def test_05_invalid_confirmation_token(self): u1 = User(username='******', password='******') u2 = User(username='******', password='******') u1.save() u2.save() token = u1.generate_confirmation_token('something_need_confirm') self.assertFalse(u2.confirm(token, 'something_need_confirm'))
def test_confirm(self): # send a confirmation token user = User(email='*****@*****.**', password='******', username='******') self.client.post('/auth/login', data={ 'email': '*****@*****.**', 'password': '******', 'remember_me': True }) token = r"\x87\xb7t\xcc\x84\x1e\xff" response = self.client.get('/auth/confirm/%s' % token, follow_redirects=True) self.assertIn('确认链接非法或已过期', response.data) response = self.client.get('/auth/confirm', follow_redirects=True) self.assertIn('一封新的包含身份确认链接的邮件已发往你的邮箱', response.data) token = user.generate_confirmation_token('email_confirm') response = self.client.get('/auth/confirm/%s' % token, follow_redirects=True) self.assertIn('已确认你的身份,欢迎加入我们', response.data) response = self.client.get('/auth/confirm/%s' % token, follow_redirects=True) self.assertIn('栏目', response.data) response = self.client.get('/auth/unconfirmed', follow_redirects=True) self.assertIn('栏目', response.data)
def test_19_add_self_follows(self): user = User.query.filter_by(username='******').first() user.not_follow(user) self.assertTrue(user.followers.count() == 0) User.add_self_follows() self.assertTrue(user.followers.count() == 1) self.assertTrue(user.is_following(user))
def register(): """Register a new user, and send them a confirmation email.""" form = RegistrationForm() if form.validate_on_submit(): role = Role.objects(default=True, enable=True).first() if role is not None: role_id = role.pkid else: role_id = 1 user = User( user_name=form.user_name.data, email=form.email.data, password_hash=generate_password_hash(form.password.data), role_id=role_id ) user.save() token = user.generate_confirmation_token() confirm_link = url_for('account.confirm', token=token, _external=True) get_queue().enqueue( send_email, recipient=user.email, subject=_('Confirm Your Account'), template='account/email/confirm', user=user, confirm_link=confirm_link) flash(_('A confirmation link has been sent to {}.').format(user.email), 'warning') return redirect(url_for('main.index')) return render_template('auth/register.html', form=form)
def setUp(self): self.app = create_app('testing') self.app_context = self.app.app_context() self.app_context.push() db.create_all() Role.insert_roles() User.add_admin() User.add_test_user()
def get(self, user_id=None, username=None): user = None if username is not None: user = User.get_by_username(username) else: user = User.get_by_id(user_id) if not user: abort(404) return {'code': 20000, 'data': format_user(user)}
def test_02_password(self): kwargs = {"username": self.person.name(), "email": self.person.email()} password = self.person.password(16) user = User(**kwargs) self.assertIsNone(user.password_hash) with self.assertRaises(AttributeError): user.password user.password = password self.assertIsNotNone(user.password_hash) self.assertTrue(user.verify_password(password)) self.assertFalse(user.verify_password(self.person.password(16)))
def setUp(self): self.app = create_app("testing") self.client = self.app.test_client() self.context = self.app.app_context() self.context.push() db.create_all() kwargs = { "username": self.person.username(), "email": self.person.email(), "password": self.person.password(16) } user = User(**kwargs) user.save() del kwargs["email"] self.data = {"kwargs": kwargs, "user": user}
def test_login(self): # login with the new account User(email='*****@*****.**', password='******', username='******') response = self.client.get('/auth/login') self.assertTrue(re.search('忘记密码?', response.data)) response = self.client.post('/auth/login', data={ 'email': 'john_example.com', 'password': '******' }) self.assertIn('请输入合法的邮箱地址', response.data) response = self.client.post('/auth/login', data={ 'email': '*****@*****.**', 'password': '******' }) self.assertIn('无效的用户名或密码', response.data) response = self.client.post('/auth/login', data={ 'email': '*****@*****.**', 'password': '******' }) self.assertIn('无效的用户名或密码', response.data) response = self.client.post('/auth/login', data={ 'email': '*****@*****.**', 'password': '******', 'remember_me': True }, follow_redirects=True) self.assertIn('你好', response.data) self.assertIn('你还没有进行身份认证', response.data)
def test_01_post_method(self): kwargs = self.data["kwargs"] user = self.data["user"] kwargs_fake = dict(username=self.person.username(), password=self.person.password(16)) response = self.client.post("/api/auth", data=json.dumps(kwargs_fake), content_type="application/json") self.assertEqual(response.status_code, 400) data = json.loads(response.data) self.assertEqual(data["message"]["username"], "valid username is required for authentication") response = self.client.post("/api/auth", data=json.dumps(kwargs), content_type="application/json") self.assertEqual(response.status_code, 200) data = json.loads(response.data) self.assertEqual(User.confirm("login", data["token"]).id, user.id) kwargs["password"] = self.person.password(16) response = self.client.post("/api/auth", data=json.dumps(kwargs), content_type="application/json") self.assertEqual(response.status_code, 401) data = json.loads(response.data) self.assertEqual(data["message"], "invalid username or password")
def verify_token(token): g.current_user = None try: g.current_user = User.verify_auth_token(token) g.token_used = True return g.current_user is not None except: return False
def register(): form = RegistrationForm() if form.validate_on_submit(): user = User(email=form.email.data, username=form.username.data, password=form.password.data, member_since=datetime.utcnow()) user.save() token = user.generate_confirmation_token('email_confirm') send_email(user.email, '账户确认', 'auth/email/confirm', user=user, token=token) flash('一封包含身份确认链接的邮件已发往你的邮箱。') return redirect(url_for('main.neighbourhood')) return render_template('auth/register.html', form=form)
def add_user(): u = User() u.username = '******' u.email = '*****@*****.**' u.password = '******' u.confirmed = True u.role = Role.get_by_name('Administrator') db.session.add(u) db.session.commit()
def setUp(self): self.app = create_app("testing") self.client = self.app.test_client() self.context = self.app.app_context() self.context.push() db.create_all() person = Personal() text = Text() kwargs = { "username": person.username(), "email": person.email(), "password": person.password(16) } user = User(**kwargs) user.save() def __auth(): response = self.client.post("/api/auth", data=json.dumps(kwargs), content_type="application/json") self.assertEqual(response.status_code, 200) def __post(): post = Post(title=self.text.title(), summary=text.text(3), body=text.text(6), author=user) category = Category(name=text.word()) category.save() post.category = category tag = Tag(name=text.word()) tag.save() post.tags.append(tag) post.save() return post self.login = __auth self.new_post = __post del kwargs["email"] self.data = {"kwargs": kwargs, "user": user} self.text = text self.person = person
def generate_user(count=60, locale="en"): person = Personal(locale) genders = ["male", "female"] for _ in range(count): while True: username = person.name(gender=genders[_ % 2]) if User.query.filter_by(username=username).first() is None: break email = username.replace(" ", "_") + "@weblog.com" new = User(username=username, email=email, password=person.password()) db.session.add(new) db.session.commit()
def test_01_save_and_delete(self): kwargs = {"username": self.person.name(), "email": self.person.email()} self.assertEqual(User.query.count(), 0) user = User(**kwargs) user.save() self.assertEqual(user.__repr__(), "<User {} ID {}>".format(kwargs["username"], 1)) self.assertEqual(User.query.count(), 1) user.delete() self.assertEqual(User.query.count(), 0)
def login(): form = LoginForm() if form.validate_on_submit(): user = User.objects(email=form.email.data).first() if user is not None and user.password_hash is not None and user.verify_password( form.password.data): login_user(user, form.remember_me.data) flash(_('You are now logged in. Welcome back!'), 'success') return redirect(request.args.get('next') or url_for('main.index')) else: flash(_('Invalid email or password.'), 'form-error') return render_template('auth/login.html', form=form)
def test_18_get_message_from_admin(self): user = User.query.filter_by(username='******').first() from app.models.post import Post post = Post(body='Post is editing!', author=user) post.save() user.get_message_from_admin(content='User', link_id=user.id, link_type='user') user.get_message_from_admin(content='Comment', link_id=post.id, link_type='comment') user.get_message_from_admin(content='Post', link_id=post.id, link_type='post') user.get_message_from_admin(content='None') self.assertTrue(user.dialogues.count() == 1) self.assertTrue(user.dialogues.first().chats.count() == 4) admin = User.query.first() self.assertTrue(admin.dialogues.count() == 1) self.assertTrue(admin.dialogues.first().chats.count() == 4) admin_second = User( username='******', role=Role.query.filter_by(name='Administrator').first()) admin_second.save() admin.get_message_from_admin(content='User', link_id=user.id, link_type='user') admin.get_message_from_admin(content='Comment', link_id=post.id, link_type='comment') admin.get_message_from_admin(content='Post', link_id=post.id, link_type='post') admin.get_message_from_admin(content='None') self.assertTrue(admin.dialogues.count() == 2) from app.models.message import Dialogue self.assertTrue( Dialogue.get_dialogue(admin, admin_second).chats.count() == 4) self.assertTrue(Dialogue.get_dialogue(admin, user).chats.count() == 4) self.assertTrue(admin_second.dialogues.first().chats.count() == 4)
def test_12_ping(self): u = User(username='******', password='******') u.save() time.sleep(2) last_seen_before = u.last_seen u.ping() self.assertTrue(u.last_seen > last_seen_before)
def test_02_refresh_token(self): kwargs = self.data["kwargs"] user = self.data["user"] token_fake = json.dumps(dict(token=json.dumps(kwargs))) response = self.client.get("/api/auth", query_string=dict(token=token_fake)) self.assertEqual(response.status_code, 401) response = self.client.post("/api/auth", data=json.dumps(kwargs), content_type="application/json") token_1 = parse_cookie( response.headers.getlist('Set-Cookie')[0])["token"] sleep(1) response = self.client.get("/api/auth", query_string=dict(token=token_1)) token_2 = parse_cookie( response.headers.getlist("Set-Cookie")[0])["token"] self.assertNotEqual(token_1, token_2) self.assertEqual(User.confirm("login", token_1).id, user.id) self.assertEqual(User.confirm("login", token_2).id, user.id)
def edit_profile_admin(user_id=None): if user_id: user_edited = User.query.get_or_404(user_id) form = EditProfileAdminForm(user=user_edited) if form.validate_on_submit(): user_edited.email = form.email.data user_edited.username = form.username.data user_edited.confirmed = form.confirmed.data user_edited.role = Role.query.get(form.role.data) user_edited.name = form.name.data user_edited.location = form.location.data user_edited.about_me = form.about_me.data user_edited.save() flash('资料已修改。') return redirect(url_for('admin_manager.users')) form.email.data = user_edited.email form.username.data = user_edited.username form.confirmed.data = user_edited.confirmed form.role.data = user_edited.role_id form.name.data = user_edited.name form.location.data = user_edited.location form.about_me.data = user_edited.about_me else: form = EditProfileAdminForm() if form.validate_on_submit(): new_user = User( email=form.email.data, username=form.username.data, confirmed=form.confirmed.data, role_id=form.role.data, name=form.name.data, location=form.location.data, about_me=form.about_me.data, ) new_user.save() flash('用户创建成功。') return redirect(url_for('admin_manager.users')) return render_template('admin_manager/edit_profile_admin.html', form=form)
def test_change_email(self): # change email user = User(email='*****@*****.**', password='******', confirmed=True, username='******') self.client.post(url_for('auth.login'), data={ 'email': '*****@*****.**', 'password': '******', 'remember_me': True }) response = self.client.get('/auth/reset/email', follow_redirects=True) self.assertIn('确认邮件已发送,请确认', response.data) token = r"\x87\xb7t\xcc\x84\x1e\xff" response = self.client.get('/auth/reset/email/%s' % token, follow_redirects=True) self.assertIn('确认链接非法或已过期', response.data) token = user.generate_confirmation_token('change_email_confirm') response = self.client.get('/auth/reset/email/%s' % token) self.assertIn('修改邮箱地址', response.data) response = self.client.post('/auth/reset/email/%s' % token, data={'email': 'john_example.com'}, follow_redirects=True) self.assertIn('请输入合法的邮箱地址', response.data) response = self.client.post('/auth/reset/email/%s' % token, data={'email': '*****@*****.**'}, follow_redirects=True) self.assertIn('Email已被占用', response.data) response = self.client.post('/auth/reset/email/%s' % token, data={'email': '*****@*****.**'}, follow_redirects=True) self.assertIn('修改成功', response.data) self.assertIn('一封包含身份确认链接的邮件已发往你的新邮箱', response.data) token = user.generate_confirmation_token('email_confirm') response = self.client.get('/auth/confirm/%s' % token, follow_redirects=True) self.assertIn('已确认你的身份,欢迎加入我们', response.data)
def test_logout(self): # log out User(email='*****@*****.**', password='******', confirmed=True, username='******') self.client.post('/auth/login', data={ 'email': '*****@*****.**', 'password': '******', 'remember_me': True }) response = self.client.get('/auth/logout', follow_redirects=True) self.assertIn('已注销', response.data)
def setUpClass(cls): cls.base_url = 'http://127.0.0.1:5000' try: cls.client = webdriver.Firefox() except: pass if cls.client: cls.app = create_app('testing') cls.app_context = cls.app.app_context() cls.app_context.push() import logging logger = logging.getLogger('werkzeug') logger.setLevel("ERROR") db.create_all() Role.insert_roles() User.add_admin() User.add_test_user() Category.add_none() threading.Thread(target=cls.app.run).start()
def test_message(self): self.login(username='******', password='******') response = self.client.get(url_for('main.dialogues')) self.assertIn('系统消息', response.data) response = self.client.post(url_for('main.dialogues', dialogue_id=1), data={'content': 'test chat'}, follow_redirects=True) self.assertIn('test chat', response.data) self.assertNotIn('没有聊天记录', response.data) self.logout() self.login(username='******', password='******') response = self.client.get('/') self.assertIn('个人 <span class="badge badge-xs">1</span>', response.data) response = self.client.get(url_for('main.dialogues')) self.assertIn('tester', response.data) response = self.client.get(url_for('main.dialogues', dialogue_id=1)) self.assertNotIn('个人 <span class="badge badge-xs">1</span>', response.data) self.assertIn('test chat', response.data) response = self.client.get('/dialogues/1?delete_true=1', follow_redirects=True) self.assertNotIn('tester', response.data) response = self.client.get(url_for('main.dialogues', dialogue_id=1)) self.assertIn('NOT FOUND', response.data) response = self.client.get(url_for('main.new_dialogue', username='******'), follow_redirects=True) self.assertIn('tester', response.data) self.logout() user_tester2 = User(username='******') user_tester2.save() self.login(username='******', password='******') response = self.client.get(url_for('main.new_dialogue', username='******'), follow_redirects=True) self.assertIn('tester2', response.data)
def login(): if not request.json or not 'name' in request.json or not 'pwd' in request.json: return jsonify({'err': 'Request not Json or miss name/pwd'}) else: user = User.objects(name=request.json['name'], pwd=request.json['pwd']).first() if user: login_user(user) return jsonify({ 'status': 0, 'user_id': user.get_id(), 'msg': 'Login success.' }) else: return jsonify({'err': 'Login fail.'})
def test_change_password(self): # change password User(email='*****@*****.**', password='******', confirmed=True, username='******') self.client.post('/auth/login', data={ 'email': '*****@*****.**', 'password': '******', 'remember_me': True }) response = self.client.get('/auth/PasswordChange/') self.assertIn('旧密码', response.data) response = self.client.post('/auth/PasswordChange/', data={ 'old_password': '******', 'password': '******', 'password2': 'cat_cat' }, follow_redirects=True) self.assertIn('请输入正确的密码', response.data) response = self.client.post('/auth/PasswordChange/', data={ 'old_password': '******', 'password': '******', 'password2': 'cat_catt' }, follow_redirects=True) self.assertIn('两个密码必须相同', response.data) response = self.client.post('/auth/PasswordChange/', data={ 'old_password': '******', 'password': '******', 'password2': 'cat_catt' }, follow_redirects=True) self.assertIn('修改成功', response.data) response = self.client.post('/auth/login', data={ 'email': '*****@*****.**', 'password': '******', 'remember_me': True }, follow_redirects=True) self.assertIn('个人', response.data)
def reset_password(token): """Reset an existing user's password.""" if not current_user.is_anonymous: return redirect(url_for('main.index')) form = ResetPasswordForm() if form.validate_on_submit(): user = User.objects(email=form.email.data).first() if user is None: flash('Invalid email address.', 'form-error') return redirect(url_for('main.index')) if user.reset_password(token, form.new_password.data): flash('Your password has been updated.', 'form-success') return redirect(url_for('account.login')) else: flash('The password reset link is invalid or has expired.', 'form-error') return redirect(url_for('main.index')) return render_template('account/reset_password.html', form=form)
def deploy(): """Run deployment task""" if not os.path.isfile(app.config['SQLALCHEMY_DATABASE_URI'][10:]): db.create_all() print 'Datebase created.' Role.insert_roles() User.add_self_follows() User.add_admin() User.add_test_user() print 'add admin :'\ '\[email protected]'\ '\npassword=1234' Category.add_none() print 'Category insert None.' else: print 'database already exists!' admin_id = input('admin_id:') while True: if User.query.get(admin_id): User.add_admin_dialogue(admin_id) break else: admin_id = input('get admin error!\nadmin_id:') print 'User config.'
def forgot_password_request(): """Respond to existing user's request to reset their password.""" if not current_user.is_anonymous: return redirect(url_for('main.index')) form = RequestResetPasswordForm() if form.validate_on_submit(): user = User.objects(email=form.email.data).first() if user: token = user.generate_password_reset_token() reset_link = url_for( 'account.reset_password', token=token, _external=True) get_queue().enqueue( send_email, recipient=user.email, subject=_('Reset Your Password'), template='account/email/reset_password', user=user, reset_link=reset_link, next=request.args.get('next')) flash(_('A password reset link has been sent to {}.').format( form.email.data), 'warning') return redirect(url_for('auth.login')) return render_template('account/reset_password.html', form=form)