|
1
|
|
|
""" |
|
2
|
|
|
:Copyright: 2006-2020 Jochen Kupperschmidt |
|
3
|
|
|
:License: Modified BSD, see LICENSE for details. |
|
4
|
|
|
""" |
|
5
|
|
|
|
|
6
|
|
|
import pytest |
|
7
|
|
|
|
|
8
|
|
|
from byceps.services.authentication.password.models import Credential |
|
9
|
|
|
from byceps.services.authentication.password import service as password_service |
|
10
|
|
|
from byceps.services.authentication.session import service as session_service |
|
11
|
|
|
|
|
12
|
|
|
from tests.helpers import http_client, login_user |
|
13
|
|
|
|
|
14
|
|
|
|
|
15
|
|
|
@pytest.fixture |
|
16
|
|
|
def user(make_user): |
|
17
|
|
|
return make_user('PasswordUpdater') |
|
18
|
|
|
|
|
19
|
|
|
|
|
20
|
|
|
def test_when_logged_in_endpoint_is_available(site_app, site, user): |
|
21
|
|
|
old_password = 'LekkerBratworsten' |
|
22
|
|
|
new_password = 'EvenMoreSecure!!1' |
|
23
|
|
|
|
|
24
|
|
|
password_service.create_password_hash(user.id, old_password) |
|
25
|
|
|
login_user(user.id) |
|
26
|
|
|
|
|
27
|
|
|
credential_before = find_credential(user.id) |
|
28
|
|
|
assert credential_before is not None |
|
29
|
|
|
|
|
30
|
|
|
password_hash_before = credential_before.password_hash |
|
31
|
|
|
credential_updated_at_before = credential_before.updated_at |
|
32
|
|
|
assert password_hash_before is not None |
|
33
|
|
|
assert credential_updated_at_before is not None |
|
34
|
|
|
|
|
35
|
|
|
session_token_before = find_session_token(user.id) |
|
36
|
|
|
assert session_token_before is not None |
|
37
|
|
|
|
|
38
|
|
|
form_data = { |
|
39
|
|
|
'old_password': old_password, |
|
40
|
|
|
'new_password': new_password, |
|
41
|
|
|
'new_password_confirmation': new_password, |
|
42
|
|
|
} |
|
43
|
|
|
|
|
44
|
|
|
response = send_request(site_app, form_data, user_id=user.id) |
|
45
|
|
|
|
|
46
|
|
|
assert response.status_code == 302 |
|
47
|
|
|
assert response.headers.get('Location') == 'http://www.acmecon.test/authentication/login' |
|
48
|
|
|
|
|
49
|
|
|
credential_after = find_credential(user.id) |
|
50
|
|
|
session_token_after = find_session_token(user.id) |
|
51
|
|
|
|
|
52
|
|
|
assert credential_after is not None |
|
53
|
|
|
assert password_hash_before != credential_after.password_hash |
|
54
|
|
|
assert credential_updated_at_before != credential_after.updated_at |
|
55
|
|
|
|
|
56
|
|
|
# Session token should have been removed after password change. |
|
57
|
|
|
assert session_token_after is None |
|
58
|
|
|
|
|
59
|
|
|
|
|
60
|
|
|
def test_when_not_logged_in_endpoint_is_unavailable(site_app, site): |
|
61
|
|
|
form_data = {} |
|
62
|
|
|
|
|
63
|
|
|
response = send_request(site_app, form_data) |
|
64
|
|
|
|
|
65
|
|
|
assert response.status_code == 404 |
|
66
|
|
|
|
|
67
|
|
|
|
|
68
|
|
|
# helpers |
|
69
|
|
|
|
|
70
|
|
|
|
|
71
|
|
|
def find_credential(user_id): |
|
72
|
|
|
return Credential.query.get(user_id) |
|
73
|
|
|
|
|
74
|
|
|
|
|
75
|
|
|
def find_session_token(user_id): |
|
76
|
|
|
return session_service.find_session_token_for_user(user_id) |
|
77
|
|
|
|
|
78
|
|
|
|
|
79
|
|
|
def send_request(app, form_data, *, user_id=None): |
|
80
|
|
|
url = '/authentication/password' |
|
81
|
|
|
with http_client(app, user_id=user_id) as client: |
|
82
|
|
|
return client.post(url, data=form_data) |
|
83
|
|
|
|
byceps /
byceps
