|
1
|
|
|
# -*- coding: utf-8 -*- |
|
2
|
|
|
""" |
|
3
|
|
|
Integration tests for the :mod:`repoze.who`-powered authentication sub-system. |
|
4
|
|
|
|
|
5
|
|
|
As pyjobsweb grows and the authentication method changes, only these tests |
|
6
|
|
|
should be updated. |
|
7
|
|
|
|
|
8
|
|
|
""" |
|
9
|
|
|
from __future__ import unicode_literals |
|
10
|
|
|
|
|
11
|
|
|
from nose.tools import eq_, ok_ |
|
12
|
|
|
|
|
13
|
|
|
from pyjobsweb.tests import TestController |
|
14
|
|
|
|
|
15
|
|
|
|
|
16
|
|
|
class TestAuthentication(TestController): |
|
17
|
|
|
""" |
|
18
|
|
|
Tests for the default authentication setup. |
|
19
|
|
|
|
|
20
|
|
|
If your application changes how the authentication layer is configured |
|
21
|
|
|
those tests should be updated accordingly |
|
22
|
|
|
""" |
|
23
|
|
|
|
|
24
|
|
|
application_under_test = 'main' |
|
25
|
|
|
|
|
26
|
|
View Code Duplication |
def test_forced_login(self): |
|
|
|
|
|
|
27
|
|
|
"""Anonymous users are forced to login |
|
28
|
|
|
|
|
29
|
|
|
Test that anonymous users are automatically redirected to the login |
|
30
|
|
|
form when authorization is denied. Next, upon successful login they |
|
31
|
|
|
should be redirected to the initially requested page. |
|
32
|
|
|
|
|
33
|
|
|
""" |
|
34
|
|
|
# Requesting a protected area |
|
35
|
|
|
resp = self.app.get('/secc/', status=302) |
|
36
|
|
|
ok_(resp.location.startswith('http://localhost/login')) |
|
37
|
|
|
# Getting the login form: |
|
38
|
|
|
resp = resp.follow(status=200) |
|
39
|
|
|
form = resp.form |
|
40
|
|
|
# Submitting the login form: |
|
41
|
|
|
form['login'] = 'manager' |
|
42
|
|
|
form['password'] = 'managepass' |
|
43
|
|
|
post_login = form.submit(status=302) |
|
44
|
|
|
# Being redirected to the initially requested page: |
|
45
|
|
|
ok_(post_login.location.startswith('http://localhost/post_login')) |
|
46
|
|
|
initial_page = post_login.follow(status=302) |
|
47
|
|
|
ok_('authtkt' in initial_page.request.cookies, |
|
48
|
|
|
"Session cookie wasn't defined: %s" % initial_page.request.cookies) |
|
49
|
|
|
ok_(initial_page.location.startswith('http://localhost/secc/'), |
|
50
|
|
|
initial_page.location) |
|
51
|
|
|
|
|
52
|
|
View Code Duplication |
def test_voluntary_login(self): |
|
|
|
|
|
|
53
|
|
|
"""Voluntary logins must work correctly""" |
|
54
|
|
|
# Going to the login form voluntarily: |
|
55
|
|
|
resp = self.app.get('/login', status=200) |
|
56
|
|
|
form = resp.form |
|
57
|
|
|
# Submitting the login form: |
|
58
|
|
|
form['login'] = 'manager' |
|
59
|
|
|
form['password'] = 'managepass' |
|
60
|
|
|
post_login = form.submit(status=302) |
|
61
|
|
|
# Being redirected to the home page: |
|
62
|
|
|
ok_(post_login.location.startswith('http://localhost/post_login')) |
|
63
|
|
|
home_page = post_login.follow(status=302) |
|
64
|
|
|
ok_('authtkt' in home_page.request.cookies, |
|
65
|
|
|
'Session cookie was not defined: %s' % home_page.request.cookies) |
|
66
|
|
|
eq_(home_page.location, 'http://localhost/') |
|
67
|
|
|
|
|
68
|
|
|
def test_logout(self): |
|
69
|
|
|
"""Logouts must work correctly""" |
|
70
|
|
|
# Logging in voluntarily the quick way: |
|
71
|
|
|
resp = self.app.get('/login_handler?login=manager&password=managepass', |
|
72
|
|
|
status=302) |
|
73
|
|
|
resp = resp.follow(status=302) |
|
74
|
|
|
ok_('authtkt' in resp.request.cookies, |
|
75
|
|
|
'Session cookie was not defined: %s' % resp.request.cookies) |
|
76
|
|
|
# Logging out: |
|
77
|
|
|
resp = self.app.get('/logout_handler', status=302) |
|
78
|
|
|
ok_(resp.location.startswith('http://localhost/post_logout')) |
|
79
|
|
|
# Finally, redirected to the home page: |
|
80
|
|
|
home_page = resp.follow(status=302) |
|
81
|
|
|
authtkt = home_page.request.cookies.get('authtkt') |
|
82
|
|
|
ok_(not authtkt or authtkt == 'INVALID', |
|
83
|
|
|
'Session cookie was not deleted: %s' % home_page.request.cookies) |
|
84
|
|
|
eq_(home_page.location, 'http://localhost/') |
|
85
|
|
|
|
|
86
|
|
|
def test_failed_login_keeps_username(self): |
|
87
|
|
|
"""Wrong password keeps user_name in login form""" |
|
88
|
|
|
resp = self.app.get('/login_handler?login=manager&password=badpassword', |
|
89
|
|
|
status=302) |
|
90
|
|
|
resp = resp.follow(status=200) |
|
91
|
|
|
ok_('Invalid Password' in resp, resp) |
|
92
|
|
|
eq_(resp.form['login'].value, 'manager') |
|
93
|
|
|
|
pyjobs /
web
Loading history...