2021-09-09 08:51:29 -08:00
|
|
|
import json
|
|
|
|
|
|
|
|
|
|
from fastapi.testclient import TestClient
|
|
|
|
|
|
2022-04-20 20:07:46 +02:00
|
|
|
from mealie.core.config import get_app_settings
|
2022-08-13 13:18:12 -08:00
|
|
|
from mealie.repos.repository_factory import AllRepositories
|
|
|
|
|
from mealie.services.user_services.user_service import UserService
|
2022-10-18 14:49:41 -08:00
|
|
|
from tests.utils import api_routes
|
2022-01-13 13:06:52 -09:00
|
|
|
from tests.utils.fixture_schemas import TestUser
|
2021-09-09 08:51:29 -08:00
|
|
|
|
|
|
|
|
|
2022-10-18 14:49:41 -08:00
|
|
|
def test_failed_login(api_client: TestClient):
|
2022-04-20 20:07:46 +02:00
|
|
|
settings = get_app_settings()
|
|
|
|
|
|
|
|
|
|
form_data = {"username": settings.DEFAULT_EMAIL, "password": "WRONG_PASSWORD"}
|
2022-12-30 12:44:54 -08:00
|
|
|
response = api_client.post(api_routes.auth_token, data=form_data)
|
2021-09-09 08:51:29 -08:00
|
|
|
|
|
|
|
|
assert response.status_code == 401
|
|
|
|
|
|
|
|
|
|
|
2022-10-18 14:49:41 -08:00
|
|
|
def test_superuser_login(api_client: TestClient, admin_token):
|
2022-04-20 20:07:46 +02:00
|
|
|
settings = get_app_settings()
|
|
|
|
|
|
|
|
|
|
form_data = {"username": settings.DEFAULT_EMAIL, "password": settings.DEFAULT_PASSWORD}
|
2022-12-30 12:44:54 -08:00
|
|
|
response = api_client.post(api_routes.auth_token, data=form_data)
|
2021-09-09 08:51:29 -08:00
|
|
|
|
|
|
|
|
assert response.status_code == 200
|
|
|
|
|
|
|
|
|
|
response = api_client.get(api_routes.users_self, headers=admin_token)
|
|
|
|
|
assert response.status_code == 200
|
|
|
|
|
|
2022-01-13 13:06:52 -09:00
|
|
|
|
2022-10-18 14:49:41 -08:00
|
|
|
def test_user_token_refresh(api_client: TestClient, admin_user: TestUser):
|
2022-01-13 13:06:52 -09:00
|
|
|
response = api_client.post(api_routes.auth_refresh, headers=admin_user.token)
|
|
|
|
|
response = api_client.get(api_routes.users_self, headers=admin_user.token)
|
|
|
|
|
assert response.status_code == 200
|
2022-08-13 13:18:12 -08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
def test_user_lockout_after_bad_attemps(api_client: TestClient, unique_user: TestUser, database: AllRepositories):
|
|
|
|
|
"""
|
2022-09-25 23:17:27 +00:00
|
|
|
if the user has more than 5 bad login attempts the user will be locked out for 4 hours
|
2022-08-13 13:18:12 -08:00
|
|
|
This only applies if there is a user in the database with the same username
|
|
|
|
|
"""
|
|
|
|
|
settings = get_app_settings()
|
|
|
|
|
|
|
|
|
|
for _ in range(settings.SECURITY_MAX_LOGIN_ATTEMPTS):
|
|
|
|
|
form_data = {"username": unique_user.email, "password": "bad_password"}
|
2022-12-30 12:44:54 -08:00
|
|
|
response = api_client.post(api_routes.auth_token, data=form_data)
|
2022-08-13 13:18:12 -08:00
|
|
|
|
|
|
|
|
assert response.status_code == 401
|
|
|
|
|
|
|
|
|
|
valid_data = {"username": unique_user.email, "password": unique_user.password}
|
2022-12-30 12:44:54 -08:00
|
|
|
response = api_client.post(api_routes.auth_token, data=valid_data)
|
2022-08-13 13:18:12 -08:00
|
|
|
assert response.status_code == 423
|
|
|
|
|
|
|
|
|
|
# Cleanup
|
|
|
|
|
user_service = UserService(database)
|
|
|
|
|
user = database.users.get_one(unique_user.user_id)
|
|
|
|
|
user_service.unlock_user(user)
|
