canaille-globuzma/tests/test_invitation.py

from datetime import datetime
from datetime import timedelta

from canaille.account import Invitation
from canaille.models import User


def test_invitation(testclient, logged_admin, foo_group, smtpd):
    assert User.get("someone") is None

    res = testclient.get("/invite", status=200)

    res.form["uid"] = "someone"
    res.form["uid_editable"] = False
    res.form["mail"] = "someone@domain.tld"
    res.form["groups"] = [foo_group.dn]
    res = res.form.submit(name="action", value="send", status=200)
    assert len(smtpd.messages) == 1

    url = res.pyquery("#copy-text")[0].value

    # logout
    with testclient.session_transaction() as sess:
        del sess["user_id"]

    res = testclient.get(url, status=200)

    assert res.form["uid"].value == "someone"
    assert res.form["uid"].attrs["readonly"]
    assert res.form["mail"].value == "someone@domain.tld"
    assert res.form["groups"].value == [foo_group.dn]

    res.form["password1"] = "whatever"
    res.form["password2"] = "whatever"
    res.form["givenName"] = "George"
    res.form["sn"] = "Abitbol"

    res = res.form.submit(status=302)
    res = res.follow(status=200)

    assert "You account has been created successfuly." in res

    user = User.get("someone")
    user.load_groups()
    foo_group.reload()
    assert user.check_password("whatever")
    assert user.groups == [foo_group]

    with testclient.session_transaction() as sess:
        assert "user_id" in sess
        del sess["user_id"]

    res = testclient.get(url, status=302)


def test_invitation_editable_uid(testclient, logged_admin, foo_group, smtpd):
    assert User.get("jackyjack") is None
    assert User.get("djorje") is None

    res = testclient.get("/invite", status=200)

    res.form["uid"] = "jackyjack"
    res.form["uid_editable"] = True
    res.form["mail"] = "jackyjack@domain.tld"
    res.form["groups"] = [foo_group.dn]
    res = res.form.submit(name="action", value="send", status=200)
    assert len(smtpd.messages) == 1

    url = res.pyquery("#copy-text")[0].value

    # logout
    with testclient.session_transaction() as sess:
        del sess["user_id"]

    res = testclient.get(url, status=200)

    assert res.form["uid"].value == "jackyjack"
    assert "readonly" not in res.form["uid"].attrs
    assert res.form["mail"].value == "jackyjack@domain.tld"
    assert res.form["groups"].value == [foo_group.dn]

    res.form["uid"] = "djorje"
    res.form["password1"] = "whatever"
    res.form["password2"] = "whatever"
    res.form["givenName"] = "George"
    res.form["sn"] = "Abitbol"

    res = res.form.submit(status=302)
    res = res.follow(status=200)

    assert "You account has been created successfuly." in res

    user = User.get("djorje")
    user.load_groups()
    foo_group.reload()
    assert user.check_password("whatever")
    assert user.groups == [foo_group]

    with testclient.session_transaction() as sess:
        assert "user_id" in sess
        del sess["user_id"]


def test_generate_link(testclient, logged_admin, foo_group, smtpd):
    assert User.get("sometwo") is None

    res = testclient.get("/invite", status=200)

    res.form["uid"] = "sometwo"
    res.form["mail"] = "sometwo@domain.tld"
    res.form["groups"] = [foo_group.dn]
    res = res.form.submit(name="action", value="generate", status=200)
    assert len(smtpd.messages) == 0

    url = res.pyquery("#copy-text")[0].value

    # logout
    with testclient.session_transaction() as sess:
        del sess["user_id"]

    res = testclient.get(url, status=200)

    assert res.form["uid"].value == "sometwo"
    assert res.form["mail"].value == "sometwo@domain.tld"
    assert res.form["groups"].value == [foo_group.dn]

    res.form["password1"] = "whatever"
    res.form["password2"] = "whatever"
    res.form["givenName"] = "George"
    res.form["sn"] = "Abitbol"

    res = res.form.submit(status=302)
    res = res.follow(status=200)

    user = User.get("sometwo")
    user.load_groups()
    foo_group.reload()
    assert user.check_password("whatever")
    assert user.groups == [foo_group]

    with testclient.session_transaction() as sess:
        assert "user_id" in sess
        del sess["user_id"]

    res = testclient.get(url, status=302)


def test_invitation_login_already_taken(testclient, logged_admin):
    res = testclient.get("/invite", status=200)

    res.form["uid"] = logged_admin.uid
    res.form["mail"] = logged_admin.mail[0]
    res = res.form.submit(name="action", value="send", status=200)

    assert "The login &#39;admin&#39; already exists" in res.text
    assert "The email &#39;jane@doe.com&#39; already exists" in res.text


def test_registration(testclient, foo_group):
    invitation = Invitation(
        datetime.now().isoformat(),
        "someoneelse",
        False,
        "someone@mydomain.tld",
        [foo_group.dn],
    )
    b64 = invitation.b64()
    hash = invitation.profile_hash()

    testclient.get(f"/register/{b64}/{hash}", status=200)


def test_registration_invalid_hash(testclient, foo_group):
    now = datetime.now().isoformat()
    invitation = Invitation(
        now, "anything", False, "someone@mydomain.tld", [foo_group.dn]
    )
    b64 = invitation.b64()

    testclient.get(f"/register/{b64}/invalid", status=302)


def test_registration_invalid_data(testclient, foo_group):
    invitation = Invitation(
        datetime.now().isoformat(),
        "someoneelse",
        False,
        "someone@mydomain.tld",
        [foo_group.dn],
    )
    hash = invitation.profile_hash()

    testclient.get(f"/register/invalid/{hash}", status=302)


def test_registration_more_than_48_hours_after_invitation(testclient, foo_group):
    two_days_ago = datetime.now() - timedelta(hours=48)
    invitation = Invitation(
        two_days_ago.isoformat(),
        "someoneelse",
        False,
        "someone@mydomain.tld",
        [foo_group.dn],
    )
    hash = invitation.profile_hash()
    b64 = invitation.b64()

    testclient.get(f"/register/{b64}/{hash}", status=302)


def test_registration_no_password(testclient, foo_group):
    invitation = Invitation(
        datetime.now().isoformat(),
        "someoneelse",
        False,
        "someone@mydomain.tld",
        [foo_group.dn],
    )
    hash = invitation.profile_hash()
    b64 = invitation.b64()
    url = f"/register/{b64}/{hash}"

    res = testclient.get(url, status=200)
    assert "required" in res.form["password1"].attrs
    assert "required" in res.form["password2"].attrs

    res = res.form.submit(status=200)
    assert "This field is required." in res.text, res.text

    assert not User.get("someoneelse")

    with testclient.session_transaction() as sess:
        assert "user_id" not in sess


def test_no_registration_if_logged_in(testclient, logged_user, foo_group):
    invitation = Invitation(
        datetime.now().isoformat(),
        "someoneelse",
        False,
        "someone@mydomain.tld",
        [foo_group.dn],
    )
    hash = invitation.profile_hash()
    b64 = invitation.b64()
    url = f"/register/{b64}/{hash}"

    testclient.get(url, status=302)


def test_unavailable_if_no_smtp(testclient, logged_admin):
    res = testclient.get("/users")
    assert "Invite a user" in res.text
    res = testclient.get("/profile")
    assert "Invite a user" in res.text
    testclient.get("/invite")

    del testclient.app.config["SMTP"]

    res = testclient.get("/users")
    assert "Invite a user" not in res.text
    res = testclient.get("/profile")
    assert "Invite a user" not in res.text
    testclient.get("/invite", status=500, expect_errors=True)


def test_groups_are_saved_even_when_user_does_not_have_read_permission(
    testclient, foo_group
):
    testclient.app.config["ACL"]["DEFAULT"]["READ"] = [
        "uid"
    ]  # remove groups from default read permissions

    invitation = Invitation(
        datetime.now().isoformat(),
        "someoneelse",
        False,
        "someone@mydomain.tld",
        [foo_group.dn],
    )
    b64 = invitation.b64()
    hash = invitation.profile_hash()

    res = testclient.get(f"/register/{b64}/{hash}", status=200)

    assert res.form["groups"].value == [foo_group.dn]
    assert res.form["groups"].attrs["readonly"]

    res.form["password1"] = "whatever"
    res.form["password2"] = "whatever"
    res.form["givenName"] = "George"
    res.form["sn"] = "Abitbol"

    res = res.form.submit(status=302)
    res = res.follow(status=200)

    user = User.get("someoneelse")
    user.load_groups()
    foo_group.reload()
    assert user.groups == [foo_group]
invitations expire after 48h 2022-01-01 10:56:48 +00:00			`from datetime import datetime`
			`from datetime import timedelta`

			`from canaille.account import Invitation`
invitation links 2021-12-01 11:19:28 +00:00			`from canaille.models import User`


Avoid slapd_connection fixture in tests 2022-05-19 10:36:39 +00:00			`def test_invitation(testclient, logged_admin, foo_group, smtpd):`
Refactored tests so ldap connection is not a mandatory argument anymore for most LDAPObject methods 2022-05-08 14:31:17 +00:00			`assert User.get("someone") is None`
invitation links 2021-12-01 11:19:28 +00:00
			`res = testclient.get("/invite", status=200)`

			`res.form["uid"] = "someone"`
Invited users can choose their uid 2022-01-01 17:41:04 +00:00			`res.form["uid_editable"] = False`
invitation links 2021-12-01 11:19:28 +00:00			`res.form["mail"] = "someone@domain.tld"`
			`res.form["groups"] = [foo_group.dn]`
invitation: users can just generate a link without sending a mail 2021-12-07 17:47:18 +00:00			`res = res.form.submit(name="action", value="send", status=200)`
			`assert len(smtpd.messages) == 1`

invitation links 2021-12-01 11:19:28 +00:00			`url = res.pyquery("#copy-text")[0].value`

			`# logout`
			`with testclient.session_transaction() as sess:`
avoid ldap related session variable names 2022-12-29 00:10:07 +00:00			`del sess["user_id"]`
invitation links 2021-12-01 11:19:28 +00:00
			`res = testclient.get(url, status=200)`

			`assert res.form["uid"].value == "someone"`
Invited users can choose their uid 2022-01-01 17:41:04 +00:00			`assert res.form["uid"].attrs["readonly"]`
invitation links 2021-12-01 11:19:28 +00:00			`assert res.form["mail"].value == "someone@domain.tld"`
			`assert res.form["groups"].value == [foo_group.dn]`

			`res.form["password1"] = "whatever"`
			`res.form["password2"] = "whatever"`
			`res.form["givenName"] = "George"`
			`res.form["sn"] = "Abitbol"`

			`res = res.form.submit(status=302)`
			`res = res.follow(status=200)`

Invited users can choose their uid 2022-01-01 17:41:04 +00:00			`assert "You account has been created successfuly." in res`

Refactored tests so ldap connection is not a mandatory argument anymore for most LDAPObject methods 2022-05-08 14:31:17 +00:00			`user = User.get("someone")`
			`user.load_groups()`
			`foo_group.reload()`
			`assert user.check_password("whatever")`
			`assert user.groups == [foo_group]`
invitation links 2021-12-01 11:19:28 +00:00
			`with testclient.session_transaction() as sess:`
avoid ldap related session variable names 2022-12-29 00:10:07 +00:00			`assert "user_id" in sess`
			`del sess["user_id"]`
invitation links 2021-12-01 11:19:28 +00:00
			`res = testclient.get(url, status=302)`


Avoid slapd_connection fixture in tests 2022-05-19 10:36:39 +00:00			`def test_invitation_editable_uid(testclient, logged_admin, foo_group, smtpd):`
Refactored tests so ldap connection is not a mandatory argument anymore for most LDAPObject methods 2022-05-08 14:31:17 +00:00			`assert User.get("jackyjack") is None`
			`assert User.get("djorje") is None`
Invited users can choose their uid 2022-01-01 17:41:04 +00:00
			`res = testclient.get("/invite", status=200)`

			`res.form["uid"] = "jackyjack"`
			`res.form["uid_editable"] = True`
			`res.form["mail"] = "jackyjack@domain.tld"`
			`res.form["groups"] = [foo_group.dn]`
			`res = res.form.submit(name="action", value="send", status=200)`
			`assert len(smtpd.messages) == 1`

			`url = res.pyquery("#copy-text")[0].value`

			`# logout`
			`with testclient.session_transaction() as sess:`
avoid ldap related session variable names 2022-12-29 00:10:07 +00:00			`del sess["user_id"]`
Invited users can choose their uid 2022-01-01 17:41:04 +00:00
			`res = testclient.get(url, status=200)`

			`assert res.form["uid"].value == "jackyjack"`
			`assert "readonly" not in res.form["uid"].attrs`
			`assert res.form["mail"].value == "jackyjack@domain.tld"`
			`assert res.form["groups"].value == [foo_group.dn]`

			`res.form["uid"] = "djorje"`
			`res.form["password1"] = "whatever"`
			`res.form["password2"] = "whatever"`
			`res.form["givenName"] = "George"`
			`res.form["sn"] = "Abitbol"`

			`res = res.form.submit(status=302)`
			`res = res.follow(status=200)`

			`assert "You account has been created successfuly." in res`

Refactored tests so ldap connection is not a mandatory argument anymore for most LDAPObject methods 2022-05-08 14:31:17 +00:00			`user = User.get("djorje")`
			`user.load_groups()`
			`foo_group.reload()`
			`assert user.check_password("whatever")`
			`assert user.groups == [foo_group]`
Invited users can choose their uid 2022-01-01 17:41:04 +00:00
			`with testclient.session_transaction() as sess:`
avoid ldap related session variable names 2022-12-29 00:10:07 +00:00			`assert "user_id" in sess`
			`del sess["user_id"]`
Invited users can choose their uid 2022-01-01 17:41:04 +00:00

Avoid slapd_connection fixture in tests 2022-05-19 10:36:39 +00:00			`def test_generate_link(testclient, logged_admin, foo_group, smtpd):`
Refactored tests so ldap connection is not a mandatory argument anymore for most LDAPObject methods 2022-05-08 14:31:17 +00:00			`assert User.get("sometwo") is None`
invitation: users can just generate a link without sending a mail 2021-12-07 17:47:18 +00:00
			`res = testclient.get("/invite", status=200)`

			`res.form["uid"] = "sometwo"`
			`res.form["mail"] = "sometwo@domain.tld"`
			`res.form["groups"] = [foo_group.dn]`
			`res = res.form.submit(name="action", value="generate", status=200)`
			`assert len(smtpd.messages) == 0`

			`url = res.pyquery("#copy-text")[0].value`

			`# logout`
			`with testclient.session_transaction() as sess:`
avoid ldap related session variable names 2022-12-29 00:10:07 +00:00			`del sess["user_id"]`
invitation: users can just generate a link without sending a mail 2021-12-07 17:47:18 +00:00
			`res = testclient.get(url, status=200)`

			`assert res.form["uid"].value == "sometwo"`
			`assert res.form["mail"].value == "sometwo@domain.tld"`
			`assert res.form["groups"].value == [foo_group.dn]`

			`res.form["password1"] = "whatever"`
			`res.form["password2"] = "whatever"`
			`res.form["givenName"] = "George"`
			`res.form["sn"] = "Abitbol"`

			`res = res.form.submit(status=302)`
			`res = res.follow(status=200)`

Refactored tests so ldap connection is not a mandatory argument anymore for most LDAPObject methods 2022-05-08 14:31:17 +00:00			`user = User.get("sometwo")`
			`user.load_groups()`
			`foo_group.reload()`
			`assert user.check_password("whatever")`
			`assert user.groups == [foo_group]`
invitation: users can just generate a link without sending a mail 2021-12-07 17:47:18 +00:00
			`with testclient.session_transaction() as sess:`
avoid ldap related session variable names 2022-12-29 00:10:07 +00:00			`assert "user_id" in sess`
			`del sess["user_id"]`
invitation: users can just generate a link without sending a mail 2021-12-07 17:47:18 +00:00
			`res = testclient.get(url, status=302)`


Avoid slapd_connection fixture in tests 2022-05-19 10:36:39 +00:00			`def test_invitation_login_already_taken(testclient, logged_admin):`
invitation links 2021-12-01 11:19:28 +00:00			`res = testclient.get("/invite", status=200)`

			`res.form["uid"] = logged_admin.uid`
			`res.form["mail"] = logged_admin.mail[0]`
invitation: users can just generate a link without sending a mail 2021-12-07 17:47:18 +00:00			`res = res.form.submit(name="action", value="send", status=200)`
invitation links 2021-12-01 11:19:28 +00:00
Fixed unit tests 2021-12-06 13:24:47 +00:00			`assert "The login 'admin' already exists" in res.text`
			`assert "The email 'jane@doe.com' already exists" in res.text`
invitation links 2021-12-01 11:19:28 +00:00

Avoid slapd_connection fixture in tests 2022-05-19 10:36:39 +00:00			`def test_registration(testclient, foo_group):`
Refactored tests so ldap connection is not a mandatory argument anymore for most LDAPObject methods 2022-05-08 14:31:17 +00:00			`invitation = Invitation(`
			`datetime.now().isoformat(),`
			`"someoneelse",`
			`False,`
			`"someone@mydomain.tld",`
			`[foo_group.dn],`
			`)`
			`b64 = invitation.b64()`
			`hash = invitation.profile_hash()`
invitation links 2021-12-01 11:19:28 +00:00
invitations expire after 48h 2022-01-01 10:56:48 +00:00			`testclient.get(f"/register/{b64}/{hash}", status=200)`
invitation links 2021-12-01 11:19:28 +00:00

Avoid slapd_connection fixture in tests 2022-05-19 10:36:39 +00:00			`def test_registration_invalid_hash(testclient, foo_group):`
Refactored tests so ldap connection is not a mandatory argument anymore for most LDAPObject methods 2022-05-08 14:31:17 +00:00			`now = datetime.now().isoformat()`
			`invitation = Invitation(`
			`now, "anything", False, "someone@mydomain.tld", [foo_group.dn]`
			`)`
			`b64 = invitation.b64()`
invitation links 2021-12-01 11:19:28 +00:00
Invited users can choose their uid 2022-01-01 17:41:04 +00:00			`testclient.get(f"/register/{b64}/invalid", status=302)`
invitations expire after 48h 2022-01-01 10:56:48 +00:00

Avoid slapd_connection fixture in tests 2022-05-19 10:36:39 +00:00			`def test_registration_invalid_data(testclient, foo_group):`
Refactored tests so ldap connection is not a mandatory argument anymore for most LDAPObject methods 2022-05-08 14:31:17 +00:00			`invitation = Invitation(`
			`datetime.now().isoformat(),`
			`"someoneelse",`
			`False,`
			`"someone@mydomain.tld",`
			`[foo_group.dn],`
			`)`
			`hash = invitation.profile_hash()`
invitations expire after 48h 2022-01-01 10:56:48 +00:00
Invited users can choose their uid 2022-01-01 17:41:04 +00:00			`testclient.get(f"/register/invalid/{hash}", status=302)`
invitations expire after 48h 2022-01-01 10:56:48 +00:00

Avoid slapd_connection fixture in tests 2022-05-19 10:36:39 +00:00			`def test_registration_more_than_48_hours_after_invitation(testclient, foo_group):`
Refactored tests so ldap connection is not a mandatory argument anymore for most LDAPObject methods 2022-05-08 14:31:17 +00:00			`two_days_ago = datetime.now() - timedelta(hours=48)`
			`invitation = Invitation(`
			`two_days_ago.isoformat(),`
			`"someoneelse",`
			`False,`
			`"someone@mydomain.tld",`
			`[foo_group.dn],`
			`)`
			`hash = invitation.profile_hash()`
			`b64 = invitation.b64()`
invitations expire after 48h 2022-01-01 10:56:48 +00:00
			`testclient.get(f"/register/{b64}/{hash}", status=302)`
invitation links 2021-12-01 11:19:28 +00:00

Avoid slapd_connection fixture in tests 2022-05-19 10:36:39 +00:00			`def test_registration_no_password(testclient, foo_group):`
Refactored tests so ldap connection is not a mandatory argument anymore for most LDAPObject methods 2022-05-08 14:31:17 +00:00			`invitation = Invitation(`
			`datetime.now().isoformat(),`
			`"someoneelse",`
			`False,`
			`"someone@mydomain.tld",`
			`[foo_group.dn],`
			`)`
			`hash = invitation.profile_hash()`
			`b64 = invitation.b64()`
			`url = f"/register/{b64}/{hash}"`
invitation links 2021-12-01 11:19:28 +00:00
			`res = testclient.get(url, status=200)`
			`assert "required" in res.form["password1"].attrs`
			`assert "required" in res.form["password2"].attrs`

			`res = res.form.submit(status=200)`
			`assert "This field is required." in res.text, res.text`

Refactored tests so ldap connection is not a mandatory argument anymore for most LDAPObject methods 2022-05-08 14:31:17 +00:00			`assert not User.get("someoneelse")`
invitation links 2021-12-01 11:19:28 +00:00
			`with testclient.session_transaction() as sess:`
avoid ldap related session variable names 2022-12-29 00:10:07 +00:00			`assert "user_id" not in sess`
invitation links 2021-12-01 11:19:28 +00:00

Avoid slapd_connection fixture in tests 2022-05-19 10:36:39 +00:00			`def test_no_registration_if_logged_in(testclient, logged_user, foo_group):`
Refactored tests so ldap connection is not a mandatory argument anymore for most LDAPObject methods 2022-05-08 14:31:17 +00:00			`invitation = Invitation(`
			`datetime.now().isoformat(),`
			`"someoneelse",`
			`False,`
			`"someone@mydomain.tld",`
			`[foo_group.dn],`
			`)`
			`hash = invitation.profile_hash()`
			`b64 = invitation.b64()`
			`url = f"/register/{b64}/{hash}"`
invitation links 2021-12-01 11:19:28 +00:00
			`testclient.get(url, status=302)`
Disabled invitation and password reset when no smtp server has been configured 2021-12-07 15:39:18 +00:00

			`def test_unavailable_if_no_smtp(testclient, logged_admin):`
			`res = testclient.get("/users")`
			`assert "Invite a user" in res.text`
			`res = testclient.get("/profile")`
			`assert "Invite a user" in res.text`
			`testclient.get("/invite")`

			`del testclient.app.config["SMTP"]`

			`res = testclient.get("/users")`
			`assert "Invite a user" not in res.text`
			`res = testclient.get("/profile")`
			`assert "Invite a user" not in res.text`
			`testclient.get("/invite", status=500, expect_errors=True)`
fix: groups are saved even when invited user does not have read permission on groups 2022-03-04 17:13:57 +00:00

			`def test_groups_are_saved_even_when_user_does_not_have_read_permission(`
Avoid slapd_connection fixture in tests 2022-05-19 10:36:39 +00:00			`testclient, foo_group`
fix: groups are saved even when invited user does not have read permission on groups 2022-03-04 17:13:57 +00:00			`):`
			`testclient.app.config["ACL"]["DEFAULT"]["READ"] = [`
			`"uid"`
			`] # remove groups from default read permissions`

Refactored tests so ldap connection is not a mandatory argument anymore for most LDAPObject methods 2022-05-08 14:31:17 +00:00			`invitation = Invitation(`
			`datetime.now().isoformat(),`
			`"someoneelse",`
			`False,`
			`"someone@mydomain.tld",`
			`[foo_group.dn],`
			`)`
			`b64 = invitation.b64()`
			`hash = invitation.profile_hash()`
fix: groups are saved even when invited user does not have read permission on groups 2022-03-04 17:13:57 +00:00
			`res = testclient.get(f"/register/{b64}/{hash}", status=200)`

			`assert res.form["groups"].value == [foo_group.dn]`
			`assert res.form["groups"].attrs["readonly"]`

			`res.form["password1"] = "whatever"`
			`res.form["password2"] = "whatever"`
			`res.form["givenName"] = "George"`
			`res.form["sn"] = "Abitbol"`

			`res = res.form.submit(status=302)`
			`res = res.follow(status=200)`

Refactored tests so ldap connection is not a mandatory argument anymore for most LDAPObject methods 2022-05-08 14:31:17 +00:00			`user = User.get("someoneelse")`
			`user.load_groups()`
			`foo_group.reload()`
			`assert user.groups == [foo_group]`