4.21.3

app/tests/auth/test_api_to_cookie.py

@@ -0,0 +1,29 @@
+from flask import url_for
+
+from app.models import ApiToCookieToken, ApiKey
+from tests.utils import create_new_user
+
+
+def test_get_cookie(flask_client):
+    user = create_new_user()
+    api_key = ApiKey.create(
+        user_id=user.id,
+        commit=True,
+    )
+    token = ApiToCookieToken.create(
+        user_id=user.id,
+        api_key_id=api_key.id,
+        commit=True,
+    )
+    token_code = token.code
+    token_id = token.id
+
+    r = flask_client.get(
+        url_for(
+            "auth.api_to_cookie", token=token_code, next=url_for("dashboard.setting")
+        ),
+        follow_redirects=True,
+    )
+
+    assert ApiToCookieToken.get(token_id) is None
+    assert r.headers.getlist("Set-Cookie") is not None

app/tests/auth/test_change_email.py

@@ -0,0 +1,33 @@
+from flask import url_for
+
+from app.db import Session
+from app.models import EmailChange, User, ResetPasswordCode
+from tests.utils import create_new_user, random_token, random_email
+
+
+def test_change_email(flask_client):
+    user = create_new_user()
+    user.activated = False
+    user_id = user.id
+    email_change = EmailChange.create(
+        user_id=user.id,
+        code=random_token(),
+        new_email=random_email(),
+    )
+    reset_id = ResetPasswordCode.create(user_id=user_id, code=random_token()).id
+    email_change_id = email_change.id
+    email_change_code = email_change.code
+    new_email = email_change.new_email
+    Session.commit()
+
+    r = flask_client.get(
+        url_for("auth.change_email", code=email_change_code),
+        follow_redirects=True,
+    )
+
+    assert r.status_code == 200
+
+    user = User.get(user_id)
+    assert user.email == new_email
+    assert EmailChange.get(email_change_id) is None
+    assert ResetPasswordCode.get(reset_id) is None

app/tests/auth/test_login.py

@@ -0,0 +1,82 @@
+from flask import url_for
+
+from app.db import Session
+from app.utils import canonicalize_email, random_string
+from tests.utils import create_new_user
+
+
+def test_unactivated_user_login(flask_client):
+    user = create_new_user()
+    user.activated = False
+    Session.commit()
+
+    r = flask_client.post(
+        url_for("auth.login"),
+        data={"email": user.email, "password": "password"},
+        follow_redirects=True,
+    )
+
+    assert r.status_code == 200
+    assert (
+        b"Please check your inbox for the activation email. You can also have this email re-sent"
+        in r.data
+    )
+
+
+def test_non_canonical_login(flask_client):
+    email = f"pre.{random_string(10)}@gmail.com"
+    name = f"NAME-{random_string(10)}"
+    user = create_new_user(email, name)
+    Session.commit()
+
+    r = flask_client.post(
+        url_for("auth.login"),
+        data={"email": user.email, "password": "password"},
+        follow_redirects=True,
+    )
+
+    assert r.status_code == 200
+    assert name.encode("utf-8") in r.data
+
+    canonical_email = canonicalize_email(email)
+    assert canonical_email != email
+
+    flask_client.get(url_for("auth.logout"))
+
+    r = flask_client.post(
+        url_for("auth.login"),
+        data={"email": canonical_email, "password": "password"},
+        follow_redirects=True,
+    )
+
+    assert r.status_code == 200
+    assert name.encode("utf-8") not in r.data
+
+
+def test_canonical_login_with_non_canonical_email(flask_client):
+    suffix = f"{random_string(10)}@gmail.com"
+    canonical_email = f"pre{suffix}"
+    non_canonical_email = f"pre.{suffix}"
+    name = f"NAME-{random_string(10)}"
+    create_new_user(canonical_email, name)
+    Session.commit()
+
+    r = flask_client.post(
+        url_for("auth.login"),
+        data={"email": non_canonical_email, "password": "password"},
+        follow_redirects=True,
+    )
+
+    assert r.status_code == 200
+    assert name.encode("utf-8") in r.data
+
+    flask_client.get(url_for("auth.logout"))
+
+    r = flask_client.post(
+        url_for("auth.login"),
+        data={"email": canonical_email, "password": "password"},
+        follow_redirects=True,
+    )
+
+    assert r.status_code == 200
+    assert name.encode("utf-8") in r.data

app/tests/auth/test_proton.py

@@ -0,0 +1,23 @@
+from flask import url_for
+from urllib.parse import parse_qs
+from urllib3.util import parse_url
+
+from app.config import URL, PROTON_CLIENT_ID
+
+
+def test_login_with_proton(flask_client):
+    r = flask_client.get(
+        url_for("auth.proton_login"),
+        follow_redirects=False,
+    )
+    location = r.headers.get("Location")
+    assert location is not None
+
+    parsed = parse_url(location)
+    query = parse_qs(parsed.query)
+
+    expected_redirect_url = f"{URL}/auth/proton/callback"
+
+    assert "code" == query["response_type"][0]
+    assert PROTON_CLIENT_ID == query["client_id"][0]
+    assert expected_redirect_url == query["redirect_uri"][0]

app/tests/auth/test_register.py

@@ -0,0 +1,88 @@
+from flask import url_for
+
+from app import config
+from app.db import Session
+from app.models import DailyMetric, User
+from app.utils import canonicalize_email
+from tests.utils import create_new_user, random_email
+
+
+def setup_module():
+    config.SKIP_MX_LOOKUP_ON_CHECK = True
+
+
+def teardown_module():
+    config.SKIP_MX_LOOKUP_ON_CHECK = False
+
+
+def test_register_success(flask_client):
+    email = random_email()
+    r = flask_client.post(
+        url_for("auth.register"),
+        data={"email": email, "password": "password"},
+        follow_redirects=True,
+    )
+
+    assert r.status_code == 200
+    # User arrives at the waiting activation page.
+    assert b"An email to validate your email is on its way" in r.data
+
+
+def test_register_increment_nb_new_web_non_proton_user(flask_client):
+    daily_metric = DailyMetric.get_or_create_today_metric()
+    Session.commit()
+    nb_new_web_non_proton_user = daily_metric.nb_new_web_non_proton_user
+
+    r = flask_client.post(
+        url_for("auth.register"),
+        data={"email": random_email(), "password": "password"},
+        follow_redirects=True,
+    )
+
+    assert r.status_code == 200
+    new_daily_metric = DailyMetric.get_or_create_today_metric()
+    assert new_daily_metric.nb_new_web_non_proton_user == nb_new_web_non_proton_user + 1
+
+
+def test_register_disabled(flask_client):
+    """User cannot create new account when DISABLE_REGISTRATION."""
+
+    config.DISABLE_REGISTRATION = True
+
+    r = flask_client.post(
+        url_for("auth.register"),
+        data={"email": "abcd@gmail.com", "password": "password"},
+        follow_redirects=True,
+    )
+
+    config.DISABLE_REGISTRATION = False
+    assert b"Registration is closed" in r.data
+
+
+def test_register_non_canonical_if_canonical_exists_is_not_allowed(flask_client):
+    """User cannot create new account if the canonical name clashes"""
+    email = f"noncan.{random_email()}"
+    canonical_email = canonicalize_email(email)
+    create_new_user(email=canonical_email)
+
+    r = flask_client.post(
+        url_for("auth.register"),
+        data={"email": email, "password": "password"},
+        follow_redirects=True,
+    )
+
+    assert f"Email {canonical_email} already used".encode("utf-8") in r.data
+
+
+def test_register_non_canonical_is_canonicalized(flask_client):
+    """User cannot create new account if the canonical name clashes"""
+    email = f"noncan.{random_email()}"
+
+    r = flask_client.post(
+        url_for("auth.register"),
+        data={"email": email, "password": "password"},
+        follow_redirects=True,
+    )
+
+    assert b"An email to validate your email is on its way" in r.data
+    assert User.get_by(email=canonicalize_email(email)) is not None