Context navigation

source: main/waeup.kofa/trunk/src/waeup/kofa/mandates/tests.py @ 15505

Last change on this file since 15505 was 15287, checked in by Henrik Bettermann, 6 years ago
Stored insecure passwords are no longer accepted. Officers with an insecure password can't login and are redirected to the `ChangePasswordRequestPage` to request a new password.
Property svn:keywords set to `Id`
File size: 10.7 KB

Rev	Line
[8846]	1	## $Id: tests.py 15287 2019-01-09 21:17:08Z henrik $
	2	##
	3	## Copyright (C) 2012 Uli Fouquet & Henrik Bettermann
	4	## This program is free software; you can redistribute it and/or modify
	5	## it under the terms of the GNU General Public License as published by
	6	## the Free Software Foundation; either version 2 of the License, or
	7	## (at your option) any later version.
	8	##
	9	## This program is distributed in the hope that it will be useful,
	10	## but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	## GNU General Public License for more details.
	13	##
	14	## You should have received a copy of the GNU General Public License
	15	## along with this program; if not, write to the Free Software
	16	## Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
	17	##
	18	"""
	19	Tests for mandates.
	20	"""
	21	import tempfile
	22	import shutil
[8860]	23	import os
[8848]	24	from zope.testbrowser.testing import Browser
[8846]	25	from datetime import datetime, timedelta
	26	from zope.interface.verify import verifyClass, verifyObject
	27	from zope.component import createObject
	28	from zope.component.hooks import setSite, clearSite
	29	from waeup.kofa.app import University
	30	from waeup.kofa.interfaces import IUserAccount
	31	from waeup.kofa.mandates.interfaces import (
	32	IMandatesContainer, IMandate)
	33	from waeup.kofa.mandates.container import MandatesContainer
[13988]	34	from waeup.kofa.mandates.mandate import PasswordMandate, RefereeReportMandate
[8846]	35	from waeup.kofa.testing import (FunctionalLayer, FunctionalTestCase)
[15287]	36	from waeup.kofa.tests.test_authentication import SECRET
[8846]	37
	38	class MandatesContainerTestCase(FunctionalTestCase):
	39
	40	layer = FunctionalLayer
	41
	42	def test_interfaces(self):
	43	# Make sure the correct interfaces are implemented.
	44	self.assertTrue(
	45	verifyClass(
	46	IMandatesContainer, MandatesContainer)
	47	)
	48	self.assertTrue(
	49	verifyObject(
	50	IMandatesContainer, MandatesContainer())
	51	)
	52	self.assertTrue(
	53	verifyClass(
[8857]	54	IMandate, PasswordMandate)
[8846]	55	)
	56	self.assertTrue(
	57	verifyObject(
[8857]	58	IMandate, PasswordMandate())
[8846]	59	)
	60	return
	61
	62	def setUp(self):
	63	super(MandatesContainerTestCase, self).setUp()
	64
	65	# Setup a sample site for each test
	66	app = University()
	67	self.dc_root = tempfile.mkdtemp()
	68	app['datacenter'].setStoragePath(self.dc_root)
	69
	70	# Prepopulate the ZODB...
	71	self.getRootFolder()['app'] = app
	72	# we add the site immediately after creation to the
	73	# ZODB. Catalogs and other local utilities are not setup
	74	# before that step.
	75	self.app = self.getRootFolder()['app']
	76	# Set site here. Some of the following setup code might need
	77	# to access grok.getSite() and should get our new app then
	78	setSite(app)
	79
[8848]	80	self.browser = Browser()
	81	self.browser.handleErrors = False
	82
[8846]	83	def tearDown(self):
	84	super(MandatesContainerTestCase, self).tearDown()
	85	clearSite()
	86	shutil.rmtree(self.dc_root)
	87
[8857]	88	def test_set_student_password(self):
[8846]	89	student = createObject('waeup.Student')
	90	# Add and execute a mandate with missing parameters.
[8857]	91	mandate = PasswordMandate()
[13987]	92	IUserAccount(student).setPassword('old_pw')
[8846]	93	self.app['mandates'].addMandate(mandate)
[13986]	94	(msg, redirect_path) = mandate.execute()
	95	self.assertEqual(redirect_path, '')
[8846]	96	self.assertEqual(msg, u'Wrong mandate parameters.')
	97	# Add and execute an expired mandate.
[8857]	98	mandate = PasswordMandate(days=0)
[13987]	99	mandate.params['user'] = student
	100	mandate.params['password'] = 'mypwd1'
[8846]	101	self.app['mandates'].addMandate(mandate)
[13986]	102	(msg, redirect_path) = mandate.execute()
[8846]	103	self.assertEqual(msg, u'Mandate expired.')
[13986]	104	self.assertEqual(redirect_path, '')
[13987]	105	# Password has not been set
	106	self.assertTrue(IUserAccount(student).checkPassword('old_pw'))
[8848]	107	# Add and execute a perfect mandate
[8857]	108	mandate = PasswordMandate()
[8858]	109	mandate.params['user'] = student
[8846]	110	mandate.params['password'] = 'mypwd1'
	111	self.app['mandates'].addMandate(mandate)
[13986]	112	(msg, redirect_path) = mandate.execute()
[8846]	113	# Password has been set.
[13986]	114	self.assertEqual(msg,
	115	'Password has been successfully set. Login with your new password.')
[13990]	116	self.assertEqual(redirect_path, '/login')
[8846]	117	self.assertTrue(IUserAccount(student).checkPassword('mypwd1'))
	118	# All mandates have been removed.
	119	self.assertEqual(len(self.app['mandates'].keys()), 0)
[8860]	120	logfile = os.path.join(
	121	self.app['datacenter'].storage, 'logs', 'main.log')
	122	logcontent = open(logfile).read()
	123	self.assertTrue('system - PasswordMandate used: K1000000' in logcontent)
[8846]	124
[8857]	125	def test_set_officer_password(self):
[15287]	126	self.app['users'].addUser('bob', SECRET)
[8857]	127	officer = self.app['users']['bob']
	128	mandate = PasswordMandate()
[8858]	129	mandate.params['user'] = officer
[15287]	130	mandate.params['password'] = SECRET
[8857]	131	self.app['mandates'].addMandate(mandate)
[13986]	132	(msg, redirect_path) = mandate.execute()
[8857]	133	# Password has been set.
[13986]	134	self.assertEqual(msg,
	135	'Password has been successfully set. Login with your new password.')
[13990]	136	self.assertEqual(redirect_path, '/login')
[15287]	137	self.assertTrue(IUserAccount(officer).checkPassword(SECRET))
[8860]	138	logfile = os.path.join(
	139	self.app['datacenter'].storage, 'logs', 'main.log')
	140	logcontent = open(logfile).read()
	141	self.assertTrue('system - PasswordMandate used: bob' in logcontent)
[8857]	142
[8859]	143	def test_set_applicant_password(self):
	144	applicant = createObject('waeup.Applicant')
[8860]	145	applicant.applicant_id = u'abc'
[8859]	146	mandate = PasswordMandate()
	147	mandate.params['user'] = applicant
	148	mandate.params['password'] = 'mypwd1'
	149	self.app['mandates'].addMandate(mandate)
[13986]	150	(msg, redirect_path) = mandate.execute()
[8859]	151	# Password has been set.
[13986]	152	self.assertEqual(msg,
	153	'Password has been successfully set. Login with your new password.')
[13990]	154	self.assertEqual(redirect_path, '/login')
[8859]	155	self.assertTrue(IUserAccount(applicant).checkPassword('mypwd1'))
[8860]	156	logfile = os.path.join(
	157	self.app['datacenter'].storage, 'logs', 'main.log')
	158	logcontent = open(logfile).read()
	159	self.assertTrue('system - PasswordMandate used: abc' in logcontent)
[8859]	160
[8846]	161	def test_remove_expired(self):
	162	# mandate1 is an old mandate which just expired.
[8857]	163	mandate1 = PasswordMandate(days=0)
[8846]	164	self.app['mandates'].addMandate(mandate1)
	165	# mandate2 is a new mandate with default time delta.
[8857]	166	mandate2 = PasswordMandate(mandate_id='23456')
[8846]	167	self.app['mandates'].addMandate(mandate2)
	168	self.assertEqual(len(self.app['mandates'].keys()), 2)
[13959]	169	self.assertEqual(self.app['mandates'].count, (1, 1, 2))
[8910]	170	num_deleted = self.app['mandates'].removeExpired()
	171	self.assertEqual(num_deleted, 1)
[8846]	172	# Only the new mandate remains in the container.
	173	self.assertEqual(len(self.app['mandates'].keys()), 1)
	174	self.assertEqual([i for i in self.app['mandates'].keys()], [u'23456'])
[13962]	175	logfile = os.path.join(
	176	self.app['datacenter'].storage, 'logs', 'main.log')
	177	logcontent = open(logfile).read()
	178	self.assertTrue('system - 1 mandates purged' in logcontent)
[8848]	179
[13959]	180	def test_purge_mandates(self):
	181	# mandate1 is an old mandate which just expired.
	182	mandate1 = PasswordMandate(days=0)
	183	self.app['mandates'].addMandate(mandate1)
	184	# mandate2 is a new mandate with default time delta.
	185	mandate2 = PasswordMandate(mandate_id='23456')
	186	self.app['mandates'].addMandate(mandate2)
	187	self.browser.addHeader('Authorization', 'Basic mgr:mgrpw')
	188	self.browser.open('http://localhost/app/configuration')
	189	self.assertEqual(self.app['mandates'].count, (1, 1, 2))
	190	self.assertTrue('<span>expired</span>' in self.browser.contents)
	191	self.browser.getControl("Purge mandates").click()
	192	self.assertTrue('1 mandate(s) were purged' in self.browser.contents)
	193	self.assertEqual(self.app['mandates'].count, (1, 0, 1))
	194
[13988]	195	def test_browser_set_password(self):
[8848]	196	student = createObject('waeup.Student')
	197	self.app['students'].addStudent(student)
[8857]	198	mandate = PasswordMandate()
[8858]	199	mandate.params['user'] = student
[8848]	200	mandate.params['password'] = 'mypwd1'
	201	self.app['mandates'].addMandate(mandate)
	202	self.browser.open('http://localhost/app/mandate?mandate_id=%s'
	203	% mandate.mandate_id)
	204	# Password has been set.
[11681]	205	self.assertTrue('Password has been successfully set. Login with your new password.'
[8848]	206	in self.browser.contents)
	207	self.assertTrue(IUserAccount(student).checkPassword('mypwd1'))
	208	# All mandates have been removed.
[8853]	209	self.assertEqual(len(self.app['mandates'].keys()), 0)
[11680]	210	# We redirect to login page not to the frontpage.
	211	self.assertEqual(self.browser.url, 'http://localhost/app/login')
[13986]	212	# Mandate has been deleted
	213	self.browser.open('http://localhost/app/mandate?mandate_id=%s'
	214	% mandate.mandate_id)
	215	self.assertTrue('No mandate' in self.browser.contents)
[13990]	216	self.assertEqual(self.browser.url, 'http://localhost/app')
[13986]	217	# Mandate id is needed
	218	self.browser.open('http://localhost/app/mandate')
	219	self.assertTrue('Misuse' in self.browser.contents)
[13990]	220	self.assertEqual(self.browser.url, 'http://localhost/app')
[13988]	221
	222	def test_refereereport_mandate(self):
	223	mandate = RefereeReportMandate()
	224	mandate.params['name'] = u'John Referee'
	225	mandate.params['email'] = 'aa@aa.aa'
	226	mandate.params['redirect_path'] = 'applicants/87689'
	227	self.app['mandates'].addMandate(mandate)
	228	(msg, redirect_path) = mandate.execute()
	229	self.assertEqual(msg, None)
	230	self.assertEqual(redirect_path, 'applicants/87689')
	231	# Mandate has not been deleted
	232	self.assertEqual(len(self.app['mandates'].keys()), 1)
	233	mandate.params['redirect_path'] = None
	234	(msg, redirect_path) = mandate.execute()
	235	self.assertEqual(msg, 'Wrong mandate parameters.')
	236	self.assertEqual(redirect_path, '')
	237	# Add and execute an expired mandate
	238	mandate2 = RefereeReportMandate(days=0)
	239	mandate2.params['name'] = u'John Referee'
	240	mandate2.params['email'] = 'aa@aa.aa'
	241	mandate2.params['redirect_path'] = 'applicants/87689'
	242	self.app['mandates'].addMandate(mandate2)
	243	(msg, redirect_path) = mandate2.execute()
	244	self.assertEqual(msg, 'Mandate expired.')
	245	self.assertEqual(redirect_path, '')
	246	# Both mandates still exist
	247	self.assertEqual(len(self.app['mandates'].keys()), 2)

Note: See TracBrowser for help on using the repository browser.

Download in other formats: