We use cookies to ensure you get the best experience on our website
Strona główna Odkrywaj Pomoc
Zarejestruj się Zaloguj się
0ct0pu5
/
desec-stack
1
0
Forkuj 0
Pliki Problemy 0 Oczekujące zmiany 0 Wiki
Drzewo: 35bc15c19e
Gałęzie Tagi
desec-stack
/
api
/
desecapi
/
tests
/
testregistration.py

testregistration.py 9.4 KB
Historia Czysty

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208 
  1. from django.test import RequestFactory
    2. 

  2. from rest_framework.reverse import reverse
    3. 

  3. from rest_framework import status
    4. 

  4. from rest_framework.test import APITestCase
    5. 

  5. from rest_framework.versioning import NamespaceVersioning
    6. 

  6. 

  7. from desecapi.tests.utils import utils
    8. 

  8. from desecapi import models
    9. 

  9. from datetime import timedelta
    10. 

  10. from django.utils import timezone
    11. 

  11. from django.core import mail
    12. 

  12. from desecapi.emails import send_account_lock_email
    13. 

  13. from api import settings
    14. 

  14. 

  15. 

  16. class RegistrationTest(APITestCase):
    17. 

  17. 

  18.     def test_registration_successful(self):
    19. 

  19.         url = reverse('v1:register')
    20. 

  20.         data = {'email': utils.generateUsername(), 'password': utils.generateRandomString(size=12)}
    21. 

  21.         response = self.client.post(url, data, REMOTE_ADDR="1.3.3.7")
    22. 

  22.         self.assertEqual(response.status_code, status.HTTP_201_CREATED)
    23. 

  23.         user = models.User.objects.get(email=data['email'])
    24. 

  24.         self.assertEqual(user.email, data['email'])
    25. 

  25.         self.assertEqual(user.registration_remote_ip, "1.3.3.7")
    26. 

  26. 

  27.     def test_multiple_registration_locked_same_ip_short_time(self):
    28. 

  28.         outboxlen = len(mail.outbox)
    29. 

  29. 

  30.         url = reverse('v1:register')
    31. 

  31.         data = {'email': utils.generateUsername(),
    32. 

  32.                 'password': utils.generateRandomString(size=12), 'dyn': True}
    33. 

  33.         response = self.client.post(url, data, REMOTE_ADDR="1.3.3.7")
    34. 

  34.         self.assertEqual(response.status_code, status.HTTP_201_CREATED)
    35. 

  35.         user = models.User.objects.get(email=data['email'])
    36. 

  36.         self.assertEqual(user.email, data['email'])
    37. 

  37.         self.assertEqual(user.registration_remote_ip, "1.3.3.7")
    38. 

  38.         self.assertIsNone(user.locked)
    39. 

  39. 

  40.         self.assertEqual(len(mail.outbox), outboxlen)
    41. 

  41. 

  42.         url = reverse('v1:register')
    43. 

  43.         data = {'email': utils.generateUsername(),
    44. 

  44.                 'password': utils.generateRandomString(size=12), 'dyn': True}
    45. 

  45.         response = self.client.post(url, data, REMOTE_ADDR="1.3.3.7")
    46. 

  46.         self.assertEqual(response.status_code, status.HTTP_201_CREATED)
    47. 

  47.         user = models.User.objects.get(email=data['email'])
    48. 

  48.         self.assertEqual(user.email, data['email'])
    49. 

  49.         self.assertEqual(user.registration_remote_ip, "1.3.3.7")
    50. 

  50.         self.assertIsNotNone(user.locked)
    51. 

  51. 

  52.         self.assertEqual(len(mail.outbox), outboxlen + 1)
    53. 

  53. 

  54.         url = reverse('v1:register')
    55. 

  55.         data = {'email': utils.generateUsername(),
    56. 

  56.                 'password': utils.generateRandomString(size=12), 'dyn': True}
    57. 

  57.         response = self.client.post(url, data, REMOTE_ADDR="1.3.3.7")
    58. 

  58.         self.assertEqual(response.status_code, status.HTTP_201_CREATED)
    59. 

  59.         user = models.User.objects.get(email=data['email'])
    60. 

  60.         self.assertEqual(user.email, data['email'])
    61. 

  61.         self.assertEqual(user.registration_remote_ip, "1.3.3.7")
    62. 

  62.         self.assertIsNotNone(user.locked)
    63. 

  63. 

  64.         self.assertEqual(len(mail.outbox), outboxlen + 2)
    65. 

  65. 

  66.     def test_multiple_registration_not_locked_different_ip(self):
    67. 

  67.         url = reverse('v1:register')
    68. 

  68.         data = {'email': utils.generateUsername(), 'password': utils.generateRandomString(size=12)}
    69. 

  69.         response = self.client.post(url, data, REMOTE_ADDR="1.3.3.8")
    70. 

  70.         self.assertEqual(response.status_code, status.HTTP_201_CREATED)
    71. 

  71.         user = models.User.objects.get(email=data['email'])
    72. 

  72.         self.assertEqual(user.email, data['email'])
    73. 

  73.         self.assertEqual(user.registration_remote_ip, "1.3.3.8")
    74. 

  74.         self.assertIsNone(user.locked)
    75. 

  75. 

  76.         url = reverse('v1:register')
    77. 

  77.         data = {'email': utils.generateUsername(), 'password': utils.generateRandomString(size=12)}
    78. 

  78.         response = self.client.post(url, data, REMOTE_ADDR="1.3.3.9")
    79. 

  79.         self.assertEqual(response.status_code, status.HTTP_201_CREATED)
    80. 

  80.         user = models.User.objects.get(email=data['email'])
    81. 

  81.         self.assertEqual(user.email, data['email'])
    82. 

  82.         self.assertEqual(user.registration_remote_ip, "1.3.3.9")
    83. 

  83.         self.assertIsNone(user.locked)
    84. 

  84. 

  85.     def test_multiple_registration_not_locked_same_ip_long_time(self):
    86. 

  86.         url = reverse('v1:register')
    87. 

  87.         data = {'email': utils.generateUsername(), 'password': utils.generateRandomString(size=12)}
    88. 

  88.         response = self.client.post(url, data, REMOTE_ADDR="1.3.3.10")
    89. 

  89.         self.assertEqual(response.status_code, status.HTTP_201_CREATED)
    90. 

  90.         user = models.User.objects.get(email=data['email'])
    91. 

  91.         self.assertEqual(user.email, data['email'])
    92. 

  92.         self.assertEqual(user.registration_remote_ip, "1.3.3.10")
    93. 

  93.         self.assertIsNone(user.locked)
    94. 

  94. 

  95.         #fake registration time
    96. 

  96.         user.created = timezone.now() - timedelta(hours=settings.ABUSE_BY_REMOTE_IP_PERIOD_HRS+1)
    97. 

  97.         user.save()
    98. 

  98. 

  99.         url = reverse('v1:register')
    100. 

  100.         data = {'email': utils.generateUsername(), 'password': utils.generateRandomString(size=12)}
    101. 

  101.         response = self.client.post(url, data, REMOTE_ADDR="1.3.3.10")
    102. 

  102.         self.assertEqual(response.status_code, status.HTTP_201_CREATED)
    103. 

  103.         user = models.User.objects.get(email=data['email'])
    104. 

  104.         self.assertEqual(user.email, data['email'])
    105. 

  105.         self.assertEqual(user.registration_remote_ip, "1.3.3.10")
    106. 

  106.         self.assertIsNone(user.locked)
    107. 

  107. 

  108.     def test_send_captcha_email_manually(self):
    109. 

  109.         outboxlen = len(mail.outbox)
    110. 

  110. 

  111.         url = reverse('v1:register')
    112. 

  112.         data = {'email': utils.generateUsername(),
    113. 

  113.                 'password': utils.generateRandomString(size=12), 'dyn': True}
    114. 

  114.         response = self.client.post(url, data, REMOTE_ADDR="1.3.3.10")
    115. 

  115.         self.assertEqual(response.status_code, status.HTTP_201_CREATED)
    116. 

  116.         user = models.User.objects.get(email=data['email'])
    117. 

  117.         r = RequestFactory().request(HTTP_HOST=settings.ALLOWED_HOSTS[0])
    118. 

  118.         r.version = 'v1'
    119. 

  119.         r.versioning_scheme = NamespaceVersioning()
    120. 

  120.         send_account_lock_email(r, user)
    121. 

  121. 

  122.         self.assertEqual(len(mail.outbox), outboxlen+1)
    123. 

  123. 

  124.     def test_multiple_registration_locked_same_email_host(self):
    125. 

  125.         outboxlen = len(mail.outbox)
    126. 

  126. 

  127.         url = reverse('v1:register')
    128. 

  128.         for i in range(settings.ABUSE_BY_EMAIL_HOSTNAME_LIMIT):
    129. 

  129.             data = {
    130. 

  130.                 'email': utils.generateRandomString() + '@test-same-email.desec.io',
    131. 

  131.                 'password': utils.generateRandomString(size=12),
    132. 

  132.                 'dyn': True,
    133. 

  133.             }
    134. 

  134.             response = self.client.post(url, data, REMOTE_ADDR=utils.generateRandomIPv4Address())
    135. 

  135.             self.assertEqual(response.status_code, status.HTTP_201_CREATED)
    136. 

  136.             user = models.User.objects.get(email=data['email'])
    137. 

  137.             self.assertEqual(user.email, data['email'])
    138. 

  138.             self.assertIsNone(user.locked)
    139. 

  139. 

  140.         self.assertEqual(len(mail.outbox), outboxlen)
    141. 

  141. 

  142.         url = reverse('v1:register')
    143. 

  143.         data = {
    144. 

  144.             'email': utils.generateRandomString() + '@test-same-email.desec.io',
    145. 

  145.             'password': utils.generateRandomString(size=12),
    146. 

  146.             'dyn': True,
    147. 

  147.         }
    148. 

  148.         response = self.client.post(url, data, REMOTE_ADDR=utils.generateRandomIPv4Address())
    149. 

  149.         self.assertEqual(response.status_code, status.HTTP_201_CREATED)
    150. 

  150.         user = models.User.objects.get(email=data['email'])
    151. 

  151.         self.assertEqual(user.email, data['email'])
    152. 

  152.         self.assertIsNotNone(user.locked)
    153. 

  153. 

  154.         self.assertEqual(len(mail.outbox), outboxlen + 1)
    155. 

  155. 

  156.     def test_multiple_registration_not_locked_same_email_host_long_time(self):
    157. 

  157.         outboxlen = len(mail.outbox)
    158. 

  158. 

  159.         url = reverse('v1:register')
    160. 

  160.         for i in range(settings.ABUSE_BY_EMAIL_HOSTNAME_LIMIT):
    161. 

  161.             data = {
    162. 

  162.                 'email': utils.generateRandomString() + '@test-same-email-1.desec.io',
    163. 

  163.                 'password': utils.generateRandomString(size=12),
    164. 

  164.                 'dyn': True,
    165. 

  165.             }
    166. 

  166.             response = self.client.post(url, data, REMOTE_ADDR=utils.generateRandomIPv4Address())
    167. 

  167.             self.assertEqual(response.status_code, status.HTTP_201_CREATED)
    168. 

  168.             user = models.User.objects.get(email=data['email'])
    169. 

  169.             self.assertEqual(user.email, data['email'])
    170. 

  170.             self.assertIsNone(user.locked)
    171. 

  171. 

  172.             #fake registration time
    173. 

  173.             user = models.User.objects.get(email=data['email'])
    174. 

  174.             user.created = timezone.now() - timedelta(hours=settings.ABUSE_BY_REMOTE_IP_PERIOD_HRS+1)
    175. 

  175.             user.save()
    176. 

  176. 

  177.         self.assertEqual(len(mail.outbox), outboxlen)
    178. 

  178. 

  179.         url = reverse('v1:register')
    180. 

  180.         data = {
    181. 

  181.             'email': utils.generateRandomString() + '@test-same-email-1.desec.io',
    182. 

  182.             'password': utils.generateRandomString(size=12),
    183. 

  183.             'dyn': True,
    184. 

  184.         }
    185. 

  185.         response = self.client.post(url, data, REMOTE_ADDR=utils.generateRandomIPv4Address())
    186. 

  186.         self.assertEqual(response.status_code, status.HTTP_201_CREATED)
    187. 

  187.         user = models.User.objects.get(email=data['email'])
    188. 

  188.         self.assertEqual(user.email, data['email'])
    189. 

  189.         self.assertIsNone(user.locked)
    190. 

  190. 

  191.         self.assertEqual(len(mail.outbox), outboxlen)
    192. 

  192. 

  193.     def test_token_email(self):
    194. 

  194.         outboxlen = len(mail.outbox)
    195. 

  195. 

  196.         url = reverse('v1:register')
    197. 

  197.         data = {
    198. 

  198.             'email': utils.generateRandomString() + '@test-same-email.desec.io',
    199. 

  199.             'password': utils.generateRandomString(size=12),
    200. 

  200.             'dyn': False,
    201. 

  201.         }
    202. 

  202.         response = self.client.post(url, data, REMOTE_ADDR=utils.generateRandomIPv4Address())
    203. 

  203.         self.assertEqual(response.status_code, status.HTTP_201_CREATED)
    204. 

  204. 

  205.         self.assertEqual(len(mail.outbox), outboxlen + 1)
    206. 

  206. 

  207.         user = models.User.objects.get(email=data['email'])
    208. 

  208.         self.assertTrue(user.get_or_create_first_token() in mail.outbox[-1].body)
    209.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5