Hopiu/django-axes
1
0
Fork 0
mirror of https://github.com/jazzband/django-axes.git synced 2026-05-12 01:23:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
django-axes/axes/tests.py

128 lines
4.5 KiB
Python
Raw Blame History

import random
import string
from django.test import TestCase
from django.contrib.auth.models import User
from django.core.urlresolvers import reverse
from django.test.utils import override_settings
from axes.decorators import FAILURE_LIMIT
from axes.decorators import LOGIN_FORM_KEY
class AccessAttemptTest(TestCase):
"""Test case using custom settings for testing
"""
LOCKED_MESSAGE = 'Account locked: too many login attempts.'
def _generate_random_string(self):
"""Generates a random string
"""
chars = string.ascii_uppercase + string.digits
return ''.join(random.choice(chars) for x in range(20))
def _random_username(self, existing_username=False):
"""Returns a username, existing or not depending on params
"""
if existing_username:
return User.objects.order_by('?')[0].username
return self._generate_random_string()
def _login(self, existing_username=False, user_agent='test-browser'):
response = self.client.post(reverse('admin:index'), {
'username': self._random_username(existing_username),
'password': self._generate_random_string(),
}, HTTP_USER_AGENT=user_agent)
return response
def setUp(self):
"""Creates users for testing the login
"""
for i in range(0, random.randrange(10, 50)):
username = "person%s" % i
email = "%s@example.org" % username
u = User.objects.create_user(
username=username,
password=username,
email=email,
)
u.is_staff = True
u.save()
def test_login_max(self, existing_username=False):
"""Tests the login lock trying to login one more time
than failure limit
"""
for i in range(0, FAILURE_LIMIT):
response = self._login(existing_username=existing_username)
# Check if we are in the same login page
self.assertContains(response, LOGIN_FORM_KEY)
# So, we shouldn't have gotten a lock-out yet.
# But we should get one now
response = self._login()
self.assertContains(response, self.LOCKED_MESSAGE)
def test_with_real_username_max(self):
"""Tests the login lock with a real username
"""
self.test_login_max(existing_username=True)
def test_login_max_with_more_attempts(self, existing_username=False):
"""Tests the login lock trying to login a lot of times more
than failure limit
"""
for i in range(0, FAILURE_LIMIT):
response = self._login(existing_username=existing_username)
# Check if we are in the same login page
self.assertContains(response, LOGIN_FORM_KEY)
# So, we shouldn't have gotten a lock-out yet.
# But we should get one now
for i in range(0, random.randrange(1, 100)):
# try to log in a bunch of times
response = self._login()
self.assertContains(response, self.LOCKED_MESSAGE)
def test_with_real_username_max_with_more(self):
"""Tests the login lock for a bunch of times with a real username
"""
self.test_login_max_with_more_attempts(existing_username=True)
def test_valid_login(self):
"""Tests a valid login for a real username
"""
valid_username = self._random_username(existing_username=True)
response = self.client.post(reverse('admin:index'), {
'username': valid_username,
'password': valid_username
})
self.assertNotIn(LOGIN_FORM_KEY, response.context)
def test_long_user_agent_valid(self):
"""Tests if can handle a long user agent
"""
long_user_agent = 'ie6' * 1024
valid_username = self._random_username(existing_username=True)
response = self.client.post(reverse('admin:index'), {
'username': valid_username,
'password': valid_username
}, HTTP_USER_AGENT=long_user_agent)
self.assertNotIn(LOGIN_FORM_KEY, response.context)
def test_long_user_agent_not_valid(self):
"""Tests if can handle a long user agent with failure
"""
long_user_agent = 'ie6' * 1024
for i in range(0, FAILURE_LIMIT):
response = self._login(
existing_username=False,
user_agent=long_user_agent,
)
self.assertContains(response, LOGIN_FORM_KEY)
response = self._login()
self.assertContains(response, self.LOCKED_MESSAGE)
Reference in a new issue View git blame Copy permalink