You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

171 lines
6.3 KiB

  1. # -*- coding: utf-8 -*-
  2. # Copyright (C) 2013-2014 GRAP (http://www.grap.coop)
  3. # @author Sylvain LE GAL (https://twitter.com/legalsylvain)
  4. # License AGPL-3 - See http://www.gnu.org/licenses/agpl-3.0.html
  5. from lxml import html
  6. from werkzeug.test import Client
  7. from werkzeug.wrappers import BaseResponse
  8. from odoo.tests import common
  9. from odoo.service import wsgi_server
  10. @common.post_install(True)
  11. class TestUI(common.HttpCase):
  12. def setUp(self):
  13. super(TestUI, self).setUp()
  14. with self.registry.cursor() as test_cursor:
  15. env = self.env(test_cursor)
  16. self.admin_password = 'AdminPa$$w0rd'
  17. env.ref('base.user_root').password = self.admin_password
  18. self.passkey_password = 'PasskeyPa$$w0rd'
  19. self.passkey_user = env['res.users'].create({
  20. 'name': 'passkey',
  21. 'login': 'passkey',
  22. 'email': 'passkey',
  23. 'password': self.passkey_password
  24. })
  25. self.dbname = env.cr.dbname
  26. self.werkzeug_environ = {'REMOTE_ADDR': '127.0.0.1'}
  27. self.test_client = Client(wsgi_server.application, BaseResponse)
  28. self.test_client.get('/web/session/logout')
  29. def html_doc(self, response):
  30. """Get an HTML LXML document."""
  31. return html.fromstring(response.data)
  32. def csrf_token(self, response):
  33. """Get a valid CSRF token."""
  34. doc = self.html_doc(response)
  35. return doc.xpath("//input[@name='csrf_token']")[0].get('value')
  36. def get_request(self, url, data=None):
  37. return self.test_client.get(
  38. url, query_string=data, follow_redirects=True)
  39. def post_request(self, url, data=None):
  40. return self.test_client.post(
  41. url, data=data, follow_redirects=True,
  42. environ_base=self.werkzeug_environ)
  43. def test_01_normal_login_admin_succeed(self):
  44. # Our admin user wants to go to backoffice part of Odoo
  45. response = self.get_request('/web/', data={'db': self.dbname})
  46. # He notices that his redirected to login page as not authenticated
  47. self.assertIn('oe_login_form', response.data)
  48. # He needs to enters his credentials and submit the form
  49. data = {
  50. 'login': 'admin',
  51. 'password': self.admin_password,
  52. 'csrf_token': self.csrf_token(response),
  53. 'db': self.dbname
  54. }
  55. response = self.post_request('/web/login/', data=data)
  56. # He notices that his redirected to backoffice
  57. self.assertNotIn('oe_login_form', response.data)
  58. def test_02_normal_login_admin_fail(self):
  59. # Our admin user wants to go to backoffice part of Odoo
  60. response = self.get_request('/web/', data={'db': self.dbname})
  61. # He notices that he's redirected to login page as not authenticated
  62. self.assertIn('oe_login_form', response.data)
  63. # He needs to enter his credentials and submit the form
  64. data = {
  65. 'login': 'admin',
  66. 'password': 'password',
  67. 'csrf_token': self.csrf_token(response),
  68. 'db': self.dbname
  69. }
  70. response = self.post_request('/web/login/', data=data)
  71. # He mistyped his password so he's redirected to login page again
  72. self.assertIn('Wrong login/password', response.data)
  73. def test_03_normal_login_passkey_succeed(self):
  74. # Our passkey user wants to go to backoffice part of Odoo
  75. response = self.get_request('/web/', data={'db': self.dbname})
  76. # He notices that he's redirected to login page as not authenticated
  77. self.assertIn('oe_login_form', response.data)
  78. # He needs to enter his credentials and submit the form
  79. data = {
  80. 'login': self.passkey_user.login,
  81. 'password': self.passkey_password,
  82. 'csrf_token': self.csrf_token(response),
  83. 'db': self.dbname
  84. }
  85. response = self.post_request('/web/login/', data=data)
  86. # He notices that his redirected to backoffice
  87. self.assertNotIn('oe_login_form', response.data)
  88. def test_04_normal_login_passkey_fail(self):
  89. # Our passkey user wants to go to backoffice part of Odoo
  90. response = self.get_request('/web/', data={'db': self.dbname})
  91. # He notices that he's redirected to login page as not authenticated
  92. self.assertIn('oe_login_form', response.data)
  93. # He needs to enter his credentials and submit the form
  94. data = {
  95. 'login': self.passkey_user.login,
  96. 'password': 'password',
  97. 'csrf_token': self.csrf_token(response),
  98. 'db': self.dbname
  99. }
  100. response = self.post_request('/web/login/', data=data)
  101. # He mistyped his password so he's redirected to login page again
  102. self.assertIn('Wrong login/password', response.data)
  103. def test_05_passkey_login_with_admin_password_succeed(self):
  104. # Our admin user wants to login as passkey user
  105. response = self.get_request('/web/', data={'db': self.dbname})
  106. # He notices that his redirected to login page as not authenticated
  107. self.assertIn('oe_login_form', response.data)
  108. # He needs to enters its password with passkey user's login
  109. data = {
  110. 'login': self.passkey_user.login,
  111. 'password': self.admin_password,
  112. 'csrf_token': self.csrf_token(response),
  113. 'db': self.dbname
  114. }
  115. response = self.post_request('/web/login/', data=data)
  116. # He notices that his redirected to backoffice
  117. self.assertNotIn('oe_login_form', response.data)
  118. def test_06_passkey_login_with_same_password_as_admin(self):
  119. self.passkey_user.password = self.admin_password
  120. # Our passkey user wants to go to backoffice part of Odoo
  121. response = self.get_request('/web/', data={'db': self.dbname})
  122. # He notices that his redirected to login page as not authenticated
  123. self.assertIn('oe_login_form', response.data)
  124. # He needs to enters his credentials and submit the form
  125. data = {
  126. 'login': self.passkey_user.login,
  127. 'password': self.admin_password,
  128. 'csrf_token': self.csrf_token(response),
  129. 'db': self.dbname
  130. }
  131. response = self.post_request('/web/login/', data=data)
  132. # He notices that his redirected to backoffice
  133. self.assertNotIn('oe_login_form', response.data)