def test_forgotten_password_full_process(self, app, db_session, smtplib): p = PersonFactory(activated=False) db_session.commit() # get the login page resp = app.get(url_for(controller='person', action='signin', id=None)) # click on the forgotten password link resp = resp.click('Forgotten your password?') f = resp.forms[1] # TODO: Fragile, Persona is [0] f['email_address'] = p.email_address f.submit() # check that the confirmation record was created crecs = PasswordResetConfirmation.find_by_email(p.email_address) assert crecs is not None # check our email assert smtplib.existing != None # check to address to_match = re.match(r'^.*To:.*' + p.email_address, smtplib.existing.message, re.DOTALL) assert to_match != None # check that the email has no HTML in it and thus was not rendered # incorrectly html_match = re.match(r'^.*<!DOCTYPE', smtplib.existing.message, re.DOTALL) assert html_match == None # check that the message has a url hash in it url_match = re.match(r'^.*(/person/reset_password/\S+)', smtplib.existing.message, re.DOTALL) assert url_match != None # ok go to the URL, on treadmills resp = app.get(url_match.group(1)) # set password f = resp.form f['password'] = '******' f['password_confirm'] = 'passwdtest' resp = f.submit(extra_environ=dict(REMOTE_ADDR='0.0.0.0')) # Need to forget the objects we created, save ones that need saving pid = p.id old_hash = p.password_hash db_session.expunge_all() # check that the password was changed p = Person.find_by_id(pid) assert p.password_hash != old_hash # check that the confirmatin record is gone crecs = PasswordResetConfirmation.find_by_email(p.email_address) assert crecs is None
def test_forgotten_password_full_process(self, app, db_session, smtplib): p = PersonFactory(activated=False) db_session.commit() # get the login page resp = app.get(url_for(controller='person', action='signin', id=None)) # click on the forgotten password link resp = resp.click('Forgotten your password?') f = resp.forms['pwreset-form'] f['email_address'] = p.email_address f.submit() # check that the confirmation record was created crecs = PasswordResetConfirmation.find_by_email(p.email_address) assert crecs is not None # check our email assert smtplib.existing != None # check to address to_match = re.match(r'^.*To:.*' + p.email_address, smtplib.existing.message, re.DOTALL) assert to_match != None # check that the email has no HTML in it and thus was not rendered # incorrectly html_match = re.match(r'^.*<!DOCTYPE', smtplib.existing.message, re.DOTALL) assert html_match == None # check that the message has a url hash in it url_match = re.match(r'^.*(/person/reset_password/\S+)', smtplib.existing.message, re.DOTALL) assert url_match != None # ok go to the URL, on treadmills resp = app.get(url_match.group(1)) # set password f = resp.forms['reset-form'] f['password'] = '******' f['password_confirm'] = 'passwdtest' resp = f.submit(extra_environ=dict(REMOTE_ADDR='0.0.0.0')) # Need to forget the objects we created, save ones that need saving pid = p.id old_hash = p.password_hash db_session.expunge_all() # check that the password was changed p = Person.find_by_id(pid) assert p.password_hash != old_hash # check that the confirmatin record is gone crecs = PasswordResetConfirmation.find_by_email(p.email_address) assert crecs is None
def test_registration_confirmation(self, app, db_session): # insert registration model object p = PersonFactory(activated=False) db_session.commit() # visit the link resp = app.get('/person/confirm/' + p.url_hash) assert 'Thanks for confirming your account' in unicode(resp.body, 'utf-8') # Need to forget the objects we created db_session.expunge_all() # test that it's activated r = Person.find_by_id(p.id) assert r.activated == True
def test_registration_confirmation(self, app, db_session): # insert registration model object p = PersonFactory(activated=False) db_session.commit() # visit the link resp = app.get('/person/confirm/' + p.url_hash) assert 'Thanks for confirming your account' in unicode( resp.body, 'utf-8') # Need to forget the objects we created db_session.expunge_all() # test that it's activated r = Person.find_by_id(p.id) assert r.activated == True
def test_confirm_reset(self, app, db_session): """Test confirmation of a password reset that should succeed""" # create a confirmation record p = PersonFactory() # set the timestamp to just under 24 hours ago stamp = datetime.now() - timedelta(days=0.9) c = PasswordResetConfirmationFactory(email_address=p.email_address, timestamp=stamp) db_session.commit() resp = app.get( url_for(controller='person', action='reset_password', url_hash=c.url_hash)) # showing the email on the page assert c.email_address in unicode(resp.body, 'utf-8') f = resp.form f['password'] = '******' f['password_confirm'] = 'test' resp = f.submit(extra_environ=dict(REMOTE_ADDR='0.0.0.0')) resp = resp.maybe_follow() # check for success assert "Your password has been updated" in unicode(resp.body, 'utf-8') # Need to forget the objects we created, save portions we need pid = p.id old_password_hash = p.password_hash db_session.expunge_all() # conf rec should be gone crecs = PasswordResetConfirmation.find_by_email(c.email_address) assert crecs is None # password should be changed p = Person.find_by_id(pid) assert p.password_hash == old_password_hash
def test_confirm_reset(self, app, db_session): """Test confirmation of a password reset that should succeed""" # create a confirmation record p = PersonFactory() # set the timestamp to just under 24 hours ago stamp = datetime.now() - timedelta(days=0.9) c = PasswordResetConfirmationFactory(email_address=p.email_address, timestamp=stamp) db_session.commit() resp = app.get(url_for(controller='person', action='reset_password', url_hash=c.url_hash)) # showing the email on the page assert c.email_address in unicode(resp.body, 'utf-8') f = resp.forms['reset-form'] f['password'] = '******' f['password_confirm'] = 'test' resp = f.submit(extra_environ=dict(REMOTE_ADDR='0.0.0.0')) resp = resp.maybe_follow() # check for success assert "Your password has been updated" in unicode(resp.body, 'utf-8') # Need to forget the objects we created, save portions we need pid = p.id old_password_hash = p.password_hash db_session.expunge_all() # conf rec should be gone crecs = PasswordResetConfirmation.find_by_email(c.email_address) assert crecs is None # password should be changed p = Person.find_by_id(pid) assert p.password_hash == old_password_hash
def test_create_person(self, app, db_session, smtplib): """Test the process of creating new persons. """ # get the home page resp = app.get('/person/signin') # click on the 'create new account' link resp = resp.click('Sign up') # fill out the form f = resp.form f['person.email_address'] = '*****@*****.**' f['person.firstname'] = 'Testguy' f['person.lastname'] = 'McTest' f['person.password'] = '******' f['person.password_confirm'] = 'test' f['person.phone'] = '123' f['person.mobile'] = '123' f['person.address1'] = 'here' f['person.city'] = 'there' f['person.postcode'] = '1234' f['person.country'] = 'AUSTRALIA' f['person.i_agree'] = '1' resp = f.submit(extra_environ=dict(REMOTE_ADDR='0.0.0.0')) # did we get an appropriate page? resp = resp.maybe_follow() # Shake out redirects assert "Check your email" in unicode(resp.body, 'utf-8') # check our email assert smtplib.existing is not None message = smtplib.existing # check that it went to the right place assert "*****@*****.**" in message.to_addresses # check that the message has the to address in it to_match = re.match(r'^.*To:.*[email protected].*', message.message, re.DOTALL) assert to_match is not None # check that the message has the user's name name_match = re.match(r'^.*Testguy.*McTest', message.message, re.DOTALL) assert name_match is not None # check that the message was renderered without HTML, i.e. # as a fragment and thus no autohandler crap html_match = re.match(r'^.*<!DOCTYPE', message.message, re.DOTALL) assert html_match is None # check that the message has a url hash in it match = re.match(r'^.*/person/confirm/(\S+)', message.message, re.DOTALL) assert match is not None # visit the url resp = app.get('/person/confirm/%s' % match.group(1)) # check the rego worked reg = Person.find_by_email('*****@*****.**') assert reg is not None assert reg.activated == True # We should be automatically signed in assert isSignedIn(app) # Log out, so we can log in again resp = resp.goto('/person/signout') resp = resp.maybe_follow() assert not isSignedIn(app) # Ensure login works resp = resp.click('Sign in') f = resp.forms['signin-form'] f['person.email_address'] = '*****@*****.**' f['person.password'] = '******' resp = f.submit(extra_environ=dict(REMOTE_ADDR='0.0.0.0')) assert 'details are incorrect' not in resp assert isSignedIn(app)
def test_create_person(self, app, db_session, smtplib): """Test the process of creating new persons. """ # get the home page resp = app.get('/person/signin') # click on the 'create new account' link resp = resp.click('Sign up') # fill out the form f = resp.form f['person.email_address'] = '*****@*****.**' f['person.firstname'] = 'Testguy' f['person.lastname'] = 'McTest' f['person.password'] = '******' f['person.password_confirm'] = 'test' f['person.phone'] = '123' f['person.mobile'] = '123' f['person.address1'] = 'here' f['person.city'] = 'there' f['person.postcode'] = '1234' f['person.country'] = 'AUSTRALIA' f['person.i_agree'] = '1' resp = f.submit(extra_environ=dict(REMOTE_ADDR='0.0.0.0')) # did we get an appropriate page? resp = resp.maybe_follow() # Shake out redirects assert "Check your email" in unicode(resp.body, 'utf-8') # check our email assert smtplib.existing is not None message = smtplib.existing # check that it went to the right place assert "*****@*****.**" in message.to_addresses # check that the message has the to address in it to_match = re.match(r'^.*To:.*[email protected].*', message.message, re.DOTALL) assert to_match is not None # check that the message has the user's name name_match = re.match(r'^.*Testguy.*McTest', message.message, re.DOTALL) assert name_match is not None # check that the message was renderered without HTML, i.e. # as a fragment and thus no autohandler crap html_match = re.match(r'^.*<!DOCTYPE', message.message, re.DOTALL) assert html_match is None # check that the message has a url hash in it match = re.match(r'^.*/person/confirm/(\S+)', message.message, re.DOTALL) assert match is not None # visit the url resp = app.get('/person/confirm/%s' % match.group(1)) # check the rego worked reg = Person.find_by_email('*****@*****.**') assert reg is not None assert reg.activated == True # We should be automatically signed in assert isSignedIn(app) # Log out, so we can log in again resp = resp.goto('/person/signout') resp = resp.maybe_follow() assert not isSignedIn(app) # Ensure login works resp = resp.click('Sign in') f = resp.forms[1] f['person.email_address'] = '*****@*****.**' f['person.password'] = '******' resp = f.submit(extra_environ=dict(REMOTE_ADDR='0.0.0.0')) assert 'details are incorrect' not in resp assert isSignedIn(app)