Hopiu/django-axes
1
0
Fork 0
mirror of https://github.com/jazzband/django-axes.git synced 2026-05-05 06:04:47 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Improved tests so it really looks for the rabbit in the hole

Browse source
This commit is contained in:
Camilo Nova 2013-04-20 17:53:42 -05:00
parent 8543dad6ea
commit 01edd72298
2 changed files with 18 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
axes/test_settings.py
View file

@ -35,18 +35,6 @@ INSTALLED_APPS = [
SECRET_KEY = 'too-secret-for-test'
LOGGING = {
'version': 1,
'root': {
'level': 'DEBUG',
'handlers': ['console'],
},
'handlers': {
'console': {
'level': 'DEBUG',
'class': 'logging.StreamHandler',
},
}
}
LOGIN_REDIRECT_URL = '/admin'
# AXES_LOGIN_FAILURE_LIMIT = 1
AXES_LOGIN_FAILURE_LIMIT = 10

27
axes/tests.py
View file

@ -34,6 +34,7 @@ class AccessAttemptTest(TestCase):
response = self.client.post(reverse('admin:index'), {
'username': self._random_username(existing_username),
'password': self._generate_random_string(),
'this_is_the_login_form': 1,
}, HTTP_USER_AGENT=user_agent)
return response
@ -42,8 +43,8 @@ class AccessAttemptTest(TestCase):
"""Creates users for testing the login
"""
for i in range(0, random.randrange(10, 50)):
username = "person%s" % i
email = "%s@example.org" % username
username = 'person%s' % i
email = '%s@example.org' % username
u = User.objects.create_user(
username=username,
password=username,
@ -59,12 +60,12 @@ class AccessAttemptTest(TestCase):
for i in range(0, FAILURE_LIMIT):
response = self._login(existing_username=existing_username)
# Check if we are in the same login page
self.assertContains(response, LOGIN_FORM_KEY)
self.assertIn(LOGIN_FORM_KEY, response.content)
# So, we shouldn't have gotten a lock-out yet.
# But we should get one now
response = self._login()
self.assertContains(response, self.LOCKED_MESSAGE)
self.assertIn(self.LOCKED_MESSAGE, response.content)
def test_with_real_username_max(self):
"""Tests the login lock with a real username
@ -78,14 +79,15 @@ class AccessAttemptTest(TestCase):
for i in range(0, FAILURE_LIMIT):
response = self._login(existing_username=existing_username)
# Check if we are in the same login page
self.assertContains(response, LOGIN_FORM_KEY)
self.assertIn(LOGIN_FORM_KEY, response.content)
# So, we shouldn't have gotten a lock-out yet.
# But we should get one now
for i in range(0, random.randrange(1, 100)):
# try to log in a bunch of times
response = self._login()
self.assertContains(response, self.LOCKED_MESSAGE)
self.assertIn(self.LOCKED_MESSAGE, response.content)
def test_with_real_username_max_with_more(self):
"""Tests the login lock for a bunch of times with a real username
@ -98,9 +100,10 @@ class AccessAttemptTest(TestCase):
valid_username = self._random_username(existing_username=True)
response = self.client.post(reverse('admin:index'), {
'username': valid_username,
'password': valid_username
'password': valid_username,
'this_is_the_login_form': 1,
})
self.assertNotIn(LOGIN_FORM_KEY, response.context)
self.assertNotIn(LOGIN_FORM_KEY, response.content)
def test_long_user_agent_valid(self):
"""Tests if can handle a long user agent
@ -109,9 +112,11 @@ class AccessAttemptTest(TestCase):
valid_username = self._random_username(existing_username=True)
response = self.client.post(reverse('admin:index'), {
'username': valid_username,
'password': valid_username
'password': valid_username,
'this_is_the_login_form': 1,
}, HTTP_USER_AGENT=long_user_agent)
self.assertNotIn(LOGIN_FORM_KEY, response.context)
self.assertNotIn(LOGIN_FORM_KEY, response.content)
def test_long_user_agent_not_valid(self):
"""Tests if can handle a long user agent with failure
@ -125,4 +130,4 @@ class AccessAttemptTest(TestCase):
self.assertContains(response, LOGIN_FORM_KEY)
response = self._login()
self.assertContains(response, self.LOCKED_MESSAGE)
self.assertIn(self.LOCKED_MESSAGE, response.content)