Revision 5f28aa14
| b/snf-astakos-app/astakos/im/tests/auth.py | ||
|---|---|---|
| 33 | 33 |
|
| 34 | 34 |
from astakos.im.tests.common import * |
| 35 | 35 |
|
| 36 |
ui_url = lambda url: '/' + astakos_settings.BASE_PATH + '/ui/%s' % url |
|
| 37 |
|
|
| 36 | 38 |
|
| 37 | 39 |
class ShibbolethTests(TestCase): |
| 38 | 40 |
""" |
| ... | ... | |
| 54 | 56 |
|
| 55 | 57 |
# shibboleth views validation |
| 56 | 58 |
# eepn required |
| 57 |
r = client.get('/im/login/shibboleth?', follow=True)
|
|
| 59 |
r = client.get(ui_url('login/shibboleth?'), follow=True)
|
|
| 58 | 60 |
self.assertContains(r, messages.SHIBBOLETH_MISSING_EPPN % {
|
| 59 | 61 |
'domain': astakos_settings.BASE_URL, |
| 60 | 62 |
'contact_email': settings.CONTACT_EMAIL |
| ... | ... | |
| 63 | 65 |
|
| 64 | 66 |
astakos_settings.SHIBBOLETH_REQUIRE_NAME_INFO = True |
| 65 | 67 |
# shibboleth user info required |
| 66 |
r = client.get('/im/login/shibboleth?', follow=True)
|
|
| 68 |
r = client.get(ui_url('login/shibboleth?'), follow=True)
|
|
| 67 | 69 |
self.assertContains(r, messages.SHIBBOLETH_MISSING_NAME) |
| 68 | 70 |
astakos_settings.SHIBBOLETH_REQUIRE_NAME_INFO = False |
| 69 | 71 |
|
| ... | ... | |
| 71 | 73 |
client.set_tokens(mail="kpap@synnefo.org", eppn="kpapeppn", |
| 72 | 74 |
cn="Kostas Papadimitriou", |
| 73 | 75 |
ep_affiliation="Test Affiliation") |
| 74 |
r = client.get('/im/login/shibboleth?', follow=True)
|
|
| 76 |
r = client.get(ui_url('login/shibboleth?'), follow=True)
|
|
| 75 | 77 |
token = PendingThirdPartyUser.objects.get().token |
| 76 |
self.assertRedirects(r, '/im/signup?third_party_token=%s' % token)
|
|
| 78 |
self.assertRedirects(r, ui_url('signup?third_party_token=%s' % token))
|
|
| 77 | 79 |
self.assertEqual(r.status_code, 200) |
| 78 | 80 |
|
| 79 | 81 |
# a new pending user created |
| ... | ... | |
| 86 | 88 |
client.reset_tokens() |
| 87 | 89 |
|
| 88 | 90 |
# this is the old way, it should fail, to avoid pending user take over |
| 89 |
r = client.get('/im/shibboleth/signup/%s' % pending_user.username)
|
|
| 91 |
r = client.get(ui_url('shibboleth/signup/%s' % pending_user.username))
|
|
| 90 | 92 |
self.assertEqual(r.status_code, 404) |
| 91 | 93 |
|
| 92 | 94 |
# this is the signup unique url associated with the pending user |
| 93 | 95 |
# created |
| 94 |
r = client.get('/im/signup/?third_party_token=%s' % token)
|
|
| 96 |
r = client.get(ui_url('signup/?third_party_token=%s' % token))
|
|
| 95 | 97 |
identifier = pending_user.third_party_identifier |
| 96 | 98 |
post_data = {'third_party_identifier': identifier,
|
| 97 | 99 |
'first_name': 'Kostas', |
| ... | ... | |
| 133 | 135 |
# login (not activated yet) |
| 134 | 136 |
client.set_tokens(mail="kpap@synnefo.org", eppn="kpapeppn", |
| 135 | 137 |
cn="Kostas Papadimitriou", ) |
| 136 |
r = client.get("/im/login/shibboleth?", follow=True)
|
|
| 138 |
r = client.get(ui_url("login/shibboleth?"), follow=True)
|
|
| 137 | 139 |
self.assertContains(r, 'is pending moderation') |
| 138 | 140 |
|
| 139 | 141 |
# admin activates the user |
| ... | ... | |
| 146 | 148 |
self.assertEqual(u.is_active, True) |
| 147 | 149 |
|
| 148 | 150 |
# we see our profile |
| 149 |
r = client.get("/im/login/shibboleth?", follow=True)
|
|
| 150 |
self.assertRedirects(r, '/im/landing')
|
|
| 151 |
r = client.get(ui_url("login/shibboleth?"), follow=True)
|
|
| 152 |
self.assertRedirects(r, ui_url('landing'))
|
|
| 151 | 153 |
self.assertEqual(r.status_code, 200) |
| 152 | 154 |
|
| 153 | 155 |
def test_existing(self): |
| ... | ... | |
| 172 | 174 |
# shibboleth logged us in, notice that we use different email |
| 173 | 175 |
client.set_tokens(mail="kpap@shibboleth.gr", eppn="kpapeppn", |
| 174 | 176 |
cn="Kostas Papadimitriou", ) |
| 175 |
r = client.get("/im/login/shibboleth?", follow=True)
|
|
| 177 |
r = client.get(ui_url("login/shibboleth?"), follow=True)
|
|
| 176 | 178 |
|
| 177 | 179 |
# a new pending user created |
| 178 | 180 |
pending_user = PendingThirdPartyUser.objects.get() |
| ... | ... | |
| 180 | 182 |
self.assertEqual(PendingThirdPartyUser.objects.count(), 1) |
| 181 | 183 |
pending_key = pending_user.token |
| 182 | 184 |
client.reset_tokens() |
| 183 |
self.assertRedirects(r, "/im/signup?third_party_token=%s" % token)
|
|
| 185 |
self.assertRedirects(r, ui_url("signup?third_party_token=%s" % token))
|
|
| 184 | 186 |
|
| 185 | 187 |
form = r.context['login_form'] |
| 186 | 188 |
signupdata = copy.copy(form.initial) |
| ... | ... | |
| 190 | 192 |
signupdata.pop('id', None)
|
| 191 | 193 |
|
| 192 | 194 |
# the email exists to another user |
| 193 |
r = client.post("/im/signup", signupdata)
|
|
| 195 |
r = client.post(ui_url("signup"), signupdata)
|
|
| 194 | 196 |
self.assertContains(r, "There is already an account with this email " |
| 195 | 197 |
"address") |
| 196 | 198 |
# change the case, still cannot create |
| 197 | 199 |
signupdata['email'] = 'KPAP@synnefo.org' |
| 198 |
r = client.post("/im/signup", signupdata)
|
|
| 200 |
r = client.post(ui_url("signup"), signupdata)
|
|
| 199 | 201 |
self.assertContains(r, "There is already an account with this email " |
| 200 | 202 |
"address") |
| 201 | 203 |
# inactive user |
| 202 | 204 |
signupdata['email'] = 'KPAP-inactive@synnefo.org' |
| 203 |
r = client.post("/im/signup", signupdata)
|
|
| 205 |
r = client.post(ui_url("signup"), signupdata)
|
|
| 204 | 206 |
self.assertContains(r, "There is already an account with this email " |
| 205 | 207 |
"address") |
| 206 | 208 |
|
| 207 | 209 |
# unverified user, this should pass, old entry will be deleted |
| 208 | 210 |
signupdata['email'] = 'KAPAP-unverified@synnefo.org' |
| 209 |
r = client.post("/im/signup", signupdata)
|
|
| 211 |
r = client.post(ui_url("signup"), signupdata)
|
|
| 210 | 212 |
|
| 211 | 213 |
post_data = {'password': 'password',
|
| 212 | 214 |
'username': 'kpap@synnefo.org'} |
| 213 |
r = client.post('/im/local', post_data, follow=True)
|
|
| 215 |
r = client.post(ui_url('local'), post_data, follow=True)
|
|
| 214 | 216 |
self.assertTrue(r.context['request'].user.is_authenticated()) |
| 215 | 217 |
client.set_tokens(mail="kpap@shibboleth.gr", eppn="kpapeppn", |
| 216 | 218 |
cn="Kostas Papadimitriou", ) |
| 217 |
r = client.get("/im/login/shibboleth?", follow=True)
|
|
| 219 |
r = client.get(ui_url("login/shibboleth?"), follow=True)
|
|
| 218 | 220 |
self.assertContains(r, "enabled for this account") |
| 219 | 221 |
client.reset_tokens() |
| 220 | 222 |
|
| ... | ... | |
| 227 | 229 |
# look Ma, i can login with both my shibboleth and local account |
| 228 | 230 |
client.set_tokens(mail="kpap@shibboleth.gr", eppn="kpapeppn", |
| 229 | 231 |
cn="Kostas Papadimitriou") |
| 230 |
r = client.get("/im/login/shibboleth?", follow=True)
|
|
| 232 |
r = client.get(ui_url("login/shibboleth?"), follow=True)
|
|
| 231 | 233 |
self.assertTrue(r.context['request'].user.is_authenticated()) |
| 232 | 234 |
self.assertTrue(r.context['request'].user.email == "kpap@synnefo.org") |
| 233 |
self.assertRedirects(r, '/im/landing')
|
|
| 235 |
self.assertRedirects(r, ui_url('landing'))
|
|
| 234 | 236 |
self.assertEqual(r.status_code, 200) |
| 235 | 237 |
client.logout() |
| 236 | 238 |
client.reset_tokens() |
| 237 | 239 |
|
| 238 | 240 |
# logged out |
| 239 |
r = client.get("/im/profile", follow=True)
|
|
| 241 |
r = client.get(ui_url("profile"), follow=True)
|
|
| 240 | 242 |
self.assertFalse(r.context['request'].user.is_authenticated()) |
| 241 | 243 |
|
| 242 | 244 |
# login with local account also works |
| 243 | 245 |
post_data = {'password': 'password',
|
| 244 | 246 |
'username': 'kpap@synnefo.org'} |
| 245 |
r = self.client.post('/im/local', post_data, follow=True)
|
|
| 247 |
r = self.client.post(ui_url('local'), post_data, follow=True)
|
|
| 246 | 248 |
self.assertTrue(r.context['request'].user.is_authenticated()) |
| 247 | 249 |
self.assertTrue(r.context['request'].user.email == "kpap@synnefo.org") |
| 248 |
self.assertRedirects(r, '/im/landing')
|
|
| 250 |
self.assertRedirects(r, ui_url('landing'))
|
|
| 249 | 251 |
self.assertEqual(r.status_code, 200) |
| 250 | 252 |
|
| 251 | 253 |
# cannot add the same eppn |
| 252 | 254 |
client.set_tokens(mail="secondary@shibboleth.gr", eppn="kpapeppn", |
| 253 | 255 |
cn="Kostas Papadimitriou", ) |
| 254 |
r = client.get("/im/login/shibboleth?", follow=True)
|
|
| 255 |
self.assertRedirects(r, '/im/landing')
|
|
| 256 |
r = client.get(ui_url("login/shibboleth?"), follow=True)
|
|
| 257 |
self.assertRedirects(r, ui_url('landing'))
|
|
| 256 | 258 |
self.assertTrue(r.status_code, 200) |
| 257 | 259 |
self.assertEquals(existing_user.auth_providers.count(), 2) |
| 258 | 260 |
|
| ... | ... | |
| 260 | 262 |
client.set_tokens(mail="secondary@shibboleth.gr", eppn="kpapeppn2", |
| 261 | 263 |
cn="Kostas Papadimitriou", ep_affiliation="affil2") |
| 262 | 264 |
prov = auth_providers.get_provider('shibboleth')
|
| 263 |
r = client.get("/im/login/shibboleth?", follow=True)
|
|
| 265 |
r = client.get(ui_url("login/shibboleth?"), follow=True)
|
|
| 264 | 266 |
self.assertContains(r, "Failed to add") |
| 265 |
self.assertRedirects(r, '/im/profile')
|
|
| 267 |
self.assertRedirects(r, ui_url('profile'))
|
|
| 266 | 268 |
self.assertTrue(r.status_code, 200) |
| 267 | 269 |
self.assertEquals(existing_user.auth_providers.count(), 2) |
| 268 | 270 |
client.logout() |
| ... | ... | |
| 271 | 273 |
# cannot login with another eppn |
| 272 | 274 |
client.set_tokens(mail="kpap@synnefo.org", eppn="kpapeppninvalid", |
| 273 | 275 |
cn="Kostas Papadimitriou") |
| 274 |
r = client.get("/im/login/shibboleth?", follow=True)
|
|
| 276 |
r = client.get(ui_url("login/shibboleth?"), follow=True)
|
|
| 275 | 277 |
self.assertFalse(r.context['request'].user.is_authenticated()) |
| 276 | 278 |
|
| 277 | 279 |
# cannot |
| ... | ... | |
| 284 | 286 |
'kpapeppn').get_remove_url |
| 285 | 287 |
client.set_tokens(mail="kpap@shibboleth.gr", eppn="kpapeppn", |
| 286 | 288 |
cn="Kostas Papadimtriou") |
| 287 |
r = client.get("/im/login/shibboleth?", follow=True)
|
|
| 289 |
r = client.get(ui_url("login/shibboleth?"), follow=True)
|
|
| 288 | 290 |
client.reset_tokens() |
| 289 | 291 |
|
| 290 | 292 |
# only POST is allowed (for CSRF protection) |
| ... | ... | |
| 302 | 304 |
# cannot login using local credentials (notice we use another client) |
| 303 | 305 |
post_data = {'password': 'password',
|
| 304 | 306 |
'username': 'kpap@synnefo.org'} |
| 305 |
r = self.client.post('/im/local', post_data, follow=True)
|
|
| 307 |
r = self.client.post(ui_url('local'), post_data, follow=True)
|
|
| 306 | 308 |
self.assertFalse(r.context['request'].user.is_authenticated()) |
| 307 | 309 |
|
| 308 | 310 |
# we can reenable the local provider by setting a password |
| 309 |
r = client.get("/im/password_change", follow=True)
|
|
| 310 |
r = client.post("/im/password_change", {'new_password1': '111',
|
|
| 311 |
r = client.get(ui_url("password_change"), follow=True)
|
|
| 312 |
r = client.post(ui_url("password_change"), {'new_password1': '111',
|
|
| 311 | 313 |
'new_password2': '111'}, |
| 312 | 314 |
follow=True) |
| 313 | 315 |
user = r.context['request'].user |
| ... | ... | |
| 320 | 322 |
# now we can login |
| 321 | 323 |
post_data = {'password': '111',
|
| 322 | 324 |
'username': 'kpap@synnefo.org'} |
| 323 |
r = self.client.post('/im/local', post_data, follow=True)
|
|
| 325 |
r = self.client.post(ui_url('local'), post_data, follow=True)
|
|
| 324 | 326 |
self.assertTrue(r.context['request'].user.is_authenticated()) |
| 325 | 327 |
|
| 326 | 328 |
client.reset_tokens() |
| ... | ... | |
| 331 | 333 |
# login |
| 332 | 334 |
client.set_tokens(mail="kpap@shibboleth.gr", eppn="kpapeppn", |
| 333 | 335 |
cn="Kostas Papadimitriou") |
| 334 |
r = client.get("/im/login/shibboleth?", follow=True)
|
|
| 336 |
r = client.get(ui_url("login/shibboleth?"), follow=True)
|
|
| 335 | 337 |
# try to assign existing shibboleth identifier of another user |
| 336 | 338 |
client.set_tokens(mail="kpap_second@shibboleth.gr", |
| 337 | 339 |
eppn="existingeppn", cn="Kostas Papadimitriou") |
| 338 |
r = client.get("/im/login/shibboleth?", follow=True)
|
|
| 340 |
r = client.get(ui_url("login/shibboleth?"), follow=True)
|
|
| 339 | 341 |
self.assertContains(r, "is already in use") |
| 340 | 342 |
|
| 341 | 343 |
|
| ... | ... | |
| 356 | 358 |
astakos_settings.MODERATION_ENABLED = False |
| 357 | 359 |
|
| 358 | 360 |
# create a new user |
| 359 |
r = self.client.get("/im/signup")
|
|
| 361 |
r = self.client.get(ui_url("signup"))
|
|
| 360 | 362 |
self.assertEqual(r.status_code, 200) |
| 361 | 363 |
data = {'email': 'kpap@synnefo.org', 'password1': 'password',
|
| 362 | 364 |
'password2': 'password', 'first_name': 'Kostas', |
| 363 | 365 |
'last_name': 'Mitroglou', 'provider': 'local'} |
| 364 |
r = self.client.post("/im/signup", data)
|
|
| 366 |
r = self.client.post(ui_url("signup"), data)
|
|
| 365 | 367 |
|
| 366 | 368 |
# user created |
| 367 | 369 |
self.assertEqual(AstakosUser.objects.count(), 1) |
| ... | ... | |
| 417 | 419 |
self.helpdesk_email = astakos_settings.HELPDESK[0][1] |
| 418 | 420 |
|
| 419 | 421 |
# create a user |
| 420 |
r = self.client.get("/im/signup")
|
|
| 422 |
r = self.client.get(ui_url("signup"))
|
|
| 421 | 423 |
self.assertEqual(r.status_code, 200) |
| 422 | 424 |
data = {'email': 'kpap@synnefo.org', 'password1': 'password',
|
| 423 | 425 |
'password2': 'password', 'first_name': 'Kostas', |
| 424 | 426 |
'last_name': 'Mitroglou', 'provider': 'local'} |
| 425 |
r = self.client.post("/im/signup", data)
|
|
| 427 |
r = self.client.post(ui_url("signup"), data)
|
|
| 426 | 428 |
|
| 427 | 429 |
# user created |
| 428 | 430 |
self.assertEqual(AstakosUser.objects.count(), 1) |
| ... | ... | |
| 438 | 440 |
|
| 439 | 441 |
# admin gets notified and activates the user from the command line |
| 440 | 442 |
self.assertEqual(len(get_mailbox('kpap@synnefo.org')), 1)
|
| 441 |
r = self.client.post('/im/local', {'username': 'kpap@synnefo.org',
|
|
| 443 |
r = self.client.post(ui_url('local'), {'username': 'kpap@synnefo.org',
|
|
| 442 | 444 |
'password': 'password'}, |
| 443 | 445 |
follow=True) |
| 444 | 446 |
self.assertContains(r, messages.VERIFICATION_SENT) |
| ... | ... | |
| 459 | 461 |
data = {'email': 'KPAP@synnefo.org', 'password1': 'password',
|
| 460 | 462 |
'password2': 'password', 'first_name': 'Kostas', |
| 461 | 463 |
'last_name': 'Mitroglou', 'provider': 'local'} |
| 462 |
r = self.client.post("/im/signup", data, follow=True)
|
|
| 464 |
r = self.client.post(ui_url("signup"), data, follow=True)
|
|
| 463 | 465 |
self.assertRedirects(r, reverse('index'))
|
| 464 | 466 |
self.assertContains(r, messages.VERIFICATION_SENT) |
| 465 | 467 |
|
| ... | ... | |
| 471 | 473 |
self.assertEqual(len(get_mailbox('KPAP@synnefo.org')), 1)
|
| 472 | 474 |
|
| 473 | 475 |
# hmmm, email exists; lets request a password change |
| 474 |
r = self.client.get('/im/local/password_reset')
|
|
| 476 |
r = self.client.get(ui_url('local/password_reset'))
|
|
| 475 | 477 |
self.assertEqual(r.status_code, 200) |
| 476 | 478 |
data = {'email': 'kpap@synnefo.org'}
|
| 477 |
r = self.client.post('/im/local/password_reset', data, follow=True)
|
|
| 479 |
r = self.client.post(ui_url('local/password_reset'), data, follow=True)
|
|
| 478 | 480 |
# she can't because account is not active yet |
| 479 | 481 |
self.assertContains(r, 'pending activation') |
| 480 | 482 |
|
| 481 | 483 |
# moderation is enabled and an activation email has already been sent |
| 482 | 484 |
# so user can trigger resend of the activation email |
| 483 |
r = self.client.get('/im/send/activation/%d' % user.pk, follow=True)
|
|
| 485 |
r = self.client.get(ui_url('send/activation/%d' % user.pk),
|
|
| 486 |
follow=True) |
|
| 484 | 487 |
self.assertContains(r, 'has been sent to your email address.') |
| 485 | 488 |
self.assertEqual(len(get_mailbox('KPAP@synnefo.org')), 2)
|
| 486 | 489 |
|
| 487 | 490 |
# also she cannot login |
| 488 | 491 |
data = {'username': 'kpap@synnefo.org', 'password': 'password'}
|
| 489 |
r = self.client.post('/im/local', data, follow=True)
|
|
| 492 |
r = self.client.post(ui_url('local'), data, follow=True)
|
|
| 490 | 493 |
self.assertContains(r, 'Resend activation') |
| 491 | 494 |
self.assertFalse(r.context['request'].user.is_authenticated()) |
| 492 | 495 |
self.assertFalse('_pithos2_a' in self.client.cookies)
|
| 493 | 496 |
|
| 494 | 497 |
# user sees the message and resends activation |
| 495 |
r = self.client.get('/im/send/activation/%d' % user.pk, follow=True)
|
|
| 498 |
r = self.client.get(ui_url('send/activation/%d' % user.pk),
|
|
| 499 |
follow=True) |
|
| 496 | 500 |
self.assertEqual(len(get_mailbox('KPAP@synnefo.org')), 3)
|
| 497 | 501 |
|
| 498 | 502 |
# logged in user cannot activate another account |
| ... | ... | |
| 522 | 526 |
self.assertEqual(len(get_mailbox(self.helpdesk_email)), 2) |
| 523 | 527 |
|
| 524 | 528 |
user = AstakosUser.objects.get(email="KPAP@synnefo.org") |
| 525 |
r = self.client.get('/im/profile', follow=True)
|
|
| 529 |
r = self.client.get(ui_url('profile'), follow=True)
|
|
| 526 | 530 |
self.assertFalse(r.context['request'].user.is_authenticated()) |
| 527 | 531 |
self.assertFalse('_pithos2_a' in self.client.cookies)
|
| 528 | 532 |
self.assertEqual(len(get_mailbox('KPAP@synnefo.org')), 4)
|
| 529 | 533 |
|
| 530 | 534 |
user = AstakosUser.objects.get(pk=user.pk) |
| 531 |
r = self.client.post('/im/local', {'username': 'kpap@synnefo.org',
|
|
| 532 |
'password': 'password'}, |
|
| 535 |
r = self.client.post(ui_url('local'), {'username': 'kpap@synnefo.org',
|
|
| 536 |
'password': 'password'},
|
|
| 533 | 537 |
follow=True) |
| 534 | 538 |
# user activated and logged in, token cookie set |
| 535 | 539 |
self.assertTrue(r.context['request'].user.is_authenticated()) |
| ... | ... | |
| 537 | 541 |
cookies = self.client.cookies |
| 538 | 542 |
self.assertTrue(quote(user.auth_token) in |
| 539 | 543 |
cookies.get('_pithos2_a').value)
|
| 540 |
r = self.client.get('/im/logout', follow=True)
|
|
| 541 |
r = self.client.get('/im/')
|
|
| 544 |
r = self.client.get(ui_url('logout'), follow=True)
|
|
| 545 |
r = self.client.get(ui_url(''))
|
|
| 542 | 546 |
# user logged out, token cookie removed |
| 543 | 547 |
self.assertFalse(r.context['request'].user.is_authenticated()) |
| 544 | 548 |
self.assertFalse(self.client.cookies.get('_pithos2_a').value)
|
| ... | ... | |
| 547 | 551 |
del self.client.cookies['_pithos2_a'] |
| 548 | 552 |
|
| 549 | 553 |
# user can login |
| 550 |
r = self.client.post('/im/local', {'username': 'kpap@synnefo.org',
|
|
| 551 |
'password': 'password'}, |
|
| 554 |
r = self.client.post(ui_url('local'), {'username': 'kpap@synnefo.org',
|
|
| 555 |
'password': 'password'},
|
|
| 552 | 556 |
follow=True) |
| 553 | 557 |
self.assertTrue(r.context['request'].user.is_authenticated()) |
| 554 | 558 |
self.assertTrue('_pithos2_a' in self.client.cookies)
|
| 555 | 559 |
cookies = self.client.cookies |
| 556 | 560 |
self.assertTrue(quote(user.auth_token) in |
| 557 | 561 |
cookies.get('_pithos2_a').value)
|
| 558 |
self.client.get('/im/logout', follow=True)
|
|
| 562 |
self.client.get(ui_url('logout'), follow=True)
|
|
| 559 | 563 |
|
| 560 | 564 |
# user forgot password |
| 561 | 565 |
old_pass = user.password |
| 562 |
r = self.client.get('/im/local/password_reset')
|
|
| 566 |
r = self.client.get(ui_url('local/password_reset'))
|
|
| 563 | 567 |
self.assertEqual(r.status_code, 200) |
| 564 |
r = self.client.post('/im/local/password_reset', {'email':
|
|
| 565 |
'kpap@synnefo.org'})
|
|
| 568 |
r = self.client.post(ui_url('local/password_reset'),
|
|
| 569 |
{'email': 'kpap@synnefo.org'})
|
|
| 566 | 570 |
self.assertEqual(r.status_code, 302) |
| 567 | 571 |
# email sent |
| 568 | 572 |
self.assertEqual(len(get_mailbox('KPAP@synnefo.org')), 5)
|
| ... | ... | |
| 578 | 582 |
self.assertNotEqual(old_pass, user.password) |
| 579 | 583 |
|
| 580 | 584 |
# old pass is not usable |
| 581 |
r = self.client.post('/im/local', {'username': 'kpap@synnefo.org',
|
|
| 582 |
'password': 'password'}) |
|
| 585 |
r = self.client.post(ui_url('local'), {'username': 'kpap@synnefo.org',
|
|
| 586 |
'password': 'password'})
|
|
| 583 | 587 |
self.assertContains(r, 'Please enter a correct username and password') |
| 584 |
r = self.client.post('/im/local', {'username': 'kpap@synnefo.org',
|
|
| 585 |
'password': 'newpass'}, |
|
| 588 |
r = self.client.post(ui_url('local'), {'username': 'kpap@synnefo.org',
|
|
| 589 |
'password': 'newpass'},
|
|
| 586 | 590 |
follow=True) |
| 587 | 591 |
self.assertTrue(r.context['request'].user.is_authenticated()) |
| 588 | 592 |
self.client.logout() |
| ... | ... | |
| 593 | 597 |
user.save() |
| 594 | 598 |
|
| 595 | 599 |
# non astakos local backends do not support password reset |
| 596 |
r = self.client.get('/im/local/password_reset')
|
|
| 600 |
r = self.client.get(ui_url('local/password_reset'))
|
|
| 597 | 601 |
self.assertEqual(r.status_code, 200) |
| 598 |
r = self.client.post('/im/local/password_reset', {'email':
|
|
| 599 |
'kpap@synnefo.org'})
|
|
| 602 |
r = self.client.post(ui_url('local/password_reset'),
|
|
| 603 |
{'email': 'kpap@synnefo.org'})
|
|
| 600 | 604 |
# she can't because account is not active yet |
| 601 | 605 |
self.assertContains(r, "Changing password is not") |
| 602 | 606 |
|
| ... | ... | |
| 612 | 616 |
|
| 613 | 617 |
# login as kpap |
| 614 | 618 |
self.client.login(username='kpap@synnefo.org', password='password') |
| 615 |
r = self.client.get('/im/profile', follow=True)
|
|
| 619 |
r = self.client.get(ui_url('profile'), follow=True)
|
|
| 616 | 620 |
user = r.context['request'].user |
| 617 | 621 |
self.assertTrue(user.is_authenticated()) |
| 618 | 622 |
|
| 619 | 623 |
# change email is enabled |
| 620 |
r = self.client.get('/im/email_change')
|
|
| 624 |
r = self.client.get(ui_url('email_change'))
|
|
| 621 | 625 |
self.assertEqual(r.status_code, 200) |
| 622 | 626 |
self.assertFalse(user.email_change_is_pending()) |
| 623 | 627 |
|
| 624 | 628 |
# request email change to an existing email fails |
| 625 | 629 |
data = {'new_email_address': 'existing@synnefo.org'}
|
| 626 |
r = self.client.post('/im/email_change', data)
|
|
| 630 |
r = self.client.post(ui_url('email_change'), data)
|
|
| 627 | 631 |
self.assertContains(r, messages.EMAIL_USED) |
| 628 | 632 |
|
| 629 | 633 |
# proper email change |
| 630 | 634 |
data = {'new_email_address': 'kpap@gmail.com'}
|
| 631 |
r = self.client.post('/im/email_change', data, follow=True)
|
|
| 632 |
self.assertRedirects(r, '/im/profile')
|
|
| 635 |
r = self.client.post(ui_url('email_change'), data, follow=True)
|
|
| 636 |
self.assertRedirects(r, ui_url('profile'))
|
|
| 633 | 637 |
self.assertContains(r, messages.EMAIL_CHANGE_REGISTERED) |
| 634 | 638 |
change1 = EmailChange.objects.get() |
| 635 | 639 |
|
| 636 | 640 |
# user sees a warning |
| 637 |
r = self.client.get('/im/email_change')
|
|
| 641 |
r = self.client.get(ui_url('email_change'))
|
|
| 638 | 642 |
self.assertEqual(r.status_code, 200) |
| 639 | 643 |
self.assertContains(r, messages.PENDING_EMAIL_CHANGE_REQUEST) |
| 640 | 644 |
self.assertTrue(user.email_change_is_pending()) |
| ... | ... | |
| 645 | 649 |
|
| 646 | 650 |
# proper email change |
| 647 | 651 |
data = {'new_email_address': 'kpap@yahoo.com'}
|
| 648 |
r = self.client.post('/im/email_change', data, follow=True)
|
|
| 649 |
self.assertRedirects(r, '/im/profile')
|
|
| 652 |
r = self.client.post(ui_url('email_change'), data, follow=True)
|
|
| 653 |
self.assertRedirects(r, ui_url('profile'))
|
|
| 650 | 654 |
self.assertContains(r, messages.EMAIL_CHANGE_REGISTERED) |
| 651 | 655 |
self.assertEqual(len(get_mailbox('kpap@synnefo.org')), 0)
|
| 652 | 656 |
self.assertEqual(len(get_mailbox('kpap@yahoo.com')), 1)
|
| ... | ... | |
| 657 | 661 |
self.client.logout() |
| 658 | 662 |
|
| 659 | 663 |
invalid_client = Client() |
| 660 |
r = invalid_client.post('/im/local?',
|
|
| 664 |
r = invalid_client.post(ui_url('local?'),
|
|
| 661 | 665 |
{'username': 'existing@synnefo.org',
|
| 662 | 666 |
'password': 'password'}) |
| 663 | 667 |
r = invalid_client.get(change2.get_url(), follow=True) |
| 664 | 668 |
self.assertEquals(r.status_code, 403) |
| 665 | 669 |
|
| 666 |
r = self.client.post('/im/local?next=' + change2.get_url(),
|
|
| 670 |
r = self.client.post(ui_url('local?next=' + change2.get_url()),
|
|
| 667 | 671 |
{'username': 'kpap@synnefo.org',
|
| 668 | 672 |
'password': 'password', |
| 669 | 673 |
'next': change2.get_url()}, |
| 670 | 674 |
follow=True) |
| 671 |
self.assertRedirects(r, '/im/profile')
|
|
| 675 |
self.assertRedirects(r, ui_url('profile'))
|
|
| 672 | 676 |
user = r.context['request'].user |
| 673 | 677 |
self.assertEquals(user.email, 'kpap@yahoo.com') |
| 674 | 678 |
self.assertEquals(user.username, 'kpap@yahoo.com') |
| 675 | 679 |
|
| 676 | 680 |
self.client.logout() |
| 677 |
r = self.client.post('/im/local?next=' + change2.get_url(),
|
|
| 681 |
r = self.client.post(ui_url('local?next=' + change2.get_url()),
|
|
| 678 | 682 |
{'username': 'kpap@synnefo.org',
|
| 679 | 683 |
'password': 'password', |
| 680 | 684 |
'next': change2.get_url()}, |
| ... | ... | |
| 682 | 686 |
self.assertContains(r, "Please enter a correct username and password") |
| 683 | 687 |
self.assertEqual(user.emailchanges.count(), 0) |
| 684 | 688 |
|
| 689 |
AstakosUser.objects.all().delete() |
|
| 690 |
Group.objects.all().delete() |
|
| 691 |
|
|
| 685 | 692 |
|
| 686 | 693 |
class TestAuthProviderViews(TestCase): |
| 687 | 694 |
|
| ... | ... | |
| 719 | 726 |
# new academic user |
| 720 | 727 |
self.assertFalse(academic_users.filter(email='newuser@synnefo.org')) |
| 721 | 728 |
cl_newuser.set_tokens(eppn="newusereppn") |
| 722 |
r = cl_newuser.get('/im/login/shibboleth?', follow=True)
|
|
| 729 |
r = cl_newuser.get(ui_url('login/shibboleth?'), follow=True)
|
|
| 723 | 730 |
pending = Pending.objects.get() |
| 724 | 731 |
identifier = pending.third_party_identifier |
| 725 | 732 |
signup_data = {'third_party_identifier': identifier,
|
| ... | ... | |
| 727 | 734 |
'third_party_token': pending.token, |
| 728 | 735 |
'last_name': 'New User', |
| 729 | 736 |
'provider': 'shibboleth'} |
| 730 |
r = cl_newuser.post('/im/signup', signup_data)
|
|
| 737 |
r = cl_newuser.post(ui_url('signup'), signup_data)
|
|
| 731 | 738 |
self.assertContains(r, "This field is required", ) |
| 732 | 739 |
signup_data['email'] = 'olduser@synnefo.org' |
| 733 |
r = cl_newuser.post('/im/signup', signup_data)
|
|
| 740 |
r = cl_newuser.post(ui_url('signup'), signup_data)
|
|
| 734 | 741 |
self.assertContains(r, "already an account with this email", ) |
| 735 | 742 |
signup_data['email'] = 'newuser@synnefo.org' |
| 736 |
r = cl_newuser.post('/im/signup', signup_data, follow=True)
|
|
| 737 |
r = cl_newuser.post('/im/signup', signup_data, follow=True)
|
|
| 743 |
r = cl_newuser.post(ui_url('signup'), signup_data, follow=True)
|
|
| 744 |
r = cl_newuser.post(ui_url('signup'), signup_data, follow=True)
|
|
| 738 | 745 |
self.assertEqual(r.status_code, 404) |
| 739 | 746 |
newuser = User.objects.get(email="newuser@synnefo.org") |
| 740 | 747 |
activation_link = newuser.get_activation_url() |
| ... | ... | |
| 747 | 754 |
'password1': 'password', |
| 748 | 755 |
'password2': 'password'} |
| 749 | 756 |
signup_data['email'] = 'olduser@synnefo.org' |
| 750 |
r = cl_newuser2.post('/im/signup', signup_data)
|
|
| 757 |
r = cl_newuser2.post(ui_url('signup'), signup_data)
|
|
| 751 | 758 |
self.assertContains(r, 'There is already an account with this ' |
| 752 | 759 |
'email address') |
| 753 | 760 |
signup_data['email'] = 'newuser@synnefo.org' |
| 754 |
r = cl_newuser2.post('/im/signup/', signup_data)
|
|
| 761 |
r = cl_newuser2.post(ui_url('signup/'), signup_data)
|
|
| 755 | 762 |
self.assertFalse(academic_users.filter(email='newuser@synnefo.org')) |
| 756 | 763 |
r = self.client.get(activation_link, follow=True) |
| 757 | 764 |
self.assertEqual(r.status_code, 404) |
| ... | ... | |
| 761 | 768 |
# activation sent, user didn't open verification url so additional |
| 762 | 769 |
# registrations invalidate the previous signups. |
| 763 | 770 |
self.assertFalse(academic_users.filter(email='newuser@synnefo.org')) |
| 764 |
r = cl_newuser.get('/im/login/shibboleth?', follow=True)
|
|
| 771 |
r = cl_newuser.get(ui_url('login/shibboleth?'), follow=True)
|
|
| 765 | 772 |
pending = Pending.objects.get() |
| 766 | 773 |
identifier = pending.third_party_identifier |
| 767 | 774 |
signup_data = {'third_party_identifier': identifier,
|
| ... | ... | |
| 770 | 777 |
'last_name': 'New User', |
| 771 | 778 |
'provider': 'shibboleth'} |
| 772 | 779 |
signup_data['email'] = 'newuser@synnefo.org' |
| 773 |
r = cl_newuser.post('/im/signup', signup_data)
|
|
| 780 |
r = cl_newuser.post(ui_url('signup'), signup_data)
|
|
| 774 | 781 |
self.assertEqual(r.status_code, 302) |
| 775 | 782 |
newuser = User.objects.get(email="newuser@synnefo.org") |
| 776 | 783 |
self.assertTrue(newuser.activation_sent) |
| 777 | 784 |
activation_link = newuser.get_activation_url() |
| 778 | 785 |
self.assertTrue(academic_users.get(email='newuser@synnefo.org')) |
| 779 | 786 |
r = cl_newuser.get(newuser.get_activation_url(), follow=True) |
| 780 |
self.assertRedirects(r, '/im/landing')
|
|
| 787 |
self.assertRedirects(r, ui_url('landing'))
|
|
| 781 | 788 |
newuser = User.objects.get(email="newuser@synnefo.org") |
| 782 | 789 |
self.assertEqual(newuser.is_active, True) |
| 783 | 790 |
self.assertEqual(newuser.email_verified, True) |
| ... | ... | |
| 794 | 801 |
newuser.is_active = True |
| 795 | 802 |
newuser.save() |
| 796 | 803 |
|
| 797 |
cl_newuser.get('/im/login/shibboleth?', follow=True)
|
|
| 804 |
cl_newuser.get(ui_url('login/shibboleth?'), follow=True)
|
|
| 798 | 805 |
local = auth.get_provider('local', newuser)
|
| 799 | 806 |
self.assertEqual(local.get_add_policy, False) |
| 800 | 807 |
self.assertEqual(local.get_login_policy, False) |
| 801 | 808 |
r = cl_newuser.get(local.get_add_url, follow=True) |
| 802 |
self.assertRedirects(r, '/im/profile')
|
|
| 809 |
self.assertRedirects(r, ui_url('profile'))
|
|
| 803 | 810 |
self.assertContains(r, 'disabled for your') |
| 804 | 811 |
|
| 805 | 812 |
cl_olduser.login(username='olduser@synnefo.org', password="password") |
| 806 |
r = cl_olduser.get('/im/profile', follow=True)
|
|
| 813 |
r = cl_olduser.get(ui_url('profile'), follow=True)
|
|
| 807 | 814 |
self.assertEqual(r.status_code, 200) |
| 808 |
r = cl_olduser.get('/im/login/shibboleth?', follow=True)
|
|
| 815 |
r = cl_olduser.get(ui_url('login/shibboleth?'), follow=True)
|
|
| 809 | 816 |
self.assertContains(r, 'Your request is missing a unique token') |
| 810 | 817 |
cl_olduser.set_tokens(eppn="newusereppn") |
| 811 |
r = cl_olduser.get('/im/login/shibboleth?', follow=True)
|
|
| 818 |
r = cl_olduser.get(ui_url('login/shibboleth?'), follow=True)
|
|
| 812 | 819 |
self.assertContains(r, 'already in use') |
| 813 | 820 |
cl_olduser.set_tokens(eppn="oldusereppn") |
| 814 |
r = cl_olduser.get('/im/login/shibboleth?', follow=True)
|
|
| 821 |
r = cl_olduser.get(ui_url('login/shibboleth?'), follow=True)
|
|
| 815 | 822 |
self.assertContains(r, 'Academic login enabled for this account') |
| 816 | 823 |
|
| 817 | 824 |
user = User.objects.get(email="olduser@synnefo.org") |
| ... | ... | |
| 834 | 841 |
cl_olduser.logout() |
| 835 | 842 |
login_data = {'username': 'olduser@synnefo.org',
|
| 836 | 843 |
'password': 'password'} |
| 837 |
r = cl_olduser.post('/im/local', login_data, follow=True)
|
|
| 838 |
self.assertContains(r, "href='/im/login/shibboleth'>Academic login")
|
|
| 844 |
r = cl_olduser.post(ui_url('local'), login_data, follow=True)
|
|
| 845 |
self.assertContains(r, "login/shibboleth'>Academic login") |
|
| 839 | 846 |
Group.objects.all().delete() |
| 840 | 847 |
|
| 841 | 848 |
|
| ... | ... | |
| 1111 | 1118 |
|
| 1112 | 1119 |
def setUp(self): |
| 1113 | 1120 |
# dummy call to pass through logging middleware |
| 1114 |
self.client.get('/im/')
|
|
| 1121 |
self.client.get(ui_url(''))
|
|
| 1115 | 1122 |
|
| 1116 | 1123 |
@im_settings(RE_USER_EMAIL_PATTERNS=['.*@synnefo.org']) |
| 1117 | 1124 |
@shibboleth_settings(AUTOMODERATE_POLICY=True) |
Also available in: Unified diff