pgadmin4/web/pgadmin/browser/tests/test_change_password.py

##########################################################################
#
# pgAdmin 4 - PostgreSQL Tools
#
# Copyright (C) 2013 - 2024, The pgAdmin Development Team
# This software is released under the PostgreSQL Licence
#
##########################################################################

import json
import uuid

from pgadmin.utils.route import BaseTestGenerator
from regression.python_test_utils import test_utils
from regression.test_setup import config_data
from . import utils


class ChangePasswordTestCase(BaseTestGenerator):
    """
    This class validates the change password functionality
    by defining change password scenarios; where dict of
    parameters describes the scenario appended by test name.
    """

    scenarios = [
        # This testcase validates invalid confirmation password
        ('TestCase for Validating Incorrect_New_Password', dict(
            password=(
                config_data['pgAdmin4_login_credentials']
                ['login_password']),
            new_password=(
                config_data['pgAdmin4_login_credentials']
                ['new_password']),
            new_password_confirm=str(uuid.uuid4())[4:8],
            respdata='Passwords do not match')),

        # This testcase validates if confirmation password is less than
        # minimum length
        ('TestCase for Validating New_Password_Less_Than_Min_Length',
         [dict(password=(
             config_data['pgAdmin4_login_credentials']['login_password']),
             new_password=new_password,
             new_password_confirm=new_password,
             respdata='Password must be at least 8 characters')
             for new_password in [str(uuid.uuid4())[4:8]]][0]),

        # This testcase validates if both password fields are left blank
        ('TestCase for Validating Empty_New_Password', dict(
            password=(
                config_data['pgAdmin4_login_credentials']
                ['login_password']),
            new_password='', new_password_confirm='',
            respdata='Password not provided')),

        # This testcase validates if current entered password is incorrect
        ('TestCase for Validating Incorrect_Current_Password', dict(
            password=str(uuid.uuid4())[4:8],
            new_password=(
                config_data['pgAdmin4_login_credentials']
                ['new_password']),
            new_password_confirm=(
                config_data['pgAdmin4_login_credentials']
                ['new_password']),
            respdata='Incorrect username or password')),

        # This test case checks for valid password
        ('TestCase for Changing Valid_Password', dict(
            valid_password='reassigning_password',
            username=(
                config_data['pgAdmin4_test_user_credentials']
                ['login_username']),
            password=(
                config_data['pgAdmin4_test_user_credentials']
                ['login_password']),
            new_password=(
                config_data['pgAdmin4_test_user_credentials']
                ['new_password']),
            new_password_confirm=(
                config_data['pgAdmin4_test_user_credentials']
                ['new_password']),
            respdata='You successfully changed your password.'))
    ]

    @classmethod
    def setUpClass(cls):
        pass

    def runTest(self):
        """This function will check change password functionality."""

        # Check for 'valid_password' exists in self to test 'valid password'
        # test case
        if 'valid_password' in dir(self):
            response = self.tester.post(
                '/user_management/save',
                data=json.dumps({
                    "added": [{
                        "auth_source": "internal",
                        "email": self.username,
                        "role": "2",
                        "active": True,
                        "newPassword": self.password,
                        "confirmPassword": self.password,
                        "locked": False
                    }]
                }),
                follow_redirects=True
            )
            self.assertEqual(response.status_code, 200,
                             'User creation is NOT successful')
            # Get usr id
            response = self.tester.get('/user_management/user/')
            users = json.loads(response.data.decode('utf-8'))
            user_id = None
            for user in users:
                if user['email'] == self.username:
                    user_id = user['id']
                    break
            self.assertIsNotNone(user_id,
                                 'User id for newly created user is None')
            # Logout the Administrator before login normal user
            self.tester.logout()
            response = self.tester.login(self.username, self.password, True)
            self.assertEqual(response.status_code, 200)
            # test the 'change password' test case
            utils.change_password(self)
            # Delete the normal user after changing it's password
            self.tester.logout()
            # Login the Administrator before deleting normal user
            test_utils.login_tester_account(self.tester)
            response = self.tester.post(
                '/user_management/save',
                data=json.dumps({
                    "deleted": [{
                        "id": user_id,
                        "active": True,
                        "auth_source": "internal",
                        "username": self.username,
                        "email": self.username,
                        "role": "2",
                        "locked": False
                    }]
                }),
                follow_redirects=True
            )
            self.assertEqual(response.status_code, 200)
        else:
            utils.change_password(self)

    @classmethod
    def tearDownClass(cls):
        # Make sure - we're already logged out before running
        cls.tester.logout()
        test_utils.login_tester_account(cls.tester)
Fix a bunch of file headers. 2017-03-16 09:27:55 -05:00			`##########################################################################`
Initial version of a regression test framework 2016-04-17 09:39:08 -05:00			`#`
Fix a bunch of file headers. 2017-03-16 09:27:55 -05:00			`# pgAdmin 4 - PostgreSQL Tools`
Initial version of a regression test framework 2016-04-17 09:39:08 -05:00			`#`
Update copyright notices for 2024 2024-01-01 02:43:48 -06:00			`# Copyright (C) 2013 - 2024, The pgAdmin Development Team`
Fix a bunch of file headers. 2017-03-16 09:27:55 -05:00			`# This software is released under the PostgreSQL Licence`
Initial version of a regression test framework 2016-04-17 09:39:08 -05:00			`#`
Fix a bunch of file headers. 2017-03-16 09:27:55 -05:00			`##########################################################################`

Test suite enhancements: 1. The user will specify the tablespace path in test_config.json.in 2. If tablespace path not found, skip the test cases for that server(Only tablespace test cases) 3. Add the skipped test summary in the test result. (Now it's showing on console + in log file, but need to update in a final enhanced test summary report. Which is research point we will work on that after finishing all nodes API test cases) 4. Removed the test_ prefix from the values in the config files. 5. Add tablespace and roles tests 2016-08-09 10:05:40 -05:00			`import json`
Re-organised the regression directory now we have multiple test suites: move test_utils.py into python_test_utils/ 2017-03-23 06:59:31 -05:00			`import uuid`
Optimise Python imports. 2016-06-21 08:12:14 -05:00
Enhancements to the regression test suite. Navnath Gadakh and Priyanka Shendge 2016-07-18 08:50:21 -05:00			`from pgadmin.utils.route import BaseTestGenerator`
Re-organised the regression directory now we have multiple test suites: move test_utils.py into python_test_utils/ 2017-03-23 06:59:31 -05:00			`from regression.python_test_utils import test_utils`
Enhancements to the regression test suite. Navnath Gadakh and Priyanka Shendge 2016-07-18 08:50:21 -05:00			`from regression.test_setup import config_data`
Major update to the test suite: 1. Code changes (due to drop objects functionality). 2. Quoting for database names in drop databases. 3. Code changes for import errors for pickle_path and advanced_config variables. 2016-10-07 07:59:43 -05:00			`from . import utils`
Initial version of a regression test framework 2016-04-17 09:39:08 -05:00

Enhancements to the regression test suite. Navnath Gadakh and Priyanka Shendge 2016-07-18 08:50:21 -05:00			`class ChangePasswordTestCase(BaseTestGenerator):`
Initial version of a regression test framework 2016-04-17 09:39:08 -05:00			`"""`
			`This class validates the change password functionality`
			`by defining change password scenarios; where dict of`
			`parameters describes the scenario appended by test name.`
			`"""`

			`scenarios = [`
			`# This testcase validates invalid confirmation password`
			`('TestCase for Validating Incorrect_New_Password', dict(`
Final PEP-8 fixes 2018-03-08 03:33:43 -06:00			`password=(`
			`config_data['pgAdmin4_login_credentials']`
			`['login_password']),`
			`new_password=(`
			`config_data['pgAdmin4_login_credentials']`
			`['new_password']),`
Initial version of a regression test framework 2016-04-17 09:39:08 -05:00			`new_password_confirm=str(uuid.uuid4())[4:8],`
			`respdata='Passwords do not match')),`

			`# This testcase validates if confirmation password is less than`
			`# minimum length`
			`('TestCase for Validating New_Password_Less_Than_Min_Length',`
Change the following to replace Python 2 code with Python 3: 1) Replace the deprecated unit test method. 2) Wraps filter usage in a list call. 3) Converts the old metaclass syntax to new. 4) Use range instead of xrange method. 5) Change Unicode to str. 6) Several other transformations. 7) Fixed change password test cases. 8) Use simplejson instead of plain JSON. 2020-08-31 06:15:31 -05:00			`[dict(password=(`
			`config_data['pgAdmin4_login_credentials']['login_password']),`
			`new_password=new_password,`
			`new_password_confirm=new_password,`
			`respdata='Password must be at least 8 characters')`
			`for new_password in [str(uuid.uuid4())[4:8]]][0]),`
Initial version of a regression test framework 2016-04-17 09:39:08 -05:00
			`# This testcase validates if both password fields are left blank`
			`('TestCase for Validating Empty_New_Password', dict(`
Final PEP-8 fixes 2018-03-08 03:33:43 -06:00			`password=(`
			`config_data['pgAdmin4_login_credentials']`
			`['login_password']),`
Initial version of a regression test framework 2016-04-17 09:39:08 -05:00			`new_password='', new_password_confirm='',`
			`respdata='Password not provided')),`

Enhancements to the regression test suite. Navnath Gadakh and Priyanka Shendge 2016-07-18 08:50:21 -05:00			`# This testcase validates if current entered password is incorrect`
Initial version of a regression test framework 2016-04-17 09:39:08 -05:00			`('TestCase for Validating Incorrect_Current_Password', dict(`
			`password=str(uuid.uuid4())[4:8],`
Final PEP-8 fixes 2018-03-08 03:33:43 -06:00			`new_password=(`
			`config_data['pgAdmin4_login_credentials']`
			`['new_password']),`
Initial version of a regression test framework 2016-04-17 09:39:08 -05:00			`new_password_confirm=(`
			`config_data['pgAdmin4_login_credentials']`
Test suite enhancements: 1. The user will specify the tablespace path in test_config.json.in 2. If tablespace path not found, skip the test cases for that server(Only tablespace test cases) 3. Add the skipped test summary in the test result. (Now it's showing on console + in log file, but need to update in a final enhanced test summary report. Which is research point we will work on that after finishing all nodes API test cases) 4. Removed the test_ prefix from the values in the config files. 5. Add tablespace and roles tests 2016-08-09 10:05:40 -05:00			`['new_password']),`
Fixed server mode api test case failure. 2021-06-24 09:11:58 -05:00			`respdata='Incorrect username or password')),`
Initial version of a regression test framework 2016-04-17 09:39:08 -05:00
Test suite enhancements: 1. The user will specify the tablespace path in test_config.json.in 2. If tablespace path not found, skip the test cases for that server(Only tablespace test cases) 3. Add the skipped test summary in the test result. (Now it's showing on console + in log file, but need to update in a final enhanced test summary report. Which is research point we will work on that after finishing all nodes API test cases) 4. Removed the test_ prefix from the values in the config files. 5. Add tablespace and roles tests 2016-08-09 10:05:40 -05:00			`# This test case checks for valid password`
Initial version of a regression test framework 2016-04-17 09:39:08 -05:00			`('TestCase for Changing Valid_Password', dict(`
Test suite enhancements: 1. The user will specify the tablespace path in test_config.json.in 2. If tablespace path not found, skip the test cases for that server(Only tablespace test cases) 3. Add the skipped test summary in the test result. (Now it's showing on console + in log file, but need to update in a final enhanced test summary report. Which is research point we will work on that after finishing all nodes API test cases) 4. Removed the test_ prefix from the values in the config files. 5. Add tablespace and roles tests 2016-08-09 10:05:40 -05:00			`valid_password='reassigning_password',`
Final PEP-8 fixes 2018-03-08 03:33:43 -06:00			`username=(`
			`config_data['pgAdmin4_test_user_credentials']`
			`['login_username']),`
			`password=(`
			`config_data['pgAdmin4_test_user_credentials']`
			`['login_password']),`
			`new_password=(`
			`config_data['pgAdmin4_test_user_credentials']`
			`['new_password']),`
Initial version of a regression test framework 2016-04-17 09:39:08 -05:00			`new_password_confirm=(`
Test suite enhancements: 1. The user will specify the tablespace path in test_config.json.in 2. If tablespace path not found, skip the test cases for that server(Only tablespace test cases) 3. Add the skipped test summary in the test result. (Now it's showing on console + in log file, but need to update in a final enhanced test summary report. Which is research point we will work on that after finishing all nodes API test cases) 4. Removed the test_ prefix from the values in the config files. 5. Add tablespace and roles tests 2016-08-09 10:05:40 -05:00			`config_data['pgAdmin4_test_user_credentials']`
			`['new_password']),`
Initial version of a regression test framework 2016-04-17 09:39:08 -05:00			`respdata='You successfully changed your password.'))`
			`]`

Test suite enhancements: 1. The user will specify the tablespace path in test_config.json.in 2. If tablespace path not found, skip the test cases for that server(Only tablespace test cases) 3. Add the skipped test summary in the test result. (Now it's showing on console + in log file, but need to update in a final enhanced test summary report. Which is research point we will work on that after finishing all nodes API test cases) 4. Removed the test_ prefix from the values in the config files. 5. Add tablespace and roles tests 2016-08-09 10:05:40 -05:00			`@classmethod`
			`def setUpClass(cls):`
			`pass`

Initial version of a regression test framework 2016-04-17 09:39:08 -05:00			`def runTest(self):`
			`"""This function will check change password functionality."""`

Test suite enhancements: 1. The user will specify the tablespace path in test_config.json.in 2. If tablespace path not found, skip the test cases for that server(Only tablespace test cases) 3. Add the skipped test summary in the test result. (Now it's showing on console + in log file, but need to update in a final enhanced test summary report. Which is research point we will work on that after finishing all nodes API test cases) 4. Removed the test_ prefix from the values in the config files. 5. Add tablespace and roles tests 2016-08-09 10:05:40 -05:00			`# Check for 'valid_password' exists in self to test 'valid password'`
			`# test case`
			`if 'valid_password' in dir(self):`
PEP8 fixes. Fixes #3175 2018-03-07 05:47:01 -06:00			`response = self.tester.post(`
Fixed API test case for change password in the server mode. Fixes #7648 2022-09-06 01:00:21 -05:00			`'/user_management/save',`
			`data=json.dumps({`
			`"added": [{`
			`"auth_source": "internal",`
			`"email": self.username,`
			`"role": "2",`
			`"active": True,`
			`"newPassword": self.password,`
			`"confirmPassword": self.password,`
			`"locked": False`
			`}]`
			`}),`
PEP8 fixes. Fixes #3175 2018-03-07 05:47:01 -06:00			`follow_redirects=True`
			`)`
Fixed API test case for change password in the server mode. Fixes #7648 2022-09-06 01:00:21 -05:00			`self.assertEqual(response.status_code, 200,`
			`'User creation is NOT successful')`
			`# Get usr id`
			`response = self.tester.get('/user_management/user/')`
			`users = json.loads(response.data.decode('utf-8'))`
			`user_id = None`
			`for user in users:`
			`if user['email'] == self.username:`
			`user_id = user['id']`
			`break`
			`self.assertIsNotNone(user_id,`
			`'User id for newly created user is None')`
Test suite enhancements: 1. The user will specify the tablespace path in test_config.json.in 2. If tablespace path not found, skip the test cases for that server(Only tablespace test cases) 3. Add the skipped test summary in the test result. (Now it's showing on console + in log file, but need to update in a final enhanced test summary report. Which is research point we will work on that after finishing all nodes API test cases) 4. Removed the test_ prefix from the values in the config files. 5. Add tablespace and roles tests 2016-08-09 10:05:40 -05:00			`# Logout the Administrator before login normal user`
Fixed CSRF security vulnerability issue. per Alvin Lindstam. Fixes #4217 Initial patch by: Khushboo Vashi Modified by: Ashesh Vashi and Murtuza Zabuawala 2019-05-28 00:29:51 -05:00			`self.tester.logout()`
			`response = self.tester.login(self.username, self.password, True)`
Change the following to replace Python 2 code with Python 3: 1) Replace the deprecated unit test method. 2) Wraps filter usage in a list call. 3) Converts the old metaclass syntax to new. 4) Use range instead of xrange method. 5) Change Unicode to str. 6) Several other transformations. 7) Fixed change password test cases. 8) Use simplejson instead of plain JSON. 2020-08-31 06:15:31 -05:00			`self.assertEqual(response.status_code, 200)`
Test suite enhancements: 1. The user will specify the tablespace path in test_config.json.in 2. If tablespace path not found, skip the test cases for that server(Only tablespace test cases) 3. Add the skipped test summary in the test result. (Now it's showing on console + in log file, but need to update in a final enhanced test summary report. Which is research point we will work on that after finishing all nodes API test cases) 4. Removed the test_ prefix from the values in the config files. 5. Add tablespace and roles tests 2016-08-09 10:05:40 -05:00			`# test the 'change password' test case`
Major update to the test suite: 1. Code changes (due to drop objects functionality). 2. Quoting for database names in drop databases. 3. Code changes for import errors for pickle_path and advanced_config variables. 2016-10-07 07:59:43 -05:00			`utils.change_password(self)`
Test suite enhancements: 1. The user will specify the tablespace path in test_config.json.in 2. If tablespace path not found, skip the test cases for that server(Only tablespace test cases) 3. Add the skipped test summary in the test result. (Now it's showing on console + in log file, but need to update in a final enhanced test summary report. Which is research point we will work on that after finishing all nodes API test cases) 4. Removed the test_ prefix from the values in the config files. 5. Add tablespace and roles tests 2016-08-09 10:05:40 -05:00			`# Delete the normal user after changing it's password`
Fixed CSRF security vulnerability issue. per Alvin Lindstam. Fixes #4217 Initial patch by: Khushboo Vashi Modified by: Ashesh Vashi and Murtuza Zabuawala 2019-05-28 00:29:51 -05:00			`self.tester.logout()`
Test suite enhancements: 1. The user will specify the tablespace path in test_config.json.in 2. If tablespace path not found, skip the test cases for that server(Only tablespace test cases) 3. Add the skipped test summary in the test result. (Now it's showing on console + in log file, but need to update in a final enhanced test summary report. Which is research point we will work on that after finishing all nodes API test cases) 4. Removed the test_ prefix from the values in the config files. 5. Add tablespace and roles tests 2016-08-09 10:05:40 -05:00			`# Login the Administrator before deleting normal user`
Major update to the test suite: 1. Code changes (due to drop objects functionality). 2. Quoting for database names in drop databases. 3. Code changes for import errors for pickle_path and advanced_config variables. 2016-10-07 07:59:43 -05:00			`test_utils.login_tester_account(self.tester)`
Fixed API test case for change password in the server mode. Fixes #7648 2022-09-06 01:00:21 -05:00			`response = self.tester.post(`
			`'/user_management/save',`
			`data=json.dumps({`
			`"deleted": [{`
			`"id": user_id,`
			`"active": True,`
			`"auth_source": "internal",`
			`"username": self.username,`
			`"email": self.username,`
			`"role": "2",`
			`"locked": False`
			`}]`
			`}),`
PEP8 fixes. Fixes #3175 2018-03-07 05:47:01 -06:00			`follow_redirects=True`
			`)`
Change the following to replace Python 2 code with Python 3: 1) Replace the deprecated unit test method. 2) Wraps filter usage in a list call. 3) Converts the old metaclass syntax to new. 4) Use range instead of xrange method. 5) Change Unicode to str. 6) Several other transformations. 7) Fixed change password test cases. 8) Use simplejson instead of plain JSON. 2020-08-31 06:15:31 -05:00			`self.assertEqual(response.status_code, 200)`
Test suite enhancements: 1. The user will specify the tablespace path in test_config.json.in 2. If tablespace path not found, skip the test cases for that server(Only tablespace test cases) 3. Add the skipped test summary in the test result. (Now it's showing on console + in log file, but need to update in a final enhanced test summary report. Which is research point we will work on that after finishing all nodes API test cases) 4. Removed the test_ prefix from the values in the config files. 5. Add tablespace and roles tests 2016-08-09 10:05:40 -05:00			`else:`
Major update to the test suite: 1. Code changes (due to drop objects functionality). 2. Quoting for database names in drop databases. 3. Code changes for import errors for pickle_path and advanced_config variables. 2016-10-07 07:59:43 -05:00			`utils.change_password(self)`
Test suite enhancements: 1. The user will specify the tablespace path in test_config.json.in 2. If tablespace path not found, skip the test cases for that server(Only tablespace test cases) 3. Add the skipped test summary in the test result. (Now it's showing on console + in log file, but need to update in a final enhanced test summary report. Which is research point we will work on that after finishing all nodes API test cases) 4. Removed the test_ prefix from the values in the config files. 5. Add tablespace and roles tests 2016-08-09 10:05:40 -05:00
			`@classmethod`
			`def tearDownClass(cls):`
Fixed CSRF security vulnerability issue. per Alvin Lindstam. Fixes #4217 Initial patch by: Khushboo Vashi Modified by: Ashesh Vashi and Murtuza Zabuawala 2019-05-28 00:29:51 -05:00			`# Make sure - we're already logged out before running`
			`cls.tester.logout()`
Major update to the test suite: 1. Code changes (due to drop objects functionality). 2. Quoting for database names in drop databases. 3. Code changes for import errors for pickle_path and advanced_config variables. 2016-10-07 07:59:43 -05:00			`test_utils.login_tester_account(cls.tester)`