|
|
- from django.test.utils import override_settings
-
- from hc.test import BaseTestCase
- from hc.accounts.models import Credential
-
-
- @override_settings(RP_ID="testserver")
- class RemoveCredentialTestCase(BaseTestCase):
- def setUp(self):
- super().setUp()
-
- self.c = Credential.objects.create(user=self.alice, name="Alices Key")
- self.url = f"/accounts/two_factor/{self.c.code}/remove/"
-
- def test_it_requires_sudo_mode(self):
- self.client.login(username="[email protected]", password="password")
-
- r = self.client.get(self.url)
- self.assertContains(r, "We have sent a confirmation code")
-
- @override_settings(RP_ID=None)
- def test_it_requires_rp_id(self):
- self.client.login(username="[email protected]", password="password")
- self.set_sudo_flag()
-
- r = self.client.get(self.url)
- self.assertEqual(r.status_code, 404)
-
- def test_it_shows_form(self):
- self.client.login(username="[email protected]", password="password")
- self.set_sudo_flag()
-
- r = self.client.get(self.url)
- self.assertContains(r, "Remove Security Key")
- self.assertContains(r, "Alices Key")
- self.assertContains(r, "two-factor authentication will no longer be active")
-
- def test_it_skips_warning_when_other_2fa_methods_exist(self):
- self.profile.totp = "0" * 32
- self.profile.save()
-
- self.client.login(username="[email protected]", password="password")
- self.set_sudo_flag()
-
- r = self.client.get(self.url)
- self.assertNotContains(r, "two-factor authentication will no longer be active")
-
- def test_it_removes_credential(self):
- self.client.login(username="[email protected]", password="password")
- self.set_sudo_flag()
-
- r = self.client.post(self.url, {"remove_credential": ""}, follow=True)
- self.assertRedirects(r, "/accounts/profile/")
- self.assertContains(r, "Removed security key <strong>Alices Key</strong>")
-
- self.assertFalse(self.alice.credentials.exists())
-
- def test_it_checks_owner(self):
- self.client.login(username="[email protected]", password="password")
- self.set_sudo_flag()
-
- r = self.client.post(self.url, {"remove_credential": ""})
- self.assertEqual(r.status_code, 400)
|