def test_forgotten_password_full_process(self, app, db_session, smtplib):
p = PersonFactory(activated=False)
db_session.commit()
# get the login page
resp = app.get(url_for(controller='person', action='signin', id=None))
# click on the forgotten password link
resp = resp.click('Forgotten your password?')
f = resp.forms[1] # TODO: Fragile, Persona is [0]
f['email_address'] = p.email_address
f.submit()
# check that the confirmation record was created
crecs = PasswordResetConfirmation.find_by_email(p.email_address)
assert crecs is not None
# check our email
assert smtplib.existing != None
# check to address
to_match = re.match(r'^.*To:.*' + p.email_address,
smtplib.existing.message, re.DOTALL)
assert to_match != None
# check that the email has no HTML in it and thus was not rendered
# incorrectly
html_match = re.match(r'^.*<!DOCTYPE', smtplib.existing.message,
re.DOTALL)
assert html_match == None
# check that the message has a url hash in it
url_match = re.match(r'^.*(/person/reset_password/\S+)',
smtplib.existing.message, re.DOTALL)
assert url_match != None
# ok go to the URL, on treadmills
resp = app.get(url_match.group(1))
# set password
f = resp.form
f['password'] = '******'
f['password_confirm'] = 'passwdtest'
resp = f.submit(extra_environ=dict(REMOTE_ADDR='0.0.0.0'))
# Need to forget the objects we created, save ones that need saving
pid = p.id
old_hash = p.password_hash
db_session.expunge_all()
# check that the password was changed
p = Person.find_by_id(pid)
assert p.password_hash != old_hash
# check that the confirmatin record is gone
crecs = PasswordResetConfirmation.find_by_email(p.email_address)
assert crecs is None
def test_forgotten_password_full_process(self, app, db_session, smtplib):
p = PersonFactory(activated=False)
db_session.commit()
# get the login page
resp = app.get(url_for(controller='person', action='signin', id=None))
# click on the forgotten password link
resp = resp.click('Forgotten your password?')
f = resp.forms['pwreset-form']
f['email_address'] = p.email_address
f.submit()
# check that the confirmation record was created
crecs = PasswordResetConfirmation.find_by_email(p.email_address)
assert crecs is not None
# check our email
assert smtplib.existing != None
# check to address
to_match = re.match(r'^.*To:.*' + p.email_address, smtplib.existing.message, re.DOTALL)
assert to_match != None
# check that the email has no HTML in it and thus was not rendered
# incorrectly
html_match = re.match(r'^.*<!DOCTYPE', smtplib.existing.message, re.DOTALL)
assert html_match == None
# check that the message has a url hash in it
url_match = re.match(r'^.*(/person/reset_password/\S+)', smtplib.existing.message, re.DOTALL)
assert url_match != None
# ok go to the URL, on treadmills
resp = app.get(url_match.group(1))
# set password
f = resp.forms['reset-form']
f['password'] = '******'
f['password_confirm'] = 'passwdtest'
resp = f.submit(extra_environ=dict(REMOTE_ADDR='0.0.0.0'))
# Need to forget the objects we created, save ones that need saving
pid = p.id
old_hash = p.password_hash
db_session.expunge_all()
# check that the password was changed
p = Person.find_by_id(pid)
assert p.password_hash != old_hash
# check that the confirmatin record is gone
crecs = PasswordResetConfirmation.find_by_email(p.email_address)
assert crecs is None
def test_registration_confirmation(self, app, db_session):
# insert registration model object
p = PersonFactory(activated=False)
db_session.commit()
# visit the link
resp = app.get('/person/confirm/' + p.url_hash)
assert 'Thanks for confirming your account' in unicode(resp.body, 'utf-8')
# Need to forget the objects we created
db_session.expunge_all()
# test that it's activated
r = Person.find_by_id(p.id)
assert r.activated == True
def test_registration_confirmation(self, app, db_session):
# insert registration model object
p = PersonFactory(activated=False)
db_session.commit()
# visit the link
resp = app.get('/person/confirm/' + p.url_hash)
assert 'Thanks for confirming your account' in unicode(
resp.body, 'utf-8')
# Need to forget the objects we created
db_session.expunge_all()
# test that it's activated
r = Person.find_by_id(p.id)
assert r.activated == True
def test_confirm_reset(self, app, db_session):
"""Test confirmation of a password reset that should succeed"""
# create a confirmation record
p = PersonFactory()
# set the timestamp to just under 24 hours ago
stamp = datetime.now() - timedelta(days=0.9)
c = PasswordResetConfirmationFactory(email_address=p.email_address,
timestamp=stamp)
db_session.commit()
resp = app.get(
url_for(controller='person',
action='reset_password',
url_hash=c.url_hash))
# showing the email on the page
assert c.email_address in unicode(resp.body, 'utf-8')
f = resp.form
f['password'] = '******'
f['password_confirm'] = 'test'
resp = f.submit(extra_environ=dict(REMOTE_ADDR='0.0.0.0'))
resp = resp.maybe_follow()
# check for success
assert "Your password has been updated" in unicode(resp.body, 'utf-8')
# Need to forget the objects we created, save portions we need
pid = p.id
old_password_hash = p.password_hash
db_session.expunge_all()
# conf rec should be gone
crecs = PasswordResetConfirmation.find_by_email(c.email_address)
assert crecs is None
# password should be changed
p = Person.find_by_id(pid)
assert p.password_hash == old_password_hash
def test_confirm_reset(self, app, db_session):
"""Test confirmation of a password reset that should succeed"""
# create a confirmation record
p = PersonFactory()
# set the timestamp to just under 24 hours ago
stamp = datetime.now() - timedelta(days=0.9)
c = PasswordResetConfirmationFactory(email_address=p.email_address, timestamp=stamp)
db_session.commit()
resp = app.get(url_for(controller='person',
action='reset_password',
url_hash=c.url_hash))
# showing the email on the page
assert c.email_address in unicode(resp.body, 'utf-8')
f = resp.forms['reset-form']
f['password'] = '******'
f['password_confirm'] = 'test'
resp = f.submit(extra_environ=dict(REMOTE_ADDR='0.0.0.0'))
resp = resp.maybe_follow()
# check for success
assert "Your password has been updated" in unicode(resp.body, 'utf-8')
# Need to forget the objects we created, save portions we need
pid = p.id
old_password_hash = p.password_hash
db_session.expunge_all()
# conf rec should be gone
crecs = PasswordResetConfirmation.find_by_email(c.email_address)
assert crecs is None
# password should be changed
p = Person.find_by_id(pid)
assert p.password_hash == old_password_hash
def test_create_person(self, app, db_session, smtplib):
"""Test the process of creating new persons. """
# get the home page
resp = app.get('/person/signin')
# click on the 'create new account' link
resp = resp.click('Sign up')
# fill out the form
f = resp.form
f['person.email_address'] = '*****@*****.**'
f['person.firstname'] = 'Testguy'
f['person.lastname'] = 'McTest'
f['person.password'] = '******'
f['person.password_confirm'] = 'test'
f['person.phone'] = '123'
f['person.mobile'] = '123'
f['person.address1'] = 'here'
f['person.city'] = 'there'
f['person.postcode'] = '1234'
f['person.country'] = 'AUSTRALIA'
f['person.i_agree'] = '1'
resp = f.submit(extra_environ=dict(REMOTE_ADDR='0.0.0.0'))
# did we get an appropriate page?
resp = resp.maybe_follow() # Shake out redirects
assert "Check your email" in unicode(resp.body, 'utf-8')
# check our email
assert smtplib.existing is not None
message = smtplib.existing
# check that it went to the right place
assert "*****@*****.**" in message.to_addresses
# check that the message has the to address in it
to_match = re.match(r'^.*To:.*[email protected].*', message.message, re.DOTALL)
assert to_match is not None
# check that the message has the user's name
name_match = re.match(r'^.*Testguy.*McTest', message.message, re.DOTALL)
assert name_match is not None
# check that the message was renderered without HTML, i.e.
# as a fragment and thus no autohandler crap
html_match = re.match(r'^.*<!DOCTYPE', message.message, re.DOTALL)
assert html_match is None
# check that the message has a url hash in it
match = re.match(r'^.*/person/confirm/(\S+)', message.message, re.DOTALL)
assert match is not None
# visit the url
resp = app.get('/person/confirm/%s' % match.group(1))
# check the rego worked
reg = Person.find_by_email('*****@*****.**')
assert reg is not None
assert reg.activated == True
# We should be automatically signed in
assert isSignedIn(app)
# Log out, so we can log in again
resp = resp.goto('/person/signout')
resp = resp.maybe_follow()
assert not isSignedIn(app)
# Ensure login works
resp = resp.click('Sign in')
f = resp.forms['signin-form']
f['person.email_address'] = '*****@*****.**'
f['person.password'] = '******'
resp = f.submit(extra_environ=dict(REMOTE_ADDR='0.0.0.0'))
assert 'details are incorrect' not in resp
assert isSignedIn(app)
def test_create_person(self, app, db_session, smtplib):
"""Test the process of creating new persons. """
# get the home page
resp = app.get('/person/signin')
# click on the 'create new account' link
resp = resp.click('Sign up')
# fill out the form
f = resp.form
f['person.email_address'] = '*****@*****.**'
f['person.firstname'] = 'Testguy'
f['person.lastname'] = 'McTest'
f['person.password'] = '******'
f['person.password_confirm'] = 'test'
f['person.phone'] = '123'
f['person.mobile'] = '123'
f['person.address1'] = 'here'
f['person.city'] = 'there'
f['person.postcode'] = '1234'
f['person.country'] = 'AUSTRALIA'
f['person.i_agree'] = '1'
resp = f.submit(extra_environ=dict(REMOTE_ADDR='0.0.0.0'))
# did we get an appropriate page?
resp = resp.maybe_follow() # Shake out redirects
assert "Check your email" in unicode(resp.body, 'utf-8')
# check our email
assert smtplib.existing is not None
message = smtplib.existing
# check that it went to the right place
assert "*****@*****.**" in message.to_addresses
# check that the message has the to address in it
to_match = re.match(r'^.*To:.*[email protected].*', message.message,
re.DOTALL)
assert to_match is not None
# check that the message has the user's name
name_match = re.match(r'^.*Testguy.*McTest', message.message,
re.DOTALL)
assert name_match is not None
# check that the message was renderered without HTML, i.e.
# as a fragment and thus no autohandler crap
html_match = re.match(r'^.*<!DOCTYPE', message.message, re.DOTALL)
assert html_match is None
# check that the message has a url hash in it
match = re.match(r'^.*/person/confirm/(\S+)', message.message,
re.DOTALL)
assert match is not None
# visit the url
resp = app.get('/person/confirm/%s' % match.group(1))
# check the rego worked
reg = Person.find_by_email('*****@*****.**')
assert reg is not None
assert reg.activated == True
# We should be automatically signed in
assert isSignedIn(app)
# Log out, so we can log in again
resp = resp.goto('/person/signout')
resp = resp.maybe_follow()
assert not isSignedIn(app)
# Ensure login works
resp = resp.click('Sign in')
f = resp.forms[1]
f['person.email_address'] = '*****@*****.**'
f['person.password'] = '******'
resp = f.submit(extra_environ=dict(REMOTE_ADDR='0.0.0.0'))
assert 'details are incorrect' not in resp
assert isSignedIn(app)
