def setUpFactories(self):
"""This runs when the test class first starts up.
This does not run before every test case. Use this method to
set your database up.
"""
User.create({
'username': '******',
'email': '*****@*****.**',
'password': password('secret'),
'bio': 'This is a bio',
'image': '',
'token': None
})
User.create({
'username': '******',
'email': '*****@*****.**',
'password': password('secret')
})
Follow.first_or_create(user_id=1, follower_id=2)
Article.create({
'title': 'this is a title',
'slug': 'this-is-a-title',
'description': 'This is a description',
'body': 'this is a body',
'author_id': 1
})
Tag.create({'name': 'Python'})
def setUpFactories(self):
"""This runs when the test class first starts up.
This does not run before every test case. Use this method to
set your database up.
"""
User.create({
'username': '******',
'email': '*****@*****.**',
'password': password('secret')
})
User.create({
'username': '******',
'email': '*****@*****.**',
'password': password('secret')
})
def reregister(self, request: Request, validate: Validator, auth: Auth):
today_date = date.today()
errors = request.validate(
validate.required([
'firstname', 'lastname', 'address', 'email', 'username',
'password', 'cell_phone'
]),
validate.email('email'),
validate.strong(
'password',
length=8,
special=1,
uppercase=1,
# breach=True checks if the password has been breached before.
# Requires 'pip install pwnedapi'
breach=False))
if errors:
return request.back().with_errors(errors).with_input()
if request.input('password') != request.input('password_confirm'):
return request.back().with_errors({
'error':
['Passwords do not match. Please make sure passwords match']
})
User.where(
'id',
request.param('id')).update(firstname=request.input('firstname'))
User.where(
'id',
request.param('id')).update(lastname=request.input('lastname'))
User.where(
'id', request.param('id')).update(address=request.input('address'))
User.where(
'id',
request.param('id')).update(cell_phone=request.input('cell_phone'))
User.where('id',
request.param('id')).update(email=request.input('email'))
User.where(
'id',
request.param('id')).update(username=request.input('username'))
User.where('id', request.param('id')).update(
password=password(request.input('password')))
User.where('id', request.param('id')).update(cancelled='No')
User.where('id', request.param('id')).update(re_activated='Yes')
User.where('id', request.param('id')).update(reactivated_on=today_date)
auth.login(request.input('email'), request.input('password'))
request.session.flash(
'success',
'Your account has been reactivated. Thank you for trusing us again.'
)
return request.redirect('/')
def test_user_can_be_updated(self):
self.assertTrue(
self.actingAs(User.find(1)).json(
'PUT', '/api/user', {
'user': {
'email': '*****@*****.**',
'password': password('secret'),
'username': '******'
}
}).hasJson('user.email', '*****@*****.**'))
def test_user_can_be_created(self):
self.assertTrue(
self.json(
'POST', '/api/users', {
'user': {
'email': '*****@*****.**',
'password': password('secret'),
'username': '******'
}
}).hasJson('user.email', '*****@*****.**'))
def user_factory(faker):
return {
'first_name': faker.first_name(),
'last_name': faker.last_name(),
'email': faker.email(),
'password': password('secret'),
'remember_token': get_random_string(10),
'owner': False,
'photo_path': ''
}
def update(self, view: View, request: Request, auth: Auth,
validate: Validator):
user = User.all()
pws = User.lists('password')
customer = request.user()
pw = customer.password
if bcrypt.checkpw(bytes(request.input('password'), 'utf-8'),
bytes(pw, 'utf-8')) == False:
return request.back().with_errors(
{'error': ['Please enter correct old password']})
new_password = request.input('new_password')
confirm_password = request.input('confirm_password')
for pws in pws:
if bcrypt.checkpw(bytes(request.input('new_password'), 'utf-8'),
bytes(pws, 'utf-8')):
return request.back().with_errors({
'error': [
'Password already exists. Please create a new password.'
]
})
errors = request.validate(
validate.required(['password', 'new_password',
'confirm_password']),
validate.strong('new_password',
length=8,
special=1,
uppercase=1,
breach=False)
# breach=True checks if the password has been breached before.
# Requires 'pip install pwnedapi'
)
if errors:
return request.back().with_errors(errors).with_input()
elif new_password != confirm_password:
return request.back().with_errors({
'error':
['New password and confirm new password do not match!']
})
else:
user.where(
'id',
customer.id).first().update(password=password(new_password))
request.session.flash(
'success', 'Your password has been successfully updated.')
return request.redirect('account')
def register(self, request: Request, auth: Auth, validate: Validator):
""" register a new administrator and also checks that form is filled out properly without errors and checks to see if email, passwords, and
usernames alread exits"""
email = Administrator.lists('admin_email')
user_name = Administrator.lists('admin_username')
pw = Administrator.lists('password')
#check to see if emails or usernames already exist
accounts = [email, user_name]
inputs = [request.input('admin_email'), request.input('admin_username')]
for input in inputs:
for account in accounts:
if inputs[0] in accounts[0] and inputs[1] in accounts[1]:
return request.back().with_errors({'error': ['{} and {} already exists'.format(inputs[0], inputs[1])]})
elif input in account:
return request.back().with_errors({'error': ['{} already exists'.format(input)]})
#checking to see if password already exists
for pw in pw:
if bcrypt.checkpw(bytes(request.input('admin_password'), 'utf-8'), bytes(pw, 'utf-8')):
return request.back().with_errors({'error': ['Password already exists. Please create a new password.']})
#checking for user entry errors when registering as an Administrator
errors = request.validate(
validate.required(['admin_name', 'admin_cell_phone', 'admin_address', 'admin_email', 'admin_username', 'admin_password']),
validate.email('admin_email'),
validate.strong('admin_password', length=8, special=1, uppercase=1)
)
if errors:
return request.back().with_errors(errors).with_input()
#when everything above checks out ok, then go ahead and insert data in Administrator table
else:
encoded_jwt = jwt.encode({'email': request.input('admin_email')},os.getenv('KEY') ,algorithm='HS256')
encrypted_password = password(request.input('admin_password'))
Administrator.insert(admin_name=request.input('admin_name'),
admin_cell_phone=request.input('admin_cell_phone'),
admin_address=request.input('admin_address'),
admin_email=request.input('admin_email'),
admin_username=request.input('admin_username'),
password=encrypted_password,
remember_token=encoded_jwt)
return request.redirect('/admin')
def run(self):
"""Run the database seeds."""
# self.call(UserTableSeeder)
account = Account.create(name="Acme Corporation")
user = User.create(account_id=account.id,
first_name="John",
last_name="Doe",
password=password('secret'),
email="*****@*****.**",
owner=True,
photo_path="")
Factory(User, 5).create({"account_id": account.id})
Factory(Organization, 10).create({"account_id": account.id})
def create(self, request: Request):
del request.request_variables['csrf_token']
# if POST /api/users
proxy = self.__auth__()
for field, value in request.all().items():
if value:
print(field)
if field == 'password':
setattr(proxy, field, password(request.input('password')))
else:
setattr(proxy, field, value)
proxy.save()
return request.redirect('/dashboard/management')
def reset(
self,
view: View,
request: Request,
validate: Validator,
):
new_password = request.input('new_password')
pws = User.lists('password')
decoded_token = jwt.decode(request.param('id'),
'secret',
algorithm='HS256')
user_email = decoded_token['email']
for pw in pws:
if bcrypt.checkpw(bytes(request.input('new_password'), 'utf-8'),
bytes(pw, 'utf-8')):
return request.back().with_errors({
'error': [
'Password already exists. Please create a new password.'
]
})
errors = request.validate(
validate.required('new_password'),
validate.strong('new_password',
length=8,
special=1,
uppercase=1,
breach=False)
) # breach=True checks if the password has been breached before.
# Requires 'pip install pwnedapi'
if errors:
return request.back().with_errors(errors).with_input()
else:
AUTH['guards']['web']['model'].where(
'email',
user_email).first().update(password=password(new_password))
request.session.flash(
'success', 'Your password has been successfully updated.')
return request.redirect('login')
def setUpFactories(self):
User.create({
'email': '*****@*****.**',
'password': password('secret'),
'username': '******'
})
def test_password_returns_bcrypted_password(self):
assert password('secret') != 'secret'
assert isinstance(password('secret'), str)
