2020-11-01 10:33:56 +00:00
|
|
|
from canaille.models import User
|
|
|
|
|
|
|
|
|
2020-10-20 09:44:45 +00:00
|
|
|
def test_profile(testclient, slapd_connection, logged_user):
|
2020-10-31 16:41:24 +00:00
|
|
|
res = testclient.get("/profile/user", status=200)
|
2020-10-20 09:44:45 +00:00
|
|
|
|
|
|
|
res.form["sub"] = "user"
|
|
|
|
res.form["given_name"] = "given_name"
|
|
|
|
res.form["family_name"] = "family_name"
|
|
|
|
res.form["email"] = "email@mydomain.tld"
|
|
|
|
res.form["phone_number"] = "555-666-777"
|
|
|
|
|
2020-11-01 10:33:56 +00:00
|
|
|
res = res.form.submit(name="action", value="edit", status=200)
|
2020-10-20 09:44:45 +00:00
|
|
|
|
|
|
|
logged_user.reload(slapd_connection)
|
|
|
|
|
|
|
|
assert ["user"] == logged_user.uid
|
|
|
|
assert ["given_name"] == logged_user.givenName
|
|
|
|
assert ["family_name"] == logged_user.sn
|
|
|
|
assert ["email@mydomain.tld"] == logged_user.mail
|
|
|
|
assert ["555-666-777"] == logged_user.telephoneNumber
|
2020-10-21 07:52:02 +00:00
|
|
|
|
2020-10-21 08:26:31 +00:00
|
|
|
with testclient.app.app_context():
|
|
|
|
assert logged_user.check_password("correct horse battery staple")
|
|
|
|
|
2020-10-21 07:52:02 +00:00
|
|
|
|
|
|
|
def test_bad_email(testclient, slapd_connection, logged_user):
|
2020-10-31 16:41:24 +00:00
|
|
|
res = testclient.get("/profile/user", status=200)
|
2020-10-21 07:52:02 +00:00
|
|
|
|
|
|
|
res.form["email"] = "john@doe.com"
|
|
|
|
|
2020-11-01 10:33:56 +00:00
|
|
|
res = res.form.submit(name="action", value="edit", status=200)
|
2020-10-21 07:52:02 +00:00
|
|
|
|
|
|
|
assert ["john@doe.com"] == logged_user.mail
|
|
|
|
|
2020-10-31 16:41:24 +00:00
|
|
|
res = testclient.get("/profile/user", status=200)
|
2020-10-21 07:52:02 +00:00
|
|
|
|
|
|
|
res.form["email"] = "yolo"
|
|
|
|
|
2020-11-01 10:33:56 +00:00
|
|
|
res = res.form.submit(name="action", value="edit", status=200)
|
2020-10-21 07:52:02 +00:00
|
|
|
|
|
|
|
logged_user.reload(slapd_connection)
|
|
|
|
|
|
|
|
assert ["john@doe.com"] == logged_user.mail
|
2020-10-21 08:26:31 +00:00
|
|
|
|
|
|
|
|
|
|
|
def test_password_change(testclient, slapd_connection, logged_user):
|
2020-10-31 16:41:24 +00:00
|
|
|
res = testclient.get("/profile/user", status=200)
|
2020-10-21 08:26:31 +00:00
|
|
|
|
|
|
|
res.form["password1"] = "new_password"
|
|
|
|
res.form["password2"] = "new_password"
|
|
|
|
|
2020-11-01 10:33:56 +00:00
|
|
|
res = res.form.submit(name="action", value="edit", status=200)
|
2020-10-21 08:26:31 +00:00
|
|
|
|
|
|
|
with testclient.app.app_context():
|
|
|
|
assert logged_user.check_password("new_password")
|
|
|
|
|
2020-10-31 16:41:24 +00:00
|
|
|
res = testclient.get("/profile/user", status=200)
|
2020-10-21 08:26:31 +00:00
|
|
|
|
|
|
|
res.form["password1"] = "correct horse battery staple"
|
|
|
|
res.form["password2"] = "correct horse battery staple"
|
|
|
|
|
2020-11-01 10:33:56 +00:00
|
|
|
res = res.form.submit(name="action", value="edit", status=200)
|
2020-10-21 08:26:31 +00:00
|
|
|
|
|
|
|
with testclient.app.app_context():
|
|
|
|
assert logged_user.check_password("correct horse battery staple")
|
|
|
|
|
|
|
|
|
|
|
|
def test_password_change_fail(testclient, slapd_connection, logged_user):
|
2020-10-31 16:41:24 +00:00
|
|
|
res = testclient.get("/profile/user", status=200)
|
2020-10-21 08:26:31 +00:00
|
|
|
|
|
|
|
res.form["password1"] = "new_password"
|
|
|
|
res.form["password2"] = "other_password"
|
|
|
|
|
2020-11-01 10:33:56 +00:00
|
|
|
res = res.form.submit(name="action", value="edit", status=200)
|
2020-10-21 08:26:31 +00:00
|
|
|
|
|
|
|
with testclient.app.app_context():
|
|
|
|
assert logged_user.check_password("correct horse battery staple")
|
|
|
|
|
2020-10-31 16:41:24 +00:00
|
|
|
res = testclient.get("/profile/user", status=200)
|
2020-10-21 08:26:31 +00:00
|
|
|
|
|
|
|
res.form["password1"] = "new_password"
|
|
|
|
res.form["password2"] = ""
|
|
|
|
|
2020-11-01 10:33:56 +00:00
|
|
|
res = res.form.submit(name="action", value="edit", status=200)
|
2020-10-21 08:26:31 +00:00
|
|
|
|
|
|
|
with testclient.app.app_context():
|
|
|
|
assert logged_user.check_password("correct horse battery staple")
|
2020-11-01 10:33:56 +00:00
|
|
|
|
|
|
|
|
|
|
|
def test_simple_user_cannot_edit_other(testclient, logged_user):
|
|
|
|
testclient.get("/profile/user", status=200)
|
|
|
|
testclient.get("/profile/admin", status=403)
|
|
|
|
testclient.post("/profile/admin", {"action": "edit"}, status=403)
|
|
|
|
testclient.post("/profile/admin", {"action": "delete"}, status=403)
|
|
|
|
testclient.get("/users", status=403)
|
|
|
|
|
|
|
|
|
2020-11-02 11:13:03 +00:00
|
|
|
def test_admin_bad_request(testclient, logged_moderator):
|
2020-11-01 10:33:56 +00:00
|
|
|
testclient.post("/profile/admin", {"action": "foobar"}, status=400)
|
|
|
|
testclient.get("/profile/foobar", status=404)
|
|
|
|
|
|
|
|
|
2020-11-02 11:13:03 +00:00
|
|
|
def test_user_creation_edition_and_deletion(
|
|
|
|
testclient, slapd_connection, logged_moderator
|
|
|
|
):
|
2020-11-01 10:33:56 +00:00
|
|
|
# The user does not exist.
|
|
|
|
res = testclient.get("/users", status=200)
|
|
|
|
with testclient.app.app_context():
|
|
|
|
assert User.get("george", conn=slapd_connection) is None
|
|
|
|
assert "george" not in res.text
|
|
|
|
|
|
|
|
# Fill the profile for a new user.
|
|
|
|
res = testclient.get("/profile", status=200)
|
|
|
|
res.form["sub"] = "george"
|
|
|
|
res.form["given_name"] = "George"
|
|
|
|
res.form["family_name"] = "Abitbol"
|
|
|
|
res.form["email"] = "george@abitbol.com"
|
|
|
|
res.form["phone_number"] = "555-666-888"
|
|
|
|
|
|
|
|
# Passwords have been forgotten
|
|
|
|
res = res.form.submit(name="action", value="edit", status=200)
|
|
|
|
with testclient.app.app_context():
|
|
|
|
assert User.get("george", conn=slapd_connection) is None
|
|
|
|
res.form["password1"] = "totoyolo"
|
|
|
|
res.form["password2"] = "totoyolo"
|
|
|
|
|
|
|
|
# User have been created
|
|
|
|
res = res.form.submit(name="action", value="edit", status=302).follow(status=200)
|
|
|
|
with testclient.app.app_context():
|
|
|
|
assert "George" == User.get("george", conn=slapd_connection).givenName[0]
|
|
|
|
assert "george" in testclient.get("/users", status=200).text
|
|
|
|
res.form["given_name"] = "Georgio"
|
|
|
|
|
|
|
|
# User have been edited
|
|
|
|
res = res.form.submit(name="action", value="edit", status=200)
|
|
|
|
with testclient.app.app_context():
|
|
|
|
assert "Georgio" == User.get("george", conn=slapd_connection).givenName[0]
|
|
|
|
assert "george" in testclient.get("/users", status=200).text
|
|
|
|
|
|
|
|
# User have been deleted.
|
|
|
|
res = res.form.submit(name="action", value="delete", status=302).follow(status=200)
|
|
|
|
with testclient.app.app_context():
|
|
|
|
assert User.get("george", conn=slapd_connection) is None
|
|
|
|
assert "george" not in res.text
|
|
|
|
|
|
|
|
|
|
|
|
def test_admin_self_deletion(testclient, slapd_connection):
|
|
|
|
User.ocs_by_name(slapd_connection)
|
|
|
|
admin = User(
|
|
|
|
objectClass=["inetOrgPerson"],
|
|
|
|
cn="Temp admin",
|
|
|
|
sn="admin",
|
|
|
|
uid="temp",
|
|
|
|
mail="temp@temp.com",
|
|
|
|
userPassword="{SSHA}Vmgh2jkD0idX3eZHf8RzGos31oerjGiU",
|
|
|
|
)
|
|
|
|
admin.save(slapd_connection)
|
|
|
|
with testclient.session_transaction() as sess:
|
|
|
|
sess["user_dn"] = admin.dn
|
|
|
|
|
|
|
|
res = testclient.get("/profile/temp")
|
|
|
|
res = (
|
|
|
|
res.form.submit(name="action", value="delete", status=302)
|
|
|
|
.follow(status=302)
|
|
|
|
.follow(status=200)
|
|
|
|
)
|
|
|
|
|
|
|
|
with testclient.app.app_context():
|
|
|
|
assert User.get("temp", conn=slapd_connection) is None
|
|
|
|
|
|
|
|
with testclient.session_transaction() as sess:
|
|
|
|
"user_dn" not in sess
|