diff --git a/tests/__init__.py b/tests/__init__.py
index edc332a..dba1d96 100644
--- a/tests/__init__.py
+++ b/tests/__init__.py
@@ -35,32 +35,6 @@ EXAMPLE_USER_DATA = {
}
-# helpers
-
-def get_user(role_name):
- ''' get the user model for one well known user '''
- from ordr2.models import Role, User
- id_, first_name, last_name = EXAMPLE_USER_DATA[role_name]
- user = User(
- id=id_,
- username=first_name + last_name,
- first_name = first_name,
- last_name = last_name,
- email = last_name.lower() + '@example.com',
- role=Role(role_name)
- )
- user.set_password(first_name)
- return user
-
-
-def create_users(db):
- ''' set up all well known example users '''
- from ordr2.models import Role
- for role in Role:
- user = get_user(role.value)
- db.add(user)
-
-
# fixtures
@pytest.fixture(scope='session')
@@ -95,3 +69,33 @@ def dbsession(app_config):
transaction.abort()
Base.metadata.drop_all(engine)
+
+
+
+# helpers
+
+def get_user(role_name):
+ ''' get the user model for one well known user '''
+ from ordr2.models import Role, User
+ id_, first_name, last_name = EXAMPLE_USER_DATA[role_name]
+ user = User(
+ id=id_,
+ username=first_name + last_name,
+ first_name = first_name,
+ last_name = last_name,
+ email = last_name.lower() + '@example.com',
+ role=Role(role_name)
+ )
+ user.set_password(first_name)
+ return user
+
+
+def create_users(db):
+ ''' set up all well known example users '''
+ from ordr2.models import Role
+ for role in Role:
+ user = get_user(role.value)
+ db.add(user)
+
+
+
diff --git a/tests/_functional/account.py b/tests/_functional/account.py
index 6e8d092..7c7788b 100644
--- a/tests/_functional/account.py
+++ b/tests/_functional/account.py
@@ -1,4 +1,4 @@
-''' tests for the common layout and simple (static)'''
+''' tests for the login, logout, registration and account settings'''
import pytest
@@ -6,6 +6,25 @@ from . import testapp
from .. import get_user
+# helper functions
+
+def assert_user_is_logged_in(response, username):
+ ''' checks if login was successful '''
+ assert '' in response
+ assert 'id="login-form"' not in response
+ assert 'Logged in as {}'.format(username) in response
+
+
+def assert_user_login_failed(response, username):
+ ''' checks if login was un successful '''
+ assert '' in response
+ assert 'id="login-form' in response
+ assert 'Logged in as {}'.format(username) not in response
+ assert 'You entered the wrong username or password' in response
+
+
+# test for account registration
+
def test_account_register_unauthenticated(testapp):
''' test the registration page for a unauthenticated user '''
testapp.reset()
@@ -22,12 +41,22 @@ def test_account_register_unauthenticated(testapp):
assert li_two.find('a').text == 'Register'
-@pytest.mark.parametrize('role_name', ['user', 'purchaser', 'admin', ])
-def test_account_login_for_active_users(testapp, role_name):
+# tests for login and logout of users
+
+def test_account_login_only_by_post(testapp):
+ ''' test that the login view is not accessibal via get '''
+ testapp.reset()
+
+ response = testapp.get('/account/login', status=404)
+
+ assert response.status.startswith('404')
+
+
+def test_account_login_for_active_users(testapp):
''' check if user login works '''
testapp.reset()
- user = get_user(role_name)
+ user = get_user('user')
root = testapp.get('/')
login_form = root.forms['login-form']
login_form.set('username', user.username)
@@ -40,55 +69,77 @@ def test_account_login_for_active_users(testapp, role_name):
# the layout should reflect the login
response = testapp.get('/faq')
- assert '' in response
- assert 'id="login-form"' not in response
- assert 'Logged in as {}'.format(user.username) in response
+ assert_user_is_logged_in(response, user.username)
-@pytest.mark.parametrize('role_name', ['unvalidated', 'new', 'inactive'])
-def test_account_login_for_inactive_users(testapp, role_name):
+def test_account_login_for_inactive_users(testapp):
''' check if user login works '''
testapp.reset()
- user = get_user(role_name)
+ user = get_user('unvalidated')
root = testapp.get('/')
login_form = root.forms['login-form']
login_form.set('username', user.username)
login_form.set('password', user.first_name)
response = login_form.submit()
- assert '' in response
- assert 'id="login-form' in response
- assert 'Logged in as {}'.format(user.username) not in response
- assert 'You entered the wrong username or password' in response
+ assert_user_login_failed(response, user.username)
-@pytest.mark.parametrize(
- 'username, password', [
- ('EricIdle', 'wrong password'),
- ('unknown user', 'Eric'),
- ('unknown user', 'unknown password')
- ]
- )
-def test_account_login_fails(testapp, username, password):
+def test_account_login_fails(testapp):
''' check if user login works '''
testapp.reset()
root = testapp.get('/')
login_form = root.forms['login-form']
- login_form.set('username', username)
- login_form.set('password', password)
+ login_form.set('username', 'EricIdle')
+ login_form.set('password', 'wrong password')
response = login_form.submit()
- assert '' in response
- assert 'id="login-form' in response
- assert 'Logged in as {}'.format(username) not in response
- assert 'You entered the wrong username or password' in response
+ assert_user_login_failed(response, 'EricIdle')
+ assert '/account/forgot-password' in response
-def test_account_login_only_by_post(testapp):
+def test_account_login_works_after_failed_login(testapp):
+ ''' check if user login works after failed attempt '''
+ testapp.reset()
+
+ root = testapp.get('/')
+ login_form = root.forms['login-form']
+ login_form.set('username', 'EricIdle')
+ login_form.set('password', 'wrong password')
+ response = login_form.submit()
+
+ assert_user_login_failed(response, 'EricIdle')
+
+ login_form = response.forms['login-form']
+ login_form.set('username', 'EricIdle')
+ login_form.set('password', 'Eric')
+ login_form.submit()
+ response = testapp.get('/faq')
+
+ assert_user_is_logged_in(response, 'EricIdle')
+
+
+def test_account_login_fails_after_failed_login(testapp):
+ ''' check if user login works after failed attempt '''
testapp.reset()
+ root = testapp.get('/')
+ login_form = root.forms['login-form']
+ login_form.set('username', 'EricIdle')
+ login_form.set('password', 'wrong password')
+ response = login_form.submit()
+
+ assert_user_login_failed(response, 'EricIdle')
+
+ login_form = response.forms['login-form']
+ login_form.set('username', 'EricIdle')
+ login_form.set('password', 'wrong password')
+ response = login_form.submit()
+
+ assert_user_login_failed(response, 'EricIdle')
+
def test_account_logout_works(testapp):
''' check if a user can log out '''
diff --git a/tests/views/account.py b/tests/views/account.py
new file mode 100644
index 0000000..335b29a
--- /dev/null
+++ b/tests/views/account.py
@@ -0,0 +1,85 @@
+''' Tests for ordr2.views.account '''
+
+import pytest
+
+from pyramid.httpexceptions import HTTPFound
+from pyramid.testing import DummyRequest, DummyResource
+
+
+from .. import app_config, dbsession, get_user, create_users
+
+
+@pytest.mark.parametrize('rolename', ['user', 'purchaser', 'admin'])
+def test_account_login_active_users(dbsession, rolename):
+ ''' login ok for active users '''
+ from ordr2.views.account import login
+ create_users(dbsession)
+
+ user = get_user(rolename)
+ request = DummyRequest(
+ dbsession=dbsession,
+ post={
+ 'username': user.username,
+ 'password': user.first_name
+ }
+ )
+ result = login(None, request)
+
+ assert isinstance(result, HTTPFound)
+ assert result.location == '//orders'
+
+
+@pytest.mark.parametrize('rolename', ['unvalidated', 'new', 'inactive'])
+def test_account_login_fails_inactive_users(dbsession, rolename):
+ ''' login fails for inactive users '''
+ from ordr2.views.account import login
+ create_users(dbsession)
+
+ user = get_user(rolename)
+ request = DummyRequest(
+ dbsession=dbsession,
+ post={
+ 'username': user.username,
+ 'password': user.first_name
+ }
+ )
+ result = login(None, request)
+
+ assert result == {}
+
+
+@pytest.mark.parametrize(
+ 'username, password', [
+ ('EricIdle', 'wrong password'),
+ ('unknown user', 'Eric'),
+ ('unknown user', 'wrong password'),
+ ('', '')
+ ]
+ )
+def test_account_login_fails_wrong_credentials(dbsession, username, password):
+ ''' login fails for unknown or wrong credentials '''
+ from ordr2.views.account import login
+ create_users(dbsession)
+
+ request = DummyRequest(
+ dbsession=dbsession,
+ post={
+ 'username': username,
+ 'password': password
+ }
+ )
+ result = login(None, request)
+
+ assert result == {}
+
+
+def test_logout(app_config):
+ ''' logout works '''
+ from ordr2.views.account import logout
+ user = get_user('admin')
+
+ request = DummyRequest(user=user)
+ result = logout(None, request)
+
+ assert isinstance(result, HTTPFound)
+ assert result.location == 'http://example.com//'