feat: add auth views, for login/logout

2024-08-04 23:09:29 -05:00 · 2024-08-04 23:09:29 -05:00 · a505ef27fb
commit a505ef27fb
parent e296b50aa4
9 changed files with 390 additions and 4 deletions
--- a/tests/views/test_auth.py
+++ b/tests/views/test_auth.py
@ -0,0 +1,72 @@
+# -*- coding: utf-8; -*-
+
+from unittest import TestCase
+from unittest.mock import MagicMock
+
+from pyramid import testing
+from pyramid.httpexceptions import HTTPFound
+
+from wuttjamaican.conf import WuttaConfig
+from wuttaweb.views import auth as mod
+from wuttaweb.auth import WuttaSecurityPolicy
+
+
+class TestAuthView(TestCase):
+
+    def setUp(self):
+        self.config = WuttaConfig(defaults={
+            'wutta.db.default.url': 'sqlite://',
+        })
+
+        self.request = testing.DummyRequest(wutta_config=self.config, user=None)
+        self.pyramid_config = testing.setUp(request=self.request)
+
+        self.app = self.config.get_app()
+        auth = self.app.get_auth_handler()
+        model = self.app.model
+        model.Base.metadata.create_all(bind=self.config.appdb_engine)
+        self.session = self.app.make_session()
+        self.user = model.User(username='barney')
+        self.session.add(self.user)
+        auth.set_user_password(self.user, 'testpass')
+        self.session.commit()
+
+        self.pyramid_config.set_security_policy(WuttaSecurityPolicy(db_session=self.session))
+        self.pyramid_config.include('wuttaweb.views.auth')
+        self.pyramid_config.include('wuttaweb.views.common')
+
+    def tearDown(self):
+        testing.tearDown()
+
+    def test_login(self):
+        view = mod.AuthView(self.request)
+        context = view.login()
+        self.assertIn('form', context)
+
+        # redirect if user already logged in
+        self.request.user = self.user
+        view = mod.AuthView(self.request)
+        redirect = view.login(session=self.session)
+        self.assertIsInstance(redirect, HTTPFound)
+
+        # login fails w/ wrong password
+        self.request.user = None
+        self.request.method = 'POST'
+        self.request.POST = {'username': 'barney', 'password': 'WRONG'}
+        view = mod.AuthView(self.request)
+        context = view.login(session=self.session)
+        self.assertIn('form', context)
+
+        # redirect if login succeeds
+        self.request.method = 'POST'
+        self.request.POST = {'username': 'barney', 'password': 'testpass'}
+        view = mod.AuthView(self.request)
+        redirect = view.login(session=self.session)
+        self.assertIsInstance(redirect, HTTPFound)
+
+    def test_logout(self):
+        view = mod.AuthView(self.request)
+        self.request.session.delete = MagicMock()
+        redirect = view.logout()
+        self.request.session.delete.assert_called_once_with()
+        self.assertIsInstance(redirect, HTTPFound)