summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--service/pixelated/resources/__init__.py2
-rw-r--r--service/pixelated/resources/login_resource.py21
-rw-r--r--service/test/unit/resources/test_login_resource.py156
3 files changed, 169 insertions, 10 deletions
diff --git a/service/pixelated/resources/__init__.py b/service/pixelated/resources/__init__.py
index 9cde015f..06fcbe54 100644
--- a/service/pixelated/resources/__init__.py
+++ b/service/pixelated/resources/__init__.py
@@ -16,7 +16,7 @@
import json
-from twisted.web._responses import UNAUTHORIZED
+from twisted.web.http import UNAUTHORIZED
from twisted.web.resource import Resource
# from pixelated.resources.login_resource import LoginResource
diff --git a/service/pixelated/resources/login_resource.py b/service/pixelated/resources/login_resource.py
index e7586bf6..8a18046c 100644
--- a/service/pixelated/resources/login_resource.py
+++ b/service/pixelated/resources/login_resource.py
@@ -19,7 +19,9 @@ import os
from twisted.cred import credentials
from twisted.internet import defer
-from twisted.web.resource import IResource
+from twisted.web import util
+from twisted.web.http import UNAUTHORIZED, OK
+from twisted.web.resource import IResource, NoResource
from twisted.web.server import NOT_DONE_YET
from twisted.web.static import File
from twisted.web.template import Element, XMLFile, renderElement, renderer, tags
@@ -80,9 +82,12 @@ class LoginResource(BaseResource):
return self
if path == 'login':
return self
- return UnAuthorizedResource()
+ if not self.is_logged_in(request):
+ return UnAuthorizedResource()
+ return NoResource()
def render_GET(self, request):
+ request.setResponseCode(OK)
return self._render_template(request)
def _render_template(self, request, error_msg=None):
@@ -92,11 +97,13 @@ class LoginResource(BaseResource):
def render_POST(self, request):
def render_response(response):
- request.redirect("/")
+ util.redirectTo("/", request)
request.finish()
def render_error(error):
- request.status = 500
+ log.info('Login Error for %s' % request.args['username'][0])
+ log.info('%s' % error)
+ request.setResponseCode(UNAUTHORIZED)
return self._render_template(request, 'Invalid credentials')
d = self._handle_login(request)
@@ -107,17 +114,13 @@ class LoginResource(BaseResource):
@defer.inlineCallbacks
def _handle_login(self, request):
if self.is_logged_in(request):
+ request.setResponseCode(OK)
defer.succeed(None)
return
username = request.args['username'][0]
password = request.args['password'][0]
creds = credentials.UsernamePassword(username, password)
-
iface, leap_user, logout = yield self._portal.login(creds, None, IResource)
- # we should really check whether the response is anonymous
-
yield leap_user.start_services(self._services_factory)
leap_user.init_http_session(request)
-
- log.info('about to redirect to home page')
diff --git a/service/test/unit/resources/test_login_resource.py b/service/test/unit/resources/test_login_resource.py
new file mode 100644
index 00000000..04be26f8
--- /dev/null
+++ b/service/test/unit/resources/test_login_resource.py
@@ -0,0 +1,156 @@
+from leap.exceptions import SRPAuthenticationError
+from mock import patch
+from mockito import mock, when, any as ANY, verify, verifyZeroInteractions
+from twisted.cred import credentials
+from twisted.trial import unittest
+from twisted.web.resource import IResource
+from twisted.web.test.requesthelper import DummyRequest
+
+from pixelated.bitmask_libraries.session import LeapSession
+from pixelated.resources.auth import LeapUser
+from pixelated.resources.login_resource import LoginResource
+from test.unit.resources import DummySite
+
+
+class TestLoginResource(unittest.TestCase):
+ def setUp(self):
+ self.services_factory = mock()
+ self.portal = mock()
+ self.resource = LoginResource(self.services_factory, self.portal)
+ self.web = DummySite(self.resource)
+
+ def test_children_resources_are_unauthorized_when_not_logged_in(self):
+ request = DummyRequest(['/some_child_resource'])
+
+ d = self.web.get(request)
+
+ def assert_unauthorized_resources(_):
+ self.assertEqual(401, request.responseCode)
+ self.assertEqual("Unauthorized!", request.written[0])
+
+ d.addCallback(assert_unauthorized_resources)
+ return d
+
+ @patch('pixelated.resources.session.PixelatedSession.is_logged_in')
+ def test_there_are_no_grand_children_resources_when_logged_in(self, mock_is_logged_in):
+ request = DummyRequest(['/login/grand_children'])
+ mock_is_logged_in.return_value = True
+
+ d = self.web.get(request)
+
+ def assert_resources_not_found(_):
+ self.assertEqual(404, request.responseCode)
+ self.assertIn("No Such Resource", request.written[0])
+
+ d.addCallback(assert_resources_not_found)
+ return d
+
+ def test_get(self):
+ request = DummyRequest([''])
+
+ d = self.web.get(request)
+
+ def assert_form_rendered(_):
+ self.assertEqual(200, request.responseCode)
+ form_action = 'action="/login"'
+ form_method = 'method="post"'
+ input_username = '<input autofocus="" placeholder=" username" class="text-field" type="text" tabindex="1" id="email" name="username" />'
+ input_password = '<input placeholder=" password" class="text-field" type="password" tabindex="2" id="password" name="password" autocomplete="off" />'
+ input_submit = '<input type="submit" tabindex="3" class="button" name="login" value="Login" />'
+ written_response = ''.join(request.written)
+ self.assertIn(form_action, written_response)
+ self.assertIn(form_method, written_response)
+ self.assertIn(input_password, written_response)
+ self.assertIn(input_submit, written_response)
+ self.assertIn(input_username, written_response)
+
+ d.addCallback(assert_form_rendered)
+ return d
+
+
+class TestLoginPOST(unittest.TestCase):
+ def setUp(self):
+ self.services_factory = mock()
+ self.portal = mock()
+ self.resource = LoginResource(self.services_factory, self.portal)
+ self.web = DummySite(self.resource)
+
+ self.request = DummyRequest([''])
+ username = 'ayoyo'
+ self.request.addArg('username', username)
+ password = 'ayoyo_password'
+ self.request.addArg('password', password)
+ self.request.method = 'POST'
+ leap_session = mock(LeapSession)
+ user_auth = mock()
+ user_auth.uuid = 'some_user_uuid'
+ leap_session.user_auth = user_auth
+ config = mock()
+ config.leap_home = 'some_folder'
+ leap_session.config = config
+ leap_session.fresh_account = False
+ self.leap_user = LeapUser(leap_session)
+
+ @patch('twisted.web.util.redirectTo')
+ @patch('pixelated.config.services.Services.setup')
+ def test_login_setups_user_services_and_add_corresponding_session_to_services_factory(self, mock_service_setup, mock_redirect):
+ irrelevant = None
+ when(self.portal).login(ANY(), None, IResource).thenReturn((irrelevant, self.leap_user, irrelevant))
+ d = self.web.get(self.request)
+
+ def assert_login_setup_service_for_user(_):
+ verify(self.portal).login(ANY(), None, IResource)
+ self.assertTrue(mock_service_setup.called)
+ verify(self.services_factory).add_session('some_user_uuid', ANY())
+ mock_redirect.assert_called_once_with('/', self.request)
+ self.assertTrue(self.resource.is_logged_in(self.request))
+
+ d.addCallback(assert_login_setup_service_for_user)
+ return d
+
+ def test_should_return_form_back_with_error_message_when_login_fails(self, ):
+ when(self.portal).login(ANY(), None, IResource).thenRaise(Exception())
+ d = self.web.get(self.request)
+
+ def assert_login_setup_service_for_user(_):
+ verify(self.portal).login(ANY(), None, IResource)
+ self.assertEqual(401, self.request.responseCode)
+ written_response = ''.join(self.request.written)
+ self.assertIn('Invalid credentials', written_response)
+ self.assertFalse(self.resource.is_logged_in(self.request))
+
+ d.addCallback(assert_login_setup_service_for_user)
+ return d
+
+ @patch('pixelated.bitmask_libraries.session.LeapSessionFactory.create')
+ @patch('leap.auth.SRPAuth.authenticate')
+ @patch('pixelated.config.services.Services.setup')
+ def test_leap_session_is_not_created_when_leap_auth_fails(self, mock_service_setup, mock_leap_srp_auth, mock_leap_session_create):
+ mock_leap_srp_auth.side_effect = SRPAuthenticationError()
+
+ d = self.web.get(self.request)
+
+ def assert_login_setup_service_for_user(_):
+ verify(self.portal).login(ANY(), None, IResource)
+ self.assertFalse(mock_leap_session_create.called)
+ self.assertFalse(mock_service_setup.called)
+ self.assertEqual(401, self.request.responseCode)
+ self.assertFalse(self.resource.is_logged_in(self.request))
+
+ d.addCallback(assert_login_setup_service_for_user)
+ return d
+
+ @patch('twisted.web.util.redirectTo')
+ @patch('pixelated.resources.session.PixelatedSession.is_logged_in')
+ def test_should_not_process_login_if_already_logged_in(self, mock_logged_in, mock_redirect):
+ mock_logged_in.return_value = True
+ when(self.portal).login(ANY(), None, IResource).thenRaise(Exception())
+ d = self.web.get(self.request)
+
+ def assert_login_setup_service_for_user(_):
+ verifyZeroInteractions(self.portal)
+ self.assertEqual(200, self.request.responseCode)
+ mock_redirect.assert_called_once_with('/', self.request)
+
+ d.addCallback(assert_login_setup_service_for_user)
+ return d