69 lines
2.7 KiB
Python
69 lines
2.7 KiB
Python
from datetime import UTC, datetime
|
|
|
|
from argon2 import PasswordHasher
|
|
from httpx import AsyncClient
|
|
|
|
from porchlight.authn.password import PasswordService
|
|
from porchlight.models import PasswordCredential, User
|
|
from tests.conftest import get_csrf_token
|
|
|
|
|
|
async def test_password_login_unknown_user_returns_error_fragment(client: AsyncClient) -> None:
|
|
token = await get_csrf_token(client)
|
|
res = await client.post(
|
|
"/login/password",
|
|
data={"username": "nobody", "password": "wrong"},
|
|
headers={"HX-Request": "true", "X-CSRF-Token": token},
|
|
)
|
|
assert res.status_code == 200
|
|
assert "Invalid username or password" in res.text
|
|
assert 'role="alert"' in res.text
|
|
|
|
|
|
async def test_password_login_wrong_password_returns_error_fragment(client: AsyncClient) -> None:
|
|
app = client._transport.app # type: ignore[union-attr]
|
|
user_repo = app.state.user_repo
|
|
cred_repo = app.state.credential_repo
|
|
|
|
user = User(userid="lusab-bansen", username="alice", created_at=datetime.now(UTC), updated_at=datetime.now(UTC))
|
|
await user_repo.create(user)
|
|
|
|
svc = PasswordService(hasher=PasswordHasher(time_cost=1, memory_cost=8192))
|
|
await cred_repo.create_password(PasswordCredential(user_id=user.userid, password_hash=svc.hash("correct")))
|
|
|
|
token = await get_csrf_token(client)
|
|
res = await client.post(
|
|
"/login/password",
|
|
data={"username": "alice", "password": "wrong"},
|
|
headers={"HX-Request": "true", "X-CSRF-Token": token},
|
|
)
|
|
assert res.status_code == 200
|
|
assert "Invalid username or password" in res.text
|
|
|
|
|
|
async def test_password_login_success_sets_session_and_hx_redirect(client: AsyncClient) -> None:
|
|
app = client._transport.app # type: ignore[union-attr]
|
|
user_repo = app.state.user_repo
|
|
cred_repo = app.state.credential_repo
|
|
|
|
user = User(userid="lusab-bansen", username="alice", created_at=datetime.now(UTC), updated_at=datetime.now(UTC))
|
|
await user_repo.create(user)
|
|
|
|
svc = PasswordService(hasher=PasswordHasher(time_cost=1, memory_cost=8192))
|
|
await cred_repo.create_password(PasswordCredential(user_id=user.userid, password_hash=svc.hash("correct")))
|
|
|
|
token = await get_csrf_token(client)
|
|
res = await client.post(
|
|
"/login/password",
|
|
data={"username": "alice", "password": "correct"},
|
|
headers={"HX-Request": "true", "X-CSRF-Token": token},
|
|
)
|
|
assert res.status_code == 200
|
|
assert res.headers.get("HX-Redirect") == "/manage/credentials"
|
|
|
|
|
|
async def test_logout_clears_session_and_redirects(client: AsyncClient) -> None:
|
|
token = await get_csrf_token(client)
|
|
res = await client.post("/logout", headers={"HX-Request": "true", "X-CSRF-Token": token})
|
|
assert res.status_code == 200
|
|
assert res.headers.get("HX-Redirect") == "/login"
|