def test_expired_confirmation_token(self): u = User(password='******') db.session.add(u) db.session.commit() token = u.generate_confirmation_token(1) time.sleep(2) self.assertFalse(u.confirm(token))
def test_invalid_reset_token(self): u = User(password='******') db.session.add(u) db.session.commit() token = u.generate_reset_token() self.assertFalse(User.reset_password(token + 'a', 'horse')) self.assertTrue(u.verify_password('cat'))
def test_valid_reset_token(self): u = User(password='******') db.session.add(u) db.session.commit() token = u.generate_reset_token() self.assertTrue(User.reset_password(token, 'dog')) self.assertTrue(u.verify_password('dog'))
def test_valid_email_change_token(self): u = User(email='*****@*****.**', password='******') db.session.add(u) db.session.commit() token = u.generate_email_change_token('*****@*****.**') self.assertTrue(u.change_email(token)) self.assertTrue(u.email == '*****@*****.**')
def test_ping(self): u = User(password='******') db.session.add(u) db.session.commit() time.sleep(2) last_seen_before = u.last_seen u.ping() self.assertTrue(u.last_seen > last_seen_before)
def test_duplicate_email_change_token(self): u1 = User(email='*****@*****.**', password='******') u2 = User(email='*****@*****.**', password='******') db.session.add(u1) db.session.add(u2) db.session.commit() token = u2.generate_email_change_token('*****@*****.**') self.assertFalse(u2.change_email(token)) self.assertTrue(u2.email == '*****@*****.**')
def test_to_json(self): g = Gender.query.filter_by(name='Male').first() u = User(email='*****@*****.**', password='******', gender=g) db.session.add(u) db.session.commit() with self.app.test_request_context('/'): json_user = u.to_json() expected_keys = [ 'url', 'name', 'member_since', 'last_seen', 'gender', 'posts_url', 'followed_posts_url', 'post_count' ] self.assertEqual(sorted(json_user.keys()), sorted(expected_keys)) self.assertEqual('/api/v1/users/' + str(u.id), json_user['url'])
def deploy(): """Run deployment tasks.""" # migrate database to latest revision upgrade() # create or update genders Gender.insert_genders() # create or update user roles Role.insert_roles() # ensure all users are following themselves User.add_self_follows()
def test_timestamps(self): u = User(password='******') db.session.add(u) db.session.commit() self.assertTrue( (datetime.utcnow() - u.member_since).total_seconds() < 3) self.assertTrue((datetime.utcnow() - u.last_seen).total_seconds() < 3)
def test_token_auth(self): # add a user r = Role.query.filter_by(name='User').first() self.assertIsNotNone(r) u = User(email='*****@*****.**', password='******', confirmed=True, role=r) db.session.add(u) db.session.commit() # issue a request with a bad token response = self.client.get('/api/v1/posts/', headers=self.get_api_headers( 'bad-token', '')) self.assertEqual(response.status_code, 401) # get a token response = self.client.post('/api/v1/tokens/', headers=self.get_api_headers( '*****@*****.**', 'cat')) self.assertEqual(response.status_code, 200) json_response = json.loads(response.get_data(as_text=True)) self.assertIsNotNone(json_response.get('token')) token = json_response['token'] # issue a request with the token response = self.client.get('/api/v1/posts/', headers=self.get_api_headers(token, '')) self.assertEqual(response.status_code, 200)
def test_user_role(self): u = User(email='*****@*****.**', password='******') self.assertTrue(u.can(Permission.FOLLOW)) self.assertTrue(u.can(Permission.COMMENT)) self.assertTrue(u.can(Permission.WRITE)) self.assertFalse(u.can(Permission.MODERATE)) self.assertFalse(u.can(Permission.ADMIN))
def test_administrator_role(self): r = Role.query.filter_by(name='Administrator').first() u = User(email='*****@*****.**', password='******', role=r) self.assertTrue(u.can(Permission.FOLLOW)) self.assertTrue(u.can(Permission.COMMENT)) self.assertTrue(u.can(Permission.WRITE)) self.assertTrue(u.can(Permission.MODERATE)) self.assertTrue(u.can(Permission.ADMIN))
def register(): form = RegistrationForm() if form.validate_on_submit(): user = User( email=form.email.data.lower(), name=form.name.data, password=form.password.data, gender=Gender.query.get(form.gender.data) ) token = user.generate_confirmation_token() send_email(user.email, 'Confirm Your Account', 'auth/email/confirm', user=user, token=token, current_time=datetime.now(tz.gettz('CST')).strftime("%B %d, %Y %H:%M CST")) flash('A confirmation email has been sent to you by email.', 'alert-primary') db.session.add(user) db.session.commit() # Redirect to the two-factor auth page, passing username in session # Do NOT put user_id into the session, in case you wanna log the user in. session['email'] = user.email return redirect(url_for('auth.two_factor_setup')) return render_template('auth/register.html', form=form)
def verify_password(email_or_token, password): if email_or_token == '': return False if password == '': g.current_user = User.verify_auth_token(email_or_token) g.token_used = True return g.current_user is not None _user = User.query.filter_by(email=email_or_token.lower()).first() if not _user: return False g.current_user = _user g.token_used = False return _user.verify_password(password)
def test_invalid_confirmation_token(self): u1 = User(password='******') u2 = User(password='******') db.session.add(u1) db.session.add(u2) db.session.commit() token = u1.generate_confirmation_token() self.assertFalse(u2.confirm(token))
def password_reset(token): if not current_user.is_anonymous: flash('Invalid Request.') return redirect(url_for('main.index')) form = PasswordResetForm() if form.validate_on_submit(): if User.reset_password(token, form.password.data): db.session.commit() flash('Your password has been updated.') return redirect(url_for('auth.login')) else: flash('The password reset link is invalid or has expired.', 'alert-danger') return redirect(url_for('main.index')) return render_template('auth/reset_password.html', form=form)
def setUpClass(cls): # start Chrome options = webdriver.ChromeOptions() options.add_argument('headless') try: driver_path = '/path/to/chromedriver' cls.client = webdriver.Chrome(driver_path, options=options) except: pass # skip these tests if the browser could not be started if cls.client: # create the application cls.app = create_app('testing') cls.app_context = cls.app.app_context() cls.app_context.push() # suppress logging to keep unittest output clean import logging logger = logging.getLogger('werkzeug') logger.setLevel("ERROR") # create the database and populate with some fake data db.create_all() Role.insert_roles() Gender.insert_genders() fake.users(10) fake.posts(10) # add an administrator user g = Gender.query.filter_by(name='Male').first() admin_role = Role.query.filter_by(name='Administrator').first() admin = User(email='*****@*****.**', name='john', password='******', role=admin_role, confirmed=True, gender=g) db.session.add(admin) db.session.commit() # start the Flask server in a thread cls.server_thread = threading.Thread(target=cls.app.run, kwargs={'debug': False}) cls.server_thread.start() # give the server a second to ensure it is up time.sleep(1)
def test_users(self): # add two users g1 = Gender.query.filter_by(name='Male').first() g2 = Gender.query.filter_by(name='Female').first() r = Role.query.filter_by(name='User').first() self.assertIsNotNone(r) u1 = User(email='*****@*****.**', name='john', password='******', confirmed=True, role=r, gender=g1) u2 = User(email='*****@*****.**', name='susan', password='******', confirmed=True, role=r, gender=g2) db.session.add_all([u1, u2]) db.session.commit() # get users response = self.client.get('/api/v1/users/{}'.format(u1.id), headers=self.get_api_headers( '*****@*****.**', 'dog')) self.assertEqual(response.status_code, 200) json_response = json.loads(response.get_data(as_text=True)) self.assertEqual(json_response['name'], 'john') self.assertEqual(json_response['gender'], 'Male') response = self.client.get('/api/v1/users/{}'.format(u2.id), headers=self.get_api_headers( '*****@*****.**', 'dog')) self.assertEqual(response.status_code, 200) json_response = json.loads(response.get_data(as_text=True)) self.assertEqual(json_response['name'], 'susan') self.assertEqual(json_response['gender'], 'Female')
def test_unconfirmed_account(self): # add an unconfirmed user r = Role.query.filter_by(name='User').first() self.assertIsNotNone(r) u = User(email='*****@*****.**', password='******', confirmed=False, role=r) db.session.add(u) db.session.commit() # get list of posts with the unconfirmed account response = self.client.get('/api/v1/posts/', headers=self.get_api_headers( '*****@*****.**', 'cat')) self.assertEqual(response.status_code, 403)
def test_bad_auth(self): # add a user r = Role.query.filter_by(name='User').first() self.assertIsNotNone(r) u = User(email='*****@*****.**', password='******', confirmed=True, role=r) db.session.add(u) db.session.commit() # authenticate with bad password response = self.client.get('/api/v1/posts/', headers=self.get_api_headers( '*****@*****.**', 'dog')) self.assertEqual(response.status_code, 401)
def test_gravatar(self): u = User(email='*****@*****.**', password='******') with self.app.test_request_context('/'): gravatar = u.gravatar() gravatar_256 = u.gravatar(size=256) gravatar_pg = u.gravatar(rating='pg') gravatar_retro = u.gravatar(default='retro') self.assertTrue('https://secure.gravatar.com/avatar/' + 'd4c74594d841139328695756648b6bd6' in gravatar) self.assertTrue('s=256' in gravatar_256) self.assertTrue('r=pg' in gravatar_pg) self.assertTrue('d=retro' in gravatar_retro)
def users(count=100): fake = Faker(['fr_FR', 'en_US', 'zh_CN']) gender_count = Gender.query.count() for _ in range(count): g = Gender.query.offset(randint(0, gender_count - 1)).first() u = User(email=fake.email(), name=fake.name(), password='******', confirmed=True, location=fake.city(), about_me=fake.text(), member_since=fake.past_date(), gender=g) db.session.add(u) try: db.session.commit() except IntegrityError: db.session.rollback()
def add_user(): if request.method == 'POST': format_response = {"error": {"code": 0, "message": ""}, "data": {}} data = request.get_json() if data['username'] is None or data['email'] is None: format_response['error']['code'] = 1 format_response['error']['message'] = 'Thieu username hoac email' return jsonify(format_response) user = User.query.filter( or_(User.username.like(data['username']), User.email.like(data['email']))).first() if user: format_response['error']['code'] = 1 format_response['error'][ 'message'] = 'Username hoặc email đã tồn tại' else: user = User(username=data['username'], email=data['email'], name=data['name']) db.session.add(user) db.session.commit() format_response['error']['message'] = 'Tao user thành công!' format_response['data']['id'] = user.id return jsonify(format_response)
def test_comments(self): # add two users g1 = Gender.query.filter_by(name='Male').first() g2 = Gender.query.filter_by(name='Female').first() r = Role.query.filter_by(name='User').first() self.assertIsNotNone(r) u1 = User(email='*****@*****.**', name='john', password='******', confirmed=True, role=r, gender=g1) u2 = User(email='*****@*****.**', name='susan', password='******', confirmed=True, role=r, gender=g2) db.session.add_all([u1, u2]) db.session.commit() # add a post post = Post(title='title of the post', body='body of the post', author=u1) db.session.add(post) db.session.commit() # write a comment response = self.client.post( '/api/v1/posts/{}/comments/'.format(post.id), headers=self.get_api_headers('*****@*****.**', 'dog'), data=json.dumps({'body': 'Good [post](http://example.com)!'})) self.assertEqual(response.status_code, 201) json_response = json.loads(response.get_data(as_text=True)) url = response.headers.get('Location') self.assertIsNotNone(url) self.assertEqual(json_response['body'], 'Good [post](http://example.com)!') self.assertEqual(re.sub('<.*?>', '', json_response['body_html']), 'Good post!') # get the new comment response = self.client.get(url, headers=self.get_api_headers( '*****@*****.**', 'cat')) self.assertEqual(response.status_code, 200) json_response = json.loads(response.get_data(as_text=True)) self.assertEqual('http://localhost' + json_response['url'], url) self.assertEqual(json_response['body'], 'Good [post](http://example.com)!') # add another comment comment = Comment(body='Thank you!', author=u1, post=post) db.session.add(comment) db.session.commit() # get the two comments from the post response = self.client.get( '/api/v1/posts/{}/comments/'.format(post.id), headers=self.get_api_headers('*****@*****.**', 'dog')) self.assertEqual(response.status_code, 200) json_response = json.loads(response.get_data(as_text=True)) self.assertIsNotNone(json_response.get('comments')) self.assertEqual(json_response.get('count', 0), 2) # get all the comments response = self.client.get( '/api/v1/posts/{}/comments/'.format(post.id), headers=self.get_api_headers('*****@*****.**', 'dog')) self.assertEqual(response.status_code, 200) json_response = json.loads(response.get_data(as_text=True)) self.assertIsNotNone(json_response.get('comments')) self.assertEqual(json_response.get('count', 0), 2)
def test_valid_confirmation_token(self): u = User(password='******') db.session.add(u) db.session.commit() token = u.generate_confirmation_token() self.assertTrue(u.confirm(token))
def test_password_salts_are_random(self): u = User(password='******') u2 = User(password='******') self.assertTrue(u.password_hash != u2.password_hash)
def test_password_verification(self): u = User(password='******') self.assertTrue(u.verify_password('cat')) self.assertFalse(u.verify_password('dog'))
def test_no_password_getter(self): u = User(password='******') with self.assertRaises(AttributeError): _ = u.password
def test_password_setter(self): u = User(password='******') self.assertTrue(u.password_hash is not None)
def test_follows(self): u1 = User(email='*****@*****.**', password='******') u2 = User(email='*****@*****.**', password='******') db.session.add(u1) db.session.add(u2) db.session.commit() self.assertFalse(u1.is_following(u2)) self.assertFalse(u1.is_followed_by(u2)) timestamp_before = datetime.utcnow() u1.follow(u2) db.session.add(u1) db.session.commit() timestamp_after = datetime.utcnow() self.assertTrue(u1.is_following(u2)) self.assertFalse(u1.is_followed_by(u2)) self.assertTrue(u2.is_followed_by(u1)) self.assertTrue(u1.followed.count() == 2) self.assertTrue(u2.followers.count() == 2) f = u1.followed.all()[-1] self.assertTrue(f.followed == u2) self.assertTrue(timestamp_before <= f.timestamp <= timestamp_after) f = u2.followers.all()[-1] self.assertTrue(f.follower == u1) u1.unfollow(u2) db.session.add(u1) db.session.commit() self.assertTrue(u1.followed.count() == 1) self.assertTrue(u2.followers.count() == 1) self.assertTrue(Follow.query.count() == 2) u2.follow(u1) db.session.add(u1) db.session.add(u2) db.session.commit() db.session.delete(u2) db.session.commit() self.assertTrue(Follow.query.count() == 1)