def test_login_logout(self):
self.create_users()
with self.flask_app.test_client() as c:
resp = c.post('/accounts/login/', data={
'username': '******',
'password': '******',
})
self.assertEqual(auth.get_logged_in_user(), self.normal)
resp = c.post('/accounts/logout/')
self.assertEqual(auth.get_logged_in_user(), None)
resp = c.post('/accounts/login/', data={
'username': '******',
'password': '******',
})
self.assertEqual(auth.get_logged_in_user(), self.admin)
# log back in without logging out
resp = c.post('/accounts/login/', data={
'username': '******',
'password': '******',
})
self.assertEqual(auth.get_logged_in_user(), self.normal)
def test_admin_required(self):
self.create_users()
with self.flask_app.test_client() as c:
resp = c.get('/secret/')
self.assertEqual(resp.status_code, 302)
self.assertTrue(resp.headers['location'].endswith('/accounts/login/?next=%2Fsecret%2F'))
self.login('normal', 'normal', c)
resp = c.get('/secret/')
self.assertEqual(resp.status_code, 302)
self.assertTrue(resp.headers['location'].endswith('/accounts/login/?next=%2Fsecret%2F'))
self.assertEqual(auth.get_logged_in_user(), self.normal)
self.login('admin', 'admin', c)
resp = c.get('/secret/')
self.assertEqual(resp.status_code, 200)
self.assertEqual(auth.get_logged_in_user(), self.admin)
def test_login_view(self):
self.create_users()
with self.flask_app.test_client() as c:
resp = c.get('/accounts/login/')
self.assertEqual(resp.status_code, 200)
# check that we have no logged-in user
self.assertContext('user', None)
frm = self.get_context('form')
self.assertTrue(isinstance(frm, LoginForm))
self.assertEqual(frm.data, {'username': None, 'password': None})
# make a post missing the username
resp = c.post('/accounts/login/', data={
'username': '',
'password': '******',
})
self.assertEqual(resp.status_code, 200)
# check form for errors
frm = self.get_context('form')
self.assertEqual(frm.errors, {'username': [u'This field is required.']})
# check that no messages were generated
self.assertFalse('_flashes' in session)
# check that the auth API does not indicate a logged-in user
self.assertEqual(auth.get_logged_in_user(), None)
# make a post with a bad username/password combo
resp = c.post('/accounts/login/', data={
'username': '******',
'password': '******',
})
self.assertEqual(resp.status_code, 200)
# both fields were present so no form errors, but flash the user
# indicating bad username/password combo
self.assertTrue('_flashes' in session)
messages = get_flashed_messages()
self.assertEqual(messages, [
'Incorrect username or password',
])
# check that the auth API does not indicate a logged-in user
self.assertEqual(auth.get_logged_in_user(), None)
# make a post with an inactive user
resp = c.post('/accounts/login/', data={
'username': '******',
'password': '******',
})
self.assertEqual(resp.status_code, 200)
# still no logged-in user
self.assertContext('user', None)
# check that the auth API does not indicate a logged-in user
self.assertEqual(auth.get_logged_in_user(), None)
# finally post as a known good user
resp = c.post('/accounts/login/', data={
'username': '******',
'password': '******',
})
self.assertEqual(resp.status_code, 302)
# check that we now have a logged-in user
self.assertEqual(auth.get_logged_in_user(), self.normal)
