def test_expired_confirmation_token(self):
u = User(password='******')
db.session.add(u)
db.session.commit()
token = u.generate_confirmation_token(1)
time.sleep(2)
self.assertFalse(u.confirm(token))
def test_invalid_reset_token(self):
u = User(password='******')
db.session.add(u)
db.session.commit()
token = u.generate_reset_token()
self.assertFalse(User.reset_password(token + 'a', 'horse'))
self.assertTrue(u.verify_password('cat'))
def test_valid_reset_token(self):
u = User(password='******')
db.session.add(u)
db.session.commit()
token = u.generate_reset_token()
self.assertTrue(User.reset_password(token, 'dog'))
self.assertTrue(u.verify_password('dog'))
def test_valid_email_change_token(self):
u = User(email='*****@*****.**', password='******')
db.session.add(u)
db.session.commit()
token = u.generate_email_change_token('*****@*****.**')
self.assertTrue(u.change_email(token))
self.assertTrue(u.email == '*****@*****.**')
def test_ping(self):
u = User(password='******')
db.session.add(u)
db.session.commit()
time.sleep(2)
last_seen_before = u.last_seen
u.ping()
self.assertTrue(u.last_seen > last_seen_before)
def test_duplicate_email_change_token(self):
u1 = User(email='*****@*****.**', password='******')
u2 = User(email='*****@*****.**', password='******')
db.session.add(u1)
db.session.add(u2)
db.session.commit()
token = u2.generate_email_change_token('*****@*****.**')
self.assertFalse(u2.change_email(token))
self.assertTrue(u2.email == '*****@*****.**')
def test_to_json(self):
g = Gender.query.filter_by(name='Male').first()
u = User(email='*****@*****.**', password='******', gender=g)
db.session.add(u)
db.session.commit()
with self.app.test_request_context('/'):
json_user = u.to_json()
expected_keys = [
'url', 'name', 'member_since', 'last_seen', 'gender', 'posts_url',
'followed_posts_url', 'post_count'
]
self.assertEqual(sorted(json_user.keys()), sorted(expected_keys))
self.assertEqual('/api/v1/users/' + str(u.id), json_user['url'])
def deploy():
"""Run deployment tasks."""
# migrate database to latest revision
upgrade()
# create or update genders
Gender.insert_genders()
# create or update user roles
Role.insert_roles()
# ensure all users are following themselves
User.add_self_follows()
def test_timestamps(self):
u = User(password='******')
db.session.add(u)
db.session.commit()
self.assertTrue(
(datetime.utcnow() - u.member_since).total_seconds() < 3)
self.assertTrue((datetime.utcnow() - u.last_seen).total_seconds() < 3)
def test_token_auth(self):
# add a user
r = Role.query.filter_by(name='User').first()
self.assertIsNotNone(r)
u = User(email='*****@*****.**',
password='******',
confirmed=True,
role=r)
db.session.add(u)
db.session.commit()
# issue a request with a bad token
response = self.client.get('/api/v1/posts/',
headers=self.get_api_headers(
'bad-token', ''))
self.assertEqual(response.status_code, 401)
# get a token
response = self.client.post('/api/v1/tokens/',
headers=self.get_api_headers(
'*****@*****.**', 'cat'))
self.assertEqual(response.status_code, 200)
json_response = json.loads(response.get_data(as_text=True))
self.assertIsNotNone(json_response.get('token'))
token = json_response['token']
# issue a request with the token
response = self.client.get('/api/v1/posts/',
headers=self.get_api_headers(token, ''))
self.assertEqual(response.status_code, 200)
def test_user_role(self):
u = User(email='*****@*****.**', password='******')
self.assertTrue(u.can(Permission.FOLLOW))
self.assertTrue(u.can(Permission.COMMENT))
self.assertTrue(u.can(Permission.WRITE))
self.assertFalse(u.can(Permission.MODERATE))
self.assertFalse(u.can(Permission.ADMIN))
def test_administrator_role(self):
r = Role.query.filter_by(name='Administrator').first()
u = User(email='*****@*****.**', password='******', role=r)
self.assertTrue(u.can(Permission.FOLLOW))
self.assertTrue(u.can(Permission.COMMENT))
self.assertTrue(u.can(Permission.WRITE))
self.assertTrue(u.can(Permission.MODERATE))
self.assertTrue(u.can(Permission.ADMIN))
def register():
form = RegistrationForm()
if form.validate_on_submit():
user = User(
email=form.email.data.lower(),
name=form.name.data,
password=form.password.data,
gender=Gender.query.get(form.gender.data)
)
token = user.generate_confirmation_token()
send_email(user.email, 'Confirm Your Account', 'auth/email/confirm', user=user, token=token,
current_time=datetime.now(tz.gettz('CST')).strftime("%B %d, %Y %H:%M CST"))
flash('A confirmation email has been sent to you by email.', 'alert-primary')
db.session.add(user)
db.session.commit()
# Redirect to the two-factor auth page, passing username in session
# Do NOT put user_id into the session, in case you wanna log the user in.
session['email'] = user.email
return redirect(url_for('auth.two_factor_setup'))
return render_template('auth/register.html', form=form)
def verify_password(email_or_token, password):
if email_or_token == '':
return False
if password == '':
g.current_user = User.verify_auth_token(email_or_token)
g.token_used = True
return g.current_user is not None
_user = User.query.filter_by(email=email_or_token.lower()).first()
if not _user:
return False
g.current_user = _user
g.token_used = False
return _user.verify_password(password)
def test_invalid_confirmation_token(self):
u1 = User(password='******')
u2 = User(password='******')
db.session.add(u1)
db.session.add(u2)
db.session.commit()
token = u1.generate_confirmation_token()
self.assertFalse(u2.confirm(token))
def password_reset(token):
if not current_user.is_anonymous:
flash('Invalid Request.')
return redirect(url_for('main.index'))
form = PasswordResetForm()
if form.validate_on_submit():
if User.reset_password(token, form.password.data):
db.session.commit()
flash('Your password has been updated.')
return redirect(url_for('auth.login'))
else:
flash('The password reset link is invalid or has expired.', 'alert-danger')
return redirect(url_for('main.index'))
return render_template('auth/reset_password.html', form=form)
def setUpClass(cls):
# start Chrome
options = webdriver.ChromeOptions()
options.add_argument('headless')
try:
driver_path = '/path/to/chromedriver'
cls.client = webdriver.Chrome(driver_path, options=options)
except:
pass
# skip these tests if the browser could not be started
if cls.client:
# create the application
cls.app = create_app('testing')
cls.app_context = cls.app.app_context()
cls.app_context.push()
# suppress logging to keep unittest output clean
import logging
logger = logging.getLogger('werkzeug')
logger.setLevel("ERROR")
# create the database and populate with some fake data
db.create_all()
Role.insert_roles()
Gender.insert_genders()
fake.users(10)
fake.posts(10)
# add an administrator user
g = Gender.query.filter_by(name='Male').first()
admin_role = Role.query.filter_by(name='Administrator').first()
admin = User(email='*****@*****.**',
name='john',
password='******',
role=admin_role,
confirmed=True,
gender=g)
db.session.add(admin)
db.session.commit()
# start the Flask server in a thread
cls.server_thread = threading.Thread(target=cls.app.run,
kwargs={'debug': False})
cls.server_thread.start()
# give the server a second to ensure it is up
time.sleep(1)
def test_users(self):
# add two users
g1 = Gender.query.filter_by(name='Male').first()
g2 = Gender.query.filter_by(name='Female').first()
r = Role.query.filter_by(name='User').first()
self.assertIsNotNone(r)
u1 = User(email='*****@*****.**',
name='john',
password='******',
confirmed=True,
role=r,
gender=g1)
u2 = User(email='*****@*****.**',
name='susan',
password='******',
confirmed=True,
role=r,
gender=g2)
db.session.add_all([u1, u2])
db.session.commit()
# get users
response = self.client.get('/api/v1/users/{}'.format(u1.id),
headers=self.get_api_headers(
'*****@*****.**', 'dog'))
self.assertEqual(response.status_code, 200)
json_response = json.loads(response.get_data(as_text=True))
self.assertEqual(json_response['name'], 'john')
self.assertEqual(json_response['gender'], 'Male')
response = self.client.get('/api/v1/users/{}'.format(u2.id),
headers=self.get_api_headers(
'*****@*****.**', 'dog'))
self.assertEqual(response.status_code, 200)
json_response = json.loads(response.get_data(as_text=True))
self.assertEqual(json_response['name'], 'susan')
self.assertEqual(json_response['gender'], 'Female')
def test_unconfirmed_account(self):
# add an unconfirmed user
r = Role.query.filter_by(name='User').first()
self.assertIsNotNone(r)
u = User(email='*****@*****.**',
password='******',
confirmed=False,
role=r)
db.session.add(u)
db.session.commit()
# get list of posts with the unconfirmed account
response = self.client.get('/api/v1/posts/',
headers=self.get_api_headers(
'*****@*****.**', 'cat'))
self.assertEqual(response.status_code, 403)
def test_bad_auth(self):
# add a user
r = Role.query.filter_by(name='User').first()
self.assertIsNotNone(r)
u = User(email='*****@*****.**',
password='******',
confirmed=True,
role=r)
db.session.add(u)
db.session.commit()
# authenticate with bad password
response = self.client.get('/api/v1/posts/',
headers=self.get_api_headers(
'*****@*****.**', 'dog'))
self.assertEqual(response.status_code, 401)
def test_gravatar(self):
u = User(email='*****@*****.**', password='******')
with self.app.test_request_context('/'):
gravatar = u.gravatar()
gravatar_256 = u.gravatar(size=256)
gravatar_pg = u.gravatar(rating='pg')
gravatar_retro = u.gravatar(default='retro')
self.assertTrue('https://secure.gravatar.com/avatar/' +
'd4c74594d841139328695756648b6bd6' in gravatar)
self.assertTrue('s=256' in gravatar_256)
self.assertTrue('r=pg' in gravatar_pg)
self.assertTrue('d=retro' in gravatar_retro)
def users(count=100):
fake = Faker(['fr_FR', 'en_US', 'zh_CN'])
gender_count = Gender.query.count()
for _ in range(count):
g = Gender.query.offset(randint(0, gender_count - 1)).first()
u = User(email=fake.email(),
name=fake.name(),
password='******',
confirmed=True,
location=fake.city(),
about_me=fake.text(),
member_since=fake.past_date(),
gender=g)
db.session.add(u)
try:
db.session.commit()
except IntegrityError:
db.session.rollback()
def add_user():
if request.method == 'POST':
format_response = {"error": {"code": 0, "message": ""}, "data": {}}
data = request.get_json()
if data['username'] is None or data['email'] is None:
format_response['error']['code'] = 1
format_response['error']['message'] = 'Thieu username hoac email'
return jsonify(format_response)
user = User.query.filter(
or_(User.username.like(data['username']),
User.email.like(data['email']))).first()
if user:
format_response['error']['code'] = 1
format_response['error'][
'message'] = 'Username hoặc email đã tồn tại'
else:
user = User(username=data['username'],
email=data['email'],
name=data['name'])
db.session.add(user)
db.session.commit()
format_response['error']['message'] = 'Tao user thành công!'
format_response['data']['id'] = user.id
return jsonify(format_response)
def test_comments(self):
# add two users
g1 = Gender.query.filter_by(name='Male').first()
g2 = Gender.query.filter_by(name='Female').first()
r = Role.query.filter_by(name='User').first()
self.assertIsNotNone(r)
u1 = User(email='*****@*****.**',
name='john',
password='******',
confirmed=True,
role=r,
gender=g1)
u2 = User(email='*****@*****.**',
name='susan',
password='******',
confirmed=True,
role=r,
gender=g2)
db.session.add_all([u1, u2])
db.session.commit()
# add a post
post = Post(title='title of the post',
body='body of the post',
author=u1)
db.session.add(post)
db.session.commit()
# write a comment
response = self.client.post(
'/api/v1/posts/{}/comments/'.format(post.id),
headers=self.get_api_headers('*****@*****.**', 'dog'),
data=json.dumps({'body': 'Good [post](http://example.com)!'}))
self.assertEqual(response.status_code, 201)
json_response = json.loads(response.get_data(as_text=True))
url = response.headers.get('Location')
self.assertIsNotNone(url)
self.assertEqual(json_response['body'],
'Good [post](http://example.com)!')
self.assertEqual(re.sub('<.*?>', '', json_response['body_html']),
'Good post!')
# get the new comment
response = self.client.get(url,
headers=self.get_api_headers(
'*****@*****.**', 'cat'))
self.assertEqual(response.status_code, 200)
json_response = json.loads(response.get_data(as_text=True))
self.assertEqual('http://localhost' + json_response['url'], url)
self.assertEqual(json_response['body'],
'Good [post](http://example.com)!')
# add another comment
comment = Comment(body='Thank you!', author=u1, post=post)
db.session.add(comment)
db.session.commit()
# get the two comments from the post
response = self.client.get(
'/api/v1/posts/{}/comments/'.format(post.id),
headers=self.get_api_headers('*****@*****.**', 'dog'))
self.assertEqual(response.status_code, 200)
json_response = json.loads(response.get_data(as_text=True))
self.assertIsNotNone(json_response.get('comments'))
self.assertEqual(json_response.get('count', 0), 2)
# get all the comments
response = self.client.get(
'/api/v1/posts/{}/comments/'.format(post.id),
headers=self.get_api_headers('*****@*****.**', 'dog'))
self.assertEqual(response.status_code, 200)
json_response = json.loads(response.get_data(as_text=True))
self.assertIsNotNone(json_response.get('comments'))
self.assertEqual(json_response.get('count', 0), 2)
def test_valid_confirmation_token(self):
u = User(password='******')
db.session.add(u)
db.session.commit()
token = u.generate_confirmation_token()
self.assertTrue(u.confirm(token))
def test_password_salts_are_random(self):
u = User(password='******')
u2 = User(password='******')
self.assertTrue(u.password_hash != u2.password_hash)
def test_password_verification(self):
u = User(password='******')
self.assertTrue(u.verify_password('cat'))
self.assertFalse(u.verify_password('dog'))
def test_no_password_getter(self):
u = User(password='******')
with self.assertRaises(AttributeError):
_ = u.password
def test_password_setter(self):
u = User(password='******')
self.assertTrue(u.password_hash is not None)
def test_follows(self):
u1 = User(email='*****@*****.**', password='******')
u2 = User(email='*****@*****.**', password='******')
db.session.add(u1)
db.session.add(u2)
db.session.commit()
self.assertFalse(u1.is_following(u2))
self.assertFalse(u1.is_followed_by(u2))
timestamp_before = datetime.utcnow()
u1.follow(u2)
db.session.add(u1)
db.session.commit()
timestamp_after = datetime.utcnow()
self.assertTrue(u1.is_following(u2))
self.assertFalse(u1.is_followed_by(u2))
self.assertTrue(u2.is_followed_by(u1))
self.assertTrue(u1.followed.count() == 2)
self.assertTrue(u2.followers.count() == 2)
f = u1.followed.all()[-1]
self.assertTrue(f.followed == u2)
self.assertTrue(timestamp_before <= f.timestamp <= timestamp_after)
f = u2.followers.all()[-1]
self.assertTrue(f.follower == u1)
u1.unfollow(u2)
db.session.add(u1)
db.session.commit()
self.assertTrue(u1.followed.count() == 1)
self.assertTrue(u2.followers.count() == 1)
self.assertTrue(Follow.query.count() == 2)
u2.follow(u1)
db.session.add(u1)
db.session.add(u2)
db.session.commit()
db.session.delete(u2)
db.session.commit()
self.assertTrue(Follow.query.count() == 1)
