Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/okupy/tests/unit
diff options
context:
space:
mode:
authorTheo Chatzimichos <tampakrap@gentoo.org>2013-08-17 13:39:34 +0200
committerTheo Chatzimichos <tampakrap@gentoo.org>2013-08-17 13:39:34 +0200
commit621d5d6ba7e830d55589783b0d71274a2084b491 (patch)
treec6c7fc7162b43d24e37373a5ad4fcb4bac1308cf /okupy/tests/unit
parentAdd support for secondary password (diff)
downloadidentity.gentoo.org-621d5d6ba7e830d55589783b0d71274a2084b491.tar.gz
identity.gentoo.org-621d5d6ba7e830d55589783b0d71274a2084b491.tar.bz2
identity.gentoo.org-621d5d6ba7e830d55589783b0d71274a2084b491.zip
Tests for secondary password
Diffstat (limited to 'okupy/tests/unit')
-rw-r--r--okupy/tests/unit/__init__.py2
-rw-r--r--okupy/tests/unit/login.py32
-rw-r--r--okupy/tests/unit/secondary_password.py89
3 files changed, 121 insertions, 2 deletions
diff --git a/okupy/tests/unit/__init__.py b/okupy/tests/unit/__init__.py
index 5c1286c..9b6f4ce 100644
--- a/okupy/tests/unit/__init__.py
+++ b/okupy/tests/unit/__init__.py
@@ -1,6 +1,6 @@
# vim:fileencoding=utf8:et:ts=4:sts=4:sw=4:ft=python
-from .connection import *
from .index import *
from .login import *
+from .secondary_password import *
from .signup import *
diff --git a/okupy/tests/unit/login.py b/okupy/tests/unit/login.py
index 75775df..6d5e94d 100644
--- a/okupy/tests/unit/login.py
+++ b/okupy/tests/unit/login.py
@@ -7,10 +7,14 @@ from django.core.urlresolvers import resolve
from django.template import RequestContext
from django.test.utils import override_settings
+from base64 import b64encode
+from Crypto import Random
+from passlib.hash import ldap_md5_crypt
from mockldap import MockLdap
-from ...accounts.views import login
+from ...accounts.views import login, logout
from ...accounts.forms import LoginForm
+from ...common.crypto import cipher
from ...common.test_helpers import OkupyTestCase, set_request, no_database, get_ldap_user, set_search_seed
@@ -95,6 +99,24 @@ class LoginUnitTests(OkupyTestCase):
login(request)
self.assertEqual(User.objects.count(), 1)
+ def test_secondary_password_is_added_in_login(self):
+ self.ldapobject.search_s.seed(settings.AUTH_LDAP_USER_BASE_DN, 2, set_search_seed('alice'))([get_ldap_user('alice')])
+ request = set_request(uri='/login', post=account1)
+ login(request)
+ self.assertEqual(len(get_ldap_user('alice', directory=self.ldapobject.directory)[1]['userPassword']), 2)
+ self.assertEqual(len(request.session['secondary_password']), 48)
+
+ def test_secondary_password_is_removed_in_logout(self):
+ secondary_password = Random.get_random_bytes(48)
+ secondary_password_crypt = ldap_md5_crypt.encrypt(b64encode(secondary_password))
+ self.ldapobject.directory[get_ldap_user('alice')[0]]['userPassword'].append(secondary_password_crypt)
+ self.ldapobject.search_s.seed(settings.AUTH_LDAP_USER_BASE_DN, 2, set_search_seed('alice'))([get_ldap_user('alice', directory=self.ldapobject.directory)])
+ alice = User(username='alice')
+ request = set_request(uri='/login', post=account1, user=alice)
+ request.session['secondary_password'] = cipher.encrypt(secondary_password)
+ logout(request)
+ self.assertEqual(len(get_ldap_user('alice', directory=self.ldapobject.directory)[1]['userPassword']), 1)
+
class LoginUnitTestsNoLDAP(OkupyTestCase):
def test_dont_authenticate_from_db_when_ldap_is_down(self):
@@ -108,3 +130,11 @@ class LoginUnitTestsNoLDAP(OkupyTestCase):
response = login(request)
response.context = RequestContext(request)
self.assertMessage(response, 'Login failed', 40)
+
+ def test_no_ldap_connection_in_logout_sends_notification_mail(self):
+ alice = User(username='alice')
+ request = set_request(uri='/login', post=account1, user=alice)
+ request.session['secondary_password'] = 'test'
+ logout(request)
+ self.assertEqual(len(mail.outbox), 1)
+ self.assertTrue(mail.outbox[0].subject.startswith('%sERROR:' % settings.EMAIL_SUBJECT_PREFIX))
diff --git a/okupy/tests/unit/secondary_password.py b/okupy/tests/unit/secondary_password.py
new file mode 100644
index 0000000..bc3faca
--- /dev/null
+++ b/okupy/tests/unit/secondary_password.py
@@ -0,0 +1,89 @@
+# vim:fileencoding=utf8:et:ts=4:sts=4:sw=4:ft=python
+
+from django.conf import settings
+from django.contrib.auth.models import User
+from django.test import TestCase
+
+from base64 import b64encode
+from Crypto import Random
+from mockldap import MockLdap
+from passlib.hash import ldap_md5_crypt
+
+from ...common.crypto import cipher
+from ...common.ldap_helpers import set_secondary_password, remove_secondary_password
+from ...common.test_helpers import set_request, set_search_seed, get_ldap_user
+
+
+class SecondaryPassword(TestCase):
+ @classmethod
+ def setUpClass(cls):
+ cls.mockldap = MockLdap(settings.DIRECTORY)
+
+ def setUp(self):
+ self.mockldap.start()
+ self.ldapobject = self.mockldap[settings.AUTH_LDAP_SERVER_URI]
+
+ def tearDown(self):
+ self.mockldap.stop()
+
+ def test_secondary_password_gets_added_in_session(self):
+ self.ldapobject.search_s.seed(settings.AUTH_LDAP_USER_BASE_DN, 2, set_search_seed('alice'))([get_ldap_user('alice')])
+ alice = User.objects.create(username='alice', password='ldaptest')
+ request = set_request(uri='/', user=alice)
+ set_secondary_password(request, 'ldaptest')
+ self.assertEqual(len(request.session['secondary_password']), 48)
+
+ def test_secondary_password_gets_added_in_ldap(self):
+ self.ldapobject.search_s.seed(settings.AUTH_LDAP_USER_BASE_DN, 2, set_search_seed('alice'))([get_ldap_user('alice')])
+ alice = User.objects.create(username='alice', password='ldaptest')
+ request = set_request(uri='/', user=alice)
+ self.assertEqual(len(get_ldap_user('alice')[1]['userPassword']), 1)
+ set_secondary_password(request, 'ldaptest')
+ self.assertEqual(len(get_ldap_user('alice', directory=self.ldapobject.directory)[1]['userPassword']), 2)
+
+ def test_remove_leftovers_before_adding_secondary_password(self):
+ leftover = ldap_md5_crypt.encrypt('leftover_password')
+ self.ldapobject.directory[get_ldap_user('alice')[0]]['userPassword'].append(leftover)
+ self.ldapobject.search_s.seed(settings.AUTH_LDAP_USER_BASE_DN, 2, set_search_seed('alice'))([get_ldap_user('alice', directory=self.ldapobject.directory)])
+ alice = User.objects.create(username='alice', password='ldaptest')
+ request = set_request(uri='/', user=alice)
+ set_secondary_password(request, 'ldaptest')
+ self.assertNotIn(leftover, get_ldap_user('alice', directory=self.ldapobject.directory)[1]['userPassword'])
+
+ def test_dont_remove_primary_password_while_cleaning_leftovers(self):
+ leftover = ldap_md5_crypt.encrypt('leftover_password')
+ self.ldapobject.directory[get_ldap_user('alice')[0]]['userPassword'].append(leftover)
+ self.ldapobject.search_s.seed(settings.AUTH_LDAP_USER_BASE_DN, 2, set_search_seed('alice'))([get_ldap_user('alice', directory=self.ldapobject.directory)])
+ alice = User.objects.create(username='alice', password='ldaptest')
+ request = set_request(uri='/', user=alice)
+ set_secondary_password(request, 'ldaptest')
+ self.assertTrue(ldap_md5_crypt.verify('ldaptest',get_ldap_user('alice', directory=self.ldapobject.directory)[1]['userPassword'][0]))
+
+ def test_session_and_ldap_secondary_passwords_match(self):
+ self.ldapobject.search_s.seed(settings.AUTH_LDAP_USER_BASE_DN, 2, set_search_seed('alice'))([get_ldap_user('alice')])
+ alice = User.objects.create(username='alice', password='ldaptest')
+ request = set_request(uri='/', user=alice)
+ set_secondary_password(request, 'ldaptest')
+ self.assertTrue(ldap_md5_crypt.verify(b64encode(cipher.decrypt(request.session['secondary_password'], 48)), get_ldap_user('alice', directory=self.ldapobject.directory)[1]['userPassword'][1]))
+
+ def test_remove_secondary_password_from_ldap(self):
+ secondary_password = Random.get_random_bytes(48)
+ secondary_password_crypt = ldap_md5_crypt.encrypt(b64encode(secondary_password))
+ self.ldapobject.directory[get_ldap_user('alice')[0]]['userPassword'].append(secondary_password_crypt)
+ self.ldapobject.search_s.seed(settings.AUTH_LDAP_USER_BASE_DN, 2, set_search_seed('alice'))([get_ldap_user('alice', directory=self.ldapobject.directory)])
+ alice = User.objects.create(username='alice', password='ldaptest')
+ request = set_request(uri='/', user=alice)
+ request.session['secondary_password'] = cipher.encrypt(secondary_password)
+ remove_secondary_password(request)
+ self.assertNotIn(secondary_password_crypt, get_ldap_user('alice', directory=self.ldapobject.directory)[1]['userPassword'])
+
+ def test_dont_remove_primary_password_while_removing_secondary_password(self):
+ secondary_password = Random.get_random_bytes(48)
+ secondary_password_crypt = ldap_md5_crypt.encrypt(b64encode(secondary_password))
+ self.ldapobject.directory[get_ldap_user('alice')[0]]['userPassword'].append(secondary_password_crypt)
+ self.ldapobject.search_s.seed(settings.AUTH_LDAP_USER_BASE_DN, 2, set_search_seed('alice'))([get_ldap_user('alice', directory=self.ldapobject.directory)])
+ alice = User.objects.create(username='alice', password='ldaptest')
+ request = set_request(uri='/', user=alice)
+ request.session['secondary_password'] = cipher.encrypt(secondary_password)
+ remove_secondary_password(request)
+ self.assertTrue(ldap_md5_crypt.verify('ldaptest',get_ldap_user('alice', directory=self.ldapobject.directory)[1]['userPassword'][0]))