|
|
|
''' Tests for ordr2.resources.account '''
|
|
|
|
|
|
|
|
import pytest
|
|
|
|
|
|
|
|
from pyramid.testing import DummyRequest
|
|
|
|
|
|
|
|
from .. import app_config, dbsession, get_user
|
|
|
|
|
|
|
|
# helper function
|
|
|
|
|
|
|
|
def get_root_resource(role_name=None, **kwargs):
|
|
|
|
''' return a root resource '''
|
|
|
|
from ordr2.resources import RootResource
|
|
|
|
user = get_user(role_name) if role_name else None
|
|
|
|
request = DummyRequest(user=user, **kwargs)
|
|
|
|
return RootResource(request)
|
|
|
|
|
|
|
|
|
|
|
|
# tests for token resources
|
|
|
|
|
|
|
|
def test_registration_token_acl():
|
|
|
|
''' test the access controll list of the registration token resource '''
|
|
|
|
from pyramid.security import Allow, Authenticated, Deny, Everyone, DENY_ALL
|
|
|
|
from ordr2.resources.account import RegistrationToken
|
|
|
|
|
|
|
|
root = get_root_resource()
|
|
|
|
resource = RegistrationToken(None, root, None)
|
|
|
|
|
|
|
|
assert resource.__acl__() == [
|
|
|
|
(Deny, Authenticated, 'register'),
|
|
|
|
(Allow, Everyone, 'register'),
|
|
|
|
DENY_ALL
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
|
|
def test_email_verification_token_acl(app_config):
|
|
|
|
''' test the access controll list of the email token resource '''
|
|
|
|
from pyramid.security import Allow, Authenticated, Deny, Everyone, DENY_ALL
|
|
|
|
from ordr2.models.account import User, Token
|
|
|
|
from ordr2.resources.account import EmailVerificationToken
|
|
|
|
|
|
|
|
root = get_root_resource('user')
|
|
|
|
token = Token(owner=root.request.user)
|
|
|
|
resource = EmailVerificationToken(None, root, token)
|
|
|
|
|
|
|
|
assert resource.__acl__() == [(Allow, 'user:3', 'settings'), DENY_ALL]
|
|
|
|
|
|
|
|
|
|
|
|
def test_password_reset_token_acl():
|
|
|
|
''' test the access controll list of the password token resource '''
|
|
|
|
from pyramid.security import Allow, Everyone, DENY_ALL
|
|
|
|
from ordr2.resources.account import ForgottenPasswordToken
|
|
|
|
|
|
|
|
root = get_root_resource()
|
|
|
|
resource = ForgottenPasswordToken(None, root, None)
|
|
|
|
|
|
|
|
assert resource.__acl__() == [
|
|
|
|
(Allow, Everyone, 'reset password'),
|
|
|
|
DENY_ALL
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
|
|
def test_account_resource_init():
|
|
|
|
''' test __init__ function of base resource '''
|
|
|
|
from ordr2.resources.account import AccountResource
|
|
|
|
|
|
|
|
root = get_root_resource('user')
|
|
|
|
resource = AccountResource('resource name', root)
|
|
|
|
|
|
|
|
assert resource.__name__ == 'resource name'
|
|
|
|
assert resource.__parent__ == root
|
|
|
|
assert resource.request == root.request
|
|
|
|
assert resource.model == root.request.user
|
|
|
|
|
|
|
|
|
|
|
|
def test_account_resource_acl():
|
|
|
|
''' test the access controll list of the account resource '''
|
|
|
|
from pyramid.security import Allow, Authenticated, Deny, Everyone, DENY_ALL
|
|
|
|
from ordr2.resources.account import AccountResource
|
|
|
|
|
|
|
|
root = get_root_resource()
|
|
|
|
resource = AccountResource('resource name', root)
|
|
|
|
|
|
|
|
assert resource.__acl__() == [
|
|
|
|
(Allow, Everyone, 'login'),
|
|
|
|
(Allow, Everyone, 'logout'),
|
|
|
|
(Deny, Authenticated, 'register'),
|
|
|
|
(Allow, Everyone, 'register'),
|
|
|
|
(Allow, Everyone, 'reset password'),
|
|
|
|
(Allow, Authenticated, 'settings'),
|
|
|
|
DENY_ALL
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
|
|
def test_account_resource_getitem_token_ok(app_config, dbsession):
|
|
|
|
''' test __getitem__ method returns correct token '''
|
|
|
|
from ordr2.models.account import TokenSubject
|
|
|
|
from ordr2.resources.account import (
|
|
|
|
AccountResource,
|
|
|
|
EmailVerificationToken
|
|
|
|
)
|
|
|
|
|
|
|
|
root = get_root_resource('user', dbsession=dbsession)
|
|
|
|
user = root.request.user
|
|
|
|
dbsession.add(user)
|
|
|
|
hash = user.issue_token(root.request, TokenSubject.CHANGE_EMAIL)
|
|
|
|
account = AccountResource(None, root)
|
|
|
|
resource = account[hash]
|
|
|
|
|
|
|
|
assert isinstance(resource, EmailVerificationToken)
|
|
|
|
assert resource.__name__ == hash
|
|
|
|
assert resource.__parent__ == account
|
|
|
|
assert resource.model.hash == hash
|
|
|
|
assert resource.model.owner == root.request.user
|
|
|
|
|
|
|
|
|
|
|
|
def test_account_resource_getitem_token_not_found(dbsession):
|
|
|
|
''' test __getitem__ raises KeyError on unknown token hash '''
|
|
|
|
from ordr2.resources.account import AccountResource
|
|
|
|
|
|
|
|
root = get_root_resource('user', dbsession=dbsession)
|
|
|
|
account = AccountResource(None, root)
|
|
|
|
|
|
|
|
with pytest.raises(KeyError):
|
|
|
|
resource = account['unknown token hash']
|
|
|
|
|
|
|
|
|
|
|
|
def test_account_resource_getitem_token_expired(dbsession):
|
|
|
|
''' test __getitem__ raises KeyError on unknown token hash '''
|
|
|
|
from datetime import datetime
|
|
|
|
from ordr2.models.account import Token, TokenSubject
|
|
|
|
from ordr2.resources.account import (
|
|
|
|
AccountResource,
|
|
|
|
EmailVerificationToken
|
|
|
|
)
|
|
|
|
|
|
|
|
root = get_root_resource('user', dbsession=dbsession)
|
|
|
|
token = Token.issue(
|
|
|
|
root.request,
|
|
|
|
root.request.user,
|
|
|
|
TokenSubject.CHANGE_EMAIL
|
|
|
|
)
|
|
|
|
token.expires = datetime(year=2000, month=1, day=1)
|
|
|
|
dbsession.add(token)
|
|
|
|
account = AccountResource(None, root)
|
|
|
|
|
|
|
|
with pytest.raises(KeyError) as excinfo:
|
|
|
|
resource = account[token.hash]
|
|
|
|
assert f'Token {token.hash} has expired' in str(excinfo.value)
|