def test_05_invalid_confirmation_token(self):
u1 = User(username='******', password='******')
u2 = User(username='******', password='******')
u1.save()
u2.save()
token = u1.generate_confirmation_token('something_need_confirm')
self.assertFalse(u2.confirm(token, 'something_need_confirm'))
def test_confirm(self):
# send a confirmation token
user = User(email='*****@*****.**',
password='******',
username='******')
self.client.post('/auth/login',
data={
'email': '*****@*****.**',
'password': '******',
'remember_me': True
})
token = r"\x87\xb7t\xcc\x84\x1e\xff"
response = self.client.get('/auth/confirm/%s' % token,
follow_redirects=True)
self.assertIn('确认链接非法或已过期', response.data)
response = self.client.get('/auth/confirm', follow_redirects=True)
self.assertIn('一封新的包含身份确认链接的邮件已发往你的邮箱', response.data)
token = user.generate_confirmation_token('email_confirm')
response = self.client.get('/auth/confirm/%s' % token,
follow_redirects=True)
self.assertIn('已确认你的身份,欢迎加入我们', response.data)
response = self.client.get('/auth/confirm/%s' % token,
follow_redirects=True)
self.assertIn('栏目', response.data)
response = self.client.get('/auth/unconfirmed', follow_redirects=True)
self.assertIn('栏目', response.data)
def test_19_add_self_follows(self):
user = User.query.filter_by(username='******').first()
user.not_follow(user)
self.assertTrue(user.followers.count() == 0)
User.add_self_follows()
self.assertTrue(user.followers.count() == 1)
self.assertTrue(user.is_following(user))
def register():
"""Register a new user, and send them a confirmation email."""
form = RegistrationForm()
if form.validate_on_submit():
role = Role.objects(default=True, enable=True).first()
if role is not None:
role_id = role.pkid
else:
role_id = 1
user = User(
user_name=form.user_name.data,
email=form.email.data,
password_hash=generate_password_hash(form.password.data),
role_id=role_id
)
user.save()
token = user.generate_confirmation_token()
confirm_link = url_for('account.confirm', token=token, _external=True)
get_queue().enqueue(
send_email,
recipient=user.email,
subject=_('Confirm Your Account'),
template='account/email/confirm',
user=user,
confirm_link=confirm_link)
flash(_('A confirmation link has been sent to {}.').format(user.email), 'warning')
return redirect(url_for('main.index'))
return render_template('auth/register.html', form=form)
def setUp(self):
self.app = create_app('testing')
self.app_context = self.app.app_context()
self.app_context.push()
db.create_all()
Role.insert_roles()
User.add_admin()
User.add_test_user()
def get(self, user_id=None, username=None):
user = None
if username is not None:
user = User.get_by_username(username)
else:
user = User.get_by_id(user_id)
if not user:
abort(404)
return {'code': 20000, 'data': format_user(user)}
def test_02_password(self):
kwargs = {"username": self.person.name(), "email": self.person.email()}
password = self.person.password(16)
user = User(**kwargs)
self.assertIsNone(user.password_hash)
with self.assertRaises(AttributeError):
user.password
user.password = password
self.assertIsNotNone(user.password_hash)
self.assertTrue(user.verify_password(password))
self.assertFalse(user.verify_password(self.person.password(16)))
def setUp(self):
self.app = create_app("testing")
self.client = self.app.test_client()
self.context = self.app.app_context()
self.context.push()
db.create_all()
kwargs = {
"username": self.person.username(),
"email": self.person.email(),
"password": self.person.password(16)
}
user = User(**kwargs)
user.save()
del kwargs["email"]
self.data = {"kwargs": kwargs, "user": user}
def test_login(self):
# login with the new account
User(email='*****@*****.**', password='******', username='******')
response = self.client.get('/auth/login')
self.assertTrue(re.search('忘记密码?', response.data))
response = self.client.post('/auth/login',
data={
'email': 'john_example.com',
'password': '******'
})
self.assertIn('请输入合法的邮箱地址', response.data)
response = self.client.post('/auth/login',
data={
'email': '*****@*****.**',
'password': '******'
})
self.assertIn('无效的用户名或密码', response.data)
response = self.client.post('/auth/login',
data={
'email': '*****@*****.**',
'password': '******'
})
self.assertIn('无效的用户名或密码', response.data)
response = self.client.post('/auth/login',
data={
'email': '*****@*****.**',
'password': '******',
'remember_me': True
},
follow_redirects=True)
self.assertIn('你好', response.data)
self.assertIn('你还没有进行身份认证', response.data)
def test_01_post_method(self):
kwargs = self.data["kwargs"]
user = self.data["user"]
kwargs_fake = dict(username=self.person.username(),
password=self.person.password(16))
response = self.client.post("/api/auth",
data=json.dumps(kwargs_fake),
content_type="application/json")
self.assertEqual(response.status_code, 400)
data = json.loads(response.data)
self.assertEqual(data["message"]["username"],
"valid username is required for authentication")
response = self.client.post("/api/auth",
data=json.dumps(kwargs),
content_type="application/json")
self.assertEqual(response.status_code, 200)
data = json.loads(response.data)
self.assertEqual(User.confirm("login", data["token"]).id, user.id)
kwargs["password"] = self.person.password(16)
response = self.client.post("/api/auth",
data=json.dumps(kwargs),
content_type="application/json")
self.assertEqual(response.status_code, 401)
data = json.loads(response.data)
self.assertEqual(data["message"], "invalid username or password")
def verify_token(token):
g.current_user = None
try:
g.current_user = User.verify_auth_token(token)
g.token_used = True
return g.current_user is not None
except:
return False
def register():
form = RegistrationForm()
if form.validate_on_submit():
user = User(email=form.email.data,
username=form.username.data,
password=form.password.data,
member_since=datetime.utcnow())
user.save()
token = user.generate_confirmation_token('email_confirm')
send_email(user.email,
'账户确认',
'auth/email/confirm',
user=user,
token=token)
flash('一封包含身份确认链接的邮件已发往你的邮箱。')
return redirect(url_for('main.neighbourhood'))
return render_template('auth/register.html', form=form)
def add_user():
u = User()
u.username = '******'
u.email = '*****@*****.**'
u.password = '******'
u.confirmed = True
u.role = Role.get_by_name('Administrator')
db.session.add(u)
db.session.commit()
def setUp(self):
self.app = create_app("testing")
self.client = self.app.test_client()
self.context = self.app.app_context()
self.context.push()
db.create_all()
person = Personal()
text = Text()
kwargs = {
"username": person.username(),
"email": person.email(),
"password": person.password(16)
}
user = User(**kwargs)
user.save()
def __auth():
response = self.client.post("/api/auth",
data=json.dumps(kwargs),
content_type="application/json")
self.assertEqual(response.status_code, 200)
def __post():
post = Post(title=self.text.title(),
summary=text.text(3),
body=text.text(6),
author=user)
category = Category(name=text.word())
category.save()
post.category = category
tag = Tag(name=text.word())
tag.save()
post.tags.append(tag)
post.save()
return post
self.login = __auth
self.new_post = __post
del kwargs["email"]
self.data = {"kwargs": kwargs, "user": user}
self.text = text
self.person = person
def generate_user(count=60, locale="en"):
person = Personal(locale)
genders = ["male", "female"]
for _ in range(count):
while True:
username = person.name(gender=genders[_ % 2])
if User.query.filter_by(username=username).first() is None:
break
email = username.replace(" ", "_") + "@weblog.com"
new = User(username=username, email=email, password=person.password())
db.session.add(new)
db.session.commit()
def test_01_save_and_delete(self):
kwargs = {"username": self.person.name(), "email": self.person.email()}
self.assertEqual(User.query.count(), 0)
user = User(**kwargs)
user.save()
self.assertEqual(user.__repr__(),
"<User {} ID {}>".format(kwargs["username"], 1))
self.assertEqual(User.query.count(), 1)
user.delete()
self.assertEqual(User.query.count(), 0)
def login():
form = LoginForm()
if form.validate_on_submit():
user = User.objects(email=form.email.data).first()
if user is not None and user.password_hash is not None and user.verify_password(
form.password.data):
login_user(user, form.remember_me.data)
flash(_('You are now logged in. Welcome back!'), 'success')
return redirect(request.args.get('next') or url_for('main.index'))
else:
flash(_('Invalid email or password.'), 'form-error')
return render_template('auth/login.html', form=form)
def test_18_get_message_from_admin(self):
user = User.query.filter_by(username='******').first()
from app.models.post import Post
post = Post(body='Post is editing!', author=user)
post.save()
user.get_message_from_admin(content='User',
link_id=user.id,
link_type='user')
user.get_message_from_admin(content='Comment',
link_id=post.id,
link_type='comment')
user.get_message_from_admin(content='Post',
link_id=post.id,
link_type='post')
user.get_message_from_admin(content='None')
self.assertTrue(user.dialogues.count() == 1)
self.assertTrue(user.dialogues.first().chats.count() == 4)
admin = User.query.first()
self.assertTrue(admin.dialogues.count() == 1)
self.assertTrue(admin.dialogues.first().chats.count() == 4)
admin_second = User(
username='******',
role=Role.query.filter_by(name='Administrator').first())
admin_second.save()
admin.get_message_from_admin(content='User',
link_id=user.id,
link_type='user')
admin.get_message_from_admin(content='Comment',
link_id=post.id,
link_type='comment')
admin.get_message_from_admin(content='Post',
link_id=post.id,
link_type='post')
admin.get_message_from_admin(content='None')
self.assertTrue(admin.dialogues.count() == 2)
from app.models.message import Dialogue
self.assertTrue(
Dialogue.get_dialogue(admin, admin_second).chats.count() == 4)
self.assertTrue(Dialogue.get_dialogue(admin, user).chats.count() == 4)
self.assertTrue(admin_second.dialogues.first().chats.count() == 4)
def test_12_ping(self):
u = User(username='******', password='******')
u.save()
time.sleep(2)
last_seen_before = u.last_seen
u.ping()
self.assertTrue(u.last_seen > last_seen_before)
def test_02_refresh_token(self):
kwargs = self.data["kwargs"]
user = self.data["user"]
token_fake = json.dumps(dict(token=json.dumps(kwargs)))
response = self.client.get("/api/auth",
query_string=dict(token=token_fake))
self.assertEqual(response.status_code, 401)
response = self.client.post("/api/auth",
data=json.dumps(kwargs),
content_type="application/json")
token_1 = parse_cookie(
response.headers.getlist('Set-Cookie')[0])["token"]
sleep(1)
response = self.client.get("/api/auth",
query_string=dict(token=token_1))
token_2 = parse_cookie(
response.headers.getlist("Set-Cookie")[0])["token"]
self.assertNotEqual(token_1, token_2)
self.assertEqual(User.confirm("login", token_1).id, user.id)
self.assertEqual(User.confirm("login", token_2).id, user.id)
def edit_profile_admin(user_id=None):
if user_id:
user_edited = User.query.get_or_404(user_id)
form = EditProfileAdminForm(user=user_edited)
if form.validate_on_submit():
user_edited.email = form.email.data
user_edited.username = form.username.data
user_edited.confirmed = form.confirmed.data
user_edited.role = Role.query.get(form.role.data)
user_edited.name = form.name.data
user_edited.location = form.location.data
user_edited.about_me = form.about_me.data
user_edited.save()
flash('资料已修改。')
return redirect(url_for('admin_manager.users'))
form.email.data = user_edited.email
form.username.data = user_edited.username
form.confirmed.data = user_edited.confirmed
form.role.data = user_edited.role_id
form.name.data = user_edited.name
form.location.data = user_edited.location
form.about_me.data = user_edited.about_me
else:
form = EditProfileAdminForm()
if form.validate_on_submit():
new_user = User(
email=form.email.data,
username=form.username.data,
confirmed=form.confirmed.data,
role_id=form.role.data,
name=form.name.data,
location=form.location.data,
about_me=form.about_me.data,
)
new_user.save()
flash('用户创建成功。')
return redirect(url_for('admin_manager.users'))
return render_template('admin_manager/edit_profile_admin.html', form=form)
def test_change_email(self):
# change email
user = User(email='*****@*****.**',
password='******',
confirmed=True,
username='******')
self.client.post(url_for('auth.login'),
data={
'email': '*****@*****.**',
'password': '******',
'remember_me': True
})
response = self.client.get('/auth/reset/email', follow_redirects=True)
self.assertIn('确认邮件已发送,请确认', response.data)
token = r"\x87\xb7t\xcc\x84\x1e\xff"
response = self.client.get('/auth/reset/email/%s' % token,
follow_redirects=True)
self.assertIn('确认链接非法或已过期', response.data)
token = user.generate_confirmation_token('change_email_confirm')
response = self.client.get('/auth/reset/email/%s' % token)
self.assertIn('修改邮箱地址', response.data)
response = self.client.post('/auth/reset/email/%s' % token,
data={'email': 'john_example.com'},
follow_redirects=True)
self.assertIn('请输入合法的邮箱地址', response.data)
response = self.client.post('/auth/reset/email/%s' % token,
data={'email': '*****@*****.**'},
follow_redirects=True)
self.assertIn('Email已被占用', response.data)
response = self.client.post('/auth/reset/email/%s' % token,
data={'email': '*****@*****.**'},
follow_redirects=True)
self.assertIn('修改成功', response.data)
self.assertIn('一封包含身份确认链接的邮件已发往你的新邮箱', response.data)
token = user.generate_confirmation_token('email_confirm')
response = self.client.get('/auth/confirm/%s' % token,
follow_redirects=True)
self.assertIn('已确认你的身份,欢迎加入我们', response.data)
def test_logout(self):
# log out
User(email='*****@*****.**',
password='******',
confirmed=True,
username='******')
self.client.post('/auth/login',
data={
'email': '*****@*****.**',
'password': '******',
'remember_me': True
})
response = self.client.get('/auth/logout', follow_redirects=True)
self.assertIn('已注销', response.data)
def setUpClass(cls):
cls.base_url = 'http://127.0.0.1:5000'
try:
cls.client = webdriver.Firefox()
except:
pass
if cls.client:
cls.app = create_app('testing')
cls.app_context = cls.app.app_context()
cls.app_context.push()
import logging
logger = logging.getLogger('werkzeug')
logger.setLevel("ERROR")
db.create_all()
Role.insert_roles()
User.add_admin()
User.add_test_user()
Category.add_none()
threading.Thread(target=cls.app.run).start()
def test_message(self):
self.login(username='******', password='******')
response = self.client.get(url_for('main.dialogues'))
self.assertIn('系统消息', response.data)
response = self.client.post(url_for('main.dialogues', dialogue_id=1),
data={'content': 'test chat'},
follow_redirects=True)
self.assertIn('test chat', response.data)
self.assertNotIn('没有聊天记录', response.data)
self.logout()
self.login(username='******', password='******')
response = self.client.get('/')
self.assertIn('个人 <span class="badge badge-xs">1</span>',
response.data)
response = self.client.get(url_for('main.dialogues'))
self.assertIn('tester', response.data)
response = self.client.get(url_for('main.dialogues', dialogue_id=1))
self.assertNotIn('个人 <span class="badge badge-xs">1</span>',
response.data)
self.assertIn('test chat', response.data)
response = self.client.get('/dialogues/1?delete_true=1',
follow_redirects=True)
self.assertNotIn('tester', response.data)
response = self.client.get(url_for('main.dialogues', dialogue_id=1))
self.assertIn('NOT FOUND', response.data)
response = self.client.get(url_for('main.new_dialogue',
username='******'),
follow_redirects=True)
self.assertIn('tester', response.data)
self.logout()
user_tester2 = User(username='******')
user_tester2.save()
self.login(username='******', password='******')
response = self.client.get(url_for('main.new_dialogue',
username='******'),
follow_redirects=True)
self.assertIn('tester2', response.data)
def login():
if not request.json or not 'name' in request.json or not 'pwd' in request.json:
return jsonify({'err': 'Request not Json or miss name/pwd'})
else:
user = User.objects(name=request.json['name'],
pwd=request.json['pwd']).first()
if user:
login_user(user)
return jsonify({
'status': 0,
'user_id': user.get_id(),
'msg': 'Login success.'
})
else:
return jsonify({'err': 'Login fail.'})
def test_change_password(self):
# change password
User(email='*****@*****.**',
password='******',
confirmed=True,
username='******')
self.client.post('/auth/login',
data={
'email': '*****@*****.**',
'password': '******',
'remember_me': True
})
response = self.client.get('/auth/PasswordChange/')
self.assertIn('旧密码', response.data)
response = self.client.post('/auth/PasswordChange/',
data={
'old_password': '******',
'password': '******',
'password2': 'cat_cat'
},
follow_redirects=True)
self.assertIn('请输入正确的密码', response.data)
response = self.client.post('/auth/PasswordChange/',
data={
'old_password': '******',
'password': '******',
'password2': 'cat_catt'
},
follow_redirects=True)
self.assertIn('两个密码必须相同', response.data)
response = self.client.post('/auth/PasswordChange/',
data={
'old_password': '******',
'password': '******',
'password2': 'cat_catt'
},
follow_redirects=True)
self.assertIn('修改成功', response.data)
response = self.client.post('/auth/login',
data={
'email': '*****@*****.**',
'password': '******',
'remember_me': True
},
follow_redirects=True)
self.assertIn('个人', response.data)
def reset_password(token):
"""Reset an existing user's password."""
if not current_user.is_anonymous:
return redirect(url_for('main.index'))
form = ResetPasswordForm()
if form.validate_on_submit():
user = User.objects(email=form.email.data).first()
if user is None:
flash('Invalid email address.', 'form-error')
return redirect(url_for('main.index'))
if user.reset_password(token, form.new_password.data):
flash('Your password has been updated.', 'form-success')
return redirect(url_for('account.login'))
else:
flash('The password reset link is invalid or has expired.',
'form-error')
return redirect(url_for('main.index'))
return render_template('account/reset_password.html', form=form)
def deploy():
"""Run deployment task"""
if not os.path.isfile(app.config['SQLALCHEMY_DATABASE_URI'][10:]):
db.create_all()
print 'Datebase created.'
Role.insert_roles()
User.add_self_follows()
User.add_admin()
User.add_test_user()
print 'add admin :'\
'\[email protected]'\
'\npassword=1234'
Category.add_none()
print 'Category insert None.'
else:
print 'database already exists!'
admin_id = input('admin_id:')
while True:
if User.query.get(admin_id):
User.add_admin_dialogue(admin_id)
break
else:
admin_id = input('get admin error!\nadmin_id:')
print 'User config.'
def forgot_password_request():
"""Respond to existing user's request to reset their password."""
if not current_user.is_anonymous:
return redirect(url_for('main.index'))
form = RequestResetPasswordForm()
if form.validate_on_submit():
user = User.objects(email=form.email.data).first()
if user:
token = user.generate_password_reset_token()
reset_link = url_for(
'account.reset_password', token=token, _external=True)
get_queue().enqueue(
send_email,
recipient=user.email,
subject=_('Reset Your Password'),
template='account/email/reset_password',
user=user,
reset_link=reset_link,
next=request.args.get('next'))
flash(_('A password reset link has been sent to {}.').format(
form.email.data), 'warning')
return redirect(url_for('auth.login'))
return render_template('account/reset_password.html', form=form)
