def test_reset_user_password(self, testdir_class, test_utils):
testdir_class.activate()
username = test_utils.random_string(5)
Users.create_user(username, '123456')
hashed_password = Users.get_user_by_username(username).password
errors = Users.reset_user_password(username, '234567')
assert errors == []
new_hashed_password = Users.get_user_by_username(username).password
assert hashed_password != new_hashed_password
def test_edit_user_email(self, testdir_class, test_utils):
testdir_class.activate()
username = test_utils.random_string(5)
email = test_utils.random_email()
Users.create_user(username, '123456', email)
# Do not edit user email
Users.edit_user(username, new_email=False)
assert Users.get_user_by_username(username).email == email
# '' is converted to None
Users.edit_user(username, new_email='')
assert Users.get_user_by_username(username).email is None
Users.edit_user(username, new_email=email)
assert Users.get_user_by_username(username).email == email
# Email is saved as None
Users.edit_user(username, new_email=None)
assert Users.get_user_by_username(username).email is None
def login():
if current_user is not None and current_user.is_authenticated:
return redirect(url_for('webapp.index'))
if request.method == 'POST':
errors = []
username = request.form['username']
password = request.form['password']
next_url = request.form['next']
if not username:
errors.append('Username is required')
elif not password:
errors.append('Password is required')
elif not Users.user_exists(username):
errors.append('Username does not exists')
elif not Users.verify_password(username, password):
errors.append('Username and password do not match')
if errors:
return render_template('login.html',
next_url=next_url,
errors=errors)
else:
login_user(Users.get_user_by_username(username))
if not next_url or not is_safe_url(next_url):
next_url = '/'
return redirect(next_url)
else:
next_url = request.args.get('next')
if not next_url or not is_safe_url(next_url):
next_url = '/'
return render_template('login.html', next_url=next_url, errors=[])
def test_project_weight(self, project_class, test_utils):
testdir, project = project_class.activate()
username = test_utils.random_string(5)
Users.create_user(username, '123456')
Users.add_project_to_user(username, project, Permissions.ADMIN)
user = Users.get_user_by_username(username)
assert user.project_weight(project) == Permissions.weights[
Permissions.ADMIN]
def test_add_project_to_user(self, project_function_clean, test_utils):
testdir, project = project_function_clean.activate()
username = test_utils.random_string(5)
Users.create_user(username, '123456')
Users.add_project_to_user(username, project, Permissions.SUPER_USER)
user = Users.get_user_by_username(username)
assert project in user.projects
assert user.projects[project] == Permissions.SUPER_USER
def test_verify_password(self, testdir_class, test_utils):
testdir_class.activate()
username = test_utils.random_string(5)
password = '******'
Users.create_user(username, password)
user = Users.get_user_by_username(username)
assert user.password != password
assert user.verify_password(password)
assert not user.verify_password('invalid_password')
def test_verify_auth_token(self, testdir_class, test_utils):
testdir_class.activate()
username = test_utils.random_string(5)
password = '******'
Users.create_user(username, password)
app = create_app()
token = Users.get_user_by_username(username).generate_auth_token(
app.secret_key)
user = Users.verify_auth_token(app.secret_key, token)
assert user.username == username
def test_edit_user(self, testdir_class, test_utils):
testdir_class.activate()
username = test_utils.random_string(5)
email = test_utils.random_email()
Users.create_user(username, '123456', email)
new_username = test_utils.random_string(5)
new_email = test_utils.random_email()
errors = Users.edit_user(username, new_username, new_email)
assert errors == []
user = Users.get_user_by_username(new_username)
assert user.email == new_email
def test_verify_auth_token_expired_token(self, testdir_class, test_utils):
testdir_class.activate()
username = test_utils.random_string(5)
password = '******'
Users.create_user(username, password)
app = create_app()
user = Users.get_user_by_username(username)
token = user.generate_auth_token(app.secret_key, expiration=1)
time.sleep(2)
with pytest.raises(SignatureExpired):
Users.verify_auth_token(app.secret_key, token)
def test_create_superuser_command_no_email(self, testdir_class,
test_utils):
testdir_class.activate()
username = test_utils.random_string(5)
password = test_utils.random_string(5)
commands.createsuperuser_command(username,
None,
password,
no_input=True)
user = Users.get_user_by_username(username)
assert user.email is None
def auth_token():
username = request.json['username']
password = request.json['password']
user = Users.get_user_by_username(username=username)
if user is None:
abort(401, 'User does not exist')
elif not user.verify_password(password):
abort(401, 'Incorrect password')
else:
token = user.generate_auth_token(current_app.secret_key)
return jsonify(token.decode())
def test_create_superuser_command(self, testdir_class, test_utils, capsys):
testdir_class.activate()
username = test_utils.random_string(5)
email = test_utils.random_email()
password = test_utils.random_string(5)
commands.createsuperuser_command(username,
email,
password,
no_input=True)
out, err = capsys.readouterr()
assert f'Superuser {username} was created successfully.' in out
assert Users.user_exists(username)
user = Users.get_user_by_username(username)
assert user.email == email
def test_create_user_password_is_hashed(self, testdir_class, test_utils):
testdir_class.activate()
username = test_utils.random_string(5)
password = '******'
Users.create_user(username, password)
assert Users.get_user_by_username(username).password != password
def test_create_super_user(self, testdir_function, test_utils):
testdir_function.activate()
username = test_utils.random_string(10)
Users.create_super_user(username, '123456')
user = Users.get_user_by_username(username)
assert user.is_superuser
def edit_user_view(username):
user = Users.get_user_by_username(username)
return render_template('users/user_form.html',
edition_mode=True,
edit_user=user)
