2017-11-17 22:26:25 +00:00
|
|
|
# This file is part of Supysonic.
|
|
|
|
# Supysonic is a Python implementation of the Subsonic server API.
|
|
|
|
#
|
|
|
|
# Copyright (C) 2013-2017 Alban 'spl0k' Féron
|
|
|
|
# 2017 Óscar García Amor
|
|
|
|
#
|
|
|
|
# Distributed under terms of the GNU AGPLv3 license.
|
|
|
|
|
2020-11-29 16:24:28 +00:00
|
|
|
import unittest
|
2017-11-17 22:26:25 +00:00
|
|
|
import uuid
|
|
|
|
|
2018-08-11 14:16:34 +00:00
|
|
|
from pony.orm import db_session
|
|
|
|
|
|
|
|
from supysonic.db import User
|
2017-11-17 22:26:25 +00:00
|
|
|
|
2017-11-19 16:49:31 +00:00
|
|
|
from .frontendtestbase import FrontendTestBase
|
2017-11-17 22:26:25 +00:00
|
|
|
|
2019-06-29 15:25:44 +00:00
|
|
|
|
2017-11-19 16:49:31 +00:00
|
|
|
class LoginTestCase(FrontendTestBase):
|
2017-11-17 22:26:25 +00:00
|
|
|
def test_unauthorized_request(self):
|
|
|
|
# Unauthorized request
|
2019-06-29 15:25:44 +00:00
|
|
|
rv = self.client.get("/", follow_redirects=True)
|
|
|
|
self.assertIn("Please login", rv.data)
|
2017-11-17 22:26:25 +00:00
|
|
|
|
|
|
|
def test_login_with_bad_data(self):
|
|
|
|
# Login with not blank user or password
|
2019-06-29 15:25:44 +00:00
|
|
|
rv = self._login("", "")
|
|
|
|
self.assertIn("Missing user name", rv.data)
|
|
|
|
self.assertIn("Missing password", rv.data)
|
2017-11-17 22:26:25 +00:00
|
|
|
# Login with not valid user or password
|
2019-06-29 15:25:44 +00:00
|
|
|
rv = self._login("nonexistent", "nonexistent")
|
|
|
|
self.assertIn("Wrong username or password", rv.data)
|
|
|
|
rv = self._login("alice", "badpassword")
|
|
|
|
self.assertIn("Wrong username or password", rv.data)
|
2017-11-17 22:26:25 +00:00
|
|
|
|
|
|
|
def test_login_admin(self):
|
|
|
|
# Login with a valid admin user
|
2019-06-29 15:25:44 +00:00
|
|
|
rv = self._login("alice", "Alic3")
|
|
|
|
self.assertIn("Logged in", rv.data)
|
|
|
|
self.assertIn("Users", rv.data)
|
|
|
|
self.assertIn("Folders", rv.data)
|
2017-11-17 22:26:25 +00:00
|
|
|
|
|
|
|
def test_login_non_admin(self):
|
|
|
|
# Login with a valid non-admin user
|
2019-06-29 15:25:44 +00:00
|
|
|
rv = self._login("bob", "B0b")
|
|
|
|
self.assertIn("Logged in", rv.data)
|
2017-11-17 22:26:25 +00:00
|
|
|
# Non-admin user cannot acces to users and folders
|
2019-06-29 15:25:44 +00:00
|
|
|
self.assertNotIn("Users", rv.data)
|
|
|
|
self.assertNotIn("Folders", rv.data)
|
2017-11-17 22:26:25 +00:00
|
|
|
|
|
|
|
def test_root_with_valid_session(self):
|
|
|
|
# Root with valid session
|
2017-12-19 22:16:55 +00:00
|
|
|
with db_session:
|
|
|
|
with self.client.session_transaction() as sess:
|
2019-06-29 15:25:44 +00:00
|
|
|
sess["userid"] = User.get(name="alice").id
|
|
|
|
rv = self.client.get("/", follow_redirects=True)
|
|
|
|
self.assertIn("alice", rv.data)
|
|
|
|
self.assertIn("Log out", rv.data)
|
|
|
|
self.assertIn("There's nothing much to see here.", rv.data)
|
2017-11-17 22:26:25 +00:00
|
|
|
|
|
|
|
def test_root_with_non_valid_session(self):
|
|
|
|
# Root with a no-valid session
|
|
|
|
with self.client.session_transaction() as sess:
|
2019-06-29 15:25:44 +00:00
|
|
|
sess["userid"] = uuid.uuid4()
|
|
|
|
rv = self.client.get("/", follow_redirects=True)
|
|
|
|
self.assertIn("Please login", rv.data)
|
2017-11-17 22:26:25 +00:00
|
|
|
|
2017-11-19 16:49:31 +00:00
|
|
|
def test_multiple_login(self):
|
2019-06-29 15:25:44 +00:00
|
|
|
self._login("alice", "Alic3")
|
|
|
|
rv = self._login("bob", "B0b")
|
|
|
|
self.assertIn("Already logged in", rv.data)
|
|
|
|
self.assertIn("alice", rv.data)
|
2017-11-19 16:49:31 +00:00
|
|
|
|
|
|
|
|
2019-06-29 15:25:44 +00:00
|
|
|
if __name__ == "__main__":
|
|
|
|
unittest.main()
|