def test_passwords(self):
p = make_password('testing')
self.assertTrue(check_password('testing', p))
self.assertFalse(check_password('testing ', p))
self.assertFalse(check_password('Testing', p))
self.assertFalse(check_password('', p))
p2 = make_password('Testing')
self.assertFalse(p == p2)
def test_passwords(self):
p = make_password('testing')
self.assertTrue(check_password('testing', p))
self.assertFalse(check_password('testing ', p))
self.assertFalse(check_password('Testing', p))
self.assertFalse(check_password('', p))
p2 = make_password('Testing')
self.assertFalse(p == p2)
def edit_(self, obj, data):
if "password" in data:
current_password = data.pop("current_password", None)
new_password = make_password(data.pop("password"))
if check_password(current_password, obj.password):
data["password"] = new_password
return super(UserResource, self).edit_(obj, data)
def authenticate(self, username, password):
active = User.select().where(User.active == True)
try:
user = active.where(User.username == username).get()
except User.DoesNotExist:
return False
else:
if not check_password(password, user.password):
return False
return user
def user_login(n_clicks, username_or_email, password):
if n_clicks:
user_username = Users.get_or_none(Users.username == username_or_email)
user_email = Users.get_or_none(Users.email == username_or_email)
users = [user_username, user_email]
for user in users:
if user is not None:
flag_password = check_password(raw_password=password,
enc_password=user.password)
if flag_password:
login_user(user=user)
return '/home', ''
return no_update, failure_alert
def test_create(self):
self.create_users()
new_pass = make_password('test')
user_data = {'username': '******', 'password': new_pass, 'email': ''}
serialized = json.dumps(user_data)
# authorized as an admin
resp = self.app.post('/api/user/', data=serialized, headers=self.auth_headers('admin', 'admin'))
self.assertEqual(resp.status_code, 200)
new_user = User.get(username='******')
self.assertTrue(check_password('test', new_user.password))
resp_json = self.response_json(resp)
self.assertAPIUser(resp_json, new_user)
def test_create(self):
self.create_users()
new_pass = make_password('test')
user_data = {'username': '******', 'password': new_pass, 'email': ''}
serialized = json.dumps(user_data)
# authorized as an admin
resp = self.app.post('/api/user/', data=serialized, headers=self.auth_headers('admin', 'admin'))
self.assertEqual(resp.status_code, 200)
new_user = User.get(username='******')
self.assertTrue(check_password('test', new_user.password))
resp_json = self.response_json(resp)
self.assertAPIUser(resp_json, new_user)
def homepage():
login_form = LoginForm(request.form)
register_form = RegisterForm(request.form)
login_errors = ""
register_errors = ""
if request.method == "POST":
if login_form.username.name in request.form and login_form.validate():
try:
#makes a select query here to see if username post data is in database
user = User.select().where(User.username==request.form['username']).get()
if check_password(request.form["username"],
make_password(request.form["username"])):
auth.login_user(user)
return redirect(url_for("dashboard"))
except User.DoesNotExist:
login_errors = "This User does not exist"
return render_template("home.html", login_form=login_form, login_errors=login_errors, register_form=register_form, register_errors=register_errors)
elif register_form.register_username.name in request.form and register_form.validate():
try:
exists = User.select().where(User.username==request.form["register_username"]).get()
register_errors= "Sorry, %s has been taken." % (request.form["register_username"])
return render_template("home.html", login_form=login_form, login_errors=login_errors, register_form=register_form, register_errors=register_errors)
except User.DoesNotExist:
if register_form.register_password.data != register_form.confirm.data:
register_errors= "Passwords do not match"
return render_template("home.html", login_form=login_form, login_errors=login_errors, register_form=register_form, register_errors=register_errors)
else:
u = User(
username=register_form.register_username.data,
email=register_form.email.data,
creation_date=datetime.datetime.now(),
active=True
)
u.set_password(register_form.register_password.data)
u.save()
auth.login_user(u)
return redirect(url_for("dashboard"))
else:
return render_template("home.html", login_form=login_form, login_errors=login_errors, register_form=register_form, register_errors=register_errors)
def test_model_admin_edit(self):
users = self.create_users()
self.assertEqual(User.select().count(), 3)
# grab an id so we can test a 404 on non-existent user
unused_id = [x for x in range(1, 5) if not User.filter(id=x).exists()][0]
with self.flask_app.test_client() as c:
self.login(c)
# nonexistant user 404s
resp = c.get('/admin/user/%d/' % unused_id)
self.assertEqual(resp.status_code, 404)
# edit page returns a 200
resp = c.get('/admin/user/%d/' % self.normal.id)
self.assertEqual(resp.status_code, 200)
# check the user, model_admin and form are correct in the context
self.assertContext('user', self.admin)
self.assertContext('model_admin', admin._registry[User])
self.assertTrue('form' in self.flask_app._template_context)
frm = self.flask_app._template_context['form']
self.assertEqual(sorted(frm._fields.keys()), [
'active',
'admin',
'email',
'join_date',
'password',
'username',
])
# check the form pulled the right data off the model
self.assertEqual(frm.data, {
'username': '******',
'password': frm.password.data, # skip this
'email': '',
'admin': False,
'active': True,
'join_date': frm.join_date.data, # microseconds...bleh
})
# make an incomplete post to update the user and get a 200 w/errors
resp = c.post('/admin/user/%d/' % self.normal.id, data={
'username': '',
'password': '',
'active': '1',
'email': '*****@*****.**',
'join_date': '2011-01-01 00:00:00',
})
self.assertEqual(resp.status_code, 200)
# no new user created
self.assertEqual(User.select().count(), 3)
# refresh database content
normal = User.get(id=self.normal.id)
self.assertEqual(normal.username, 'normal') # was not saved
# check the form for errors
frm = self.get_context('form')
self.assertEqual(frm.errors, {
'username': ['This field is required.'],
'password': ['This field is required.'],
})
# make a complete post
resp = c.post('/admin/user/%d/' % self.normal.id, data={
'username': '******',
'password': '******',
'active': '1',
'email': '[email protected]',
'join_date': '2011-01-01 00:00:00',
})
self.assertEqual(resp.status_code, 302)
# no new user was created
self.assertEqual(User.select().count(), 3)
# grab from the database
user = User.get(username='******')
self.assertEqual(user.id, self.normal.id) # it is the same user
self.assertTrue(check_password('edited', user.password))
self.assertEqual(user.active, True)
self.assertEqual(user.admin, False)
self.assertEqual(user.email, '[email protected]')
self.assertEqual(user.join_date, datetime.datetime(2011, 1, 1))
self.assertTrue(resp.headers['location'].endswith('/admin/user/%d/' % user.id))
# make another post without modifying the password, should stay same
resp = c.post('/admin/user/%d/' % user.id, data={
'username': '******',
'password': user.password,
'active': '1',
'email': '[email protected]',
'join_date': '2011-01-01 00:00:00',
})
self.assertEqual(resp.status_code, 302)
# no new user was created
self.assertEqual(User.select().count(), 3)
# grab from the database
user = User.get(username='******')
self.assertEqual(user.id, self.normal.id) # it is the same user
# the password has not changed
self.assertTrue(check_password('edited', user.password))
def test_model_admin_add(self):
self.create_users()
self.assertEqual(User.select().count(), 3)
with self.flask_app.test_client() as c:
self.login(c)
# the add url returns a 200
resp = c.get('/admin/user/add/')
self.assertEqual(resp.status_code, 200)
# ensure the user, model_admin and form are correct in the context
self.assertContext('user', self.admin)
self.assertContext('model_admin', admin._registry[User])
self.assertTrue('form' in self.flask_app._template_context)
frm = self.flask_app._template_context['form']
self.assertEqual(sorted(frm._fields.keys()), [
'active',
'admin',
'email',
'join_date',
'password',
'username',
])
# make an incomplete post and get a 200 with errors
resp = c.post('/admin/user/add/', data={
'username': '',
'password': '******',
'active': '1',
'email': '',
'join_date': '2011-01-01 00:00:00',
})
self.assertEqual(resp.status_code, 200)
# no new user created
self.assertEqual(User.select().count(), 3)
# check the form for errors
frm = self.get_context('form')
self.assertEqual(frm.errors, {
'username': ['This field is required.'],
'email': ['This field is required.'],
})
# make a complete post and get a 302 to the edit page
resp = c.post('/admin/user/add/', data={
'username': '******',
'password': '******',
'active': '1',
'email': '*****@*****.**',
'join_date': '2011-01-01 00:00:00',
})
self.assertEqual(resp.status_code, 302)
# new user was created
self.assertEqual(User.select().count(), 4)
# check they have the correct data on the new instance
user = User.get(username='******')
self.assertEqual(user.active, True)
self.assertEqual(user.admin, False)
self.assertEqual(user.email, '*****@*****.**')
self.assertEqual(user.join_date, datetime.datetime(2011, 1, 1))
self.assertTrue(check_password('new', user.password))
# check the redirect was correct
self.assertTrue(resp.headers['location'].endswith('/admin/user/%d/' % user.id))
def check_password(self, password):
return check_password(password, self.password)
def check_password(self, password):
return check_password(password, self.password)
def check_token(self, exam, token):
return check_password(str(exam.id) + str(exam.token), token)
