From 010bb4ea0645db48182a5eb9065d91f275421f9d Mon Sep 17 00:00:00 2001
From: sebastien <sebastien@yaal.coop>
Date: Tue, 19 Nov 2024 14:49:36 +0100
Subject: [PATCH] updates tests without API call
---
tests/core/test_profile_settings.py | 48 ++++++++++++++--
tests/core/test_registration.py | 87 ++++++++++++++++++++++++++++-
2 files changed, 127 insertions(+), 8 deletions(-)
diff --git a/tests/core/test_profile_settings.py b/tests/core/test_profile_settings.py
index 8544a28c..fab3c4aa 100644
--- a/tests/core/test_profile_settings.py
+++ b/tests/core/test_profile_settings.py
@@ -156,10 +156,17 @@ def test_profile_settings_too_long_password(testclient, logged_user):
)
-def test_profile_settings_compromised_password(testclient, logged_user):
+@mock.patch("requests.api.get")
+def test_profile_settings_compromised_password(api_get, testclient, logged_user):
current_app.config["CANAILLE"]["ENABLE_PASSWORD_COMPROMISSION_CHECK"] = True
"""Tests if password is compromised."""
+ # This content simulates a result from the hibp api containing the suffixes of the following password hashes: 'password', '987654321', 'correct horse battery staple', 'zxcvbn123', 'azertyuiop123'
+ class Response:
+ content = b"1E4C9B93F3F0682250B6CF8331B7EE68FD8:3\r\nCAA6D483CC3887DCE9D1B8EB91408F1EA7A:3\r\nAD6438836DBE526AA231ABDE2D0EEF74D42:3\r\n8289894DDB6317178960AB5AE98B81BBF97:1\r\n5FF0B6F9EAC40D5CA7B4DAA7B64F0E6F4AA:2\r\n"
+
+ api_get.return_value = Response
+
def with_different_values(password, message):
res = testclient.get("/profile/user/settings")
res = testclient.post(
@@ -176,11 +183,11 @@ def test_profile_settings_compromised_password(testclient, logged_user):
res.mustcontain(message)
with_different_values(
- "aaaaaaaa",
+ "password",
"This password appears on public compromission databases and is not secure.",
)
with_different_values(
- "azertyuiop",
+ "azertyuiop123",
"This password appears on public compromission databases and is not secure.",
)
with_different_values("a" * 1000, 'data-percent="25"')
@@ -259,8 +266,6 @@ def test_compromised_password_validator_with_failure_of_api_request_and_fail_to_
api_get.side_effect = mock.Mock(side_effect=Exception())
current_app.config["CANAILLE"]["SMTP"]["TLS"] = False
- assert not backend.query(models.User, user_name="newuser")
-
res = testclient.get("/profile/user/settings", status=200)
res.form.user = user
res.form["password1"] = "123456789"
@@ -286,6 +291,39 @@ def test_compromised_password_validator_with_failure_of_api_request_and_fail_to_
assert ("success", "Profile updated successfully.") in res.flashes
+@mock.patch("requests.api.get")
+def test_compromised_password_validator_with_failure_of_api_request_without_smtp_or_without_admin_email_from_settings_form(
+ api_get, testclient, backend, user, logged_user, caplog
+):
+ def without_smtp_or_without_admin_email(smtp, mail):
+ current_app.config["CANAILLE"]["ENABLE_PASSWORD_COMPROMISSION_CHECK"] = True
+ api_get.side_effect = mock.Mock(side_effect=Exception())
+ current_app.config["CANAILLE"]["SMTP"] = smtp
+ current_app.config["CANAILLE"]["ADMIN_EMAIL"] = mail
+
+ res = testclient.get("/profile/user/settings", status=200)
+ res.form.user = user
+ res.form["password1"] = "123456789"
+ res.form["password2"] = "123456789"
+
+ res = res.form.submit(name="action", value="edit-settings")
+
+ assert (
+ "canaille",
+ logging.ERROR,
+ "Password compromise investigation failed on HIBP API.",
+ ) in caplog.record_tuples
+ assert (
+ "error",
+ "Password compromise investigation failed. Please contact the administrators.",
+ ) not in res.flashes
+
+ without_smtp_or_without_admin_email(
+ None, current_app.config["CANAILLE"]["ADMIN_EMAIL"]
+ )
+ without_smtp_or_without_admin_email(current_app.config["CANAILLE"]["SMTP"], None)
+
+
def test_edition_without_groups(
testclient,
logged_user,
diff --git a/tests/core/test_registration.py b/tests/core/test_registration.py
index 4c36e135..d6de92e1 100644
--- a/tests/core/test_registration.py
+++ b/tests/core/test_registration.py
@@ -154,17 +154,24 @@ def test_registration_mail_error(SMTP, testclient, backend, smtpd, foo_group):
assert len(smtpd.messages) == 0
-def test_registration_with_compromised_password(testclient, backend):
+@mock.patch("requests.api.get")
+def test_registration_with_compromised_password(api_get, testclient, backend):
"""Tests a nominal registration with compromised password."""
current_app.config["CANAILLE"]["ENABLE_PASSWORD_COMPROMISSION_CHECK"] = True
testclient.app.config["CANAILLE"]["ENABLE_REGISTRATION"] = True
testclient.app.config["CANAILLE"]["EMAIL_CONFIRMATION"] = False
+ # This content simulates a result from the hibp api containing the suffixes of the following password hashes: 'password', '987654321', 'correct horse battery staple', 'zxcvbn123', 'azertyuiop123'
+ class Response:
+ content = b"1E4C9B93F3F0682250B6CF8331B7EE68FD8:3\r\nCAA6D483CC3887DCE9D1B8EB91408F1EA7A:3\r\nAD6438836DBE526AA231ABDE2D0EEF74D42:3\r\n8289894DDB6317178960AB5AE98B81BBF97:1\r\n5FF0B6F9EAC40D5CA7B4DAA7B64F0E6F4AA:2\r\n"
+
+ api_get.return_value = Response
+
assert not backend.query(models.User, user_name="newuser")
res = testclient.get(url_for("core.account.registration"), status=200)
res.form["user_name"] = "newuser"
- res.form["password1"] = "123456789"
- res.form["password2"] = "123456789"
+ res.form["password1"] = "987654321"
+ res.form["password2"] = "987654321"
res.form["family_name"] = "newuser"
res.form["emails-0"] = "newuser@example.com"
res = res.form.submit()
@@ -293,3 +300,77 @@ def test_compromised_password_validator_with_failure_of_api_request_and_fail_to_
user = backend.get(models.User, user_name="newuser")
assert user
backend.delete(user)
+
+
+@mock.patch("requests.api.get")
+def test_compromised_password_validator_with_failure_of_api_request_without_smtp_from_register_form(
+ api_get, testclient, backend, caplog
+):
+ current_app.config["CANAILLE"]["ENABLE_PASSWORD_COMPROMISSION_CHECK"] = True
+ api_get.side_effect = mock.Mock(side_effect=Exception())
+ testclient.app.config["CANAILLE"]["ENABLE_REGISTRATION"] = True
+ testclient.app.config["CANAILLE"]["EMAIL_CONFIRMATION"] = False
+
+ assert not backend.query(models.User, user_name="newuser")
+
+ current_app.config["CANAILLE"]["SMTP"] = None
+
+ res = testclient.get(url_for("core.account.registration"), status=200)
+ res.form["user_name"] = "newuser"
+ res.form["password1"] = "123456789"
+ res.form["password2"] = "123456789"
+ res.form["family_name"] = "newuser"
+ res.form["emails-0"] = "newuser@example.com"
+
+ res = res.form.submit()
+
+ assert (
+ "canaille",
+ logging.ERROR,
+ "Password compromise investigation failed on HIBP API.",
+ ) in caplog.record_tuples
+ assert (
+ "error",
+ "Password compromise investigation failed. Please contact the administrators.",
+ ) not in res.flashes
+
+ user = backend.get(models.User, user_name="newuser")
+ assert user
+ backend.delete(user)
+
+
+@mock.patch("requests.api.get")
+def test_compromised_password_validator_with_failure_of_api_request_without_admin_email_from_register_form(
+ api_get, testclient, backend, caplog
+):
+ current_app.config["CANAILLE"]["ENABLE_PASSWORD_COMPROMISSION_CHECK"] = True
+ api_get.side_effect = mock.Mock(side_effect=Exception())
+ testclient.app.config["CANAILLE"]["ENABLE_REGISTRATION"] = True
+ testclient.app.config["CANAILLE"]["EMAIL_CONFIRMATION"] = False
+
+ assert not backend.query(models.User, user_name="newuser")
+
+ current_app.config["CANAILLE"]["ADMIN_EMAIL"] = None
+
+ res = testclient.get(url_for("core.account.registration"), status=200)
+ res.form["user_name"] = "newuser"
+ res.form["password1"] = "123456789"
+ res.form["password2"] = "123456789"
+ res.form["family_name"] = "newuser"
+ res.form["emails-0"] = "newuser@example.com"
+
+ res = res.form.submit()
+
+ assert (
+ "canaille",
+ logging.ERROR,
+ "Password compromise investigation failed on HIBP API.",
+ ) in caplog.record_tuples
+ assert (
+ "error",
+ "Password compromise investigation failed. Please contact the administrators.",
+ ) not in res.flashes
+
+ user = backend.get(models.User, user_name="newuser")
+ assert user
+ backend.delete(user)