2022-01-01 10:56:48 +00:00
|
|
|
from datetime import datetime
|
|
|
|
from datetime import timedelta
|
|
|
|
|
|
|
|
from canaille.account import Invitation
|
2021-12-01 11:19:28 +00:00
|
|
|
from canaille.models import User
|
|
|
|
|
|
|
|
|
2022-05-19 10:36:39 +00:00
|
|
|
def test_invitation(testclient, logged_admin, foo_group, smtpd):
|
2022-05-08 14:31:17 +00:00
|
|
|
assert User.get("someone") is None
|
2021-12-01 11:19:28 +00:00
|
|
|
|
|
|
|
res = testclient.get("/invite", status=200)
|
|
|
|
|
|
|
|
res.form["uid"] = "someone"
|
2022-01-01 17:41:04 +00:00
|
|
|
res.form["uid_editable"] = False
|
2021-12-01 11:19:28 +00:00
|
|
|
res.form["mail"] = "someone@domain.tld"
|
2023-02-05 18:08:25 +00:00
|
|
|
res.form["groups"] = [foo_group.id]
|
2021-12-07 17:47:18 +00:00
|
|
|
res = res.form.submit(name="action", value="send", status=200)
|
|
|
|
assert len(smtpd.messages) == 1
|
|
|
|
|
2023-02-03 17:43:13 +00:00
|
|
|
url = res.pyquery(".copy-text")[0].value
|
2021-12-01 11:19:28 +00:00
|
|
|
|
|
|
|
# logout
|
|
|
|
with testclient.session_transaction() as sess:
|
2022-12-29 00:10:07 +00:00
|
|
|
del sess["user_id"]
|
2021-12-01 11:19:28 +00:00
|
|
|
|
|
|
|
res = testclient.get(url, status=200)
|
|
|
|
|
|
|
|
assert res.form["uid"].value == "someone"
|
2022-01-01 17:41:04 +00:00
|
|
|
assert res.form["uid"].attrs["readonly"]
|
2021-12-01 11:19:28 +00:00
|
|
|
assert res.form["mail"].value == "someone@domain.tld"
|
2023-02-05 18:08:25 +00:00
|
|
|
assert res.form["groups"].value == [foo_group.id]
|
2021-12-01 11:19:28 +00:00
|
|
|
|
|
|
|
res.form["password1"] = "whatever"
|
|
|
|
res.form["password2"] = "whatever"
|
|
|
|
res.form["givenName"] = "George"
|
|
|
|
res.form["sn"] = "Abitbol"
|
|
|
|
|
|
|
|
res = res.form.submit(status=302)
|
|
|
|
|
2023-03-16 15:25:14 +00:00
|
|
|
assert ("success", "Your account has been created successfuly.") in res.flashes
|
|
|
|
res = res.follow(status=200)
|
2022-01-01 17:41:04 +00:00
|
|
|
|
2022-05-08 14:31:17 +00:00
|
|
|
user = User.get("someone")
|
|
|
|
user.load_groups()
|
|
|
|
foo_group.reload()
|
|
|
|
assert user.check_password("whatever")
|
|
|
|
assert user.groups == [foo_group]
|
2021-12-01 11:19:28 +00:00
|
|
|
|
|
|
|
with testclient.session_transaction() as sess:
|
2022-12-29 00:10:07 +00:00
|
|
|
assert "user_id" in sess
|
|
|
|
del sess["user_id"]
|
2021-12-01 11:19:28 +00:00
|
|
|
|
|
|
|
res = testclient.get(url, status=302)
|
2023-02-26 18:47:27 +00:00
|
|
|
user.delete()
|
2021-12-01 11:19:28 +00:00
|
|
|
|
|
|
|
|
2022-05-19 10:36:39 +00:00
|
|
|
def test_invitation_editable_uid(testclient, logged_admin, foo_group, smtpd):
|
2022-05-08 14:31:17 +00:00
|
|
|
assert User.get("jackyjack") is None
|
|
|
|
assert User.get("djorje") is None
|
2022-01-01 17:41:04 +00:00
|
|
|
|
|
|
|
res = testclient.get("/invite", status=200)
|
|
|
|
|
|
|
|
res.form["uid"] = "jackyjack"
|
|
|
|
res.form["uid_editable"] = True
|
|
|
|
res.form["mail"] = "jackyjack@domain.tld"
|
2023-02-05 18:08:25 +00:00
|
|
|
res.form["groups"] = [foo_group.id]
|
2022-01-01 17:41:04 +00:00
|
|
|
res = res.form.submit(name="action", value="send", status=200)
|
|
|
|
assert len(smtpd.messages) == 1
|
|
|
|
|
2023-02-03 17:43:13 +00:00
|
|
|
url = res.pyquery(".copy-text")[0].value
|
2022-01-01 17:41:04 +00:00
|
|
|
|
|
|
|
# logout
|
|
|
|
with testclient.session_transaction() as sess:
|
2022-12-29 00:10:07 +00:00
|
|
|
del sess["user_id"]
|
2022-01-01 17:41:04 +00:00
|
|
|
|
|
|
|
res = testclient.get(url, status=200)
|
|
|
|
|
|
|
|
assert res.form["uid"].value == "jackyjack"
|
|
|
|
assert "readonly" not in res.form["uid"].attrs
|
|
|
|
assert res.form["mail"].value == "jackyjack@domain.tld"
|
2023-02-05 18:08:25 +00:00
|
|
|
assert res.form["groups"].value == [foo_group.id]
|
2022-01-01 17:41:04 +00:00
|
|
|
|
|
|
|
res.form["uid"] = "djorje"
|
|
|
|
res.form["password1"] = "whatever"
|
|
|
|
res.form["password2"] = "whatever"
|
|
|
|
res.form["givenName"] = "George"
|
|
|
|
res.form["sn"] = "Abitbol"
|
|
|
|
|
|
|
|
res = res.form.submit(status=302)
|
|
|
|
|
2023-03-16 15:25:14 +00:00
|
|
|
assert ("success", "Your account has been created successfuly.") in res.flashes
|
|
|
|
res = res.follow(status=200)
|
2022-01-01 17:41:04 +00:00
|
|
|
|
2022-05-08 14:31:17 +00:00
|
|
|
user = User.get("djorje")
|
|
|
|
user.load_groups()
|
|
|
|
foo_group.reload()
|
|
|
|
assert user.check_password("whatever")
|
|
|
|
assert user.groups == [foo_group]
|
2022-01-01 17:41:04 +00:00
|
|
|
|
|
|
|
with testclient.session_transaction() as sess:
|
2022-12-29 00:10:07 +00:00
|
|
|
assert "user_id" in sess
|
|
|
|
del sess["user_id"]
|
2023-02-26 18:47:27 +00:00
|
|
|
user.delete()
|
2022-01-01 17:41:04 +00:00
|
|
|
|
|
|
|
|
2022-05-19 10:36:39 +00:00
|
|
|
def test_generate_link(testclient, logged_admin, foo_group, smtpd):
|
2022-05-08 14:31:17 +00:00
|
|
|
assert User.get("sometwo") is None
|
2021-12-07 17:47:18 +00:00
|
|
|
|
|
|
|
res = testclient.get("/invite", status=200)
|
|
|
|
|
|
|
|
res.form["uid"] = "sometwo"
|
|
|
|
res.form["mail"] = "sometwo@domain.tld"
|
2023-02-05 18:08:25 +00:00
|
|
|
res.form["groups"] = [foo_group.id]
|
2021-12-07 17:47:18 +00:00
|
|
|
res = res.form.submit(name="action", value="generate", status=200)
|
|
|
|
assert len(smtpd.messages) == 0
|
|
|
|
|
2023-02-03 17:43:13 +00:00
|
|
|
url = res.pyquery(".copy-text")[0].value
|
2021-12-07 17:47:18 +00:00
|
|
|
|
|
|
|
# logout
|
|
|
|
with testclient.session_transaction() as sess:
|
2022-12-29 00:10:07 +00:00
|
|
|
del sess["user_id"]
|
2021-12-07 17:47:18 +00:00
|
|
|
|
|
|
|
res = testclient.get(url, status=200)
|
|
|
|
|
|
|
|
assert res.form["uid"].value == "sometwo"
|
|
|
|
assert res.form["mail"].value == "sometwo@domain.tld"
|
2023-02-05 18:08:25 +00:00
|
|
|
assert res.form["groups"].value == [foo_group.id]
|
2021-12-07 17:47:18 +00:00
|
|
|
|
|
|
|
res.form["password1"] = "whatever"
|
|
|
|
res.form["password2"] = "whatever"
|
|
|
|
res.form["givenName"] = "George"
|
|
|
|
res.form["sn"] = "Abitbol"
|
|
|
|
|
|
|
|
res = res.form.submit(status=302)
|
|
|
|
res = res.follow(status=200)
|
|
|
|
|
2022-05-08 14:31:17 +00:00
|
|
|
user = User.get("sometwo")
|
|
|
|
user.load_groups()
|
|
|
|
foo_group.reload()
|
|
|
|
assert user.check_password("whatever")
|
|
|
|
assert user.groups == [foo_group]
|
2021-12-07 17:47:18 +00:00
|
|
|
|
|
|
|
with testclient.session_transaction() as sess:
|
2022-12-29 00:10:07 +00:00
|
|
|
assert "user_id" in sess
|
|
|
|
del sess["user_id"]
|
2021-12-07 17:47:18 +00:00
|
|
|
|
|
|
|
res = testclient.get(url, status=302)
|
2023-02-26 18:47:27 +00:00
|
|
|
user.delete()
|
2021-12-07 17:47:18 +00:00
|
|
|
|
|
|
|
|
2022-05-19 10:36:39 +00:00
|
|
|
def test_invitation_login_already_taken(testclient, logged_admin):
|
2021-12-01 11:19:28 +00:00
|
|
|
res = testclient.get("/invite", status=200)
|
|
|
|
|
|
|
|
res.form["uid"] = logged_admin.uid
|
|
|
|
res.form["mail"] = logged_admin.mail[0]
|
2021-12-07 17:47:18 +00:00
|
|
|
res = res.form.submit(name="action", value="send", status=200)
|
2021-12-01 11:19:28 +00:00
|
|
|
|
2023-03-16 15:25:14 +00:00
|
|
|
res.mustcontain("The login 'admin' already exists")
|
|
|
|
res.mustcontain("The email 'jane@doe.com' already exists")
|
2021-12-01 11:19:28 +00:00
|
|
|
|
|
|
|
|
2022-05-19 10:36:39 +00:00
|
|
|
def test_registration(testclient, foo_group):
|
2022-05-08 14:31:17 +00:00
|
|
|
invitation = Invitation(
|
|
|
|
datetime.now().isoformat(),
|
|
|
|
"someoneelse",
|
|
|
|
False,
|
|
|
|
"someone@mydomain.tld",
|
2023-02-05 18:08:25 +00:00
|
|
|
[foo_group.id],
|
2022-05-08 14:31:17 +00:00
|
|
|
)
|
|
|
|
b64 = invitation.b64()
|
|
|
|
hash = invitation.profile_hash()
|
2021-12-01 11:19:28 +00:00
|
|
|
|
2022-01-01 10:56:48 +00:00
|
|
|
testclient.get(f"/register/{b64}/{hash}", status=200)
|
2021-12-01 11:19:28 +00:00
|
|
|
|
|
|
|
|
2022-05-19 10:36:39 +00:00
|
|
|
def test_registration_invalid_hash(testclient, foo_group):
|
2022-05-08 14:31:17 +00:00
|
|
|
now = datetime.now().isoformat()
|
|
|
|
invitation = Invitation(
|
2023-02-05 18:08:25 +00:00
|
|
|
now, "anything", False, "someone@mydomain.tld", [foo_group.id]
|
2022-05-08 14:31:17 +00:00
|
|
|
)
|
|
|
|
b64 = invitation.b64()
|
2021-12-01 11:19:28 +00:00
|
|
|
|
2022-01-01 17:41:04 +00:00
|
|
|
testclient.get(f"/register/{b64}/invalid", status=302)
|
2022-01-01 10:56:48 +00:00
|
|
|
|
|
|
|
|
2022-05-19 10:36:39 +00:00
|
|
|
def test_registration_invalid_data(testclient, foo_group):
|
2022-05-08 14:31:17 +00:00
|
|
|
invitation = Invitation(
|
|
|
|
datetime.now().isoformat(),
|
|
|
|
"someoneelse",
|
|
|
|
False,
|
|
|
|
"someone@mydomain.tld",
|
2023-02-05 18:08:25 +00:00
|
|
|
[foo_group.id],
|
2022-05-08 14:31:17 +00:00
|
|
|
)
|
|
|
|
hash = invitation.profile_hash()
|
2022-01-01 10:56:48 +00:00
|
|
|
|
2022-01-01 17:41:04 +00:00
|
|
|
testclient.get(f"/register/invalid/{hash}", status=302)
|
2022-01-01 10:56:48 +00:00
|
|
|
|
|
|
|
|
2022-05-19 10:36:39 +00:00
|
|
|
def test_registration_more_than_48_hours_after_invitation(testclient, foo_group):
|
2022-05-08 14:31:17 +00:00
|
|
|
two_days_ago = datetime.now() - timedelta(hours=48)
|
|
|
|
invitation = Invitation(
|
|
|
|
two_days_ago.isoformat(),
|
|
|
|
"someoneelse",
|
|
|
|
False,
|
|
|
|
"someone@mydomain.tld",
|
2023-02-05 18:08:25 +00:00
|
|
|
[foo_group.id],
|
2022-05-08 14:31:17 +00:00
|
|
|
)
|
|
|
|
hash = invitation.profile_hash()
|
|
|
|
b64 = invitation.b64()
|
2022-01-01 10:56:48 +00:00
|
|
|
|
|
|
|
testclient.get(f"/register/{b64}/{hash}", status=302)
|
2021-12-01 11:19:28 +00:00
|
|
|
|
|
|
|
|
2022-05-19 10:36:39 +00:00
|
|
|
def test_registration_no_password(testclient, foo_group):
|
2022-05-08 14:31:17 +00:00
|
|
|
invitation = Invitation(
|
|
|
|
datetime.now().isoformat(),
|
|
|
|
"someoneelse",
|
|
|
|
False,
|
|
|
|
"someone@mydomain.tld",
|
2023-02-05 18:08:25 +00:00
|
|
|
[foo_group.id],
|
2022-05-08 14:31:17 +00:00
|
|
|
)
|
|
|
|
hash = invitation.profile_hash()
|
|
|
|
b64 = invitation.b64()
|
|
|
|
url = f"/register/{b64}/{hash}"
|
2021-12-01 11:19:28 +00:00
|
|
|
|
|
|
|
res = testclient.get(url, status=200)
|
|
|
|
assert "required" in res.form["password1"].attrs
|
|
|
|
assert "required" in res.form["password2"].attrs
|
|
|
|
|
|
|
|
res = res.form.submit(status=200)
|
2023-03-16 15:25:14 +00:00
|
|
|
res.mustcontain("This field is required.")
|
2021-12-01 11:19:28 +00:00
|
|
|
|
2022-05-08 14:31:17 +00:00
|
|
|
assert not User.get("someoneelse")
|
2021-12-01 11:19:28 +00:00
|
|
|
|
|
|
|
with testclient.session_transaction() as sess:
|
2022-12-29 00:10:07 +00:00
|
|
|
assert "user_id" not in sess
|
2021-12-01 11:19:28 +00:00
|
|
|
|
|
|
|
|
2022-05-19 10:36:39 +00:00
|
|
|
def test_no_registration_if_logged_in(testclient, logged_user, foo_group):
|
2022-05-08 14:31:17 +00:00
|
|
|
invitation = Invitation(
|
|
|
|
datetime.now().isoformat(),
|
|
|
|
"someoneelse",
|
|
|
|
False,
|
|
|
|
"someone@mydomain.tld",
|
2023-02-05 18:08:25 +00:00
|
|
|
[foo_group.id],
|
2022-05-08 14:31:17 +00:00
|
|
|
)
|
|
|
|
hash = invitation.profile_hash()
|
|
|
|
b64 = invitation.b64()
|
|
|
|
url = f"/register/{b64}/{hash}"
|
2021-12-01 11:19:28 +00:00
|
|
|
|
|
|
|
testclient.get(url, status=302)
|
2021-12-07 15:39:18 +00:00
|
|
|
|
|
|
|
|
|
|
|
def test_unavailable_if_no_smtp(testclient, logged_admin):
|
|
|
|
res = testclient.get("/users")
|
2023-03-15 16:27:32 +00:00
|
|
|
res.mustcontain("Invite")
|
2021-12-07 15:39:18 +00:00
|
|
|
res = testclient.get("/profile")
|
2023-03-15 16:27:32 +00:00
|
|
|
res.mustcontain("Invite")
|
2021-12-07 15:39:18 +00:00
|
|
|
testclient.get("/invite")
|
|
|
|
|
|
|
|
del testclient.app.config["SMTP"]
|
|
|
|
|
|
|
|
res = testclient.get("/users")
|
2023-03-15 16:27:32 +00:00
|
|
|
res.mustcontain(no="Invite")
|
2021-12-07 15:39:18 +00:00
|
|
|
res = testclient.get("/profile")
|
2023-03-15 16:27:32 +00:00
|
|
|
res.mustcontain(no="Invite")
|
2021-12-07 15:39:18 +00:00
|
|
|
testclient.get("/invite", status=500, expect_errors=True)
|
2022-03-04 17:13:57 +00:00
|
|
|
|
|
|
|
|
|
|
|
def test_groups_are_saved_even_when_user_does_not_have_read_permission(
|
2022-05-19 10:36:39 +00:00
|
|
|
testclient, foo_group
|
2022-03-04 17:13:57 +00:00
|
|
|
):
|
|
|
|
testclient.app.config["ACL"]["DEFAULT"]["READ"] = [
|
|
|
|
"uid"
|
|
|
|
] # remove groups from default read permissions
|
|
|
|
|
2022-05-08 14:31:17 +00:00
|
|
|
invitation = Invitation(
|
|
|
|
datetime.now().isoformat(),
|
|
|
|
"someoneelse",
|
|
|
|
False,
|
|
|
|
"someone@mydomain.tld",
|
2023-02-05 18:08:25 +00:00
|
|
|
[foo_group.id],
|
2022-05-08 14:31:17 +00:00
|
|
|
)
|
|
|
|
b64 = invitation.b64()
|
|
|
|
hash = invitation.profile_hash()
|
2022-03-04 17:13:57 +00:00
|
|
|
|
|
|
|
res = testclient.get(f"/register/{b64}/{hash}", status=200)
|
|
|
|
|
2023-02-05 18:08:25 +00:00
|
|
|
assert res.form["groups"].value == [foo_group.id]
|
2022-03-04 17:13:57 +00:00
|
|
|
assert res.form["groups"].attrs["readonly"]
|
|
|
|
|
|
|
|
res.form["password1"] = "whatever"
|
|
|
|
res.form["password2"] = "whatever"
|
|
|
|
res.form["givenName"] = "George"
|
|
|
|
res.form["sn"] = "Abitbol"
|
|
|
|
|
|
|
|
res = res.form.submit(status=302)
|
|
|
|
res = res.follow(status=200)
|
|
|
|
|
2022-05-08 14:31:17 +00:00
|
|
|
user = User.get("someoneelse")
|
|
|
|
user.load_groups()
|
|
|
|
foo_group.reload()
|
|
|
|
assert user.groups == [foo_group]
|
2023-02-26 18:47:27 +00:00
|
|
|
user.delete()
|