~homeworkprod/byceps

ref: ee44f550bd6c9f49e72424cd5826669dd1f57c1c byceps/tests/integration/blueprints/admin/test_login.py -rw-r--r-- 2.5 KiB
ee44f550 — Jochen Kupperschmidt Avoid same German translation for different meanings of "cancel" 1 year, 8 months ago
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
"""
:Copyright: 2006-2021 Jochen Kupperschmidt
:License: Revised BSD (see `LICENSE` file for details)
"""

import pytest

from byceps.services.authentication.password import service as password_service
from byceps.services.authentication.session import service as session_service
from byceps.services.user import event_service


@pytest.fixture
def client(admin_app, site):
    return admin_app.test_client()


def test_login_form(client):
    response = client.get('/authentication/login')

    assert response.status_code == 200


def test_login_succeeds(client, make_admin):
    screen_name = 'AdminLoginTester'
    password = 'correct horse battery staple'
    permission_ids = {'admin.access'}

    user = make_admin(screen_name, permission_ids)
    password_service.create_password_hash(user.id, password)

    login_events_before = event_service.get_events_of_type_for_user(user.id, 'user-logged-in')
    assert len(login_events_before) == 0

    assert session_service.find_recent_login(user.id) is None

    assert not list(client.cookie_jar)

    form_data = {
        'screen_name': screen_name,
        'password': password,
    }

    response = client.post('/authentication/login', data=form_data)
    assert response.status_code == 204
    assert response.location is None

    login_events_after = event_service.get_events_of_type_for_user(user.id, 'user-logged-in')
    assert len(login_events_after) == 1
    login_event = login_events_after[0]
    assert login_event.data == {'ip_address': '127.0.0.1'}

    assert session_service.find_recent_login(user.id) is not None

    cookies = list(client.cookie_jar)
    assert len(cookies) == 1

    cookie = cookies[0]
    assert cookie.domain == '.admin.acmecon.test'
    assert cookie.name == 'session'
    assert cookie.secure


def test_login_fails_lacking_access_permission(client, make_admin):
    screen_name = 'AdminWithoutAccess'
    password = 'correct horse battery staple'
    permission_ids = {}

    user = make_admin(screen_name, permission_ids)
    password_service.create_password_hash(user.id, password)

    assert not list(client.cookie_jar)

    form_data = {
        'screen_name': screen_name,
        'password': password,
    }

    response = client.post('/authentication/login', data=form_data)
    assert response.status_code == 403


def test_login_fails(client):
    form_data = {
        'screen_name': 'TotallyUnknownAdmin',
        'password': 'TotallyWrongPassword',
    }

    response = client.post('/authentication/login', data=form_data)
    assert response.status_code == 403