canaille-globuzma/tests/test_profile.py

import mock
from canaille.models import User


def test_profile(testclient, slapd_connection, logged_user):
    res = testclient.get("/profile/user", status=200)

    res.form["uid"] = "user"
    res.form["givenName"] = "given_name"
    res.form["sn"] = "family_name"
    res.form["mail"] = "email@mydomain.tld"
    res.form["telephoneNumber"] = "555-666-777"
    res.form["employeeNumber"] = 666

    res = res.form.submit(name="action", value="edit", status=200)
    assert "Profile updated successfuly." in res, str(res)

    logged_user.reload(slapd_connection)

    assert ["user"] == logged_user.uid
    assert ["given_name"] == logged_user.givenName
    assert ["family_name"] == logged_user.sn
    assert ["email@mydomain.tld"] == logged_user.mail
    assert ["555-666-777"] == logged_user.telephoneNumber
    assert "666" == logged_user.employeeNumber

    with testclient.app.app_context():
        assert logged_user.check_password("correct horse battery staple")


def test_bad_email(testclient, slapd_connection, logged_user):
    res = testclient.get("/profile/user", status=200)

    res.form["mail"] = "john@doe.com"

    res = res.form.submit(name="action", value="edit", status=200)

    assert ["john@doe.com"] == logged_user.mail

    res = testclient.get("/profile/user", status=200)

    res.form["mail"] = "yolo"

    res = res.form.submit(name="action", value="edit", status=200)

    logged_user.reload(slapd_connection)

    assert ["john@doe.com"] == logged_user.mail


def test_password_change(testclient, slapd_connection, logged_user):
    res = testclient.get("/profile/user", status=200)

    res.form["password1"] = "new_password"
    res.form["password2"] = "new_password"

    res = res.form.submit(name="action", value="edit", status=200)

    with testclient.app.app_context():
        assert logged_user.check_password("new_password")

    res = testclient.get("/profile/user", status=200)

    res.form["password1"] = "correct horse battery staple"
    res.form["password2"] = "correct horse battery staple"

    res = res.form.submit(name="action", value="edit", status=200)
    assert "Profile updated successfuly" in res

    with testclient.app.app_context():
        assert logged_user.check_password("correct horse battery staple")


def test_password_change_fail(testclient, slapd_connection, logged_user):
    res = testclient.get("/profile/user", status=200)

    res.form["password1"] = "new_password"
    res.form["password2"] = "other_password"

    res = res.form.submit(name="action", value="edit", status=200)

    with testclient.app.app_context():
        assert logged_user.check_password("correct horse battery staple")

    res = testclient.get("/profile/user", status=200)

    res.form["password1"] = "new_password"
    res.form["password2"] = ""

    res = res.form.submit(name="action", value="edit", status=200)

    with testclient.app.app_context():
        assert logged_user.check_password("correct horse battery staple")


def test_simple_user_cannot_edit_other(testclient, logged_user):
    testclient.get("/profile/user", status=200)
    testclient.get("/profile/admin", status=403)
    testclient.post("/profile/admin", {"action": "edit"}, status=403)
    testclient.post("/profile/admin", {"action": "delete"}, status=403)
    testclient.get("/users", status=403)


def test_admin_bad_request(testclient, logged_moderator):
    testclient.post("/profile/admin", {"action": "foobar"}, status=400)
    testclient.get("/profile/foobar", status=404)


def test_user_creation_edition_and_deletion(
    testclient, slapd_connection, logged_moderator
):
    # The user does not exist.
    res = testclient.get("/users", status=200)
    with testclient.app.app_context():
        assert User.get("george", conn=slapd_connection) is None
    assert "george" not in res.text

    # Fill the profile for a new user.
    res = testclient.get("/profile", status=200)
    res.form["uid"] = "george"
    res.form["givenName"] = "George"
    res.form["sn"] = "Abitbol"
    res.form["mail"] = "george@abitbol.com"
    res.form["telephoneNumber"] = "555-666-888"
    res.form["password1"] = "totoyolo"
    res.form["password2"] = "totoyolo"

    # User have been created
    res = res.form.submit(name="action", value="edit", status=302).follow(status=200)
    with testclient.app.app_context():
        assert "George" == User.get("george", conn=slapd_connection).givenName[0]
    assert "george" in testclient.get("/users", status=200).text
    res.form["givenName"] = "Georgio"

    # User have been edited
    res = res.form.submit(name="action", value="edit", status=200)
    with testclient.app.app_context():
        assert "Georgio" == User.get("george", conn=slapd_connection).givenName[0]
    assert "george" in testclient.get("/users", status=200).text

    # User have been deleted.
    res = res.form.submit(name="action", value="delete", status=302).follow(status=200)
    with testclient.app.app_context():
        assert User.get("george", conn=slapd_connection) is None
    assert "george" not in res.text


@mock.patch("smtplib.SMTP")
def test_first_login_mail_button(SMTP, testclient, slapd_connection, logged_admin):
    User.ocs_by_name(slapd_connection)
    u = User(
        objectClass=["inetOrgPerson"],
        cn="Temp User",
        sn="Temp",
        uid="temp",
        mail="john@doe.com",
    )
    u.save(slapd_connection)

    res = testclient.get("/profile/temp", status=200)
    assert "This user does not have a password yet" in res
    assert "Send" in res

    res = res.form.submit(
        name="action", value="password-initialization-mail", status=200
    )
    assert (
        "A password initialization link has been sent at the user email address. It should be received within 10 minutes."
        in res
    )
    assert "Send again" in res

    u.reload(slapd_connection)
    u.userPassword = ["{SSHA}fw9DYeF/gHTHuVMepsQzVYAkffGcU8Fz"]
    u.save(slapd_connection)

    res = testclient.get("/profile/temp", status=200)
    assert "This user does not have a password yet" not in res
Password initialization mail button. Fixes #51 2021-01-06 16:19:44 +00:00			`import mock`
User admin page. Fixes #8 2020-11-01 10:33:56 +00:00			`from canaille.models import User`


Simple profile edition form 2020-10-20 09:44:45 +00:00			`def test_profile(testclient, slapd_connection, logged_user):`
User variable in profile route 2020-10-31 16:41:24 +00:00			`res = testclient.get("/profile/user", status=200)`
Simple profile edition form 2020-10-20 09:44:45 +00:00
Profile editable fields are configurable 2020-11-26 14:29:14 +00:00			`res.form["uid"] = "user"`
			`res.form["givenName"] = "given_name"`
			`res.form["sn"] = "family_name"`
			`res.form["mail"] = "email@mydomain.tld"`
			`res.form["telephoneNumber"] = "555-666-777"`
			`res.form["employeeNumber"] = 666`
Simple profile edition form 2020-10-20 09:44:45 +00:00
User admin page. Fixes #8 2020-11-01 10:33:56 +00:00			`res = res.form.submit(name="action", value="edit", status=200)`
Profile editable fields are configurable 2020-11-26 14:29:14 +00:00			`assert "Profile updated successfuly." in res, str(res)`
Simple profile edition form 2020-10-20 09:44:45 +00:00
			`logged_user.reload(slapd_connection)`

			`assert ["user"] == logged_user.uid`
			`assert ["given_name"] == logged_user.givenName`
			`assert ["family_name"] == logged_user.sn`
			`assert ["email@mydomain.tld"] == logged_user.mail`
			`assert ["555-666-777"] == logged_user.telephoneNumber`
Profile editable fields are configurable 2020-11-26 14:29:14 +00:00			`assert "666" == logged_user.employeeNumber`
Email check on user profile form 2020-10-21 07:52:02 +00:00
Password edition in user profile 2020-10-21 08:26:31 +00:00			`with testclient.app.app_context():`
			`assert logged_user.check_password("correct horse battery staple")`

Email check on user profile form 2020-10-21 07:52:02 +00:00
			`def test_bad_email(testclient, slapd_connection, logged_user):`
User variable in profile route 2020-10-31 16:41:24 +00:00			`res = testclient.get("/profile/user", status=200)`
Email check on user profile form 2020-10-21 07:52:02 +00:00
Profile editable fields are configurable 2020-11-26 14:29:14 +00:00			`res.form["mail"] = "john@doe.com"`
Email check on user profile form 2020-10-21 07:52:02 +00:00
User admin page. Fixes #8 2020-11-01 10:33:56 +00:00			`res = res.form.submit(name="action", value="edit", status=200)`
Email check on user profile form 2020-10-21 07:52:02 +00:00
			`assert ["john@doe.com"] == logged_user.mail`

User variable in profile route 2020-10-31 16:41:24 +00:00			`res = testclient.get("/profile/user", status=200)`
Email check on user profile form 2020-10-21 07:52:02 +00:00
Profile editable fields are configurable 2020-11-26 14:29:14 +00:00			`res.form["mail"] = "yolo"`
Email check on user profile form 2020-10-21 07:52:02 +00:00
User admin page. Fixes #8 2020-11-01 10:33:56 +00:00			`res = res.form.submit(name="action", value="edit", status=200)`
Email check on user profile form 2020-10-21 07:52:02 +00:00
			`logged_user.reload(slapd_connection)`

			`assert ["john@doe.com"] == logged_user.mail`
Password edition in user profile 2020-10-21 08:26:31 +00:00

			`def test_password_change(testclient, slapd_connection, logged_user):`
User variable in profile route 2020-10-31 16:41:24 +00:00			`res = testclient.get("/profile/user", status=200)`
Password edition in user profile 2020-10-21 08:26:31 +00:00
			`res.form["password1"] = "new_password"`
			`res.form["password2"] = "new_password"`

User admin page. Fixes #8 2020-11-01 10:33:56 +00:00			`res = res.form.submit(name="action", value="edit", status=200)`
Password edition in user profile 2020-10-21 08:26:31 +00:00
			`with testclient.app.app_context():`
			`assert logged_user.check_password("new_password")`

User variable in profile route 2020-10-31 16:41:24 +00:00			`res = testclient.get("/profile/user", status=200)`
Password edition in user profile 2020-10-21 08:26:31 +00:00
			`res.form["password1"] = "correct horse battery staple"`
			`res.form["password2"] = "correct horse battery staple"`

User admin page. Fixes #8 2020-11-01 10:33:56 +00:00			`res = res.form.submit(name="action", value="edit", status=200)`
Fixed flash messages display on profile edition page 2020-11-25 15:58:01 +00:00			`assert "Profile updated successfuly" in res`
Password edition in user profile 2020-10-21 08:26:31 +00:00
			`with testclient.app.app_context():`
			`assert logged_user.check_password("correct horse battery staple")`


			`def test_password_change_fail(testclient, slapd_connection, logged_user):`
User variable in profile route 2020-10-31 16:41:24 +00:00			`res = testclient.get("/profile/user", status=200)`
Password edition in user profile 2020-10-21 08:26:31 +00:00
			`res.form["password1"] = "new_password"`
			`res.form["password2"] = "other_password"`

User admin page. Fixes #8 2020-11-01 10:33:56 +00:00			`res = res.form.submit(name="action", value="edit", status=200)`
Password edition in user profile 2020-10-21 08:26:31 +00:00
			`with testclient.app.app_context():`
			`assert logged_user.check_password("correct horse battery staple")`

User variable in profile route 2020-10-31 16:41:24 +00:00			`res = testclient.get("/profile/user", status=200)`
Password edition in user profile 2020-10-21 08:26:31 +00:00
			`res.form["password1"] = "new_password"`
			`res.form["password2"] = ""`

User admin page. Fixes #8 2020-11-01 10:33:56 +00:00			`res = res.form.submit(name="action", value="edit", status=200)`
Password edition in user profile 2020-10-21 08:26:31 +00:00
			`with testclient.app.app_context():`
			`assert logged_user.check_password("correct horse battery staple")`
User admin page. Fixes #8 2020-11-01 10:33:56 +00:00

			`def test_simple_user_cannot_edit_other(testclient, logged_user):`
			`testclient.get("/profile/user", status=200)`
			`testclient.get("/profile/admin", status=403)`
			`testclient.post("/profile/admin", {"action": "edit"}, status=403)`
			`testclient.post("/profile/admin", {"action": "delete"}, status=403)`
			`testclient.get("/users", status=403)`


Moderators group. #12 2020-11-02 11:13:03 +00:00			`def test_admin_bad_request(testclient, logged_moderator):`
User admin page. Fixes #8 2020-11-01 10:33:56 +00:00			`testclient.post("/profile/admin", {"action": "foobar"}, status=400)`
			`testclient.get("/profile/foobar", status=404)`


Moderators group. #12 2020-11-02 11:13:03 +00:00			`def test_user_creation_edition_and_deletion(`
			`testclient, slapd_connection, logged_moderator`
			`):`
User admin page. Fixes #8 2020-11-01 10:33:56 +00:00			`# The user does not exist.`
			`res = testclient.get("/users", status=200)`
			`with testclient.app.app_context():`
			`assert User.get("george", conn=slapd_connection) is None`
			`assert "george" not in res.text`

			`# Fill the profile for a new user.`
			`res = testclient.get("/profile", status=200)`
Profile editable fields are configurable 2020-11-26 14:29:14 +00:00			`res.form["uid"] = "george"`
			`res.form["givenName"] = "George"`
			`res.form["sn"] = "Abitbol"`
			`res.form["mail"] = "george@abitbol.com"`
			`res.form["telephoneNumber"] = "555-666-888"`
User admin page. Fixes #8 2020-11-01 10:33:56 +00:00			`res.form["password1"] = "totoyolo"`
			`res.form["password2"] = "totoyolo"`

			`# User have been created`
			`res = res.form.submit(name="action", value="edit", status=302).follow(status=200)`
			`with testclient.app.app_context():`
			`assert "George" == User.get("george", conn=slapd_connection).givenName[0]`
			`assert "george" in testclient.get("/users", status=200).text`
Profile editable fields are configurable 2020-11-26 14:29:14 +00:00			`res.form["givenName"] = "Georgio"`
User admin page. Fixes #8 2020-11-01 10:33:56 +00:00
			`# User have been edited`
			`res = res.form.submit(name="action", value="edit", status=200)`
			`with testclient.app.app_context():`
			`assert "Georgio" == User.get("george", conn=slapd_connection).givenName[0]`
			`assert "george" in testclient.get("/users", status=200).text`

			`# User have been deleted.`
			`res = res.form.submit(name="action", value="delete", status=302).follow(status=200)`
			`with testclient.app.app_context():`
			`assert User.get("george", conn=slapd_connection) is None`
			`assert "george" not in res.text`
Password initialization mail button. Fixes #51 2021-01-06 16:19:44 +00:00

			`@mock.patch("smtplib.SMTP")`
			`def test_first_login_mail_button(SMTP, testclient, slapd_connection, logged_admin):`
			`User.ocs_by_name(slapd_connection)`
			`u = User(`
			`objectClass=["inetOrgPerson"],`
			`cn="Temp User",`
			`sn="Temp",`
			`uid="temp",`
			`mail="john@doe.com",`
			`)`
			`u.save(slapd_connection)`

			`res = testclient.get("/profile/temp", status=200)`
			`assert "This user does not have a password yet" in res`
			`assert "Send" in res`

			`res = res.form.submit(`
			`name="action", value="password-initialization-mail", status=200`
			`)`
			`assert (`
			`"A password initialization link has been sent at the user email address. It should be received within 10 minutes."`
			`in res`
			`)`
			`assert "Send again" in res`

			`u.reload(slapd_connection)`
			`u.userPassword = ["{SSHA}fw9DYeF/gHTHuVMepsQzVYAkffGcU8Fz"]`
			`u.save(slapd_connection)`

			`res = testclient.get("/profile/temp", status=200)`
			`assert "This user does not have a password yet" not in res`