def test_extra_fields(self):
self.db = DAL("sqlite:memory")
self.session = Session(secret="a", expiration=10)
self.session.initialize()
self.auth = Auth(self.session,
self.db,
define_tables=True,
extra_fields=[Field('favorite_color')])
self.assertEqual(type(self.db.auth_user.favorite_color), Field)
def setUp(self):
os.environ["PY4WEB_APPS_FOLDER"] = "apps"
self.db = DAL("sqlite:memory")
self.session = Session(secret="a", expiration=10)
self.session.initialize()
self.auth = Auth(self.session,
self.db,
define_tables=True,
password_complexity=None)
self.auth.enable()
self.auth.action = self.action
request.app_name = "_scaffold"
def setUp(self):
os.environ['PY4WEB_APPS_FOLDER'] = 'apps'
self.db = DAL('sqlite:memory')
self.session = Session(secret="a", expiration=10)
self.session.local.data = {}
self.auth = Auth(self.session, self.db, define_tables=True)
self.auth.enable()
request.app_name = '_scaffold'
from py4web import __version__, action, abort, request, response, redirect, Translator, HTTP, URL
from py4web.core import Reloader, dumps, ErrorStorage, Session, Fixture
from py4web.utils.factories import ActionFactory
from pydal.validators import CRYPT
from yatl.helpers import BEAUTIFY
from .utils import *
from .diff2kryten import diff2kryten
MODE = os.environ.get("PY4WEB_DASHBOARD_MODE", "none")
FOLDER = os.environ["PY4WEB_APPS_FOLDER"]
APP_FOLDER = os.path.dirname(__file__)
T_FOLDER = os.path.join(APP_FOLDER, "translations")
T = Translator(T_FOLDER)
error_storage = ErrorStorage()
db = error_storage.db
session = Session()
def run(command, project):
"""for runing git commands inside an app (project)"""
return subprocess.check_output(command.split(),
cwd=os.path.join(FOLDER, project)).decode()
def get_commits(project):
"""list of git commits for the project"""
output = run("git log", project)
commits = []
for line in output.split("\n"):
if line.startswith("commit "):
commit = {
class TestAuth(unittest.TestCase):
def setUp(self):
os.environ["PY4WEB_APPS_FOLDER"] = "apps"
_before_request() # mimic before_request bottle-hook
self.db = DAL("sqlite:memory")
self.session = Session(secret="a", expiration=10)
self.session.initialize()
self.auth = Auth(self.session,
self.db,
define_tables=True,
password_complexity=None)
self.auth.enable()
self.auth.action = self.action
request.app_name = "_scaffold"
def tearDown(self):
bottle.app.router.remove('/*')
def action(self, name, method, query, data):
request.environ['REQUEST_METHOD'] = method
request.environ['ombott.request.query'] = query
request.environ['ombott.request.json'] = data
# we break a symmetry below. should fix in auth.py
if name.startswith('api/'):
return getattr(AuthAPI, name[4:])(self.auth)
else:
return getattr(self.auth.form_source, name)()
def on_request(self, keep_session=False):
storage = self.session._safe_local
# mimic before_request bottle-hook
_before_request()
# mimic action.uses()
self.session.initialize()
self.auth.flash.on_request()
self.auth.on_request()
if keep_session:
self.session._safe_local = storage
def test_extra_fields(self):
db = DAL("sqlite:memory")
self.auth = Auth(self.session,
db,
define_tables=True,
extra_fields=[Field('favorite_color')])
self.on_request()
self.assertEqual(type(db.auth_user.favorite_color), Field)
def test_register_invalid(self):
self.on_request()
body = {"email": "*****@*****.**"}
self.assertEqual(
self.auth.action("api/register", "POST", {}, body),
{
"id": None,
"errors": {
"username": "******",
"password": "******",
"first_name": "Enter a value",
"last_name": "Enter a value",
},
"status": "error",
"message": "validation errors",
"code": 401,
},
)
def test_register(self):
self.on_request()
body = {
"username": "******",
"email": "*****@*****.**",
"password": "******",
"first_name": "Pinco",
"last_name": "Pallino",
}
self.assertEqual(
self.auth.action("api/register", "POST", {}, body),
{
"id": 1,
"status": "success",
"code": 200
},
)
user = self.db.auth_user[1]
self.assertTrue(user.action_token.startswith("pending-registration"))
self.assertEqual(self.auth.get_user(), {})
self.on_request()
body = {"email": "*****@*****.**", "password": "******"}
self.assertEqual(
self.auth.action("api/login", "POST", {}, body),
{
"status": "error",
"message": "Registration is pending",
"code": 400
},
)
self.on_request()
token = user.action_token[len("pending-registration") + 1:]
try:
self.auth.action("verify_email", "GET", {"token": token}, {})
assert False, "email not verified"
except HTTP:
pass
user = self.db.auth_user[1]
self.assertTrue(user.action_token is None)
self.on_request()
self.assertEqual(
self.auth.action("api/login", "POST", {}, body),
{
"status": "error",
"message": "Invalid Credentials",
"code": 400
},
)
self.on_request()
body = {"email": "*****@*****.**", "password": "******"}
self.assertEqual(
self.auth.action("api/login", "POST", {}, body),
{
"user": {
"id": 1,
"username": "******",
"email": "*****@*****.**",
"first_name": "Pinco",
"last_name": "Pallino",
},
"status": "success",
"code": 200,
},
)
self.on_request()
body = {
"email": "ppallino", # can login with both email and username
"password": "******",
}
self.assertEqual(
self.auth.action("api/login", "POST", {}, body),
{
"user": {
"id": 1,
"username": "******",
"email": "*****@*****.**",
"first_name": "Pinco",
"last_name": "Pallino",
},
"status": "success",
"code": 200,
},
)
self.on_request(keep_session=True)
body = {"email": "*****@*****.**"}
self.assertEqual(
self.auth.action("api/request_reset_password", "POST", {}, body),
{
"status": "success",
"code": 200
},
)
self.on_request(keep_session=True)
body = {"token": "junk", "new_password": "******"}
self.assertEqual(
self.auth.action("api/reset_password", "POST", {}, body),
{
"status": "error",
"message": "validation errors",
"errors": {
"token": "invalid token"
},
"code": 401,
},
)
self.on_request(keep_session=True)
body = {
"token": self.auth._link.split("?token=")[1],
"new_password": "******",
"new_password2": "987654321",
}
self.assertEqual(
self.auth.action("api/reset_password", "POST", {}, body),
{
"status": "success",
"code": 200
},
)
self.assertEqual(
self.auth.get_user(),
{
"id": 1,
"username": "******",
"email": "*****@*****.**",
"first_name": "Pinco",
"last_name": "Pallino",
},
)
self.on_request(keep_session=True)
body = {}
self.assertEqual(
self.auth.action("api/change_password", "POST", {}, body),
{
'errors': {
'old_password': '******'
},
"status": "error",
"message": "validation errors",
"code": 401,
},
)
self.on_request(keep_session=True)
body = {"old_password": "******", "new_password": "******"}
self.assertEqual(
self.auth.action("api/change_password", "POST", {}, body),
{
"updated": 1,
"status": "success",
"code": 200
},
)
self.on_request(keep_session=True)
body = {"password": "******", "new_email": "*****@*****.**"}
self.assertEqual(
self.auth.action("api/change_email", "POST", {}, body),
{
"updated": 1,
"status": "success",
"code": 200
},
)
self.on_request(keep_session=True)
body = {"first_name": "Max", "last_name": "Powers", "password": "******"}
self.assertEqual(
self.auth.action("api/profile", "POST", {}, body),
{
"errors": {
"password": "******"
},
"status": "error",
"message": "validation errors",
"code": 401,
},
)
self.on_request(keep_session=True)
body = {"first_name": "Max", "last_name": "Powers"}
self.assertEqual(
self.auth.action("api/profile", "POST", {}, body),
{
"updated": 1,
"status": "success",
"code": 200
},
)
