def test_get_close_db(app):
with app.app_context():
db = get_db()
assert db is get_db()
with pytest.raises(sqlite3.ProgrammingError) as e:
db.execute('SELECT 1')
assert 'closed' in str(e)
def test_register(client, app, username, existing_dir):
base = app.config['USER_FOLDER']
path = os.path.join(base, str(3))
shutil.rmtree(path, ignore_errors=True)
if existing_dir:
try:
os.makedirs(path)
except OSError:
pass
assert os.path.isdir(path) == existing_dir
assert client.get('/auth/register').status_code == 200
response = client.post(
'/auth/register', data={'username': username, 'password': '******', 'authorization': 'c'}
)
assert 'http://localhost/auth/login' == response.headers['Location']
assert response.status_code == 303
assert os.path.isdir(path)
with app.app_context():
row = get_db().execute(
"select * from user where username = ?", (username)
).fetchone()
assert response is not None
assert row['id'] == 3
def app():
db_fd, db_path = tempfile.mkstemp()
app = create_app({
'TESTING': True,
'DATABASE': db_path,
'AUTHORIZATION_KEY_RAW': 'c',
})
with app.app_context():
init_db()
get_db().executescript(_data_sql)
yield app
os.close(db_fd)
os.unlink(db_path)
def load_logged_in_user():
user_id = session.get('user_id')
if user_id is None:
g.user = None
else:
g.user = get_db().execute('SELECT * FROM user WHERE id = ?',
(user_id, )).fetchone()
def register():
code = 200
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
authorization = request.form['authorization']
db = get_db()
error = None
if not username:
error = 'Username is required.'
elif not password:
error = 'Password is required.'
elif not authorization:
error = 'Authorization key is required.'
elif not check_password_hash(current_app.config['AUTHORIZATION_KEY'],
authorization):
error = 'Incorrect authorization key.'
elif db.execute('SELECT id FROM user WHERE username = ?',
(username, )).fetchone() is not None:
error = 'User {} is already registered.'.format(escape(username))
if error is None:
cur = db.cursor()
cur.execute('INSERT INTO user (username, password) VALUES (?, ?)',
(username, generate_password_hash(password)))
db.commit()
userid = cur.lastrowid
cur.close()
base = current_app.config['USER_FOLDER']
path = os.path.join(base, str(userid))
try:
os.makedirs(path)
except OSError:
pass
flash('Registration completed. Please sign in.')
return redirect(url_for('auth.login'), 303)
flash(error)
code = 400
return render_template('auth/register.html'), code
def login():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
db = get_db()
error = None
user = db.execute('SELECT * FROM user WHERE username = ?',
(username, )).fetchone()
if user is None:
error = 'Incorrect username.'
elif not check_password_hash(user['password'], password):
error = 'Incorrect password.'
if error is None:
session.clear()
session['user_id'] = user['id']
return redirect(url_for('index'))
flash(error)
return render_template('auth/login.html'), \
401, \
{'WWW-Authenticate': 'Fancy login FAIL!'}