def test_users(self):
# add two users
r = Role.query.filter_by(name='poster').first()
self.assertIsNotNone(r)
u1 = User('john')
u1.email = '*****@*****.**'
u1.password = '******'
u1.confirmed = True
u1.roles.append(r)
u2 = User('susan')
u2.email = '*****@*****.**'
u2.password = '******'
u2.confirmed = True
u2.roles.append(r)
db.session.add_all([u1, u2])
db.session.commit()
# get users
# 以u2通过验证,得到u1的用户信息
response = self.client.get(url_for('api.get_user', id=u1.id),
headers=self.get_api_headers(
'susan', 'dog'))
self.assertTrue(response.status_code == 200)
json_response = json.loads(response.data.decode('utf-8'))
self.assertTrue(json_response['username'] == 'john')
# 以u2通过验证,得到u2的用户信息
response = self.client.get(url_for('api.get_user', id=u2.id),
headers=self.get_api_headers(
'susan', 'dog'))
self.assertTrue(response.status_code == 200)
json_response = json.loads(response.data.decode('utf-8'))
self.assertTrue(json_response['username'] == 'susan')
def test_invalid_confirmation_token(self):
user1 = User('test1')
user2 = User('test2')
user1.password = '******'
user2.password = '******'
db.session.add(user1)
db.session.add(user2)
db.session.commit()
token = user1.generate_confirmation_token()
self.assertFalse(user2.confirm(token))
def test_invalid_reset_token(self):
user1 = User('test1')
user2 = User('test2')
user1.password = '******'
user2.password = '******'
user1.email = '*****@*****.**'
user2.email = '*****@*****.**'
db.session.add(user1)
db.session.add(user2)
db.session.commit()
token = user1.generate_reset_token(user1.email)
self.assertFalse(user2.reset_password(token, 'puppy'))
self.assertTrue(user2.check_password('dog'))
def test_duplicate_email_change_token(self):
user1 = User('test1')
user1.email = '*****@*****.**'
user1.password = '******'
user2 = User('test2')
user2.email = '*****@*****.**'
user2.password = '******'
db.session.add(user1)
db.session.add(user2)
db.session.commit()
token = user2.generate_email_change_token('*****@*****.**')
self.assertFalse(user2.change_email(token))
self.assertTrue(user2.email == '*****@*****.**')
def register(request):
if request.method == "POST":
uf = UserFormRegister(request.POST)
if uf.is_valid():
userName = uf.cleaned_data['userName']
password = uf.cleaned_data['password']
email = uf.cleaned_data['email']
if User.objects.get(userName = userName) != None:
uf = UserFormRegister()
return render_to_response('register.html', {'uf': uf}, context_instance = RequestContext(request))
user = User()
user.userName = userName
user.password = password
user.email = email
user.save()
response = render_to_response('success.html', {'username': userName})
response.set_cookie('username', userName, 3600)
return response
else:
uf = UserFormRegister()
return render_to_response('register.html', {'uf': uf}, context_instance = RequestContext(request))
def create_admin(email, password):
user = User()
user.email = email
user.password = password
user.type = 'admin'
user.active = True
user.save()
def test_token_auth(self):
# add a user
r = Role.query.filter_by(name='poster').first()
self.assertIsNotNone(r)
u = User('john')
u.email = '*****@*****.**'
u.password = '******'
u.confirmed = True
u.roles.append(r)
db.session.add(u)
db.session.commit()
# issue a request with a bad token
response = self.client.get(url_for('api.get_posts'),
headers=self.get_api_headers(
'bad-token', ''))
self.assertTrue(response.status_code == 401)
# get a token
response = self.client.get(url_for('api.get_token'),
headers=self.get_api_headers('john', 'cat'))
self.assertTrue(response.status_code == 200)
json_response = json.loads(response.data.decode('utf-8'))
self.assertIsNotNone(json_response.get('token'))
token = json_response['token']
# issue a request with the token
response = self.client.get(url_for('api.get_posts'),
headers=self.get_api_headers(token, ''))
self.assertTrue(response.status_code == 200)
def setUp(self):
# Bug workarounds: Flask Admin和Flask Restful扩展中,
# 它们会为应用生成蓝图对象并在内部保存起来,但在应用销毁时不会主动将其移除。
admin._views = []
rest_api.resources = []
self.app = create_app('test')
# 必须push context,否则会报错误
self.app_context = self.app.app_context()
self.app_context.push()
self.client = self.app.test_client(use_cookies=True)
# Bug workaround: 如果不在webapp目录中运行,
# 则Flask SQLAlchemy的初始化代码就不能正确地在应用对象中进行初始化
db.app = self.app
db.create_all()
# create role and user
# 由于下面有个test_register_and_login测试,要注册新用户,
# 在register路由中会默认添加上'poster'和'default'角色,因此这里要先创建两种角色
poster = Role('poster')
poster.description = 'poster role'
default = Role('default')
default.description = 'default role'
db.session.add(poster)
db.session.add(default)
test_user = User('test')
test_user.email = '*****@*****.**'
test_user.password = '******'
test_user.confirmed = True
test_user.roles.append(poster)
db.session.add(test_user)
db.session.commit()
def createUser(self, request):
loginUser = User()
loginUser.username = request.POST.get('USERNAME')
loginUser.password = request.POST.get('Password')
loginUser.date = str(datetime.now())
loginUser.save()
print loginUser, " has been created."
def test_valid_confirmation_token(self):
user = User('test')
user.password = '******'
db.session.add(user)
# 只有commit了才能拿到id,以便生成token
db.session.commit()
token = user.generate_confirmation_token()
self.assertTrue(user.confirm(token))
def test_expired_confirmation_token(self):
user = User('test')
user.password = '******'
db.session.add(user)
db.session.commit()
token = user.generate_confirmation_token(1)
time.sleep(2)
self.assertFalse(user.confirm(token))
def test_valid_email_change_token(self):
user1 = User('test1')
user1.email = '*****@*****.**'
user1.password = '******'
db.session.add(user1)
db.session.commit()
token = user1.generate_email_change_token('*****@*****.**')
self.assertTrue(user1.change_email(token))
self.assertTrue(user1.email == '*****@*****.**')
def register():
if g.user:
return 'is logined'
source = session.get('source')
app = session.get('app')
username = session.get('username')
if source and username and app:
token = session['oauth_token']
secret = session['oauth_token_secret']
if source=='sina':
api_key, api_secret, callback = sina_api[app]
auth = sina.OAuthHandler(api_key, api_secret, callback)
auth.setToken(token, secret)
#elif source=='qq':
# api_key, api_secret, callback = qq_api
# auth = qq.OAuthHandler(api_key, api_secret, callback)
# auth.setToken(token, secret)
# 创建shorten
while True:
code = shorten(str(datetime.now()))
if User.query.filter_by(shorten=code).count()==0:
break
email = '*****@*****.**' % code
user = User(nickname=username,
email=email,
shorten=code)
user.password = email
user.profile = UserProfile()
update_profile(source, user, auth)
db.session.add(user)
db.session.commit()
# login
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.id))
user.bind(source, app, token, secret)
return redirect(url_for('%s.post' % app))
else:
return redirect(url_for('frontend.login'))
def test_follows(self):
u1 = User('test1')
u1.email = '*****@*****.**'
u1.password = '******'
u2 = User('test2')
u2.email = '*****@*****.**'
u2.password = '******'
db.session.add(u1)
db.session.add(u2)
db.session.commit()
self.assertFalse(u1.is_following(u2))
self.assertFalse(u1.is_followed_by(u2))
timestamp_before = datetime.datetime.utcnow()
u1.follow(u2)
db.session.add(u1)
db.session.commit()
timestamp_after = datetime.datetime.utcnow()
self.assertTrue(u1.is_following(u2))
self.assertFalse(u1.is_followed_by(u2))
self.assertTrue(u2.is_followed_by(u1))
self.assertTrue(u1.followings.count() == 1)
self.assertTrue(u2.followers.count() == 1)
f = u1.followings.all()[-1]
self.assertTrue(f.following == u2)
self.assertTrue(timestamp_before <= f.timestamp <= timestamp_after)
f = u2.followers.all()[-1]
self.assertTrue(f.follower == u1)
u1.unfollow(u2)
db.session.add(u1)
db.session.commit()
self.assertTrue(u1.followings.count() == 0)
self.assertTrue(u2.followers.count() == 0)
self.assertTrue(Follow.query.count() == 0)
u2.follow(u1)
db.session.add(u1)
db.session.add(u2)
db.session.commit()
db.session.delete(u2)
db.session.commit()
self.assertTrue(Follow.query.count() == 0)
def test_valid_reset_token(self):
user = User('test')
user.password = '******'
user.email = '*****@*****.**'
db.session.add(user)
# 只有commit了才能拿到id,以便生成token
db.session.commit()
token = user.generate_reset_token(user.email)
self.assertTrue(user.reset_password(token, 'dog'))
self.assertTrue(user.check_password('dog'))
def register():
if g.user:
return 'is logined'
source = session.get('source')
app = session.get('app')
username = session.get('username')
if source and username and app:
token = session['oauth_token']
secret = session['oauth_token_secret']
if source == 'sina':
api_key, api_secret, callback = sina_api[app]
auth = sina.OAuthHandler(api_key, api_secret, callback)
auth.setToken(token, secret)
#elif source=='qq':
# api_key, api_secret, callback = qq_api
# auth = qq.OAuthHandler(api_key, api_secret, callback)
# auth.setToken(token, secret)
# 创建shorten
while True:
code = shorten(str(datetime.now()))
if User.query.filter_by(shorten=code).count() == 0:
break
email = '*****@*****.**' % code
user = User(nickname=username, email=email, shorten=code)
user.password = email
user.profile = UserProfile()
update_profile(source, user, auth)
db.session.add(user)
db.session.commit()
# login
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.id))
user.bind(source, app, token, secret)
return redirect(url_for('%s.post' % app))
else:
return redirect(url_for('frontend.login'))
def api_register():
username = request.form.get('username')
emailaddress = request.form.get('emailaddress')
password = request.form.get('password')
confirmpassword = request.form.get('confirmpassword')
if (User.query.filter_by(emailaddress=emailaddress).first() is not None):
print("该邮箱已被使用")
elif (password != confirmpassword):
print("密码不一致")
else:
new_user = User()
new_user.username = username
new_user.emailaddress = emailaddress
new_user.password = password
db.session.add(new_user)
db.session.commit()
def test_bad_auth(self):
# add a user
r = Role.query.filter_by(name='poster').first()
self.assertIsNotNone(r)
u = User('john')
u.email = '*****@*****.**'
u.password = '******'
u.confirmed = True
u.roles.append(r)
db.session.add(u)
db.session.commit()
# authenticate with bad password
response = self.client.get(url_for('api.get_posts'),
headers=self.get_api_headers('john', 'dog'))
self.assertTrue(response.status_code == 401)
def test_unconfirmed_account(self):
# add an unconfirmed user
r = Role.query.filter_by(name='poster').first()
self.assertIsNotNone(r)
u = User('john')
u.email = '*****@*****.**'
u.password = '******'
u.confirmed = False
u.roles.append(r)
db.session.add(u)
db.session.commit()
# get list of posts with the unconfirmed account
response = self.client.get(url_for('api.get_posts'),
headers=self.get_api_headers('john', 'cat'))
self.assertTrue(response.status_code == 403)
def register_view(self):
form = RegistrationForm(request.form)
if helpers.validate_form_on_submit(form):
user = User()
form.populate_obj(user)
# we hash the users password to avoid saving it as plaintext in the db,
# remove to use plain text:
user.password = generate_password_hash(form.password.data)
db.session.add(user)
db.session.commit()
login.login_user(user)
return redirect(url_for('.index'))
link = '<p>Already have an account? <a href="' + url_for('.login_view') + '">Click here to log in.</a></p>'
self._template_args['form'] = form
self._template_args['link'] = link
return super(MyAdminIndexView, self).index()
def register(request):
message = ''
if request.method == 'POST':
username = request.POST.get('username')
password = request.POST.get('password1')
password2 = request.POST.get('password2')
email = request.POST.get('email')
if username and password and password2 and email:
# 去除左右两边空格
username = username.strip()
# 验证是否在数据库
# 数据库里没有这个用户
if password != password2:
message = '密码不一致'
return render(request, 'register.html', locals())
else:
user = User.objects.filter(name=username)
if user:
message = '用户已存在'
return render(request, 'register.html', locals())
else:
username = request.POST.get('username')
password = request.POST.get('password1')
print('-----------------')
print(password)
email = request.POST.get('email')
ine = User()
ine.name = username
ine.password = password
ine.email = email
ine.save()
return redirect('/webapp/login/')
return render(request,'register.html',locals())
return render(request,'register.html')
def api_register():
username = request.form.get('username')
emailaddress = request.form.get('emailaddress')
password = request.form.get('password')
confirmpassword = request.form.get('confirmpassword')
if User.query.filter_by(emailaddress=emailaddress).first() is not None:
# print("该邮箱已被使用")
abort(400)
elif password != confirmpassword:
# print("密码不一致")
abort(400)
else:
new_user = User()
new_user.username = username
new_user.emailaddress = emailaddress
new_user.password = password
new_user.avatar = 'default.jpg'
new_user.active = True
db.session.add(new_user)
db.session.commit()
user = User.query.filter_by(emailaddress=emailaddress).first()
login_user(user)
return redirect(url_for('main.index'))
def insert_data():
with app.app_context():
# 不需要在这里创建库,应该使用数据库升级命令`db upgrade`来创建库
# db.create_all()
# 这里设定了3种角色
role_admin = Role(name='admin')
role_admin.description = "administrator role"
role_poster = Role(name='poster')
role_poster.description = "the registered user role"
role_default = Role(name='default')
role_default.description = 'the unregistered user role'
db.session.add(role_admin)
db.session.add(role_poster)
db.session.add(role_default)
# add User
admin = User(username='******')
admin.email = '*****@*****.**'
admin.password = '******'
admin.confirmed = True
admin.roles.append(role_admin)
admin.roles.append(role_poster)
admin.roles.append(role_default)
db.session.add(admin)
user01 = User(username='******')
user01.email = '*****@*****.**'
user01.password = '******'
user01.confirmed = True
user01.roles.append(role_poster)
user01.roles.append(role_default)
db.session.add(user01)
user02 = User(username='******')
user02.email = '*****@*****.**'
user02.password = '******'
user02.confirmed = True
user02.roles.append(role_poster)
user02.roles.append(role_default)
db.session.add(user02)
# add Tag and Post
tag_one = Tag('Python')
tag_two = Tag('Flask')
tag_three = Tag('SQLAlechemy')
tag_four = Tag('Jinja')
tag_list = [tag_one, tag_two, tag_three, tag_four]
s = "Example Text"
for i in xrange(1, 101):
new_post = Post("Post {}".format(i))
if i % 2:
new_post.user = user01
else:
new_post.user = user02
new_post.publish_date = datetime.datetime.utcnow()
new_post.text = s
new_post.tags = random.sample(tag_list, random.randint(1, 3))
db.session.add(new_post)
# add comment
comment01 = Comment()
comment01.name = 'comment01'
comment01.text = 'comment text'
comment01.post_id = 99
comment01.date = datetime.datetime.utcnow()
db.session.add(comment01)
comment02 = Comment()
comment02.name = 'comment02'
comment02.text = 'comment text'
comment02.post_id = 100
comment02.date = datetime.datetime.utcnow()
db.session.add(comment02)
db.session.commit()
def test_comments(self):
# add two users
r = Role.query.filter_by(name='poster').first()
self.assertIsNotNone(r)
u1 = User('john')
u1.email = '*****@*****.**'
u1.password = '******'
u1.confirmed = True
u1.roles.append(r)
u2 = User('susan')
u2.email = '*****@*****.**'
u2.password = '******'
u2.confirmed = True
u2.roles.append(r)
db.session.add_all([u1, u2])
db.session.commit()
# add a post
post = Post(title='title of the post')
post.text = 'body of the post'
post.user = u1
db.session.add(post)
db.session.commit()
# write a comment
response = self.client.post(url_for('api.new_post_comment',
id=post.id),
headers=self.get_api_headers(
'susan', 'dog'),
data=json.dumps({
'name':
'comment name',
'text':
'Good [post](http://example.com)!'
}))
self.assertTrue(response.status_code == 201)
json_response = json.loads(response.data.decode('utf-8'))
url = response.headers.get('Location')
self.assertIsNotNone(url)
self.assertTrue(json_response['name'] == 'comment name')
self.assertTrue(
json_response['text'] == 'Good [post](http://example.com)!')
# get the new comment
response = self.client.get(url,
headers=self.get_api_headers('john', 'cat'))
self.assertTrue(response.status_code == 200)
json_response = json.loads(response.data.decode('utf-8'))
self.assertTrue(json_response['url'] == url)
self.assertTrue(json_response['name'] == 'comment name')
self.assertTrue(
json_response['text'] == 'Good [post](http://example.com)!')
# add another comment
comment = Comment(name='another comment name')
comment.text = 'Thank you!'
comment.user = u1
comment.post = post
db.session.add(comment)
db.session.commit()
# get the two comments from the post
response = self.client.get(url_for('api.get_post_comments',
id=post.id),
headers=self.get_api_headers(
'susan', 'dog'))
self.assertTrue(response.status_code == 200)
json_response = json.loads(response.data.decode('utf-8'))
self.assertIsNotNone(json_response.get('comments'))
self.assertTrue(json_response.get('count', 0) == 2)
# get all the comments
response = self.client.get(url_for('api.get_comments', id=post.id),
headers=self.get_api_headers(
'susan', 'dog'))
self.assertTrue(response.status_code == 200)
json_response = json.loads(response.data.decode('utf-8'))
self.assertIsNotNone(json_response.get('comments'))
self.assertTrue(json_response.get('count', 0) == 2)
def test_posts(self):
# add a user
r = Role.query.filter_by(name='poster').first()
self.assertIsNotNone(r)
u = User('john')
u.email = '*****@*****.**'
u.password = '******'
u.confirmed = True
u.roles.append(r)
db.session.add(u)
db.session.commit()
# write an empty post, will raise ValidationError
response = self.client.post(url_for('api.new_post'),
headers=self.get_api_headers(
'john', 'cat'),
data=json.dumps({'text': ''}))
self.assertTrue(response.status_code == 400)
# write a post
response = self.client.post(url_for('api.new_post'),
headers=self.get_api_headers(
'john', 'cat'),
data=json.dumps({
'title':
'title of the post',
'text':
'body of the *blog* post'
}))
self.assertTrue(response.status_code == 201)
url = response.headers.get('Location')
self.assertIsNotNone(url)
# get the new post
response = self.client.get(url,
headers=self.get_api_headers('john', 'cat'))
self.assertTrue(response.status_code == 200)
json_response = json.loads(response.data.decode('utf-8'))
self.assertTrue(json_response['url'] == url)
self.assertTrue(json_response['title'] == 'title of the post')
self.assertTrue(json_response['text'] == 'body of the *blog* post')
json_post = json_response
# get the post from the user
response = self.client.get(url_for('api.get_user_posts', id=u.id),
headers=self.get_api_headers('john', 'cat'))
self.assertTrue(response.status_code == 200)
json_response = json.loads(response.data.decode('utf-8'))
self.assertIsNotNone(json_response.get('posts'))
self.assertTrue(json_response.get('count', 0) == 1)
self.assertTrue(json_response['posts'][0] == json_post)
# get the post from the user as a follower
# 没有实现自关注,因此这里得不到
response = self.client.get(url_for('api.get_user_following_posts',
id=u.id),
headers=self.get_api_headers('john', 'cat'))
self.assertTrue(response.status_code == 200)
json_response = json.loads(response.data.decode('utf-8'))
self.assertListEqual(json_response.get('posts'), [])
self.assertTrue(json_response.get('count', -1) == 0)
# edit post
response = self.client.put(url,
headers=self.get_api_headers('john', 'cat'),
data=json.dumps({
'title': 'updated title',
'text': 'updated body'
}))
# self.assertTrue(response.status_code == 200)
json_response = json.loads(response.data.decode('utf-8'))
self.assertTrue(json_response['url'] == url)
self.assertTrue(json_response['text'] == 'updated body')
self.assertTrue(json_response['title'] == 'updated title')
def test_password_setter(self):
user = User('test')
user.password = '******'
self.assertTrue(user.password_hash is not None)
def test_no_password_getter(self):
user = User('test')
user.password = '******'
with self.assertRaises(AttributeError):
user.password
def test_password_verification(self):
user = User('test')
user.password = '******'
self.assertTrue(user.check_password('cat'))
self.assertFalse(user.check_password('dog'))
def test_password_salts_are_random(self):
user01 = User('test01')
user01.password = '******'
user02 = User('test02')
user02.password = '******'
self.assertTrue(user01.password_hash != user02.password_hash)
# -*- coding: utf-8 -*-
"""
结合tests/test_ui.py使用
"""
from webapp import create_app
from webapp.models import db, User, Role
app = create_app('test')
# Bug workaround
db.app = app
db.create_all()
default = Role("default")
poster = Role("poster")
db.session.add(default)
db.session.add(poster)
test_user = User("test")
test_user.password = '******'
test_user.confirmed = True
test_user.email = '*****@*****.**'
test_user.roles.append(poster)
db.session.add(test_user)
db.session.commit()
app.run()
