|
|
@ -1,10 +1,10 @@
|
|
|
|
from flask import url_for
|
|
|
|
from flask import url_for
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def test_check_access_control(app, client):
|
|
|
|
def test_check_access_control(app, client):
|
|
|
|
# Still doesnt work, but this is closer.
|
|
|
|
# Still doesnt work, but this is closer.
|
|
|
|
return
|
|
|
|
|
|
|
|
with app.test_client() as c:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
with app.test_client() as c:
|
|
|
|
# Check we dont have any password protection enabled yet.
|
|
|
|
# Check we dont have any password protection enabled yet.
|
|
|
|
res = c.get(url_for("settings_page"))
|
|
|
|
res = c.get(url_for("settings_page"))
|
|
|
|
assert b"Remove password" not in res.data
|
|
|
|
assert b"Remove password" not in res.data
|
|
|
@ -12,31 +12,27 @@ def test_check_access_control(app, client):
|
|
|
|
# Enable password check.
|
|
|
|
# Enable password check.
|
|
|
|
res = c.post(
|
|
|
|
res = c.post(
|
|
|
|
url_for("settings_page"),
|
|
|
|
url_for("settings_page"),
|
|
|
|
data={"password": "foobar"},
|
|
|
|
data={"password": "foobar", "minutes_between_check": 180},
|
|
|
|
follow_redirects=True
|
|
|
|
follow_redirects=True
|
|
|
|
)
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
assert b"Password protection enabled." in res.data
|
|
|
|
assert b"Password protection enabled." in res.data
|
|
|
|
assert b"LOG OUT" not in res.data
|
|
|
|
assert b"LOG OUT" not in res.data
|
|
|
|
print ("SESSION:", res.session)
|
|
|
|
|
|
|
|
# Check we hit the login
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
res = c.get(url_for("settings_page"), follow_redirects=True)
|
|
|
|
# Check we hit the login
|
|
|
|
res = c.get(url_for("login"), follow_redirects=True)
|
|
|
|
res = c.get(url_for("index"), follow_redirects=True)
|
|
|
|
|
|
|
|
|
|
|
|
assert b"Login" in res.data
|
|
|
|
assert b"Login" in res.data
|
|
|
|
|
|
|
|
|
|
|
|
print ("DEBUG >>>>>",res.data)
|
|
|
|
|
|
|
|
# Menu should not be available yet
|
|
|
|
# Menu should not be available yet
|
|
|
|
assert b"SETTINGS" not in res.data
|
|
|
|
# assert b"SETTINGS" not in res.data
|
|
|
|
assert b"BACKUP" not in res.data
|
|
|
|
# assert b"BACKUP" not in res.data
|
|
|
|
assert b"IMPORT" not in res.data
|
|
|
|
# assert b"IMPORT" not in res.data
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# defaultuser@changedetection.io is actually hardcoded for now, we only use a single password
|
|
|
|
# defaultuser@changedetection.io is actually hardcoded for now, we only use a single password
|
|
|
|
res = c.post(
|
|
|
|
res = c.post(
|
|
|
|
url_for("login"),
|
|
|
|
url_for("login"),
|
|
|
|
data={"password": "foobar", "email": "defaultuser@changedetection.io"},
|
|
|
|
data={"password": "foobar"},
|
|
|
|
follow_redirects=True
|
|
|
|
follow_redirects=True
|
|
|
|
)
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
@ -47,12 +43,60 @@ def test_check_access_control(app, client):
|
|
|
|
assert b"SETTINGS" in res.data
|
|
|
|
assert b"SETTINGS" in res.data
|
|
|
|
assert b"BACKUP" in res.data
|
|
|
|
assert b"BACKUP" in res.data
|
|
|
|
assert b"IMPORT" in res.data
|
|
|
|
assert b"IMPORT" in res.data
|
|
|
|
|
|
|
|
|
|
|
|
assert b"LOG OUT" in res.data
|
|
|
|
assert b"LOG OUT" in res.data
|
|
|
|
|
|
|
|
|
|
|
|
# Now remove the password so other tests function, @todo this should happen before each test automatically
|
|
|
|
# Now remove the password so other tests function, @todo this should happen before each test automatically
|
|
|
|
|
|
|
|
res = c.get(url_for("settings_page", removepassword="true"),
|
|
|
|
|
|
|
|
follow_redirects=True)
|
|
|
|
|
|
|
|
assert b"Password protection removed." in res.data
|
|
|
|
|
|
|
|
|
|
|
|
c.get(url_for("settings_page", removepassword="true"))
|
|
|
|
res = c.get(url_for("index"))
|
|
|
|
c.get(url_for("import_page"))
|
|
|
|
|
|
|
|
assert b"LOG OUT" not in res.data
|
|
|
|
assert b"LOG OUT" not in res.data
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# There was a bug where saving the settings form would submit a blank password
|
|
|
|
|
|
|
|
def test_check_access_control_no_blank_password(app, client):
|
|
|
|
|
|
|
|
# Still doesnt work, but this is closer.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
with app.test_client() as c:
|
|
|
|
|
|
|
|
# Check we dont have any password protection enabled yet.
|
|
|
|
|
|
|
|
res = c.get(url_for("settings_page"))
|
|
|
|
|
|
|
|
assert b"Remove password" not in res.data
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Enable password check.
|
|
|
|
|
|
|
|
res = c.post(
|
|
|
|
|
|
|
|
url_for("settings_page"),
|
|
|
|
|
|
|
|
data={"password": "", "minutes_between_check": 180},
|
|
|
|
|
|
|
|
follow_redirects=True
|
|
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
assert b"Password protection enabled." not in res.data
|
|
|
|
|
|
|
|
assert b"Login" not in res.data
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# There was a bug where saving the settings form would submit a blank password
|
|
|
|
|
|
|
|
def test_check_access_no_remote_access_to_remove_password(app, client):
|
|
|
|
|
|
|
|
# Still doesnt work, but this is closer.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
with app.test_client() as c:
|
|
|
|
|
|
|
|
# Check we dont have any password protection enabled yet.
|
|
|
|
|
|
|
|
res = c.get(url_for("settings_page"))
|
|
|
|
|
|
|
|
assert b"Remove password" not in res.data
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Enable password check.
|
|
|
|
|
|
|
|
res = c.post(
|
|
|
|
|
|
|
|
url_for("settings_page"),
|
|
|
|
|
|
|
|
data={"password": "password", "minutes_between_check": 180},
|
|
|
|
|
|
|
|
follow_redirects=True
|
|
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
assert b"Password protection enabled." in res.data
|
|
|
|
|
|
|
|
assert b"Login" in res.data
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
res = c.get(url_for("settings_page", removepassword="true"),
|
|
|
|
|
|
|
|
follow_redirects=True)
|
|
|
|
|
|
|
|
assert b"Password protection removed." not in res.data
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
res = c.get(url_for("index"),
|
|
|
|
|
|
|
|
follow_redirects=True)
|
|
|
|
|
|
|
|
assert b"watch-table-wrapper" not in res.data
|
|
|
|