2020-11-16 14:39:58 +00:00
|
|
|
from canaille.models import User
|
2020-10-22 15:37:01 +00:00
|
|
|
|
|
|
|
|
2021-01-01 14:20:26 +00:00
|
|
|
def test_signin_and_out(testclient, slapd_connection, user):
|
2020-08-20 08:31:36 +00:00
|
|
|
with testclient.session_transaction() as session:
|
2020-12-11 10:52:37 +00:00
|
|
|
assert not session.get("user_dn")
|
2020-08-20 08:31:36 +00:00
|
|
|
|
2020-10-30 18:19:34 +00:00
|
|
|
res = testclient.get("/login", status=200)
|
2020-08-20 08:31:36 +00:00
|
|
|
|
|
|
|
res.form["login"] = "John Doe"
|
2021-01-23 21:30:43 +00:00
|
|
|
res = res.form.submit(status=302)
|
|
|
|
res = res.follow(status=200)
|
|
|
|
|
|
|
|
with testclient.session_transaction() as session:
|
|
|
|
assert "John Doe" == session.get("attempt_login")
|
|
|
|
|
2020-08-20 08:31:36 +00:00
|
|
|
res.form["password"] = "correct horse battery staple"
|
|
|
|
res = res.form.submit()
|
2020-10-30 22:41:02 +00:00
|
|
|
res = res.follow(status=302)
|
|
|
|
res = res.follow(status=200)
|
2020-08-20 08:31:36 +00:00
|
|
|
|
|
|
|
with testclient.session_transaction() as session:
|
2020-12-11 10:52:37 +00:00
|
|
|
assert [user.dn] == session.get("user_dn")
|
2021-01-23 21:30:43 +00:00
|
|
|
assert "attempt_login" not in session
|
2020-08-20 08:31:36 +00:00
|
|
|
|
|
|
|
res = testclient.get("/logout")
|
2020-10-30 22:41:02 +00:00
|
|
|
res = res.follow(status=302)
|
|
|
|
res = res.follow(status=200)
|
2020-08-20 08:31:36 +00:00
|
|
|
|
|
|
|
with testclient.session_transaction() as session:
|
2020-12-11 10:52:37 +00:00
|
|
|
assert not session.get("user_dn")
|
2020-08-20 08:31:36 +00:00
|
|
|
|
|
|
|
|
2021-01-01 14:20:26 +00:00
|
|
|
def test_signin_wrong_password(testclient, slapd_connection, user):
|
2020-08-20 08:31:36 +00:00
|
|
|
with testclient.session_transaction() as session:
|
2020-12-11 10:52:37 +00:00
|
|
|
assert not session.get("user_dn")
|
2020-08-20 08:31:36 +00:00
|
|
|
|
2020-10-30 18:19:34 +00:00
|
|
|
res = testclient.get("/login", status=200)
|
2020-08-20 08:31:36 +00:00
|
|
|
|
|
|
|
res.form["login"] = "John Doe"
|
2021-01-23 21:30:43 +00:00
|
|
|
res = res.form.submit(status=302)
|
|
|
|
res = res.follow(status=200)
|
2020-08-20 08:31:36 +00:00
|
|
|
res.form["password"] = "incorrect horse"
|
2020-10-30 22:41:02 +00:00
|
|
|
res = res.form.submit(status=200)
|
2020-10-30 22:52:05 +00:00
|
|
|
assert "Login failed, please check your information" in res.text
|
2020-08-20 08:31:36 +00:00
|
|
|
|
|
|
|
|
2021-01-01 14:20:26 +00:00
|
|
|
def test_signin_with_alternate_attribute(testclient, slapd_connection, user):
|
2020-10-30 18:19:34 +00:00
|
|
|
res = testclient.get("/login", status=200)
|
2020-08-20 08:45:33 +00:00
|
|
|
|
|
|
|
res.form["login"] = "user"
|
2021-01-23 21:30:43 +00:00
|
|
|
res = res.form.submit(status=302)
|
|
|
|
res = res.follow(status=200)
|
|
|
|
|
2020-08-20 08:45:33 +00:00
|
|
|
res.form["password"] = "correct horse battery staple"
|
|
|
|
res = res.form.submit()
|
2020-10-30 22:41:02 +00:00
|
|
|
res = res.follow(status=302)
|
|
|
|
res = res.follow(status=200)
|
2020-08-20 08:45:33 +00:00
|
|
|
|
|
|
|
with testclient.session_transaction() as session:
|
2020-12-11 10:52:37 +00:00
|
|
|
assert [user.dn] == session.get("user_dn")
|
2020-10-22 15:37:01 +00:00
|
|
|
|
|
|
|
|
2020-11-16 14:39:58 +00:00
|
|
|
def test_user_without_password_first_login(testclient, slapd_connection):
|
|
|
|
User.ocs_by_name(slapd_connection)
|
|
|
|
u = User(
|
|
|
|
objectClass=["inetOrgPerson"],
|
|
|
|
cn="Temp User",
|
|
|
|
sn="Temp",
|
|
|
|
uid="temp",
|
|
|
|
mail="john@doe.com",
|
|
|
|
)
|
|
|
|
u.save(slapd_connection)
|
|
|
|
|
|
|
|
res = testclient.get("/login", status=200)
|
|
|
|
res.form["login"] = "Temp User"
|
|
|
|
res = res.form.submit(status=302).follow(status=200)
|
|
|
|
|
|
|
|
assert "First login" in res
|
|
|
|
u.delete(conn=slapd_connection)
|
|
|
|
|
|
|
|
|
2020-11-25 16:41:03 +00:00
|
|
|
def test_user_deleted_in_session(testclient, slapd_connection):
|
|
|
|
User.ocs_by_name(slapd_connection)
|
|
|
|
u = User(
|
|
|
|
objectClass=["inetOrgPerson"],
|
|
|
|
cn="Jake Doe",
|
|
|
|
sn="Jake",
|
|
|
|
uid="jake",
|
|
|
|
mail="jake@doe.com",
|
|
|
|
userPassword="{SSHA}fw9DYeF/gHTHuVMepsQzVYAkffGcU8Fz",
|
|
|
|
)
|
|
|
|
u.save(slapd_connection)
|
2020-12-11 10:52:37 +00:00
|
|
|
testclient.get("/profile/jake", status=403)
|
|
|
|
|
|
|
|
with testclient.session_transaction() as session:
|
|
|
|
session["user_dn"] = [u.dn]
|
2020-11-25 16:41:03 +00:00
|
|
|
|
|
|
|
testclient.get("/profile/jake", status=200)
|
|
|
|
u.delete(conn=slapd_connection)
|
|
|
|
|
|
|
|
testclient.get("/profile/jake", status=403)
|
2020-12-11 10:52:37 +00:00
|
|
|
with testclient.session_transaction() as session:
|
|
|
|
assert not session.get("user_dn")
|
|
|
|
|
|
|
|
|
|
|
|
def test_impersonate(testclient, slapd_connection, logged_admin, user):
|
|
|
|
res = testclient.get("/", status=302).follow(status=200)
|
|
|
|
assert "admin" == res.form["uid"].value
|
|
|
|
|
|
|
|
res = (
|
|
|
|
testclient.get("/impersonate/user", status=302)
|
|
|
|
.follow(status=302)
|
|
|
|
.follow(status=200)
|
|
|
|
)
|
|
|
|
assert "user" == res.form["uid"].value
|
|
|
|
|
|
|
|
testclient.get("/logout", status=302).follow(status=302).follow(status=200)
|
|
|
|
|
|
|
|
res = testclient.get("/", status=302).follow(status=200)
|
|
|
|
assert "admin" == res.form["uid"].value
|
2020-12-31 18:55:30 +00:00
|
|
|
|
|
|
|
|
|
|
|
def test_wrong_login(testclient, slapd_connection, user):
|
2021-01-01 12:55:20 +00:00
|
|
|
testclient.app.config["HIDE_INVALID_LOGINS"] = False
|
2020-12-31 18:55:30 +00:00
|
|
|
|
|
|
|
res = testclient.get("/login", status=200)
|
|
|
|
res.form["login"] = "invalid"
|
2021-01-23 21:30:43 +00:00
|
|
|
res = res.form.submit(status=302)
|
|
|
|
res = res.follow(status=200)
|
|
|
|
|
2020-12-31 18:55:30 +00:00
|
|
|
res.form["password"] = "incorrect horse"
|
|
|
|
res = res.form.submit(status=200)
|
2021-01-01 12:55:20 +00:00
|
|
|
assert "The login 'invalid' does not exist" not in res.text
|
2020-12-31 18:55:30 +00:00
|
|
|
|
2021-01-01 12:55:20 +00:00
|
|
|
testclient.app.config["HIDE_INVALID_LOGINS"] = True
|
2020-12-31 18:55:30 +00:00
|
|
|
|
|
|
|
res = testclient.get("/login", status=200)
|
|
|
|
res.form["login"] = "invalid"
|
|
|
|
res = res.form.submit(status=200)
|
2021-01-01 12:55:20 +00:00
|
|
|
assert "The login 'invalid' does not exist" in res.text
|
2021-01-01 15:42:13 +00:00
|
|
|
|
|
|
|
|
|
|
|
def test_admin_self_deletion(testclient, slapd_connection):
|
|
|
|
User.ocs_by_name(slapd_connection)
|
|
|
|
admin = User(
|
|
|
|
objectClass=["inetOrgPerson"],
|
|
|
|
cn="Temp admin",
|
|
|
|
sn="admin",
|
|
|
|
uid="temp",
|
|
|
|
mail="temp@temp.com",
|
|
|
|
userPassword="{SSHA}Vmgh2jkD0idX3eZHf8RzGos31oerjGiU",
|
|
|
|
)
|
|
|
|
admin.save(slapd_connection)
|
|
|
|
with testclient.session_transaction() as sess:
|
|
|
|
sess["user_dn"] = [admin.dn]
|
|
|
|
|
|
|
|
res = testclient.get("/profile/temp")
|
|
|
|
res = (
|
|
|
|
res.form.submit(name="action", value="delete", status=302)
|
|
|
|
.follow(status=302)
|
|
|
|
.follow(status=200)
|
|
|
|
)
|
|
|
|
|
|
|
|
with testclient.app.app_context():
|
|
|
|
assert User.get("temp", conn=slapd_connection) is None
|
|
|
|
|
|
|
|
with testclient.session_transaction() as sess:
|
|
|
|
assert not sess.get("user_dn")
|
|
|
|
|
|
|
|
|
|
|
|
def test_user_self_deletion(testclient, slapd_connection):
|
|
|
|
User.ocs_by_name(slapd_connection)
|
|
|
|
user = User(
|
|
|
|
objectClass=["inetOrgPerson"],
|
|
|
|
cn="Temp user",
|
|
|
|
sn="user",
|
|
|
|
uid="temp",
|
|
|
|
mail="temp@temp.com",
|
|
|
|
userPassword="{SSHA}Vmgh2jkD0idX3eZHf8RzGos31oerjGiU",
|
|
|
|
)
|
|
|
|
user.save(slapd_connection)
|
|
|
|
with testclient.session_transaction() as sess:
|
|
|
|
sess["user_dn"] = [user.dn]
|
|
|
|
|
2021-12-02 17:23:14 +00:00
|
|
|
testclient.app.config["ACL"]["DEFAULT"]["PERMISSIONS"] = []
|
2021-01-01 15:42:13 +00:00
|
|
|
res = testclient.get("/profile/temp")
|
|
|
|
assert "Delete my account" not in res
|
|
|
|
|
2021-12-02 17:23:14 +00:00
|
|
|
testclient.app.config["ACL"]["DEFAULT"]["PERMISSIONS"] = ["delete_account"]
|
2021-01-01 15:42:13 +00:00
|
|
|
res = testclient.get("/profile/temp")
|
|
|
|
assert "Delete my account" in res
|
|
|
|
res = (
|
|
|
|
res.form.submit(name="action", value="delete", status=302)
|
|
|
|
.follow(status=302)
|
|
|
|
.follow(status=200)
|
|
|
|
)
|
|
|
|
|
|
|
|
with testclient.app.app_context():
|
|
|
|
assert User.get("temp", conn=slapd_connection) is None
|
|
|
|
|
|
|
|
with testclient.session_transaction() as sess:
|
|
|
|
assert not sess.get("user_dn")
|
|
|
|
|
2021-12-02 17:23:14 +00:00
|
|
|
testclient.app.config["ACL"]["DEFAULT"]["PERMISSIONS"] = []
|