OCA
/
server-tools
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1569 Commits
13 Branches
0 Tags
45 MiB
Tree: ce3041213f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'ce3041213f'
${ noResults }
server-tools/password_security/tests/test_password_security_home.py

293 lines
12 KiB
Raw Normal View History

[9.0][ADD] Password Security Settings (#531) * [ADD] res_users_password_security: New module * Create new module to lock down user passwords * [REF] res_users_password_security: PR Review fixes * Also add beta pass history rule * [ADD] res_users_password_security: Pass history and min time * Add pass history memory and threshold * Add minimum time for pass resets through web reset * Begin controller tests * Fix copyright, wrong year for new file * Add tests for password_security_home * Left to do web_auth_reset_password * Fix minimum reset threshold and finish tests * Bug fixes per review * [REF] password_security: PR review improvements * Change tech name to password_security * Use new except format * Limit 1 & new api * Cascade deletion for pass history * [REF] password_security: Fix travis + style * Fix travis errors * self to cls * Better variable names in tests * [FIX] password_security: Fix travis errors
8 years ago
[FIX] password_security: auth_totp compatibility * Modify overloaded web_login action to not trigger a password expiration check if the login process is not complete yet (e.g. due to auth_totp) * Add unit test for new logic * Fix warning caused by unrelated unit test
7 years ago
[9.0][ADD] Password Security Settings (#531) * [ADD] res_users_password_security: New module * Create new module to lock down user passwords * [REF] res_users_password_security: PR Review fixes * Also add beta pass history rule * [ADD] res_users_password_security: Pass history and min time * Add pass history memory and threshold * Add minimum time for pass resets through web reset * Begin controller tests * Fix copyright, wrong year for new file * Add tests for password_security_home * Left to do web_auth_reset_password * Fix minimum reset threshold and finish tests * Bug fixes per review * [REF] password_security: PR review improvements * Change tech name to password_security * Use new except format * Limit 1 & new api * Cascade deletion for pass history * [REF] password_security: Fix travis + style * Fix travis errors * self to cls * Better variable names in tests * [FIX] password_security: Fix travis errors
8 years ago
[FIX] password_security: Force password reset * Add logic to overloaded web_login action to log out users with expired passwords, preventing the password reset from being ignored * Add unit test for new logic
7 years ago
[9.0][ADD] Password Security Settings (#531) * [ADD] res_users_password_security: New module * Create new module to lock down user passwords * [REF] res_users_password_security: PR Review fixes * Also add beta pass history rule * [ADD] res_users_password_security: Pass history and min time * Add pass history memory and threshold * Add minimum time for pass resets through web reset * Begin controller tests * Fix copyright, wrong year for new file * Add tests for password_security_home * Left to do web_auth_reset_password * Fix minimum reset threshold and finish tests * Bug fixes per review * [REF] password_security: PR review improvements * Change tech name to password_security * Use new except format * Limit 1 & new api * Cascade deletion for pass history * [REF] password_security: Fix travis + style * Fix travis errors * self to cls * Better variable names in tests * [FIX] password_security: Fix travis errors
8 years ago
[FIX] password_security: auth_totp compatibility * Modify overloaded web_login action to not trigger a password expiration check if the login process is not complete yet (e.g. due to auth_totp) * Add unit test for new logic * Fix warning caused by unrelated unit test
7 years ago
[9.0][ADD] Password Security Settings (#531) * [ADD] res_users_password_security: New module * Create new module to lock down user passwords * [REF] res_users_password_security: PR Review fixes * Also add beta pass history rule * [ADD] res_users_password_security: Pass history and min time * Add pass history memory and threshold * Add minimum time for pass resets through web reset * Begin controller tests * Fix copyright, wrong year for new file * Add tests for password_security_home * Left to do web_auth_reset_password * Fix minimum reset threshold and finish tests * Bug fixes per review * [REF] password_security: PR review improvements * Change tech name to password_security * Use new except format * Limit 1 & new api * Cascade deletion for pass history * [REF] password_security: Fix travis + style * Fix travis errors * self to cls * Better variable names in tests * [FIX] password_security: Fix travis errors
8 years ago
  1. # -*- coding: utf-8 -*-
  2. # Copyright 2016 LasLabs Inc.
  3. # License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html).
  5. import mock
  7. from contextlib import contextmanager
  9. from openerp.tests.common import TransactionCase
  10. from openerp.http import Response
  12. from ..controllers import main
  15. IMPORT = 'openerp.addons.password_security.controllers.main'
  18. class EndTestException(Exception):
  19. """ It allows for isolation of resources by raise """
  22. class MockResponse(object):
  23. def __new__(cls):
  24. return mock.Mock(spec=Response)
  27. class MockPassError(main.PassError):
  28. def __init__(self):
  29. super(MockPassError, self).__init__('Message')
  32. class TestPasswordSecurityHome(TransactionCase):
  34. def setUp(self):
  35. super(TestPasswordSecurityHome, self).setUp()
  36. self.PasswordSecurityHome = main.PasswordSecurityHome
  37. self.password_security_home = self.PasswordSecurityHome()
  38. self.passwd = 'I am a password!'
  39. self.qcontext = {
  40. 'password': self.passwd,
  41. }
  43. @contextmanager
  44. def mock_assets(self):
  45. """ It mocks and returns assets used by this controller """
  46. methods = ['do_signup', 'web_login', 'web_auth_signup',
  47. 'web_auth_reset_password',
  48. ]
  49. with mock.patch.multiple(
  50. main.AuthSignupHome, **{m: mock.DEFAULT for m in methods}
  51. ) as _super:
  52. mocks = {}
  53. for method in methods:
  54. mocks[method] = _super[method]
  55. mocks[method].return_value = MockResponse()
  56. with mock.patch('%s.request' % IMPORT) as request:
  57. with mock.patch('%s.ensure_db' % IMPORT) as ensure:
  58. with mock.patch('%s.http' % IMPORT) as http:
  59. http.redirect_with_hash.return_value = \
  60. MockResponse()
  61. mocks.update({
  62. 'request': request,
  63. 'ensure_db': ensure,
  64. 'http': http,
  65. })
  66. yield mocks
  68. def test_do_signup_check(self):
  69. """ It should check password on user """
  70. with self.mock_assets() as assets:
  71. check_password = assets['request'].env.user.check_password
  72. check_password.side_effect = EndTestException
  73. with self.assertRaises(EndTestException):
  74. self.password_security_home.do_signup(self.qcontext)
  75. check_password.assert_called_once_with(
  76. self.passwd,
  77. )
  79. def test_do_signup_return(self):
  80. """ It should return result of super """
  81. with self.mock_assets() as assets:
  82. res = self.password_security_home.do_signup(self.qcontext)
  83. self.assertEqual(assets['do_signup'](), res)
  85. def test_web_login_ensure_db(self):
  86. """ It should verify available db """
  87. with self.mock_assets() as assets:
  88. assets['ensure_db'].side_effect = EndTestException
  89. with self.assertRaises(EndTestException):
  90. self.password_security_home.web_login()
  92. def test_web_login_super(self):
  93. """ It should call superclass w/ proper args """
  94. expect_list = [1, 2, 3]
  95. expect_dict = {'test1': 'good1', 'test2': 'good2'}
  96. with self.mock_assets() as assets:
  97. assets['web_login'].side_effect = EndTestException
  98. with self.assertRaises(EndTestException):
  99. self.password_security_home.web_login(
  100. *expect_list, **expect_dict
  101. )
  102. assets['web_login'].assert_called_once_with(
  103. *expect_list, **expect_dict
  104. )
  106. def test_web_login_no_post(self):
  107. """ It should return immediate result of super when not POST """
  108. with self.mock_assets() as assets:
  109. assets['request'].httprequest.method = 'GET'
  110. assets['request'].session.authenticate.side_effect = \
  111. EndTestException
  112. res = self.password_security_home.web_login()
  113. self.assertEqual(
  114. assets['web_login'](), res,
  115. )
  117. def test_web_login_login_success_flag(self):
  118. """It should return result of super when login_success flag False"""
  119. with self.mock_assets() as assets:
  120. assets['request'].httprequest.method = 'POST'
  121. assets['request'].params = {'login_success': False}
  122. result = self.password_security_home.web_login()
  124. expected = assets['web_login']()
  125. self.assertEqual(result, expected)
  127. def test_web_login_authenticate(self):
  128. """ It should attempt authentication to obtain uid """
  129. with self.mock_assets() as assets:
  130. assets['request'].httprequest.method = 'POST'
  131. authenticate = assets['request'].session.authenticate
  132. request = assets['request']
  133. authenticate.side_effect = EndTestException
  134. with self.assertRaises(EndTestException):
  135. self.password_security_home.web_login()
  136. authenticate.assert_called_once_with(
  137. request.session.db,
  138. request.params['login'],
  139. request.params['password'],
  140. )
  142. def test_web_login_authenticate_fail(self):
  143. """ It should return super result if failed auth """
  144. with self.mock_assets() as assets:
  145. authenticate = assets['request'].session.authenticate
  146. request = assets['request']
  147. request.httprequest.method = 'POST'
  148. request.env['res.users'].sudo.side_effect = EndTestException
  149. authenticate.return_value = False
  150. res = self.password_security_home.web_login()
  151. self.assertEqual(
  152. assets['web_login'](), res,
  153. )
  155. def test_web_login_get_user(self):
  156. """ It should get the proper user as sudo """
  157. with self.mock_assets() as assets:
  158. request = assets['request']
  159. request.httprequest.method = 'POST'
  160. sudo = request.env['res.users'].sudo()
  161. sudo.browse.side_effect = EndTestException
  162. with self.assertRaises(EndTestException):
  163. self.password_security_home.web_login()
  164. sudo.browse.assert_called_once_with(
  165. request.uid
  166. )
  168. def test_web_login_valid_pass(self):
  169. """ It should return parent result if pass isn't expired """
  170. with self.mock_assets() as assets:
  171. request = assets['request']
  172. request.httprequest.method = 'POST'
  173. user = request.env['res.users'].sudo().browse()
  174. user.action_expire_password.side_effect = EndTestException
  175. user._password_has_expired.return_value = False
  176. res = self.password_security_home.web_login()
  177. self.assertEqual(
  178. assets['web_login'](), res,
  179. )
  181. def test_web_login_expire_pass(self):
  182. """ It should expire password if necessary """
  183. with self.mock_assets() as assets:
  184. request = assets['request']
  185. request.httprequest.method = 'POST'
  186. user = request.env['res.users'].sudo().browse()
  187. user.action_expire_password.side_effect = EndTestException
  188. user._password_has_expired.return_value = True
  189. with self.assertRaises(EndTestException):
  190. self.password_security_home.web_login()
  192. def test_web_login_log_out_if_expired(self):
  193. """It should log out user if password expired"""
  194. with self.mock_assets() as assets:
  195. request = assets['request']
  196. request.httprequest.method = 'POST'
  197. user = request.env['res.users'].sudo().browse()
  198. user._password_has_expired.return_value = True
  199. self.password_security_home.web_login()
  201. logout_mock = request.session.logout
  202. logout_mock.assert_called_once_with(keep_db=True)
  204. def test_web_login_redirect(self):
  205. """ It should redirect w/ hash to reset after expiration """
  206. with self.mock_assets() as assets:
  207. request = assets['request']
  208. request.httprequest.method = 'POST'
  209. user = request.env['res.users'].sudo().browse()
  210. user._password_has_expired.return_value = True
  211. res = self.password_security_home.web_login()
  212. self.assertEqual(
  213. assets['http'].redirect_with_hash(), res,
  214. )
  216. def test_web_auth_signup_valid(self):
  217. """ It should return super if no errors """
  218. with self.mock_assets() as assets:
  219. res = self.password_security_home.web_auth_signup()
  220. self.assertEqual(
  221. assets['web_auth_signup'](), res,
  222. )
  224. def test_web_auth_signup_invalid_qcontext(self):
  225. """ It should catch PassError and get signup qcontext """
  226. with self.mock_assets() as assets:
  227. with mock.patch.object(
  228. main.AuthSignupHome, 'get_auth_signup_qcontext',
  229. ) as qcontext:
  230. assets['web_auth_signup'].side_effect = MockPassError
  231. qcontext.side_effect = EndTestException
  232. with self.assertRaises(EndTestException):
  233. self.password_security_home.web_auth_signup()
  235. def test_web_auth_signup_invalid_render(self):
  236. """ It should render & return signup form on invalid """
  237. with self.mock_assets() as assets:
  238. with mock.patch.object(
  239. main.AuthSignupHome, 'get_auth_signup_qcontext', spec=dict
  240. ) as qcontext:
  241. assets['web_auth_signup'].side_effect = MockPassError
  242. assets['request'].render.return_value = MockResponse()
  244. res = self.password_security_home.web_auth_signup()
  245. assets['request'].render.assert_called_once_with(
  246. 'auth_signup.signup', qcontext(),
  247. )
  248. self.assertEqual(
  249. assets['request'].render(), res,
  250. )
  252. def test_web_auth_reset_password_fail_login(self):
  253. """ It should raise from failed _validate_pass_reset by login """
  254. with self.mock_assets() as assets:
  255. with mock.patch.object(
  256. main.AuthSignupHome, 'get_auth_signup_qcontext', spec=dict
  257. ) as qcontext:
  258. qcontext['login'] = 'login'
  259. search = assets['request'].env.sudo().search
  260. assets['request'].httprequest.method = 'POST'
  261. user = mock.MagicMock()
  262. user._validate_pass_reset.side_effect = MockPassError
  263. search.return_value = user
  264. with self.assertRaises(MockPassError):
  265. self.password_security_home.web_auth_reset_password()
  267. def test_web_auth_reset_password_fail_email(self):
  268. """ It should raise from failed _validate_pass_reset by email """
  269. with self.mock_assets() as assets:
  270. with mock.patch.object(
  271. main.AuthSignupHome, 'get_auth_signup_qcontext', spec=dict
  272. ) as qcontext:
  273. qcontext['login'] = 'login'
  274. search = assets['request'].env.sudo().search
  275. assets['request'].httprequest.method = 'POST'
  276. user = mock.MagicMock()
  277. user._validate_pass_reset.side_effect = MockPassError
  278. search.side_effect = [[], user]
  279. with self.assertRaises(MockPassError):
  280. self.password_security_home.web_auth_reset_password()
  282. def test_web_auth_reset_password_success(self):
  283. """ It should return parent response on no validate errors """
  284. with self.mock_assets() as assets:
  285. with mock.patch.object(
  286. main.AuthSignupHome, 'get_auth_signup_qcontext', spec=dict
  287. ) as qcontext:
  288. qcontext['login'] = 'login'
  289. assets['request'].httprequest.method = 'POST'
  290. res = self.password_security_home.web_auth_reset_password()
  291. self.assertEqual(
  292. assets['web_auth_reset_password'](), res,
  293. )