From 0a4cecdc6603b02534c591d065ec772a0f723c8b Mon Sep 17 00:00:00 2001 From: Chris Moylan Date: Sun, 19 Jun 2011 00:22:47 -0500 Subject: [PATCH 1/2] Added tests for all sorts of login form abuse. Added tests for log out --- mediagoblin/tests/test_auth.py | 82 +++++++++++++++++++++++++++++++--- 1 file changed, 76 insertions(+), 6 deletions(-) diff --git a/mediagoblin/tests/test_auth.py b/mediagoblin/tests/test_auth.py index b8389f8d..1b3b5082 100644 --- a/mediagoblin/tests/test_auth.py +++ b/mediagoblin/tests/test_auth.py @@ -242,17 +242,69 @@ def test_authentication_views(test_app): test_user.save() # Get login + # --------- test_app.get('/auth/login/') - # Make sure it rendered with the appropriate template assert util.TEMPLATE_TEST_CONTEXT.has_key( 'mediagoblin/auth/login.html') - # Log in as that user + # Failed login - blank form + # ------------------------- + util.clear_test_template_context() + response = test_app.post('/auth/login/') + context = util.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/login.html'] + form = context['login_form'] + assert form.username.errors == [u'This field is required.'] + assert form.password.errors == [u'This field is required.'] + + # Failed login - blank user + # ------------------------- + util.clear_test_template_context() + response = test_app.post( + '/auth/login/', { + 'password': u'toast'}) + context = util.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/login.html'] + form = context['login_form'] + assert form.username.errors == [u'This field is required.'] + + # Failed login - blank password + # ----------------------------- + util.clear_test_template_context() + response = test_app.post( + '/auth/login/', { + 'username': u'chris'}) + context = util.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/login.html'] + form = context['login_form'] + assert form.password.errors == [u'This field is required.'] + + # Failed login - bad user + # ----------------------- + util.clear_test_template_context() + response = test_app.post( + '/auth/login/', { + 'username': u'steve', + 'password': 'toast'}) + context = util.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/login.html'] + assert context['login_failed'] + + # Failed login - bad password + # --------------------------- + util.clear_test_template_context() + response = test_app.post( + '/auth/login/', { + 'username': u'chris', + 'password': 'jam'}) + context = util.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/login.html'] + assert context['login_failed'] + + # Successful login + # ---------------- util.clear_test_template_context() response = test_app.post( '/auth/login/', { 'username': u'chris', 'password': 'toast'}) + + # User should be redirected response.follow() assert_equal( urlparse.urlsplit(response.location)[2], @@ -260,10 +312,28 @@ def test_authentication_views(test_app): assert util.TEMPLATE_TEST_CONTEXT.has_key( 'mediagoblin/root.html') - # Make sure we're in the session or something - session = util.TEMPLATE_TEST_CONTEXT['mediagoblin/root.html']['request'].session + # Make sure user is in the session + context = util.TEMPLATE_TEST_CONTEXT['mediagoblin/root.html'] + session = context['request'].session assert session['user_id'] == unicode(test_user['_id']) - # Log out as that user - # Make sure we're not in the session + # TODO: test custom redirect when next=True + + # Successful logout + # ----------------- + util.clear_test_template_context() + response = test_app.get('/auth/logout/') + + # Should be redirected to index page + response.follow() + assert_equal( + urlparse.urlsplit(response.location)[2], + '/') + assert util.TEMPLATE_TEST_CONTEXT.has_key( + 'mediagoblin/root.html') + + # Make sure the user is not in the session + context = util.TEMPLATE_TEST_CONTEXT['mediagoblin/root.html'] + session = context['request'].session + assert session.has_key('user_id') == False From 12c231c8acc2036330143baa17610b6faa901ad6 Mon Sep 17 00:00:00 2001 From: Chris Moylan Date: Sun, 19 Jun 2011 12:28:53 -0500 Subject: [PATCH 2/2] added test coverage for redirecting after login with the next param --- mediagoblin/tests/test_auth.py | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/mediagoblin/tests/test_auth.py b/mediagoblin/tests/test_auth.py index 1b3b5082..3a13cbb1 100644 --- a/mediagoblin/tests/test_auth.py +++ b/mediagoblin/tests/test_auth.py @@ -317,8 +317,6 @@ def test_authentication_views(test_app): session = context['request'].session assert session['user_id'] == unicode(test_user['_id']) - # TODO: test custom redirect when next=True - # Successful logout # ----------------- util.clear_test_template_context() @@ -337,3 +335,15 @@ def test_authentication_views(test_app): session = context['request'].session assert session.has_key('user_id') == False + # User is redirected to custom URL if POST['next'] is set + # ------------------------------------------------------- + util.clear_test_template_context() + response = test_app.post( + '/auth/login/', { + 'username': u'chris', + 'password': 'toast', + 'next' : '/u/chris/'}) + assert_equal( + urlparse.urlsplit(response.location)[2], + '/u/chris/') +