-
-
Notifications
You must be signed in to change notification settings - Fork 349
/
tests.py
90 lines (71 loc) · 3.14 KB
/
tests.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
# Only run tests if they have axes in middleware
# Basically a functional test
import random
import string
from django.test import TestCase
from django.contrib.auth.models import User
from django.core.urlresolvers import reverse
from django.test.utils import override_settings
from axes.decorators import FAILURE_LIMIT
from axes.decorators import LOGIN_FORM_KEY
class AccessAttemptTest(TestCase):
"""Test case using custom settings for testing
"""
LOCKED_MESSAGE = 'Account locked: too many login attempts.'
def _generate_random_string(self):
"""Generates a random string"""
chars = string.ascii_uppercase + string.digits
return ''.join(random.choice(chars) for x in range(20))
def _random_username(self, existing_username=False):
"""Returns a username, existing or not depending on params"""
if existing_username:
return User.objects.order_by('?')[0].username
return self._generate_random_string()
def _login(self, existing_username=False):
response = self.client.post(reverse('admin:index'), {
'username': self._random_username(existing_username),
'password': self._generate_random_string(),
})
return response
def setUp(self):
for i in range(0, random.randrange(10, 50)):
username = "person%s" % i
email = "%s@example.org" % username
u = User.objects.create_user(
username=username,
password=username,
email=email,
)
u.is_staff = True
u.save()
def test_login_max(self, existing_username=False):
for i in range(0, FAILURE_LIMIT - 1):
response = self._login(existing_username=existing_username)
# Check if we are in the same login page
self.assertContains(response, LOGIN_FORM_KEY)
# So, we shouldn't have gotten a lock-out yet.
# But we should get one now
response = self._login()
self.assertContains(response, self.LOCKED_MESSAGE)
def test_with_real_username_max(self):
self.test_login_max(existing_username=True)
def test_login_max_with_more_attempts(self, existing_username=False):
for i in range(0, FAILURE_LIMIT - 2):
response = self._login(existing_username=existing_username)
# Check if we are in the same login page
self.assertContains(response, LOGIN_FORM_KEY)
# So, we shouldn't have gotten a lock-out yet.
# But we should get one now
for i in range(0, random.randrange(1, 100)):
# try to log in a bunch of times
response = self._login()
self.assertContains(response, self.LOCKED_MESSAGE)
def test_with_real_username_max_with_more(self):
self.test_login_max_with_more_attempts(existing_username=True)
def test_valid_login(self):
valid_username = self._random_username(existing_username=True)
response = self.client.post(reverse('admin:index'), {
'username': valid_username,
'password': valid_username
})
self.assertNotIn(LOGIN_FORM_KEY, response.context)