From eaa229256a81f570277a235195361df3bf38fd04 Mon Sep 17 00:00:00 2001 From: Holger Frey Date: Wed, 18 Oct 2017 14:50:26 +0200 Subject: [PATCH] added more tests for login and logout of users --- tests/__init__.py | 56 +++++++++--------- tests/_functional/account.py | 109 +++++++++++++++++++++++++---------- tests/views/account.py | 85 +++++++++++++++++++++++++++ 3 files changed, 195 insertions(+), 55 deletions(-) create mode 100644 tests/views/account.py diff --git a/tests/__init__.py b/tests/__init__.py index edc332a..dba1d96 100644 --- a/tests/__init__.py +++ b/tests/__init__.py @@ -35,32 +35,6 @@ EXAMPLE_USER_DATA = { } -# helpers - -def get_user(role_name): - ''' get the user model for one well known user ''' - from ordr2.models import Role, User - id_, first_name, last_name = EXAMPLE_USER_DATA[role_name] - user = User( - id=id_, - username=first_name + last_name, - first_name = first_name, - last_name = last_name, - email = last_name.lower() + '@example.com', - role=Role(role_name) - ) - user.set_password(first_name) - return user - - -def create_users(db): - ''' set up all well known example users ''' - from ordr2.models import Role - for role in Role: - user = get_user(role.value) - db.add(user) - - # fixtures @pytest.fixture(scope='session') @@ -95,3 +69,33 @@ def dbsession(app_config): transaction.abort() Base.metadata.drop_all(engine) + + + +# helpers + +def get_user(role_name): + ''' get the user model for one well known user ''' + from ordr2.models import Role, User + id_, first_name, last_name = EXAMPLE_USER_DATA[role_name] + user = User( + id=id_, + username=first_name + last_name, + first_name = first_name, + last_name = last_name, + email = last_name.lower() + '@example.com', + role=Role(role_name) + ) + user.set_password(first_name) + return user + + +def create_users(db): + ''' set up all well known example users ''' + from ordr2.models import Role + for role in Role: + user = get_user(role.value) + db.add(user) + + + diff --git a/tests/_functional/account.py b/tests/_functional/account.py index 6e8d092..7c7788b 100644 --- a/tests/_functional/account.py +++ b/tests/_functional/account.py @@ -1,4 +1,4 @@ -''' tests for the common layout and simple (static)''' +''' tests for the login, logout, registration and account settings''' import pytest @@ -6,6 +6,25 @@ from . import testapp from .. import get_user +# helper functions + +def assert_user_is_logged_in(response, username): + ''' checks if login was successful ''' + assert '' in response + assert 'id="login-form"' not in response + assert 'Logged in as {}'.format(username) in response + + +def assert_user_login_failed(response, username): + ''' checks if login was un successful ''' + assert '' in response + assert 'id="login-form' in response + assert 'Logged in as {}'.format(username) not in response + assert 'You entered the wrong username or password' in response + + +# test for account registration + def test_account_register_unauthenticated(testapp): ''' test the registration page for a unauthenticated user ''' testapp.reset() @@ -22,12 +41,22 @@ def test_account_register_unauthenticated(testapp): assert li_two.find('a').text == 'Register' -@pytest.mark.parametrize('role_name', ['user', 'purchaser', 'admin', ]) -def test_account_login_for_active_users(testapp, role_name): +# tests for login and logout of users + +def test_account_login_only_by_post(testapp): + ''' test that the login view is not accessibal via get ''' + testapp.reset() + + response = testapp.get('/account/login', status=404) + + assert response.status.startswith('404') + + +def test_account_login_for_active_users(testapp): ''' check if user login works ''' testapp.reset() - user = get_user(role_name) + user = get_user('user') root = testapp.get('/') login_form = root.forms['login-form'] login_form.set('username', user.username) @@ -40,55 +69,77 @@ def test_account_login_for_active_users(testapp, role_name): # the layout should reflect the login response = testapp.get('/faq') - assert '' in response - assert 'id="login-form"' not in response - assert 'Logged in as {}'.format(user.username) in response + assert_user_is_logged_in(response, user.username) -@pytest.mark.parametrize('role_name', ['unvalidated', 'new', 'inactive']) -def test_account_login_for_inactive_users(testapp, role_name): +def test_account_login_for_inactive_users(testapp): ''' check if user login works ''' testapp.reset() - user = get_user(role_name) + user = get_user('unvalidated') root = testapp.get('/') login_form = root.forms['login-form'] login_form.set('username', user.username) login_form.set('password', user.first_name) response = login_form.submit() - assert '' in response - assert 'id="login-form' in response - assert 'Logged in as {}'.format(user.username) not in response - assert 'You entered the wrong username or password' in response + assert_user_login_failed(response, user.username) -@pytest.mark.parametrize( - 'username, password', [ - ('EricIdle', 'wrong password'), - ('unknown user', 'Eric'), - ('unknown user', 'unknown password') - ] - ) -def test_account_login_fails(testapp, username, password): +def test_account_login_fails(testapp): ''' check if user login works ''' testapp.reset() root = testapp.get('/') login_form = root.forms['login-form'] - login_form.set('username', username) - login_form.set('password', password) + login_form.set('username', 'EricIdle') + login_form.set('password', 'wrong password') response = login_form.submit() - assert '' in response - assert 'id="login-form' in response - assert 'Logged in as {}'.format(username) not in response - assert 'You entered the wrong username or password' in response + assert_user_login_failed(response, 'EricIdle') + assert '/account/forgot-password' in response -def test_account_login_only_by_post(testapp): +def test_account_login_works_after_failed_login(testapp): + ''' check if user login works after failed attempt ''' + testapp.reset() + + root = testapp.get('/') + login_form = root.forms['login-form'] + login_form.set('username', 'EricIdle') + login_form.set('password', 'wrong password') + response = login_form.submit() + + assert_user_login_failed(response, 'EricIdle') + + login_form = response.forms['login-form'] + login_form.set('username', 'EricIdle') + login_form.set('password', 'Eric') + login_form.submit() + response = testapp.get('/faq') + + assert_user_is_logged_in(response, 'EricIdle') + + +def test_account_login_fails_after_failed_login(testapp): + ''' check if user login works after failed attempt ''' testapp.reset() + root = testapp.get('/') + login_form = root.forms['login-form'] + login_form.set('username', 'EricIdle') + login_form.set('password', 'wrong password') + response = login_form.submit() + + assert_user_login_failed(response, 'EricIdle') + + login_form = response.forms['login-form'] + login_form.set('username', 'EricIdle') + login_form.set('password', 'wrong password') + response = login_form.submit() + + assert_user_login_failed(response, 'EricIdle') + def test_account_logout_works(testapp): ''' check if a user can log out ''' diff --git a/tests/views/account.py b/tests/views/account.py new file mode 100644 index 0000000..335b29a --- /dev/null +++ b/tests/views/account.py @@ -0,0 +1,85 @@ +''' Tests for ordr2.views.account ''' + +import pytest + +from pyramid.httpexceptions import HTTPFound +from pyramid.testing import DummyRequest, DummyResource + + +from .. import app_config, dbsession, get_user, create_users + + +@pytest.mark.parametrize('rolename', ['user', 'purchaser', 'admin']) +def test_account_login_active_users(dbsession, rolename): + ''' login ok for active users ''' + from ordr2.views.account import login + create_users(dbsession) + + user = get_user(rolename) + request = DummyRequest( + dbsession=dbsession, + post={ + 'username': user.username, + 'password': user.first_name + } + ) + result = login(None, request) + + assert isinstance(result, HTTPFound) + assert result.location == '//orders' + + +@pytest.mark.parametrize('rolename', ['unvalidated', 'new', 'inactive']) +def test_account_login_fails_inactive_users(dbsession, rolename): + ''' login fails for inactive users ''' + from ordr2.views.account import login + create_users(dbsession) + + user = get_user(rolename) + request = DummyRequest( + dbsession=dbsession, + post={ + 'username': user.username, + 'password': user.first_name + } + ) + result = login(None, request) + + assert result == {} + + +@pytest.mark.parametrize( + 'username, password', [ + ('EricIdle', 'wrong password'), + ('unknown user', 'Eric'), + ('unknown user', 'wrong password'), + ('', '') + ] + ) +def test_account_login_fails_wrong_credentials(dbsession, username, password): + ''' login fails for unknown or wrong credentials ''' + from ordr2.views.account import login + create_users(dbsession) + + request = DummyRequest( + dbsession=dbsession, + post={ + 'username': username, + 'password': password + } + ) + result = login(None, request) + + assert result == {} + + +def test_logout(app_config): + ''' logout works ''' + from ordr2.views.account import logout + user = get_user('admin') + + request = DummyRequest(user=user) + result = logout(None, request) + + assert isinstance(result, HTTPFound) + assert result.location == 'http://example.com//'