def test_login_logout(self): self.create_users() with self.flask_app.test_client() as c: resp = c.post('/accounts/login/', data={ 'username': '******', 'password': '******', }) self.assertEqual(auth.get_logged_in_user(), self.normal) resp = c.post('/accounts/logout/') self.assertEqual(auth.get_logged_in_user(), None) resp = c.post('/accounts/login/', data={ 'username': '******', 'password': '******', }) self.assertEqual(auth.get_logged_in_user(), self.admin) # log back in without logging out resp = c.post('/accounts/login/', data={ 'username': '******', 'password': '******', }) self.assertEqual(auth.get_logged_in_user(), self.normal)
def test_admin_required(self): self.create_users() with self.flask_app.test_client() as c: resp = c.get('/secret/') self.assertEqual(resp.status_code, 302) self.assertTrue(resp.headers['location'].endswith('/accounts/login/?next=%2Fsecret%2F')) self.login('normal', 'normal', c) resp = c.get('/secret/') self.assertEqual(resp.status_code, 302) self.assertTrue(resp.headers['location'].endswith('/accounts/login/?next=%2Fsecret%2F')) self.assertEqual(auth.get_logged_in_user(), self.normal) self.login('admin', 'admin', c) resp = c.get('/secret/') self.assertEqual(resp.status_code, 200) self.assertEqual(auth.get_logged_in_user(), self.admin)
def test_login_view(self): self.create_users() with self.flask_app.test_client() as c: resp = c.get('/accounts/login/') self.assertEqual(resp.status_code, 200) # check that we have no logged-in user self.assertContext('user', None) frm = self.get_context('form') self.assertTrue(isinstance(frm, LoginForm)) self.assertEqual(frm.data, {'username': None, 'password': None}) # make a post missing the username resp = c.post('/accounts/login/', data={ 'username': '', 'password': '******', }) self.assertEqual(resp.status_code, 200) # check form for errors frm = self.get_context('form') self.assertEqual(frm.errors, {'username': [u'This field is required.']}) # check that no messages were generated self.assertFalse('_flashes' in session) # check that the auth API does not indicate a logged-in user self.assertEqual(auth.get_logged_in_user(), None) # make a post with a bad username/password combo resp = c.post('/accounts/login/', data={ 'username': '******', 'password': '******', }) self.assertEqual(resp.status_code, 200) # both fields were present so no form errors, but flash the user # indicating bad username/password combo self.assertTrue('_flashes' in session) messages = get_flashed_messages() self.assertEqual(messages, [ 'Incorrect username or password', ]) # check that the auth API does not indicate a logged-in user self.assertEqual(auth.get_logged_in_user(), None) # make a post with an inactive user resp = c.post('/accounts/login/', data={ 'username': '******', 'password': '******', }) self.assertEqual(resp.status_code, 200) # still no logged-in user self.assertContext('user', None) # check that the auth API does not indicate a logged-in user self.assertEqual(auth.get_logged_in_user(), None) # finally post as a known good user resp = c.post('/accounts/login/', data={ 'username': '******', 'password': '******', }) self.assertEqual(resp.status_code, 302) # check that we now have a logged-in user self.assertEqual(auth.get_logged_in_user(), self.normal)