def login():
form = LoginForm(next=request.args.get('next'))
if form.validate_on_submit():
u = User.find_by_identity(request.form.get('identity'))
if u and u.authenticated(password=request.form.get('password')):
# As you can see remember me is always enabled, this was a design
# decision I made because more often than not users want this
# enabled. This allows for a less complicated login form.
#
# If however you want them to be able to select whether or not they
# should remain logged in then perform the following 3 steps:
# 1) Replace 'True' below with: request.form.get('remember', False)
# 2) Uncomment the 'remember' field in user/forms.py#LoginForm
# 3) Add a checkbox to the login form with the id/name 'remember'
if login_user(u, remember=request.form.get(
'remember', False)) and u.is_active():
u.update_activity_tracking(request.remote_addr)
# Handle optionally redirecting to the next URL safely.
next_url = request.form.get('next')
if next_url:
return redirect(safe_next_url(next_url))
if u.role == 'member':
return redirect(url_for('user.view'))
else:
return redirect(url_for('admin.users'))
else:
flash('This account has been disabled.', 'error')
else:
flash('Identity or password is incorrect.', 'error')
return render_template('user/login.html', form=form)
def seed():
"""
Seed the database with an initial user.
:return: User instance
"""
if User.find_by_identity(app.config['SEED_ADMIN_EMAIL']) is not None:
return None
params = {
'role': 'admin',
'email': app.config['SEED_ADMIN_EMAIL'],
'password': app.config['SEED_ADMIN_PASSWORD']
}
return User(**params).save()
def test_deliver_password_reset_email(self, token):
""" Deliver a password reset email. """
with mail.record_messages() as outbox:
user = User.find_by_identity('*****@*****.**')
deliver_password_reset_email(user.id, token)
assert len(outbox) == 1
assert token in outbox[0].body
def test_begin_update_credentials_email_change(self):
""" Update credentials but only the e-mail address. """
self.login()
user = {'current_password': '******', 'email': '*****@*****.**'}
response = self.client.post(url_for('user.update_credentials'),
data=user,
follow_redirects=True)
assert_status_with_message(200, response,
'Your sign in settings have been updated.')
old_user = User.find_by_identity('*****@*****.**')
assert old_user is None
new_user = User.find_by_identity('*****@*****.**')
assert new_user is not None
def begin_password_reset():
form = BeginPasswordResetForm()
if form.validate_on_submit():
u = User.initialize_password_reset(request.form.get('identity'))
flash('An email has been sent to {0}.'.format(u.email), 'success')
return redirect(url_for('user.login'))
return render_template('user/begin_password_reset.html', form=form)
def password_reset():
form = PasswordResetForm(reset_token=request.args.get('reset_token'))
if form.validate_on_submit():
u = User.deserialize_token(request.form.get('reset_token'))
if u is None:
flash('Your reset token has expired or was tampered with.',
'error')
return redirect(url_for('user.begin_password_reset'))
form.populate_obj(u)
u.password = User.encrypt_password(request.form.get('password'))
u.save()
if login_user(u):
flash('Your password has been reset.', 'success')
return redirect(url_for('user.settings'))
return render_template('user/password_reset.html', form=form)
def test_login_activity(self, users):
""" Login successfully and update the activity stats. """
user = User.find_by_identity('*****@*****.**')
old_sign_in_count = user.sign_in_count
response = self.login()
new_sign_in_count = user.sign_in_count
assert response.status_code == 200
assert (old_sign_in_count + 1) == new_sign_in_count
def test_password_reset(self, users, token):
""" Reset successful. """
reset = {'password': '******', 'reset_token': token}
response = self.client.post(url_for('user.password_reset'),
data=reset,
follow_redirects=True)
assert_status_with_message(200, response,
'Your password has been reset.')
admin = User.find_by_identity('*****@*****.**')
assert admin.password != 'newpassword'
def input():
form = BudgetForm()
from track.blueprints.user.models import User
if form.validate_on_submit():
budget_year = request.form.get('budget_year')
username = request.form.get('username')
input_type = request.form.get('input_type')
acct_num = request.form.get('acct_num')
amount = request.form.get('amount')
description = request.form.get('description')
u = User.find_by_identity(username)
if input_type == 'allocated':
a = amount,
e = 0.0,
i = 0.0
u.update_allocated_total(amount)
if input_type == 'expenses':
e = amount,
a = 0.0,
i = 0.0
u.update_expenses_total(amount)
if input_type == 'income':
i = amount,
a = 0.0,
e = 0.0
u.update_income_total(amount)
params = {
'user_id': username,
'budget_year': budget_year,
'input_type': input_type,
'acct_num': acct_num,
'description': description,
'allocated_amount': a,
'expenses_amount': e,
'income_amount': i
}
b = Budget(**params)
if None in params:
flash('Area missing.', 'error')
else:
b.save()
flash('Your budget has been saved.', 'success')
return redirect(url_for('admin.users'))
return render_template('budget/input.html', form=form)
def test_welcome_with_existing_username(self, users):
""" Create username failure due to username already existing. """
self.login()
u = User.find_by_identity('*****@*****.**')
u.username = '******'
u.save()
user = {'username': '******'}
response = self.client.post(url_for('user.welcome'),
data=user,
follow_redirects=True)
assert_status_with_message(200, response,
'You already picked a username.')
def update_credentials():
form = UpdateCredentials(current_user, uid=current_user.id)
if form.validate_on_submit():
new_password = request.form.get('password', '')
current_user.email = request.form.get('email')
if new_password:
current_user.password = User.encrypt_password(new_password)
current_user.save()
flash('Your sign in settings have been updated.', 'success')
return redirect(url_for('user.view'))
return render_template('user/update_credentials.html', form=form)
def test_signup(self, users):
""" Signup successfully. """
old_user_count = User.query.count()
user = {'email': '*****@*****.**', 'password': '******'}
response = self.client.post(url_for('user.signup'),
data=user,
follow_redirects=True)
assert_status_with_message(200, response,
'Awesome, thanks for signing up!')
new_user_count = User.query.count()
assert (old_user_count + 1) == new_user_count
new_user = User.find_by_identity('*****@*****.**')
assert new_user.password != 'password'
def signup():
form = SignupForm()
if form.validate_on_submit():
u = User()
form.populate_obj(u)
u.password = User.encrypt_password(request.form.get('password'))
u.save()
if login_user(u):
flash('Awesome, thanks for signing up!', 'success')
return redirect(url_for('user.welcome'))
return render_template('user/signup.html', form=form)
def users():
"""
Generate fake users.
"""
random_emails = []
data = []
click.echo('Working...')
# Ensure we get about 100 unique random emails.
for i in range(0, 99):
random_emails.append(fake.email())
random_emails.append(app.config['SEED_ADMIN_EMAIL'])
random_emails = list(set(random_emails))
while True:
if len(random_emails) == 0:
break
fake_datetime = fake.date_time_between(start_date='-1y',
end_date='now').strftime('%s')
created_on = datetime.utcfromtimestamp(
float(fake_datetime)).strftime('%Y-%m-%dT%H:%M:%S Z')
random_percent = random.random()
if random_percent >= 0.05:
role = 'member'
else:
role = 'admin'
email = random_emails.pop()
random_percent = random.random()
if random_percent >= 0.5:
random_trail = str(int(round((random.random() * 1000))))
username = fake.first_name() + random_trail
else:
username = None
fake_datetime = fake.date_time_between(start_date='-1y',
end_date='now').strftime('%s')
current_sign_in_on = datetime.utcfromtimestamp(
float(fake_datetime)).strftime('%Y-%m-%dT%H:%M:%S Z')
params = {
'created_on': created_on,
'updated_on': created_on,
'role': role,
'email': email,
'username': username,
'password': User.encrypt_password('password'),
'sign_in_count': random.random() * 100,
'current_sign_in_on': current_sign_in_on,
'current_sign_in_ip': fake.ipv4(),
'last_sign_in_on': current_sign_in_on,
'last_sign_in_ip': fake.ipv4()
}
# Ensure the seeded admin is always an admin with the seeded password.
if email == app.config['SEED_ADMIN_EMAIL']:
password = User.encrypt_password(app.config['SEED_ADMIN_PASSWORD'])
params['role'] = 'admin'
params['password'] = password
data.append(params)
return _bulk_insert(User, data, 'users')
def test_deserialize_token(self, token):
""" Token de-serializer de-serializes a JWS correctly. """
user = User.deserialize_token(token)
assert user.email == '*****@*****.**'
def test_deserialize_token_tampered(self, token):
""" Token de-serializer returns None when it's been tampered with. """
user = User.deserialize_token('{0}1337'.format(token))
assert user is None