Home Explore Help
Sign In
221V
/
flaskbb
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: d24297191d
Branches Tags
flaskbb
/
tests
/
unit
/
auth
/
test_authentication.py

test_authentication.py 3.6 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107 
  1. from datetime import datetime, timedelta
    2. 

  2. 

  3. import pytest
    4. 

  4. from freezegun import freeze_time
    5. 

  5. from pytz import UTC
    6. 

  6. 

  7. from flaskbb.auth.services import authentication as auth
    8. 

  8. from flaskbb.core.auth.authentication import StopAuthentication
    9. 

  9. 

  10. pytestmark = pytest.mark.usefixtures('default_settings')
    11. 

  11. 

  12. 

  13. class TestBlockTooManyFailedLogins(object):
    14. 

  14.     provider = auth.BlockTooManyFailedLogins(
    15. 

  15.         auth.
    16. 

  16.         FailedLoginConfiguration(limit=1, lockout_window=timedelta(hours=1))
    17. 

  17.     )
    18. 

  18. 

  19.     @freeze_time(datetime(2018, 1, 1, 13, 30))
    20. 

  20.     def test_raises_StopAuthentication_if_user_is_at_limit_and_inside_window(
    21. 

  21.             self, Fred
    22. 

  22.     ):
    23. 

  23.         Fred.last_failed_login = datetime(2018, 1, 1, 14, tzinfo=UTC)
    24. 

  24.         Fred.login_attempts = 1
    25. 

  25. 

  26.         with pytest.raises(StopAuthentication) as excinfo:
    27. 

  27.             self.provider.authenticate(Fred.email, 'not considered')
    28. 

  28. 

  29.         assert 'too many failed login attempts' in excinfo.value.reason
    30. 

  30. 

  31.     @freeze_time(datetime(2018, 1, 1, 14))
    32. 

  32.     def test_doesnt_raise_if_user_is_at_limit_but_outside_window(self, Fred):
    33. 

  33.         Fred.last_failed_login = datetime(2018, 1, 1, 12, tzinfo=UTC)
    34. 

  34.         Fred.login_attempts = 1
    35. 

  35. 

  36.         self.provider.authenticate(Fred.email, 'not considered')
    37. 

  37. 

  38.     def test_doesnt_raise_if_user_is_below_limit_but_inside_window(self, Fred):
    39. 

  39.         Fred.last_failed_login = datetime(2018, 1, 1, 12, tzinfo=UTC)
    40. 

  40.         Fred.login_attempts = 0
    41. 

  41.         self.provider.authenticate(Fred.email, 'not considered')
    42. 

  42. 

  43.     def test_handles_if_user_has_no_failed_login_attempts(self, Fred):
    44. 

  44.         Fred.login_attempts = 0
    45. 

  45.         Fred.last_failed_login = None
    46. 

  46. 

  47.         self.provider.authenticate(Fred.email, 'not considered')
    48. 

  48. 

  49.     def test_handles_if_user_doesnt_exist(self, Fred):
    50. 

  50.         self.provider.authenticate('completely@made.up', 'not considered')
    51. 

  51. 

  52. 

  53. class TestDefaultFlaskBBAuthProvider(object):
    54. 

  54.     provider = auth.DefaultFlaskBBAuthProvider()
    55. 

  55. 

  56.     def test_returns_None_if_user_doesnt_exist(self, Fred):
    57. 

  57.         result = self.provider.authenticate('completely@made.up', 'lolnope')
    58. 

  58. 

  59.         assert result is None
    60. 

  60. 

  61.     def test_returns_None_if_password_doesnt_match(self, Fred):
    62. 

  62.         result = self.provider.authenticate(Fred.email, 'stillnotit')
    63. 

  63. 

  64.         assert result is None
    65. 

  65. 

  66.     def test_returns_user_if_identifer_and_password_match(self, Fred):
    67. 

  67.         result = self.provider.authenticate(Fred.email, 'fred')
    68. 

  68. 

  69.         assert result.username == Fred.username
    70. 

  70. 

  71. 

  72. class TestMarkFailedLoginAttempt(object):
    73. 

  73.     handler = auth.MarkFailedLogin()
    74. 

  74. 

  75.     @freeze_time(datetime(2018, 1, 1, 12))
    76. 

  76.     def test_increments_users_failed_logins_and_sets_last_fail_date(
    77. 

  77.             self, Fred
    78. 

  78.     ):
    79. 

  79.         Fred.login_attempts = 0
    80. 

  80.         Fred.last_failed_login = datetime.min.replace(tzinfo=UTC)
    81. 

  81.         self.handler.handle_authentication_failure(Fred.email)
    82. 

  82.         assert Fred.login_attempts == 1
    83. 

  83.         assert Fred.last_failed_login == datetime.now(UTC)
    84. 

  84. 

  85.     def test_handles_if_user_doesnt_exist(self, Fred):
    86. 

  86.         self.handler.handle_authentication_failure('completely@made.up')
    87. 

  87. 

  88. 

  89. class TestClearFailedLogins(object):
    90. 

  90.     handler = auth.ClearFailedLogins()
    91. 

  91. 

  92.     def test_clears_failed_logins_attempts(self, Fred):
    93. 

  93.         Fred.login_attempts = 1000
    94. 

  94.         self.handler.handle_post_auth(Fred)
    95. 

  95.         assert Fred.login_attempts == 0
    96. 

  96. 

  97. 

  98. class TestBlockUnactivatedUser(object):
    99. 

  99.     handler = auth.BlockUnactivatedUser()
    100. 

  100. 

  101.     def test_raises_StopAuthentication_if_user_is_unactivated(
    102. 

  102.             self, unactivated_user
    103. 

  103.     ):
    104. 

  104.         with pytest.raises(StopAuthentication) as excinfo:
    105. 

  105.             self.handler.handle_post_auth(unactivated_user)
    106. 

  106. 

  107.         assert 'In order to use your account' in excinfo.value.reason
    108.