def test_reset_password_multiple_user():
"""
Testing that password is actually updated
"""
clear()
email = '*****@*****.**'
auth.auth_register('*****@*****.**', 'abcdefg', 'Jane', 'Smith')
result = auth.auth_register(email, 'abcdefg', 'John', 'Smith')
auth.auth_passwordreset_request(email)
reset_code = ''
data = pickle.load(open("data.p", "rb"))
for user in data.get_reset_users():
if user['u_id'] == result['u_id']:
reset_code = user['secret']
password = '******'
auth.auth_passwordreset_reset(reset_code, password)
# comparing hashed password
hashed = hashlib.sha256(password.encode()).hexdigest()
data = pickle.load(open("data.p", "rb"))
for user in data.get_reset_users():
assert user['u_id'] != result['u_id']
# making sure new hashed password is stored
data = pickle.load(open("data.p", "rb"))
for user in data.get_users():
if user['u_id'] == result['u_id']:
assert user['password'] == hashed
clear()
def test_request_multiple_users():
"""
Testing multiple users who have requested to reset password
"""
clear()
email_1 = '*****@*****.**'
email_2 = '*****@*****.**'
email_3 = '*****@*****.**'
email_4 = '*****@*****.**'
result_1 = auth.auth_register(email_1, 'abcdefg', 'John', 'Smith')
result_2 = auth.auth_register(email_2, 'abcdefg', 'John', 'Smith')
result_3 = auth.auth_register(email_3, 'abcdefg', 'John', 'Smith')
result_4 = auth.auth_register(email_4, 'abcdefg', 'John', 'Smith')
auth.auth_passwordreset_request(email_1)
auth.auth_passwordreset_request(email_2)
auth.auth_passwordreset_request(email_3)
auth.auth_passwordreset_request(email_4)
data = pickle.load(open("data.p", "rb"))
for user in data.get_reset_users():
if user['u_id'] == result_1['u_id']:
assert user['email'] == email_1
if user['u_id'] == result_2['u_id']:
assert user['email'] == email_2
if user['u_id'] == result_3['u_id']:
assert user['email'] == email_3
if user['u_id'] == result_4['u_id']:
assert user['email'] == email_4
clear()
def test_register_invalid_email():
"""
should not be able to register with an invalid email, or an already existing email
"""
clear()
with pytest.raises(InputError):
auth.auth_register('testEmail.com', 'abcdefg', 'Christian', 'Ilagan')
clear()
def test_register_greaterthanmax_password():
"""
limitations on password
"""
clear()
with pytest.raises(InputError):
auth.auth_register('*****@*****.**', 'long' * 200, 'Christian',
'Ilagan')
clear()
def test_register_email_max():
"""
limitations on email length
"""
clear()
with pytest.raises(InputError):
auth.auth_register('c' * 321 + '@gmail.com', 'abcdef', 'Christian',
'Ilagan')
clear()
def test_login_invalid_user():
"""
should not be able to login because email does not belong to a user
"""
clear()
auth.auth_register('*****@*****.**', 'abcdefg', 'Christian', 'Ilagan')
with pytest.raises(InputError):
auth.auth_login('*****@*****.**', 'abcdefg')
clear()
def test_register_password_length():
"""
checks invalid passwords
"""
clear()
with pytest.raises(InputError):
auth.auth_register('*****@*****.**', 'abcde', 'Christian',
'Ilagan')
clear()
def test_register_user_exists():
"""
checks if the user is already registered
"""
clear()
auth.auth_register('*****@*****.**', 'abcdefg', 'Christian', 'Ilagan')
with pytest.raises(InputError):
auth.auth_register('*****@*****.**', 'abcdefg', 'Christian',
'Ilagan')
clear()
def test_case_sensitive_email():
"""
emails are not case sensitive, so capitalisation in inputs should not matter
"""
clear()
auth.auth_register('*****@*****.**', 'abcdef', 'Christian', 'Ilagan')
with pytest.raises(InputError):
auth.auth_register('*****@*****.**', 'abcdef', 'Christian',
'Ilagan')
clear()
def test_minimum_email():
"""
the email should contain a domain (.com) and a local part
"""
clear()
with pytest.raises(InputError):
auth.auth_register('@b', 'abcdef', 'Christian', 'Ilagan')
with pytest.raises(InputError):
auth.auth_register('a@b', 'abcdef', 'Christian', 'Ilagan')
clear()
def test_token():
"""
makes sure that all tokens are unique
"""
clear()
user1 = auth.auth_register('*****@*****.**', 'abcdefg', 'Rich', 'Do')
user2 = auth.auth_register('*****@*****.**', 'abcdefg', 'Gab', 'Prath')
user3 = auth.auth_register('*****@*****.**', 'abcdefg', 'Chris', 'Rich')
assert user1['token'] != user2['token']
assert user3['token'] != user2['token']
assert user3['token'] != user1['token']
clear()
def test_reset_invalid_secret():
"""
Testing that invalid passwords cannot be used to reset
"""
clear()
email = '*****@*****.**'
auth.auth_register(email, 'abcdefg', 'John', 'Smith')
auth.auth_passwordreset_request(email)
reset_code = 'invalid'
with pytest.raises(InputError):
auth.auth_passwordreset_reset(reset_code, 'new_password')
clear()
def test_handle():
"""
Testing the method of generating handles
"""
user1 = auth.auth_register('*****@*****.**', 'abcdefg', 'Christian',
'Ilagan')
user2 = auth.auth_register('*****@*****.**', 'abcdefg', 'Christian',
'Ilagan' * 3)
details_1 = user.user_profile(user1['token'], user1['u_id'])
details_2 = user.user_profile(user2['token'], user2['u_id'])
assert details_1['user']['handle_str'] == 'cilagan0'
assert details_2['user']['handle_str'] == 'cilaganilaganilaga' + '0'
def test_valid_passwords():
"""
passwords can contain all visible characters on the keyboard, except space
"""
clear()
result = auth.auth_register('*****@*****.**',
'!@#$%^&*()_+-=][<>w;:"', 'who', 'where')
auth.auth_logout(result['token'])
auth.auth_login('*****@*****.**', '!@#$%^&*()_+-=][<>w;:"')
with pytest.raises(InputError):
auth.auth_register('*****@*****.**', 'h el$l o', 'who',
'where')
clear()
def test_login_reset_password():
"""
Testing that a user should not be able to login when they have requested a
password reset.
"""
clear()
auth.auth_register('*****@*****.**', 'abcdefg', 'Christian', 'Ilagan')
user = auth.auth_register('*****@*****.**', 'abcdefg', 'Christian',
'Ilagan')
auth.auth_logout(user['token'])
auth.auth_passwordreset_request('*****@*****.**')
with pytest.raises(AccessError):
auth.auth_login('*****@*****.**', 'abcdefg')
clear()
def test_logout_without_valid_token():
"""
make sure token is required to log out.
"""
clear()
result = auth.auth_register('*****@*****.**', 'abcdefg', 'Christian',
'Ilagan')
auth.auth_logout(result['token'])
auth.auth_register('*****@*****.**', 'abcdefg', 'Bob',
'Build')
logout = auth.auth_logout(result['token'])
assert not logout['is_success']
with pytest.raises(AccessError):
channels.channels_create(result['token'], 'name', True)
clear()
def test_logout_basic():
"""
testing the basics of loging out and logging back in.
"""
clear()
result = auth.auth_register('*****@*****.**', 'abcdefg', 'Christian',
'Ilagan')
auth.auth_logout(result['token'])
result2 = auth.auth_login('*****@*****.**', 'abcdefg')
auth.auth_logout(result2['token'])
clear()
result3 = auth.auth_register('*****@*****.**', 'abcdefg', 'Christian',
'Ilagan')
auth.auth_logout(result3['token'])
clear()
def test_reset_logout():
"""
Testing that once password is successfully reset, the user is logged out.
"""
clear()
email = '*****@*****.**'
result = auth.auth_register(email, 'abcdefg', 'John', 'Smith')
auth.auth_passwordreset_request(email)
reset_code = ''
data = pickle.load(open("data.p", "rb"))
for user in data.get_reset_users():
if user['u_id'] == result['u_id']:
reset_code = user['secret']
password = '******'
auth.auth_passwordreset_reset(reset_code, password)
# comparing hashed password
hashed = hashlib.sha256(password.encode()).hexdigest()
data = pickle.load(open("data.p", "rb"))
for user in data.get_reset_users():
assert user['u_id'] != result['u_id']
# making sure new hashed password is stored
data = pickle.load(open("data.p", "rb"))
for user in data.get_users():
if user['u_id'] == result['u_id']:
assert user['password'] == hashed
clear()
def test_secret_unique_user():
"""
Testing that the secret generated is unique each time requested
"""
clear()
email_1 = '*****@*****.**'
result_1 = auth.auth_register(email_1, 'abcdefg', 'John', 'Smith')
auth.auth_passwordreset_request(email_1)
secret_1 = ''
data = pickle.load(open("data.p", "rb"))
for user in data.get_reset_users():
if user['u_id'] == result_1['u_id']:
secret_1 = user['secret']
auth.auth_passwordreset_request(email_1)
secret_2 = ''
data = pickle.load(open("data.p", "rb"))
for user in data.get_reset_users():
if user['u_id'] == result_1['u_id']:
secret_2 = user['secret']
auth.auth_passwordreset_request(email_1)
secret_3 = ''
data = pickle.load(open("data.p", "rb"))
for user in data.get_reset_users():
if user['u_id'] == result_1['u_id']:
secret_3 = user['secret']
assert secret_1 != secret_2
assert secret_1 != secret_3
assert secret_2 != secret_3
clear()
def route_auth_register():
"""Given a user's first and last name, email address, and password, create
a new account for them and return a new token for authentication in their
session. A handle is generated that is the concatentation of a lowercase-only
first name and last name. If the concatenation is longer than 20 characters,
it is cutoff at 20 characters. If the handle is already taken, you may modify
the handle in any way you see fit to make it unique.
Args:
email (string)
password (string)
name_first (string)
name_last (string)
Returns:
(dict): { u_id, token }
"""
payload = request.get_json()
email = payload['email']
password = payload['password']
name_first = payload['name_first']
name_last = payload['name_last']
try:
return dumps(auth.auth_register(email, password, name_first,
name_last))
except (InputError, AccessError) as e:
return e
def test_flock_owner():
"""
making sure the first user registered is a flockr owner
"""
clear()
result1 = auth.auth_register('*****@*****.**', 'abcdef', 'Chris',
'Ilag')
result2 = auth.auth_register('*****@*****.**', 'abcdef', 'Bob',
'Smith')
channel_data = channels.channels_create(result2['token'], 'blah', False)
# Testing if flockr owner can join private channel
channel.channel_join(result1['token'], channel_data['channel_id'])
channel2_data = channels.channels_create(result1['token'], 'blah2', False)
# user 2 should not have flockr ownership
with pytest.raises(AccessError):
channel.channel_join(result2['token'], channel2_data['channel_id'])
clear()
def test_register_logout():
"""
user should be able to logout when registered
"""
clear()
result = auth.auth_register('*****@*****.**', 'abcdefg', 'Christian',
'Ilagan')
logout = auth.auth_logout(result['token'])
assert logout['is_success']
clear()
def test_login_incorrect_password():
"""
testing using the incorrect password
"""
clear()
result = auth.auth_register('*****@*****.**', 'abcdefg', 'Christian',
'Ilagan')
auth.auth_logout(result['token'])
with pytest.raises(InputError):
auth.auth_login('*****@*****.**', 'abcdef')
clear()
def test_login_invalid_password():
"""
checks if the password inputted is correct, and that the user exists in the active users data
"""
clear()
result = auth.auth_register('*****@*****.**', 'abcdefg', 'Christian',
'Ilagan')
auth.auth_logout(result['token'])
with pytest.raises(InputError):
auth.auth_login('*****@*****.**', 'abcde')
clear()
def test_login_invalid_password_chars():
"""
Checks if the password inputted contains valid characters
"""
clear()
result = auth.auth_register('*****@*****.**', 'abcdefg', 'Christian',
'Ilagan')
auth.auth_logout(result['token'])
with pytest.raises(InputError):
auth.auth_login('*****@*****.**', 'h $ e L ( 0')
clear()
def test_logout_failure():
"""
Testing failures when logging out
"""
clear()
result = auth.auth_register('*****@*****.**', 'abcdefg', 'Chris', 'Hie')
logout = auth.auth_logout(result['token'])
logout2 = auth.auth_logout(result['token'])
assert logout['is_success']
assert not logout2['is_success']
clear()
def test_logout_not_registered():
"""
make sure the token is required to log out.
"""
clear()
result = auth.auth_register('*****@*****.**', 'abcdefg', 'Christian',
'Ilagan')
false_token = 'invalid_tok'
assert false_token != result['token']
logout = auth.auth_logout(false_token)
assert not logout['is_success']
clear()
def test_reset_consecutive():
"""
Testing that a user can consecutively request and reset their password.
"""
clear()
email = '*****@*****.**'
result = auth.auth_register(email, 'abcdefg', 'John', 'Smith')
auth.auth_passwordreset_request(email)
reset_code = ''
data = pickle.load(open("data.p", "rb"))
for user in data.get_reset_users():
if user['u_id'] == result['u_id']:
reset_code = user['secret']
password = '******'
auth.auth_passwordreset_reset(reset_code, password)
# comparing hashed password
hashed = hashlib.sha256(password.encode()).hexdigest()
# making sure new hashed password is stored
data = pickle.load(open("data.p", "rb"))
for user in data.get_users():
if user['u_id'] == result['u_id']:
assert user['password'] == hashed
auth.auth_passwordreset_request(email)
reset_code = ''
data = pickle.load(open("data.p", "rb"))
for user in data.get_reset_users():
if user['u_id'] == result['u_id']:
reset_code = user['secret']
password = '******'
auth.auth_passwordreset_reset(reset_code, password)
# comparing hashed password
hashed = hashlib.sha256(password.encode()).hexdigest()
# making sure new hashed password is stored
data = pickle.load(open("data.p", "rb"))
for user in data.get_users():
if user['u_id'] == result['u_id']:
assert user['password'] == hashed
auth.auth_passwordreset_request(email)
reset_code = ''
data = pickle.load(open("data.p", "rb"))
for user in data.get_reset_users():
if user['u_id'] == result['u_id']:
reset_code = user['secret']
password = '******'
auth.auth_passwordreset_reset(reset_code, password)
# comparing hashed password
hashed = hashlib.sha256(password.encode()).hexdigest()
# making sure new hashed password is stored
data = pickle.load(open("data.p", "rb"))
for user in data.get_users():
if user['u_id'] == result['u_id']:
assert user['password'] == hashed
clear()
def test_register_invalid_chars_email():
"""
test on non alpha-numeric email should only accept special chars (-.!#$%&'*+-/=?^_`{|}~)
but should not be consecutive
"""
clear()
auth.auth_register('*****@*****.**', 'abcdef', 'Christian', 'Ilagan')
auth.auth_register('*****@*****.**', 'abcdef', 'Christian', 'Ilagan')
with pytest.raises(InputError):
auth.auth_register('*****@*****.**', 'abcdef', 'Christian',
'Ilagan')
with pytest.raises(InputError):
auth.auth_register('#%&*#&@gmail.com', 'abcdef', 'Christian', 'Ilagan')
clear()
def test_request_logged_in():
"""
Testing that a user can request a password reset when logged in
"""
clear()
email_1 = '*****@*****.**'
result_1 = auth.auth_register(email_1, 'abcdefg', 'John', 'Smith')
auth.auth_passwordreset_request(email_1)
data = pickle.load(open("data.p", "rb"))
for user in data.get_reset_users():
if user['u_id'] == result_1['u_id']:
assert user['email'] == email_1
clear()
