nielsperetzke
/
healthchecks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 32 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1849 Commits
2 Branches
15 MiB
Tree: 6bb0c77934
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6bb0c77934'
${ noResults }
healthchecks/hc/accounts/tests/test_login.py

181 lines
6.7 KiB
Raw Normal View History

Use BaseTestCase in test_login, less repetition
6 years ago
Tests for hc.accounts
9 years ago
Rate limiting for the "Log In" emails
6 years ago
Add test cases for the login_tfa view
4 years ago
Rate limiting for the "Log In" emails
6 years ago
Use BaseTestCase in test_login, less repetition
6 years ago
Tests for hc.accounts
9 years ago
_associate_demo_check was crashing for returning users after cleaning up old checks.
8 years ago
Use BaseTestCase in test_login, less repetition
6 years ago
"My Projects" page.
6 years ago
Simplify super() calls in tests
4 years ago
Add test cases for the login_tfa view
4 years ago
"My Projects" page.
6 years ago
Fix the login view to handle already authenticated users If an already authenticated user visits /accounts/login/, Healthchecks will now redirect them to their dashboard instead of showing the login form.
3 years ago
Fix email template to use SITE_LOGO_URL (with img/logo.png fallback) Fixes: #550
3 years ago
Tests for hc.accounts
9 years ago
Login form: rename the email box to "identity" to avoid some auto-signup bots
6 years ago
Tests for hc.accounts
9 years ago
Fix after-login redirects for users landing in the "Add Slack" page
6 years ago
Tests for hc.accounts
9 years ago
Separate sign up and login forms.
6 years ago
Tests for hc.accounts
9 years ago
Fix email template to use SITE_LOGO_URL (with img/logo.png fallback) Fixes: #550
3 years ago
Add absolute_site_logo_url template tag This commit adds a {% absolute_site_logo_url %} template tag. The tag emits an absolute url pointing to either SITE_LOGO_URL or to the fallback picture. The tag is used in base email template, in slack message template, and in "Add MS Teams" page. This commit also fixes a couple instances where absolute URLs were constructed like so: {% site_root %}/docs/ This would result in incorrect links if Healthchecks is not running at webserver's root. The correct way is: {% site_root %}{% url 'hc-docs' %} Finally, this commit removes stuff/logo.svg and stuff/logo-full.svg. Selfhosted sites should not use the official Healthchecks.io logos, so no point keeping them around there.
3 years ago
Fix email template to use SITE_LOGO_URL (with img/logo.png fallback) Fixes: #550
3 years ago
Tests for hc.accounts
9 years ago
Fix after-login redirects for users landing in the "Add Slack" page
6 years ago
Project code in URL for the "Add Slack" page. cc: #336
5 years ago
Fix after-login redirects for users landing in the "Add Slack" page
6 years ago
Signup form sets the "auto-login" cookie to avoid an extra click during first login
5 years ago
Fix after-login redirects for users landing in the "Add Slack" page
6 years ago
Project code in URL for the "Add Slack" page. cc: #336
5 years ago
Fix after-login redirects for users landing in the "Add Slack" page
6 years ago
Rate limiting for the "Log In" emails
6 years ago
Rate limit login-with-password attempts.
6 years ago
Rate limiting for the "Log In" emails
6 years ago
check token redirect to login on bad token
9 years ago
_associate_demo_check was crashing for returning users after cleaning up old checks.
8 years ago
Login form: rename the email box to "identity" to avoid some auto-signup bots
6 years ago
Add test for case insensitive email addresses.
7 years ago
Fix after-login redirects for users landing in the "Add Slack" page
6 years ago
Add test for case insensitive email addresses.
7 years ago
Use BaseTestCase in test_login, less repetition
6 years ago
Separate sign up and login forms.
6 years ago
Source formatted with Black
6 years ago
Separate sign up and login forms.
6 years ago
If user has a single project, _redirect_after_login redirects to it.
6 years ago
"My Projects" page.
6 years ago
Fix after-login redirects for users landing in the "Add Slack" page
6 years ago
Rate limit login-with-password attempts.
6 years ago
Source formatted with Black
6 years ago
Rate limit login-with-password attempts.
6 years ago
Fix after-login redirects for users landing in the "Add Slack" page
6 years ago
Drop Check.user_id and Channel.user_id (obsolete, using project_id now)
6 years ago
Fix after-login redirects to "Check Details" and other pages.
6 years ago
Source formatted with Black
6 years ago
Fix after-login redirects for users landing in the "Add Slack" page
6 years ago
Project code in URL for the "Add Slack" page. cc: #336
5 years ago
Fix after-login redirects to "Check Details" and other pages.
6 years ago
Fix after-login redirects for users landing in the "Add Slack" page
6 years ago
Source formatted with Black
6 years ago
Fix after-login redirects for users landing in the "Add Slack" page
6 years ago
Fix _allow_redirect function to reject absolute URLs This fixes a security issue: - attacker can crafts a redirect URL to an external site - attacker gets victim to click on it - victim logs in - after login, Healthchecks redirects victim to the external site The _allow_redirect function now additionally requires the redirect URL is relative (has no scheme or domain).
3 years ago
Separate sign up and login forms.
6 years ago
Source formatted with Black
6 years ago
Separate sign up and login forms.
6 years ago
Don't show the "Sign Up" link in the login page if registration is closed. Fixes #280
5 years ago
Add test cases for the login_tfa view
4 years ago
Rename login_tfa to login_webauthn
4 years ago
Add test cases for the login_tfa view
4 years ago
Add extra security checks in the login_webauthn view
4 years ago
Add test cases for the login_tfa view
4 years ago
Add extra security checks in the login_webauthn view
4 years ago
Add support for 2FA using TOTP Fixes: #354
3 years ago
Fix a crash during login when user's profile does not exist Fixes: #77
3 years ago
 
  1. from django.conf import settings
  2. from django.core import mail
  3. from django.test.utils import override_settings
  4. from hc.accounts.models import Credential
  5. from hc.api.models import Check, TokenBucket
  6. from hc.test import BaseTestCase
  7. 

  8. 

  9. class LoginTestCase(BaseTestCase):
  10.     def setUp(self):
  11.         super().setUp()
  12.         self.checks_url = f"/projects/{self.project.code}/checks/"
  13. 

  14.     def test_it_shows_form(self):
  15.         r = self.client.get("/accounts/login/")
  16.         self.assertContains(r, "Email Me a Link")
  17. 

  18.     def test_it_redirects_authenticated_get(self):
  19.         self.client.login(username="[email protected]", password="password")
  20. 

  21.         r = self.client.get("/accounts/login/")
  22.         self.assertRedirects(r, self.checks_url)
  23. 

  24.     @override_settings(SITE_ROOT="http://testserver")
  25.     def test_it_sends_link(self):
  26.         form = {"identity": "[email protected]"}
  27. 

  28.         r = self.client.post("/accounts/login/", form)
  29.         self.assertRedirects(r, "/accounts/login_link_sent/")
  30. 

  31.         # And email should have been sent
  32.         self.assertEqual(len(mail.outbox), 1)
  33.         message = mail.outbox[0]
  34.         self.assertEqual(message.subject, f"Log in to {settings.SITE_NAME}")
  35.         html = message.alternatives[0][0]
  36.         self.assertIn("http://testserver/static/img/logo.png", html)
  37.         self.assertIn("http://testserver/docs/", html)
  38. 

  39.     @override_settings(SITE_LOGO_URL="https://example.org/logo.svg")
  40.     def test_it_uses_custom_logo(self):
  41.         self.client.post("/accounts/login/", {"identity": "[email protected]"})
  42.         html = mail.outbox[0].alternatives[0][0]
  43.         self.assertIn("https://example.org/logo.svg", html)
  44. 

  45.     def test_it_sends_link_with_next(self):
  46.         form = {"identity": "[email protected]"}
  47. 

  48.         r = self.client.post("/accounts/login/?next=" + self.channels_url, form)
  49.         self.assertRedirects(r, "/accounts/login_link_sent/")
  50.         self.assertIn("auto-login", r.cookies)
  51. 

  52.         # The check_token link should have a ?next= query parameter:
  53.         self.assertEqual(len(mail.outbox), 1)
  54.         body = mail.outbox[0].body
  55.         self.assertTrue("/?next=" + self.channels_url in body)
  56. 

  57.     @override_settings(SECRET_KEY="test-secret")
  58.     def test_it_rate_limits_emails(self):
  59.         # "d60d..." is sha1("[email protected]")
  60.         obj = TokenBucket(value="em-d60db3b2343e713a4de3e92d4eb417e4f05f06ab")
  61.         obj.tokens = 0
  62.         obj.save()
  63. 

  64.         form = {"identity": "[email protected]"}
  65. 

  66.         r = self.client.post("/accounts/login/", form)
  67.         self.assertContains(r, "Too many attempts")
  68. 

  69.         # No email should have been sent
  70.         self.assertEqual(len(mail.outbox), 0)
  71. 

  72.     def test_it_pops_bad_link_from_session(self):
  73.         self.client.session["bad_link"] = True
  74.         self.client.get("/accounts/login/")
  75.         assert "bad_link" not in self.client.session
  76. 

  77.     def test_it_ignores_case(self):
  78.         form = {"identity": "[email protected]"}
  79. 

  80.         r = self.client.post("/accounts/login/", form)
  81.         self.assertRedirects(r, "/accounts/login_link_sent/")
  82. 

  83.         self.profile.refresh_from_db()
  84.         self.assertIn("login", self.profile.token)
  85. 

  86.     def test_it_handles_password(self):
  87.         form = {"action": "login", "email": "[email protected]", "password": "password"}
  88. 

  89.         r = self.client.post("/accounts/login/", form)
  90.         self.assertRedirects(r, self.checks_url)
  91. 

  92.     @override_settings(SECRET_KEY="test-secret")
  93.     def test_it_rate_limits_password_attempts(self):
  94.         # "d60d..." is sha1("[email protected]")
  95.         obj = TokenBucket(value="pw-d60db3b2343e713a4de3e92d4eb417e4f05f06ab")
  96.         obj.tokens = 0
  97.         obj.save()
  98. 

  99.         form = {"action": "login", "email": "[email protected]", "password": "password"}
  100. 

  101.         r = self.client.post("/accounts/login/", form)
  102.         self.assertContains(r, "Too many attempts")
  103. 

  104.     def test_it_handles_password_login_with_redirect(self):
  105.         check = Check.objects.create(project=self.project)
  106. 

  107.         form = {"action": "login", "email": "[email protected]", "password": "password"}
  108. 

  109.         samples = [self.channels_url, "/checks/%s/details/" % check.code]
  110. 

  111.         for s in samples:
  112.             r = self.client.post("/accounts/login/?next=%s" % s, form)
  113.             self.assertRedirects(r, s)
  114. 

  115.     def test_it_handles_bad_next_parameter(self):
  116.         form = {"action": "login", "email": "[email protected]", "password": "password"}
  117. 

  118.         samples = [
  119.             "/evil/",
  120.             f"https://example.org/projects/{self.project.code}/checks/",
  121.         ]
  122. 

  123.         for sample in samples:
  124.             r = self.client.post("/accounts/login/?next=" + sample, form)
  125.             self.assertRedirects(r, self.checks_url)
  126. 

  127.     def test_it_handles_wrong_password(self):
  128.         form = {
  129.             "action": "login",
  130.             "email": "[email protected]",
  131.             "password": "wrong password",
  132.         }
  133. 

  134.         r = self.client.post("/accounts/login/", form)
  135.         self.assertContains(r, "Incorrect email or password")
  136. 

  137.     @override_settings(REGISTRATION_OPEN=False)
  138.     def test_it_obeys_registration_open(self):
  139.         r = self.client.get("/accounts/login/")
  140.         self.assertNotContains(r, "Create Your Account")
  141. 

  142.     def test_it_redirects_to_webauthn_form(self):
  143.         Credential.objects.create(user=self.alice, name="Alices Key")
  144. 

  145.         form = {"action": "login", "email": "[email protected]", "password": "password"}
  146.         r = self.client.post("/accounts/login/", form)
  147.         self.assertRedirects(
  148.             r, "/accounts/login/two_factor/", fetch_redirect_response=False
  149.         )
  150. 

  151.         # It should not log the user in yet
  152.         self.assertNotIn("_auth_user_id", self.client.session)
  153. 

  154.         # Instead, it should set 2fa_user_id in the session
  155.         user_id, email, valid_until = self.client.session["2fa_user"]
  156.         self.assertEqual(user_id, self.alice.id)
  157. 

  158.     def test_it_redirects_to_totp_form(self):
  159.         self.profile.totp = "0" * 32
  160.         self.profile.save()
  161. 

  162.         form = {"action": "login", "email": "[email protected]", "password": "password"}
  163.         r = self.client.post("/accounts/login/", form)
  164.         self.assertRedirects(
  165.             r, "/accounts/login/two_factor/totp/", fetch_redirect_response=False
  166.         )
  167. 

  168.         # It should not log the user in yet
  169.         self.assertNotIn("_auth_user_id", self.client.session)
  170. 

  171.         # Instead, it should set 2fa_user_id in the session
  172.         user_id, email, valid_until = self.client.session["2fa_user"]
  173.         self.assertEqual(user_id, self.alice.id)
  174. 

  175.     def test_it_handles_missing_profile(self):
  176.         self.profile.delete()
  177. 

  178.         form = {"action": "login", "email": "[email protected]", "password": "password"}
  179. 

  180.         r = self.client.post("/accounts/login/", form)
  181.         self.assertRedirects(r, self.checks_url)