def test_login_mixed_case(self):
resp = self.client.post(url_for('user.register'),
content_type='application/json',
data=json.dumps({
'email': '*****@*****.**',
'password': self.USER_PASSWORD
}))
assert resp.status_code == 201
confirmation_token = generate_confirmation_token('*****@*****.**')
resp = self.client.get(
url_for('user.confirm', token=confirmation_token))
assert resp.status_code == 200
resp = self.client.post(url_for('authentication.login'),
content_type='application/json',
data=json.dumps({
'email': '*****@*****.**',
'password': self.USER_PASSWORD
}),
headers={'Accept': 'application/json'})
assert resp.status_code == 200
resp = self.client.post(url_for('authentication.login'),
content_type='application/json',
data=json.dumps({
'email': '*****@*****.**',
'password': self.USER_PASSWORD
}),
headers={'Accept': 'application/json'})
assert resp.status_code == 200
def register_user(self):
# we won't accept a registration for a user not in the company...
resp = self.client.post(url_for('user.register'),
content_type='application/json',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}))
assert resp.status_code == 400
resp = self.client.post(url_for('user.register'),
content_type='application/json',
data=json.dumps({
'email': self.USER_EMAIL,
'password': self.USER_PASSWORD
}))
assert resp.status_code == 201
confirmation_token = generate_confirmation_token('*****@*****.**')
# we won't accept a login for a unconfirmed user...
resp = self.client.post(url_for('authentication.login'),
content_type='application/json',
data=json.dumps({
'email': self.USER_EMAIL,
'password': self.USER_PASSWORD
}))
assert resp.status_code == 401
# we now require a confirmation for the user
resp = self.client.get(
url_for('user.confirm', token=confirmation_token))
assert resp.status_code == 200
def register():
email = g.json.get('email')
password = g.json.get('password')
assert email and password, abort(
400, 'Please specify a user email and password')
company = services.company.get_for_email(email)
if not company:
logging.warning("No company could be found for %s", email)
abort(400, f"No company could be found for {email}")
if not is_valid_email_for_company(email, company):
logging.warning("Invalid email %s for company: %s", email,
company.domain)
abort(401, f"Invalid email {email} for company: {company.domain}")
user = services.user.get_by_email(email)
if user is not None:
abort(400, 'Cannot register an existing user!')
user = User(email=email,
confirmed=False,
company_id=company.id,
password=password)
user = services.user.insert(user)
confirmation_token = generate_confirmation_token(user.email)
logging.info("Confirmation token for %s: %s", user.email,
confirmation_token)
# Only admins can create users for now
#services.email.send_confirmation_email(user.email, confirmation_token)
response = ApiResponse(content_type=request.accept_mimetypes.best,
next=url_for('main.login'),
status_code=201,
context={
'email': user.email,
'id': user.id,
'confirmation_token': confirmation_token
})
return response()
def test_user_confirmation(self):
self.login_superuser()
self.register_company()
# first register a user
resp = self.client.post(url_for('user.register'),
content_type='application/json',
data=json.dumps({
'email': self.USER_EMAIL,
'password': self.USER_PASSWORD
}))
assert resp.status_code == 201
confirmation_token = generate_confirmation_token('*****@*****.**')
resp = self.client.get(url_for('user.confirm',
token=confirmation_token),
headers={'Accept': 'application/html'})
assert resp.status_code == 200
assert resp.headers.get('Location') == url_for('main.login',
_external=True)