def setUp(self):
self.app = create_app('test')
self.app_context = self.app.app_context()
self.app_context.push()
self.client = self.app.test_client()
from main.orm.db import engine
self.engine = engine
Base.metadata.create_all(engine)
u = DBUser(username='******', email='*****@*****.**', password='******')
u.save()
def test_password_setter(self):
u = User(username='******',
email='*****@*****.**',
password='******')
u.save()
user = User.query().filter_by(username='******').first()
with self.assertRaises(AttributeError):
user.password
self.assertTrue(user.verify_password('pwd'))
user.password = '******'
self.assertTrue(user.verify_password('new_pwd'))
def setUp(self):
app = create_app('test')
self.app_context = app.app_context()
self.app_context.push()
self.client = app.test_client()
from main.orm.db import engine
self.engine = engine
Base.metadata.create_all(self.engine)
# set up user for authentication without admin
user = User(username=admin['username'],
email=admin['email'],
password=admin['password'])
user.save()
def load_logged_in_user():
user_id = session.get('user_id')
if user_id is None:
g.user = None
else:
g.user = User.query().filter_by(id=user_id).first()
def get_user_by_token(token) -> bool:
"""Validate token for each visit."""
nonlocal s
try:
data = s.loads(token)
except SignatureExpired:
return None
except BadSignature:
return None
user = User.get(data['id'])
return user
def verify_user(username, password, email=None):
"""Check if verify password is correct by username and password."""
user = User.query() \
.filter_by(username=username)
if email is not None:
user = user.filter_by(email=email)
user = user.first()
if user is None or not user.verify_password(password):
return False
g.user = user
return True
def check_status_code_with_admin(self, path, method='GET', **kwargs):
user = User.query() \
.filter_by(username=admin['username']) \
.first()
if method == 'GET':
req = self.client.get
target_code = 200
elif method == 'POST':
req = partial(self.client.post, data=kwargs)
target_code = 302
elif method == 'PUT':
req = partial(self.client.put, data=kwargs)
target_code = 302
# redirect without login
response = req(path)
self.assertEqual(response.status_code, 302)
# permission denied if not admin
self.login()
response = req(path)
self.assertEqual(response.status_code, 403)
self.logout()
# can access with admin
user.is_admin = True
user.save()
self.login()
response = req(path)
self.assertEqual(response.status_code, target_code)
self.logout()
user.is_admin = False
user.save()
return response
def logout(self):
user = User.query().filter_by(username=admin['username']).first()
if user.is_admin:
user.is_admin = False
user.save()
self.client.get('/logout')
def auth_login(self):
user = User.query().filter_by(username=admin['username']).first()
user.is_admin = True
user.save()
self.login()
def __call__(self):
return User(username=fake.user_name(),
email=fake.email(),
password=fake.password(),
is_admin=True)
def __call__(self):
return User(username=fake.user_name,
email=fake.email(),
password=fake.password())