def test_set_last_name_invalid_type(app): user = User('*****@*****.**', 'blah') with pytest.raises(TypeError) as e: user.last_name = 555 assert str(e.value) == 'Last name must be string.'
def test_set_zip_code_invalid_type(app): user = User('*****@*****.**', 'blah') with pytest.raises(TypeError) as e: user.zip_code = 56601 assert str(e.value) == 'ZIP code must be string.'
def test_set_role_invalid_type(app): user = User('*****@*****.**', 'blah') with pytest.raises(TypeError) as e: user.role = "ADMIN" assert 'Role must be integer value from this set: ' in str(e.value)
def test_unset_role(app): user = User('*****@*****.**', 'blah') with pytest.raises(TypeError) as e: user.role = None assert 'Role must be integer value from this set: ' in str(e.value)
def test_set_phone_invalid_format(app): user = User('*****@*****.**', 'blah') with pytest.raises(ValueError) as e: user.phone = '0111222333' assert 'Phone must have format' in str(e.value)
def test_set_phone_invalid_type(app): user = User('*****@*****.**', 'blah') with pytest.raises(TypeError) as e: user.phone = 111222333 assert str(e.value) == 'Phone must be string.'
def add_user(): try: user = User() user.user_name = request.form.get('user_name', None) user.devices = request.form.get('device_name', None) user.email = request.form.get('email', None) user.password = request.form.get('password', None) user.image = request.form.get('image', '') user.token = hash(user.email + user.password) user.add() return jsonify(user=dict( id=user.id, token=user.token, email=user.email, user_name=user.user_name, photo= 'https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png' )), 201 except IntegrityError as ex: if ex.orig.pgcode == '23505': # duplicate user return jsonify(message=ex.args), 409 elif ex.orig.pgcode == '23502': # required fields return jsonify(message=ex.args), 400 else: return jsonify(message=ex.args), 400 except Exception as ex: return jsonify(message=ex.args), 500
def test_get_other_user(client: FlaskClient): user = users.add(User('*****@*****.**', 'poaa')) user.active = True other_user = users.add( User(email='*****@*****.**', password='******', first_name='Tibor', last_name='Mikita', phone='+421111222333', street='Kosicka', zip_code='06601', city='Humenne', country=Country.SK, date_of_birth=datetime.date(1994, 5, 25))) other_user.active = True r = client.post('/api/auth/login', data=json.dumps({ 'email': '*****@*****.**', 'password': '******' }), content_type='application/json') payload = r.json access_token = payload['access_token'] r = client.get(f'/api/users/{other_user.id}', headers={'Authorization': f'Bearer {access_token}'}) payload = r.json assert r.status_code == status.HTTP_400_BAD_REQUEST assert payload['message'] == 'You cannot get user profile of other person.'
def register_user_cellphone(user_id: int): ''' generates cellphone_validation_code, idempotent (could be used for resend cellphone_validation_code) allows just 1 user per cellphone validation! ''' post_data = request.get_json() if not post_data: raise InvalidPayload() cellphone_number = post_data.get('cellphone_number') cellphone_cc = post_data.get('cellphone_cc') if not cellphone_number or not cellphone_cc: raise InvalidPayload() user = User.get(user_id) if user.cellphone_validation_date and user.cellphone_number == cellphone_number and user.cellphone_cc == cellphone_cc: raise BusinessException( message= 'Registered. You have already registered this cellphone number.') cellphone_validation_code, cellphone_validation_code_expiration = User.generate_cellphone_validation_code( ) with session_scope(db.session) as session: user.cellphone_number = cellphone_number user.cellphone_cc = cellphone_cc user.cellphone_validation_code = cellphone_validation_code user.cellphone_validation_code_expiration = cellphone_validation_code_expiration user.cellphone_validation_date = None if not current_app.testing: from project.api.common.utils.twilio import send_cellphone_verification_code send_cellphone_verification_code(user, cellphone_validation_code) return { 'status': 'success', 'message': 'Successfully sent validation code.' }
def seed_db(): """Seeds the database.""" event_desc = EventDescriptor(id=1, name="Seed Events Name", description="Seed db Event from {1}") db.session.add(event_desc) group = Group(name="Group Name") db.session.add(group) user1 = User(username='******', email="*****@*****.**", password="******", cellphone_number="98983510", cellphone_cc="+598") user2 = User(username='******', email="*****@*****.**", password="******") user3 = User(username='******', email="*****@*****.**", password="******") db.session.add(user1) db.session.add(user2) db.session.add(user3) user_group_association1 = UserGroupAssociation(user=user1, group=group) db.session.add(user_group_association1) user_group_association2 = UserGroupAssociation(user=user2, group=group) db.session.add(user_group_association2) user_group_association3 = UserGroupAssociation(user=user3, group=group) db.session.add(user_group_association3) db.session.commit()
def register_user(): app.logger.info("request:[%s],[%s],[%s]" % (request.headers, request.args, request.json)) # json:post,args:get,header have format # import pydevd # pydevd.settrace('192.168.3.1', port=12345, stdoutToServer=True, stderrToServer=True) # get identify code if request.method == 'GET': account = request.args.get("account") if account is None: app.logger.error("missing something") abort(400) # missing phone_num ret = User.register_user(account, None, None) return jsonify(ret) elif request.method == 'POST': account = request.json.get('account') identify_code = request.json.get('identify_code') password = request.json.get('passwd') if account is None or identify_code is None or password is None: app.logger.error("missing something") abort(400) ret = User.register_user(account, identify_code, password) return jsonify(ret)
def test_set_zip_code_long(app): user = User('*****@*****.**', 'blah') with pytest.raises(ValueError) as e: user.zip_code = '066666' assert str(e.value) == 'ZIP code must contain 5 numbers.'
def user_create(): data = req_helper.force_json_key_list('username', 'password', 'email', 'name', 'kind') # If trying to create a non-costumer without token if data['kind'] is not User.COSTUMER: if 'token' not in data: abort(make_response(jsonify(message="Missing token!"), 403)) usr = User.usr_from_token(data['token']) # if token is not valid or user cannot create users if not usr or not usr.canEditUsers(): abort(make_response(jsonify(message="Invalid token!"), 403)) if not data['username'].strip(): req_helper.throw_operation_failed("Username empty!") if not data['password'].strip() or len(data['password']) < 4: req_helper.throw_operation_failed( "Password empty or shorter than 4 chars!") user = User.create(data['username'], data['password'], data['name'], data['email'], data['kind']) if user: return jsonify(message="Ok!", id=user.get_id(), kind=user.kind) else: abort( make_response(jsonify(message="Username taken or invalid kind!"), 400))
def test_getUser(self): p = User(1, 'Perceval', 'De Galle', '*****@*****.**', 'sloubi', paths='') db.session.add(p) db.session.commit() rv = self.app.get('/users/1') assert "401 Unauthorized" in rv.data self.login('*****@*****.**', 'sloubi') rv = self.app.get('/users/1') assert '{"email": "*****@*****.**", "firstName": "Perceval", "id": 1, "lastName": "De Galle", "password": "******"}' in rv.data rv = self.app.get('/users/2') assert "404 Not Found" in rv.data p2 = User(2, 'Karadoc', 'De Vanne', '*****@*****.**', 'jambon', paths='') db.session.add(p2) db.session.commit() rv = self.app.get('/users/2') assert "403 Forbidden" in rv.data
def set_standalone_user(user_id: int): ''' changes user password when logged in''' post_data = request.get_json() if not post_data: raise InvalidPayload() username = post_data.get('username') pw_old = post_data.get('old_password') pw_new = post_data.get('new_password') if not username or not pw_old or not pw_new: raise InvalidPayload() # fetch the user data user = User.get(user_id) if not user.fb_id: raise NotFoundException( message='Must be a facebook user login. Please try again.') # fetch the user data user = User.get(user_id) if not bcrypt.check_password_hash(user.password, pw_old): raise NotFoundException(message='Invalid password. Please try again.') if not User.first(User.username == username): with session_scope(db.session): user.username = username user.password = bcrypt.generate_password_hash( pw_new, current_app.config.get('BCRYPT_LOG_ROUNDS')).decode() return { 'status': 'success', 'message': 'Successfully changed password.', } else: raise BusinessException( message= 'Sorry. That username already exists, choose another username')
def password_reset(): ''' reset user password (assumes login=email)''' post_data = request.get_json() if not post_data: raise InvalidPayload() token = post_data.get('token') pw_new = post_data.get('password') if not token or not pw_new: raise InvalidPayload() # fetch the user data user_id = User.decode_password_token(token) user = User.get(user_id) if not user or not user.token_hash or not bcrypt.check_password_hash( user.token_hash, token): raise NotFoundException(message='Invalid reset. Please try again.') with session_scope(db.session): user.password = bcrypt.generate_password_hash( pw_new, current_app.config.get('BCRYPT_LOG_ROUNDS')).decode() user.token_hash = None return { 'status': 'success', 'message': 'Successfully reset password.', }
def add_user(_): post_data = request.get_json() if not post_data: raise InvalidPayload() username = post_data.get('username') email = post_data.get('email') password = post_data.get('password') try: user = User.first(or_(User.username == username, User.email == email)) if not user: userModel = User(username=username, email=email, password=password) db.session.add(userModel) db.session.commit() response_object = { 'status': 'success', 'message': f'{email} was added!' } return response_object, 201 else: raise BusinessException( message='Sorry. That email or username already exists.') except (exc.IntegrityError, ValueError): db.session.rollback() raise InvalidPayload()
def test_set_city_invalid_type(app): user = User('*****@*****.**', 'blah') with pytest.raises(TypeError) as e: user.city = 555 assert str(e.value) == 'City must be string.'
def test_set_active_invalid_type(app): user = User('*****@*****.**', 'blah') with pytest.raises(TypeError) as e: user.active = 'True' assert str(e.value) == 'Active flag must be boolean.'
def test_unset_active(app): user = User('*****@*****.**', 'blah') with pytest.raises(TypeError) as e: user.active = None assert str(e.value) == 'Active flag must be boolean.'
def test_delUser(self): p = User(1, 'Perceval', 'De Galle', '*****@*****.**', 'sloubi', paths='') db.session.add(p) db.session.commit() self.login('*****@*****.**', 'sloubi') rv = self.app.delete('/users/1') assert 'User [email protected] deleted' in rv.data rv = self.app.get('/users/1') assert "404 Not Found" in rv.data or "401 Unauthorized" in rv.data p2 = User(2, 'Karadoc', 'De Vanne', '*****@*****.**', 'jambon', paths='') db.session.add(p2) db.session.commit() rv = self.app.delete('/users/2') assert "401 Unauthorized" in rv.data
def test_set_date_of_birth_invalid_type(app): user = User('*****@*****.**', 'blah') with pytest.raises(TypeError) as e: user.date_of_birth = '19.2.2018' assert str(e.value) == 'Date of birth must be date.'
def test_set_country_invalid_type(app): user = User('*****@*****.**', 'blah') with pytest.raises(TypeError) as e: user.country = 'SK' assert 'Country must be integer value from this set:' in str(e.value)
def create_users(csvfile, dep_id): if not (User.query.filter(User.email == "*****@*****.**").first()): user = User(name="Главный", surname="Самый", email="*****@*****.**", phone="+79215729636", password=generate_password_hash("1234")) db.session.add(user) db.session.commit() user_dep_id = UserDepartment(user_id=user.id, department_id=Department.query.filter( Department.name == "Московское").first().id, post="Руководитель Федерального Отделения", employment_date=datetime.date.today(), dismissal_date=None) db.session.add(user_dep_id) db.session.commit() with open(csvfile, newline='') as csvfile: r = csv.reader(csvfile, delimiter=';') for row in r: db.session.add( User(name=row[1], surname=row[0], email=row[2], phone=row[3], password=generate_password_hash("1234"))) db.session.commit() if row[4] == "": row[4] = None if row[5] == "": row[5] = None if len(row) > 6: if row[6] == "": row[6] = None if row[7] == "": row[7] = None db.session.add( UserDepartment(user_id=User.query.filter(User.email == row[2]).first().id, department_id=int(dep_id), post="Пользователь", employment_date=row[4], dismissal_date=row[5])) db.session.commit()
def test_set_active(app): user = User('*****@*****.**', 'blah') assert user.active is False user.active = True assert user.active is True
def test_unset_date_of_birth(app): user = User('*****@*****.**', 'blah', date_of_birth=datetime.date(1996, 2, 20)) assert user.date_of_birth is not None user.date_of_birth = None assert user.date_of_birth is None
def test_unset_country(app): user = User('*****@*****.**', 'blah', country=Country.SK) assert user.country is not None user.country = None assert user.zip_code is None
def test_set_country(app): user = User('*****@*****.**', 'blah') assert user.country is None user.country = Country.SK assert user.country == Country.SK
def test_set_date_of_birth(app): user = User('*****@*****.**', 'blah') assert user.date_of_birth is None user.date_of_birth = datetime.date(1996, 2, 20) assert user.date_of_birth == datetime.date(1996, 2, 20)
def test_unset_city(app): user = User('*****@*****.**', 'blah', city='Humenne') assert user.city is not None user.city = None assert user.city is None
def signup(): """ Signup --- tags: - user parameters: - name: body in: body description: username, email and password for signup required: true schema: id: UserSignup required: - username - email - password properties: username: type: string pattern: ^[\w.]+$ example: babyknight maxLength: 32 email: type: string example: [email protected] password: type: string example: baby123 minLength: 3 maxLength: 32 responses: 201: description: Successfully registered 400: description: Bad request 406: description: Username or email already exist """ data = request.json username = data['username'] email = data['email'] password = data['password'] if User.query.filter_by(email=email).first(): return jsonify(errors='email already exist'), 406 try: user_obj = User(username=username, email=email) user_obj.hash_password(password) db.session.add(user_obj) db.session.commit() except IntegrityError: return jsonify(errors='username already exist'), 406 return '', 201
def add_user(): try: user = User() user.user_name = request.form.get('user_name', None) user.devices = request.form.get('device_name', None) user.email = request.form.get('email', None) user.password = request.form.get('password', None) user.image = request.form.get('image', '') user.token = hash(user.email + user.password) user.add() return jsonify(user=dict(id=user.id, token=user.token, email=user.email, user_name=user.user_name, photo='https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png')), 201 except IntegrityError as ex: if ex.orig.pgcode == '23505': # duplicate user return jsonify(message=ex.args), 409 elif ex.orig.pgcode == '23502': # required fields return jsonify(message=ex.args), 400 else: return jsonify(message=ex.args), 400 except Exception as ex: return jsonify(message=ex.args), 500
def load_user(request): from project.models.user import User token = request.headers.get('authorization', '') if token: user_entry = User.get(token=token) if user_entry: user_entry.is_authenticated = True return user_entry
def test_reset_password(self): user = User(password='******', name='username', id=104) key = 'sample_secret_key' expire_reset_token = user.generate_reset_token(key, -10) self.assertFalse(user.reset_password(key, expire_reset_token, 'new_password')) self.assertTrue(user.verify_password('userpassword')) reset_token = user.generate_reset_token(key, 3600) self.assertTrue(user.reset_password(key, reset_token, 'new_password')) self.assertTrue(user.verify_password('new_password'))
def test_confirm(self): user = User(password='******', id = 103) key = 'sample_secret_key' expire_confirm_token = user.generate_confirmation_token(key, -10) self.assertFalse(user.confirm(key, expire_confirm_token)) confirm_token = user.generate_confirmation_token(key, 3600) self.assertFalse(user.confirm(key, 'wrong_token')) self.assertTrue(user.confirm(key, confirm_token))
def test_verify_auth_token(self, mock_session, mock_query): user = User(email="*****@*****.**", password='******', id = 32) key = 'sample_secret_key' expire_auth_token = user.generate_auth_token(key, -10) self.assertFalse(user.verify_auth_token(key, expire_auth_token)) auth_token = user.generate_auth_token(key, 3600) self.assertIsNone(User.verify_auth_token(key, 'wrong_token')) mock_query.get.return_value = user auth_user = User.verify_auth_token(key, auth_token) mock_query.get.assert_called_with(32) self.assertEqual(auth_user, user)
def login(): try: email = request.form.get('email', '') password = request.form.get('password', '') if email and password: user_obj = User.get(email=email, password=password) if user_obj: return jsonify(user=dict(id=user_obj.id, token=user_obj.token, email=user_obj.email, user_name=user_obj.user_name, photo='https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png'))\ , 200 else: return jsonify(message='Not Found!'), 404 else: return jsonify(meesage='email or Password are required'), 400 except Exception as ex: return jsonify(message=ex.args), 500
def test_save(self, mock_session, mock_query): user = User(name='username', password='******', email='*****@*****.**') user.save(True) mock_session.add.assert_called_with(user) self.assertTrue(mock_session.commit.called)
def test_verify_password(self): user = User(name='username', password='******') self.assertFalse(user.verify_password('wrong _password')) self.assertTrue(user.verify_password('userpassword_20'))