canaille-globuzma/tests/test_profile.py

174 lines
5.8 KiB
Python
Raw Normal View History

2020-11-01 10:33:56 +00:00
from canaille.models import User
2020-10-20 09:44:45 +00:00
def test_profile(testclient, slapd_connection, logged_user):
2020-10-31 16:41:24 +00:00
res = testclient.get("/profile/user", status=200)
2020-10-20 09:44:45 +00:00
res.form["sub"] = "user"
res.form["given_name"] = "given_name"
res.form["family_name"] = "family_name"
res.form["email"] = "email@mydomain.tld"
res.form["phone_number"] = "555-666-777"
2020-11-01 10:33:56 +00:00
res = res.form.submit(name="action", value="edit", status=200)
2020-10-20 09:44:45 +00:00
logged_user.reload(slapd_connection)
assert ["user"] == logged_user.uid
assert ["given_name"] == logged_user.givenName
assert ["family_name"] == logged_user.sn
assert ["email@mydomain.tld"] == logged_user.mail
assert ["555-666-777"] == logged_user.telephoneNumber
2020-10-21 07:52:02 +00:00
2020-10-21 08:26:31 +00:00
with testclient.app.app_context():
assert logged_user.check_password("correct horse battery staple")
2020-10-21 07:52:02 +00:00
def test_bad_email(testclient, slapd_connection, logged_user):
2020-10-31 16:41:24 +00:00
res = testclient.get("/profile/user", status=200)
2020-10-21 07:52:02 +00:00
res.form["email"] = "john@doe.com"
2020-11-01 10:33:56 +00:00
res = res.form.submit(name="action", value="edit", status=200)
2020-10-21 07:52:02 +00:00
assert ["john@doe.com"] == logged_user.mail
2020-10-31 16:41:24 +00:00
res = testclient.get("/profile/user", status=200)
2020-10-21 07:52:02 +00:00
res.form["email"] = "yolo"
2020-11-01 10:33:56 +00:00
res = res.form.submit(name="action", value="edit", status=200)
2020-10-21 07:52:02 +00:00
logged_user.reload(slapd_connection)
assert ["john@doe.com"] == logged_user.mail
2020-10-21 08:26:31 +00:00
def test_password_change(testclient, slapd_connection, logged_user):
2020-10-31 16:41:24 +00:00
res = testclient.get("/profile/user", status=200)
2020-10-21 08:26:31 +00:00
res.form["password1"] = "new_password"
res.form["password2"] = "new_password"
2020-11-01 10:33:56 +00:00
res = res.form.submit(name="action", value="edit", status=200)
2020-10-21 08:26:31 +00:00
with testclient.app.app_context():
assert logged_user.check_password("new_password")
2020-10-31 16:41:24 +00:00
res = testclient.get("/profile/user", status=200)
2020-10-21 08:26:31 +00:00
res.form["password1"] = "correct horse battery staple"
res.form["password2"] = "correct horse battery staple"
2020-11-01 10:33:56 +00:00
res = res.form.submit(name="action", value="edit", status=200)
2020-10-21 08:26:31 +00:00
with testclient.app.app_context():
assert logged_user.check_password("correct horse battery staple")
def test_password_change_fail(testclient, slapd_connection, logged_user):
2020-10-31 16:41:24 +00:00
res = testclient.get("/profile/user", status=200)
2020-10-21 08:26:31 +00:00
res.form["password1"] = "new_password"
res.form["password2"] = "other_password"
2020-11-01 10:33:56 +00:00
res = res.form.submit(name="action", value="edit", status=200)
2020-10-21 08:26:31 +00:00
with testclient.app.app_context():
assert logged_user.check_password("correct horse battery staple")
2020-10-31 16:41:24 +00:00
res = testclient.get("/profile/user", status=200)
2020-10-21 08:26:31 +00:00
res.form["password1"] = "new_password"
res.form["password2"] = ""
2020-11-01 10:33:56 +00:00
res = res.form.submit(name="action", value="edit", status=200)
2020-10-21 08:26:31 +00:00
with testclient.app.app_context():
assert logged_user.check_password("correct horse battery staple")
2020-11-01 10:33:56 +00:00
def test_simple_user_cannot_edit_other(testclient, logged_user):
testclient.get("/profile/user", status=200)
testclient.get("/profile/admin", status=403)
testclient.post("/profile/admin", {"action": "edit"}, status=403)
testclient.post("/profile/admin", {"action": "delete"}, status=403)
testclient.get("/users", status=403)
2020-11-02 11:13:03 +00:00
def test_admin_bad_request(testclient, logged_moderator):
2020-11-01 10:33:56 +00:00
testclient.post("/profile/admin", {"action": "foobar"}, status=400)
testclient.get("/profile/foobar", status=404)
2020-11-02 11:13:03 +00:00
def test_user_creation_edition_and_deletion(
testclient, slapd_connection, logged_moderator
):
2020-11-01 10:33:56 +00:00
# The user does not exist.
res = testclient.get("/users", status=200)
with testclient.app.app_context():
assert User.get("george", conn=slapd_connection) is None
assert "george" not in res.text
# Fill the profile for a new user.
res = testclient.get("/profile", status=200)
res.form["sub"] = "george"
res.form["given_name"] = "George"
res.form["family_name"] = "Abitbol"
res.form["email"] = "george@abitbol.com"
res.form["phone_number"] = "555-666-888"
# Passwords have been forgotten
res = res.form.submit(name="action", value="edit", status=200)
with testclient.app.app_context():
assert User.get("george", conn=slapd_connection) is None
res.form["password1"] = "totoyolo"
res.form["password2"] = "totoyolo"
# User have been created
res = res.form.submit(name="action", value="edit", status=302).follow(status=200)
with testclient.app.app_context():
assert "George" == User.get("george", conn=slapd_connection).givenName[0]
assert "george" in testclient.get("/users", status=200).text
res.form["given_name"] = "Georgio"
# User have been edited
res = res.form.submit(name="action", value="edit", status=200)
with testclient.app.app_context():
assert "Georgio" == User.get("george", conn=slapd_connection).givenName[0]
assert "george" in testclient.get("/users", status=200).text
# User have been deleted.
res = res.form.submit(name="action", value="delete", status=302).follow(status=200)
with testclient.app.app_context():
assert User.get("george", conn=slapd_connection) is None
assert "george" not in res.text
def test_admin_self_deletion(testclient, slapd_connection):
User.ocs_by_name(slapd_connection)
admin = User(
objectClass=["inetOrgPerson"],
cn="Temp admin",
sn="admin",
uid="temp",
mail="temp@temp.com",
userPassword="{SSHA}Vmgh2jkD0idX3eZHf8RzGos31oerjGiU",
)
admin.save(slapd_connection)
with testclient.session_transaction() as sess:
sess["user_dn"] = admin.dn
res = testclient.get("/profile/temp")
res = (
res.form.submit(name="action", value="delete", status=302)
.follow(status=302)
.follow(status=200)
)
with testclient.app.app_context():
assert User.get("temp", conn=slapd_connection) is None
with testclient.session_transaction() as sess:
"user_dn" not in sess