def setUp(self):
app = create_app('testing')
self.context = app.test_request_context()
self.context.push()
self.client = app.test_client()
self.user = User(email='*****@*****.**', username='******')
self.user.set_password('123')
self.user.save()
def manager_user():
grade = request.args.get('grade', '2')
if grade == '1':
users = User.objects(is_admin='1').all()
else:
users = User.objects(is_admin='2').all()
page = request.args.get('page', 1, int)
pagination = users.paginate(page, 10)
targets = pagination.items
return render_template('admin/manager_user.html', pagination=pagination, targets=targets)
def validate_token(user, token, operation, new_password=None):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except (SignatureExpired, BadSignature):
return False
if operation != data.get('operation') or str(user.pk) != data.get('id'):
return False
if operation == 'confirm':
user.confirmed = True
elif operation == 'reset-password':
user.set_password(new_password)
elif operation == 'change_email':
new_email = data.get('new_email')
if new_email is None:
return False
if User.objects(email=new_email).first() is not None:
return False
user.email = new_email
else:
return False
user.save()
return True
def upgrade(user_id):
form = UpgradeForm()
user = User.objects(pk=user_id).first()
if form.validate_on_submit():
user.update(is_admin=form.is_admin.data)
flash('修改管理成功', 'success')
return redirect(url_for('admin.manager_user'))
form.is_admin.data = user.is_admin
return render_template('admin/upgrade.html', form=form)
def register():
if current_user.is_authenticated:
return redirect(url_for('base'))
form = RegisterForm()
if form.validate_on_submit():
email = form.email.data.lower()
username = form.username.data
user = User(email=email, username=username)
user.set_password(form.password.data)
user.judge_is_admin()
user.save()
token = generate_token(user=user, operation='confirm')
send_confirm_email(user=user, token=token)
flash('确认邮件已发送,请检查您的收件箱', 'info')
return redirect(url_for('user.login'))
return render_template('user/register.html', form=form)
def forget_password():
if current_user.is_authenticated:
return redirect(url_for('base'))
form = ForgetPasswordForm()
if form.validate_on_submit():
user = User.objects(email=form.email.data.lower()).first()
if user:
token = generate_token(user=user, operation='reset-password')
send_reset_password_email(user=user, token=token)
flash('重置密码邮件已发送,请到邮箱中确认', 'info')
return redirect(url_for('user.login'))
flash('该邮箱不存在', 'warning')
return redirect(url_for('user.forget_password'))
return render_template('user/reset_password.html', form=form)
def test_register(self):
self.logout()
email = '*****@*****.**'
username = '******'
password = '******'
password2 = '1234567a'
res = self.client.post(url_for('user.register'),
data=dict(email=email,
username=username,
password=password,
password2=password2),
follow_redirects=True)
data = res.get_data(as_text=True)
user = User.objects(username='******').first()
user.delete()
self.assertEqual(res.status_code, 200)
self.assertIn('确认邮件已发送,请检查您的收件箱', data)
def test_reset_password_token(self):
user = User(email='*****@*****.**', username='******')
user.set_password('123')
user.save()
res = self.client.get(url_for('user.reset_password', token=False),
follow_redirects=True)
data = res.get_data(as_text=True)
token = generate_token(user, 'reset-password')
res1 = self.client.post(url_for('user.reset_password', token=token),
data=dict(email=user.email,
password='******',
password2='12345678'),
follow_redirects=True)
data1 = res1.get_data(as_text=True)
token = generate_token(user, 'reset')
res2 = self.client.post(url_for('user.reset_password', token=token),
data=dict(email=user.email,
password='******',
password2='1234567a'),
follow_redirects=True)
data2 = res2.get_data(as_text=True)
token = generate_token(user, 'reset-password')
res3 = self.client.post(url_for('user.reset_password', token=token),
data=dict(email='*****@*****.**',
password='******',
password2='12345678'),
follow_redirects=True)
data3 = res3.get_data(as_text=True)
user.delete()
self.assertEqual(res.status_code, 200)
self.assertIn('重置密码', data)
self.assertEqual(res1.status_code, 200)
self.assertIn('重置密码成功', data1)
self.assertEqual(res2.status_code, 200)
self.assertIn('无效或者过期的链接', data2)
self.assertEqual(res3.status_code, 200)
self.assertIn('邮箱不存在', data3)
def test_upgrade(self):
self.user.is_admin = 3
self.user.save()
self.login()
user = User(email='*****@*****.**', username='******')
user.set_password('123456789a')
user.save()
res = self.client.get(url_for('admin.upgrade', user_id=user.id))
data = res.get_data(as_text=True)
res1 = self.client.post(url_for('admin.upgrade', user_id=user.id),
data=dict(is_admin=2),
follow_redirects=True)
data1 = res1.get_data(as_text=True)
user.delete()
self.assertEqual(res.status_code, 200)
self.assertIn('升级或降级管理员', data)
self.assertEqual(res1.status_code, 200)
self.assertIn('修改管理成功', data1)
def login():
if current_user.is_authenticated:
return redirect(url_for('base'))
form = LoginForm()
if form.validate_on_submit():
user = User.objects(email=form.email.data).first()
if user:
if user.validate_password(form.password.data):
login_user(user, form.remember_me.data)
flash('欢迎回来.', 'info')
return redirect_back()
else:
flash('密码错误', 'warning')
return redirect(url_for('user.login'))
else:
flash('帐号不存在', 'warning')
return redirect(url_for('user.login'))
return render_template('user/login.html', form=form)
def reset_password(token):
if current_user.is_authenticated:
return redirect(url_for('base'))
form = ResetPasswordForm()
if form.validate_on_submit():
user = User.objects(email=form.email.data.lower()).first()
if user is None:
flash('邮箱不存在', 'warning')
return redirect(url_for('base'))
if validate_token(user=user,
token=token,
operation='reset-password',
new_password=form.password.data):
flash('重置密码成功', 'success')
return redirect(url_for('user.login'))
else:
flash('无效或者过期的链接', 'danger')
return redirect(url_for('user.forget_password'))
return render_template('user/reset_password.html', form=form)
def test_useless_operation(self):
self.user.confirmed = False
self.user.save()
self.login()
user = User(email='*****@*****.**', username='******')
user.set_password('123')
user.save()
token = generate_token(user, 'confirm')
res = self.client.get(url_for('user.confirm', token=token),
follow_redirects=True)
data = res.get_data(as_text=True)
token = generate_token(user,
'change_email',
new_email='*****@*****.**')
res1 = self.client.get(url_for('user.change_email', token=token),
follow_redirects=True)
data1 = res1.get_data(as_text=True)
res2 = self.client.get(url_for('user.change_email', token=False),
follow_redirects=True)
data2 = res2.get_data(as_text=True)
token = generate_token(self.user, 'confirmconfirm')
res3 = self.client.get(url_for('user.confirm', token=token),
follow_redirects=True)
data3 = res3.get_data(as_text=True)
user.delete()
self.assertEqual(res.status_code, 200)
self.assertIn('无效或者过期的链接', data)
self.assertEqual(res1.status_code, 200)
self.assertIn('无效或者过期的链接', data1)
self.assertEqual(res2.status_code, 200)
self.assertIn('无效或者过期的链接', data2)
self.assertEqual(res3.status_code, 200)
self.assertIn('无效或者过期的链接', data3)
class BaseTestCase(unittest.TestCase):
def setUp(self):
app = create_app('testing')
self.context = app.test_request_context()
self.context.push()
self.client = app.test_client()
self.user = User(email='*****@*****.**', username='******')
self.user.set_password('123')
self.user.save()
def tearDown(self):
self.user.delete()
self.context.pop()
def login(self):
email = self.user.email
password = '******'
res = self.client.post(url_for('user.login'), data=dict(email=email,
password=password), follow_redirects=True)
return res
def logout(self):
return self.client.get(url_for('user.logout'), follow_redirects=True)
def validate_username(self, field):
if User.objects(username=field.data).first():
raise ValidationError('帐号已经存在')
def validate_email(self, field):
if User.objects(email=field.data.lower()).first():
raise ValidationError('该邮箱已被注册')