1
|
|
|
""" |
2
|
|
|
:Copyright: 2006-2021 Jochen Kupperschmidt |
3
|
|
|
:License: Revised BSD (see `LICENSE` file for details) |
4
|
|
|
""" |
5
|
|
|
|
6
|
|
|
import pytest |
7
|
|
|
|
8
|
|
|
from byceps.database import db |
9
|
|
|
from byceps.services.authorization import service as authorization_service |
10
|
|
|
from byceps.services.user import service as user_service |
11
|
|
|
from byceps.services.verification_token import ( |
12
|
|
|
service as verification_token_service, |
13
|
|
|
) |
14
|
|
|
|
15
|
|
|
from tests.helpers import http_client |
16
|
|
|
|
17
|
|
|
|
18
|
|
|
@pytest.fixture(scope='module') |
19
|
|
|
def user1(make_user): |
20
|
|
|
return make_user( |
21
|
|
|
'EAC-User1', email_address='[email protected]', initialized=False |
22
|
|
|
) |
23
|
|
|
|
24
|
|
|
|
25
|
|
|
@pytest.fixture(scope='module') |
26
|
|
|
def user2(make_user): |
27
|
|
|
return make_user('EAC-User2', initialized=False) |
28
|
|
|
|
29
|
|
|
|
30
|
|
|
@pytest.fixture(scope='module') |
31
|
|
|
def user3(make_user): |
32
|
|
|
return make_user( |
33
|
|
|
'EAC-User3', email_address='[email protected]', initialized=True |
34
|
|
|
) |
35
|
|
|
|
36
|
|
|
|
37
|
|
|
@pytest.fixture(scope='module') |
38
|
|
|
def user4(make_user): |
39
|
|
|
return make_user('EAC-User4', initialized=True) |
40
|
|
|
|
41
|
|
|
|
42
|
|
|
@pytest.fixture(scope='module') |
43
|
|
|
def user5(make_user): |
44
|
|
|
return make_user( |
45
|
|
|
'EAC-User5', email_address='[email protected]', initialized=True |
46
|
|
|
) |
47
|
|
|
|
48
|
|
|
|
49
|
|
|
@pytest.fixture |
50
|
|
|
def role(admin_app, site, user1, user2): |
51
|
|
|
role = authorization_service.create_role('board_user', 'Board User') |
52
|
|
|
|
53
|
|
|
yield role |
54
|
|
|
|
55
|
|
|
for user in user1, user2: |
56
|
|
|
authorization_service.deassign_all_roles_from_user(user.id) |
57
|
|
|
|
58
|
|
|
authorization_service.delete_role(role.id) |
59
|
|
|
|
60
|
|
|
|
61
|
|
|
def test_valid_token(site_app, user1, role): |
62
|
|
|
user_id = user1.id |
63
|
|
|
|
64
|
|
|
user_before = user_service.get_db_user(user_id) |
65
|
|
|
assert not user_before.email_address_verified |
66
|
|
|
assert not user_before.initialized |
67
|
|
|
|
68
|
|
|
token = create_verification_token(user_id, '[email protected]') |
69
|
|
|
|
70
|
|
|
# -------------------------------- # |
71
|
|
|
|
72
|
|
|
response = confirm(site_app, token) |
73
|
|
|
|
74
|
|
|
# -------------------------------- # |
75
|
|
|
|
76
|
|
|
assert response.status_code == 302 |
77
|
|
|
|
78
|
|
|
user_after = user_service.get_db_user(user_id) |
79
|
|
|
assert user_after.email_address_verified |
80
|
|
|
assert user_after.initialized |
81
|
|
|
|
82
|
|
|
assert get_role_ids(user_id) == {'board_user'} |
83
|
|
|
|
84
|
|
|
|
85
|
|
|
def test_unknown_token(site_app, site, user2, role): |
86
|
|
|
user_id = user2.id |
87
|
|
|
|
88
|
|
|
user_before = user_service.get_db_user(user_id) |
89
|
|
|
assert not user_before.initialized |
90
|
|
|
|
91
|
|
|
unknown_token = 'wZdSLzkT-zRf2x2T6AR7yGa3Nc_X3Nn3F3XGPvPtOhw' |
92
|
|
|
|
93
|
|
|
# -------------------------------- # |
94
|
|
|
|
95
|
|
|
response = confirm(site_app, unknown_token) |
96
|
|
|
|
97
|
|
|
# -------------------------------- # |
98
|
|
|
|
99
|
|
|
assert response.status_code == 404 |
100
|
|
|
|
101
|
|
|
user_after = user_service.get_db_user(user_id) |
102
|
|
|
assert not user_after.initialized |
103
|
|
|
|
104
|
|
|
assert get_role_ids(user_id) == set() |
105
|
|
|
|
106
|
|
|
|
107
|
|
|
def test_initialized_user(site_app, user3, role): |
108
|
|
|
user_id = user3.id |
109
|
|
|
|
110
|
|
|
user_before = user_service.get_db_user(user_id) |
111
|
|
|
assert not user_before.email_address_verified |
112
|
|
|
assert user_before.initialized |
113
|
|
|
|
114
|
|
|
token = create_verification_token(user_id, '[email protected]') |
115
|
|
|
|
116
|
|
|
# -------------------------------- # |
117
|
|
|
|
118
|
|
|
response = confirm(site_app, token) |
119
|
|
|
|
120
|
|
|
# -------------------------------- # |
121
|
|
|
|
122
|
|
|
assert response.status_code == 302 |
123
|
|
|
|
124
|
|
|
user_after = user_service.get_db_user(user_id) |
125
|
|
|
assert user_after.email_address_verified |
126
|
|
|
assert user_after.initialized |
127
|
|
|
|
128
|
|
|
|
129
|
|
|
def test_account_without_email_address(site_app, site, user4, role): |
130
|
|
|
user_id = user4.id |
131
|
|
|
|
132
|
|
|
user_with_email_address = user_service.get_db_user(user_id) |
133
|
|
|
user_with_email_address.email_address = None |
134
|
|
|
db.session.commit() |
135
|
|
|
|
136
|
|
|
user_before = user_service.get_db_user(user_id) |
137
|
|
|
assert user_before.email_address is None |
138
|
|
|
assert not user_before.email_address_verified |
139
|
|
|
assert user_before.initialized |
140
|
|
|
|
141
|
|
|
token = create_verification_token(user_id, '[email protected]') |
142
|
|
|
|
143
|
|
|
# -------------------------------- # |
144
|
|
|
|
145
|
|
|
response = confirm(site_app, token) |
146
|
|
|
|
147
|
|
|
# -------------------------------- # |
148
|
|
|
|
149
|
|
|
assert response.status_code == 302 |
150
|
|
|
|
151
|
|
|
user_after = user_service.get_db_user(user_id) |
152
|
|
|
assert not user_after.email_address_verified |
153
|
|
|
|
154
|
|
|
|
155
|
|
|
def test_different_user_and_token_email_addresses(site_app, site, user5, role): |
156
|
|
|
user_id = user5.id |
157
|
|
|
|
158
|
|
|
user_before = user_service.get_db_user(user_id) |
159
|
|
|
assert not user_before.email_address_verified |
160
|
|
|
assert user_before.initialized |
161
|
|
|
|
162
|
|
|
token = create_verification_token(user_id, '[email protected]') |
163
|
|
|
|
164
|
|
|
# -------------------------------- # |
165
|
|
|
|
166
|
|
|
response = confirm(site_app, token) |
167
|
|
|
|
168
|
|
|
# -------------------------------- # |
169
|
|
|
|
170
|
|
|
assert response.status_code == 302 |
171
|
|
|
|
172
|
|
|
user_after = user_service.get_db_user(user_id) |
173
|
|
|
assert not user_after.email_address_verified |
174
|
|
|
|
175
|
|
|
|
176
|
|
|
# helpers |
177
|
|
|
|
178
|
|
|
|
179
|
|
|
def confirm(app, token): |
180
|
|
|
url = f'/users/email_address/confirmation/{token}' |
181
|
|
|
with http_client(app) as client: |
182
|
|
|
return client.get(url) |
183
|
|
|
|
184
|
|
|
|
185
|
|
|
def get_role_ids(user_id): |
186
|
|
|
return authorization_service.find_role_ids_for_user(user_id) |
187
|
|
|
|
188
|
|
|
|
189
|
|
|
def create_verification_token(user_id, email_address): |
190
|
|
|
token = verification_token_service.create_for_email_address_confirmation( |
191
|
|
|
user_id, email_address |
192
|
|
|
) |
193
|
|
|
return token.token |
194
|
|
|
|