def login(): if current_user.is_authenticated: return redirect(url_for('index')) form = UserLoginForm() search_form = SearchForm() if form.validate_on_submit(): user = mongo.db.users.find_one({'username': form.username.data}) if user and User.check_password(user['password'], form.password.data): user_obj = User(user['username'], user['email'], user['_id'], user['is_admin']) login_user(user_obj) # accesses the 'next page' query string to determine which url user wanted to visit # before being redirected to the login page. If no next page was given then redirects user # to the index page. 'url_parse.netloc' prevents malicious redirect attacks. This prevents #redirects by ensuring that the url is relative to the page. next_page = request.args.get('next') if not next_page or url_parse(next_page).netloc != '': next_page = url_for('index') return redirect(next_page) else: flash('Wrong username or password', 'warning') return render_template('loginform.html', form=form, search_form=search_form, title='Login')
class UserModelClass(unittest.TestCase): @classmethod def setUpClass(cls): print('setUp Class') app.config['SQLALCHEMY_DATABASE_URI'] \ = 'mysql+pymysql://Samuel:tirab33@localhost/assis_testing' app.config['SQLALCHEMY_ECHO'] = False db.create_all() @classmethod def tearDownClass(cls): print('tearDown Class') db.session.remove() db.drop_all() def setUp(self): print('SetUp') self.u = User(email='*****@*****.**', leadership=True) self.u.set_password('*****@*****.**') self.l = User(email='*****@*****.**', leadership=True) self.l.set_password('*****@*****.**') self.r = User(email='*****@*****.**') self.r.set_password('*****@*****.**') db.session.add(self.u) db.session.add(self.l) db.session.add(self.r) db.session.commit() def tearDown(self): print('tearDown') db.session.query(User).delete() db.session.commit() def test_user_creation(self): returned_u = User.query.filter_by(email='*****@*****.**').one() returned_u2 = User.query.filter_by(email='*****@*****.**').one() self.assertEqual(returned_u.email, '*****@*****.**') self.assertFalse(returned_u2.leadership) def test_password_hashing(self): self.assertFalse(self.u.check_password('*****@*****.**')) self.assertTrue(self.u.check_password('*****@*****.**'))