Docker/mealie
Docker/mealie
1
0
Fork 0
mirror of https://github.com/mealie-recipes/mealie.git synced 2025-07-24 15:49:42 +02:00
Code Issues Releases Activity
mealie/tests/fixtures/fixture_users.py
Hayden b3c41a4bd0
security: implement user lockout (#1552) 
* add data-types required for login security

* implement user lockout checking at login

* cleanup legacy patterns

* expose passwords in test_user

* test user lockout after bad attempts

* test user service

* bump alembic version

* save increment to database

* add locked_at to datetime transformer on import

* do proper test cleanup

* implement scheduled task

* spelling

* document env variables

* implement context manager for session

* use context manager

* implement reset script

* cleanup generator

* run generator

* implement API endpoint for resetting locked users

* add button to reset all locked users

* add info when account is locked

* use ignore instead of expect-error
2022-08-13 13:18:12 -08:00

181 lines
5.5 KiB
Python
Raw Blame History

import json
from pytest import fixture
from starlette.testclient import TestClient
from tests import utils
from tests.utils.factories import random_string
def build_unique_user(group: str, api_client: TestClient) -> utils.TestUser:
api_routes = utils.AppRoutes()
group = group or random_string(12)
registration = utils.user_registration_factory()
response = api_client.post("/api/users/register", json=registration.dict(by_alias=True))
assert response.status_code == 201
form_data = {"username": registration.username, "password": registration.password}
token = utils.login(form_data, api_client, api_routes)
user_data = api_client.get(api_routes.users_self, headers=token).json()
assert token is not None
return utils.TestUser(
_group_id=user_data.get("groupId"),
user_id=user_data.get("id"),
email=user_data.get("email"),
password=registration.password,
username=user_data.get("username"),
token=token,
)
@fixture(scope="module")
def g2_user(admin_token, api_client: TestClient, api_routes: utils.AppRoutes):
group = random_string(12)
# Create the user
create_data = {
"fullName": utils.random_string(),
"username": utils.random_string(),
"email": utils.random_email(),
"password": "useruser",
"group": group,
"admin": False,
"tokens": [],
}
response = api_client.post(api_routes.groups, json={"name": group}, headers=admin_token)
response = api_client.post(api_routes.users, json=create_data, headers=admin_token)
assert response.status_code == 201
# Log in as this user
form_data = {"username": create_data["email"], "password": "useruser"}
token = utils.login(form_data, api_client, api_routes)
self_response = api_client.get(api_routes.users_self, headers=token)
assert self_response.status_code == 200
user_id = json.loads(self_response.text).get("id")
group_id = json.loads(self_response.text).get("groupId")
try:
yield utils.TestUser(
user_id=user_id,
_group_id=group_id,
token=token,
password="useruser",
email=create_data["email"],
username=create_data.get("username"),
)
finally:
# TODO: Delete User after test
pass
@fixture(scope="module")
def unique_user(api_client: TestClient, api_routes: utils.AppRoutes):
registration = utils.user_registration_factory()
response = api_client.post("/api/users/register", json=registration.dict(by_alias=True))
assert response.status_code == 201
form_data = {"username": registration.username, "password": registration.password}
token = utils.login(form_data, api_client, api_routes)
user_data = api_client.get(api_routes.users_self, headers=token).json()
assert token is not None
try:
yield utils.TestUser(
_group_id=user_data.get("groupId"),
user_id=user_data.get("id"),
password=registration.password,
email=user_data.get("email"),
username=user_data.get("username"),
token=token,
)
finally:
# TODO: Delete User after test
pass
@fixture(scope="module")
def user_tuple(admin_token, api_client: TestClient, api_routes: utils.AppRoutes) -> tuple[utils.TestUser]:
group_name = utils.random_string()
# Create the user
create_data_1 = {
"fullName": utils.random_string(),
"username": utils.random_string(),
"email": utils.random_email(),
"password": "useruser",
"group": group_name,
"admin": False,
"tokens": [],
}
create_data_2 = {
"fullName": utils.random_string(),
"username": utils.random_string(),
"email": utils.random_email(),
"password": "useruser",
"group": group_name,
"admin": False,
"tokens": [],
}
users_out = []
for usr in [create_data_1, create_data_2]:
response = api_client.post(api_routes.groups, json={"name": "New Group"}, headers=admin_token)
response = api_client.post(api_routes.users, json=usr, headers=admin_token)
assert response.status_code == 201
# Log in as this user
form_data = {"username": usr["email"], "password": "useruser"}
token = utils.login(form_data, api_client, api_routes)
response = api_client.get(api_routes.users_self, headers=token)
assert response.status_code == 200
user_data = json.loads(response.text)
users_out.append(
utils.TestUser(
_group_id=user_data.get("groupId"),
user_id=user_data.get("id"),
username=user_data.get("username"),
password="useruser",
email=user_data.get("email"),
token=token,
)
)
try:
yield users_out
finally:
pass
@fixture(scope="session")
def user_token(admin_token, api_client: TestClient, api_routes: utils.AppRoutes):
# Create the user
create_data = {
"fullName": utils.random_string(),
"username": utils.random_string(),
"email": utils.random_email(),
"password": "useruser",
"group": "Home",
"admin": False,
"tokens": [],
}
response = api_client.post(api_routes.users, json=create_data, headers=admin_token)
assert response.status_code == 201
# Log in as this user
form_data = {"username": create_data["email"], "password": "useruser"}
return utils.login(form_data, api_client, api_routes)
View git blame Copy permalink