def test_valid_email_change_token(self):
u = User(email='*****@*****.**', password='******')
db.session.add(u)
db.session.commit()
token = u.generate_email_change_token('*****@*****.**')
self.assertTrue(u.change_email(token))
self.assertTrue(u.email == '*****@*****.**')
def test_valid_reset_token(self):
u = User(password='******')
db.session.add(u)
db.session.commit()
token = u.generate_reset_token()
self.assertTrue(u.reset_password(token, 'dog'))
self.assertTrue(u.verify_password('dog'))
def test_expired_confirmation_token(self):
u = User(password='******')
db.session.add(u)
db.session.commit()
token = u.generate_confirmation_token(1)
time.sleep(2)
self.assertFalse(u.confirm(token))
def test_duplicate_email_change_token(self):
u1 = User(email='*****@*****.**', password='******')
u2 = User(email='*****@*****.**', password='******')
db.session.add(u1)
db.session.add(u2)
db.session.commit()
token = u2.generate_email_change_token('*****@*****.**')
self.assertFalse(u2.change_email(token))
self.assertTrue(u2.email == '*****@*****.**')
def register():
form = RegistrationForm()
if form.validate_on_submit():
user = User(email=form.email.data,
username=form.username.data,
password=form.password.data)
db.session.add(user)
db.session.commit()
token = user.generate_confirmation_token()
send_email(user.email, '请确认验证码', 'auth/email/confirm', user=user, token=token)
flash('验证码已发送至您的邮箱')
return redirect(url_for('auth.login'))
return render_template('auth/register.html', form=form)
def test_invalid_reset_token(self):
u1 = User(password='******')
u2 = User(password='******')
db.session.add(u1)
db.session.add(u2)
db.session.commit()
token = u1.generate_reset_token()
self.assertFalse(u2.reset_password(token, 'horse'))
self.assertTrue(u2.verify_password('dog'))
def test_invalid_confirmation_token(self):
u1 = User(password='******')
u2 = User(password='******')
db.session.add(u1)
db.session.add(u2)
db.session.commit()
token = u1.generate_confirmation_token()
self.assertFalse(u2.confirm(token))
def verify_password(email_or_token, password):
if email_or_token == '':
g.current_user = AnonymousUser()
return True
if password == '':
g.current_user = User.verify_auth_token(email_or_token)
g.token_used = True
return g.current_user is not None
user = User.query.filter_by(email=email_or_token).first()
if not user:
return False
g.current_user = user
g.token_used = False
return user.verify_password(password)
def test_valid_confirmation_token(self):
u = User(password='******')
db.session.add(u)
db.session.commit()
token = u.generate_confirmation_token()
self.assertTrue(u.confirm(token))
def test_password_salts_are_random(self):
u = User(password='******')
u2 = User(password='******')
self.assertTrue(u.password_hash != u2.password_hash)
def test_password_verification(self):
u = User(password='******')
self.assertTrue(u.verify_password('cat'))
self.assertFalse(u.verify_password('dog'))
def test_no_password_getter(self):
u = User(password='******')
with self.assertRaises(AttributeError):
u.password
def test_password_setter(self):
u = User(password='******')
self.assertTrue(u.password_hash is not None)