3 files changed, 169 insertions, 10 deletions

diff --git a/service/pixelated/resources/__init__.py b/service/pixelated/resources/__init__.py
index 9cde015f..06fcbe54 100644
--- a/service/pixelated/resources/__init__.py
+++ b/service/pixelated/resources/__init__.py
@@ -16,7 +16,7 @@
 
 import json
 
-from twisted.web._responses import UNAUTHORIZED
+from twisted.web.http import UNAUTHORIZED
 from twisted.web.resource import Resource
 
 # from pixelated.resources.login_resource import LoginResource
diff --git a/service/pixelated/resources/login_resource.py b/service/pixelated/resources/login_resource.py
index e7586bf6..8a18046c 100644
--- a/service/pixelated/resources/login_resource.py
+++ b/service/pixelated/resources/login_resource.py
@@ -19,7 +19,9 @@ import os
 
 from twisted.cred import credentials
 from twisted.internet import defer
-from twisted.web.resource import IResource
+from twisted.web import util
+from twisted.web.http import UNAUTHORIZED, OK
+from twisted.web.resource import IResource, NoResource
 from twisted.web.server import NOT_DONE_YET
 from twisted.web.static import File
 from twisted.web.template import Element, XMLFile, renderElement, renderer, tags
@@ -80,9 +82,12 @@ class LoginResource(BaseResource):
             return self
         if path == 'login':
             return self
-        return UnAuthorizedResource()
+        if not self.is_logged_in(request):
+            return UnAuthorizedResource()
+        return NoResource()
 
     def render_GET(self, request):
+        request.setResponseCode(OK)
         return self._render_template(request)
 
     def _render_template(self, request, error_msg=None):
@@ -92,11 +97,13 @@ class LoginResource(BaseResource):
     def render_POST(self, request):
 
         def render_response(response):
-            request.redirect("/")
+            util.redirectTo("/", request)
             request.finish()
 
         def render_error(error):
-            request.status = 500
+            log.info('Login Error for %s' % request.args['username'][0])
+            log.info('%s' % error)
+            request.setResponseCode(UNAUTHORIZED)
             return self._render_template(request, 'Invalid credentials')
 
         d = self._handle_login(request)
@@ -107,17 +114,13 @@ class LoginResource(BaseResource):
     @defer.inlineCallbacks
     def _handle_login(self, request):
         if self.is_logged_in(request):
+            request.setResponseCode(OK)
             defer.succeed(None)
             return
         username = request.args['username'][0]
         password = request.args['password'][0]
         creds = credentials.UsernamePassword(username, password)
-
         iface, leap_user, logout = yield self._portal.login(creds, None, IResource)
 
-        # we should really check whether the response is anonymous
-
         yield leap_user.start_services(self._services_factory)
         leap_user.init_http_session(request)
-
-        log.info('about to redirect to home page')
diff --git a/service/test/unit/resources/test_login_resource.py b/service/test/unit/resources/test_login_resource.py
new file mode 100644
index 00000000..04be26f8
--- /dev/null
+++ b/service/test/unit/resources/test_login_resource.py
@@ -0,0 +1,156 @@
+from leap.exceptions import SRPAuthenticationError
+from mock import patch
+from mockito import mock, when, any as ANY, verify, verifyZeroInteractions
+from twisted.cred import credentials
+from twisted.trial import unittest
+from twisted.web.resource import IResource
+from twisted.web.test.requesthelper import DummyRequest
+
+from pixelated.bitmask_libraries.session import LeapSession
+from pixelated.resources.auth import LeapUser
+from pixelated.resources.login_resource import LoginResource
+from test.unit.resources import DummySite
+
+
+class TestLoginResource(unittest.TestCase):
+    def setUp(self):
+        self.services_factory = mock()
+        self.portal = mock()
+        self.resource = LoginResource(self.services_factory, self.portal)
+        self.web = DummySite(self.resource)
+
+    def test_children_resources_are_unauthorized_when_not_logged_in(self):
+        request = DummyRequest(['/some_child_resource'])
+
+        d = self.web.get(request)
+
+        def assert_unauthorized_resources(_):
+            self.assertEqual(401, request.responseCode)
+            self.assertEqual("Unauthorized!", request.written[0])
+
+        d.addCallback(assert_unauthorized_resources)
+        return d
+
+    @patch('pixelated.resources.session.PixelatedSession.is_logged_in')
+    def test_there_are_no_grand_children_resources_when_logged_in(self, mock_is_logged_in):
+        request = DummyRequest(['/login/grand_children'])
+        mock_is_logged_in.return_value = True
+
+        d = self.web.get(request)
+
+        def assert_resources_not_found(_):
+            self.assertEqual(404, request.responseCode)
+            self.assertIn("No Such Resource", request.written[0])
+
+        d.addCallback(assert_resources_not_found)
+        return d
+
+    def test_get(self):
+        request = DummyRequest([''])
+
+        d = self.web.get(request)
+
+        def assert_form_rendered(_):
+            self.assertEqual(200, request.responseCode)
+            form_action = 'action="/login"'
+            form_method = 'method="post"'
+            input_username = '<input autofocus="" placeholder="  username" class="text-field" type="text" tabindex="1" id="email" name="username" />'
+            input_password = '<input placeholder="  password" class="text-field" type="password" tabindex="2" id="password" name="password" autocomplete="off" />'
+            input_submit = '<input type="submit" tabindex="3" class="button" name="login" value="Login" />'
+            written_response = ''.join(request.written)
+            self.assertIn(form_action, written_response)
+            self.assertIn(form_method, written_response)
+            self.assertIn(input_password, written_response)
+            self.assertIn(input_submit, written_response)
+            self.assertIn(input_username, written_response)
+
+        d.addCallback(assert_form_rendered)
+        return d
+
+
+class TestLoginPOST(unittest.TestCase):
+    def setUp(self):
+        self.services_factory = mock()
+        self.portal = mock()
+        self.resource = LoginResource(self.services_factory, self.portal)
+        self.web = DummySite(self.resource)
+
+        self.request = DummyRequest([''])
+        username = 'ayoyo'
+        self.request.addArg('username', username)
+        password = 'ayoyo_password'
+        self.request.addArg('password', password)
+        self.request.method = 'POST'
+        leap_session = mock(LeapSession)
+        user_auth = mock()
+        user_auth.uuid = 'some_user_uuid'
+        leap_session.user_auth = user_auth
+        config = mock()
+        config.leap_home = 'some_folder'
+        leap_session.config = config
+        leap_session.fresh_account = False
+        self.leap_user = LeapUser(leap_session)
+
+    @patch('twisted.web.util.redirectTo')
+    @patch('pixelated.config.services.Services.setup')
+    def test_login_setups_user_services_and_add_corresponding_session_to_services_factory(self, mock_service_setup, mock_redirect):
+        irrelevant = None
+        when(self.portal).login(ANY(), None, IResource).thenReturn((irrelevant, self.leap_user, irrelevant))
+        d = self.web.get(self.request)
+
+        def assert_login_setup_service_for_user(_):
+            verify(self.portal).login(ANY(), None, IResource)
+            self.assertTrue(mock_service_setup.called)
+            verify(self.services_factory).add_session('some_user_uuid', ANY())
+            mock_redirect.assert_called_once_with('/', self.request)
+            self.assertTrue(self.resource.is_logged_in(self.request))
+
+        d.addCallback(assert_login_setup_service_for_user)
+        return d
+
+    def test_should_return_form_back_with_error_message_when_login_fails(self, ):
+        when(self.portal).login(ANY(), None, IResource).thenRaise(Exception())
+        d = self.web.get(self.request)
+
+        def assert_login_setup_service_for_user(_):
+            verify(self.portal).login(ANY(), None, IResource)
+            self.assertEqual(401, self.request.responseCode)
+            written_response = ''.join(self.request.written)
+            self.assertIn('Invalid credentials', written_response)
+            self.assertFalse(self.resource.is_logged_in(self.request))
+
+        d.addCallback(assert_login_setup_service_for_user)
+        return d
+
+    @patch('pixelated.bitmask_libraries.session.LeapSessionFactory.create')
+    @patch('leap.auth.SRPAuth.authenticate')
+    @patch('pixelated.config.services.Services.setup')
+    def test_leap_session_is_not_created_when_leap_auth_fails(self, mock_service_setup, mock_leap_srp_auth, mock_leap_session_create):
+        mock_leap_srp_auth.side_effect = SRPAuthenticationError()
+
+        d = self.web.get(self.request)
+
+        def assert_login_setup_service_for_user(_):
+            verify(self.portal).login(ANY(), None, IResource)
+            self.assertFalse(mock_leap_session_create.called)
+            self.assertFalse(mock_service_setup.called)
+            self.assertEqual(401, self.request.responseCode)
+            self.assertFalse(self.resource.is_logged_in(self.request))
+
+        d.addCallback(assert_login_setup_service_for_user)
+        return d
+
+    @patch('twisted.web.util.redirectTo')
+    @patch('pixelated.resources.session.PixelatedSession.is_logged_in')
+    def test_should_not_process_login_if_already_logged_in(self, mock_logged_in, mock_redirect):
+        mock_logged_in.return_value = True
+        when(self.portal).login(ANY(), None, IResource).thenRaise(Exception())
+        d = self.web.get(self.request)
+
+        def assert_login_setup_service_for_user(_):
+            verifyZeroInteractions(self.portal)
+            self.assertEqual(200, self.request.responseCode)
+            mock_redirect.assert_called_once_with('/', self.request)
+
+        d.addCallback(assert_login_setup_service_for_user)
+        return d