def test_login_view(self):
self.create_users()
with self.flask_app.test_client() as c:
resp = c.get("/accounts/login/")
self.assertEqual(resp.status_code, 200)
# check that we have no logged-in user
self.assertContext("user", None)
frm = self.get_context("form")
self.assertTrue(isinstance(frm, LoginForm))
self.assertEqual(frm.data, {"username": None, "password": None})
# make a post missing the username
resp = c.post("/accounts/login/", data={"username": "", "password": "******"})
self.assertEqual(resp.status_code, 200)
# check form for errors
frm = self.get_context("form")
self.assertEqual(frm.errors, {"username": [u"This field is required."]})
# check that no messages were generated
self.assertFalse("_flashes" in session)
# check that the auth API does not indicate a logged-in user
self.assertEqual(auth.get_logged_in_user(), None)
# make a post with a bad username/password combo
resp = c.post("/accounts/login/", data={"username": "******", "password": "******"})
self.assertEqual(resp.status_code, 200)
# both fields were present so no form errors, but flash the user
# indicating bad username/password combo
self.assertTrue("_flashes" in session)
messages = get_flashed_messages()
self.assertEqual(messages, ["Incorrect username or password"])
# check that the auth API does not indicate a logged-in user
self.assertEqual(auth.get_logged_in_user(), None)
# make a post with an inactive user
resp = c.post("/accounts/login/", data={"username": "******", "password": "******"})
self.assertEqual(resp.status_code, 200)
# still no logged-in user
self.assertContext("user", None)
# check that the auth API does not indicate a logged-in user
self.assertEqual(auth.get_logged_in_user(), None)
# finally post as a known good user
resp = c.post("/accounts/login/", data={"username": "******", "password": "******"})
self.assertEqual(resp.status_code, 302)
# check that we now have a logged-in user
self.assertEqual(auth.get_logged_in_user(), self.normal)
def test_login_logout(self):
self.create_users()
with self.flask_app.test_client() as c:
resp = c.post("/accounts/login/", data={"username": "******", "password": "******"})
self.assertEqual(auth.get_logged_in_user(), self.normal)
resp = c.post("/accounts/logout/")
self.assertEqual(auth.get_logged_in_user(), None)
resp = c.post("/accounts/login/", data={"username": "******", "password": "******"})
self.assertEqual(auth.get_logged_in_user(), self.admin)
# log back in without logging out
resp = c.post("/accounts/login/", data={"username": "******", "password": "******"})
self.assertEqual(auth.get_logged_in_user(), self.normal)
def test_login_required(self):
self.create_users()
with self.flask_app.test_client() as c:
resp = c.get("/private/")
self.assertEqual(resp.status_code, 302)
self.assertTrue(resp.headers["location"].endswith("/accounts/login/?next=%2Fprivate%2F"))
self.login("normal", "normal", c)
resp = c.get("/private/")
self.assertEqual(resp.status_code, 200)
self.assertEqual(auth.get_logged_in_user(), self.normal)
self.login("admin", "admin", c)
resp = c.get("/private/")
self.assertEqual(resp.status_code, 200)
self.assertEqual(auth.get_logged_in_user(), self.admin)
