Modified BSD, see LICENSE for details. |
4
|
|
|
""" |
5
|
|
|
|
6
|
|
|
import pytest |
7
|
|
|
|
8
|
|
|
from byceps.services.authentication.password.models import Credential |
9
|
|
|
from byceps.services.authentication.password import service as password_service |
10
|
|
|
from byceps.services.authentication.session import service as session_service |
11
|
|
|
|
12
|
|
|
from tests.helpers import http_client, login_user |
13
|
|
|
|
14
|
|
|
|
15
|
|
|
@pytest.fixture |
16
|
|
|
def user(make_user): |
17
|
|
|
return make_user('PasswordUpdater') |
18
|
|
|
|
19
|
|
|
|
20
|
|
|
def test_when_logged_in_endpoint_is_available(site_app, site, user): |
21
|
|
|
old_password = 'LekkerBratworsten' |
22
|
|
|
new_password = 'EvenMoreSecure!!1' |
23
|
|
|
|
24
|
|
|
password_service.create_password_hash(user.id, old_password) |
25
|
|
|
login_user(user.id) |
26
|
|
|
|
27
|
|
|
credential_before = find_credential(user.id) |
28
|
|
|
assert credential_before is not None |
29
|
|
|
|
30
|
|
|
password_hash_before = credential_before.password_hash |
31
|
|
|
credential_updated_at_before = credential_before.updated_at |
32
|
|
|
assert password_hash_before is not None |
33
|
|
|
assert credential_updated_at_before is not None |
34
|
|
|
|
35
|
|
|
session_token_before = find_session_token(user.id) |
36
|
|
|
assert session_token_before is not None |
37
|
|
|
|
38
|
|
|
form_data = { |
39
|
|
|
'old_password': old_password, |
40
|
|
|
'new_password': new_password, |
41
|
|
|
'new_password_confirmation': new_password, |
42
|
|
|
} |
43
|
|
|
|
44
|
|
|
response = send_request(site_app, form_data, user_id=user.id) |
45
|
|
|
|
46
|
|
|
assert response.status_code == 302 |
47
|
|
|
assert response.headers.get('Location') == 'http://www.acmecon.test/authentication/login' |
48
|
|
|
|
49
|
|
|
credential_after = find_credential(user.id) |
50
|
|
|
session_token_after = find_session_token(user.id) |
51
|
|
|
|
52
|
|
|
assert credential_after is not None |
53
|
|
|
assert password_hash_before != credential_after.password_hash |
54
|
|
|
assert credential_updated_at_before != credential_after.updated_at |
55
|
|
|
|
56
|
|
|
# Session token should have been removed after password change. |
57
|
|
|
assert session_token_after is None |
58
|
|
|
|
59
|
|
|
|
60
|
|
|
def test_when_not_logged_in_endpoint_is_unavailable(site_app, site): |
61
|
|
|
form_data = {} |
62
|
|
|
|
63
|
|
|
response = send_request(site_app, form_data) |
64
|
|
|
|
65
|
|
|
assert response.status_code == 404 |
66
|
|
|
|
67
|
|
|
|
68
|
|
|
# helpers |
69
|
|
|
|
70
|
|
|
|
71
|
|
|
def find_credential(user_id): |
72
|
|
|
return Credential.query.get(user_id) |
73
|
|
|
|
74
|
|
|
|
75
|
|
|
def find_session_token(user_id): |
76
|
|
|
return session_service.find_session_token_for_user(user_id) |
77
|
|
|
|
78
|
|
|
|
79
|
|
|
def send_request(app, form_data, *, user_id=None): |
80
|
|
|
url = '/authentication/password' |
81
|
|
|
with http_client(app, user_id=user_id) as client: |
82
|
|
|
return client.post(url, data=form_data) |
83
|
|
|
|