def register():
if request.method == 'POST':
username = request.form.get('username')
password = request.form.get('password')
psswd_cf = request.form.get('psswd_cf')
email = request.form.get('email')
error = None
if not username or not password:
error = 'Username and password are required!'
elif not psswd_cf:
error = 'Confirm your password!'
elif not email:
error = 'Provide an email for possible recover of passwords!'
elif password != psswd_cf:
error = 'Password does not match its confirmation!'
elif get_db().execute('SELECT id from users WHERE username = ?',
(username, )).fetchone() is not None:
error = 'User {} is already registered!'.format(username)
if error is None:
get_db().execute(
'INSERT INTO users (username, email, password) VALUES (?, ?, ?)',
(username, email, generate_password_hash(password)))
get_db().commit()
return redirect(url_for('auth.login'))
flash(error)
return render_template('auth/register.html')
def test_get_close_db(app):
with app.app_context():
db = get_db()
assert db is get_db()
with pytest.raises(sqlite3.ProgrammingError) as error:
db.execute('SELECT 1')
assert 'closed' in str(error.value)
def test_user_required(app, client, auth):
with app.app_context():
get_db().execute('UPDATE accounts SET user_id = 2 WHERE id = 1')
get_db().commit()
auth.login()
assert client.post('/1/update').status_code == 403
assert client.post('/1/updated').status_code == 403
assert client.post('/1/delete').status_code == 403
def app():
db_fd, db_path = tempfile.mkstemp()
app = create_app({
'TESTING': True,
'DATABASE': db_path,
})
with app.app_context():
init_db()
get_db().executescript(_data_sql)
yield app
os.close(db_fd)
os.unlink(db_path)
def load_logged_in_user():
user_id = session.get('user_id')
if user_id is None:
g.user = None
else:
g.user = get_db().execute('SELECT * FROM users WHERE id = ?',
(user_id, )).fetchone()
def update(id):
account = get_account(id)
psswd_len = random.SystemRandom().randint(int(account['psswd_min']),
int(account['psswd_max']))
password = ''.join(random.SystemRandom().choice(chars)
for x in range(psswd_len))
last_password = account['password']
get_db().execute(
'UPDATE accounts SET last_password = ?, password = ?, updated = 0 WHERE id = ?',
(
last_password,
password,
id,
))
get_db().commit()
return redirect(url_for('index'))
def test_delete(client, auth, app):
auth.login()
response = client.post('/1/delete')
assert response.headers['Location'] == 'http://localhost/'
with app.app_context():
account = get_db().execute(
'SELECT * FROM accounts WHERE id = 1').fetchone()
assert account is None
def index():
accounts = get_db().execute(
'SELECT accounts.id as id,'
' accounts.account as account,'
' accounts.password as password,'
' accounts.last_password as last_password,'
' accounts.updated as updated FROM accounts'
' INNER JOIN users ON users.id = accounts.user_id'
' WHERE user_id = ?', (session.get('user_id'), )).fetchall()
return render_template('generator/index.html', accounts=accounts)
def new_account():
if request.method == 'POST':
account = request.form.get('account').capitalize()
psswd_min = request.form.get('psswd_min')
psswd_max = request.form.get('psswd_max')
error = None
if not account:
error = 'Account name required!'
elif not psswd_min or not psswd_max:
error = 'Set password boundaries!'
elif int(psswd_min) > int(psswd_max):
error = 'Password minimum length must be smaller than password maximum length!'
elif int(psswd_min) < 2 or int(psswd_max) > 25:
error = 'Password boundaries must be between 2 and 25!'
elif get_db().execute(
'SELECT id FROM accounts WHERE account = ? AND user_id = ?', (
account,
session.get('user_id'),
)).fetchone() is not None:
error = 'Account already registered!'
if error is None:
psswd_len = random.SystemRandom().randint(int(psswd_min),
int(psswd_max))
password = ''.join(random.SystemRandom().choice(chars)
for x in range(psswd_len))
last_password = '******'
get_db().execute(
'INSERT INTO accounts (user_id, account, psswd_min, psswd_max, password, last_password, updated) VALUES (?, ?, ?, ?, ?, ?, ?)',
(session.get('user_id'), account, psswd_min, psswd_max,
password, last_password, 0))
get_db().commit()
return redirect(url_for('index'))
flash(error)
return render_template('generator/new_account.html')
def get_account(id, check_user=True):
account = get_db().execute(
'SELECT * FROM accounts'
' INNER JOIN users ON users.id = accounts.user_id'
' WHERE accounts.id = ?', (id, )).fetchone()
if account is None:
abort(404, 'Account id {0}, does not exist!'.format(id, ))
if check_user and account['user_id'] != g.user['id']:
abort(403)
return account
def test_register(client, app):
assert client.get('/auth/register').status_code == 200
response = client.post('/auth/register',
data={
'username': '******',
'email': '*****@*****.**',
'password': '******',
'psswd_cf': 'a'
})
assert 'http://localhost/auth/login' == response.headers['Location']
with app.app_context():
assert get_db().execute("SELECT * FROM users WHERE username = '******'",
).fetchone() is not None
def test_new_account(client, auth, app):
auth.login()
assert client.get('/new_account').status_code == 200
response = client.post('/new_account',
data={
'account': 'a',
'psswd_min': '5',
'psswd_max': '10'
})
assert response.headers['Location'] == 'http://localhost/'
with app.app_context():
assert get_db().execute("SELECT * FROM accounts WHERE account = 'A'"
).fetchone() is not None
def login():
if request.method == 'POST':
username = request.form.get('username')
password = request.form.get('password')
error = None
user = get_db().execute('SELECT * FROM users WHERE username = ?',
(username, )).fetchone()
if user is None:
error = 'Incorrect username!'
elif not check_password_hash(user['password'], password):
error = 'Incorrect password!'
if error is None:
session.clear()
session['user_id'] = user['id']
return redirect(url_for('index'))
flash(error)
return render_template('auth/login.html')
def updated(id):
get_account(id)
get_db().execute('UPDATE accounts SET updated = 1 WHERE id = ?', (id, ))
get_db().commit()
return redirect(url_for('index'))
def delete(id):
get_account(id)
get_db().execute('DELETE FROM accounts WHERE id = ?', (id, ))
get_db().commit()
return redirect(url_for('index'))
