def test_users(self): # add two users r = Role.query.filter_by(name='poster').first() self.assertIsNotNone(r) u1 = User('john') u1.email = '*****@*****.**' u1.password = '******' u1.confirmed = True u1.roles.append(r) u2 = User('susan') u2.email = '*****@*****.**' u2.password = '******' u2.confirmed = True u2.roles.append(r) db.session.add_all([u1, u2]) db.session.commit() # get users # 以u2通过验证,得到u1的用户信息 response = self.client.get(url_for('api.get_user', id=u1.id), headers=self.get_api_headers( 'susan', 'dog')) self.assertTrue(response.status_code == 200) json_response = json.loads(response.data.decode('utf-8')) self.assertTrue(json_response['username'] == 'john') # 以u2通过验证,得到u2的用户信息 response = self.client.get(url_for('api.get_user', id=u2.id), headers=self.get_api_headers( 'susan', 'dog')) self.assertTrue(response.status_code == 200) json_response = json.loads(response.data.decode('utf-8')) self.assertTrue(json_response['username'] == 'susan')
def test_invalid_confirmation_token(self): user1 = User('test1') user2 = User('test2') user1.password = '******' user2.password = '******' db.session.add(user1) db.session.add(user2) db.session.commit() token = user1.generate_confirmation_token() self.assertFalse(user2.confirm(token))
def test_invalid_reset_token(self): user1 = User('test1') user2 = User('test2') user1.password = '******' user2.password = '******' user1.email = '*****@*****.**' user2.email = '*****@*****.**' db.session.add(user1) db.session.add(user2) db.session.commit() token = user1.generate_reset_token(user1.email) self.assertFalse(user2.reset_password(token, 'puppy')) self.assertTrue(user2.check_password('dog'))
def test_duplicate_email_change_token(self): user1 = User('test1') user1.email = '*****@*****.**' user1.password = '******' user2 = User('test2') user2.email = '*****@*****.**' user2.password = '******' db.session.add(user1) db.session.add(user2) db.session.commit() token = user2.generate_email_change_token('*****@*****.**') self.assertFalse(user2.change_email(token)) self.assertTrue(user2.email == '*****@*****.**')
def register(request): if request.method == "POST": uf = UserFormRegister(request.POST) if uf.is_valid(): userName = uf.cleaned_data['userName'] password = uf.cleaned_data['password'] email = uf.cleaned_data['email'] if User.objects.get(userName = userName) != None: uf = UserFormRegister() return render_to_response('register.html', {'uf': uf}, context_instance = RequestContext(request)) user = User() user.userName = userName user.password = password user.email = email user.save() response = render_to_response('success.html', {'username': userName}) response.set_cookie('username', userName, 3600) return response else: uf = UserFormRegister() return render_to_response('register.html', {'uf': uf}, context_instance = RequestContext(request))
def create_admin(email, password): user = User() user.email = email user.password = password user.type = 'admin' user.active = True user.save()
def test_token_auth(self): # add a user r = Role.query.filter_by(name='poster').first() self.assertIsNotNone(r) u = User('john') u.email = '*****@*****.**' u.password = '******' u.confirmed = True u.roles.append(r) db.session.add(u) db.session.commit() # issue a request with a bad token response = self.client.get(url_for('api.get_posts'), headers=self.get_api_headers( 'bad-token', '')) self.assertTrue(response.status_code == 401) # get a token response = self.client.get(url_for('api.get_token'), headers=self.get_api_headers('john', 'cat')) self.assertTrue(response.status_code == 200) json_response = json.loads(response.data.decode('utf-8')) self.assertIsNotNone(json_response.get('token')) token = json_response['token'] # issue a request with the token response = self.client.get(url_for('api.get_posts'), headers=self.get_api_headers(token, '')) self.assertTrue(response.status_code == 200)
def setUp(self): # Bug workarounds: Flask Admin和Flask Restful扩展中, # 它们会为应用生成蓝图对象并在内部保存起来,但在应用销毁时不会主动将其移除。 admin._views = [] rest_api.resources = [] self.app = create_app('test') # 必须push context,否则会报错误 self.app_context = self.app.app_context() self.app_context.push() self.client = self.app.test_client(use_cookies=True) # Bug workaround: 如果不在webapp目录中运行, # 则Flask SQLAlchemy的初始化代码就不能正确地在应用对象中进行初始化 db.app = self.app db.create_all() # create role and user # 由于下面有个test_register_and_login测试,要注册新用户, # 在register路由中会默认添加上'poster'和'default'角色,因此这里要先创建两种角色 poster = Role('poster') poster.description = 'poster role' default = Role('default') default.description = 'default role' db.session.add(poster) db.session.add(default) test_user = User('test') test_user.email = '*****@*****.**' test_user.password = '******' test_user.confirmed = True test_user.roles.append(poster) db.session.add(test_user) db.session.commit()
def createUser(self, request): loginUser = User() loginUser.username = request.POST.get('USERNAME') loginUser.password = request.POST.get('Password') loginUser.date = str(datetime.now()) loginUser.save() print loginUser, " has been created."
def test_valid_confirmation_token(self): user = User('test') user.password = '******' db.session.add(user) # 只有commit了才能拿到id,以便生成token db.session.commit() token = user.generate_confirmation_token() self.assertTrue(user.confirm(token))
def test_expired_confirmation_token(self): user = User('test') user.password = '******' db.session.add(user) db.session.commit() token = user.generate_confirmation_token(1) time.sleep(2) self.assertFalse(user.confirm(token))
def test_valid_email_change_token(self): user1 = User('test1') user1.email = '*****@*****.**' user1.password = '******' db.session.add(user1) db.session.commit() token = user1.generate_email_change_token('*****@*****.**') self.assertTrue(user1.change_email(token)) self.assertTrue(user1.email == '*****@*****.**')
def register(): if g.user: return 'is logined' source = session.get('source') app = session.get('app') username = session.get('username') if source and username and app: token = session['oauth_token'] secret = session['oauth_token_secret'] if source=='sina': api_key, api_secret, callback = sina_api[app] auth = sina.OAuthHandler(api_key, api_secret, callback) auth.setToken(token, secret) #elif source=='qq': # api_key, api_secret, callback = qq_api # auth = qq.OAuthHandler(api_key, api_secret, callback) # auth.setToken(token, secret) # 创建shorten while True: code = shorten(str(datetime.now())) if User.query.filter_by(shorten=code).count()==0: break email = '*****@*****.**' % code user = User(nickname=username, email=email, shorten=code) user.password = email user.profile = UserProfile() update_profile(source, user, auth) db.session.add(user) db.session.commit() # login identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) user.bind(source, app, token, secret) return redirect(url_for('%s.post' % app)) else: return redirect(url_for('frontend.login'))
def test_follows(self): u1 = User('test1') u1.email = '*****@*****.**' u1.password = '******' u2 = User('test2') u2.email = '*****@*****.**' u2.password = '******' db.session.add(u1) db.session.add(u2) db.session.commit() self.assertFalse(u1.is_following(u2)) self.assertFalse(u1.is_followed_by(u2)) timestamp_before = datetime.datetime.utcnow() u1.follow(u2) db.session.add(u1) db.session.commit() timestamp_after = datetime.datetime.utcnow() self.assertTrue(u1.is_following(u2)) self.assertFalse(u1.is_followed_by(u2)) self.assertTrue(u2.is_followed_by(u1)) self.assertTrue(u1.followings.count() == 1) self.assertTrue(u2.followers.count() == 1) f = u1.followings.all()[-1] self.assertTrue(f.following == u2) self.assertTrue(timestamp_before <= f.timestamp <= timestamp_after) f = u2.followers.all()[-1] self.assertTrue(f.follower == u1) u1.unfollow(u2) db.session.add(u1) db.session.commit() self.assertTrue(u1.followings.count() == 0) self.assertTrue(u2.followers.count() == 0) self.assertTrue(Follow.query.count() == 0) u2.follow(u1) db.session.add(u1) db.session.add(u2) db.session.commit() db.session.delete(u2) db.session.commit() self.assertTrue(Follow.query.count() == 0)
def test_valid_reset_token(self): user = User('test') user.password = '******' user.email = '*****@*****.**' db.session.add(user) # 只有commit了才能拿到id,以便生成token db.session.commit() token = user.generate_reset_token(user.email) self.assertTrue(user.reset_password(token, 'dog')) self.assertTrue(user.check_password('dog'))
def register(): if g.user: return 'is logined' source = session.get('source') app = session.get('app') username = session.get('username') if source and username and app: token = session['oauth_token'] secret = session['oauth_token_secret'] if source == 'sina': api_key, api_secret, callback = sina_api[app] auth = sina.OAuthHandler(api_key, api_secret, callback) auth.setToken(token, secret) #elif source=='qq': # api_key, api_secret, callback = qq_api # auth = qq.OAuthHandler(api_key, api_secret, callback) # auth.setToken(token, secret) # 创建shorten while True: code = shorten(str(datetime.now())) if User.query.filter_by(shorten=code).count() == 0: break email = '*****@*****.**' % code user = User(nickname=username, email=email, shorten=code) user.password = email user.profile = UserProfile() update_profile(source, user, auth) db.session.add(user) db.session.commit() # login identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) user.bind(source, app, token, secret) return redirect(url_for('%s.post' % app)) else: return redirect(url_for('frontend.login'))
def api_register(): username = request.form.get('username') emailaddress = request.form.get('emailaddress') password = request.form.get('password') confirmpassword = request.form.get('confirmpassword') if (User.query.filter_by(emailaddress=emailaddress).first() is not None): print("该邮箱已被使用") elif (password != confirmpassword): print("密码不一致") else: new_user = User() new_user.username = username new_user.emailaddress = emailaddress new_user.password = password db.session.add(new_user) db.session.commit()
def test_bad_auth(self): # add a user r = Role.query.filter_by(name='poster').first() self.assertIsNotNone(r) u = User('john') u.email = '*****@*****.**' u.password = '******' u.confirmed = True u.roles.append(r) db.session.add(u) db.session.commit() # authenticate with bad password response = self.client.get(url_for('api.get_posts'), headers=self.get_api_headers('john', 'dog')) self.assertTrue(response.status_code == 401)
def test_unconfirmed_account(self): # add an unconfirmed user r = Role.query.filter_by(name='poster').first() self.assertIsNotNone(r) u = User('john') u.email = '*****@*****.**' u.password = '******' u.confirmed = False u.roles.append(r) db.session.add(u) db.session.commit() # get list of posts with the unconfirmed account response = self.client.get(url_for('api.get_posts'), headers=self.get_api_headers('john', 'cat')) self.assertTrue(response.status_code == 403)
def register_view(self): form = RegistrationForm(request.form) if helpers.validate_form_on_submit(form): user = User() form.populate_obj(user) # we hash the users password to avoid saving it as plaintext in the db, # remove to use plain text: user.password = generate_password_hash(form.password.data) db.session.add(user) db.session.commit() login.login_user(user) return redirect(url_for('.index')) link = '<p>Already have an account? <a href="' + url_for('.login_view') + '">Click here to log in.</a></p>' self._template_args['form'] = form self._template_args['link'] = link return super(MyAdminIndexView, self).index()
def register(request): message = '' if request.method == 'POST': username = request.POST.get('username') password = request.POST.get('password1') password2 = request.POST.get('password2') email = request.POST.get('email') if username and password and password2 and email: # 去除左右两边空格 username = username.strip() # 验证是否在数据库 # 数据库里没有这个用户 if password != password2: message = '密码不一致' return render(request, 'register.html', locals()) else: user = User.objects.filter(name=username) if user: message = '用户已存在' return render(request, 'register.html', locals()) else: username = request.POST.get('username') password = request.POST.get('password1') print('-----------------') print(password) email = request.POST.get('email') ine = User() ine.name = username ine.password = password ine.email = email ine.save() return redirect('/webapp/login/') return render(request,'register.html',locals()) return render(request,'register.html')
def api_register(): username = request.form.get('username') emailaddress = request.form.get('emailaddress') password = request.form.get('password') confirmpassword = request.form.get('confirmpassword') if User.query.filter_by(emailaddress=emailaddress).first() is not None: # print("该邮箱已被使用") abort(400) elif password != confirmpassword: # print("密码不一致") abort(400) else: new_user = User() new_user.username = username new_user.emailaddress = emailaddress new_user.password = password new_user.avatar = 'default.jpg' new_user.active = True db.session.add(new_user) db.session.commit() user = User.query.filter_by(emailaddress=emailaddress).first() login_user(user) return redirect(url_for('main.index'))
def insert_data(): with app.app_context(): # 不需要在这里创建库,应该使用数据库升级命令`db upgrade`来创建库 # db.create_all() # 这里设定了3种角色 role_admin = Role(name='admin') role_admin.description = "administrator role" role_poster = Role(name='poster') role_poster.description = "the registered user role" role_default = Role(name='default') role_default.description = 'the unregistered user role' db.session.add(role_admin) db.session.add(role_poster) db.session.add(role_default) # add User admin = User(username='******') admin.email = '*****@*****.**' admin.password = '******' admin.confirmed = True admin.roles.append(role_admin) admin.roles.append(role_poster) admin.roles.append(role_default) db.session.add(admin) user01 = User(username='******') user01.email = '*****@*****.**' user01.password = '******' user01.confirmed = True user01.roles.append(role_poster) user01.roles.append(role_default) db.session.add(user01) user02 = User(username='******') user02.email = '*****@*****.**' user02.password = '******' user02.confirmed = True user02.roles.append(role_poster) user02.roles.append(role_default) db.session.add(user02) # add Tag and Post tag_one = Tag('Python') tag_two = Tag('Flask') tag_three = Tag('SQLAlechemy') tag_four = Tag('Jinja') tag_list = [tag_one, tag_two, tag_three, tag_four] s = "Example Text" for i in xrange(1, 101): new_post = Post("Post {}".format(i)) if i % 2: new_post.user = user01 else: new_post.user = user02 new_post.publish_date = datetime.datetime.utcnow() new_post.text = s new_post.tags = random.sample(tag_list, random.randint(1, 3)) db.session.add(new_post) # add comment comment01 = Comment() comment01.name = 'comment01' comment01.text = 'comment text' comment01.post_id = 99 comment01.date = datetime.datetime.utcnow() db.session.add(comment01) comment02 = Comment() comment02.name = 'comment02' comment02.text = 'comment text' comment02.post_id = 100 comment02.date = datetime.datetime.utcnow() db.session.add(comment02) db.session.commit()
def test_comments(self): # add two users r = Role.query.filter_by(name='poster').first() self.assertIsNotNone(r) u1 = User('john') u1.email = '*****@*****.**' u1.password = '******' u1.confirmed = True u1.roles.append(r) u2 = User('susan') u2.email = '*****@*****.**' u2.password = '******' u2.confirmed = True u2.roles.append(r) db.session.add_all([u1, u2]) db.session.commit() # add a post post = Post(title='title of the post') post.text = 'body of the post' post.user = u1 db.session.add(post) db.session.commit() # write a comment response = self.client.post(url_for('api.new_post_comment', id=post.id), headers=self.get_api_headers( 'susan', 'dog'), data=json.dumps({ 'name': 'comment name', 'text': 'Good [post](http://example.com)!' })) self.assertTrue(response.status_code == 201) json_response = json.loads(response.data.decode('utf-8')) url = response.headers.get('Location') self.assertIsNotNone(url) self.assertTrue(json_response['name'] == 'comment name') self.assertTrue( json_response['text'] == 'Good [post](http://example.com)!') # get the new comment response = self.client.get(url, headers=self.get_api_headers('john', 'cat')) self.assertTrue(response.status_code == 200) json_response = json.loads(response.data.decode('utf-8')) self.assertTrue(json_response['url'] == url) self.assertTrue(json_response['name'] == 'comment name') self.assertTrue( json_response['text'] == 'Good [post](http://example.com)!') # add another comment comment = Comment(name='another comment name') comment.text = 'Thank you!' comment.user = u1 comment.post = post db.session.add(comment) db.session.commit() # get the two comments from the post response = self.client.get(url_for('api.get_post_comments', id=post.id), headers=self.get_api_headers( 'susan', 'dog')) self.assertTrue(response.status_code == 200) json_response = json.loads(response.data.decode('utf-8')) self.assertIsNotNone(json_response.get('comments')) self.assertTrue(json_response.get('count', 0) == 2) # get all the comments response = self.client.get(url_for('api.get_comments', id=post.id), headers=self.get_api_headers( 'susan', 'dog')) self.assertTrue(response.status_code == 200) json_response = json.loads(response.data.decode('utf-8')) self.assertIsNotNone(json_response.get('comments')) self.assertTrue(json_response.get('count', 0) == 2)
def test_posts(self): # add a user r = Role.query.filter_by(name='poster').first() self.assertIsNotNone(r) u = User('john') u.email = '*****@*****.**' u.password = '******' u.confirmed = True u.roles.append(r) db.session.add(u) db.session.commit() # write an empty post, will raise ValidationError response = self.client.post(url_for('api.new_post'), headers=self.get_api_headers( 'john', 'cat'), data=json.dumps({'text': ''})) self.assertTrue(response.status_code == 400) # write a post response = self.client.post(url_for('api.new_post'), headers=self.get_api_headers( 'john', 'cat'), data=json.dumps({ 'title': 'title of the post', 'text': 'body of the *blog* post' })) self.assertTrue(response.status_code == 201) url = response.headers.get('Location') self.assertIsNotNone(url) # get the new post response = self.client.get(url, headers=self.get_api_headers('john', 'cat')) self.assertTrue(response.status_code == 200) json_response = json.loads(response.data.decode('utf-8')) self.assertTrue(json_response['url'] == url) self.assertTrue(json_response['title'] == 'title of the post') self.assertTrue(json_response['text'] == 'body of the *blog* post') json_post = json_response # get the post from the user response = self.client.get(url_for('api.get_user_posts', id=u.id), headers=self.get_api_headers('john', 'cat')) self.assertTrue(response.status_code == 200) json_response = json.loads(response.data.decode('utf-8')) self.assertIsNotNone(json_response.get('posts')) self.assertTrue(json_response.get('count', 0) == 1) self.assertTrue(json_response['posts'][0] == json_post) # get the post from the user as a follower # 没有实现自关注,因此这里得不到 response = self.client.get(url_for('api.get_user_following_posts', id=u.id), headers=self.get_api_headers('john', 'cat')) self.assertTrue(response.status_code == 200) json_response = json.loads(response.data.decode('utf-8')) self.assertListEqual(json_response.get('posts'), []) self.assertTrue(json_response.get('count', -1) == 0) # edit post response = self.client.put(url, headers=self.get_api_headers('john', 'cat'), data=json.dumps({ 'title': 'updated title', 'text': 'updated body' })) # self.assertTrue(response.status_code == 200) json_response = json.loads(response.data.decode('utf-8')) self.assertTrue(json_response['url'] == url) self.assertTrue(json_response['text'] == 'updated body') self.assertTrue(json_response['title'] == 'updated title')
def test_password_setter(self): user = User('test') user.password = '******' self.assertTrue(user.password_hash is not None)
def test_no_password_getter(self): user = User('test') user.password = '******' with self.assertRaises(AttributeError): user.password
def test_password_verification(self): user = User('test') user.password = '******' self.assertTrue(user.check_password('cat')) self.assertFalse(user.check_password('dog'))
def test_password_salts_are_random(self): user01 = User('test01') user01.password = '******' user02 = User('test02') user02.password = '******' self.assertTrue(user01.password_hash != user02.password_hash)
# -*- coding: utf-8 -*- """ 结合tests/test_ui.py使用 """ from webapp import create_app from webapp.models import db, User, Role app = create_app('test') # Bug workaround db.app = app db.create_all() default = Role("default") poster = Role("poster") db.session.add(default) db.session.add(poster) test_user = User("test") test_user.password = '******' test_user.confirmed = True test_user.email = '*****@*****.**' test_user.roles.append(poster) db.session.add(test_user) db.session.commit() app.run()