OCA
/
server-tools
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1243 Commits
13 Branches
0 Tags
45 MiB
Tree: 29c4be9103
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '29c4be9103'
${ noResults }
server-tools/password_security/tests/test_password_security_home.py

269 lines
11 KiB
Raw Normal View History

[9.0][ADD] Password Security Settings (#531) * [ADD] res_users_password_security: New module * Create new module to lock down user passwords * [REF] res_users_password_security: PR Review fixes * Also add beta pass history rule * [ADD] res_users_password_security: Pass history and min time * Add pass history memory and threshold * Add minimum time for pass resets through web reset * Begin controller tests * Fix copyright, wrong year for new file * Add tests for password_security_home * Left to do web_auth_reset_password * Fix minimum reset threshold and finish tests * Bug fixes per review * [REF] password_security: PR review improvements * Change tech name to password_security * Use new except format * Limit 1 & new api * Cascade deletion for pass history * [REF] password_security: Fix travis + style * Fix travis errors * self to cls * Better variable names in tests * [FIX] password_security: Fix travis errors
8 years ago
  1. # -*- coding: utf-8 -*-
  2. # Copyright 2016 LasLabs Inc.
  3. # License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html).
  5. import mock
  7. from contextlib import contextmanager
  9. from openerp.tests.common import TransactionCase
  10. from openerp.http import Response
  12. from ..controllers import main
  15. IMPORT = 'openerp.addons.password_security.controllers.main'
  18. class EndTestException(Exception):
  19. """ It allows for isolation of resources by raise """
  22. class MockResponse(object):
  23. def __new__(cls):
  24. return mock.Mock(spec=Response)
  27. class MockPassError(main.PassError):
  28. def __init__(self):
  29. super(MockPassError, self).__init__('Message')
  32. class TestPasswordSecurityHome(TransactionCase):
  34. def setUp(self):
  35. super(TestPasswordSecurityHome, self).setUp()
  36. self.PasswordSecurityHome = main.PasswordSecurityHome
  37. self.password_security_home = self.PasswordSecurityHome()
  38. self.passwd = 'I am a password!'
  39. self.qcontext = {
  40. 'password': self.passwd,
  41. }
  43. @contextmanager
  44. def mock_assets(self):
  45. """ It mocks and returns assets used by this controller """
  46. methods = ['do_signup', 'web_login', 'web_auth_signup',
  47. 'web_auth_reset_password',
  48. ]
  49. with mock.patch.multiple(
  50. main.AuthSignupHome, **{m: mock.DEFAULT for m in methods}
  51. ) as _super:
  52. mocks = {}
  53. for method in methods:
  54. mocks[method] = _super[method]
  55. mocks[method].return_value = MockResponse()
  56. with mock.patch('%s.request' % IMPORT) as request:
  57. with mock.patch('%s.ensure_db' % IMPORT) as ensure:
  58. with mock.patch('%s.http' % IMPORT) as http:
  59. http.redirect_with_hash.return_value = \
  60. MockResponse()
  61. mocks.update({
  62. 'request': request,
  63. 'ensure_db': ensure,
  64. 'http': http,
  65. })
  66. yield mocks
  68. def test_do_signup_check(self):
  69. """ It should check password on user """
  70. with self.mock_assets() as assets:
  71. check_password = assets['request'].env.user.check_password
  72. check_password.side_effect = EndTestException
  73. with self.assertRaises(EndTestException):
  74. self.password_security_home.do_signup(self.qcontext)
  75. check_password.assert_called_once_with(
  76. self.passwd,
  77. )
  79. def test_do_signup_return(self):
  80. """ It should return result of super """
  81. with self.mock_assets() as assets:
  82. res = self.password_security_home.do_signup(self.qcontext)
  83. self.assertEqual(assets['do_signup'](), res)
  85. def test_web_login_ensure_db(self):
  86. """ It should verify available db """
  87. with self.mock_assets() as assets:
  88. assets['ensure_db'].side_effect = EndTestException
  89. with self.assertRaises(EndTestException):
  90. self.password_security_home.web_login()
  92. def test_web_login_super(self):
  93. """ It should call superclass w/ proper args """
  94. expect_list = [1, 2, 3]
  95. expect_dict = {'test1': 'good1', 'test2': 'good2'}
  96. with self.mock_assets() as assets:
  97. assets['web_login'].side_effect = EndTestException
  98. with self.assertRaises(EndTestException):
  99. self.password_security_home.web_login(
  100. *expect_list, **expect_dict
  101. )
  102. assets['web_login'].assert_called_once_with(
  103. *expect_list, **expect_dict
  104. )
  106. def test_web_login_no_post(self):
  107. """ It should return immediate result of super when not POST """
  108. with self.mock_assets() as assets:
  109. assets['request'].httprequest.method = 'GET'
  110. assets['request'].session.authenticate.side_effect = \
  111. EndTestException
  112. res = self.password_security_home.web_login()
  113. self.assertEqual(
  114. assets['web_login'](), res,
  115. )
  117. def test_web_login_authenticate(self):
  118. """ It should attempt authentication to obtain uid """
  119. with self.mock_assets() as assets:
  120. assets['request'].httprequest.method = 'POST'
  121. authenticate = assets['request'].session.authenticate
  122. request = assets['request']
  123. authenticate.side_effect = EndTestException
  124. with self.assertRaises(EndTestException):
  125. self.password_security_home.web_login()
  126. authenticate.assert_called_once_with(
  127. request.session.db,
  128. request.params['login'],
  129. request.params['password'],
  130. )
  132. def test_web_login_authenticate_fail(self):
  133. """ It should return super result if failed auth """
  134. with self.mock_assets() as assets:
  135. authenticate = assets['request'].session.authenticate
  136. request = assets['request']
  137. request.httprequest.method = 'POST'
  138. request.env['res.users'].sudo.side_effect = EndTestException
  139. authenticate.return_value = False
  140. res = self.password_security_home.web_login()
  141. self.assertEqual(
  142. assets['web_login'](), res,
  143. )
  145. def test_web_login_get_user(self):
  146. """ It should get the proper user as sudo """
  147. with self.mock_assets() as assets:
  148. request = assets['request']
  149. request.httprequest.method = 'POST'
  150. sudo = request.env['res.users'].sudo()
  151. sudo.browse.side_effect = EndTestException
  152. with self.assertRaises(EndTestException):
  153. self.password_security_home.web_login()
  154. sudo.browse.assert_called_once_with(
  155. request.uid
  156. )
  158. def test_web_login_valid_pass(self):
  159. """ It should return parent result if pass isn't expired """
  160. with self.mock_assets() as assets:
  161. request = assets['request']
  162. request.httprequest.method = 'POST'
  163. user = request.env['res.users'].sudo().browse()
  164. user.action_expire_password.side_effect = EndTestException
  165. user._password_has_expired.return_value = False
  166. res = self.password_security_home.web_login()
  167. self.assertEqual(
  168. assets['web_login'](), res,
  169. )
  171. def test_web_login_expire_pass(self):
  172. """ It should expire password if necessary """
  173. with self.mock_assets() as assets:
  174. request = assets['request']
  175. request.httprequest.method = 'POST'
  176. user = request.env['res.users'].sudo().browse()
  177. user.action_expire_password.side_effect = EndTestException
  178. user._password_has_expired.return_value = True
  179. with self.assertRaises(EndTestException):
  180. self.password_security_home.web_login()
  182. def test_web_login_redirect(self):
  183. """ It should redirect w/ hash to reset after expiration """
  184. with self.mock_assets() as assets:
  185. request = assets['request']
  186. request.httprequest.method = 'POST'
  187. user = request.env['res.users'].sudo().browse()
  188. user._password_has_expired.return_value = True
  189. res = self.password_security_home.web_login()
  190. self.assertEqual(
  191. assets['http'].redirect_with_hash(), res,
  192. )
  194. def test_web_auth_signup_valid(self):
  195. """ It should return super if no errors """
  196. with self.mock_assets() as assets:
  197. res = self.password_security_home.web_auth_signup()
  198. self.assertEqual(
  199. assets['web_auth_signup'](), res,
  200. )
  202. def test_web_auth_signup_invalid_qcontext(self):
  203. """ It should catch PassError and get signup qcontext """
  204. with self.mock_assets() as assets:
  205. with mock.patch.object(
  206. main.AuthSignupHome, 'get_auth_signup_qcontext',
  207. ) as qcontext:
  208. assets['web_auth_signup'].side_effect = MockPassError
  209. qcontext.side_effect = EndTestException
  210. with self.assertRaises(EndTestException):
  211. self.password_security_home.web_auth_signup()
  213. def test_web_auth_signup_invalid_render(self):
  214. """ It should render & return signup form on invalid """
  215. with self.mock_assets() as assets:
  216. with mock.patch.object(
  217. main.AuthSignupHome, 'get_auth_signup_qcontext', spec=dict
  218. ) as qcontext:
  219. assets['web_auth_signup'].side_effect = MockPassError
  220. res = self.password_security_home.web_auth_signup()
  221. assets['request'].render.assert_called_once_with(
  222. 'auth_signup.signup', qcontext(),
  223. )
  224. self.assertEqual(
  225. assets['request'].render(), res,
  226. )
  228. def test_web_auth_reset_password_fail_login(self):
  229. """ It should raise from failed _validate_pass_reset by login """
  230. with self.mock_assets() as assets:
  231. with mock.patch.object(
  232. main.AuthSignupHome, 'get_auth_signup_qcontext', spec=dict
  233. ) as qcontext:
  234. qcontext['login'] = 'login'
  235. search = assets['request'].env.sudo().search
  236. assets['request'].httprequest.method = 'POST'
  237. user = mock.MagicMock()
  238. user._validate_pass_reset.side_effect = MockPassError
  239. search.return_value = user
  240. with self.assertRaises(MockPassError):
  241. self.password_security_home.web_auth_reset_password()
  243. def test_web_auth_reset_password_fail_email(self):
  244. """ It should raise from failed _validate_pass_reset by email """
  245. with self.mock_assets() as assets:
  246. with mock.patch.object(
  247. main.AuthSignupHome, 'get_auth_signup_qcontext', spec=dict
  248. ) as qcontext:
  249. qcontext['login'] = 'login'
  250. search = assets['request'].env.sudo().search
  251. assets['request'].httprequest.method = 'POST'
  252. user = mock.MagicMock()
  253. user._validate_pass_reset.side_effect = MockPassError
  254. search.side_effect = [[], user]
  255. with self.assertRaises(MockPassError):
  256. self.password_security_home.web_auth_reset_password()
  258. def test_web_auth_reset_password_success(self):
  259. """ It should return parent response on no validate errors """
  260. with self.mock_assets() as assets:
  261. with mock.patch.object(
  262. main.AuthSignupHome, 'get_auth_signup_qcontext', spec=dict
  263. ) as qcontext:
  264. qcontext['login'] = 'login'
  265. assets['request'].httprequest.method = 'POST'
  266. res = self.password_security_home.web_auth_reset_password()
  267. self.assertEqual(
  268. assets['web_auth_reset_password'](), res,
  269. )