def test_valid_reset_token(self): u = Utente(password='******') db.session.add(u) db.session.commit() token = u.generate_reset_token() self.assertTrue(Utente.reset_password(token, 'dog')) self.assertTrue(u.verify_password('dog'))
def test_expired_confirmation_token(self): u = Utente(password='******') db.session.add(u) db.session.commit() token = u.generate_confirmation_token(1) time.sleep(2) self.assertFalse(u.confirm(token))
def test_invalid_reset_token(self): u = Utente(password='******') db.session.add(u) db.session.commit() token = u.generate_reset_token() self.assertFalse(Utente.reset_password(token + 'a', 'horse')) self.assertTrue(u.verify_password('cat'))
def test_valid_email_change_token(self): u = Utente(email='*****@*****.**', password='******') db.session.add(u) db.session.commit() token = u.generate_email_change_token('*****@*****.**') self.assertTrue(u.change_email(token)) self.assertTrue(u.email == '*****@*****.**')
def setUp(self): self.app = create_app('testing') self.app_context = self.app.app_context() self.app_context.push() db.create_all() Ruolo.insert_roles() Utente.insert_test_users()
def test_ping(self): u = Utente(password='******') db.session.add(u) db.session.commit() time.sleep(2) last_seen_before = u.last_seen u.ping() self.assertTrue(u.last_seen > last_seen_before)
def test_duplicate_email_change_token(self): u1 = Utente(email='*****@*****.**', password='******') u2 = Utente(email='*****@*****.**', password='******') db.session.add(u1) db.session.add(u2) db.session.commit() token = u2.generate_email_change_token('*****@*****.**') self.assertFalse(u2.change_email(token)) self.assertTrue(u2.email == '*****@*****.**')
def setUp(self): self.app = create_app('testing') self.app_context = self.app.app_context() self.app_context.push() db.create_all() Tag.insert_test_tags() Corso.insert_test_corsi() Serata.insert_test_serate() Ruolo.insert_roles() Utente.insert_test_users() self.client = self.app.test_client()
def register(): form = RegistrationForm() if form.validate_on_submit(): user = Utente(email=form.email.data.lower(), username=form.username.data, password=form.password.data) db.session.add(user) db.session.commit() #Token e mail token = user.generate_confirmation_token() send_email(user.email, 'Conferma registrazione', '/email/confirm', user=user, token=token) flash('Una mail di conferma è stata inviata', 'success') return redirect(url_for('auth.login')) return render_template('register.html', form=form)
def test_token_auth(self): # add a user r = Ruolo.query.filter_by(name='Utente').first() self.assertIsNotNone(r) u = Utente(email='*****@*****.**', password='******', confirmed=True, ruolo=r) db.session.add(u) db.session.commit() # issue a request with a bad token response = self.client.get( '/api/v1/posts/', headers=self.get_api_headers('bad-token', '')) self.assertEqual(response.status_code, 401) # get a token response = self.client.post( '/api/v1/tokens/', headers=self.get_api_headers('*****@*****.**', 'cat')) self.assertEqual(response.status_code, 200) json_response = json.loads(response.get_data(as_text=True)) self.assertIsNotNone(json_response.get('token')) token = json_response['token'] # issue a request with the token response = self.client.get( '/api/v1/posts/', headers=self.get_api_headers(token, '')) self.assertEqual(response.status_code, 200)
def test_timestamps(self): u = Utente(password='******') db.session.add(u) db.session.commit() self.assertTrue( (datetime.utcnow() - u.member_since).total_seconds() < 3) self.assertTrue((datetime.utcnow() - u.last_seen).total_seconds() < 3)
def test_user_role(self): u = Utente(email='*****@*****.**', password='******') self.assertTrue(u.can(Permission.FOLLOW)) self.assertTrue(u.can(Permission.COMMENT)) self.assertTrue(u.can(Permission.WRITE)) self.assertFalse(u.can(Permission.MODERATE)) self.assertFalse(u.can(Permission.ADMIN))
def test_posts(self): # add a user r = Ruolo.query.filter_by(name='Utente').first() self.assertIsNotNone(r) u = Utente(email='*****@*****.**', password='******', confirmed=True, ruolo=r) db.session.add(u) db.session.commit() # write an empty post response = self.client.post( '/api/v1/posts/', headers=self.get_api_headers('*****@*****.**', 'cat'), data=json.dumps({'body': ''})) self.assertEqual(response.status_code, 400) # write a post response = self.client.post( '/api/v1/posts/', headers=self.get_api_headers('*****@*****.**', 'cat'), data=json.dumps({'body': 'body of the *blog* post'})) self.assertEqual(response.status_code, 201) url = response.headers.get('Location') self.assertIsNotNone(url) # get the new post response = self.client.get( url, headers=self.get_api_headers('*****@*****.**', 'cat')) self.assertEqual(response.status_code, 200) json_response = json.loads(response.get_data(as_text=True)) self.assertEqual('http://localhost' + json_response['url'], url) self.assertEqual(json_response['body'], 'body of the *blog* post') self.assertEqual(json_response['body_html'], '<p>body of the <em>blog</em> post</p>') json_post = json_response # get the post from the user response = self.client.get( '/api/v1/utenti/{}/posts/'.format(u.id), headers=self.get_api_headers('*****@*****.**', 'cat')) self.assertEqual(response.status_code, 200) json_response = json.loads(response.get_data(as_text=True)) self.assertIsNotNone(json_response.get('posts')) self.assertEqual(json_response.get('count', 0), 1) self.assertEqual(json_response['posts'][0], json_post) # edit post response = self.client.put( url, headers=self.get_api_headers('*****@*****.**', 'cat'), data=json.dumps({'body': 'updated body'})) self.assertEqual(response.status_code, 200) json_response = json.loads(response.get_data(as_text=True)) self.assertEqual('http://localhost' + json_response['url'], url) self.assertEqual(json_response['body'], 'updated body') self.assertEqual(json_response['body_html'], '<p>updated body</p>')
def test_administrator_role(self): r = Ruolo.query.filter_by(name='Administrator').first() u = Utente(email='*****@*****.**', password='******', ruolo=r) self.assertTrue(u.can(Permission.FOLLOW)) self.assertTrue(u.can(Permission.COMMENT)) self.assertTrue(u.can(Permission.WRITE)) self.assertTrue(u.can(Permission.MODERATE)) self.assertTrue(u.can(Permission.ADMIN))
def password_reset(token): if not current_user.is_anonymous: return redirect(url_for('main.index')) form = PasswordResetForm() if form.validate_on_submit(): if Utente.reset_password(token, form.password.data): db.session.commit() flash('Password aggiornata', 'success') return redirect(url_for('utenti.login')) else: return redirect(url_for('main.index')) return render_template('reset_password.html', form=form)
def verify_password(email_or_token, password): if email_or_token == '': return False if password == '': g.current_user = Utente.verify_auth_token(email_or_token) g.token_used = True return g.current_user is not None user = Utente.query.filter_by(email=email_or_token.lower()).first() if not user: return False g.current_user = user g.token_used = False return user.verify_password(password)
def test_invalid_confirmation_token(self): u1 = Utente(password='******') u2 = Utente(password='******') db.session.add(u1) db.session.add(u2) db.session.commit() token = u1.generate_confirmation_token() self.assertFalse(u2.confirm(token))
def test_unconfirmed_account(self): # add an unconfirmed user r = Ruolo.query.filter_by(name='Utente').first() self.assertIsNotNone(r) u = Utente(email='*****@*****.**', password='******', confirmed=False, ruolo=r) db.session.add(u) db.session.commit() # get list of posts with the unconfirmed account response = self.client.get( '/api/v1/posts/', headers=self.get_api_headers('*****@*****.**', 'cat')) self.assertEqual(response.status_code, 403)
def test_bad_auth(self): # add a user r = Ruolo.query.filter_by(name='Utente').first() self.assertIsNotNone(r) u = Utente(email='*****@*****.**', password='******', confirmed=True, ruolo=r) db.session.add(u) db.session.commit() # authenticate with bad password response = self.client.get( '/api/v1/posts/', headers=self.get_api_headers('*****@*****.**', 'dog')) self.assertEqual(response.status_code, 401)
def test_users(self): # add two users r = Ruolo.query.filter_by(name='Utente').first() self.assertIsNotNone(r) u1 = Utente(email='*****@*****.**', username='******', password='******', confirmed=True, ruolo=r) u2 = Utente(email='*****@*****.**', username='******', password='******', confirmed=True, ruolo=r) db.session.add_all([u1, u2]) db.session.commit() # get users response = self.client.get( '/api/v1/utenti/{}'.format(u1.id), headers=self.get_api_headers('*****@*****.**', 'dog')) self.assertEqual(response.status_code, 200) json_response = json.loads(response.get_data(as_text=True)) self.assertEqual(json_response['username'], 'john') response = self.client.get( '/api/v1/utenti/{}'.format(u2.id), headers=self.get_api_headers('*****@*****.**', 'dog')) self.assertEqual(response.status_code, 200) json_response = json.loads(response.get_data(as_text=True)) self.assertEqual(json_response['username'], 'susan')
def test_gravatar(self): u = Utente(email='*****@*****.**', password='******') with self.app.test_request_context('/'): gravatar = u.gravatar() gravatar_256 = u.gravatar(size=256) gravatar_pg = u.gravatar(rating='pg') gravatar_retro = u.gravatar(default='retro') self.assertTrue('https://secure.gravatar.com/avatar/' + 'd4c74594d841139328695756648b6bd6' in gravatar) self.assertTrue('s=256' in gravatar_256) self.assertTrue('r=pg' in gravatar_pg) self.assertTrue('d=retro' in gravatar_retro)
def users(count=100): fake = Faker('it_IT') i = 0 while i < count: u = Utente(email=fake.email(), username=fake.user_name(), password='******', confirmed=True, name=fake.name(), location=fake.city(), about_me=fake.text(), member_since=fake.past_date()) db.session.add(u) try: db.session.commit() i += 1 except IntegrityError: db.session.rollback()
def test_password_salts_are_random(self): u = Utente(password='******') u2 = Utente(password='******') self.assertTrue(u.password_hash != u2.password_hash)
def test_password_setter(self): u = Utente(password='******') self.assertTrue(u.password_hash is not None)
def create_test_db(): print("Start creating test db") FLASK_CONFIG = os.getenv("FLASK_CONFIG", "None") app = create_app(FLASK_CONFIG) app_context = app.app_context() app_context.push() from project.serate.models import Serata from project.corsi.models import Corso from project.tags.models import Tag from project.ruoli.models import Ruolo from project.utenti.models import Utente from project.blog.models import Post from project.commenti.models import Comment from random import randint from faker import Faker try: user_list = Utente.query.all() course_list = Corso.query.all() post_list = Post.query.all() comment_list = Comment.query.all() post_list = Post.query.all() ruolo_list = Ruolo.query.all() print("DB Tables already exists") except Exception as message: print(f"No db data exist, inserting them:") def users(count=100): fake = Faker("it_IT") i = 0 while i < count: u = Utente( email=fake.email(), username=fake.user_name(), password="******", confirmed=True, name=fake.name(), location=fake.city(), about_me=fake.text(), member_since=fake.past_date(), ) db.session.add(u) try: db.session.commit() i += 1 except IntegrityError: db.session.rollback() def posts(count=100): fake = Faker("it_IT") user_count = Utente.query.count() for i in range(count): u = Utente.query.offset(randint(0, user_count - 1)).first() p = Post(body=fake.text(), timestamp=fake.past_date(), author=u) db.session.add(p) db.session.commit() def comments(count=100): fake = Faker("it_IT") user_count = Utente.query.count() post_count = Post.query.count() for i in range(count): u = Utente.query.offset(randint(0, user_count - 1)).first() p = Post.query.offset(randint(0, post_count - 1)).first() c = Comment(body=fake.text(), timestamp=fake.past_date(), post=p, author=u) db.session.add(c) db.session.commit() print("Creating structure") db.create_all() db.session.commit() print("Creating roles") Ruolo.insert_roles() print("Creating fake users") users(2) print("Creating test users") Utente.insert_test_users() print("Creating tags") Tag.insert_test_tags() print("Creating corsi") Corso.insert_test_corsi() print("Creating serate") Serata.insert_test_serate() print("Creating posts fake") posts(3) print("Creating commenti fake") comments(3) print("\nDB Dummy data inserted succesfully") db.session.remove() app_context.pop()
def test_comments(self): # add two users r = Ruolo.query.filter_by(name='Utente').first() self.assertIsNotNone(r) u1 = Utente(email='*****@*****.**', username='******', password='******', confirmed=True, ruolo=r) u2 = Utente(email='*****@*****.**', username='******', password='******', confirmed=True, ruolo=r) db.session.add_all([u1, u2]) db.session.commit() # add a post post = Post(body='body of the post', author=u1) db.session.add(post) db.session.commit() # write a comment response = self.client.post( '/api/v1/posts/{}/comments/'.format(post.id), headers=self.get_api_headers('*****@*****.**', 'dog'), data=json.dumps({'body': 'Good [post](http://example.com)!'})) self.assertEqual(response.status_code, 201) json_response = json.loads(response.get_data(as_text=True)) url = response.headers.get('Location') self.assertIsNotNone(url) self.assertEqual(json_response['body'], 'Good [post](http://example.com)!') self.assertEqual( re.sub('<.*?>', '', json_response['body_html']), 'Good post!') # get the new comment response = self.client.get( url, headers=self.get_api_headers('*****@*****.**', 'cat')) self.assertEqual(response.status_code, 200) json_response = json.loads(response.get_data(as_text=True)) self.assertEqual('http://localhost' + json_response['url'], url) self.assertEqual(json_response['body'], 'Good [post](http://example.com)!') # add another comment comment = Comment(body='Thank you!', author=u1, post=post) db.session.add(comment) db.session.commit() # get the two comments from the post response = self.client.get( '/api/v1/posts/{}/commenti/'.format(post.id), headers=self.get_api_headers('*****@*****.**', 'dog')) self.assertEqual(response.status_code, 200) json_response = json.loads(response.get_data(as_text=True)) self.assertIsNotNone(json_response.get('comments')) self.assertEqual(json_response.get('count', 0), 2) # get all the comments response = self.client.get( '/api/v1/posts/{}/commenti/'.format(post.id), headers=self.get_api_headers('*****@*****.**', 'dog')) self.assertEqual(response.status_code, 200) json_response = json.loads(response.get_data(as_text=True)) self.assertIsNotNone(json_response.get('comments')) self.assertEqual(json_response.get('count', 0), 2)
def test_no_password_getter(self): u = Utente(password='******') with self.assertRaises(AttributeError): u.password
def test_password_verification(self): u = Utente(password='******') self.assertTrue(u.verify_password('cat')) self.assertFalse(u.verify_password('dog'))
if CREATE_ALL: # Utilizzo dell'application factory app = create_app('development') app_context = app.app_context() app_context.push() print("Creating structure") db.create_all() print("Creating roles") Ruolo.insert_roles() print("Creating fake users") users(20) print("Creating test users") Utente.insert_test_users() print("Creating tags") Tag.insert_test_tags() print("Creating corsi") Corso.insert_test_corsi() print("Creating serate") Serata.insert_test_serate() print("Creating posts fake") posts() print("Creating commenti fake") comments()
def test_valid_confirmation_token(self): u = Utente(password='******') db.session.add(u) db.session.commit() token = u.generate_confirmation_token() self.assertTrue(u.confirm(token))