Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Commit 68ba00f

Browse files
Add more logging and more comprehencive tests
1 parent b14300d commit 68ba00f

File tree

2 files changed

+42
-7
lines changed

2 files changed

+42
-7
lines changed

‎mailauth/backends.py‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ def authenticate(self, request, token=None):
2828
except SignatureExpired:
2929
logger.warning("Token has expired.", exc_info=True)
3030
except BadSignature:
31-
logger.exception("Malicious or corrupted login token received.")
31+
logger.exception('Malicious or corrupted login token received: "%s"', token)
3232
else:
3333
if self.user_can_authenticate(user):
3434
return user

‎tests/test_backends.py‎

Lines changed: 41 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,22 +1,57 @@
1+
import logging
2+
13
from mailauth.backends import MailAuthBackend
24

35

46
class TestMailAuthBackend:
5-
67
def test_authenticate(self, db, user, settings, signer, signature):
7-
settings.LOGIN_URL_TIMEOUT = float('inf')
8+
settings.LOGIN_URL_TIMEOUT = float("inf")
89
backend = MailAuthBackend()
910
backend.signer = signer
1011
user = backend.authenticate(None, token=signature)
1112
assert user is not None
1213
assert user.is_authenticated
1314

14-
def test_authenticate__user_does_not_exist(self, db, settings, signer, signature):
15-
settings.LOGIN_URL_TIMEOUT = float('inf')
15+
def test_authenticate__user_does_not_exist(
16+
self, db, caplog, settings, signer, signature
17+
):
18+
settings.LOGIN_URL_TIMEOUT = float("inf")
1619
backend = MailAuthBackend()
1720
backend.signer = signer
18-
user = backend.authenticate(None, token=signature)
21+
with caplog.at_level(logging.WARNING):
22+
user = backend.authenticate(None, token=signature)
1923
assert user is None
24+
assert caplog.records[-1].levelname == "WARNING"
25+
assert caplog.records[-1].message == (
26+
"Valid token for non-existing user. Maybe the user has been deleted."
27+
)
28+
29+
def test_authenticate__timeout(
30+
self, db, caplog, user, settings, signer, signature
31+
):
32+
settings.LOGIN_URL_TIMEOUT = 0
33+
backend = MailAuthBackend()
34+
backend.signer = signer
35+
with caplog.at_level(logging.WARNING):
36+
user = backend.authenticate(None, token=signature)
37+
assert user is None
38+
assert caplog.records[-1].levelname == "WARNING"
39+
assert caplog.records[-1].message == "Token has expired."
40+
41+
def test_authenticate__corrupted_token(
42+
self, db, caplog, user, settings, signer, signature
43+
):
44+
settings.LOGIN_URL_TIMEOUT = 0
45+
backend = MailAuthBackend()
46+
backend.signer = signer
47+
with caplog.at_level(logging.ERROR):
48+
user = backend.authenticate(None, token="not/a/valid-token")
49+
assert user is None
50+
assert caplog.records[-1].levelname == "ERROR"
51+
assert (
52+
caplog.records[-1].message
53+
== 'Malicious or corrupted login token received: "not/a/valid-token"'
54+
)
2055

2156
def test_get_token(self, signer, signature, user):
2257
backend = MailAuthBackend()
@@ -27,5 +62,5 @@ def test_get_login_url(self, signer, signature):
2762
backend = MailAuthBackend()
2863
MailAuthBackend.signer = signer
2964
assert backend.get_login_url(signature) == (
30-
'/accounts/login/LZ/173QUS/1Hjptg/fTLJcaon_7zMDyFTIFtlDqbdSt4'
65+
"/accounts/login/LZ/173QUS/1Hjptg/fTLJcaon_7zMDyFTIFtlDqbdSt4"
3166
)

0 commit comments

Comments
(0)

AltStyle によって変換されたページ (->オリジナル) /