updated test to reflect new pyramid version

Dockerfile

@@ -30,14 +30,6 @@ WORKDIR /app
 RUN pip install --upgrade pip
 RUN pip install gunicorn
 RUN pip install wheel
-
-RUN pip install -r requirements.txt
 RUN flit install --pth-file
 
-# switch back to root to remove header files
-#USER root
-#RUN apk del libc-dev libffi-dev openssl-dev python3-dev
-
-# switch to the created user to run the application
-#USER deploy
 CMD ["gunicorn", "--paster", "/app/production.ini", "-b", "0.0.0.0:8000"]

Makefile

@@ -62,6 +62,9 @@ test: lint ## run tests quickly with the default Python
 testall: lint ## run tests quickly with the default Python
 	pytest tests
 
+testfun: lint ## run tests quickly with the default Python
+	pytest tests -x -m "fun"
+
 coverage: lint ## full test suite, check code coverage and open coverage report
 	pytest tests --cov=ordr3 -m "fun"
 	coverage html

ordr3/resources.py

@@ -2,7 +2,7 @@
 
 import abc
 
-from pyramid.security import DENY_ALL, Allow, Everyone, Authenticated
+from pyramid.authorization import DENY_ALL, Allow, Everyone, Authenticated
 
 
 class BaseResource(abc.ABC):

ordr3/scripts/migrate_db.py

@@ -226,7 +226,7 @@ vendor_map = {
 
 
 def _query_table(cursor, table):
-    cursor.execute(f"SELECT * FROM {table}")
+    cursor.execute("SELECT * FROM :year", {"table": table})
     columns = [d[0] for d in cursor.description]
     return (dict(zip(columns, values)) for values in cursor)
 

ordr3/security.py

@@ -1,43 +1,75 @@
 """ User Authentication and Authorization """
 
 from passlib.context import CryptContext
-from pyramid.security import Everyone, Authenticated
 from sqlalchemy.orm.exc import NoResultFound
-from pyramid.authorization import ACLAuthorizationPolicy
+from pyramid.authorization import Everyone, ACLHelper, Authenticated
-from pyramid.authentication import AuthTktAuthenticationPolicy
+from pyramid.authentication import AuthTktCookieHelper
 
 
-class AuthenticationPolicy(AuthTktAuthenticationPolicy):
+class SecurityPolicy:
-    """ How to authenticate users """
+    def __init__(self, secret):
+        self.helper = AuthTktCookieHelper(secret)
 
-    def authenticated_userid(self, request):
+    def identity(self, request):
-        """returns the id of an authenticated user
+        # define our simple identity as None or a dict with
+        # userid and principals keys
+        identity = self.helper.identify(request)
+        if identity is None:
+            return None
+        userid = identity[
+            "userid"
+        ]  # identical to the deprecated request.unauthenticated_userid
 
-        heavy lifting done in get_user() attached to request
+        # verify the userid, just like we did before with groupfinder
-        """
+        try:
-        user = request.user
+            user = request.repo.get_user(userid)
-        if user is not None:
+            if not user.is_active:
+                return None
+        except NoResultFound:
+            return None
+
+        # assuming the userid is valid, return a map with userid and principals
+        return {
+            "userid": user.id,
+            "principals": user.principals,
+        }
+
+    def authenticated_userid(self, request):
+        # defer to the identity logic to determine if the user id logged in
+        # and return None if they are not
+        identity = request.identity
+        try:
+            user = request.repo.get_user(identity["userid"])
             return user.id
+        except (NoResultFound, TypeError):
+            return None
 
-    def effective_principals(self, request):
+    def permits(self, request, context, permission):
-        """ returns a list of principals for the user """
+        # use the identity to build a list of principals, and pass them
-        principals = [Everyone]
+        # to the ACLHelper to determine allowed/denied
-        user = request.user
+        identity = request.identity
-        if user is not None:
+        principals = {Everyone}
-            principals.append(Authenticated)
+        if identity is not None:
-            principals.extend(user.principals)
+            principals.add(Authenticated)
-        return principals
+            principals.update(identity["principals"])
+        return ACLHelper().permits(context, principals, permission)
+
+    def remember(self, request, userid, **kw):
+        return self.helper.remember(request, userid, **kw)
+
+    def forget(self, request, **kw):
+        return self.helper.forget(request, **kw)
 
 
 def get_user(request):
     """retrieves the user object by the unauthenticated user id"""
-    user_id = request.unauthenticated_userid
+    identity = request.identity
-    if user_id is None:
+    if identity is None:
         return None
     try:
-        user = request.repo.get_user(user_id)
+        user = request.repo.get_user(identity["userid"])
         return user if user.is_active else None
-    except NoResultFound:
+    except (NoResultFound, TypeError):
         return None
 
 
@@ -55,9 +87,6 @@ def includeme(config):
     Activate this setup using ``config.include('ordr2.security')``.
     """
     settings = config.get_settings()
-    authn_policy = AuthenticationPolicy(
+    policy = SecurityPolicy(settings["auth.secret"])
-        settings["auth.secret"], hashalg="sha512"
+    config.set_security_policy(policy)
-    )
-    config.set_authentication_policy(authn_policy)
-    config.set_authorization_policy(ACLAuthorizationPolicy())
     config.add_request_method(get_user, "user", reify=True)

ordr3/services.py

@@ -135,7 +135,7 @@ def check_have_i_been_pwned(password, event_queue):
     """public function for checking haveibeenpwned
 
     this is just a small shim to eas testing"""
-    password_hash = hashlib.sha1(password.encode()).hexdigest()
+    password_hash = hashlib.sha1(password.encode()).hexdigest()  # noqa: S303
     return _check_have_i_been_pwned(password_hash, event_queue)
 
 

pyproject.toml

@@ -55,6 +55,7 @@ test = [
     "pytest-mock",
     "pytest-randomly",
     "tox",
+    "webtest",
 ]
 dev = [
     "black",

tests/functional/conftest.py

@@ -58,9 +58,10 @@ def _example_data(_sqlite_repo):
     from ordr3 import models, security
 
     today = datetime.utcnow()
-
     crypt_context = security.get_passlib_context()
 
+    nested = _sqlite_repo.session.begin_nested()
+
     user = models.User(
         1,
         "TestUser",
@@ -198,6 +199,7 @@ def _example_data(_sqlite_repo):
     _sqlite_repo.session.add(models.Vendor("merck", "Merck"))
     _sqlite_repo.session.add(models.Vendor("merk", "Merck"))
 
+    nested.commit()
     _sqlite_repo.session.flush()
 
 

tests/functional/test_login.py

@@ -1,5 +1,9 @@
+import pytest
+
+
+@pytest.mark.fun
 def test_login_ok(testapp):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
     form = response.form
@@ -9,8 +13,9 @@ def test_login_ok(testapp):
     assert "My Orders" in response
 
 
+@pytest.mark.fun
 def test_login_wrong_username(testapp):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
     form = response.form
@@ -20,8 +25,9 @@ def test_login_wrong_username(testapp):
     assert "Credentials are invalid" in response
 
 
+@pytest.mark.fun
 def test_login_wrong_password(testapp):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
     form = response.form
@@ -31,8 +37,9 @@ def test_login_wrong_password(testapp):
     assert "Credentials are invalid" in response
 
 
+@pytest.mark.fun
 def test_login_fails_inactive_user(testapp):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
     form = response.form
@@ -42,8 +49,9 @@ def test_login_fails_inactive_user(testapp):
     assert "Credentials are invalid" in response
 
 
+@pytest.mark.fun
 def test_logout(testapp):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
     form = response.form
@@ -52,10 +60,11 @@ def test_logout(testapp):
     response = form.submit("submit").follow()
     assert "My Orders" in response
 
-    response = testapp.get("/logout", status=302).follow(status=200)
+    response = testapp.get("/logout", status=302).follow()
     assert "Please Log In" in response
 
 
+@pytest.mark.fun
 def test_breached_faq(testapp):
     response = testapp.get("/breached")
     assert "haveibeenpwned" in response

tests/functional/test_my_account.py

@@ -1,8 +1,12 @@
+import pytest
+
+
+@pytest.mark.fun
 def test_my_account_edit(testapp, login_as):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
-    response = login_as("TestUser", "jon").follow(status=200)
+    response = login_as("TestUser", "jon").follow()
     assert "My Orders" in response
 
     response = testapp.get("/myaccount")
@@ -23,11 +27,12 @@ def test_my_account_edit(testapp, login_as):
     assert "terry@example.com" in response
 
 
+@pytest.mark.fun
 def test_my_account_edit_cancel(testapp, login_as):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
-    response = login_as("TestUser", "jon").follow(status=200)
+    response = login_as("TestUser", "jon").follow()
     assert "My Orders" in response
 
     response = testapp.get("/myaccount")
@@ -48,11 +53,12 @@ def test_my_account_edit_cancel(testapp, login_as):
     assert "terry@example.com" not in response
 
 
+@pytest.mark.fun
 def test_my_account_edit_form_error(testapp, login_as):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
-    response = login_as("TestUser", "jon").follow(status=200)
+    response = login_as("TestUser", "jon").follow()
     assert "My Orders" in response
 
     response = testapp.get("/myaccount")
@@ -64,11 +70,12 @@ def test_my_account_edit_form_error(testapp, login_as):
     assert "There was a problem with your submission" in response
 
 
+@pytest.mark.fun
 def test_my_account_reset_password(testapp, login_as, parse_latest_mail):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
-    response = login_as("TestUser", "jon").follow(status=200)
+    response = login_as("TestUser", "jon").follow()
     assert "My Orders" in response
 
     response = testapp.get("/myaccount")

tests/functional/test_order.py

@@ -1,8 +1,12 @@
+import pytest
+
+
+@pytest.mark.fun
 def test_view_order(testapp, login_as):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
-    response = login_as("TestAdmin", "jane").follow(status=200)
+    response = login_as("TestAdmin", "jane").follow()
     assert "My Orders" in response
 
     response = testapp.get("/orders/3/view/")
@@ -25,11 +29,12 @@ def test_view_order(testapp, login_as):
     assert "TestUser" in response
 
 
+@pytest.mark.fun
 def test_add_order_ok(testapp, login_as, contains):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
-    response = login_as("TestAdmin", "jane").follow(status=200)
+    response = login_as("TestAdmin", "jane").follow()
     assert "My Orders" in response
     assert contains(
         response,
@@ -79,11 +84,12 @@ def test_add_order_ok(testapp, login_as, contains):
     assert "28.35" in response
 
 
+@pytest.mark.fun
 def test_add_order_validation_error(testapp, login_as, contains):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
-    response = login_as("TestAdmin", "jane").follow(status=200)
+    response = login_as("TestAdmin", "jane").follow()
     assert "My Orders" in response
     assert contains(
         response,
@@ -110,11 +116,12 @@ def test_add_order_validation_error(testapp, login_as, contains):
     )
 
 
+@pytest.mark.fun
 def test_add_order_cancel(testapp, login_as, contains):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
-    response = login_as("TestAdmin", "jane").follow(status=200)
+    response = login_as("TestAdmin", "jane").follow()
     assert "My Orders" in response
     assert contains(
         response,
@@ -153,11 +160,12 @@ def test_add_order_cancel(testapp, login_as, contains):
     )
 
 
+@pytest.mark.fun
 def test_edit_order_ok(testapp, login_as, contains, parse_latest_mail):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
-    response = login_as("TestAdmin", "jane").follow(status=200)
+    response = login_as("TestAdmin", "jane").follow()
     assert "My Orders" in response
     assert contains(
         response,
@@ -214,11 +222,12 @@ def test_edit_order_ok(testapp, login_as, contains, parse_latest_mail):
     assert "- new status: Hold" in parsed.body
 
 
+@pytest.mark.fun
 def test_edit_order_form_error(testapp, login_as, contains):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
-    response = login_as("TestAdmin", "jane").follow(status=200)
+    response = login_as("TestAdmin", "jane").follow()
     assert "My Orders" in response
 
     response = testapp.get("/orders/3/edit/")
@@ -251,11 +260,12 @@ def test_edit_order_form_error(testapp, login_as, contains):
     )
 
 
+@pytest.mark.fun
 def test_edit_order_cancel(testapp, login_as, contains):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
-    response = login_as("TestAdmin", "jane").follow(status=200)
+    response = login_as("TestAdmin", "jane").follow()
     assert "My Orders" in response
 
     response = testapp.get("/orders/3/edit/")
@@ -286,11 +296,12 @@ def test_edit_order_cancel(testapp, login_as, contains):
     )
 
 
+@pytest.mark.fun
 def test_edit_order_purchaser_vs_user(testapp, login_as, contains):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
-    response = login_as("TestAdmin", "jane").follow(status=200)
+    response = login_as("TestAdmin", "jane").follow()
     assert "My Orders" in response
 
     response = testapp.get("/orders/4/edit/")
@@ -298,7 +309,7 @@ def test_edit_order_purchaser_vs_user(testapp, login_as, contains):
     status = soup.find("select", {"id": "deformField3"})
     assert not status.has_attr("readonly")
 
-    response = login_as("TestUser", "jon").follow(status=200)
+    response = login_as("TestUser", "jon").follow()
     assert "My Orders" in response
 
     response = testapp.get("/orders/4/edit/")
@@ -307,11 +318,12 @@ def test_edit_order_purchaser_vs_user(testapp, login_as, contains):
     assert status.has_attr("readonly")
 
 
+@pytest.mark.fun
 def test_delete_order_ok(testapp, login_as, contains):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
-    response = login_as("TestAdmin", "jane").follow(status=200)
+    response = login_as("TestAdmin", "jane").follow()
     assert "My Orders" in response
     assert contains(response, Eppis=True, Ethanol=True, NaCl=True)
     # don't check for "Spritzen", the term will apear in the flash message
@@ -332,11 +344,12 @@ def test_delete_order_ok(testapp, login_as, contains):
     assert "/orders/4/edit" not in response
 
 
+@pytest.mark.fun
 def test_delete_order_cancel(testapp, login_as, contains):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
-    response = login_as("TestAdmin", "jane").follow(status=200)
+    response = login_as("TestAdmin", "jane").follow()
     assert "My Orders" in response
     assert contains(response, Eppis=True, Ethanol=True, NaCl=True)
     # don't check for "Spritzen", the term will apear in the flash message
@@ -357,11 +370,12 @@ def test_delete_order_cancel(testapp, login_as, contains):
     assert "/orders/4/edit" in response
 
 
+@pytest.mark.fun
 def test_delete_order_no_confirm(testapp, login_as, contains):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
-    response = login_as("TestAdmin", "jane").follow(status=200)
+    response = login_as("TestAdmin", "jane").follow()
     assert "My Orders" in response
     assert contains(response, Eppis=True, Ethanol=True, NaCl=True)
     # don't check for "Spritzen", the term will apear in the flash message
@@ -382,11 +396,12 @@ def test_delete_order_no_confirm(testapp, login_as, contains):
     assert "/orders/4/edit" in response
 
 
+@pytest.mark.fun
 def test_reorder_ok(testapp, login_as, contains):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
-    response = login_as("TestAdmin", "jane").follow(status=200)
+    response = login_as("TestAdmin", "jane").follow()
     assert "My Orders" in response
     assert "1138,50" not in response
     assert "/orders/5/edit" not in response
@@ -412,11 +427,12 @@ def test_reorder_ok(testapp, login_as, contains):
     )
 
 
+@pytest.mark.fun
 def test_reorder_cancel(testapp, login_as, contains):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
-    response = login_as("TestAdmin", "jane").follow(status=200)
+    response = login_as("TestAdmin", "jane").follow()
     assert "My Orders" in response
     assert "1138,50" not in response
     assert "/orders/5/edit" not in response
@@ -437,11 +453,12 @@ def test_reorder_cancel(testapp, login_as, contains):
     )
 
 
+@pytest.mark.fun
 def test_reorder_form_error(testapp, login_as, contains):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
-    response = login_as("TestAdmin", "jane").follow(status=200)
+    response = login_as("TestAdmin", "jane").follow()
     assert "My Orders" in response
     assert "1138,50" not in response
     assert "/orders/5/edit" not in response

tests/functional/test_order_list.py

@@ -1,8 +1,12 @@
+import pytest
+
+
+@pytest.mark.fun
 def test_order_list(testapp, login_as, contains):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
-    response = login_as("TestAdmin", "jane").follow(status=200)
+    response = login_as("TestAdmin", "jane").follow()
     assert "My Orders" in response
     assert contains(
         response, Eppis=True, Ethanol=True, NaCl=True, Spritzen=True
@@ -53,11 +57,12 @@ def test_order_list(testapp, login_as, contains):
     )
 
 
+@pytest.mark.fun
 def test_multi_edit_ok(testapp, login_as, parse_latest_mail, contains):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
-    response = login_as("TestAdmin", "jane").follow(status=200)
+    response = login_as("TestAdmin", "jane").follow()
     assert "My Orders" in response
 
     form = response.forms[1]
@@ -87,28 +92,30 @@ def test_multi_edit_ok(testapp, login_as, parse_latest_mail, contains):
     assert "- new status: Hold" in parsed.body
 
 
+@pytest.mark.fun
 def test_multi_edit_no_orders_selected(testapp, login_as, contains):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
-    response = login_as("TestAdmin", "jane").follow(status=200)
+    response = login_as("TestAdmin", "jane").follow()
     assert "My Orders" in response
 
     form = response.forms[1]
     form.action = "/orders/batch-edit/"
 
-    response = form.submit().follow(status=200)
+    response = form.submit().follow()
     assert "My Orders" in response
     assert contains(
         response, Eppis=True, Ethanol=True, NaCl=True, Spritzen=True
     )
 
 
+@pytest.mark.fun
 def test_multi_edit_cancel(testapp, login_as, contains):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
-    response = login_as("TestAdmin", "jane").follow(status=200)
+    response = login_as("TestAdmin", "jane").follow()
     assert "My Orders" in response
 
     form = response.forms[1]
@@ -144,11 +151,12 @@ def test_multi_edit_cancel(testapp, login_as, contains):
     )
 
 
+@pytest.mark.fun
 def test_multi_delete_ok(testapp, login_as, contains):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
-    response = login_as("TestAdmin", "jane").follow(status=200)
+    response = login_as("TestAdmin", "jane").follow()
     assert "My Orders" in response
 
     form = response.forms[1]
@@ -173,11 +181,12 @@ def test_multi_delete_ok(testapp, login_as, contains):
     )
 
 
+@pytest.mark.fun
 def test_multi_delete_no_orders(testapp, login_as, contains):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
-    response = login_as("TestAdmin", "jane").follow(status=200)
+    response = login_as("TestAdmin", "jane").follow()
     assert "My Orders" in response
 
     form = response.forms[1]
@@ -186,18 +195,19 @@ def test_multi_delete_no_orders(testapp, login_as, contains):
     select_checkboxes[0].checked = True
     select_checkboxes[1].checked = True
 
-    response = form.submit().follow(status=200)
+    response = form.submit().follow()
     assert "My Orders" in response
     assert contains(
         response, Eppis=True, Ethanol=True, NaCl=True, Spritzen=True
     )
 
 
+@pytest.mark.fun
 def test_multi_delete_no_confirm(testapp, login_as, contains):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
-    response = login_as("TestAdmin", "jane").follow(status=200)
+    response = login_as("TestAdmin", "jane").follow()
     assert "My Orders" in response
 
     form = response.forms[1]
@@ -222,11 +232,12 @@ def test_multi_delete_no_confirm(testapp, login_as, contains):
     )
 
 
+@pytest.mark.fun
 def test_multi_delete_cancel(testapp, login_as, contains):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
-    response = login_as("TestAdmin", "jane").follow(status=200)
+    response = login_as("TestAdmin", "jane").follow()
     assert "My Orders" in response
 
     form = response.forms[1]

tests/functional/test_password_reset.py

@@ -1,5 +1,9 @@
+import pytest
+
+
+@pytest.mark.fun
 def test_password_reset(testapp, parse_latest_mail):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
     form = response.form
@@ -27,14 +31,14 @@ def test_password_reset(testapp, parse_latest_mail):
     response = form.submit("Reset_Password").follow()
     assert "You changed your Password." in response
 
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     form = response.form
     form["username"] = "TestAdmin"
     form["password"] = "jane"
     response = form.submit("Log In")
     assert "Credentials are invalid" in response
 
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     form = response.form
     form["username"] = "TestAdmin"
     form["password"] = "jixx"
@@ -42,8 +46,9 @@ def test_password_reset(testapp, parse_latest_mail):
     assert "My Orders" in response
 
 
+@pytest.mark.fun
 def test_password_cancel_forgot_password(testapp):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
     response = testapp.get("/forgot", status=200)
@@ -55,10 +60,11 @@ def test_password_cancel_forgot_password(testapp):
     assert "Please Log In" in response
 
 
+@pytest.mark.fun
 def test_password_reset_user_or_email_not_found(testapp):
     from pyramid_mailer import get_mailer
 
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
     response = testapp.get("/forgot", status=200)
@@ -74,8 +80,9 @@ def test_password_reset_user_or_email_not_found(testapp):
     assert len(mailer.outbox) == 0
 
 
+@pytest.mark.fun
 def test_password_reset_cancel_after_token(testapp, parse_latest_mail):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
     response = testapp.get("/forgot", status=200)
@@ -94,10 +101,10 @@ def test_password_reset_cancel_after_token(testapp, parse_latest_mail):
 
     form = response.form
     form["new_password"] = "jixx"
-    response = form.submit("Cancel").follow(status=302).follow(status=200)
+    response = form.submit("Cancel").follow(status=302).follow()
     assert "Please Log In" in response
 
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     form = response.form
     form["username"] = "TestAdmin"
     form["password"] = "jane"
@@ -105,8 +112,9 @@ def test_password_reset_cancel_after_token(testapp, parse_latest_mail):
     assert "My Orders" in response
 
 
+@pytest.mark.fun
 def test_password_reset_empty_password(testapp, parse_latest_mail):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
     response = testapp.get("/forgot", status=200)
@@ -129,18 +137,18 @@ def test_password_reset_empty_password(testapp, parse_latest_mail):
     assert "There was a problem with your submission" in response
 
 
+@pytest.mark.fun
 def test_password_reset_invalid_token(testapp):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
-    response = (
+    response = testapp.get("/reset?t=invalid").follow(status=302).follow()
-        testapp.get("/reset?t=invalid").follow(status=302).follow(status=200)
-    )
     assert "Please Log In" in response
 
 
+@pytest.mark.fun
 def test_password_reset_form_invalid_token(testapp, parse_latest_mail):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
     response = testapp.get("/forgot", status=200)
@@ -160,9 +168,7 @@ def test_password_reset_form_invalid_token(testapp, parse_latest_mail):
     form = response.form
     form.action = "/reset?t=invalid"
     form["new_password"] = "jixx"
-    response = (
+    response = form.submit("Reset_Password").follow(status=302).follow()
-        form.submit("Reset_Password").follow(status=302).follow(status=200)
-    )
     assert "Please Log In" in response
 
     form = response.form

tests/functional/test_registration.py

@@ -1,5 +1,9 @@
+import pytest
+
+
+@pytest.mark.fun
 def test_registration_procedure(testapp, login_as, parse_latest_mail):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
     response = testapp.get("/registration", status=200)
@@ -39,14 +43,15 @@ def test_registration_procedure(testapp, login_as, parse_latest_mail):
     parsed = parse_latest_mail()
     assert "Your account was activated" in parsed.body
 
-    response = login_as("TestNew", "eric").follow(status=200)
+    response = login_as("TestNew", "eric").follow()
     assert "My Orders" in response
 
 
+@pytest.mark.fun
 def test_registration_procedure_form_error(
     testapp, login_as, parse_latest_mail
 ):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
     response = testapp.get("/registration", status=200)
@@ -57,10 +62,11 @@ def test_registration_procedure_form_error(
     assert "There was a problem with your submission" in response
 
 
+@pytest.mark.fun
 def test_registration_procedure_not_unique_username(
     testapp, login_as, parse_latest_mail
 ):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
     response = testapp.get("/registration", status=200)
@@ -77,10 +83,11 @@ def test_registration_procedure_not_unique_username(
     assert "There was a problem with your submission" in response
 
 
+@pytest.mark.fun
 def test_registration_procedure_not_unique_email(
     testapp, login_as, parse_latest_mail
 ):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
     response = testapp.get("/registration", status=200)
@@ -97,10 +104,11 @@ def test_registration_procedure_not_unique_email(
     assert "There was a problem with your submission" in response
 
 
+@pytest.mark.fun
 def test_registration_procedure_bad_csrf_token(
     testapp, login_as, parse_latest_mail
 ):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
     response = testapp.get("/registration", status=200)
@@ -117,8 +125,9 @@ def test_registration_procedure_bad_csrf_token(
     form.submit("Create_Account", status=400)
 
 
+@pytest.mark.fun
 def test_registration_procedure_canceled(testapp, login_as, parse_latest_mail):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
     response = testapp.get("/registration", status=200)
@@ -130,5 +139,5 @@ def test_registration_procedure_canceled(testapp, login_as, parse_latest_mail):
     form["last_name"] = "Idle"
     form["email"] = "eric@example.com"
     form["password"] = "eric"
-    response = form.submit("Cancel").follow(status=302).follow(status=200)
+    response = form.submit("Cancel").follow(status=302).follow()
     assert "Please Log In" in response

tests/functional/test_user_edit.py

@@ -1,8 +1,12 @@
+import pytest
+
+
+@pytest.mark.fun
 def test_user_edit(testapp, login_as):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
-    response = login_as("TestAdmin", "jane").follow(status=200)
+    response = login_as("TestAdmin", "jane").follow()
     assert "My Orders" in response
 
     response = testapp.get("/users/TestUser/edit")
@@ -21,11 +25,12 @@ def test_user_edit(testapp, login_as):
     assert "terry@example.com" in response
 
 
+@pytest.mark.fun
 def test_user_edit_cancel(testapp, login_as):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
-    response = login_as("TestAdmin", "jane").follow(status=200)
+    response = login_as("TestAdmin", "jane").follow()
     assert "My Orders" in response
 
     response = testapp.get("/users/TestUser/edit")
@@ -44,11 +49,12 @@ def test_user_edit_cancel(testapp, login_as):
     assert "terry@example.com" not in response
 
 
+@pytest.mark.fun
 def test_user_edit_form_error(testapp, login_as):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
-    response = login_as("TestAdmin", "jane").follow(status=200)
+    response = login_as("TestAdmin", "jane").follow()
     assert "My Orders" in response
 
     response = testapp.get("/users/TestUser/edit")
@@ -58,22 +64,24 @@ def test_user_edit_form_error(testapp, login_as):
     assert "There was a problem with your submission" in response
 
 
+@pytest.mark.fun
 def test_user_edit_invalid_user(testapp, login_as):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
-    response = login_as("TestAdmin", "jane").follow(status=200)
+    response = login_as("TestAdmin", "jane").follow()
     assert "My Orders" in response
 
     response = testapp.get("/users/Unknown/edit").follow()
     assert "My Orders" in response
 
 
+@pytest.mark.fun
 def test_user_edit_reset_password(testapp, login_as, parse_latest_mail):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
-    response = login_as("TestAdmin", "jane").follow(status=200)
+    response = login_as("TestAdmin", "jane").follow()
     assert "My Orders" in response
 
     response = testapp.get("/users/TestUser/edit")
@@ -91,11 +99,12 @@ def test_user_edit_reset_password(testapp, login_as, parse_latest_mail):
     assert parsed.link.startswith("http://localhost/reset?t=")
 
 
+@pytest.mark.fun
 def test_user_delete(testapp, login_as, parse_latest_mail):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
-    response = login_as("TestAdmin", "jane").follow(status=200)
+    response = login_as("TestAdmin", "jane").follow()
     assert "My Orders" in response
 
     response = testapp.get("/users/TestInactive/edit")
@@ -113,11 +122,12 @@ def test_user_delete(testapp, login_as, parse_latest_mail):
     assert "TestInactive" not in response
 
 
+@pytest.mark.fun
 def test_user_delete_cancel(testapp, login_as, parse_latest_mail):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
-    response = login_as("TestAdmin", "jane").follow(status=200)
+    response = login_as("TestAdmin", "jane").follow()
     assert "My Orders" in response
 
     response = testapp.get("/users/TestInactive/edit")
@@ -135,11 +145,12 @@ def test_user_delete_cancel(testapp, login_as, parse_latest_mail):
     assert "TestInactive" in response
 
 
+@pytest.mark.fun
 def test_user_delete_no_confirm(testapp, login_as, parse_latest_mail):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
-    response = login_as("TestAdmin", "jane").follow(status=200)
+    response = login_as("TestAdmin", "jane").follow()
     assert "My Orders" in response
 
     response = testapp.get("/users/TestInactive/edit")

tests/functional/test_vendors.py

@@ -1,6 +1,7 @@
 import pytest
 
 
+@pytest.mark.fun
 @pytest.mark.parametrize(
     "vendor,returned,found",
     [
@@ -16,21 +17,22 @@ import pytest
     ],
 )
 def test_check_vendor_name(testapp, login_as, vendor, returned, found):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
-    response = login_as("TestAdmin", "jane").follow(status=200)
+    response = login_as("TestAdmin", "jane").follow()
     assert "My Orders" in response
 
     response = testapp.post("/orders/vendor", {"vendor": vendor}, xhr=True)
     assert response.json == {"name": returned, "found": found}
 
 
+@pytest.mark.fun
 def test_vendor_list(testapp, login_as):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
-    response = login_as("TestAdmin", "jane").follow(status=200)
+    response = login_as("TestAdmin", "jane").follow()
     assert "My Orders" in response
 
     response = testapp.get("/vendors")
@@ -40,11 +42,12 @@ def test_vendor_list(testapp, login_as):
     assert "Merck" in response
 
 
+@pytest.mark.fun
 def test_vendor_edit_ok(testapp, login_as):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
-    response = login_as("TestAdmin", "jane").follow(status=200)
+    response = login_as("TestAdmin", "jane").follow()
     assert "My Orders" in response
 
     response = testapp.get("/vendors")
@@ -79,11 +82,12 @@ def test_vendor_edit_ok(testapp, login_as):
     assert response.json == {"name": "vr", "found": False}
 
 
+@pytest.mark.fun
 def test_vendor_edit_cancel(testapp, login_as):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
-    response = login_as("TestAdmin", "jane").follow(status=200)
+    response = login_as("TestAdmin", "jane").follow()
     assert "My Orders" in response
 
     response = testapp.get("/vendors")
@@ -112,11 +116,12 @@ def test_vendor_edit_cancel(testapp, login_as):
     assert set(terms) == {"merck", "merk"}
 
 
+@pytest.mark.fun
 def test_vendor_edit_form_error(testapp, login_as):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
-    response = login_as("TestAdmin", "jane").follow(status=200)
+    response = login_as("TestAdmin", "jane").follow()
     assert "My Orders" in response
 
     response = testapp.get("/vendors")
@@ -142,11 +147,12 @@ def test_vendor_edit_form_error(testapp, login_as):
     assert "Merck" in response
 
 
+@pytest.mark.fun
 def test_vendor_edit_unknonw_vendor(testapp, login_as):
-    response = testapp.get("/", status=302).follow(status=200)
+    response = testapp.get("/", status=302).follow()
     assert "Please Log In" in response
 
-    response = login_as("TestAdmin", "jane").follow(status=200)
+    response = login_as("TestAdmin", "jane").follow()
     assert "My Orders" in response
 
     response = testapp.get("/vendors")