From 8d3f54ae3ff824503e409886e020c020ac3ce73c Mon Sep 17 00:00:00 2001 From: Tsa6 Date: Fri, 29 Sep 2017 17:21:42 -0400 Subject: [PATCH 1/5] Added test for successfully logging in new user --- tests/LandingPage/__init__.py | 0 tests/LandingPage/test_views.py | 46 +++++++++++++++++++++++++++++++++ tests/__init__.py | 0 3 files changed, 46 insertions(+) create mode 100644 tests/LandingPage/__init__.py create mode 100644 tests/LandingPage/test_views.py create mode 100644 tests/__init__.py diff --git a/tests/LandingPage/__init__.py b/tests/LandingPage/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/tests/LandingPage/test_views.py b/tests/LandingPage/test_views.py new file mode 100644 index 0000000..fd6709d --- /dev/null +++ b/tests/LandingPage/test_views.py @@ -0,0 +1,46 @@ +from django.test import TestCase,Client,override_settings +import responses +from LandingPage.models import User +from urllib import parse + +@override_settings( + AUTH_TOKEN_ENDPOINT='http://icynet.test/api/', + AUTH_CLIENT_ID='clid', + AUTH_B64='Y2xpZDpjbGlzZWM=', + AUTH_REDIRECT_URL='http://redirect.test' +) +class TestLogin(TestCase): + + def test_login_new_user(self): + # Set up responses to control network flow + with responses.RequestsMock() as rm: + rm.add(responses.POST,'http://icynet.test/api/token',json={'access_token':'1accesstoken1'}) + rm.add(responses.GET,'http://icynet.test/api/user',json={'uuid':'935a41b5-b38d-42c3-96ef-653402fc44ca','email':'johnsmith@gmail.com','display_name':'Mr. Smith'}) + + # Make initial request to redirect endpoint + client = Client() + resp = client.get('/login') + self.assertEqual(resp.status_code, 302) + query = parse.parse_qs(parse.urlparse(resp['Location']).query) + state = query['state'][0] + self.assertEqual(query['client_id'][0],'clid') + self.assertEqual(query['response_type'][0],'code') + self.assertEqual(query['redirect_uri'][0],'http://redirect.test') + self.assertEqual(query['scope'][0],'email') + + # Make connection to the real endpoint + resp = client.get('/login/redirect?state=%s&code=%s'%(state, 'code')) + self.assertEqual(resp.status_code, 302) + + # Check that the database is all good + users = User.objects.all() + self.assertEqual(len(users), 1) + user = users[0] + self.assertEqual(user.user_id,'935a41b5-b38d-42c3-96ef-653402fc44ca') + self.assertEqual(user.email,'johnsmith@gmail.com') + self.assertEqual(user.display_name, 'Mr. Smith') + + # Check appropriate values are in the session + self.assertEqual(client.session['user_id'], '935a41b5-b38d-42c3-96ef-653402fc44ca') + self.assertEqual(client.session['token'],'1accesstoken1') + self.assertEqual(client.session['disp_name'], 'Mr. Smith') diff --git a/tests/__init__.py b/tests/__init__.py new file mode 100644 index 0000000..e69de29 From 491a86f4786a0546d60b8beb417c0597f81a4d5e Mon Sep 17 00:00:00 2001 From: Tsa6 Date: Fri, 29 Sep 2017 17:25:12 -0400 Subject: [PATCH 2/5] Added test to reject bad state tokens --- tests/LandingPage/test_views.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/LandingPage/test_views.py b/tests/LandingPage/test_views.py index fd6709d..1e31b59 100644 --- a/tests/LandingPage/test_views.py +++ b/tests/LandingPage/test_views.py @@ -44,3 +44,9 @@ class TestLogin(TestCase): self.assertEqual(client.session['user_id'], '935a41b5-b38d-42c3-96ef-653402fc44ca') self.assertEqual(client.session['token'],'1accesstoken1') self.assertEqual(client.session['disp_name'], 'Mr. Smith') + + def test_reject_bad_state(self): + with responses.RequestsMock() as rm: + client = Client() + resp = client.get('/login/redirect?state=%s&code=%s'%('bad_state', 'code')) + self.assertEqual(resp.status_code, 400) From 40d8d1f5e537b23fcbdc6716cbb0d2181656ec18 Mon Sep 17 00:00:00 2001 From: Tsa6 Date: Fri, 29 Sep 2017 17:34:57 -0400 Subject: [PATCH 3/5] Added test for logging in a pre-existing user --- tests/LandingPage/test_views.py | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/tests/LandingPage/test_views.py b/tests/LandingPage/test_views.py index 1e31b59..e8fe503 100644 --- a/tests/LandingPage/test_views.py +++ b/tests/LandingPage/test_views.py @@ -50,3 +50,35 @@ class TestLogin(TestCase): client = Client() resp = client.get('/login/redirect?state=%s&code=%s'%('bad_state', 'code')) self.assertEqual(resp.status_code, 400) + + def test_login_old_user(self): + # Set up responses to control network flow + with responses.RequestsMock() as rm: + rm.add(responses.POST,'http://icynet.test/api/token',json={'access_token':'1accesstoken1'}) + rm.add(responses.GET,'http://icynet.test/api/user',json={'uuid':'935a41b5-b38d-42c3-96ef-653402fc44ca','email':'johnsmith@gmail.com','display_name':'Mr. Smith'}) + + # Set up the database + user = User(user_id='935a41b5-b38d-42c3-96ef-653402fc44ca',email='johnsmith@gmail.com',display_name='Mr. Smith') + user.save() + + # Make initial request to redirect endpoint + client = Client() + resp = client.get('/login') + state = parse.parse_qs(parse.urlparse(resp['Location']).query)['state'][0] + + # Make connection to the real endpoint + resp = client.get('/login/redirect?state=%s&code=%s'%(state, 'code')) + self.assertEqual(resp.status_code, 302) + + # Check that the database is all good + users = User.objects.all() + self.assertEqual(len(users), 1) + user = users[0] + self.assertEqual(user.user_id,'935a41b5-b38d-42c3-96ef-653402fc44ca') + self.assertEqual(user.email,'johnsmith@gmail.com') + self.assertEqual(user.display_name, 'Mr. Smith') + + # Check appropriate values are in the session + self.assertEqual(client.session['user_id'], '935a41b5-b38d-42c3-96ef-653402fc44ca') + self.assertEqual(client.session['token'],'1accesstoken1') + self.assertEqual(client.session['disp_name'], 'Mr. Smith') From 575c3f27cc8e29097608d108d7c8ee8e588cc8ed Mon Sep 17 00:00:00 2001 From: Tsa6 Date: Fri, 29 Sep 2017 17:40:50 -0400 Subject: [PATCH 4/5] Added test that states are unique --- tests/LandingPage/test_views.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/LandingPage/test_views.py b/tests/LandingPage/test_views.py index e8fe503..4615965 100644 --- a/tests/LandingPage/test_views.py +++ b/tests/LandingPage/test_views.py @@ -82,3 +82,15 @@ class TestLogin(TestCase): self.assertEqual(client.session['user_id'], '935a41b5-b38d-42c3-96ef-653402fc44ca') self.assertEqual(client.session['token'],'1accesstoken1') self.assertEqual(client.session['disp_name'], 'Mr. Smith') + + def test_states_unique(self): + with responses.RequestsMock() as rm: + client1 = Client() + resp1 = client1.get('/login') + state1 = parse.parse_qs(parse.urlparse(resp1['Location']).query)['state'][0] + + client2 = Client() + resp2 = client2.get('/login') + state2 = parse.parse_qs(parse.urlparse(resp2['Location']).query)['state'][0] + + self.assertNotEqual(state1,state2) From ece4e8254fca881dd95bf0cb5937934800b5f3de Mon Sep 17 00:00:00 2001 From: Tsa6 Date: Fri, 29 Sep 2017 17:44:37 -0400 Subject: [PATCH 5/5] Removed unnecessary test files --- Discussions/tests.py | 3 --- LandingPage/tests.py | 3 --- Show/tests.py | 3 --- 3 files changed, 9 deletions(-) delete mode 100644 Discussions/tests.py delete mode 100644 LandingPage/tests.py delete mode 100644 Show/tests.py diff --git a/Discussions/tests.py b/Discussions/tests.py deleted file mode 100644 index 7ce503c..0000000 --- a/Discussions/tests.py +++ /dev/null @@ -1,3 +0,0 @@ -from django.test import TestCase - -# Create your tests here. diff --git a/LandingPage/tests.py b/LandingPage/tests.py deleted file mode 100644 index 7ce503c..0000000 --- a/LandingPage/tests.py +++ /dev/null @@ -1,3 +0,0 @@ -from django.test import TestCase - -# Create your tests here. diff --git a/Show/tests.py b/Show/tests.py deleted file mode 100644 index 7ce503c..0000000 --- a/Show/tests.py +++ /dev/null @@ -1,3 +0,0 @@ -from django.test import TestCase - -# Create your tests here.