def get_users_with_multiple_primary_email(self):
user_pks = []
for email_address_dict in EmailAddress.objects.filter(
primary=True).values('user').annotate(
Count('user')).filter(user__count__gt=1):
user_pks.append(email_address_dict['user'])
return get_user_model().objects.filter(pk__in=user_pks)
def get_users_with_multiple_primary_email(self):
user_pks = []
for email_address_dict in EmailAddress.objects.filter(
primary=True).values('user').annotate(
Count('user')).filter(user__count__gt=1):
user_pks.append(email_address_dict['user'])
return get_user_model().objects.filter(pk__in=user_pks)
def _logout_view(self, method):
c = Client()
user = get_user_model().objects.create(username='******', is_active=True)
user.set_password('doe')
user.save()
c = Client()
c.login(username='******', password='******')
return c, getattr(c, method)(reverse('account_logout'))
def _logout_view(self, method):
c = Client()
user = get_user_model().objects.create(username='******', is_active=True)
user.set_password('doe')
user.save()
c = Client()
c.login(username='******', password='******')
return c, getattr(c, method)(reverse('account_logout'))
def test_email_escaping(self):
site = Site.objects.get_current()
site.name = '<enc&"test>'
site.save()
u = get_user_model().objects.create(username='******',
email='*****@*****.**')
request = RequestFactory().get('/')
EmailAddress.objects.add_email(request, u, u.email, confirm=True)
self.assertTrue(mail.outbox[0].subject[1:].startswith(site.name))
def test_email_escaping(self):
site = Site.objects.get_current()
site.name = '<enc&"test>'
site.save()
u = get_user_model().objects.create(
username='******',
email='*****@*****.**')
request = RequestFactory().get('/')
EmailAddress.objects.add_email(request, u, u.email, confirm=True)
self.assertTrue(mail.outbox[0].subject[1:].startswith(site.name))
def test_ajax_login_success(self):
user = get_user_model().objects.create(username='******', is_active=True)
user.set_password('doe')
user.save()
resp = self.client.post(reverse('account_login'),
{'login': '******',
'password': '******'},
HTTP_X_REQUESTED_WITH='XMLHttpRequest')
self.assertEqual(resp.status_code, 200)
data = json.loads(resp.content.decode('utf8'))
self.assertEqual(data['location'], '/accounts/profile/')
def test_email_verification_mandatory(self):
c = Client()
# Signup
resp = c.post(reverse('account_signup'),
{'username': '******',
'email': '*****@*****.**',
'password1': 'johndoe',
'password2': 'johndoe'},
follow=True)
self.assertEqual(resp.status_code, 200)
self.assertEqual(mail.outbox[0].to, ['*****@*****.**'])
self.assertGreater(mail.outbox[0].body.find('https://'), 0)
self.assertEqual(len(mail.outbox), 1)
self.assertTemplateUsed(resp,
'account/verification_sent.html')
# Attempt to login, unverified
for attempt in [1, 2]:
resp = c.post(reverse('account_login'),
{'login': '******',
'password': '******'},
follow=True)
# is_active is controlled by the admin to manually disable
# users. I don't want this flag to flip automatically whenever
# users verify their email adresses.
self.assertTrue(get_user_model().objects.filter(
username='******', is_active=True).exists())
self.assertTemplateUsed(resp,
'account/verification_sent.html')
# Attempt 1: no mail is sent due to cool-down ,
# but there was already a mail in the outbox.
self.assertEqual(len(mail.outbox), attempt)
self.assertEqual(
EmailConfirmation.objects.filter(
email_address__email='*****@*****.**').count(),
attempt)
# Wait for cooldown
EmailConfirmation.objects.update(sent=now()
- timedelta(days=1))
# Verify, and re-attempt to login.
confirmation = EmailConfirmation \
.objects \
.filter(email_address__user__username='******')[:1] \
.get()
resp = c.get(reverse('account_confirm_email',
args=[confirmation.key]))
self.assertTemplateUsed(resp, 'account/email_confirm.html')
c.post(reverse('account_confirm_email',
args=[confirmation.key]))
resp = c.post(reverse('account_login'),
{'login': '******',
'password': '******'})
self.assertEqual(resp['location'],
'http://testserver'+settings.LOGIN_REDIRECT_URL)
def _request_new_password(self):
user = get_user_model().objects.create(
username='******', email='*****@*****.**', is_active=True)
user.set_password('doe')
user.save()
self.client.post(
reverse('account_reset_password'),
data={'email': '*****@*****.**'})
self.assertEqual(len(mail.outbox), 1)
self.assertEqual(mail.outbox[0].to, ['*****@*****.**'])
return user
def _request_new_password(self):
user = get_user_model().objects.create(username='******',
email='*****@*****.**',
is_active=True)
user.set_password('doe')
user.save()
self.client.post(reverse('account_reset_password'),
data={'email': '*****@*****.**'})
self.assertEqual(len(mail.outbox), 1)
self.assertEqual(mail.outbox[0].to, ['*****@*****.**'])
return user
def test_ajax_login_success(self):
user = get_user_model().objects.create(username='******', is_active=True)
user.set_password('doe')
user.save()
resp = self.client.post(reverse('account_login'), {
'login': '******',
'password': '******'
},
HTTP_X_REQUESTED_WITH='XMLHttpRequest')
self.assertEqual(resp.status_code, 200)
data = json.loads(resp.content.decode('utf8'))
self.assertEqual(data['location'], '/accounts/profile/')
def test_password_forgotten_url_protocol(self):
user = self._request_new_password()
body = mail.outbox[0].body
self.assertGreater(body.find('https://'), 0)
url = body[body.find('/password/reset/'):].split()[0]
resp = self.client.get(url)
self.assertTemplateUsed(resp, 'account/password_reset_from_key.html')
self.client.post(url,
{'password1': 'newpass123',
'password2': 'newpass123'})
user = get_user_model().objects.get(pk=user.pk)
self.assertTrue(user.check_password('newpass123'))
return resp
def test_username_containing_at(self):
user = get_user_model().objects.create(username='******')
user.set_password('psst')
user.save()
EmailAddress.objects.create(user=user,
email='*****@*****.**',
primary=True,
verified=True)
resp = self.client.post(reverse('account_login'),
{'login': '******',
'password': '******'})
self.assertEqual(resp['location'],
'http://testserver'+settings.LOGIN_REDIRECT_URL)
def test_email_verification_mandatory(self):
c = Client()
# Signup
resp = c.post(reverse('account_signup'), {
'username': '******',
'email': '*****@*****.**',
'password1': 'johndoe',
'password2': 'johndoe'
},
follow=True)
self.assertEqual(resp.status_code, 200)
self.assertEqual(mail.outbox[0].to, ['*****@*****.**'])
self.assertGreater(mail.outbox[0].body.find('https://'), 0)
self.assertEqual(len(mail.outbox), 1)
self.assertTemplateUsed(resp, 'account/verification_sent.html')
# Attempt to login, unverified
for attempt in [1, 2]:
resp = c.post(reverse('account_login'), {
'login': '******',
'password': '******'
},
follow=True)
# is_active is controlled by the admin to manually disable
# users. I don't want this flag to flip automatically whenever
# users verify their email adresses.
self.assertTrue(get_user_model().objects.filter(
username='******', is_active=True).exists())
self.assertTemplateUsed(resp, 'account/verification_sent.html')
# Attempt 1: no mail is sent due to cool-down ,
# but there was already a mail in the outbox.
self.assertEqual(len(mail.outbox), attempt)
self.assertEqual(
EmailConfirmation.objects.filter(
email_address__email='*****@*****.**').count(), attempt)
# Wait for cooldown
EmailConfirmation.objects.update(sent=now() - timedelta(days=1))
# Verify, and re-attempt to login.
confirmation = EmailConfirmation \
.objects \
.filter(email_address__user__username='******')[:1] \
.get()
resp = c.get(reverse('account_confirm_email', args=[confirmation.key]))
self.assertTemplateUsed(resp, 'account/email_confirm.html')
c.post(reverse('account_confirm_email', args=[confirmation.key]))
resp = c.post(reverse('account_login'), {
'login': '******',
'password': '******'
})
self.assertEqual(resp['location'],
'http://testserver' + settings.LOGIN_REDIRECT_URL)
def test_password_forgotten_url_protocol(self):
user = self._request_new_password()
body = mail.outbox[0].body
self.assertGreater(body.find('https://'), 0)
url = body[body.find('/password/reset/'):].split()[0]
resp = self.client.get(url)
self.assertTemplateUsed(resp, 'account/password_reset_from_key.html')
self.client.post(url, {
'password1': 'newpass123',
'password2': 'newpass123'
})
user = get_user_model().objects.get(pk=user.pk)
self.assertTrue(user.check_password('newpass123'))
return resp
def test_username_containing_at(self):
user = get_user_model().objects.create(username='******')
user.set_password('psst')
user.save()
EmailAddress.objects.create(user=user,
email='*****@*****.**',
primary=True,
verified=True)
resp = self.client.post(reverse('account_login'), {
'login': '******',
'password': '******'
})
self.assertEqual(resp['location'],
'http://testserver' + settings.LOGIN_REDIRECT_URL)
def setUp(self):
User = get_user_model()
self.user = User.objects.create(username='******', email='*****@*****.**')
self.user.set_password('doe')
self.user.save()
self.email_address = EmailAddress.objects.create(user=self.user,
email=self.user.email,
verified=True,
primary=True)
self.email_address2 = EmailAddress.objects.create(
user=self.user,
email='*****@*****.**',
verified=False,
primary=False)
self.client.login(username='******', password='******')
def setUp(self):
User = get_user_model()
self.user = User.objects.create(username='******',
email='*****@*****.**')
self.user.set_password('doe')
self.user.save()
self.email_address = EmailAddress.objects.create(
user=self.user,
email=self.user.email,
verified=True,
primary=True)
self.email_address2 = EmailAddress.objects.create(
user=self.user,
email='*****@*****.**',
verified=False,
primary=False)
self.client.login(username='******', password='******')
def _test_signup_email_verified_externally(self, signup_email,
verified_email):
username = '******'
request = RequestFactory().post(reverse('account_signup'),
{'username': username,
'email': signup_email,
'password1': 'johndoe',
'password2': 'johndoe'})
# Fake stash_verified_email
from django.contrib.messages.middleware import MessageMiddleware
from django.contrib.sessions.middleware import SessionMiddleware
SessionMiddleware().process_request(request)
MessageMiddleware().process_request(request)
request.user = AnonymousUser()
request.session['account_verified_email'] = verified_email
from .views import signup
resp = signup(request)
self.assertEqual(resp.status_code, 302)
self.assertEqual(resp['location'],
get_adapter().get_login_redirect_url(request))
self.assertEqual(len(mail.outbox), 0)
return get_user_model().objects.get(username=username)
def _test_signup_email_verified_externally(self, signup_email,
verified_email):
username = '******'
request = RequestFactory().post(
reverse('account_signup'), {
'username': username,
'email': signup_email,
'password1': 'johndoe',
'password2': 'johndoe'
})
# Fake stash_verified_email
from django.contrib.messages.middleware import MessageMiddleware
from django.contrib.sessions.middleware import SessionMiddleware
SessionMiddleware().process_request(request)
MessageMiddleware().process_request(request)
request.user = AnonymousUser()
request.session['account_verified_email'] = verified_email
from .views import signup
resp = signup(request)
self.assertEqual(resp.status_code, 302)
self.assertEqual(resp['location'],
get_adapter().get_login_redirect_url(request))
self.assertEqual(len(mail.outbox), 0)
return get_user_model().objects.get(username=username)
def _create_user_and_login(self):
user = get_user_model().objects.create(username='******', is_active=True)
user.set_password('doe')
user.save()
self.client.login(username='******', password='******')
return user
def _create_user_and_login(self):
user = get_user_model().objects.create(username='******', is_active=True)
user.set_password('doe')
user.save()
self.client.login(username='******', password='******')
return user
