def test_user_account_delete_without_content(app, client, test_user,
testdata_posts):
posts_json, comments_json = testdata_posts
# payload
data = {'password': test_user.password, 'remove_content': False}
with mail.record_messages() as outbox:
# hit the api
rv = client.post('/users/remove',
json=data,
headers=test_user.auth_headers)
assert rv.status_code == 200
# email should have been sent
assert len(outbox) == 1
with app.app_context():
# confirm user account deleted
assert not User.query.get(test_user.id)
# confirm that posts and comments remain with different author
for post in posts_json:
found = Post.query.get(post['id'])
assert found.content == post['content']
assert found.author.id != test_user.id
for comment in comments_json:
found = Post.query.get(post['id'])
assert found.content == post['content']
assert found.author.id != test_user.id
def test_user_account_delete_with_content(app, client, test_user,
testdata_posts):
posts_json, comments_json = testdata_posts
# payload
data = {
'password': test_user.password,
'remove_content': True # changed from previous test
}
with mail.record_messages() as outbox:
# hit the api
rv = client.post('/users/remove',
json=data,
headers=test_user.auth_headers)
assert rv.status_code == 200
# email should have been sent
assert len(outbox) == 1
with app.app_context():
# confirm user account deleted
assert not User.query.get(test_user.id)
# confirm that post and comment content is updated
for post in posts_json:
found = Post.query.get(post['id'])
assert '[deleted]' in found.content
for comment in comments_json:
found = Post.query.get(post['id'])
assert '[deleted]' in found.content
def test_forgot_password(app, client, test_user):
with app.app_context():
with mail.record_messages() as outbox:
data = {'email': test_user.email}
# hit the api
rv = client.post('/users/password/forgot', json=data)
assert rv.status_code == 200
assert len(outbox) == 1
# grab the jwt from the email
result = re.search(
r'\/forgot\/([a-zA-Z0-9\-_]+?\.[a-zA-Z0-9\-_]+?\.[a-zA-Z0-9\-_]+)',
outbox[-1].body)
assert result
token = result.group(1)
# token is used as "magic" login
data = {'jwt': token}
# hit magic login api
rv = client.post('/users/login/magic', json=data)
assert rv.status_code == 200
json_data = rv.get_json()
assert 'jwt' in json_data
assert test_user.email == json_data['email']
def test_register(app, client):
# register payload
data = {'email': '*****@*****.**', 'password': '******'}
# record outbound messages
with app.app_context():
with mail.record_messages() as outbox:
# hit the api
rv = client.post('/users/register', json=data)
assert rv.status_code == 201
# confirm user is created in database _without_ verification flag set
user = User.query.filter_by(email=data['email']).first()
assert not user.is_verified
# confirm cannot login yet
rv = client.post('/users/login', json=data)
assert rv.status_code == 400
assert 'verify their email address' in rv.get_json()['message']
assert len(outbox) == 1
# resend verification email
rv = client.post('/users/register/resend', json=data)
assert rv.status_code == 200
assert len(outbox) == 2
# grab the verification code from the email and verify
result = re.search(
r'\/verify\/([a-zA-Z0-9\-_]+?\.[a-zA-Z0-9\-_]+?\.[a-zA-Z0-9\-_]+)',
outbox[-1].body)
assert result
code = result.group(1)
jwt_data = {'jwt': code}
# hit the api
rv = client.post('/users/register/verify', json=jwt_data)
assert rv.status_code == 200
# should return jwt
assert rv.get_json()['jwt'] is not None
# should be able to log in now
rv = client.post('/users/login', json=data)
assert rv.status_code == 200
def test_user_account_bad_password(app, client, test_user):
# payload
data = {'password': test_user.password + 'oops', 'delete_content': False}
with mail.record_messages() as outbox:
# hit the api
rv = client.post('/users/remove',
json=data,
headers=test_user.auth_headers)
assert rv.status_code == 401
# assert no email sent
assert len(outbox) == 0
def test_register_existing_user(app, client, test_user):
# register payload
data = {
'email': test_user.email,
'password': '******' # note: different password
}
with app.app_context():
with mail.record_messages() as outbox:
# hit the api
rv = client.post('/users/register', json=data)
assert rv.status_code == 400
assert 'already exists' in rv.get_json()['message']
# resend verification email
rv = client.post('/users/register/resend', json=data)
assert rv.status_code == 400
assert 'already verified' in rv.get_json()['message']
assert len(outbox) == 0