def new_thread():
""" Used to create new threads for discussion. """
if request.method == 'POST':
form = ThreadForm(request.form)
if form.validate():
thread = form.populated_object()
if current_user.is_active() and len(form.display_name.data) == 0:
thread.user = current_user
#TODO Put Role dropdown box in Python form
role_display_hash = request.form['role']
thread.role = Role.query.filter(Role.display_hash==role_display_hash).first()
db.session.add(thread)
db.session.commit()
return redirect(url_for('thread', display_hash=thread.display_hash, title=thread.slug()))
if request.method == 'GET':
form = ThreadForm()
if current_user.is_active():
roles = current_user.roles
else:
roles = None
return render_template('new_thread.html', form=form, roles=roles, action=url_for('new_thread'))
def thread(display_hash=None, title=None):
""" Add comments to an existing thread. """
if display_hash is None:
abort(404)
thread = Thread.query.filter(Thread.display_hash==display_hash).first()
if not thread:
abort(404)
if not current_user.is_active() and thread.user is not None and \
thread.role is not None and thread.role not in current_user.roles:
abort(403)
if request.method == 'POST':
form = PostForm(request.form)
if form.validate():
post = form.populated_object()
post.thread = thread
thread.last_updated = post.date_created
if current_user.is_active():
post.user = current_user
post.display_name = None
db.session.add(post)
db.session.commit()
anchor = 'p' + str(post.display_hash)
return redirect(url_for('thread', display_hash=thread.display_hash, title=thread.slug(), _anchor=anchor))
if request.method == 'GET':
form = PostForm()
return render_template('thread.html', thread=thread, form=form)
def index():
if current_user and current_user.is_active() and current_user.active_member:
# is an aproved member
user = DB.User.query.get(current_user.id)
return render_template('my_account/overview.html', user=user)
elif current_user and current_user.is_active():
# is logged in but not aproved yet
return render_template('my_account/waiting_aproval.html')
else:
# is not logged in
return redirect(url_for_security('login'))
def index():
if current_user and current_user.is_active() and current_user.active_member:
# is an aproved member
user = DB.User.query.get(current_user.id)
return render_template('my_account/overview.html', user=user)
elif current_user and current_user.is_active():
# is logged in but not aproved yet
return render_template('my_account/waiting_aproval.html')
else:
# is not logged in
return redirect(url_for_security('login'))
def _is_admin():
is_admin = False
user_db = UserDB()
if current_user.is_authenticated() and current_user.is_active():
admin_group = user_db.get_group(mainApp.config['ADMIN_GROUP'])
is_admin = user_db.in_group(current_user, admin_group)
return is_admin
def get_data():
event = request.json['event']
# print request.headers
if event == 'random_user':
# Exclude me, my like users, users that don't show and my subscriptions
if current_user.is_authenticated() and current_user.is_active():
exclude_list = [current_user.login]
exclude_list.extend(current_user.users_like)
exclude_list.extend(current_user.following)
fields = ['sid', 'login', 'birthday', 'description']
fields_from_base = {field: '$' + field for field in fields}
all_users = mongo.db.users.aggregate([
{"$group": {"_id": fields_from_base}}
])
clear_users = [user[u'_id'] for user in all_users['result'] if user[u'_id'][u'login'] not in exclude_list]
random_user = random.choice(clear_users)
random_user['age'] = age(random_user['birthday'])
return jsonify(result='OK', user=random_user)
else:
return jsonify(result='None', data="User is not authenticated", event=event, user=str(_get_user()))
return jsonify(status="No response", event=event)
def test_sign_out(client):
sign_up(username='******', password='******')
with client:
sign_in(username='******', password='******')
logout_user()
assert not current_user.is_active()
assert current_user.is_anonymous()
def test_correct_login(self):
with self.client:
response = self.client.post("/login", data=dict(username="******", password="******"), follow_redirects=True)
self.assertIn(b"You were logged in", response.data)
self.assertTrue(current_user.name == "admin")
self.assertTrue(current_user.is_active())
def test_logout(self):
with self.client:
response = self.client.post(
'/login', data=dict(username="******", password="******"), follow_redirects=True)
response = self.client.get('/logout', follow_redirects=True)
self.assertTrue(b'You were just logged out' in response.data)
self.assertFalse(current_user.is_active())
def test_can_login(self):
"""Test user can login."""
with self.client:
response = self.login()
self.assertEqual(response.status_code, 200)
self.assertTrue(current_user.is_active())
self.assertTrue(current_user.email == self.email)
def test_update_password(self):
# Ensure update password behaves correctly.
with self.client:
self.client.post('/login',
data=dict(
email='*****@*****.**',
password='******',
),
follow_redirects=True)
self.client.post('/password',
data=dict(password='******',
confirm='updated_student_password'),
follow_redirects=True)
self.client.get('/logout', follow_redirects=True)
response = self.client.post(
'/login',
data=dict(
email='*****@*****.**',
password='******',
),
follow_redirects=True)
self.assertIn(b'<h1>Welcome, <em>[email protected]</em>!</h1>',
response.data)
self.assertTrue(current_user.email == '*****@*****.**')
self.assertTrue(current_user.is_authenticated())
self.assertTrue(current_user.is_active())
self.assertFalse(current_user.is_anonymous())
self.assertTrue(current_user.is_student())
self.assertFalse(current_user.is_teacher())
self.assertFalse(current_user.is_admin())
self.assertEqual(response.status_code, 200)
def test_update_password2(self):
# Ensure update password behaves correctly.
with self.client:
self.client.post(
'/login',
data=dict(
email='*****@*****.**',
password='******',
),
follow_redirects=True
)
response = self.client.post(
'/password',
data=dict(
password='******',
confirm='short'
),
follow_redirects=True
)
self.assertIn(
b'<h1>Update Password</h1>',
response.data
)
self.assertIn(
b'Field must be between 6 and 25 characters long.',
response.data
)
self.assertTrue(current_user.email == '*****@*****.**')
self.assertTrue(current_user.is_authenticated())
self.assertTrue(current_user.is_active())
self.assertFalse(current_user.is_anonymous())
self.assertTrue(current_user.is_student())
self.assertFalse(current_user.is_teacher())
self.assertFalse(current_user.is_admin())
self.assertEqual(response.status_code, 200)
def test_logout(self):
with self.client:
self.client.post("/login", data=dict(username="******", password="******"), follow_redirects=True)
response = self.client.get("/logout", follow_redirects=True)
self.assertIn(b"You were logged out", response.data)
self.assertFalse(current_user.is_active())
def test_sign_out(client):
sign_up(username='******', password='******')
with client:
sign_in(username='******', password='******')
logout_user()
assert not current_user.is_active()
assert current_user.is_anonymous()
def test_logout_behaves_correctly(self):
# Ensure logout behaves correctly, regarding the session
with self.client:
self.client.post("/login", data=dict(email="*****@*****.**", password="******"), follow_redirects=True)
response = self.client.get("/logout", follow_redirects=True)
self.assertIn("You were logged out. Bye!", response.data)
self.assertFalse(current_user.is_active())
def decorated_function(*args, **kwargs):
s = get_state()
if mainApp.config['REQUIRE_LOGIN_FOR_DYNAMIC'] and not s.icebox:
if not current_user.is_authenticated() or not \
current_user.is_active():
return redirect(url_for('login.login_page', next=request.url))
return f(*args, **kwargs)
def get_data():
event = request.json['event']
# print request.headers
if event == 'random_user':
# Exclude me, my like users, users that don't show and my subscriptions
if current_user.is_authenticated() and current_user.is_active():
exclude_list = [current_user.login]
exclude_list.extend(current_user.users_like)
exclude_list.extend(current_user.following)
fields = ['sid', 'login', 'birthday', 'description']
fields_from_base = {field: '$' + field for field in fields}
all_users = mongo.db.users.aggregate([{
"$group": {
"_id": fields_from_base
}
}])
clear_users = [
user[u'_id'] for user in all_users['result']
if user[u'_id'][u'login'] not in exclude_list
]
random_user = random.choice(clear_users)
random_user['age'] = age(random_user['birthday'])
return jsonify(result='OK', user=random_user)
else:
return jsonify(result='None',
data="User is not authenticated",
event=event,
user=str(_get_user()))
return jsonify(status="No response", event=event)
def _social_authorized(provider, data):
if provider not in social.providers:
abort(404)
if data is None:
flash('You denied the request to sign in.')
return redirect(url_for('login'))
token = data.get('access_token', data.get('oauth_token', ''))
secret = data.get('oauth_token_secret', '')
setattr(g, '%s_token' % provider, token)
setattr(g, '%s_secret' % provider, secret)
if current_user.is_active():
getattr(current_user, 'link_%s' % provider)(data)
flash('%s has been linked with your account!' % provider)
return redirect(url_for('my_apps'))
user = getattr(User, 'from_%s' % provider)(data)
if user:
login_user(user)
flash('You were signed in!')
# FIXME: redirect to wherever the user was
return redirect(url_for('home'))
def test_user_registration_error(self):
# Ensure registration behaves correctly.
token = stripe.Token.create(
card={
'number': '4242424242424242',
'exp_month': '06',
'exp_year': str(datetime.datetime.today().year + 1),
'cvc': '123',
}
)
with self.client:
response = self.client.post(
'/register',
data=dict(
email="*****@*****.**",
password="******",
confirm="testing",
card_number="4242424242424242",
cvc="123",
expiration_month="01",
expiration_year="2015",
stripeToken=token.id,
),
follow_redirects=True
)
user = User.query.filter_by(email='*****@*****.**').first()
self.assertEqual(user.email, '*****@*****.**')
self.assertTrue(user.paid)
self.assertIn('Thanks for paying!', response.data)
self.assertTrue(current_user.email == "*****@*****.**")
self.assertTrue(current_user.is_active())
self.assertEqual(response.status_code, 200)
def test_user_registration(self):
# Ensure registration behaves correctly.
with self.client:
response = self.client.post(
'/auth/register',
data=dict(
email='*****@*****.**',
username='******',
password='******',
confirm='testing'
),
follow_redirects=True
)
self.assertIn(b'Thank you for registering.\n', response.data)
self.assertIn(
b'<li><a href="/auth/logout">Logout</a></li>\n',
response.data
)
self.assertNotIn(
b'<li><a href="/auth/login"><span class="glyphicon glyphicon-user"></span> Register/Login</a></li>\n',
response.data
)
self.assertTrue(current_user.email == '*****@*****.**')
self.assertTrue(current_user.is_active())
self.assertEqual(response.status_code, 200)
def test_logout(self):
"""Test user can logout."""
with self.client:
self.login()
response = self.client.get('/users/logout', follow_redirects=True)
self.assertIn(b'You were logged out', response.data)
self.assertFalse(current_user.is_active())
def is_accessible(self):
if not current_user.is_active() or not current_user.is_authenticated():
return False
if current_user.has_role('admin'):
return True
return False
def test_can_login(self):
"""Test user can login."""
with self.client:
response = self.login()
self.assertEqual(response.status_code, 200)
self.assertIn(b'You are now logged in.', response.data)
self.assertTrue(current_user.is_active())
self.assertTrue(current_user.email == '*****@*****.**')
def index(reddit=None):
if current_user.is_active():
if current_user.has_confirmed_signup:
return home()
return redirect(url_for('root.signup'))
return landing(reddit)
def is_available(cls, username):
blog = cls.query.filter_by(username=username).first()
available = blog is None
if current_user.is_active() and not available:
# It's available if the user asking owns it
available = current_user.id == blog.id
# But not if it's been added to reserved list
return available and not username in RESERVED_SLUGS
def is_accessible(self):
if not current_user.is_active() or not current_user.is_authenticated():
return False
if current_user.username == "test":
return True
return False
def test_logout(self):
with self.client:
self.client.post('/login',
data=dict(username="******", password="******"),
follow_redirects=True)
response = self.client.get('/logout', follow_redirects=True)
self.assertIn(b'You were logged out', response.data)
self.assertFalse(current_user.is_active())
def test_logout(self):
""" Ensure logout behaves correctly """
data = {"password" : "admin", "email" : "*****@*****.**"}
with self.client:
self.client.post('/api/v1/sessions',data=data)
resp = self.client.delete('/api/v1/sessions')
self.assertIn(b'You were logged out', resp.data)
self.assertFalse(current_user.is_active())
def is_available(cls, username):
blog = cls.query.filter_by(username=username).first()
available = blog is None
if current_user.is_active() and not available:
# It's available if the user asking owns it
available = current_user.id == blog.id
# But not if it's been added to reserved list
return available and not username in RESERVED_SLUGS
def test_user_registeration(self):
with self.client:
response = self.client.post('/register', data=dict(username='******', email='*****@*****.**', password='******', confirm='password'), follow_redirects=True)
self.assertIn(b'Congrats on your new account!', response.data)
self.assertTrue(current_user.name == "Testname")
self.assertTrue(current_user.is_active())
user = User.query.filter_by(email='*****@*****.**').first()
self.assertTrue(str(user) == '<name> Testname')
def is_accessible(self):
if not current_user.is_active() or not current_user.is_authenticated():
return False
if current_user.username == "test":
return True
return False
def test_user_signup(self):
with self.client:
response = self.client.post("/signup", data=dict(username="******", email="*****@*****.**", password="******", confirm="password"), follow_redirects=True)
self.assertIn(b"You just added user <strong>Testname</strong>", response.data)
self.assertTrue(current_user.name == "Testname")
self.assertTrue(current_user.is_active())
user = User.query.filter_by(email="*****@*****.**").first()
self.assertTrue(str(user) == "<name> Testname")
def test_correct_login(self):
with self.client:
response = self.client.post(
'/login',
data=dict(username="******", password="******"),
follow_redirects=True
)
self.assertIn(b'Hi, admin!', response.data)
self.assertTrue(current_user.is_active())
def test_user_registeration(self):
with self.client:
response = self.client.post('register/', data = dict(
username = '******', email = '*****@*****.**',
password = '******', confirm = 'python'
), follow_redirects = True)
self.assertIn(b'Welcome to Flask!', response.data)
self.assertTrue(current_user.name == "Michael")
self.assertTrue(current_user.is_active())
def serialize_date(self, date):
if date:
if current_user.is_active():
utc = pytz.utc.localize(date)
localized = utc.astimezone(current_user.get_tz())
return localized.isoformat()
return date.isoformat()
return None
def test_logout_works(self):
with self.client:
self.client.post(
'/login',
data=dict(username='******', password='******'),
follow_redirects=True)
response = self.client.get('/logout', follow_redirects=True)
self.assertIn('You were just logged out', response.data)
self.assertFalse(current_user.is_active())
def test_user_registeration(self):
with self.client:
response = self.client.post('register/', data=dict(
username='******', email='*****@*****.**',
password='******', confirm='python'
), follow_redirects=True)
self.assertIn(b'Welcome to Flask!', response.data)
self.assertTrue(current_user.name == "Michael")
self.assertTrue(current_user.is_active())
def test_correct_login(self):
with self.client:
response = self.client.post('/login', data=dict(
email="*****@*****.**", password="******"
), follow_redirects=True)
self.assertIn(b'Welcome', response.data)
self.assertTrue(current_user.email = "*****@*****.**")
self.assertTrue(current_user.is_active())
self.assertTrue(response.status_code == 200)
def decorated_view(*args, **kwargs):
if not current_user.is_authenticated() or not session.get('user_id'):
return redirect(url_for('home.index'))
if current_user.is_authenticated() and not current_user.is_active():
flash('Votre compte est desactive. Contactez votre administrateur', 'danger')
return redirect(url_for('user.logout'))
return func(*args, **kwargs)
def test_correct_login(self):
with self.client:
response = self.client.post('/login',
data=dict(username='******',
password='******'),
follow_redirects=True)
self.assertIn(b'You were just logged in :)', response.data)
self.assertTrue(current_user.name == 'admin')
self.assertTrue(current_user.is_active())
def serialize_date(self, date):
if date:
if current_user.is_active():
utc = pytz.utc.localize(date)
localized = utc.astimezone(current_user.get_tz())
return localized.isoformat()
return date.isoformat()
return None
def test_predict_case(self):
with self.client:
response = self.client.post('/pressao',
data=dict(batimentos=80, calorias=60),
follow_redirects=True)
self.assertIn(b'Welcome to Flask!', response.data)
self.assertTrue(current_user.name == "Michael")
self.assertTrue(current_user.is_active())
user = User.query.filter_by(email='*****@*****.**').first()
self.assertTrue(str(user) == '<name - Michael>')
def decorated_view(*args, **kwargs):
if not current_user.is_authenticated() or not session.get('user_id'):
return redirect(url_for('home.index'))
if current_user.is_authenticated() and not current_user.is_active():
flash('Votre compte est desactive. Contactez votre administrateur',
'danger')
return redirect(url_for('user.logout'))
return func(*args, **kwargs)
def test_logout_behaves_correctly(self):
# Ensure logout behaves correctly, regarding the session
with self.client:
self.client.post('/login',
data=dict(email="*****@*****.**",
password="******"),
follow_redirects=True)
response = self.client.get('/logout', follow_redirects=True)
self.assertIn('You were logged out. Bye!', response.data)
self.assertFalse(current_user.is_active())
def test_correct_login(self):
# Ensure login behaves correctly with correct credentials.
with self.client:
response = self.client.post('/login',
data=dict(email="*****@*****.**",
password="******"),
follow_redirects=True)
self.assertTrue(current_user.email == "*****@*****.**")
self.assertTrue(current_user.is_active())
self.assertEqual(response.status_code, 200)
def test_user_registeration(self):
""" Ensure user can register """
data = {"password" : "password", "invite" : "invite", "email" : "*****@*****.**"}
with self.client:
resp = self.client.post("/api/v1/users", data=data)
self.assertEqual(resp.status_code, 201)
self.assertEqual(current_user.email, data["email"])
self.assertTrue(current_user.is_active())
user = User.query.filter_by(email=data["email"]).first()
self.assertTrue(user.email == data["email"])
def test_sign_in(client):
with pytest.raises(NoResultFound) as exc:
sign_in(username='******', password='******')
sign_up(username='******', password='******')
with client:
sign_in(username='******', password='******')
assert current_user.is_active()
assert not current_user.is_anonymous()
assert current_user.username == 'testuser'
def test_logout_behaves_correctly(self):
with self.client:
self.client.post('/login', data=dict(
email="*****@*****.**", password="******"
), follow_redirects=True)
response = self.client.get('/logout', follow_redirects=True)
self.assertIn(b'You were logged out.', response.data)
self.assertFalse(current_user.is_active()
if __name__ == '__main__':
unittest.main()
def test_correct_login(self):
""" Ensure login behaves correctly with correct credentials """
data = {"password" : "admin", "email" : "*****@*****.**"}
with self.client:
resp = self.client.post(
'/api/v1/sessions',
data=data)
self.assertEquals(201, resp.status_code)
self.assertIn(b'You were logged in', resp.data)
self.assertTrue(current_user.email == "*****@*****.**")
self.assertTrue(current_user.is_active())
def decorated_view(*args, **kwargs):
if current_user.is_active() is False:
flash('SVP confirmez votre compte!', 'warning')
return redirect(url_for('user_param.unconfirmed'))
if not current_user.is_authenticated() or not session.get('user_id'):
flash('Connectez-vous SVP.', 'danger')
return redirect(url_for('user.logout'))
if not current_user.is_authenticated() and session.get('user_id'):
flash('Connectez-vous SVP.', 'danger')
return redirect(url_for('user.logout'))
if current_user.is_authenticated() and not current_user.is_active():
flash('Votre compte est desactive. Contactez votre administrateur',
'danger')
return redirect(url_for('user.logout'))
return func(*args, **kwargs)
def test_user_registration(self):
# Ensure registration behaves correctlys.
with self.client:
response = self.client.post('/register',
data=dict(email="*****@*****.**",
password="******",
confirm="testing"),
follow_redirects=True)
self.assertIn(b'Welcome', response.data)
self.assertTrue(current_user.email == "*****@*****.**")
self.assertTrue(current_user.is_active())
self.assertEqual(response.status_code, 200)
def test_user_registration(self):
with self.client:
response = self.client.post('/register',
data=dict(username='******',
email='*****@*****.**',
password='******',
confirm='python'),
follow_redirects=True)
self.assertIn(b'Welcome!', response.data)
self.assertTrue(current_user.name == "Dennis")
self.assertTrue(current_user.is_active())
user = User.query.filter_by(email='*****@*****.**').first()
self.assertTrue(str(user) == '<name - Dennis>')
def test_user_registration(self):
with self.client:
response = self.client.post('/register',
data=dict(
username="******",
email="*****@*****.**",
password="******",
confirm='admin1'),
follow_redirects=True)
# print response.data
self.assertIn(b'Welcome to Flask!', response.data)
self.assertTrue(current_user.name == "michael")
self.assertTrue(current_user.is_active())
def save_timezone():
if current_user and current_user.is_active():
timezone = unicode(request.form.get("timezone")).strip()
if timezone in pytz.country_timezones("US"):
current_user.timezone = timezone
current_user.save()
return jsonify({'message': 'Timezone updated.'})
else:
return jsonify(
{'message': 'Unrecognized timezone, please try again.'})
else:
return jsonify(
{'message': 'Error updating timezone, please try again.'})
def test_correct_login(self):
# Ensure login behaves correctly with correct credentials.
with self.client:
response = self.client.post(
'/login',
data=dict(email="*****@*****.**", password="******"),
follow_redirects=True
)
self.assertIn('Welcome', response.data)
self.assertIn('Logout', response.data)
self.assertIn('Members', response.data)
self.assertTrue(current_user.email == "*****@*****.**")
self.assertTrue(current_user.is_active())
self.assertEqual(response.status_code, 200)
def index(self):
"""
Index of admin panel
Show welcome message or redirect to login or register if no user yet
"""
# no user? redirect to register
if not User.objects.first():
return redirect(url_for('.register'))
# no user logged in? redirect to login
if not current_user.is_authenticated():
return redirect(url_for('.login'))
# default = index.html
return self.render("index.html",
login=current_user.login,
active=current_user.is_active())
