added more tests for login and logout of users

7 years ago · eaa229256a
3 changed files with 195 additions and 55 deletions
--- a/tests/init.py
+++ b/tests/init.py
@ -35,32 +35,6 @@ EXAMPLE_USER_DATA = {
				@@ -35,32 +35,6 @@ EXAMPLE_USER_DATA = {
    }


-# helpers
-
-def get_user(role_name):
-    ''' get the user model for one well known user '''
-    from ordr2.models import Role, User
-    id_, first_name, last_name = EXAMPLE_USER_DATA[role_name]
-    user = User(
-        id=id_,
-        username=first_name + last_name,
-        first_name = first_name,
-        last_name = last_name,
-        email = last_name.lower() + '@example.com',
-        role=Role(role_name)
-        )
-    user.set_password(first_name)
-    return user
-
-
-def create_users(db):
-    ''' set up all well known example users '''
-    from ordr2.models import Role
-    for role in Role:
-        user = get_user(role.value)
-        db.add(user)
-
-
 # fixtures

@pytest.fixture(scope='session')
@ -95,3 +69,33 @@ def dbsession(app_config):
				@@ -95,3 +69,33 @@ def dbsession(app_config):

    transaction.abort()
    Base.metadata.drop_all(engine)
+
+
+
+# helpers
+
+def get_user(role_name):
+    ''' get the user model for one well known user '''
+    from ordr2.models import Role, User
+    id_, first_name, last_name = EXAMPLE_USER_DATA[role_name]
+    user = User(
+        id=id_,
+        username=first_name + last_name,
+        first_name = first_name,
+        last_name = last_name,
+        email = last_name.lower() + '@example.com',
+        role=Role(role_name)
+        )
+    user.set_password(first_name)
+    return user
+
+
+def create_users(db):
+    ''' set up all well known example users '''
+    from ordr2.models import Role
+    for role in Role:
+        user = get_user(role.value)
+        db.add(user)
+
+
+
--- a/tests/_functional/account.py
+++ b/tests/_functional/account.py
@ -1,4 +1,4 @@
				@@ -1,4 +1,4 @@
-''' tests for the common layout and simple (static)'''
+''' tests for the login, logout, registration and account settings'''

 import pytest

@ -6,6 +6,25 @@ from . import testapp
				@@ -6,6 +6,25 @@ from . import testapp
 from .. import get_user


+# helper functions
+
+def assert_user_is_logged_in(response, username):
+    ''' checks if login was successful '''
+    assert '<!-- user is logged in -->' in response
+    assert 'id="login-form"' not in response
+    assert 'Logged in as <span>{}</span>'.format(username) in response
+
+
+def assert_user_login_failed(response, username):
+    ''' checks if login was un successful '''
+    assert '<!-- No logged in user -->' in response
+    assert 'id="login-form' in response
+    assert 'Logged in as <span>{}</span>'.format(username) not in response
+    assert 'You entered the wrong username or password' in response
+
+
+# test for account registration
+
 def test_account_register_unauthenticated(testapp):
    ''' test the registration page for a unauthenticated user '''
    testapp.reset()
@ -22,12 +41,22 @@ def test_account_register_unauthenticated(testapp):
				@@ -22,12 +41,22 @@ def test_account_register_unauthenticated(testapp):
    assert li_two.find('a').text == 'Register'


-@pytest.mark.parametrize('role_name', ['user', 'purchaser', 'admin', ])
-def test_account_login_for_active_users(testapp, role_name):
+# tests for login and logout of users
+
+def test_account_login_only_by_post(testapp):
+    ''' test that the login view is not accessibal via get '''
+    testapp.reset()
+
+    response = testapp.get('/account/login', status=404)
+
+    assert response.status.startswith('404')
+
+
+def test_account_login_for_active_users(testapp):
    ''' check if user login works '''
    testapp.reset()

-    user = get_user(role_name)
+    user = get_user('user')
    root = testapp.get('/')
    login_form = root.forms['login-form']
    login_form.set('username', user.username)
@ -40,55 +69,77 @@ def test_account_login_for_active_users(testapp, role_name):
				@@ -40,55 +69,77 @@ def test_account_login_for_active_users(testapp, role_name):

    # the layout should reflect the login
    response = testapp.get('/faq')
-    assert '<!-- user is logged in -->' in response
-    assert 'id="login-form"' not in response
-    assert 'Logged in as <span>{}</span>'.format(user.username) in response
+    assert_user_is_logged_in(response, user.username)


-@pytest.mark.parametrize('role_name', ['unvalidated', 'new', 'inactive'])
-def test_account_login_for_inactive_users(testapp, role_name):
+def test_account_login_for_inactive_users(testapp):
    ''' check if user login works '''
    testapp.reset()

-    user = get_user(role_name)
+    user = get_user('unvalidated')
    root = testapp.get('/')
    login_form = root.forms['login-form']
    login_form.set('username', user.username)
    login_form.set('password', user.first_name)
    response = login_form.submit()

-    assert '<!-- No logged in user -->' in response
-    assert 'id="login-form' in response
-    assert 'Logged in as <span>{}</span>'.format(user.username) not in response
-    assert 'You entered the wrong username or password' in response
+    assert_user_login_failed(response, user.username)


-@pytest.mark.parametrize(
-    'username, password', [
-        ('EricIdle', 'wrong password'),
-        ('unknown user', 'Eric'),
-        ('unknown user', 'unknown password')
-        ]
-    )
-def test_account_login_fails(testapp, username, password):
+def test_account_login_fails(testapp):
    ''' check if user login works '''
    testapp.reset()

    root = testapp.get('/')
    login_form = root.forms['login-form']
-    login_form.set('username', username)
-    login_form.set('password', password)
+    login_form.set('username', 'EricIdle')
+    login_form.set('password', 'wrong password')
    response = login_form.submit()

-    assert '<!-- No logged in user -->' in response
-    assert 'id="login-form' in response
-    assert 'Logged in as <span>{}</span>'.format(username) not in response
-    assert 'You entered the wrong username or password' in response
+    assert_user_login_failed(response, 'EricIdle')
+    assert '/account/forgot-password' in response


-def test_account_login_only_by_post(testapp):
+def test_account_login_works_after_failed_login(testapp):
+    ''' check if user login works after failed attempt '''
+    testapp.reset()
+
+    root = testapp.get('/')
+    login_form = root.forms['login-form']
+    login_form.set('username', 'EricIdle')
+    login_form.set('password', 'wrong password')
+    response = login_form.submit()
+
+    assert_user_login_failed(response, 'EricIdle')
+
+    login_form = response.forms['login-form']
+    login_form.set('username', 'EricIdle')
+    login_form.set('password', 'Eric')
+    login_form.submit()
+    response = testapp.get('/faq')
+
+    assert_user_is_logged_in(response, 'EricIdle')
+
+
+def test_account_login_fails_after_failed_login(testapp):
+    ''' check if user login works after failed attempt '''
    testapp.reset()

+    root = testapp.get('/')
+    login_form = root.forms['login-form']
+    login_form.set('username', 'EricIdle')
+    login_form.set('password', 'wrong password')
+    response = login_form.submit()
+
+    assert_user_login_failed(response, 'EricIdle')
+
+    login_form = response.forms['login-form']
+    login_form.set('username', 'EricIdle')
+    login_form.set('password', 'wrong password')
+    response = login_form.submit()
+
+    assert_user_login_failed(response, 'EricIdle')
+

 def test_account_logout_works(testapp):
    ''' check if a user can log out '''
--- a/tests/views/account.py
+++ b/tests/views/account.py
@ -0,0 +1,85 @@
				@@ -0,0 +1,85 @@
+''' Tests for ordr2.views.account '''
+
+import pytest
+
+from pyramid.httpexceptions import HTTPFound
+from pyramid.testing import DummyRequest, DummyResource
+
+
+from .. import app_config, dbsession, get_user, create_users
+
+
+@pytest.mark.parametrize('rolename', ['user', 'purchaser', 'admin'])
+def test_account_login_active_users(dbsession, rolename):
+    ''' login ok for active users '''
+    from ordr2.views.account import login
+    create_users(dbsession)
+
+    user = get_user(rolename)
+    request = DummyRequest(
+        dbsession=dbsession,
+        post={
+            'username': user.username,
+            'password': user.first_name
+            }
+        )
+    result = login(None, request)
+
+    assert isinstance(result, HTTPFound)
+    assert result.location == '//orders'
+
+
+@pytest.mark.parametrize('rolename', ['unvalidated', 'new', 'inactive'])
+def test_account_login_fails_inactive_users(dbsession, rolename):
+    ''' login fails for inactive users '''
+    from ordr2.views.account import login
+    create_users(dbsession)
+
+    user = get_user(rolename)
+    request = DummyRequest(
+        dbsession=dbsession,
+        post={
+            'username': user.username,
+            'password': user.first_name
+            }
+        )
+    result = login(None, request)
+
+    assert result == {}
+
+
+@pytest.mark.parametrize(
+    'username, password', [
+        ('EricIdle', 'wrong password'),
+        ('unknown user', 'Eric'),
+        ('unknown user', 'wrong password'),
+        ('', '')
+        ]
+    )
+def test_account_login_fails_wrong_credentials(dbsession, username, password):
+    ''' login fails for unknown or wrong credentials '''
+    from ordr2.views.account import login
+    create_users(dbsession)
+
+    request = DummyRequest(
+        dbsession=dbsession,
+        post={
+            'username': username,
+            'password': password
+            }
+        )
+    result = login(None, request)
+
+    assert result == {}
+
+
+def test_logout(app_config):
+    ''' logout works '''
+    from ordr2.views.account import logout
+    user = get_user('admin')
+
+    request = DummyRequest(user=user)
+    result = logout(None, request)
+
+    assert isinstance(result, HTTPFound)
+    assert result.location == 'http://example.com//'