def login(): repository = Repository() if current_user.is_authenticated: stations = repository.owned_stations(current_user.get_id()) # list of stations l = " ".join(f"{s['name']}({s['station_id']})" for s in stations) app.logger.info("Authenticated user %s, owner of %s" % (current_user.username, l)) return render_template("login.html", user=current_user, stations=stations) form = LoginForm() if form.validate_on_submit(): app.logger.info( "Login requested for user %s, pass=%s, remember_me=%s" % (form.username.data, form.password.data, form.remember.data)) user = repository.read_user(user=form.username.data) if user is None: app.logger.info("Login failed: invalid username: %s" % form.username.data) flash("Invalid username.") return redirect(url_for("login")) u = ApplicationUser(user) if not u.check_password(form.password.data): app.logger.info("Login failed: invalid password %s for user %s" % (form.password.data, form.username.data)) flash("Invalid password.") return redirect(url_for("login")) if u.role == UserRole.BANNED: app.logger.info( "Login failed: attempt to login into disabled account %s" % form.username.data) flash("Account disabled.") return redirect(url_for("login")) app.logger.info("Login successful for user %s" % form.username.data) login_user(u, remember=form.remember.data) next_page = request.args.get("next") if not next_page or url_parse(next_page).netloc != "": next_page = url_for("index") return redirect(next_page) return render_template("login.html", form=form)
def test_user(self, repository: Repository): """Test if user data can be retrieved automatically.""" nonexistent = repository.read_user(user="******") self.assertIsNone(nonexistent) nonexistent = repository.read_user(user=6) self.assertIsNone(nonexistent) user1 = repository.read_user(user="******") self.assertEqual(user1['username'], 'clarke') self.assertEqual( user1['digest'], 'pbkdf2:sha256:150000$Ij6XJyek$d6a0cd085e6955843a9c3224ccf24088852207d55bb056aa0b544168f94860b8' ) # sha256('password') self.assertEqual(user1['email'], '*****@*****.**') self.assertEqual(user1['role'], UserRole.ADMIN) user2 = repository.read_user(user=3) self.assertEqual(user2['username'], 'clarke') self.assertEqual( user2['digest'], 'pbkdf2:sha256:150000$Ij6XJyek$d6a0cd085e6955843a9c3224ccf24088852207d55bb056aa0b544168f94860b8' ) # sha256('password') self.assertEqual(user2['email'], '*****@*****.**') self.assertEqual(user2['role'], UserRole.ADMIN) self.assertEqual(user1, user2) # UserRole field is enum, better be safe and check all possible combinations. user = repository.read_user(user='******') self.assertEqual(user['role'], UserRole.REGULAR) user = repository.read_user(user='******') self.assertEqual(user['role'], UserRole.OWNER) user = repository.read_user(user='******') self.assertEqual(user['role'], UserRole.BANNED)
def load_user(user_id): rep = Repository() u = rep.read_user(user=user_id) if u: return ApplicationUser(u) return None