0ct0pu5
/
desec-stack


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156
							from datetime import timedelta

from django.test import RequestFactory
from django.utils import timezone
from django.core import mail
from rest_framework.reverse import reverse
from rest_framework.versioning import NamespaceVersioning

from desecapi.tests.base import DesecTestCase
from desecapi import models
from desecapi.emails import send_account_lock_email
from api import settings


class RegistrationTestCase(DesecTestCase):

    def assertRegistration(self, REMOTE_ADDR='', status=201, **kwargs):
        url = reverse('v1:register')
        post_kwargs = {}
        if REMOTE_ADDR:
            post_kwargs['REMOTE_ADDR'] = REMOTE_ADDR
        response = self.client.post(url, kwargs, **post_kwargs)
        self.assertEqual(response.status_code, status, kwargs)
        return response


class SingleRegistrationTestCase(RegistrationTestCase):

    def setUp(self):
        super().setUp()
        email = self.random_username()
        self.assertRegistration(
            email=email,
            password=self.random_password(),
            REMOTE_ADDR="1.3.3.7",
        )
        self.user = models.User.objects.get(email=email)

    def test_registration_successful(self):
        self.assertEqual(self.user.registration_remote_ip, "1.3.3.7")
        self.assertIsNone(self.user.locked)

    def test_token_email(self):
        self.assertEqual(len(mail.outbox), 1)
        self.assertTrue(self.user.get_or_create_first_token() in mail.outbox[-1].body)

    def test_send_captcha_email_manually(self):
        # TODO see if this can be replaced by a method of self.client
        r = RequestFactory().request(HTTP_HOST=settings.ALLOWED_HOSTS[0])
        r.version = 'v1'
        r.versioning_scheme = NamespaceVersioning()
        # end TODO

        mail.outbox = []
        send_account_lock_email(r, self.user)
        self.assertEqual(len(mail.outbox), 1)


class MultipleRegistrationTestCase(RegistrationTestCase):

    def _registrations(self):
        pass

    def setUp(self):
        super().setUp()
        self.users = []
        for (ip, hours_ago, email_host) in self._registrations():
            email = self.random_username(email_host)
            ip = ip or self.random_ip()
            self.assertRegistration(
                email=email,
                password=self.random_password(),
                dyn=True,
                REMOTE_ADDR=ip,
            )
            user = models.User.objects.get(email=email)
            self.assertEqual(user.registration_remote_ip, ip)
            user.created = timezone.now() - timedelta(hours=hours_ago)
            user.save()
            self.users.append(user)


class MultipleRegistrationSameIPShortTime(MultipleRegistrationTestCase):

    NUM_REGISTRATIONS = 3

    def _registrations(self):
        return [('1.3.3.7', 0, None) for _ in range(self.NUM_REGISTRATIONS)]

    def test_is_locked(self):
        self.assertIsNone(self.users[0].locked)
        for i in range(1, self.NUM_REGISTRATIONS):
            self.assertIsNotNone(self.users[i].locked)


class MultipleRegistrationDifferentIPShortTime(MultipleRegistrationTestCase):

    NUM_REGISTRATIONS = 10

    def _registrations(self):
        return [('1.3.3.%s' % i, 0, None) for i in range(self.NUM_REGISTRATIONS)]

    def test_is_not_locked(self):
        for user in self.users:
            self.assertIsNone(user.locked)


class MultipleRegistrationSameIPLongTime(MultipleRegistrationTestCase):

    NUM_REGISTRATIONS = 10

    def _registrations(self):
        return [
            ('1.3.3.7', settings.ABUSE_BY_REMOTE_IP_PERIOD_HRS, None)
            for _ in range(self.NUM_REGISTRATIONS)
        ]

    def test_is_not_locked(self):
        for user in self.users:
            self.assertIsNone(user.locked)


class MultipleRegistrationSameEmailHostShortTime(MultipleRegistrationTestCase):

    NUM_REGISTRATIONS = settings.ABUSE_BY_EMAIL_HOSTNAME_LIMIT + 3

    def _registrations(self):
        host = self.random_domain_name()
        return [
            (None, 0, host)
            for _ in range(self.NUM_REGISTRATIONS)
        ]

    def test_is_locked(self):
        self.assertIsNone(self.users[0].locked)
        for i in range(self.NUM_REGISTRATIONS):
            if i < settings.ABUSE_BY_EMAIL_HOSTNAME_LIMIT:
                self.assertIsNone(self.users[i].locked)
            else:
                self.assertIsNotNone(self.users[i].locked)


class MultipleRegistrationsSameEmailHostLongTime(MultipleRegistrationTestCase):

    NUM_REGISTRATIONS = settings.ABUSE_BY_EMAIL_HOSTNAME_LIMIT + 3

    def _registrations(self):
        host = self.random_domain_name()
        return [
            (self.random_ip(), settings.ABUSE_BY_EMAIL_HOSTNAME_PERIOD_HRS + 1, host)
            for _ in range(self.NUM_REGISTRATIONS)
        ]

    def test_is_not_locked(self):
        for user in self.users:
            self.assertIsNone(user.locked)