def test_login_user_method():
user = get_user("correct_email")
if not user:
register_user("correct_email", "test_name", "correct_password",
"correct_password", 0)
assert login_user("correct_email",
"correct_password") == get_user("correct_email")
assert login_user("correct_email", "incorrect_password") == None
assert login_user("unregistered_email", "test_password") == None
def login_post():
email = request.form.get('email')
password = request.form.get('password')
error_message = None
user = bn.login_user(email, password)
# validate email
check_email = validate_login_email(email, error_message, user)
# validate password and password2
check_pwd = validate_login_password(password, error_message)
# For any formatting errors, render the login page and show the message 'email/password format is incorrect.'
# email
if check_pwd == "":
if check_email != "":
return render_template('login.html', message=check_email)
# password
if check_email == "":
if check_pwd != "":
return render_template('login.html', message=check_pwd)
if check_pwd != "" and check_pwd != "":
if check_pwd == check_email:
return render_template('login.html', message=check_email)
if check_email == "" and check_pwd == "" and user:
session['logged_in'] = user.email
return redirect('/', code=303)
# Otherwise, redict to /login and show message 'email/password combination incorrect'
else:
return render_template('login.html',
message="email/password combination incorrect.")
def login_post():
email = request.form.get('email')
password = request.form.get('password')
error_message = None
#this is to set restrainst on the email so that it follows requirements in R1
if not re.match(r"[^@]+@[^@]+\.[^@]+", email):
error_message = "email/password format is incorrect"
#this sets restraints on the password so that it cant be less than 6 characters
if len(password) < 6:
error_message = 'email/password format is incorrect'
#this if is to set restraints on the password by asserting which characters can be included
if not (any(x.isupper() for x in password) and any(x.islower() for x in password) and len(password) >= 6):
error_message = 'email/password format is incorrect'
user = bn.login_user(email, password)
if user:
session['logged_in'] = user.email
"""
Session is an object that contains sharing information
between browser and the end server. Typically it is encrypted
and stored in the browser cookies. They will be past
along between every request the browser made to this services.
Here we store the user object into the session, so we can tell
if the client has already login in the following sessions.
"""
# success! go back to the home page
# code 303 is to force a 'GET' request
return redirect('/', code=303)
else:
return render_template('login.html', message= error_message)
def login_post():
email = request.form.get('email')
password = request.form.get('password')
# Re render login page with error message
# if pwd field is empty or wrong format
check_empty_fields(field=password)
user = bn.login_user(email, password)
if not is_valid_email(email):
return render_template('login.html', message='Email format error')
elif not is_valid_password(password):
return render_template('login.html', message='Invalid password')
#elif not is_valid_user(name):
# return render_template('login.html', message='Invalid UserName')
elif user:
session['logged_in'] = user.email
"""
Session is an object that contains sharing information
between browser and the end server. Typically it is encrypted
and stored in the browser cookies. They will be past
along between every request the browser made to this services.
Here we store the user object into the session, so we can tell
if the client has already login in the following sessions.
"""
# success! go back to the home page
# code 303 is to force a 'GET' request
return redirect('/', code=303)
else:
return render_template('login.html', message='login failed')
def login_post():
email = request.form.get('email')
password = request.form.get('password')
if (email_check(email) is None) or (pwd_check(password) is
None): # no match in regex
return render_template('login.html',
message='email/password format is incorrect')
else:
user = bn.login_user(email, password)
if user:
session['logged_in'] = user.email
"""
Session is an object that contains sharing information
between browser and the end server. Typically it is encrypted
and stored in the browser cookies. They will be past
along between every request the browser made to this services.
Here we store the user object into the session, so we can tell
if the client has already login in the following sessions.
"""
# success! go back to the home page
# code 303 is to force a 'GET' request
return redirect('/', code=303)
else:
return render_template('login.html',
message='email/password combination incorrect')
def login_post():
# Get info from form
email = request.form.get('email')
password = request.form.get('password')
error_message = 'email/password combination incorrect'
user = None
# Check each condition and provide appropriate error message
if len(password) == 0 and len(email) == 0:
error_message = 'login failed'
elif validate_email(email) is not False or validate_password(
password) is not False:
error_message = 'email/password format is incorrect.'
else:
user = bn.login_user(email, password)
if user:
session['logged_in'] = user.email
"""
Session is an object that contains sharing information
between browser and the end server. Typically it is encrypted
and stored in the browser cookies. They will be past
along between every request the browser made to this services.
Here we store the user object into the session, so we can tell
if the client has already login in the following sessions.
"""
# success! go back to the home page
# code 303 is to force a 'GET' request
return redirect('/', code=303)
else:
return render_template('login.html', message=error_message)
def login_post():
email = request.form.get('email')
password = request.form.get('password')
user = bn.login_user(email, password)
# If login_user() returns a string
if isinstance(user, str):
return render_template('login.html',
message=user) # return error message
# email and password are non-empty
if user:
session['logged_in'] = user.email
"""
Session is an object that contains sharing information
between browser and the end server. Typically it is encrypted
and stored in the browser cookies. They will be past
along between every request the browser made to this services.
Here we store the user object into the session, so we can tell
if the client has already login in the following sessions.
"""
# success! go back to the home page
# code 303 is to force a 'GET' request
return redirect('/', code=303)
else:
# if error present in email or password, return list of errors
return render_template('login.html',
message='Email/password combination incorrect')
def login_post():
"""
Process login requests once
:return: if the login is successful redirect to the main page
"""
email = request.form.get('email')
password = request.form.get('password')
format_error_attribute = check_user_format(email, password)
if format_error_attribute is not None:
return render_template('login.html',
message="email/password format is incorrect.")
user = bn.login_user(email, password)
if user:
session['logged_in'] = user.email
"""
Session is an object that contains sharing information
between browser and the end server. Typically it is encrypted
and stored in the browser cookies. They will be past
along between every request the browser made to this services.
Here we store the user object into the session, so we can tell
if the client has already login in the following sessions.
"""
# success! go back to the home page
# code 303 is to force a 'GET' request
return redirect('/', code=303)
else:
return render_template('login.html', message='login failed')
def login_post():
email = request.form.get('email')
password = request.form.get('password')
# regex for email obtained from https://emailregex.com/
EMAIL_REGEX = re.compile(
r"(^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$)")
PASSWORD_REGEX = re.compile(
r"^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[^A-Za-z0-9]).{6,}$")
if not EMAIL_REGEX.match(email) or not PASSWORD_REGEX.match(password):
return render_template('login.html',
message='email/password format invalid')
user = bn.login_user(email, password)
if user:
session['logged_in'] = user.email
"""
Session is an object that contains sharing information
between browser and the end server. Typically it is encrypted
and stored in the browser cookies. They will be past
along between every request the browser made to this services.
Here we store the user object into the session, so we can tell
if the client has already login in the following sessions.
"""
# success! go back to the home page
# code 303 is to force a 'GET' request
return redirect('/', code=303)
else:
return render_template('login.html',
message='email/password combination incorrect')
def test_backend_login_input1():
# Set up valid user account
bn.register_user(test_user.email, test_user.name, test_user.password, test_user.password)
# Test input partition #1 (valid email, correct password)
result = bn.login_user(test_user.email, test_user.password)
assert result is not None
assert result.name == test_user.name
def login_post():
# get the user's form inputs
email = request.form.get('email')
password = request.form.get('password')
# attempt to login with those user credentials
user = bn.login_user(email, password)
# if bn.login_user succeeds, add that user's email to the session (as 'logged_in')
# then redirect them to the homepage
if user:
session['logged_in'] = user.email
"""
Session is an object that contains sharing information
between browser and the end server. Typically it is encrypted
and stored in the browser cookies. They will be past
along between every request the browser made to this services.
Here we store the user object into the session, so we can tell
if the client has already login in the following sessions.
"""
# success! go back to the home page
# code 303 is to force a 'GET' request
return redirect('/', code=303)
# if login failed, check what the error was and display an appropriate error message
else:
# use these regex's to validate that the user's form inputs match the required format
passwordPattern = re.compile(
"(?=.*[a-z])(?=.*[A-Z])(?=.*([!-/]|[:-@])).{6,}")
emailPattern = re.compile(
"([!#-'*+/-9=?A-Z^-~-]+(\.[!#-'*+/-9=?A-Z^-~-]+)*|\"([]!#-[^-~ \t]|(\\[\t -~]))+\")@([0-9A-Za-z]([0-9A-Za-z-]{0,61}[0-9A-Za-z])?(\.[0-9A-Za-z]([0-9A-Za-z-]{0,61}[0-9A-Za-z])?)*|\[((25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])(\.(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])){3}|IPv6:((((0|[1-9A-Fa-f][0-9A-Fa-f]{0,3}):){6}|::((0|[1-9A-Fa-f][0-9A-Fa-f]{0,3}):){5}|[0-9A-Fa-f]{0,4}::((0|[1-9A-Fa-f][0-9A-Fa-f]{0,3}):){4}|(((0|[1-9A-Fa-f][0-9A-Fa-f]{0,3}):)?(0|[1-9A-Fa-f][0-9A-Fa-f]{0,3}))?::((0|[1-9A-Fa-f][0-9A-Fa-f]{0,3}):){3}|(((0|[1-9A-Fa-f][0-9A-Fa-f]{0,3}):){0,2}(0|[1-9A-Fa-f][0-9A-Fa-f]{0,3}))?::((0|[1-9A-Fa-f][0-9A-Fa-f]{0,3}):){2}|(((0|[1-9A-Fa-f][0-9A-Fa-f]{0,3}):){0,3}(0|[1-9A-Fa-f][0-9A-Fa-f]{0,3}))?::(0|[1-9A-Fa-f][0-9A-Fa-f]{0,3}):|(((0|[1-9A-Fa-f][0-9A-Fa-f]{0,3}):){0,4}(0|[1-9A-Fa-f][0-9A-Fa-f]{0,3}))?::)((0|[1-9A-Fa-f][0-9A-Fa-f]{0,3}):(0|[1-9A-Fa-f][0-9A-Fa-f]{0,3})|(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])(\.(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])){3})|(((0|[1-9A-Fa-f][0-9A-Fa-f]{0,3}):){0,5}(0|[1-9A-Fa-f][0-9A-Fa-f]{0,3}))?::(0|[1-9A-Fa-f][0-9A-Fa-f]{0,3})|(((0|[1-9A-Fa-f][0-9A-Fa-f]{0,3}):){0,6}(0|[1-9A-Fa-f][0-9A-Fa-f]{0,3}))?::)|(?!IPv6:)[0-9A-Za-z-]*[0-9A-Za-z]:[!-Z^-~]+)])"
)
lengthPattern = re.compile("^.{1,63}$")
# if there was a formatting issue, display which form wasn't accepted
if (not (passwordPattern.match(password))):
return render_template('login.html',
message='password format incorrect')
elif not (emailPattern.match(email)) or not (
lengthPattern.match(email)):
return render_template('login.html',
message='email format incorrect')
# for any others issues, assume that the given email and password did not match that of an existing account
else:
return render_template(
'login.html', message='email/password combination incorrect')
def test_login_user(self, *_):
self.register()
user = get_user("*****@*****.**")
""" T1: (not user): True; (not check_password_hash(user.password, password)): True; (not email == user.email): True """
assert login_user("boxwhite", "white_BOX") == None
""" T2: (not user): False;(not check_password_hash(user.password, password)): True; (not email == user.email): True """
assert login_user("whitebox", "white_BOX") == None
""" T3: (not user): True; (not check_password_hash(user.password, password)): False;(not email == user.email): True """
assert login_user("boxwhite", "WHITE_box") == None
""" T4: (not user): True; (not check_password_hash(user.password, password)): True; (not email == user.email): False"""
assert login_user("*****@*****.**", "white_BOX") == None
""" T5: (not user): False;(not check_password_hash(user.password, password)): False;(not email == user.email): True """
assert login_user("whitebox", "WHITE_box") == None
""" T6: (not user): True; (not check_password_hash(user.password, password)): False;(not email == user.email): False"""
assert login_user("*****@*****.**", "WHITE_box") == None
""" T7: (not user): False;(not check_password_hash(user.password, password)): True; (not email == user.email): False"""
assert login_user("*****@*****.**", "white_BOX") == None
""" T8: (not user): False;(not check_password_hash(user.password, password)): False;(not email == user.email): False"""
assert login_user("*****@*****.**", "WHITE_box") == user
def login_post():
email = request.form.get('email')
password = request.form.get('password')
user = bn.login_user(email, password)
"""
Validation for email/password. We must check for blank email or password,
invalid password, and invalid email
"""
if email == "" or password == "":
return render_template('login.html',
message="Email/password cant be blank")
# "Email format is incorrect" should be error message
if not check_email_format(email):
return render_template('login.html',
message="Email format is incorrect")
# Password format is wrong
if not check_special_pass(password):
return render_template('login.html',
message="Password format is incorrect")
if user:
session['logged_in'] = user.email
"""
Session is an object that contains sharing information
between browser and the end server. Typically it is encrypted
and stored in the browser cookies. They will be past
along between every request the browser made to this services.
Here we store the user object into the session, so we can tell
if the client has already login in the following sessions.
"""
# success! go back to the home page
# code 303 is to force a 'GET' request
return redirect('/', code=303)
else:
return render_template('login.html', message='login failed')
def login_post():
email = request.form.get('email')
password = request.form.get('password')
user = bn.login_user(email, password)
if user:
session['logged_in'] = user.email
"""
Session is an object that contains sharing information
between browser and the end server. Typically it is encrypted
and stored in the browser cookies. They will be past
along between every request the browser made to this services.
Here we store the user object into the session, so we can tell
if the client has already login in the following sessions.
"""
# success! go back to the home page
# code 303 is to force a 'GET' request
return redirect('/', code=303) # change redirect
if validEmailFormat(email) and validPassword(password):
message = 'email/password combination incorrect'
else:
message = "Email/password format is incorrect"
if email == "" or password == "":
message = 'Email/Password cannot be empty'
return render_template('login.html', message=message)
def test_login_password_match_false(self):
"""
In this case, the second condition will be true, meaning the or statement is true
"""
return login_user(email=test_user.email,
password="******") == None
def test_login_success(self):
"""
In this case both are false, meaning the if statements doesn't get executed
"""
return login_user(test_user.email, test_user.password) == test_user
def test_login_user_exist_false(self):
"""
In this case, the first condition will be true, meaning the or statement is true
"""
return login_user(test_user.email, test_user.password) == None
def test_backend_login_input3():
# Test input partition #3 (invalid email, correct password)
result = bn.login_user("*****@*****.**", test_user.password)
assert result == None
def test_backend_login_input4():
# Test input partition #4 (invalid email, incorrect password)
result = bn.login_user("*****@*****.**", "IncorrectPassword1!")
assert result == None
def login_post():
email = request.form.get('email')
password = request.form.get('password')
email_in_rfc5322 = False
password_meet_complexity = False
password_length = False
password_lower = False
password_upper = False
password_symbol = False
# Check if the email follows RFC5322 standard
if parseaddr(email)[1] == email and '@' in parseaddr(
email)[1] and '.' in parseaddr(email)[1]:
email_in_rfc5322 = True
# Check if the length of password meets requirement
if len(password) >= 6:
password_length = True
# Check if the password meets requirement: contains lowercase, contains uppercase, contains special character
for c in password:
if c.islower():
password_lower = True
elif c.isupper():
password_upper = True
elif c in "!@#$%^&*()-+?_=,<>/":
password_symbol = True
# If the password meets all complexity requirements, then the password is valid.
if password_length and password_lower and password_upper and password_symbol:
password_meet_complexity = True
# If either of the email or password doesn't meet format requirements,
# then show error message to tell user login failed because of format problem.
if not email_in_rfc5322:
return render_template('login.html',
message='email/password format is incorrect.')
elif not password_meet_complexity:
return render_template('login.html',
message='email/password format is incorrect.')
user = bn.login_user(email, password)
if user:
session['logged_in'] = user.email
"""
Session is an object that contains sharing information
between browser and the end server. Typically it is encrypted
and stored in the browser cookies. They will be past
along between every request the browser made to this services.
Here we store the user object into the session, so we can tell
if the client has already login in the following sessions.
"""
# success! go back to the home page
# code 303 is to force a 'GET' request
return redirect('/', code=303)
else:
# If login failed for other reasons, that means password doesn't match the email.
return render_template('login.html',
message='email/password combination incorrect')
def test_backend_login_input2():
# Test input partition #2 (valid email, incorrect password)
result = bn.login_user(test_user.email, "IncorrectPassword1!")
assert result == None
