diff --git a/src/tests/control/test_auth.py b/src/tests/control/test_auth.py index 510160595d..5695f61397 100644 --- a/src/tests/control/test_auth.py +++ b/src/tests/control/test_auth.py @@ -32,25 +32,19 @@ class LoginFormBrowserTest(BrowserTest): class LoginFormTest(TestCase): - """ - This test case tests various methods around the properties / - variations concept. - """ def setUp(self): self.user = User.objects.create_user('dummy@dummy.dummy', 'dummy') def test_wrong_credentials(self): - c = Client() - response = c.post('/control/login', { + response = self.client.post('/control/login', { 'email': 'dummy@dummy.dummy', 'password': 'foo', }) self.assertEqual(response.status_code, 200) def test_correct_credentials(self): - c = Client() - response = c.post('/control/login', { + response = self.client.post('/control/login', { 'email': 'dummy@dummy.dummy', 'password': 'dummy', }) @@ -60,16 +54,14 @@ class LoginFormTest(TestCase): self.user.is_active = False self.user.save() - c = Client() - response = c.post('/control/login', { + response = self.client.post('/control/login', { 'email': 'dummy@dummy.dummy', 'password': 'dummy', }) self.assertEqual(response.status_code, 200) def test_redirect(self): - c = Client() - response = c.post('/control/login?next=/control/events/', { + response = self.client.post('/control/login?next=/control/events/', { 'email': 'dummy@dummy.dummy', 'password': 'dummy', }) @@ -77,31 +69,57 @@ class LoginFormTest(TestCase): self.assertIn('/control/events/', response['Location']) def test_logged_in(self): - c = Client() - response = c.post('/control/login?next=/control/events/', { + response = self.client.post('/control/login?next=/control/events/', { 'email': 'dummy@dummy.dummy', 'password': 'dummy', }) self.assertEqual(response.status_code, 302) self.assertIn('/control/events/', response['Location']) - response = c.get('/control/login') + response = self.client.get('/control/login') self.assertEqual(response.status_code, 302) - response = c.get('/control/login?next=/control/events/') + response = self.client.get('/control/login?next=/control/events/') self.assertEqual(response.status_code, 302) self.assertIn('/control/events/', response['Location']) def test_logout(self): - c = Client() - response = c.post('/control/login', { + response = self.client.post('/control/login', { 'email': 'dummy@dummy.dummy', 'password': 'dummy', }) self.assertEqual(response.status_code, 302) - response = c.get('/control/logout') + response = self.client.get('/control/logout') self.assertEqual(response.status_code, 302) - response = c.get('/control/login') + response = self.client.get('/control/login') self.assertEqual(response.status_code, 200) + + +class RegistrationFormTest(TestCase): + + def test_different_passwords(self): + response = self.client.post('/control/register', { + 'email': 'dummy@dummy.dummy', + 'password': 'foo', + 'password_repeat': 'foobar' + }) + self.assertEqual(response.status_code, 200) + + def test_email_duplicate(self): + self.user = User.objects.create_user('dummy@dummy.dummy', 'dummy') + response = self.client.post('/control/register', { + 'email': 'dummy@dummy.dummy', + 'password': 'foo', + 'password_repeat': 'foo' + }) + self.assertEqual(response.status_code, 200) + + def test_success(self): + response = self.client.post('/control/register', { + 'email': 'dummy@dummy.dummy', + 'password': 'foo', + 'password_repeat': 'foo' + }) + self.assertEqual(response.status_code, 302) diff --git a/src/tests/presale/test_event.py b/src/tests/presale/test_event.py index db5347aaee..d424bd1495 100644 --- a/src/tests/presale/test_event.py +++ b/src/tests/presale/test_event.py @@ -140,54 +140,6 @@ class ItemDisplayTest(EventTestMixin, BrowserTest): self.driver.find_elements_by_css_selector("section:nth-of-type(1) div.variation")[1].text) -class LoginTest(EventTestMixin, TestCase): - - def setUp(self): - super().setUp() - self.user = User.objects.create_user('demo@demo.dummy', 'demo') - - def test_login_invalid(self): - response = self.client.post( - '/%s/%s/login' % (self.orga.slug, self.event.slug), - { - 'form': 'login', - 'email': 'demo@demo.foo', - 'password': 'bar' - } - ) - self.assertEqual(response.status_code, 200) - self.assertIn('alert-danger', response.rendered_content) - - def test_login_valid(self): - response = self.client.post( - '/%s/%s/login' % (self.orga.slug, self.event.slug), - { - 'form': 'login', - 'email': 'demo@demo.dummy', - 'password': 'demo' - } - ) - self.assertEqual(response.status_code, 302) - - def test_login_already_logged_in(self): - self.assertTrue(self.client.login(email='demo@demo.dummy', password='demo')) - response = self.client.get( - '/%s/%s/login' % (self.orga.slug, self.event.slug), - ) - self.assertEqual(response.status_code, 302) - - def test_logout(self): - self.assertTrue(self.client.login(email='demo@demo.dummy', password='demo')) - response = self.client.get( - '/%s/%s/logout' % (self.orga.slug, self.event.slug), - ) - self.assertEqual(response.status_code, 302) - response = self.client.get( - '/%s/%s/login' % (self.orga.slug, self.event.slug), - ) - self.assertEqual(response.status_code, 200) - - class DeadlineTest(EventTestMixin, TestCase): def setUp(self): diff --git a/src/tests/presale/test_event_auth.py b/src/tests/presale/test_event_auth.py new file mode 100644 index 0000000000..3f363eb30f --- /dev/null +++ b/src/tests/presale/test_event_auth.py @@ -0,0 +1,215 @@ +from datetime import date, timedelta + +from django.conf import settings +from django.contrib.auth.tokens import ( + PasswordResetTokenGenerator, default_token_generator, +) +from django.core import mail as djmail +from django.test import TestCase +from tests.presale.test_event import EventTestMixin + +from pretix.base.models import User + + +class LoginTest(EventTestMixin, TestCase): + def setUp(self): + super().setUp() + self.user = User.objects.create_user('demo@demo.dummy', 'demo') + + def test_login_invalid(self): + response = self.client.post( + '/%s/%s/login' % (self.orga.slug, self.event.slug), + { + 'form': 'login', + 'email': 'demo@demo.foo', + 'password': 'bar' + } + ) + self.assertEqual(response.status_code, 200) + self.assertIn('alert-danger', response.rendered_content) + + def test_login_valid(self): + response = self.client.post( + '/%s/%s/login' % (self.orga.slug, self.event.slug), + { + 'form': 'login', + 'email': 'demo@demo.dummy', + 'password': 'demo' + } + ) + self.assertEqual(response.status_code, 302) + + def test_login_already_logged_in(self): + self.assertTrue(self.client.login(email='demo@demo.dummy', password='demo')) + response = self.client.get( + '/%s/%s/login' % (self.orga.slug, self.event.slug), + ) + self.assertEqual(response.status_code, 302) + + def test_logout(self): + self.assertTrue(self.client.login(email='demo@demo.dummy', password='demo')) + response = self.client.get( + '/%s/%s/logout' % (self.orga.slug, self.event.slug), + ) + self.assertEqual(response.status_code, 302) + response = self.client.get( + '/%s/%s/login' % (self.orga.slug, self.event.slug), + ) + self.assertEqual(response.status_code, 200) + + +class RegistrationFormTest(EventTestMixin, TestCase): + def test_different_passwords(self): + response = self.client.post('/%s/%s/login' % (self.orga.slug, self.event.slug), { + 'form': 'registration', + 'email': 'dummy@dummy.dummy', + 'password': 'foo', + 'password_repeat': 'foobar' + }) + self.assertEqual(response.status_code, 200) + + def test_email_duplicate(self): + self.user = User.objects.create_user('dummy@dummy.dummy', 'dummy') + response = self.client.post('/%s/%s/login' % (self.orga.slug, self.event.slug), { + 'form': 'registration', + 'email': 'dummy@dummy.dummy', + 'password': 'foo', + 'password_repeat': 'foo' + }) + self.assertEqual(response.status_code, 200) + + def test_success(self): + response = self.client.post('/%s/%s/login' % (self.orga.slug, self.event.slug), { + 'form': 'registration', + 'email': 'dummy@dummy.dummy', + 'password': 'foo', + 'password_repeat': 'foo' + }) + self.assertEqual(response.status_code, 302) + + +class PasswordRecoveryFormTest(EventTestMixin, TestCase): + def setUp(self): + super().setUp() + self.user = User.objects.create_user('demo@demo.dummy', 'demo') + + def test_unknown(self): + response = self.client.post('/%s/%s/forgot' % (self.orga.slug, self.event.slug), { + 'email': 'dummy@dummy.dummy', + }) + self.assertEqual(response.status_code, 200) + + def test_email_sent(self): + djmail.outbox = [] + + response = self.client.post('/%s/%s/forgot' % (self.orga.slug, self.event.slug), { + 'email': 'demo@demo.dummy', + }) + self.assertEqual(response.status_code, 302) + + assert len(djmail.outbox) == 1 + assert djmail.outbox[0].to == [self.user.email] + assert "recover?id=%d&token=" % self.user.id in djmail.outbox[0].body + + def test_recovery_unknown_user(self): + response = self.client.get('/%s/%s/forgot/recover?id=0&token=foo' % (self.orga.slug, self.event.slug)) + self.assertEqual(response.status_code, 302) + response = self.client.post( + '/%s/%s/forgot/recover?id=0&token=foo' % (self.orga.slug, self.event.slug), + { + 'password': 'foobar', + 'password_repeat': 'foobar' + } + ) + self.assertEqual(response.status_code, 302) + self.user = User.objects.get(id=self.user.id) + self.assertTrue(self.user.check_password('demo')) + + def test_recovery_invalid_token(self): + response = self.client.get( + '/%s/%s/forgot/recover?id=%d&token=foo' % (self.orga.slug, self.event.slug, self.user.id) + ) + self.assertEqual(response.status_code, 302) + response = self.client.post( + '/%s/%s/forgot/recover?id=%d&token=foo' % (self.orga.slug, self.event.slug, self.user.id), + { + 'password': 'foobar', + 'password_repeat': 'foobar' + } + ) + self.assertEqual(response.status_code, 302) + self.user = User.objects.get(id=self.user.id) + self.assertTrue(self.user.check_password('demo')) + + def test_recovery_expired_token(self): + class Mocked(PasswordResetTokenGenerator): + def _today(self): + return date.today() - timedelta(settings.PASSWORD_RESET_TIMEOUT_DAYS + 1) + + generator = Mocked() + token = generator.make_token(self.user) + response = self.client.get( + '/%s/%s/forgot/recover?id=%d&token=%s' % (self.orga.slug, self.event.slug, self.user.id, token) + ) + self.assertEqual(response.status_code, 302) + response = self.client.post( + '/%s/%s/forgot/recover?id=%d&token=%s' % (self.orga.slug, self.event.slug, self.user.id, token), + { + 'password': 'foobar', + 'password_repeat': 'foobar' + } + ) + self.assertEqual(response.status_code, 302) + self.user = User.objects.get(id=self.user.id) + self.assertTrue(self.user.check_password('demo')) + + def test_recovery_valid_token_success(self): + token = default_token_generator.make_token(self.user) + response = self.client.get( + '/%s/%s/forgot/recover?id=%d&token=%s' % (self.orga.slug, self.event.slug, self.user.id, token) + ) + self.assertEqual(response.status_code, 200) + response = self.client.post( + '/%s/%s/forgot/recover?id=%d&token=%s' % (self.orga.slug, self.event.slug, self.user.id, token), + { + 'password': 'foobar', + 'password_repeat': 'foobar' + } + ) + self.assertEqual(response.status_code, 302) + self.user = User.objects.get(id=self.user.id) + self.assertTrue(self.user.check_password('foobar')) + + def test_recovery_valid_token_empty_passwords(self): + token = default_token_generator.make_token(self.user) + response = self.client.get( + '/%s/%s/forgot/recover?id=%d&token=%s' % (self.orga.slug, self.event.slug, self.user.id, token) + ) + self.assertEqual(response.status_code, 200) + response = self.client.post( + '/%s/%s/forgot/recover?id=%d&token=%s' % (self.orga.slug, self.event.slug, self.user.id, token), + { + 'password': '', + 'password_repeat': 'foobar' + } + ) + self.assertEqual(response.status_code, 200) + self.user = User.objects.get(id=self.user.id) + self.assertTrue(self.user.check_password('demo')) + + def test_recovery_valid_token_different_passwords(self): + token = default_token_generator.make_token(self.user) + response = self.client.get( + '/%s/%s/forgot/recover?id=%d&token=%s' % (self.orga.slug, self.event.slug, self.user.id, token) + ) + self.assertEqual(response.status_code, 200) + response = self.client.post( + '/%s/%s/forgot/recover?id=%d&token=%s' % (self.orga.slug, self.event.slug, self.user.id, token), + { + 'password': 'foo', + 'password_repeat': 'foobar' + } + ) + self.assertEqual(response.status_code, 200) + self.user = User.objects.get(id=self.user.id) + self.assertTrue(self.user.check_password('demo'))