mealie/tests/integration_tests/user_tests/test_user_login.py

import json

from fastapi.testclient import TestClient

from mealie.core.config import get_app_settings
from mealie.repos.repository_factory import AllRepositories
from mealie.services.user_services.user_service import UserService
from tests.utils.app_routes import AppRoutes
from tests.utils.fixture_schemas import TestUser


def test_failed_login(api_client: TestClient, api_routes: AppRoutes):
    settings = get_app_settings()

    form_data = {"username": settings.DEFAULT_EMAIL, "password": "WRONG_PASSWORD"}
    response = api_client.post(api_routes.auth_token, form_data)

    assert response.status_code == 401


def test_superuser_login(api_client: TestClient, api_routes: AppRoutes, admin_token):
    settings = get_app_settings()

    form_data = {"username": settings.DEFAULT_EMAIL, "password": settings.DEFAULT_PASSWORD}
    response = api_client.post(api_routes.auth_token, form_data)

    assert response.status_code == 200
    new_token = json.loads(response.text).get("access_token")

    response = api_client.get(api_routes.users_self, headers=admin_token)
    assert response.status_code == 200

    return {"Authorization": f"Bearer {new_token}"}


def test_user_token_refresh(api_client: TestClient, api_routes: AppRoutes, admin_user: TestUser):
    response = api_client.post(api_routes.auth_refresh, headers=admin_user.token)
    response = api_client.get(api_routes.users_self, headers=admin_user.token)
    assert response.status_code == 200


def test_user_lockout_after_bad_attemps(api_client: TestClient, unique_user: TestUser, database: AllRepositories):
    """
    if the user has more than 5 bad login attempts the user will be locked out for 4 hours
    This only applies if there is a user in the database with the same username
    """
    routes = AppRoutes()
    settings = get_app_settings()

    for _ in range(settings.SECURITY_MAX_LOGIN_ATTEMPTS):
        form_data = {"username": unique_user.email, "password": "bad_password"}
        response = api_client.post(routes.auth_token, form_data)

        assert response.status_code == 401

    valid_data = {"username": unique_user.email, "password": unique_user.password}
    response = api_client.post(routes.auth_token, valid_data)
    assert response.status_code == 423

    # Cleanup
    user_service = UserService(database)
    user = database.users.get_one(unique_user.user_id)
    user_service.unlock_user(user)
feat(backend): ✨ start multi-tenant support (WIP) (#680) * fix ts types * feat(code-generation): :recycle: update code-generation formats * new scope * add step button * fix linter error * update code-generation tags * feat(backend): :sparkles: start multi-tenant support * feat(backend): :sparkles: group invitation token generation and signup * refactor(backend): :recycle: move group admin actions to admin router * set url base to include `/admin` * feat(frontend): :sparkles: generate user sign-up links * test(backend): :white_check_mark: refactor test-suite to further decouple tests (WIP) * feat(backend): :bug: assign owner on backup import for recipes * fix(backend): :bug: assign recipe owner on migration from other service Co-authored-by: hay-kot <hay-kot@pm.me> 2021-09-09 08:51:29 -08:00			`import json`

			`from fastapi.testclient import TestClient`

Fix failed tests when env default email/password were changed (#1157) * fix: failed tests when env default email/password changed * Remove default email exposition in docs 2022-04-20 20:07:46 +02:00			`from mealie.core.config import get_app_settings`
security: implement user lockout (#1552) * add data-types required for login security * implement user lockout checking at login * cleanup legacy patterns * expose passwords in test_user * test user lockout after bad attempts * test user service * bump alembic version * save increment to database * add locked_at to datetime transformer on import * do proper test cleanup * implement scheduled task * spelling * document env variables * implement context manager for session * use context manager * implement reset script * cleanup generator * run generator * implement API endpoint for resetting locked users * add button to reset all locked users * add info when account is locked * use ignore instead of expect-error 2022-08-13 13:18:12 -08:00			`from mealie.repos.repository_factory import AllRepositories`
			`from mealie.services.user_services.user_service import UserService`
feat(backend): ✨ refactor/fix group management for admins (#838) * fix(frontend): :bug: update dialog implementation to simplify state management * test(backend): :white_check_mark: refactor test fixtures + admin group tests * chore(backend): :hammer: add launcher.json for python debugging (tests) * fix typing * feat(backend): :sparkles: refactor/fix group management for admins * feat(frontend): :sparkles: add/fix admin group management * add LDAP checker Co-authored-by: hay-kot <hay-kot@pm.me> 2021-11-25 14:17:02 -09:00			`from tests.utils.app_routes import AppRoutes`
Refactor/conver to controllers (#923) * add dependency injection for get_repositories * convert events api to controller * update generic typing * add abstract controllers * update test naming * migrate admin services to controllers * add additional admin route tests * remove print * add public shared dependencies * add types * fix typo * add static variables for recipe json keys * add coverage gutters config * update controller routers * add generic success response * add category/tag/tool tests * add token refresh test * add coverage utilities * covert comments to controller * add todo * add helper properties * delete old service * update test notes * add unit test for pretty_stats * remove dead code from post_webhooks * update group routes to use controllers * add additional group test coverage * abstract common permission checks * convert ingredient parser to controller * update recipe crud to use controller * remove dead-code * add class lifespan tracker for debugging * convert bulk export to controller * migrate tools router to controller * update recipe share to controller * move customer router to _base * ignore prints in flake8 * convert units and foods to new controllers * migrate user routes to controllers * centralize error handling * fix invalid ref * reorder fields * update routers to share common handling * update tests * remove prints * fix cookbooks delete * fix cookbook get * add controller for mealplanner * cover report routes to controller * remove __future__ imports * remove dead code * remove all base_http children and remove dead code 2022-01-13 13:06:52 -09:00			`from tests.utils.fixture_schemas import TestUser`
feat(backend): ✨ start multi-tenant support (WIP) (#680) * fix ts types * feat(code-generation): :recycle: update code-generation formats * new scope * add step button * fix linter error * update code-generation tags * feat(backend): :sparkles: start multi-tenant support * feat(backend): :sparkles: group invitation token generation and signup * refactor(backend): :recycle: move group admin actions to admin router * set url base to include `/admin` * feat(frontend): :sparkles: generate user sign-up links * test(backend): :white_check_mark: refactor test-suite to further decouple tests (WIP) * feat(backend): :bug: assign owner on backup import for recipes * fix(backend): :bug: assign recipe owner on migration from other service Co-authored-by: hay-kot <hay-kot@pm.me> 2021-09-09 08:51:29 -08:00

			`def test_failed_login(api_client: TestClient, api_routes: AppRoutes):`
Fix failed tests when env default email/password were changed (#1157) * fix: failed tests when env default email/password changed * Remove default email exposition in docs 2022-04-20 20:07:46 +02:00			`settings = get_app_settings()`

			`form_data = {"username": settings.DEFAULT_EMAIL, "password": "WRONG_PASSWORD"}`
feat(backend): ✨ start multi-tenant support (WIP) (#680) * fix ts types * feat(code-generation): :recycle: update code-generation formats * new scope * add step button * fix linter error * update code-generation tags * feat(backend): :sparkles: start multi-tenant support * feat(backend): :sparkles: group invitation token generation and signup * refactor(backend): :recycle: move group admin actions to admin router * set url base to include `/admin` * feat(frontend): :sparkles: generate user sign-up links * test(backend): :white_check_mark: refactor test-suite to further decouple tests (WIP) * feat(backend): :bug: assign owner on backup import for recipes * fix(backend): :bug: assign recipe owner on migration from other service Co-authored-by: hay-kot <hay-kot@pm.me> 2021-09-09 08:51:29 -08:00			`response = api_client.post(api_routes.auth_token, form_data)`

			`assert response.status_code == 401`


			`def test_superuser_login(api_client: TestClient, api_routes: AppRoutes, admin_token):`
Fix failed tests when env default email/password were changed (#1157) * fix: failed tests when env default email/password changed * Remove default email exposition in docs 2022-04-20 20:07:46 +02:00			`settings = get_app_settings()`

			`form_data = {"username": settings.DEFAULT_EMAIL, "password": settings.DEFAULT_PASSWORD}`
feat(backend): ✨ start multi-tenant support (WIP) (#680) * fix ts types * feat(code-generation): :recycle: update code-generation formats * new scope * add step button * fix linter error * update code-generation tags * feat(backend): :sparkles: start multi-tenant support * feat(backend): :sparkles: group invitation token generation and signup * refactor(backend): :recycle: move group admin actions to admin router * set url base to include `/admin` * feat(frontend): :sparkles: generate user sign-up links * test(backend): :white_check_mark: refactor test-suite to further decouple tests (WIP) * feat(backend): :bug: assign owner on backup import for recipes * fix(backend): :bug: assign recipe owner on migration from other service Co-authored-by: hay-kot <hay-kot@pm.me> 2021-09-09 08:51:29 -08:00			`response = api_client.post(api_routes.auth_token, form_data)`

			`assert response.status_code == 200`
			`new_token = json.loads(response.text).get("access_token")`

			`response = api_client.get(api_routes.users_self, headers=admin_token)`
			`assert response.status_code == 200`

			`return {"Authorization": f"Bearer {new_token}"}`
Refactor/conver to controllers (#923) * add dependency injection for get_repositories * convert events api to controller * update generic typing * add abstract controllers * update test naming * migrate admin services to controllers * add additional admin route tests * remove print * add public shared dependencies * add types * fix typo * add static variables for recipe json keys * add coverage gutters config * update controller routers * add generic success response * add category/tag/tool tests * add token refresh test * add coverage utilities * covert comments to controller * add todo * add helper properties * delete old service * update test notes * add unit test for pretty_stats * remove dead code from post_webhooks * update group routes to use controllers * add additional group test coverage * abstract common permission checks * convert ingredient parser to controller * update recipe crud to use controller * remove dead-code * add class lifespan tracker for debugging * convert bulk export to controller * migrate tools router to controller * update recipe share to controller * move customer router to _base * ignore prints in flake8 * convert units and foods to new controllers * migrate user routes to controllers * centralize error handling * fix invalid ref * reorder fields * update routers to share common handling * update tests * remove prints * fix cookbooks delete * fix cookbook get * add controller for mealplanner * cover report routes to controller * remove __future__ imports * remove dead code * remove all base_http children and remove dead code 2022-01-13 13:06:52 -09:00

			`def test_user_token_refresh(api_client: TestClient, api_routes: AppRoutes, admin_user: TestUser):`
			`response = api_client.post(api_routes.auth_refresh, headers=admin_user.token)`
			`response = api_client.get(api_routes.users_self, headers=admin_user.token)`
			`assert response.status_code == 200`
security: implement user lockout (#1552) * add data-types required for login security * implement user lockout checking at login * cleanup legacy patterns * expose passwords in test_user * test user lockout after bad attempts * test user service * bump alembic version * save increment to database * add locked_at to datetime transformer on import * do proper test cleanup * implement scheduled task * spelling * document env variables * implement context manager for session * use context manager * implement reset script * cleanup generator * run generator * implement API endpoint for resetting locked users * add button to reset all locked users * add info when account is locked * use ignore instead of expect-error 2022-08-13 13:18:12 -08:00

			`def test_user_lockout_after_bad_attemps(api_client: TestClient, unique_user: TestUser, database: AllRepositories):`
			`"""`
docs: fix typos (#1665) * docs: fix typos * typos: fix typos found by `codespell` across the codebase * docs: fix `macOS` spelling * docs: fix `authentification` terminology "Authentification" is not a thing. * docs: fix `localhost` typo in example link * typos: fix in-code typos These are potentially higher risk, but no other mentions of these typos show up in the codebase. 2022-09-25 23:17:27 +00:00			`if the user has more than 5 bad login attempts the user will be locked out for 4 hours`
security: implement user lockout (#1552) * add data-types required for login security * implement user lockout checking at login * cleanup legacy patterns * expose passwords in test_user * test user lockout after bad attempts * test user service * bump alembic version * save increment to database * add locked_at to datetime transformer on import * do proper test cleanup * implement scheduled task * spelling * document env variables * implement context manager for session * use context manager * implement reset script * cleanup generator * run generator * implement API endpoint for resetting locked users * add button to reset all locked users * add info when account is locked * use ignore instead of expect-error 2022-08-13 13:18:12 -08:00			`This only applies if there is a user in the database with the same username`
			`"""`
			`routes = AppRoutes()`
			`settings = get_app_settings()`

			`for _ in range(settings.SECURITY_MAX_LOGIN_ATTEMPTS):`
			`form_data = {"username": unique_user.email, "password": "bad_password"}`
			`response = api_client.post(routes.auth_token, form_data)`

			`assert response.status_code == 401`

			`valid_data = {"username": unique_user.email, "password": unique_user.password}`
			`response = api_client.post(routes.auth_token, valid_data)`
			`assert response.status_code == 423`

			`# Cleanup`
			`user_service = UserService(database)`
			`user = database.users.get_one(unique_user.user_id)`
			`user_service.unlock_user(user)`