def test_set_last_name_invalid_type(app):
user = User('*****@*****.**', 'blah')
with pytest.raises(TypeError) as e:
user.last_name = 555
assert str(e.value) == 'Last name must be string.'
def test_set_zip_code_invalid_type(app):
user = User('*****@*****.**', 'blah')
with pytest.raises(TypeError) as e:
user.zip_code = 56601
assert str(e.value) == 'ZIP code must be string.'
def test_set_role_invalid_type(app):
user = User('*****@*****.**', 'blah')
with pytest.raises(TypeError) as e:
user.role = "ADMIN"
assert 'Role must be integer value from this set: ' in str(e.value)
def test_unset_role(app):
user = User('*****@*****.**', 'blah')
with pytest.raises(TypeError) as e:
user.role = None
assert 'Role must be integer value from this set: ' in str(e.value)
def test_set_phone_invalid_format(app):
user = User('*****@*****.**', 'blah')
with pytest.raises(ValueError) as e:
user.phone = '0111222333'
assert 'Phone must have format' in str(e.value)
def test_set_phone_invalid_type(app):
user = User('*****@*****.**', 'blah')
with pytest.raises(TypeError) as e:
user.phone = 111222333
assert str(e.value) == 'Phone must be string.'
def add_user():
try:
user = User()
user.user_name = request.form.get('user_name', None)
user.devices = request.form.get('device_name', None)
user.email = request.form.get('email', None)
user.password = request.form.get('password', None)
user.image = request.form.get('image', '')
user.token = hash(user.email + user.password)
user.add()
return jsonify(user=dict(
id=user.id,
token=user.token,
email=user.email,
user_name=user.user_name,
photo=
'https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png'
)), 201
except IntegrityError as ex:
if ex.orig.pgcode == '23505': # duplicate user
return jsonify(message=ex.args), 409
elif ex.orig.pgcode == '23502': # required fields
return jsonify(message=ex.args), 400
else:
return jsonify(message=ex.args), 400
except Exception as ex:
return jsonify(message=ex.args), 500
def test_get_other_user(client: FlaskClient):
user = users.add(User('*****@*****.**', 'poaa'))
user.active = True
other_user = users.add(
User(email='*****@*****.**',
password='******',
first_name='Tibor',
last_name='Mikita',
phone='+421111222333',
street='Kosicka',
zip_code='06601',
city='Humenne',
country=Country.SK,
date_of_birth=datetime.date(1994, 5, 25)))
other_user.active = True
r = client.post('/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json')
payload = r.json
access_token = payload['access_token']
r = client.get(f'/api/users/{other_user.id}',
headers={'Authorization': f'Bearer {access_token}'})
payload = r.json
assert r.status_code == status.HTTP_400_BAD_REQUEST
assert payload['message'] == 'You cannot get user profile of other person.'
def register_user_cellphone(user_id: int):
''' generates cellphone_validation_code, idempotent (could be used for resend cellphone_validation_code)
allows just 1 user per cellphone validation!
'''
post_data = request.get_json()
if not post_data:
raise InvalidPayload()
cellphone_number = post_data.get('cellphone_number')
cellphone_cc = post_data.get('cellphone_cc')
if not cellphone_number or not cellphone_cc:
raise InvalidPayload()
user = User.get(user_id)
if user.cellphone_validation_date and user.cellphone_number == cellphone_number and user.cellphone_cc == cellphone_cc:
raise BusinessException(
message=
'Registered. You have already registered this cellphone number.')
cellphone_validation_code, cellphone_validation_code_expiration = User.generate_cellphone_validation_code(
)
with session_scope(db.session) as session:
user.cellphone_number = cellphone_number
user.cellphone_cc = cellphone_cc
user.cellphone_validation_code = cellphone_validation_code
user.cellphone_validation_code_expiration = cellphone_validation_code_expiration
user.cellphone_validation_date = None
if not current_app.testing:
from project.api.common.utils.twilio import send_cellphone_verification_code
send_cellphone_verification_code(user, cellphone_validation_code)
return {
'status': 'success',
'message': 'Successfully sent validation code.'
}
def seed_db():
"""Seeds the database."""
event_desc = EventDescriptor(id=1,
name="Seed Events Name",
description="Seed db Event from {1}")
db.session.add(event_desc)
group = Group(name="Group Name")
db.session.add(group)
user1 = User(username='******',
email="*****@*****.**",
password="******",
cellphone_number="98983510",
cellphone_cc="+598")
user2 = User(username='******', email="*****@*****.**", password="******")
user3 = User(username='******', email="*****@*****.**", password="******")
db.session.add(user1)
db.session.add(user2)
db.session.add(user3)
user_group_association1 = UserGroupAssociation(user=user1, group=group)
db.session.add(user_group_association1)
user_group_association2 = UserGroupAssociation(user=user2, group=group)
db.session.add(user_group_association2)
user_group_association3 = UserGroupAssociation(user=user3, group=group)
db.session.add(user_group_association3)
db.session.commit()
def register_user():
app.logger.info("request:[%s],[%s],[%s]" %
(request.headers, request.args, request.json))
# json:post,args:get,header have format
# import pydevd
# pydevd.settrace('192.168.3.1', port=12345, stdoutToServer=True, stderrToServer=True)
# get identify code
if request.method == 'GET':
account = request.args.get("account")
if account is None:
app.logger.error("missing something")
abort(400) # missing phone_num
ret = User.register_user(account, None, None)
return jsonify(ret)
elif request.method == 'POST':
account = request.json.get('account')
identify_code = request.json.get('identify_code')
password = request.json.get('passwd')
if account is None or identify_code is None or password is None:
app.logger.error("missing something")
abort(400)
ret = User.register_user(account, identify_code, password)
return jsonify(ret)
def test_set_zip_code_long(app):
user = User('*****@*****.**', 'blah')
with pytest.raises(ValueError) as e:
user.zip_code = '066666'
assert str(e.value) == 'ZIP code must contain 5 numbers.'
def user_create():
data = req_helper.force_json_key_list('username', 'password', 'email',
'name', 'kind')
# If trying to create a non-costumer without token
if data['kind'] is not User.COSTUMER:
if 'token' not in data:
abort(make_response(jsonify(message="Missing token!"), 403))
usr = User.usr_from_token(data['token'])
# if token is not valid or user cannot create users
if not usr or not usr.canEditUsers():
abort(make_response(jsonify(message="Invalid token!"), 403))
if not data['username'].strip():
req_helper.throw_operation_failed("Username empty!")
if not data['password'].strip() or len(data['password']) < 4:
req_helper.throw_operation_failed(
"Password empty or shorter than 4 chars!")
user = User.create(data['username'], data['password'], data['name'],
data['email'], data['kind'])
if user:
return jsonify(message="Ok!", id=user.get_id(), kind=user.kind)
else:
abort(
make_response(jsonify(message="Username taken or invalid kind!"),
400))
def test_getUser(self):
p = User(1,
'Perceval',
'De Galle',
'*****@*****.**',
'sloubi',
paths='')
db.session.add(p)
db.session.commit()
rv = self.app.get('/users/1')
assert "401 Unauthorized" in rv.data
self.login('*****@*****.**', 'sloubi')
rv = self.app.get('/users/1')
assert '{"email": "*****@*****.**", "firstName": "Perceval", "id": 1, "lastName": "De Galle", "password": "******"}' in rv.data
rv = self.app.get('/users/2')
assert "404 Not Found" in rv.data
p2 = User(2,
'Karadoc',
'De Vanne',
'*****@*****.**',
'jambon',
paths='')
db.session.add(p2)
db.session.commit()
rv = self.app.get('/users/2')
assert "403 Forbidden" in rv.data
def set_standalone_user(user_id: int):
''' changes user password when logged in'''
post_data = request.get_json()
if not post_data:
raise InvalidPayload()
username = post_data.get('username')
pw_old = post_data.get('old_password')
pw_new = post_data.get('new_password')
if not username or not pw_old or not pw_new:
raise InvalidPayload()
# fetch the user data
user = User.get(user_id)
if not user.fb_id:
raise NotFoundException(
message='Must be a facebook user login. Please try again.')
# fetch the user data
user = User.get(user_id)
if not bcrypt.check_password_hash(user.password, pw_old):
raise NotFoundException(message='Invalid password. Please try again.')
if not User.first(User.username == username):
with session_scope(db.session):
user.username = username
user.password = bcrypt.generate_password_hash(
pw_new, current_app.config.get('BCRYPT_LOG_ROUNDS')).decode()
return {
'status': 'success',
'message': 'Successfully changed password.',
}
else:
raise BusinessException(
message=
'Sorry. That username already exists, choose another username')
def password_reset():
''' reset user password (assumes login=email)'''
post_data = request.get_json()
if not post_data:
raise InvalidPayload()
token = post_data.get('token')
pw_new = post_data.get('password')
if not token or not pw_new:
raise InvalidPayload()
# fetch the user data
user_id = User.decode_password_token(token)
user = User.get(user_id)
if not user or not user.token_hash or not bcrypt.check_password_hash(
user.token_hash, token):
raise NotFoundException(message='Invalid reset. Please try again.')
with session_scope(db.session):
user.password = bcrypt.generate_password_hash(
pw_new, current_app.config.get('BCRYPT_LOG_ROUNDS')).decode()
user.token_hash = None
return {
'status': 'success',
'message': 'Successfully reset password.',
}
def add_user(_):
post_data = request.get_json()
if not post_data:
raise InvalidPayload()
username = post_data.get('username')
email = post_data.get('email')
password = post_data.get('password')
try:
user = User.first(or_(User.username == username, User.email == email))
if not user:
userModel = User(username=username, email=email, password=password)
db.session.add(userModel)
db.session.commit()
response_object = {
'status': 'success',
'message': f'{email} was added!'
}
return response_object, 201
else:
raise BusinessException(
message='Sorry. That email or username already exists.')
except (exc.IntegrityError, ValueError):
db.session.rollback()
raise InvalidPayload()
def test_set_city_invalid_type(app):
user = User('*****@*****.**', 'blah')
with pytest.raises(TypeError) as e:
user.city = 555
assert str(e.value) == 'City must be string.'
def test_set_active_invalid_type(app):
user = User('*****@*****.**', 'blah')
with pytest.raises(TypeError) as e:
user.active = 'True'
assert str(e.value) == 'Active flag must be boolean.'
def test_unset_active(app):
user = User('*****@*****.**', 'blah')
with pytest.raises(TypeError) as e:
user.active = None
assert str(e.value) == 'Active flag must be boolean.'
def test_delUser(self):
p = User(1,
'Perceval',
'De Galle',
'*****@*****.**',
'sloubi',
paths='')
db.session.add(p)
db.session.commit()
self.login('*****@*****.**', 'sloubi')
rv = self.app.delete('/users/1')
assert 'User [email protected] deleted' in rv.data
rv = self.app.get('/users/1')
assert "404 Not Found" in rv.data or "401 Unauthorized" in rv.data
p2 = User(2,
'Karadoc',
'De Vanne',
'*****@*****.**',
'jambon',
paths='')
db.session.add(p2)
db.session.commit()
rv = self.app.delete('/users/2')
assert "401 Unauthorized" in rv.data
def test_set_date_of_birth_invalid_type(app):
user = User('*****@*****.**', 'blah')
with pytest.raises(TypeError) as e:
user.date_of_birth = '19.2.2018'
assert str(e.value) == 'Date of birth must be date.'
def test_set_country_invalid_type(app):
user = User('*****@*****.**', 'blah')
with pytest.raises(TypeError) as e:
user.country = 'SK'
assert 'Country must be integer value from this set:' in str(e.value)
def create_users(csvfile, dep_id):
if not (User.query.filter(User.email == "*****@*****.**").first()):
user = User(name="Главный", surname="Самый", email="*****@*****.**", phone="+79215729636",
password=generate_password_hash("1234"))
db.session.add(user)
db.session.commit()
user_dep_id = UserDepartment(user_id=user.id, department_id=Department.query.filter(
Department.name == "Московское").first().id, post="Руководитель Федерального Отделения",
employment_date=datetime.date.today(), dismissal_date=None)
db.session.add(user_dep_id)
db.session.commit()
with open(csvfile, newline='') as csvfile:
r = csv.reader(csvfile, delimiter=';')
for row in r:
db.session.add(
User(name=row[1], surname=row[0], email=row[2], phone=row[3], password=generate_password_hash("1234")))
db.session.commit()
if row[4] == "":
row[4] = None
if row[5] == "":
row[5] = None
if len(row) > 6:
if row[6] == "":
row[6] = None
if row[7] == "":
row[7] = None
db.session.add(
UserDepartment(user_id=User.query.filter(User.email == row[2]).first().id, department_id=int(dep_id),
post="Пользователь", employment_date=row[4], dismissal_date=row[5]))
db.session.commit()
def test_set_active(app):
user = User('*****@*****.**', 'blah')
assert user.active is False
user.active = True
assert user.active is True
def test_unset_date_of_birth(app):
user = User('*****@*****.**', 'blah', date_of_birth=datetime.date(1996, 2, 20))
assert user.date_of_birth is not None
user.date_of_birth = None
assert user.date_of_birth is None
def test_unset_country(app):
user = User('*****@*****.**', 'blah', country=Country.SK)
assert user.country is not None
user.country = None
assert user.zip_code is None
def test_set_country(app):
user = User('*****@*****.**', 'blah')
assert user.country is None
user.country = Country.SK
assert user.country == Country.SK
def test_set_date_of_birth(app):
user = User('*****@*****.**', 'blah')
assert user.date_of_birth is None
user.date_of_birth = datetime.date(1996, 2, 20)
assert user.date_of_birth == datetime.date(1996, 2, 20)
def test_unset_city(app):
user = User('*****@*****.**', 'blah', city='Humenne')
assert user.city is not None
user.city = None
assert user.city is None
def signup():
"""
Signup
---
tags:
- user
parameters:
- name: body
in: body
description: username, email and password for signup
required: true
schema:
id: UserSignup
required:
- username
- email
- password
properties:
username:
type: string
pattern: ^[\w.]+$
example: babyknight
maxLength: 32
email:
type: string
example: [email protected]
password:
type: string
example: baby123
minLength: 3
maxLength: 32
responses:
201:
description: Successfully registered
400:
description: Bad request
406:
description: Username or email already exist
"""
data = request.json
username = data['username']
email = data['email']
password = data['password']
if User.query.filter_by(email=email).first():
return jsonify(errors='email already exist'), 406
try:
user_obj = User(username=username, email=email)
user_obj.hash_password(password)
db.session.add(user_obj)
db.session.commit()
except IntegrityError:
return jsonify(errors='username already exist'), 406
return '', 201
def add_user():
try:
user = User()
user.user_name = request.form.get('user_name', None)
user.devices = request.form.get('device_name', None)
user.email = request.form.get('email', None)
user.password = request.form.get('password', None)
user.image = request.form.get('image', '')
user.token = hash(user.email + user.password)
user.add()
return jsonify(user=dict(id=user.id,
token=user.token,
email=user.email,
user_name=user.user_name,
photo='https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png')), 201
except IntegrityError as ex:
if ex.orig.pgcode == '23505': # duplicate user
return jsonify(message=ex.args), 409
elif ex.orig.pgcode == '23502': # required fields
return jsonify(message=ex.args), 400
else:
return jsonify(message=ex.args), 400
except Exception as ex:
return jsonify(message=ex.args), 500
def load_user(request):
from project.models.user import User
token = request.headers.get('authorization', '')
if token:
user_entry = User.get(token=token)
if user_entry:
user_entry.is_authenticated = True
return user_entry
def test_reset_password(self):
user = User(password='******', name='username', id=104)
key = 'sample_secret_key'
expire_reset_token = user.generate_reset_token(key, -10)
self.assertFalse(user.reset_password(key, expire_reset_token, 'new_password'))
self.assertTrue(user.verify_password('userpassword'))
reset_token = user.generate_reset_token(key, 3600)
self.assertTrue(user.reset_password(key, reset_token, 'new_password'))
self.assertTrue(user.verify_password('new_password'))
def test_confirm(self):
user = User(password='******', id = 103)
key = 'sample_secret_key'
expire_confirm_token = user.generate_confirmation_token(key, -10)
self.assertFalse(user.confirm(key, expire_confirm_token))
confirm_token = user.generate_confirmation_token(key, 3600)
self.assertFalse(user.confirm(key, 'wrong_token'))
self.assertTrue(user.confirm(key, confirm_token))
def test_verify_auth_token(self, mock_session, mock_query):
user = User(email="*****@*****.**", password='******', id = 32)
key = 'sample_secret_key'
expire_auth_token = user.generate_auth_token(key, -10)
self.assertFalse(user.verify_auth_token(key, expire_auth_token))
auth_token = user.generate_auth_token(key, 3600)
self.assertIsNone(User.verify_auth_token(key, 'wrong_token'))
mock_query.get.return_value = user
auth_user = User.verify_auth_token(key, auth_token)
mock_query.get.assert_called_with(32)
self.assertEqual(auth_user, user)
def login():
try:
email = request.form.get('email', '')
password = request.form.get('password', '')
if email and password:
user_obj = User.get(email=email, password=password)
if user_obj:
return jsonify(user=dict(id=user_obj.id,
token=user_obj.token,
email=user_obj.email,
user_name=user_obj.user_name,
photo='https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_272x92dp.png'))\
, 200
else:
return jsonify(message='Not Found!'), 404
else:
return jsonify(meesage='email or Password are required'), 400
except Exception as ex:
return jsonify(message=ex.args), 500
def test_save(self, mock_session, mock_query):
user = User(name='username', password='******', email='*****@*****.**')
user.save(True)
mock_session.add.assert_called_with(user)
self.assertTrue(mock_session.commit.called)
def test_verify_password(self):
user = User(name='username', password='******')
self.assertFalse(user.verify_password('wrong _password'))
self.assertTrue(user.verify_password('userpassword_20'))
