@pytest.fixture(autouse=True)

    def app_fixture(self):

        h = NullHandler()

        logging.getLogger("kallithea").addHandler(h)

        self.app = TestApp(testapp)

        return self.app

    def log_user(self, username=TEST_USER_ADMIN_LOGIN,

                 password=TEST_USER_ADMIN_PASS):

        self._logged_username = username

        response = self.app.post(url(controller='login', action='index'),

                                 {'username': username,

        if 'Invalid username or password' in response.body:

            pytest.fail('could not login using %s %s' % (username, password))

        assert response.status == '302 Found'

        self.assert_authenticated_user(response, username)

        response = response.follow()

        return response.session['authuser']

    def _get_logged_user(self):

        return User.get_by_username(self._logged_username)

class TestLoginController(TestController):

    def test_index(self):

        response = self.app.get(url(controller='login', action='index'))

        assert response.status == '200 OK'

        # Test response...

    def test_login_admin_ok(self):

        response = self.app.post(url(controller='login', action='index'),

                                 {'username': TEST_USER_ADMIN_LOGIN,

        assert response.status == '302 Found'

        self.assert_authenticated_user(response, TEST_USER_ADMIN_LOGIN)

        response = response.follow()

        response.mustcontain('/%s' % HG_REPO)

    def test_login_regular_ok(self):

        response = self.app.post(url(controller='login', action='index'),

                                 {'username': TEST_USER_REGULAR_LOGIN,

        assert response.status == '302 Found'

        self.assert_authenticated_user(response, TEST_USER_REGULAR_LOGIN)

        response = response.follow()

        response.mustcontain('/%s' % HG_REPO)

    def test_login_regular_email_ok(self):

        response = self.app.post(url(controller='login', action='index'),

                                 {'username': TEST_USER_REGULAR_EMAIL,

        assert response.status == '302 Found'

        self.assert_authenticated_user(response, TEST_USER_REGULAR_LOGIN)

        response = response.follow()

        response.mustcontain('/%s' % HG_REPO)

    def test_login_ok_came_from(self):

        test_came_from = '/_admin/users'

        response = self.app.post(url(controller='login', action='index',

                                     came_from=test_came_from),

                                 {'username': TEST_USER_ADMIN_LOGIN,

        assert response.status == '302 Found'

        response = response.follow()

        assert response.status == '200 OK'

        response.mustcontain('Users Administration')

    def test_login_do_not_remember(self):

        response = self.app.post(url(controller='login', action='index'),

                                 {'username': TEST_USER_REGULAR_LOGIN,

                                  'password': TEST_USER_REGULAR_PASS,

        assert 'Set-Cookie' in response.headers

        for cookie in response.headers.getall('Set-Cookie'):

            assert not re.search(r';\s+(Max-Age|Expires)=', cookie, re.IGNORECASE), 'Cookie %r has expiration date, but should be a session cookie' % cookie

    def test_login_remember(self):

        response = self.app.post(url(controller='login', action='index'),

                                 {'username': TEST_USER_REGULAR_LOGIN,

                                  'password': TEST_USER_REGULAR_PASS,

        assert 'Set-Cookie' in response.headers

        for cookie in response.headers.getall('Set-Cookie'):

            assert re.search(r';\s+(Max-Age|Expires)=', cookie, re.IGNORECASE), 'Cookie %r should have expiration date, but is a session cookie' % cookie

    def test_logout(self):

        response = self.app.post(url(controller='login', action='index'),

                                 {'username': TEST_USER_REGULAR_LOGIN,

        # Verify that a login session has been established.

        response = self.app.get(url(controller='login', action='index'))

        response = response.follow()

        assert 'authuser' in response.session

        response.click('Log Out')

        # Verify that the login session has been terminated.

        response = self.app.get(url(controller='login', action='index'))

        assert 'authuser' not in response.session

          ('file:///etc/passwd',),

          ('ftp://ftp.example.com',),

          ('http://other.example.com/bl%C3%A5b%C3%A6rgr%C3%B8d',),

          ('//evil.example.com/',),

          ('/\r\nX-Header-Injection: boo',),

          ('/invälid_url_bytes',),

          ('non-absolute-path',),

    ])

    def test_login_bad_came_froms(self, url_came_from):

        response = self.app.post(url(controller='login', action='index',

                                     came_from=url_came_from),

                                 {'username': TEST_USER_ADMIN_LOGIN,

                                 status=400)

    def test_login_short_password(self):

        response = self.app.post(url(controller='login', action='index'),

                                 {'username': TEST_USER_ADMIN_LOGIN,

        assert response.status == '200 OK'

        response.mustcontain('Enter 3 characters or more')

    def test_login_wrong_username_password(self):

        response = self.app.post(url(controller='login', action='index'),

                                 {'username': 'error',

        response.mustcontain('Invalid username or password')

    def test_login_non_ascii(self):

        response = self.app.post(url(controller='login', action='index'),

                                 {'username': TEST_USER_REGULAR_LOGIN,

        response.mustcontain('>Invalid username or password<')

    # verify that get arguments are correctly passed along login redirection

    @parametrize('args,args_encoded', [

        ({'foo':'one', 'bar':'two'}, (('foo', 'one'), ('bar', 'two'))),

        ({'blue': u'blå'.encode('utf-8'), 'green':u'grøn'},

             (('blue', u'blå'.encode('utf-8')), ('green', u'grøn'.encode('utf-8')))),

    ])

    def test_redirection_to_login_form_preserves_get_args(self, args, args_encoded):

        with fixture.anon_access(False):

        for encoded in args_encoded:

            assert encoded in came_from

    @parametrize('args,args_encoded', [

        ({'foo':'one', 'bar':'two'}, ('foo=one', 'bar=two')),

        ({'blue': u'blå', 'green':u'grøn'},

             ('blue=bl%C3%A5', 'green=gr%C3%B8n')),

    ])

    def test_redirection_after_successful_login_preserves_get_args(self, args, args_encoded):

        response = self.app.post(url(controller='login', action='index',

                                     came_from=url('/_admin/users', **args)),

                                 {'username': TEST_USER_ADMIN_LOGIN,

        assert response.status == '302 Found'

        for encoded in args_encoded:

            assert encoded in response.location

    @parametrize('args,args_encoded', [

        ({'foo':'one', 'bar':'two'}, ('foo=one', 'bar=two')),

        ({'blue': u'blå', 'green':u'grøn'},

             ('blue=bl%C3%A5', 'green=gr%C3%B8n')),

    ])

    def test_login_form_after_incorrect_login_preserves_get_args(self, args, args_encoded):

        response = self.app.post(url(controller='login', action='index',

                                     came_from=url('/_admin/users', **args)),

                                 {'username': 'error',

        response.mustcontain('Invalid username or password')

        came_from = urlparse.parse_qs(urlparse.urlparse(response.form.action).query)['came_from'][0]

        for encoded in args_encoded:

            assert encoded in came_from

    #==========================================================================

    # REGISTRATIONS

    #==========================================================================

    def test_register(self):

        response = self.app.get(url(controller='login', action='register'))

        response.mustcontain('Sign Up')

    def test_register_err_same_username(self):

        uname = TEST_USER_ADMIN_LOGIN

        response = self.app.post(url(controller='login', action='register'),

                                            {'username': uname,

                                             'password': 'test12',

                                             'password_confirmation': 'test12',

                                             'email': 'goodmail@example.com',

                                             'firstname': 'test',

        with test_context(self.app):

            msg = validators.ValidUsername()._messages['username_exists']

        msg = h.html_escape(msg % {'username': uname})

        response.mustcontain(msg)

    def test_register_err_same_email(self):

        response = self.app.post(url(controller='login', action='register'),

                                            {'username': 'test_admin_0',

                                             'password': 'test12',

                                             'password_confirmation': 'test12',

                                             'email': TEST_USER_ADMIN_EMAIL,

                                             'firstname': 'test',

        with test_context(self.app):

            msg = validators.UniqSystemEmail()()._messages['email_taken']

        response.mustcontain(msg)

    def test_register_err_same_email_case_sensitive(self):

        response = self.app.post(url(controller='login', action='register'),

                                            {'username': 'test_admin_1',

                                             'password': 'test12',

                                             'password_confirmation': 'test12',

                                             'email': TEST_USER_ADMIN_EMAIL.title(),

                                             'firstname': 'test',

        with test_context(self.app):

            msg = validators.UniqSystemEmail()()._messages['email_taken']

        response.mustcontain(msg)

    def test_register_err_wrong_data(self):

        response = self.app.post(url(controller='login', action='register'),

                                            {'username': 'xs',

                                             'password': 'test',

                                             'password_confirmation': 'test',

                                             'email': 'goodmailm',

                                             'firstname': 'test',

        assert response.status == '200 OK'

        response.mustcontain('An email address must contain a single @')

        response.mustcontain('Enter a value 6 characters long or more')

    def test_register_err_username(self):

        response = self.app.post(url(controller='login', action='register'),

                                            {'username': 'error user',

                                             'password': 'test12',

                                             'password_confirmation': 'test12',

                                             'email': 'goodmailm',

                                             'firstname': 'test',

        response.mustcontain('An email address must contain a single @')

        response.mustcontain('Username may only contain '

                'alphanumeric characters underscores, '

                'periods or dashes and must begin with an '

                'alphanumeric character')

    def test_register_err_case_sensitive(self):

        usr = TEST_USER_ADMIN_LOGIN.title()

        response = self.app.post(url(controller='login', action='register'),

                                            {'username': usr,

                                             'password': 'test12',

                                             'password_confirmation': 'test12',

                                             'email': 'goodmailm',

                                             'firstname': 'test',

        response.mustcontain('An email address must contain a single @')

        with test_context(self.app):

            msg = validators.ValidUsername()._messages['username_exists']

        msg = h.html_escape(msg % {'username': usr})

        response.mustcontain(msg)

    def test_register_special_chars(self):

        response = self.app.post(url(controller='login', action='register'),

                                        {'username': 'xxxaxn',

                                         'password': 'ąćźżąśśśś',

                                         'password_confirmation': 'ąćźżąśśśś',

                                         'email': 'goodmailm@test.plx',

                                         'firstname': 'test',

        with test_context(self.app):

            msg = validators.ValidPassword()._messages['invalid_password']

        response.mustcontain(msg)

    def test_register_password_mismatch(self):

        response = self.app.post(url(controller='login', action='register'),

                                            {'username': 'xs',

                                             'password': '123qwe',

                                             'password_confirmation': 'qwe123',

                                             'email': 'goodmailm@test.plxa',

                                             'firstname': 'test',

        with test_context(self.app):

            msg = validators.ValidPasswordsMatch('password', 'password_confirmation')._messages['password_mismatch']

        response.mustcontain(msg)

    def test_register_ok(self):

        username = 'test_regular4'

        password = 'qweqwe'

        email = 'user4@example.com'

        name = 'testname'

        lastname = 'testlastname'

        response = self.app.post(url(controller='login', action='register'),

                                            {'username': username,

                                             'password': password,

                                             'password_confirmation': password,

                                             'email': email,

                                             'firstname': name,

                                             'lastname': lastname,

        assert response.status == '302 Found'

        self.checkSessionFlash(response, 'You have successfully registered with Kallithea')

        ret = Session().query(User).filter(User.username == 'test_regular4').one()

        assert ret.username == username

        assert check_password(password, ret.password) == True

        assert ret.email == email

        assert ret.name == name

        assert ret.lastname == lastname

        assert ret.api_key is not None

        assert ret.admin == False

    #==========================================================================

    # PASSWORD RESET

    #==========================================================================

    def test_forgot_password_wrong_mail(self):

        bad_email = 'username%wrongmail.org'

        response = self.app.post(

                        url(controller='login', action='password_reset'),

        response.mustcontain('An email address must contain a single @')

    def test_forgot_password(self):

        response = self.app.get(url(controller='login',

                                    action='password_reset'))

        assert response.status == '200 OK'

        username = 'test_password_reset_1'

        password = 'qweqwe'

        email = 'username@example.com'

        name = u'passwd'

        new = User()

        new.username = username

        new.password = password

        new.email = email

        new.name = name

        new.lastname = lastname

        new.api_key = generate_api_key()

        Session().add(new)

        Session().commit()

        response = self.app.post(url(controller='login',

                                     action='password_reset'),

        self.checkSessionFlash(response, 'A password reset confirmation code has been sent')

        response = response.follow()

        # BAD TOKEN

        token = "bad"

        response = self.app.post(url(controller='login',

                                     action='password_reset_confirmation'),

                                 {'email': email,

                                  'timestamp': timestamp,

                                  'password': "p@ssw0rd",

                                  'password_confirm': "p@ssw0rd",

                                  'token': token,

                                 })

        assert response.status == '200 OK'

        response.mustcontain('Invalid password reset token')

        # GOOD TOKEN

        # TODO: The token should ideally be taken from the mail sent

        # above, instead of being recalculated.

        token = UserModel().get_reset_password_token(

            User.get_by_username(username), timestamp, self.authentication_token())

                                    timestamp=timestamp,

                                    token=token))

        assert response.status == '200 OK'

        response.mustcontain("You are about to set a new password for the email address %s" % email)

        response = self.app.post(url(controller='login',

                                     action='password_reset_confirmation'),

                                 {'email': email,

                                  'timestamp': timestamp,

                                  'password': "p@ssw0rd",

                                  'password_confirm': "p@ssw0rd",

                                  'token': token,

                                 })

        assert response.status == '302 Found'

        self.checkSessionFlash(response, 'Successfully updated password')

        response = response.follow()

    #==========================================================================

    # API

    #==========================================================================

    def _api_key_test(self, api_key, status):

        """Verifies HTTP status code for accessing an auth-requiring page,