Coverage at 100%

example/test_app/tests/test_fido.py

@@ -1,26 +1,37 @@
 import json
+from base64 import urlsafe_b64encode
 from importlib import import_module
 
 from django.http import HttpRequest
 from django.test import RequestFactory,TransactionTestCase, Client
 from django.urls import reverse
 
-from test_app import settings
+from django.conf import settings
 from test_app.soft_webauthn import SoftWebauthnDevice
 
 from passkeys.models import UserPasskey
 
 
+def get_server_id(request):
+    return request.META["SERVER_NAME"] + "1"
+
+def get_server_name(request):
+    return "MySite"
+
 class test_fido(TransactionTestCase):
     def setUp(self) -> None:
         from django.contrib.auth import get_user_model
         self.user_model = get_user_model()
-        self.user = self.user_model.objects.create_user(username="test",password="test")
+        if self.user_model.objects.filter(username="test").count()==0:
+            self.user = self.user_model.objects.create_user(username="test",password="test")
+        else:
+            self.user = self.user_model.objects.get(username="test")
         self.client = Client()
         settings.SESSION_ENGINE = 'django.contrib.sessions.backends.file'
         engine = import_module(settings.SESSION_ENGINE)
+        #settings.SESSION_FILE_PATH = "/"
         store = engine.SessionStore()
-        store.save()
+        store.save(must_create=True)
         self.session = store
         self.client.cookies["sessionid"] = store.session_key
 
@@ -102,11 +113,30 @@ def test_base_username(self):
         self.client.get('/auth/logout')
         session = self.session
         session["base_username"]= "test"
-        session.save()
+        session.save(must_create=True)
+        self.client.cookies["sessionid"] = session.session_key
         r = self.client.get(reverse('passkeys:auth_begin'))
         self.assertEquals(r.status_code, 200)
         j = json.loads(r.content)
         print(j)
+        self.assertEquals(j['publicKey']['allowCredentials'][0]['id'],urlsafe_b64encode(authenticator.credential_id).decode("utf8").strip('='))
 
     def test_passkey_login_no_session(self):
         pass
+
+
+    def test_server_id_callable(self):
+        from test_app.tests.test_fido import get_server_id
+        settings.FIDO_SERVER_ID = get_server_id
+        r = self.client.get(reverse('passkeys:auth_begin'))
+        self.assertEquals(r.status_code, 200)
+        j = json.loads(r.content)
+        self.assertEquals(j['publicKey']['rpId'],'testserver1')
+
+    def test_server_name_callable(self):
+        from test_app.tests.test_fido import get_server_name
+        settings.FIDO_SERVER_NAME = get_server_name
+        r = self.client.get(reverse('passkeys:reg_begin'))
+        self.assertEquals(r.status_code, 200)
+        j = json.loads(r.content)
+        self.assertEquals(j['publicKey']['rp']["name"],'MySite')

example/test_app/tests/test_views.py

@@ -0,0 +1,46 @@
+from django.test import TransactionTestCase, Client
+from django.urls import reverse
+
+from passkeys.models import UserPasskey
+from .test_fido import test_fido
+
+class test_views(TransactionTestCase):
+
+    def setUp(self) -> None:
+        from django.contrib.auth import get_user_model
+        self.user_model = get_user_model()
+        #self.user = self.user_model.objects.create_user(username="test", password="test")
+        self.client = Client()
+        #self.client.post("/auth/login", {"username": "test", "password": "test", 'passkeys': ''})
+        test = test_fido()
+        test.setUp()
+        self.authenticator = test.test_key_reg()
+        self.client.post("/auth/login", {"username": "test", "password": "test", 'passkeys': ''})
+        self.user = self.user_model.objects.get(username="test")
+
+    def test_disabling_key(self):
+        key =UserPasskey.objects.filter(user=self.user).latest('id')
+        self.client.get(reverse('passkeys:toggle') + "?id=" + str(key.id))
+        self.assertFalse(UserPasskey.objects.get(id=key.id).enabled)
+
+        self.client.get(reverse('passkeys:toggle') + "?id=" + str(key.id))
+        self.assertTrue(UserPasskey.objects.get(id=key.id).enabled)
+
+    def test_deleting_key(self):
+        key = UserPasskey.objects.filter(user=self.user).latest('id')
+        self.client.get(reverse('passkeys:delKey') + "?id=" + str(key.id))
+        self.assertEquals(UserPasskey.objects.filter(id=key.id).count(), 0)
+
+    def test_wrong_ownership(self):
+        test = test_fido()
+        test.setUp()
+        authenticator = test.test_key_reg()
+        key = UserPasskey.objects.filter(user=self.user).latest('id')
+        self.user = self.user_model.objects.create_user(username="test2", password="test2")
+        self.client.post("/auth/login", {"username": "test2", "password": "test2", 'passkeys': ''})
+        r = self.client.get(reverse('passkeys:delKey') + "?id="+str(key.id))
+        self.assertEquals(r.status_code, 403)
+        self.assertEquals(r.content,b"Error: You own this token so you can't delete it")
+        r = self.client.get(reverse('passkeys:toggle') + "?id=" + str(key.id))
+        self.assertEquals(r.status_code, 403)
+        self.assertEquals(r.content, b"Error: You own this token so you can't toggle it")

passkeys/views.py

@@ -5,9 +5,9 @@
 from .models import UserPasskey
 
 @login_required
-def index(request,enroll=False):
-    keys = UserPasskey.objects.filter(user=request.user)
-    return render(request,'PassKeys.html',{"keys":keys,"enroll":enroll})
+def index(request,enroll=False): # noqa
+    keys = UserPasskey.objects.filter(user=request.user) # pragma: no cover
+    return render(request,'PassKeys.html',{"keys":keys,"enroll":enroll}) # pragma: no cover
 
 
 @login_required
@@ -16,7 +16,7 @@ def delKey(request):
     if key.user.pk  == request.user.pk:
         key.delete()
         return HttpResponse("Deleted Successfully")
-    return HttpResponse("Error: You own this token so you can't delete it")
+    return HttpResponse("Error: You own this token so you can't delete it", status=403)
 
 @login_required
 def toggleKey(request):
@@ -27,4 +27,4 @@ def toggleKey(request):
         key.enabled=not key.enabled
         key.save()
         return HttpResponse("OK")
-    return HttpResponse("Error")
+    return HttpResponse("Error: You own this token so you can't toggle it", status=403)