app-MAIL-temp/tests/api/test_auth_login.py

import unicodedata

import pytest
from flask import url_for

from app.extensions import db
from app.models import User, AccountActivation

PASSWORD_1 = "Aurélie"
PASSWORD_2 = unicodedata.normalize("NFKD", PASSWORD_1)
assert PASSWORD_1 != PASSWORD_2


@pytest.mark.parametrize("mfa", (True, False), ids=("MFA", "no MFA"))
def test_auth_login_success(flask_client, mfa: bool):
    User.create(
        email="abcd@gmail.com",
        password=PASSWORD_1,
        name="Test User",
        activated=True,
        enable_otp=mfa,
    )
    db.session.commit()

    r = flask_client.post(
        url_for("api.auth_login"),
        json={
            "email": "abcd@gmail.com",
            "password": PASSWORD_2,
            "device": "Test Device",
        },
    )

    assert r.status_code == 200
    assert r.json["name"] == "Test User"
    assert r.json["email"]

    if mfa:
        assert r.json["api_key"] is None
        assert r.json["mfa_enabled"]
        assert r.json["mfa_key"]
    else:
        assert r.json["api_key"]
        assert not r.json["mfa_enabled"]
        assert r.json["mfa_key"] is None


def test_auth_login_device_exist(flask_client):
    User.create(
        email="abcd@gmail.com", password="password", name="Test User", activated=True
    )
    db.session.commit()

    r = flask_client.post(
        url_for("api.auth_login"),
        json={
            "email": "abcd@gmail.com",
            "password": "password",
            "device": "Test Device",
        },
    )

    assert r.status_code == 200
    api_key = r.json["api_key"]
    assert not r.json["mfa_enabled"]
    assert r.json["mfa_key"] is None
    assert r.json["name"] == "Test User"

    # same device, should return same api_key
    r = flask_client.post(
        url_for("api.auth_login"),
        json={
            "email": "abcd@gmail.com",
            "password": "password",
            "device": "Test Device",
        },
    )
    assert r.json["api_key"] == api_key


def test_auth_register_success(flask_client):
    assert AccountActivation.first() is None

    r = flask_client.post(
        url_for("api.auth_register"),
        json={"email": "abcd@gmail.com", "password": "password"},
    )

    assert r.status_code == 200
    assert r.json["msg"]

    # make sure an activation code is created
    act_code = AccountActivation.first()
    assert act_code
    assert len(act_code.code) == 6
    assert act_code.tries == 3


def test_auth_register_too_short_password(flask_client):
    r = flask_client.post(
        url_for("api.auth_register"),
        json={"email": "abcd@gmail.com", "password": "short"},
    )

    assert r.status_code == 400
    assert r.json["error"] == "password too short"


def test_auth_activate_success(flask_client):
    r = flask_client.post(
        url_for("api.auth_register"),
        json={"email": "abcd@gmail.com", "password": "password"},
    )

    assert r.status_code == 200
    assert r.json["msg"]

    # get the activation code
    act_code = AccountActivation.first()
    assert act_code
    assert len(act_code.code) == 6

    r = flask_client.post(
        url_for("api.auth_activate"),
        json={"email": "abcd@gmail.com", "code": act_code.code},
    )
    assert r.status_code == 200


def test_auth_activate_wrong_email(flask_client):
    r = flask_client.post(
        url_for("api.auth_activate"), json={"email": "abcd@gmail.com", "code": "123456"}
    )
    assert r.status_code == 400


def test_auth_activate_user_already_activated(flask_client):
    User.create(
        email="abcd@gmail.com", password="password", name="Test User", activated=True
    )
    db.session.commit()

    r = flask_client.post(
        url_for("api.auth_activate"), json={"email": "abcd@gmail.com", "code": "123456"}
    )
    assert r.status_code == 400


def test_auth_activate_wrong_code(flask_client):
    r = flask_client.post(
        url_for("api.auth_register"),
        json={"email": "abcd@gmail.com", "password": "password"},
    )

    assert r.status_code == 200
    assert r.json["msg"]

    # get the activation code
    act_code = AccountActivation.first()
    assert act_code
    assert len(act_code.code) == 6
    assert act_code.tries == 3

    # make sure to create a wrong code
    wrong_code = act_code.code + "123"

    r = flask_client.post(
        url_for("api.auth_activate"),
        json={"email": "abcd@gmail.com", "code": wrong_code},
    )
    assert r.status_code == 400

    # make sure the nb tries decrements
    act_code = AccountActivation.first()
    assert act_code.tries == 2


def test_auth_activate_too_many_wrong_code(flask_client):
    r = flask_client.post(
        url_for("api.auth_register"),
        json={"email": "abcd@gmail.com", "password": "password"},
    )

    assert r.status_code == 200
    assert r.json["msg"]

    # get the activation code
    act_code = AccountActivation.first()
    assert act_code
    assert len(act_code.code) == 6
    assert act_code.tries == 3

    # make sure to create a wrong code
    wrong_code = act_code.code + "123"

    for _ in range(2):
        r = flask_client.post(
            url_for("api.auth_activate"),
            json={"email": "abcd@gmail.com", "code": wrong_code},
        )
        assert r.status_code == 400

    # the activation code is deleted
    r = flask_client.post(
        url_for("api.auth_activate"),
        json={"email": "abcd@gmail.com", "code": wrong_code},
    )

    assert r.status_code == 410

    # make sure the nb tries decrements
    assert AccountActivation.first() is None


def test_auth_reactivate_success(flask_client):
    User.create(email="abcd@gmail.com", password="password", name="Test User")
    db.session.commit()

    r = flask_client.post(
        url_for("api.auth_reactivate"), json={"email": "abcd@gmail.com"}
    )
    assert r.status_code == 200

    # make sure an activation code is created
    act_code = AccountActivation.first()
    assert act_code
    assert len(act_code.code) == 6
    assert act_code.tries == 3


def test_auth_login_forgot_password(flask_client):
    User.create(
        email="abcd@gmail.com", password="password", name="Test User", activated=True
    )
    db.session.commit()

    r = flask_client.post(
        url_for("api.forgot_password"),
        json={"email": "abcd@gmail.com"},
    )

    assert r.status_code == 200

    # No such email, still return 200
    r = flask_client.post(
        url_for("api.forgot_password"),
        json={"email": "not-exist@b.c"},
    )

    assert r.status_code == 200
tests/api/auth: Use a pw showing Unicode issues 2021-05-27 22:15:46 +02:00			`import unicodedata`

tests/api/test_auth_login: Refactor Have a single “login success” test, for both MFA and no-MFA cases. No functional change to the test. 2021-05-26 19:05:26 +02:00			`import pytest`
Create /api/auth/login 2020-01-20 14:36:39 +01:00			`from flask import url_for`

			`from app.extensions import db`
Add related endpoints for registration POST /api/auth/register POST /api/auth/activate POST /api/auth/reactivate 2020-02-28 13:01:54 +01:00			`from app.models import User, AccountActivation`
Create /api/auth/login 2020-01-20 14:36:39 +01:00
tests/api/auth: Use a pw showing Unicode issues 2021-05-27 22:15:46 +02:00			`PASSWORD_1 = "Aurélie"`
black 2021-06-02 18:48:35 +02:00			`PASSWORD_2 = unicodedata.normalize("NFKD", PASSWORD_1)`
tests/api/auth: Use a pw showing Unicode issues 2021-05-27 22:15:46 +02:00			`assert PASSWORD_1 != PASSWORD_2`

Create /api/auth/login 2020-01-20 14:36:39 +01:00
tests/api/test_auth_login: Refactor Have a single “login success” test, for both MFA and no-MFA cases. No functional change to the test. 2021-05-26 19:05:26 +02:00			`@pytest.mark.parametrize("mfa", (True, False), ids=("MFA", "no MFA"))`
			`def test_auth_login_success(flask_client, mfa: bool):`
Create /api/auth/login 2020-01-20 14:36:39 +01:00			`User.create(`
fix test: use valid domain 2020-04-27 23:15:30 +02:00			`email="abcd@gmail.com",`
tests/api/auth: Use a pw showing Unicode issues 2021-05-27 22:15:46 +02:00			`password=PASSWORD_1,`
Create /api/auth/login 2020-01-20 14:36:39 +01:00			`name="Test User",`
			`activated=True,`
tests/api/test_auth_login: Refactor Have a single “login success” test, for both MFA and no-MFA cases. No functional change to the test. 2021-05-26 19:05:26 +02:00			`enable_otp=mfa,`
Create /api/auth/login 2020-01-20 14:36:39 +01:00			`)`
			`db.session.commit()`

			`r = flask_client.post(`
			`url_for("api.auth_login"),`
fix test: use valid domain 2020-04-27 23:15:30 +02:00			`json={`
			`"email": "abcd@gmail.com",`
tests/api/auth: Use a pw showing Unicode issues 2021-05-27 22:15:46 +02:00			`"password": PASSWORD_2,`
fix test: use valid domain 2020-04-27 23:15:30 +02:00			`"device": "Test Device",`
			`},`
Create /api/auth/login 2020-01-20 14:36:39 +01:00			`)`

			`assert r.status_code == 200`
			`assert r.json["name"] == "Test User"`
tests/api/test_auth_login: Refactor Have a single “login success” test, for both MFA and no-MFA cases. No functional change to the test. 2021-05-26 19:05:26 +02:00			`assert r.json["email"]`

			`if mfa:`
			`assert r.json["api_key"] is None`
			`assert r.json["mfa_enabled"]`
			`assert r.json["mfa_key"]`
			`else:`
			`assert r.json["api_key"]`
			`assert not r.json["mfa_enabled"]`
			`assert r.json["mfa_key"] is None`
reuse ApiKey if same device 2020-02-05 12:05:26 +01:00

			`def test_auth_login_device_exist(flask_client):`
fix test: use valid domain 2020-04-27 23:15:30 +02:00			`User.create(`
			`email="abcd@gmail.com", password="password", name="Test User", activated=True`
			`)`
reuse ApiKey if same device 2020-02-05 12:05:26 +01:00			`db.session.commit()`

			`r = flask_client.post(`
			`url_for("api.auth_login"),`
fix test: use valid domain 2020-04-27 23:15:30 +02:00			`json={`
			`"email": "abcd@gmail.com",`
			`"password": "password",`
			`"device": "Test Device",`
			`},`
reuse ApiKey if same device 2020-02-05 12:05:26 +01:00			`)`

			`assert r.status_code == 200`
			`api_key = r.json["api_key"]`
linting 2020-12-06 17:54:54 +01:00			`assert not r.json["mfa_enabled"]`
reuse ApiKey if same device 2020-02-05 12:05:26 +01:00			`assert r.json["mfa_key"] is None`
			`assert r.json["name"] == "Test User"`

			`# same device, should return same api_key`
			`r = flask_client.post(`
			`url_for("api.auth_login"),`
fix test: use valid domain 2020-04-27 23:15:30 +02:00			`json={`
			`"email": "abcd@gmail.com",`
			`"password": "password",`
			`"device": "Test Device",`
			`},`
reuse ApiKey if same device 2020-02-05 12:05:26 +01:00			`)`
			`assert r.json["api_key"] == api_key`
Add related endpoints for registration POST /api/auth/register POST /api/auth/activate POST /api/auth/reactivate 2020-02-28 13:01:54 +01:00

			`def test_auth_register_success(flask_client):`
replace get(1) by first() 2021-08-05 19:44:56 +02:00			`assert AccountActivation.first() is None`
Add related endpoints for registration POST /api/auth/register POST /api/auth/activate POST /api/auth/reactivate 2020-02-28 13:01:54 +01:00
			`r = flask_client.post(`
fix test: use valid domain 2020-04-27 23:15:30 +02:00			`url_for("api.auth_register"),`
			`json={"email": "abcd@gmail.com", "password": "password"},`
Add related endpoints for registration POST /api/auth/register POST /api/auth/activate POST /api/auth/reactivate 2020-02-28 13:01:54 +01:00			`)`

			`assert r.status_code == 200`
			`assert r.json["msg"]`

			`# make sure an activation code is created`
replace get(1) by first() 2021-08-05 19:44:56 +02:00			`act_code = AccountActivation.first()`
Add related endpoints for registration POST /api/auth/register POST /api/auth/activate POST /api/auth/reactivate 2020-02-28 13:01:54 +01:00			`assert act_code`
			`assert len(act_code.code) == 6`
			`assert act_code.tries == 3`


			`def test_auth_register_too_short_password(flask_client):`
			`r = flask_client.post(`
fix test: use valid domain 2020-04-27 23:15:30 +02:00			`url_for("api.auth_register"),`
			`json={"email": "abcd@gmail.com", "password": "short"},`
Add related endpoints for registration POST /api/auth/register POST /api/auth/activate POST /api/auth/reactivate 2020-02-28 13:01:54 +01:00			`)`

			`assert r.status_code == 400`
			`assert r.json["error"] == "password too short"`


			`def test_auth_activate_success(flask_client):`
			`r = flask_client.post(`
fix test: use valid domain 2020-04-27 23:15:30 +02:00			`url_for("api.auth_register"),`
			`json={"email": "abcd@gmail.com", "password": "password"},`
Add related endpoints for registration POST /api/auth/register POST /api/auth/activate POST /api/auth/reactivate 2020-02-28 13:01:54 +01:00			`)`

			`assert r.status_code == 200`
			`assert r.json["msg"]`

			`# get the activation code`
replace get(1) by first() 2021-08-05 19:44:56 +02:00			`act_code = AccountActivation.first()`
Add related endpoints for registration POST /api/auth/register POST /api/auth/activate POST /api/auth/reactivate 2020-02-28 13:01:54 +01:00			`assert act_code`
			`assert len(act_code.code) == 6`

			`r = flask_client.post(`
fix test: use valid domain 2020-04-27 23:15:30 +02:00			`url_for("api.auth_activate"),`
			`json={"email": "abcd@gmail.com", "code": act_code.code},`
Add related endpoints for registration POST /api/auth/register POST /api/auth/activate POST /api/auth/reactivate 2020-02-28 13:01:54 +01:00			`)`
			`assert r.status_code == 200`


			`def test_auth_activate_wrong_email(flask_client):`
			`r = flask_client.post(`
fix test: use valid domain 2020-04-27 23:15:30 +02:00			`url_for("api.auth_activate"), json={"email": "abcd@gmail.com", "code": "123456"}`
Add related endpoints for registration POST /api/auth/register POST /api/auth/activate POST /api/auth/reactivate 2020-02-28 13:01:54 +01:00			`)`
			`assert r.status_code == 400`


			`def test_auth_activate_user_already_activated(flask_client):`
fix test: use valid domain 2020-04-27 23:15:30 +02:00			`User.create(`
			`email="abcd@gmail.com", password="password", name="Test User", activated=True`
			`)`
Add related endpoints for registration POST /api/auth/register POST /api/auth/activate POST /api/auth/reactivate 2020-02-28 13:01:54 +01:00			`db.session.commit()`

			`r = flask_client.post(`
fix test: use valid domain 2020-04-27 23:15:30 +02:00			`url_for("api.auth_activate"), json={"email": "abcd@gmail.com", "code": "123456"}`
Add related endpoints for registration POST /api/auth/register POST /api/auth/activate POST /api/auth/reactivate 2020-02-28 13:01:54 +01:00			`)`
			`assert r.status_code == 400`


			`def test_auth_activate_wrong_code(flask_client):`
			`r = flask_client.post(`
fix test: use valid domain 2020-04-27 23:15:30 +02:00			`url_for("api.auth_register"),`
			`json={"email": "abcd@gmail.com", "password": "password"},`
Add related endpoints for registration POST /api/auth/register POST /api/auth/activate POST /api/auth/reactivate 2020-02-28 13:01:54 +01:00			`)`

			`assert r.status_code == 200`
			`assert r.json["msg"]`

			`# get the activation code`
replace get(1) by first() 2021-08-05 19:44:56 +02:00			`act_code = AccountActivation.first()`
Add related endpoints for registration POST /api/auth/register POST /api/auth/activate POST /api/auth/reactivate 2020-02-28 13:01:54 +01:00			`assert act_code`
			`assert len(act_code.code) == 6`
			`assert act_code.tries == 3`

			`# make sure to create a wrong code`
			`wrong_code = act_code.code + "123"`

			`r = flask_client.post(`
fix test: use valid domain 2020-04-27 23:15:30 +02:00			`url_for("api.auth_activate"),`
			`json={"email": "abcd@gmail.com", "code": wrong_code},`
Add related endpoints for registration POST /api/auth/register POST /api/auth/activate POST /api/auth/reactivate 2020-02-28 13:01:54 +01:00			`)`
			`assert r.status_code == 400`

			`# make sure the nb tries decrements`
replace get(1) by first() 2021-08-05 19:44:56 +02:00			`act_code = AccountActivation.first()`
Add related endpoints for registration POST /api/auth/register POST /api/auth/activate POST /api/auth/reactivate 2020-02-28 13:01:54 +01:00			`assert act_code.tries == 2`


			`def test_auth_activate_too_many_wrong_code(flask_client):`
			`r = flask_client.post(`
fix test: use valid domain 2020-04-27 23:15:30 +02:00			`url_for("api.auth_register"),`
			`json={"email": "abcd@gmail.com", "password": "password"},`
Add related endpoints for registration POST /api/auth/register POST /api/auth/activate POST /api/auth/reactivate 2020-02-28 13:01:54 +01:00			`)`

			`assert r.status_code == 200`
			`assert r.json["msg"]`

			`# get the activation code`
replace get(1) by first() 2021-08-05 19:44:56 +02:00			`act_code = AccountActivation.first()`
Add related endpoints for registration POST /api/auth/register POST /api/auth/activate POST /api/auth/reactivate 2020-02-28 13:01:54 +01:00			`assert act_code`
			`assert len(act_code.code) == 6`
			`assert act_code.tries == 3`

			`# make sure to create a wrong code`
			`wrong_code = act_code.code + "123"`

			`for _ in range(2):`
			`r = flask_client.post(`
fix test: use valid domain 2020-04-27 23:15:30 +02:00			`url_for("api.auth_activate"),`
			`json={"email": "abcd@gmail.com", "code": wrong_code},`
Add related endpoints for registration POST /api/auth/register POST /api/auth/activate POST /api/auth/reactivate 2020-02-28 13:01:54 +01:00			`)`
			`assert r.status_code == 400`

			`# the activation code is deleted`
			`r = flask_client.post(`
fix test: use valid domain 2020-04-27 23:15:30 +02:00			`url_for("api.auth_activate"),`
			`json={"email": "abcd@gmail.com", "code": wrong_code},`
Add related endpoints for registration POST /api/auth/register POST /api/auth/activate POST /api/auth/reactivate 2020-02-28 13:01:54 +01:00			`)`

			`assert r.status_code == 410`

			`# make sure the nb tries decrements`
replace get(1) by first() 2021-08-05 19:44:56 +02:00			`assert AccountActivation.first() is None`
Add related endpoints for registration POST /api/auth/register POST /api/auth/activate POST /api/auth/reactivate 2020-02-28 13:01:54 +01:00

			`def test_auth_reactivate_success(flask_client):`
fix test: use valid domain 2020-04-27 23:15:30 +02:00			`User.create(email="abcd@gmail.com", password="password", name="Test User")`
Add related endpoints for registration POST /api/auth/register POST /api/auth/activate POST /api/auth/reactivate 2020-02-28 13:01:54 +01:00			`db.session.commit()`

fix test: use valid domain 2020-04-27 23:15:30 +02:00			`r = flask_client.post(`
			`url_for("api.auth_reactivate"), json={"email": "abcd@gmail.com"}`
			`)`
Add related endpoints for registration POST /api/auth/register POST /api/auth/activate POST /api/auth/reactivate 2020-02-28 13:01:54 +01:00			`assert r.status_code == 200`

			`# make sure an activation code is created`
replace get(1) by first() 2021-08-05 19:44:56 +02:00			`act_code = AccountActivation.first()`
Add related endpoints for registration POST /api/auth/register POST /api/auth/activate POST /api/auth/reactivate 2020-02-28 13:01:54 +01:00			`assert act_code`
			`assert len(act_code.code) == 6`
			`assert act_code.tries == 3`
Add POST /api/auth/forgot_password 2020-03-18 18:43:04 +01:00

			`def test_auth_login_forgot_password(flask_client):`
fix test: use valid domain 2020-04-27 23:15:30 +02:00			`User.create(`
			`email="abcd@gmail.com", password="password", name="Test User", activated=True`
			`)`
Add POST /api/auth/forgot_password 2020-03-18 18:43:04 +01:00			`db.session.commit()`

fix test: use valid domain 2020-04-27 23:15:30 +02:00			`r = flask_client.post(`
black new version 2020-08-27 10:20:48 +02:00			`url_for("api.forgot_password"),`
			`json={"email": "abcd@gmail.com"},`
fix test: use valid domain 2020-04-27 23:15:30 +02:00			`)`
Add POST /api/auth/forgot_password 2020-03-18 18:43:04 +01:00
			`assert r.status_code == 200`

always return 200 in /forgot_password 2020-03-18 21:55:50 +01:00			`# No such email, still return 200`
Add POST /api/auth/forgot_password 2020-03-18 18:43:04 +01:00			`r = flask_client.post(`
black new version 2020-08-27 10:20:48 +02:00			`url_for("api.forgot_password"),`
			`json={"email": "not-exist@b.c"},`
Add POST /api/auth/forgot_password 2020-03-18 18:43:04 +01:00			`)`

always return 200 in /forgot_password 2020-03-18 21:55:50 +01:00			`assert r.status_code == 200`