app-MAIL-temp/tests/api/test_auth_login.py

257 lines
6.6 KiB
Python
Raw Normal View History

2020-01-20 14:36:39 +01:00
from flask import url_for
from app.extensions import db
from app.models import User, AccountActivation
2020-01-20 14:36:39 +01:00
def test_auth_login_success_mfa_disabled(flask_client):
2020-04-27 23:15:30 +02:00
User.create(
email="abcd@gmail.com", password="password", name="Test User", activated=True
)
2020-01-20 14:36:39 +01:00
db.session.commit()
r = flask_client.post(
url_for("api.auth_login"),
2020-04-27 23:15:30 +02:00
json={
"email": "abcd@gmail.com",
"password": "password",
"device": "Test Device",
},
2020-01-20 14:36:39 +01:00
)
assert r.status_code == 200
assert r.json["api_key"]
2020-06-09 17:19:03 +02:00
assert r.json["email"]
2020-01-20 14:36:39 +01:00
assert r.json["mfa_enabled"] == False
assert r.json["mfa_key"] is None
2020-01-20 14:36:39 +01:00
assert r.json["name"] == "Test User"
def test_auth_login_success_mfa_enabled(flask_client):
User.create(
2020-04-27 23:15:30 +02:00
email="abcd@gmail.com",
2020-01-20 14:36:39 +01:00
password="password",
name="Test User",
activated=True,
enable_otp=True,
)
db.session.commit()
r = flask_client.post(
url_for("api.auth_login"),
2020-04-27 23:15:30 +02:00
json={
"email": "abcd@gmail.com",
"password": "password",
"device": "Test Device",
},
2020-01-20 14:36:39 +01:00
)
assert r.status_code == 200
assert r.json["api_key"] is None
2020-01-20 14:36:39 +01:00
assert r.json["mfa_enabled"] == True
assert r.json["mfa_key"]
assert r.json["name"] == "Test User"
2020-02-05 12:05:26 +01:00
def test_auth_login_device_exist(flask_client):
2020-04-27 23:15:30 +02:00
User.create(
email="abcd@gmail.com", password="password", name="Test User", activated=True
)
2020-02-05 12:05:26 +01:00
db.session.commit()
r = flask_client.post(
url_for("api.auth_login"),
2020-04-27 23:15:30 +02:00
json={
"email": "abcd@gmail.com",
"password": "password",
"device": "Test Device",
},
2020-02-05 12:05:26 +01:00
)
assert r.status_code == 200
api_key = r.json["api_key"]
assert r.json["mfa_enabled"] == False
assert r.json["mfa_key"] is None
assert r.json["name"] == "Test User"
# same device, should return same api_key
r = flask_client.post(
url_for("api.auth_login"),
2020-04-27 23:15:30 +02:00
json={
"email": "abcd@gmail.com",
"password": "password",
"device": "Test Device",
},
2020-02-05 12:05:26 +01:00
)
assert r.json["api_key"] == api_key
def test_auth_register_success(flask_client):
assert AccountActivation.get(1) is None
r = flask_client.post(
2020-04-27 23:15:30 +02:00
url_for("api.auth_register"),
json={"email": "abcd@gmail.com", "password": "password"},
)
assert r.status_code == 200
assert r.json["msg"]
# make sure an activation code is created
act_code = AccountActivation.get(1)
assert act_code
assert len(act_code.code) == 6
assert act_code.tries == 3
def test_auth_register_too_short_password(flask_client):
r = flask_client.post(
2020-04-27 23:15:30 +02:00
url_for("api.auth_register"),
json={"email": "abcd@gmail.com", "password": "short"},
)
assert r.status_code == 400
assert r.json["error"] == "password too short"
def test_auth_activate_success(flask_client):
r = flask_client.post(
2020-04-27 23:15:30 +02:00
url_for("api.auth_register"),
json={"email": "abcd@gmail.com", "password": "password"},
)
assert r.status_code == 200
assert r.json["msg"]
# get the activation code
act_code = AccountActivation.get(1)
assert act_code
assert len(act_code.code) == 6
r = flask_client.post(
2020-04-27 23:15:30 +02:00
url_for("api.auth_activate"),
json={"email": "abcd@gmail.com", "code": act_code.code},
)
assert r.status_code == 200
def test_auth_activate_wrong_email(flask_client):
r = flask_client.post(
2020-04-27 23:15:30 +02:00
url_for("api.auth_activate"), json={"email": "abcd@gmail.com", "code": "123456"}
)
assert r.status_code == 400
def test_auth_activate_user_already_activated(flask_client):
2020-04-27 23:15:30 +02:00
User.create(
email="abcd@gmail.com", password="password", name="Test User", activated=True
)
db.session.commit()
r = flask_client.post(
2020-04-27 23:15:30 +02:00
url_for("api.auth_activate"), json={"email": "abcd@gmail.com", "code": "123456"}
)
assert r.status_code == 400
def test_auth_activate_wrong_code(flask_client):
r = flask_client.post(
2020-04-27 23:15:30 +02:00
url_for("api.auth_register"),
json={"email": "abcd@gmail.com", "password": "password"},
)
assert r.status_code == 200
assert r.json["msg"]
# get the activation code
act_code = AccountActivation.get(1)
assert act_code
assert len(act_code.code) == 6
assert act_code.tries == 3
# make sure to create a wrong code
wrong_code = act_code.code + "123"
r = flask_client.post(
2020-04-27 23:15:30 +02:00
url_for("api.auth_activate"),
json={"email": "abcd@gmail.com", "code": wrong_code},
)
assert r.status_code == 400
# make sure the nb tries decrements
act_code = AccountActivation.get(1)
assert act_code.tries == 2
def test_auth_activate_too_many_wrong_code(flask_client):
r = flask_client.post(
2020-04-27 23:15:30 +02:00
url_for("api.auth_register"),
json={"email": "abcd@gmail.com", "password": "password"},
)
assert r.status_code == 200
assert r.json["msg"]
# get the activation code
act_code = AccountActivation.get(1)
assert act_code
assert len(act_code.code) == 6
assert act_code.tries == 3
# make sure to create a wrong code
wrong_code = act_code.code + "123"
for _ in range(2):
r = flask_client.post(
2020-04-27 23:15:30 +02:00
url_for("api.auth_activate"),
json={"email": "abcd@gmail.com", "code": wrong_code},
)
assert r.status_code == 400
# the activation code is deleted
r = flask_client.post(
2020-04-27 23:15:30 +02:00
url_for("api.auth_activate"),
json={"email": "abcd@gmail.com", "code": wrong_code},
)
assert r.status_code == 410
# make sure the nb tries decrements
assert AccountActivation.get(1) is None
def test_auth_reactivate_success(flask_client):
2020-04-27 23:15:30 +02:00
User.create(email="abcd@gmail.com", password="password", name="Test User")
db.session.commit()
2020-04-27 23:15:30 +02:00
r = flask_client.post(
url_for("api.auth_reactivate"), json={"email": "abcd@gmail.com"}
)
assert r.status_code == 200
# make sure an activation code is created
act_code = AccountActivation.get(1)
assert act_code
assert len(act_code.code) == 6
assert act_code.tries == 3
2020-03-18 18:43:04 +01:00
def test_auth_login_forgot_password(flask_client):
2020-04-27 23:15:30 +02:00
User.create(
email="abcd@gmail.com", password="password", name="Test User", activated=True
)
2020-03-18 18:43:04 +01:00
db.session.commit()
2020-04-27 23:15:30 +02:00
r = flask_client.post(
url_for("api.forgot_password"), json={"email": "abcd@gmail.com"},
)
2020-03-18 18:43:04 +01:00
assert r.status_code == 200
2020-03-18 21:55:50 +01:00
# No such email, still return 200
2020-03-18 18:43:04 +01:00
r = flask_client.post(
url_for("api.forgot_password"), json={"email": "not-exist@b.c"},
)
2020-03-18 21:55:50 +01:00
assert r.status_code == 200