Revision 5f28aa14
b/snf-astakos-app/astakos/im/tests/auth.py | ||
---|---|---|
33 | 33 |
|
34 | 34 |
from astakos.im.tests.common import * |
35 | 35 |
|
36 |
ui_url = lambda url: '/' + astakos_settings.BASE_PATH + '/ui/%s' % url |
|
37 |
|
|
36 | 38 |
|
37 | 39 |
class ShibbolethTests(TestCase): |
38 | 40 |
""" |
... | ... | |
54 | 56 |
|
55 | 57 |
# shibboleth views validation |
56 | 58 |
# eepn required |
57 |
r = client.get('/im/login/shibboleth?', follow=True)
|
|
59 |
r = client.get(ui_url('login/shibboleth?'), follow=True)
|
|
58 | 60 |
self.assertContains(r, messages.SHIBBOLETH_MISSING_EPPN % { |
59 | 61 |
'domain': astakos_settings.BASE_URL, |
60 | 62 |
'contact_email': settings.CONTACT_EMAIL |
... | ... | |
63 | 65 |
|
64 | 66 |
astakos_settings.SHIBBOLETH_REQUIRE_NAME_INFO = True |
65 | 67 |
# shibboleth user info required |
66 |
r = client.get('/im/login/shibboleth?', follow=True)
|
|
68 |
r = client.get(ui_url('login/shibboleth?'), follow=True)
|
|
67 | 69 |
self.assertContains(r, messages.SHIBBOLETH_MISSING_NAME) |
68 | 70 |
astakos_settings.SHIBBOLETH_REQUIRE_NAME_INFO = False |
69 | 71 |
|
... | ... | |
71 | 73 |
client.set_tokens(mail="kpap@synnefo.org", eppn="kpapeppn", |
72 | 74 |
cn="Kostas Papadimitriou", |
73 | 75 |
ep_affiliation="Test Affiliation") |
74 |
r = client.get('/im/login/shibboleth?', follow=True)
|
|
76 |
r = client.get(ui_url('login/shibboleth?'), follow=True)
|
|
75 | 77 |
token = PendingThirdPartyUser.objects.get().token |
76 |
self.assertRedirects(r, '/im/signup?third_party_token=%s' % token)
|
|
78 |
self.assertRedirects(r, ui_url('signup?third_party_token=%s' % token))
|
|
77 | 79 |
self.assertEqual(r.status_code, 200) |
78 | 80 |
|
79 | 81 |
# a new pending user created |
... | ... | |
86 | 88 |
client.reset_tokens() |
87 | 89 |
|
88 | 90 |
# this is the old way, it should fail, to avoid pending user take over |
89 |
r = client.get('/im/shibboleth/signup/%s' % pending_user.username)
|
|
91 |
r = client.get(ui_url('shibboleth/signup/%s' % pending_user.username))
|
|
90 | 92 |
self.assertEqual(r.status_code, 404) |
91 | 93 |
|
92 | 94 |
# this is the signup unique url associated with the pending user |
93 | 95 |
# created |
94 |
r = client.get('/im/signup/?third_party_token=%s' % token)
|
|
96 |
r = client.get(ui_url('signup/?third_party_token=%s' % token))
|
|
95 | 97 |
identifier = pending_user.third_party_identifier |
96 | 98 |
post_data = {'third_party_identifier': identifier, |
97 | 99 |
'first_name': 'Kostas', |
... | ... | |
133 | 135 |
# login (not activated yet) |
134 | 136 |
client.set_tokens(mail="kpap@synnefo.org", eppn="kpapeppn", |
135 | 137 |
cn="Kostas Papadimitriou", ) |
136 |
r = client.get("/im/login/shibboleth?", follow=True)
|
|
138 |
r = client.get(ui_url("login/shibboleth?"), follow=True)
|
|
137 | 139 |
self.assertContains(r, 'is pending moderation') |
138 | 140 |
|
139 | 141 |
# admin activates the user |
... | ... | |
146 | 148 |
self.assertEqual(u.is_active, True) |
147 | 149 |
|
148 | 150 |
# we see our profile |
149 |
r = client.get("/im/login/shibboleth?", follow=True)
|
|
150 |
self.assertRedirects(r, '/im/landing')
|
|
151 |
r = client.get(ui_url("login/shibboleth?"), follow=True)
|
|
152 |
self.assertRedirects(r, ui_url('landing'))
|
|
151 | 153 |
self.assertEqual(r.status_code, 200) |
152 | 154 |
|
153 | 155 |
def test_existing(self): |
... | ... | |
172 | 174 |
# shibboleth logged us in, notice that we use different email |
173 | 175 |
client.set_tokens(mail="kpap@shibboleth.gr", eppn="kpapeppn", |
174 | 176 |
cn="Kostas Papadimitriou", ) |
175 |
r = client.get("/im/login/shibboleth?", follow=True)
|
|
177 |
r = client.get(ui_url("login/shibboleth?"), follow=True)
|
|
176 | 178 |
|
177 | 179 |
# a new pending user created |
178 | 180 |
pending_user = PendingThirdPartyUser.objects.get() |
... | ... | |
180 | 182 |
self.assertEqual(PendingThirdPartyUser.objects.count(), 1) |
181 | 183 |
pending_key = pending_user.token |
182 | 184 |
client.reset_tokens() |
183 |
self.assertRedirects(r, "/im/signup?third_party_token=%s" % token)
|
|
185 |
self.assertRedirects(r, ui_url("signup?third_party_token=%s" % token))
|
|
184 | 186 |
|
185 | 187 |
form = r.context['login_form'] |
186 | 188 |
signupdata = copy.copy(form.initial) |
... | ... | |
190 | 192 |
signupdata.pop('id', None) |
191 | 193 |
|
192 | 194 |
# the email exists to another user |
193 |
r = client.post("/im/signup", signupdata)
|
|
195 |
r = client.post(ui_url("signup"), signupdata)
|
|
194 | 196 |
self.assertContains(r, "There is already an account with this email " |
195 | 197 |
"address") |
196 | 198 |
# change the case, still cannot create |
197 | 199 |
signupdata['email'] = 'KPAP@synnefo.org' |
198 |
r = client.post("/im/signup", signupdata)
|
|
200 |
r = client.post(ui_url("signup"), signupdata)
|
|
199 | 201 |
self.assertContains(r, "There is already an account with this email " |
200 | 202 |
"address") |
201 | 203 |
# inactive user |
202 | 204 |
signupdata['email'] = 'KPAP-inactive@synnefo.org' |
203 |
r = client.post("/im/signup", signupdata)
|
|
205 |
r = client.post(ui_url("signup"), signupdata)
|
|
204 | 206 |
self.assertContains(r, "There is already an account with this email " |
205 | 207 |
"address") |
206 | 208 |
|
207 | 209 |
# unverified user, this should pass, old entry will be deleted |
208 | 210 |
signupdata['email'] = 'KAPAP-unverified@synnefo.org' |
209 |
r = client.post("/im/signup", signupdata)
|
|
211 |
r = client.post(ui_url("signup"), signupdata)
|
|
210 | 212 |
|
211 | 213 |
post_data = {'password': 'password', |
212 | 214 |
'username': 'kpap@synnefo.org'} |
213 |
r = client.post('/im/local', post_data, follow=True)
|
|
215 |
r = client.post(ui_url('local'), post_data, follow=True)
|
|
214 | 216 |
self.assertTrue(r.context['request'].user.is_authenticated()) |
215 | 217 |
client.set_tokens(mail="kpap@shibboleth.gr", eppn="kpapeppn", |
216 | 218 |
cn="Kostas Papadimitriou", ) |
217 |
r = client.get("/im/login/shibboleth?", follow=True)
|
|
219 |
r = client.get(ui_url("login/shibboleth?"), follow=True)
|
|
218 | 220 |
self.assertContains(r, "enabled for this account") |
219 | 221 |
client.reset_tokens() |
220 | 222 |
|
... | ... | |
227 | 229 |
# look Ma, i can login with both my shibboleth and local account |
228 | 230 |
client.set_tokens(mail="kpap@shibboleth.gr", eppn="kpapeppn", |
229 | 231 |
cn="Kostas Papadimitriou") |
230 |
r = client.get("/im/login/shibboleth?", follow=True)
|
|
232 |
r = client.get(ui_url("login/shibboleth?"), follow=True)
|
|
231 | 233 |
self.assertTrue(r.context['request'].user.is_authenticated()) |
232 | 234 |
self.assertTrue(r.context['request'].user.email == "kpap@synnefo.org") |
233 |
self.assertRedirects(r, '/im/landing')
|
|
235 |
self.assertRedirects(r, ui_url('landing'))
|
|
234 | 236 |
self.assertEqual(r.status_code, 200) |
235 | 237 |
client.logout() |
236 | 238 |
client.reset_tokens() |
237 | 239 |
|
238 | 240 |
# logged out |
239 |
r = client.get("/im/profile", follow=True)
|
|
241 |
r = client.get(ui_url("profile"), follow=True)
|
|
240 | 242 |
self.assertFalse(r.context['request'].user.is_authenticated()) |
241 | 243 |
|
242 | 244 |
# login with local account also works |
243 | 245 |
post_data = {'password': 'password', |
244 | 246 |
'username': 'kpap@synnefo.org'} |
245 |
r = self.client.post('/im/local', post_data, follow=True)
|
|
247 |
r = self.client.post(ui_url('local'), post_data, follow=True)
|
|
246 | 248 |
self.assertTrue(r.context['request'].user.is_authenticated()) |
247 | 249 |
self.assertTrue(r.context['request'].user.email == "kpap@synnefo.org") |
248 |
self.assertRedirects(r, '/im/landing')
|
|
250 |
self.assertRedirects(r, ui_url('landing'))
|
|
249 | 251 |
self.assertEqual(r.status_code, 200) |
250 | 252 |
|
251 | 253 |
# cannot add the same eppn |
252 | 254 |
client.set_tokens(mail="secondary@shibboleth.gr", eppn="kpapeppn", |
253 | 255 |
cn="Kostas Papadimitriou", ) |
254 |
r = client.get("/im/login/shibboleth?", follow=True)
|
|
255 |
self.assertRedirects(r, '/im/landing')
|
|
256 |
r = client.get(ui_url("login/shibboleth?"), follow=True)
|
|
257 |
self.assertRedirects(r, ui_url('landing'))
|
|
256 | 258 |
self.assertTrue(r.status_code, 200) |
257 | 259 |
self.assertEquals(existing_user.auth_providers.count(), 2) |
258 | 260 |
|
... | ... | |
260 | 262 |
client.set_tokens(mail="secondary@shibboleth.gr", eppn="kpapeppn2", |
261 | 263 |
cn="Kostas Papadimitriou", ep_affiliation="affil2") |
262 | 264 |
prov = auth_providers.get_provider('shibboleth') |
263 |
r = client.get("/im/login/shibboleth?", follow=True)
|
|
265 |
r = client.get(ui_url("login/shibboleth?"), follow=True)
|
|
264 | 266 |
self.assertContains(r, "Failed to add") |
265 |
self.assertRedirects(r, '/im/profile')
|
|
267 |
self.assertRedirects(r, ui_url('profile'))
|
|
266 | 268 |
self.assertTrue(r.status_code, 200) |
267 | 269 |
self.assertEquals(existing_user.auth_providers.count(), 2) |
268 | 270 |
client.logout() |
... | ... | |
271 | 273 |
# cannot login with another eppn |
272 | 274 |
client.set_tokens(mail="kpap@synnefo.org", eppn="kpapeppninvalid", |
273 | 275 |
cn="Kostas Papadimitriou") |
274 |
r = client.get("/im/login/shibboleth?", follow=True)
|
|
276 |
r = client.get(ui_url("login/shibboleth?"), follow=True)
|
|
275 | 277 |
self.assertFalse(r.context['request'].user.is_authenticated()) |
276 | 278 |
|
277 | 279 |
# cannot |
... | ... | |
284 | 286 |
'kpapeppn').get_remove_url |
285 | 287 |
client.set_tokens(mail="kpap@shibboleth.gr", eppn="kpapeppn", |
286 | 288 |
cn="Kostas Papadimtriou") |
287 |
r = client.get("/im/login/shibboleth?", follow=True)
|
|
289 |
r = client.get(ui_url("login/shibboleth?"), follow=True)
|
|
288 | 290 |
client.reset_tokens() |
289 | 291 |
|
290 | 292 |
# only POST is allowed (for CSRF protection) |
... | ... | |
302 | 304 |
# cannot login using local credentials (notice we use another client) |
303 | 305 |
post_data = {'password': 'password', |
304 | 306 |
'username': 'kpap@synnefo.org'} |
305 |
r = self.client.post('/im/local', post_data, follow=True)
|
|
307 |
r = self.client.post(ui_url('local'), post_data, follow=True)
|
|
306 | 308 |
self.assertFalse(r.context['request'].user.is_authenticated()) |
307 | 309 |
|
308 | 310 |
# we can reenable the local provider by setting a password |
309 |
r = client.get("/im/password_change", follow=True)
|
|
310 |
r = client.post("/im/password_change", {'new_password1': '111',
|
|
311 |
r = client.get(ui_url("password_change"), follow=True)
|
|
312 |
r = client.post(ui_url("password_change"), {'new_password1': '111',
|
|
311 | 313 |
'new_password2': '111'}, |
312 | 314 |
follow=True) |
313 | 315 |
user = r.context['request'].user |
... | ... | |
320 | 322 |
# now we can login |
321 | 323 |
post_data = {'password': '111', |
322 | 324 |
'username': 'kpap@synnefo.org'} |
323 |
r = self.client.post('/im/local', post_data, follow=True)
|
|
325 |
r = self.client.post(ui_url('local'), post_data, follow=True)
|
|
324 | 326 |
self.assertTrue(r.context['request'].user.is_authenticated()) |
325 | 327 |
|
326 | 328 |
client.reset_tokens() |
... | ... | |
331 | 333 |
# login |
332 | 334 |
client.set_tokens(mail="kpap@shibboleth.gr", eppn="kpapeppn", |
333 | 335 |
cn="Kostas Papadimitriou") |
334 |
r = client.get("/im/login/shibboleth?", follow=True)
|
|
336 |
r = client.get(ui_url("login/shibboleth?"), follow=True)
|
|
335 | 337 |
# try to assign existing shibboleth identifier of another user |
336 | 338 |
client.set_tokens(mail="kpap_second@shibboleth.gr", |
337 | 339 |
eppn="existingeppn", cn="Kostas Papadimitriou") |
338 |
r = client.get("/im/login/shibboleth?", follow=True)
|
|
340 |
r = client.get(ui_url("login/shibboleth?"), follow=True)
|
|
339 | 341 |
self.assertContains(r, "is already in use") |
340 | 342 |
|
341 | 343 |
|
... | ... | |
356 | 358 |
astakos_settings.MODERATION_ENABLED = False |
357 | 359 |
|
358 | 360 |
# create a new user |
359 |
r = self.client.get("/im/signup")
|
|
361 |
r = self.client.get(ui_url("signup"))
|
|
360 | 362 |
self.assertEqual(r.status_code, 200) |
361 | 363 |
data = {'email': 'kpap@synnefo.org', 'password1': 'password', |
362 | 364 |
'password2': 'password', 'first_name': 'Kostas', |
363 | 365 |
'last_name': 'Mitroglou', 'provider': 'local'} |
364 |
r = self.client.post("/im/signup", data)
|
|
366 |
r = self.client.post(ui_url("signup"), data)
|
|
365 | 367 |
|
366 | 368 |
# user created |
367 | 369 |
self.assertEqual(AstakosUser.objects.count(), 1) |
... | ... | |
417 | 419 |
self.helpdesk_email = astakos_settings.HELPDESK[0][1] |
418 | 420 |
|
419 | 421 |
# create a user |
420 |
r = self.client.get("/im/signup")
|
|
422 |
r = self.client.get(ui_url("signup"))
|
|
421 | 423 |
self.assertEqual(r.status_code, 200) |
422 | 424 |
data = {'email': 'kpap@synnefo.org', 'password1': 'password', |
423 | 425 |
'password2': 'password', 'first_name': 'Kostas', |
424 | 426 |
'last_name': 'Mitroglou', 'provider': 'local'} |
425 |
r = self.client.post("/im/signup", data)
|
|
427 |
r = self.client.post(ui_url("signup"), data)
|
|
426 | 428 |
|
427 | 429 |
# user created |
428 | 430 |
self.assertEqual(AstakosUser.objects.count(), 1) |
... | ... | |
438 | 440 |
|
439 | 441 |
# admin gets notified and activates the user from the command line |
440 | 442 |
self.assertEqual(len(get_mailbox('kpap@synnefo.org')), 1) |
441 |
r = self.client.post('/im/local', {'username': 'kpap@synnefo.org',
|
|
443 |
r = self.client.post(ui_url('local'), {'username': 'kpap@synnefo.org',
|
|
442 | 444 |
'password': 'password'}, |
443 | 445 |
follow=True) |
444 | 446 |
self.assertContains(r, messages.VERIFICATION_SENT) |
... | ... | |
459 | 461 |
data = {'email': 'KPAP@synnefo.org', 'password1': 'password', |
460 | 462 |
'password2': 'password', 'first_name': 'Kostas', |
461 | 463 |
'last_name': 'Mitroglou', 'provider': 'local'} |
462 |
r = self.client.post("/im/signup", data, follow=True)
|
|
464 |
r = self.client.post(ui_url("signup"), data, follow=True)
|
|
463 | 465 |
self.assertRedirects(r, reverse('index')) |
464 | 466 |
self.assertContains(r, messages.VERIFICATION_SENT) |
465 | 467 |
|
... | ... | |
471 | 473 |
self.assertEqual(len(get_mailbox('KPAP@synnefo.org')), 1) |
472 | 474 |
|
473 | 475 |
# hmmm, email exists; lets request a password change |
474 |
r = self.client.get('/im/local/password_reset')
|
|
476 |
r = self.client.get(ui_url('local/password_reset'))
|
|
475 | 477 |
self.assertEqual(r.status_code, 200) |
476 | 478 |
data = {'email': 'kpap@synnefo.org'} |
477 |
r = self.client.post('/im/local/password_reset', data, follow=True)
|
|
479 |
r = self.client.post(ui_url('local/password_reset'), data, follow=True)
|
|
478 | 480 |
# she can't because account is not active yet |
479 | 481 |
self.assertContains(r, 'pending activation') |
480 | 482 |
|
481 | 483 |
# moderation is enabled and an activation email has already been sent |
482 | 484 |
# so user can trigger resend of the activation email |
483 |
r = self.client.get('/im/send/activation/%d' % user.pk, follow=True) |
|
485 |
r = self.client.get(ui_url('send/activation/%d' % user.pk), |
|
486 |
follow=True) |
|
484 | 487 |
self.assertContains(r, 'has been sent to your email address.') |
485 | 488 |
self.assertEqual(len(get_mailbox('KPAP@synnefo.org')), 2) |
486 | 489 |
|
487 | 490 |
# also she cannot login |
488 | 491 |
data = {'username': 'kpap@synnefo.org', 'password': 'password'} |
489 |
r = self.client.post('/im/local', data, follow=True)
|
|
492 |
r = self.client.post(ui_url('local'), data, follow=True)
|
|
490 | 493 |
self.assertContains(r, 'Resend activation') |
491 | 494 |
self.assertFalse(r.context['request'].user.is_authenticated()) |
492 | 495 |
self.assertFalse('_pithos2_a' in self.client.cookies) |
493 | 496 |
|
494 | 497 |
# user sees the message and resends activation |
495 |
r = self.client.get('/im/send/activation/%d' % user.pk, follow=True) |
|
498 |
r = self.client.get(ui_url('send/activation/%d' % user.pk), |
|
499 |
follow=True) |
|
496 | 500 |
self.assertEqual(len(get_mailbox('KPAP@synnefo.org')), 3) |
497 | 501 |
|
498 | 502 |
# logged in user cannot activate another account |
... | ... | |
522 | 526 |
self.assertEqual(len(get_mailbox(self.helpdesk_email)), 2) |
523 | 527 |
|
524 | 528 |
user = AstakosUser.objects.get(email="KPAP@synnefo.org") |
525 |
r = self.client.get('/im/profile', follow=True)
|
|
529 |
r = self.client.get(ui_url('profile'), follow=True)
|
|
526 | 530 |
self.assertFalse(r.context['request'].user.is_authenticated()) |
527 | 531 |
self.assertFalse('_pithos2_a' in self.client.cookies) |
528 | 532 |
self.assertEqual(len(get_mailbox('KPAP@synnefo.org')), 4) |
529 | 533 |
|
530 | 534 |
user = AstakosUser.objects.get(pk=user.pk) |
531 |
r = self.client.post('/im/local', {'username': 'kpap@synnefo.org',
|
|
532 |
'password': 'password'}, |
|
535 |
r = self.client.post(ui_url('local'), {'username': 'kpap@synnefo.org',
|
|
536 |
'password': 'password'},
|
|
533 | 537 |
follow=True) |
534 | 538 |
# user activated and logged in, token cookie set |
535 | 539 |
self.assertTrue(r.context['request'].user.is_authenticated()) |
... | ... | |
537 | 541 |
cookies = self.client.cookies |
538 | 542 |
self.assertTrue(quote(user.auth_token) in |
539 | 543 |
cookies.get('_pithos2_a').value) |
540 |
r = self.client.get('/im/logout', follow=True)
|
|
541 |
r = self.client.get('/im/')
|
|
544 |
r = self.client.get(ui_url('logout'), follow=True)
|
|
545 |
r = self.client.get(ui_url(''))
|
|
542 | 546 |
# user logged out, token cookie removed |
543 | 547 |
self.assertFalse(r.context['request'].user.is_authenticated()) |
544 | 548 |
self.assertFalse(self.client.cookies.get('_pithos2_a').value) |
... | ... | |
547 | 551 |
del self.client.cookies['_pithos2_a'] |
548 | 552 |
|
549 | 553 |
# user can login |
550 |
r = self.client.post('/im/local', {'username': 'kpap@synnefo.org',
|
|
551 |
'password': 'password'}, |
|
554 |
r = self.client.post(ui_url('local'), {'username': 'kpap@synnefo.org',
|
|
555 |
'password': 'password'},
|
|
552 | 556 |
follow=True) |
553 | 557 |
self.assertTrue(r.context['request'].user.is_authenticated()) |
554 | 558 |
self.assertTrue('_pithos2_a' in self.client.cookies) |
555 | 559 |
cookies = self.client.cookies |
556 | 560 |
self.assertTrue(quote(user.auth_token) in |
557 | 561 |
cookies.get('_pithos2_a').value) |
558 |
self.client.get('/im/logout', follow=True)
|
|
562 |
self.client.get(ui_url('logout'), follow=True)
|
|
559 | 563 |
|
560 | 564 |
# user forgot password |
561 | 565 |
old_pass = user.password |
562 |
r = self.client.get('/im/local/password_reset')
|
|
566 |
r = self.client.get(ui_url('local/password_reset'))
|
|
563 | 567 |
self.assertEqual(r.status_code, 200) |
564 |
r = self.client.post('/im/local/password_reset', {'email':
|
|
565 |
'kpap@synnefo.org'})
|
|
568 |
r = self.client.post(ui_url('local/password_reset'),
|
|
569 |
{'email': 'kpap@synnefo.org'})
|
|
566 | 570 |
self.assertEqual(r.status_code, 302) |
567 | 571 |
# email sent |
568 | 572 |
self.assertEqual(len(get_mailbox('KPAP@synnefo.org')), 5) |
... | ... | |
578 | 582 |
self.assertNotEqual(old_pass, user.password) |
579 | 583 |
|
580 | 584 |
# old pass is not usable |
581 |
r = self.client.post('/im/local', {'username': 'kpap@synnefo.org',
|
|
582 |
'password': 'password'}) |
|
585 |
r = self.client.post(ui_url('local'), {'username': 'kpap@synnefo.org',
|
|
586 |
'password': 'password'})
|
|
583 | 587 |
self.assertContains(r, 'Please enter a correct username and password') |
584 |
r = self.client.post('/im/local', {'username': 'kpap@synnefo.org',
|
|
585 |
'password': 'newpass'}, |
|
588 |
r = self.client.post(ui_url('local'), {'username': 'kpap@synnefo.org',
|
|
589 |
'password': 'newpass'},
|
|
586 | 590 |
follow=True) |
587 | 591 |
self.assertTrue(r.context['request'].user.is_authenticated()) |
588 | 592 |
self.client.logout() |
... | ... | |
593 | 597 |
user.save() |
594 | 598 |
|
595 | 599 |
# non astakos local backends do not support password reset |
596 |
r = self.client.get('/im/local/password_reset')
|
|
600 |
r = self.client.get(ui_url('local/password_reset'))
|
|
597 | 601 |
self.assertEqual(r.status_code, 200) |
598 |
r = self.client.post('/im/local/password_reset', {'email':
|
|
599 |
'kpap@synnefo.org'})
|
|
602 |
r = self.client.post(ui_url('local/password_reset'),
|
|
603 |
{'email': 'kpap@synnefo.org'})
|
|
600 | 604 |
# she can't because account is not active yet |
601 | 605 |
self.assertContains(r, "Changing password is not") |
602 | 606 |
|
... | ... | |
612 | 616 |
|
613 | 617 |
# login as kpap |
614 | 618 |
self.client.login(username='kpap@synnefo.org', password='password') |
615 |
r = self.client.get('/im/profile', follow=True)
|
|
619 |
r = self.client.get(ui_url('profile'), follow=True)
|
|
616 | 620 |
user = r.context['request'].user |
617 | 621 |
self.assertTrue(user.is_authenticated()) |
618 | 622 |
|
619 | 623 |
# change email is enabled |
620 |
r = self.client.get('/im/email_change')
|
|
624 |
r = self.client.get(ui_url('email_change'))
|
|
621 | 625 |
self.assertEqual(r.status_code, 200) |
622 | 626 |
self.assertFalse(user.email_change_is_pending()) |
623 | 627 |
|
624 | 628 |
# request email change to an existing email fails |
625 | 629 |
data = {'new_email_address': 'existing@synnefo.org'} |
626 |
r = self.client.post('/im/email_change', data)
|
|
630 |
r = self.client.post(ui_url('email_change'), data)
|
|
627 | 631 |
self.assertContains(r, messages.EMAIL_USED) |
628 | 632 |
|
629 | 633 |
# proper email change |
630 | 634 |
data = {'new_email_address': 'kpap@gmail.com'} |
631 |
r = self.client.post('/im/email_change', data, follow=True)
|
|
632 |
self.assertRedirects(r, '/im/profile')
|
|
635 |
r = self.client.post(ui_url('email_change'), data, follow=True)
|
|
636 |
self.assertRedirects(r, ui_url('profile'))
|
|
633 | 637 |
self.assertContains(r, messages.EMAIL_CHANGE_REGISTERED) |
634 | 638 |
change1 = EmailChange.objects.get() |
635 | 639 |
|
636 | 640 |
# user sees a warning |
637 |
r = self.client.get('/im/email_change')
|
|
641 |
r = self.client.get(ui_url('email_change'))
|
|
638 | 642 |
self.assertEqual(r.status_code, 200) |
639 | 643 |
self.assertContains(r, messages.PENDING_EMAIL_CHANGE_REQUEST) |
640 | 644 |
self.assertTrue(user.email_change_is_pending()) |
... | ... | |
645 | 649 |
|
646 | 650 |
# proper email change |
647 | 651 |
data = {'new_email_address': 'kpap@yahoo.com'} |
648 |
r = self.client.post('/im/email_change', data, follow=True)
|
|
649 |
self.assertRedirects(r, '/im/profile')
|
|
652 |
r = self.client.post(ui_url('email_change'), data, follow=True)
|
|
653 |
self.assertRedirects(r, ui_url('profile'))
|
|
650 | 654 |
self.assertContains(r, messages.EMAIL_CHANGE_REGISTERED) |
651 | 655 |
self.assertEqual(len(get_mailbox('kpap@synnefo.org')), 0) |
652 | 656 |
self.assertEqual(len(get_mailbox('kpap@yahoo.com')), 1) |
... | ... | |
657 | 661 |
self.client.logout() |
658 | 662 |
|
659 | 663 |
invalid_client = Client() |
660 |
r = invalid_client.post('/im/local?',
|
|
664 |
r = invalid_client.post(ui_url('local?'),
|
|
661 | 665 |
{'username': 'existing@synnefo.org', |
662 | 666 |
'password': 'password'}) |
663 | 667 |
r = invalid_client.get(change2.get_url(), follow=True) |
664 | 668 |
self.assertEquals(r.status_code, 403) |
665 | 669 |
|
666 |
r = self.client.post('/im/local?next=' + change2.get_url(),
|
|
670 |
r = self.client.post(ui_url('local?next=' + change2.get_url()),
|
|
667 | 671 |
{'username': 'kpap@synnefo.org', |
668 | 672 |
'password': 'password', |
669 | 673 |
'next': change2.get_url()}, |
670 | 674 |
follow=True) |
671 |
self.assertRedirects(r, '/im/profile')
|
|
675 |
self.assertRedirects(r, ui_url('profile'))
|
|
672 | 676 |
user = r.context['request'].user |
673 | 677 |
self.assertEquals(user.email, 'kpap@yahoo.com') |
674 | 678 |
self.assertEquals(user.username, 'kpap@yahoo.com') |
675 | 679 |
|
676 | 680 |
self.client.logout() |
677 |
r = self.client.post('/im/local?next=' + change2.get_url(),
|
|
681 |
r = self.client.post(ui_url('local?next=' + change2.get_url()),
|
|
678 | 682 |
{'username': 'kpap@synnefo.org', |
679 | 683 |
'password': 'password', |
680 | 684 |
'next': change2.get_url()}, |
... | ... | |
682 | 686 |
self.assertContains(r, "Please enter a correct username and password") |
683 | 687 |
self.assertEqual(user.emailchanges.count(), 0) |
684 | 688 |
|
689 |
AstakosUser.objects.all().delete() |
|
690 |
Group.objects.all().delete() |
|
691 |
|
|
685 | 692 |
|
686 | 693 |
class TestAuthProviderViews(TestCase): |
687 | 694 |
|
... | ... | |
719 | 726 |
# new academic user |
720 | 727 |
self.assertFalse(academic_users.filter(email='newuser@synnefo.org')) |
721 | 728 |
cl_newuser.set_tokens(eppn="newusereppn") |
722 |
r = cl_newuser.get('/im/login/shibboleth?', follow=True)
|
|
729 |
r = cl_newuser.get(ui_url('login/shibboleth?'), follow=True)
|
|
723 | 730 |
pending = Pending.objects.get() |
724 | 731 |
identifier = pending.third_party_identifier |
725 | 732 |
signup_data = {'third_party_identifier': identifier, |
... | ... | |
727 | 734 |
'third_party_token': pending.token, |
728 | 735 |
'last_name': 'New User', |
729 | 736 |
'provider': 'shibboleth'} |
730 |
r = cl_newuser.post('/im/signup', signup_data)
|
|
737 |
r = cl_newuser.post(ui_url('signup'), signup_data)
|
|
731 | 738 |
self.assertContains(r, "This field is required", ) |
732 | 739 |
signup_data['email'] = 'olduser@synnefo.org' |
733 |
r = cl_newuser.post('/im/signup', signup_data)
|
|
740 |
r = cl_newuser.post(ui_url('signup'), signup_data)
|
|
734 | 741 |
self.assertContains(r, "already an account with this email", ) |
735 | 742 |
signup_data['email'] = 'newuser@synnefo.org' |
736 |
r = cl_newuser.post('/im/signup', signup_data, follow=True)
|
|
737 |
r = cl_newuser.post('/im/signup', signup_data, follow=True)
|
|
743 |
r = cl_newuser.post(ui_url('signup'), signup_data, follow=True)
|
|
744 |
r = cl_newuser.post(ui_url('signup'), signup_data, follow=True)
|
|
738 | 745 |
self.assertEqual(r.status_code, 404) |
739 | 746 |
newuser = User.objects.get(email="newuser@synnefo.org") |
740 | 747 |
activation_link = newuser.get_activation_url() |
... | ... | |
747 | 754 |
'password1': 'password', |
748 | 755 |
'password2': 'password'} |
749 | 756 |
signup_data['email'] = 'olduser@synnefo.org' |
750 |
r = cl_newuser2.post('/im/signup', signup_data)
|
|
757 |
r = cl_newuser2.post(ui_url('signup'), signup_data)
|
|
751 | 758 |
self.assertContains(r, 'There is already an account with this ' |
752 | 759 |
'email address') |
753 | 760 |
signup_data['email'] = 'newuser@synnefo.org' |
754 |
r = cl_newuser2.post('/im/signup/', signup_data)
|
|
761 |
r = cl_newuser2.post(ui_url('signup/'), signup_data)
|
|
755 | 762 |
self.assertFalse(academic_users.filter(email='newuser@synnefo.org')) |
756 | 763 |
r = self.client.get(activation_link, follow=True) |
757 | 764 |
self.assertEqual(r.status_code, 404) |
... | ... | |
761 | 768 |
# activation sent, user didn't open verification url so additional |
762 | 769 |
# registrations invalidate the previous signups. |
763 | 770 |
self.assertFalse(academic_users.filter(email='newuser@synnefo.org')) |
764 |
r = cl_newuser.get('/im/login/shibboleth?', follow=True)
|
|
771 |
r = cl_newuser.get(ui_url('login/shibboleth?'), follow=True)
|
|
765 | 772 |
pending = Pending.objects.get() |
766 | 773 |
identifier = pending.third_party_identifier |
767 | 774 |
signup_data = {'third_party_identifier': identifier, |
... | ... | |
770 | 777 |
'last_name': 'New User', |
771 | 778 |
'provider': 'shibboleth'} |
772 | 779 |
signup_data['email'] = 'newuser@synnefo.org' |
773 |
r = cl_newuser.post('/im/signup', signup_data)
|
|
780 |
r = cl_newuser.post(ui_url('signup'), signup_data)
|
|
774 | 781 |
self.assertEqual(r.status_code, 302) |
775 | 782 |
newuser = User.objects.get(email="newuser@synnefo.org") |
776 | 783 |
self.assertTrue(newuser.activation_sent) |
777 | 784 |
activation_link = newuser.get_activation_url() |
778 | 785 |
self.assertTrue(academic_users.get(email='newuser@synnefo.org')) |
779 | 786 |
r = cl_newuser.get(newuser.get_activation_url(), follow=True) |
780 |
self.assertRedirects(r, '/im/landing')
|
|
787 |
self.assertRedirects(r, ui_url('landing'))
|
|
781 | 788 |
newuser = User.objects.get(email="newuser@synnefo.org") |
782 | 789 |
self.assertEqual(newuser.is_active, True) |
783 | 790 |
self.assertEqual(newuser.email_verified, True) |
... | ... | |
794 | 801 |
newuser.is_active = True |
795 | 802 |
newuser.save() |
796 | 803 |
|
797 |
cl_newuser.get('/im/login/shibboleth?', follow=True)
|
|
804 |
cl_newuser.get(ui_url('login/shibboleth?'), follow=True)
|
|
798 | 805 |
local = auth.get_provider('local', newuser) |
799 | 806 |
self.assertEqual(local.get_add_policy, False) |
800 | 807 |
self.assertEqual(local.get_login_policy, False) |
801 | 808 |
r = cl_newuser.get(local.get_add_url, follow=True) |
802 |
self.assertRedirects(r, '/im/profile')
|
|
809 |
self.assertRedirects(r, ui_url('profile'))
|
|
803 | 810 |
self.assertContains(r, 'disabled for your') |
804 | 811 |
|
805 | 812 |
cl_olduser.login(username='olduser@synnefo.org', password="password") |
806 |
r = cl_olduser.get('/im/profile', follow=True)
|
|
813 |
r = cl_olduser.get(ui_url('profile'), follow=True)
|
|
807 | 814 |
self.assertEqual(r.status_code, 200) |
808 |
r = cl_olduser.get('/im/login/shibboleth?', follow=True)
|
|
815 |
r = cl_olduser.get(ui_url('login/shibboleth?'), follow=True)
|
|
809 | 816 |
self.assertContains(r, 'Your request is missing a unique token') |
810 | 817 |
cl_olduser.set_tokens(eppn="newusereppn") |
811 |
r = cl_olduser.get('/im/login/shibboleth?', follow=True)
|
|
818 |
r = cl_olduser.get(ui_url('login/shibboleth?'), follow=True)
|
|
812 | 819 |
self.assertContains(r, 'already in use') |
813 | 820 |
cl_olduser.set_tokens(eppn="oldusereppn") |
814 |
r = cl_olduser.get('/im/login/shibboleth?', follow=True)
|
|
821 |
r = cl_olduser.get(ui_url('login/shibboleth?'), follow=True)
|
|
815 | 822 |
self.assertContains(r, 'Academic login enabled for this account') |
816 | 823 |
|
817 | 824 |
user = User.objects.get(email="olduser@synnefo.org") |
... | ... | |
834 | 841 |
cl_olduser.logout() |
835 | 842 |
login_data = {'username': 'olduser@synnefo.org', |
836 | 843 |
'password': 'password'} |
837 |
r = cl_olduser.post('/im/local', login_data, follow=True)
|
|
838 |
self.assertContains(r, "href='/im/login/shibboleth'>Academic login")
|
|
844 |
r = cl_olduser.post(ui_url('local'), login_data, follow=True)
|
|
845 |
self.assertContains(r, "login/shibboleth'>Academic login") |
|
839 | 846 |
Group.objects.all().delete() |
840 | 847 |
|
841 | 848 |
|
... | ... | |
1111 | 1118 |
|
1112 | 1119 |
def setUp(self): |
1113 | 1120 |
# dummy call to pass through logging middleware |
1114 |
self.client.get('/im/')
|
|
1121 |
self.client.get(ui_url(''))
|
|
1115 | 1122 |
|
1116 | 1123 |
@im_settings(RE_USER_EMAIL_PATTERNS=['.*@synnefo.org']) |
1117 | 1124 |
@shibboleth_settings(AUTOMODERATE_POLICY=True) |
Also available in: Unified diff