def test_valid_reset_token(self):
u = Utente(password='******')
db.session.add(u)
db.session.commit()
token = u.generate_reset_token()
self.assertTrue(Utente.reset_password(token, 'dog'))
self.assertTrue(u.verify_password('dog'))
def test_expired_confirmation_token(self):
u = Utente(password='******')
db.session.add(u)
db.session.commit()
token = u.generate_confirmation_token(1)
time.sleep(2)
self.assertFalse(u.confirm(token))
def test_invalid_reset_token(self):
u = Utente(password='******')
db.session.add(u)
db.session.commit()
token = u.generate_reset_token()
self.assertFalse(Utente.reset_password(token + 'a', 'horse'))
self.assertTrue(u.verify_password('cat'))
def test_valid_email_change_token(self):
u = Utente(email='*****@*****.**', password='******')
db.session.add(u)
db.session.commit()
token = u.generate_email_change_token('*****@*****.**')
self.assertTrue(u.change_email(token))
self.assertTrue(u.email == '*****@*****.**')
def setUp(self):
self.app = create_app('testing')
self.app_context = self.app.app_context()
self.app_context.push()
db.create_all()
Ruolo.insert_roles()
Utente.insert_test_users()
def test_ping(self):
u = Utente(password='******')
db.session.add(u)
db.session.commit()
time.sleep(2)
last_seen_before = u.last_seen
u.ping()
self.assertTrue(u.last_seen > last_seen_before)
def test_duplicate_email_change_token(self):
u1 = Utente(email='*****@*****.**', password='******')
u2 = Utente(email='*****@*****.**', password='******')
db.session.add(u1)
db.session.add(u2)
db.session.commit()
token = u2.generate_email_change_token('*****@*****.**')
self.assertFalse(u2.change_email(token))
self.assertTrue(u2.email == '*****@*****.**')
def setUp(self):
self.app = create_app('testing')
self.app_context = self.app.app_context()
self.app_context.push()
db.create_all()
Tag.insert_test_tags()
Corso.insert_test_corsi()
Serata.insert_test_serate()
Ruolo.insert_roles()
Utente.insert_test_users()
self.client = self.app.test_client()
def register():
form = RegistrationForm()
if form.validate_on_submit():
user = Utente(email=form.email.data.lower(),
username=form.username.data,
password=form.password.data)
db.session.add(user)
db.session.commit()
#Token e mail
token = user.generate_confirmation_token()
send_email(user.email, 'Conferma registrazione',
'/email/confirm', user=user, token=token)
flash('Una mail di conferma è stata inviata', 'success')
return redirect(url_for('auth.login'))
return render_template('register.html', form=form)
def test_token_auth(self):
# add a user
r = Ruolo.query.filter_by(name='Utente').first()
self.assertIsNotNone(r)
u = Utente(email='*****@*****.**', password='******', confirmed=True,
ruolo=r)
db.session.add(u)
db.session.commit()
# issue a request with a bad token
response = self.client.get(
'/api/v1/posts/',
headers=self.get_api_headers('bad-token', ''))
self.assertEqual(response.status_code, 401)
# get a token
response = self.client.post(
'/api/v1/tokens/',
headers=self.get_api_headers('*****@*****.**', 'cat'))
self.assertEqual(response.status_code, 200)
json_response = json.loads(response.get_data(as_text=True))
self.assertIsNotNone(json_response.get('token'))
token = json_response['token']
# issue a request with the token
response = self.client.get(
'/api/v1/posts/',
headers=self.get_api_headers(token, ''))
self.assertEqual(response.status_code, 200)
def test_timestamps(self):
u = Utente(password='******')
db.session.add(u)
db.session.commit()
self.assertTrue(
(datetime.utcnow() - u.member_since).total_seconds() < 3)
self.assertTrue((datetime.utcnow() - u.last_seen).total_seconds() < 3)
def test_user_role(self):
u = Utente(email='*****@*****.**', password='******')
self.assertTrue(u.can(Permission.FOLLOW))
self.assertTrue(u.can(Permission.COMMENT))
self.assertTrue(u.can(Permission.WRITE))
self.assertFalse(u.can(Permission.MODERATE))
self.assertFalse(u.can(Permission.ADMIN))
def test_posts(self):
# add a user
r = Ruolo.query.filter_by(name='Utente').first()
self.assertIsNotNone(r)
u = Utente(email='*****@*****.**', password='******', confirmed=True,
ruolo=r)
db.session.add(u)
db.session.commit()
# write an empty post
response = self.client.post(
'/api/v1/posts/',
headers=self.get_api_headers('*****@*****.**', 'cat'),
data=json.dumps({'body': ''}))
self.assertEqual(response.status_code, 400)
# write a post
response = self.client.post(
'/api/v1/posts/',
headers=self.get_api_headers('*****@*****.**', 'cat'),
data=json.dumps({'body': 'body of the *blog* post'}))
self.assertEqual(response.status_code, 201)
url = response.headers.get('Location')
self.assertIsNotNone(url)
# get the new post
response = self.client.get(
url,
headers=self.get_api_headers('*****@*****.**', 'cat'))
self.assertEqual(response.status_code, 200)
json_response = json.loads(response.get_data(as_text=True))
self.assertEqual('http://localhost' + json_response['url'], url)
self.assertEqual(json_response['body'], 'body of the *blog* post')
self.assertEqual(json_response['body_html'],
'<p>body of the <em>blog</em> post</p>')
json_post = json_response
# get the post from the user
response = self.client.get(
'/api/v1/utenti/{}/posts/'.format(u.id),
headers=self.get_api_headers('*****@*****.**', 'cat'))
self.assertEqual(response.status_code, 200)
json_response = json.loads(response.get_data(as_text=True))
self.assertIsNotNone(json_response.get('posts'))
self.assertEqual(json_response.get('count', 0), 1)
self.assertEqual(json_response['posts'][0], json_post)
# edit post
response = self.client.put(
url,
headers=self.get_api_headers('*****@*****.**', 'cat'),
data=json.dumps({'body': 'updated body'}))
self.assertEqual(response.status_code, 200)
json_response = json.loads(response.get_data(as_text=True))
self.assertEqual('http://localhost' + json_response['url'], url)
self.assertEqual(json_response['body'], 'updated body')
self.assertEqual(json_response['body_html'], '<p>updated body</p>')
def test_administrator_role(self):
r = Ruolo.query.filter_by(name='Administrator').first()
u = Utente(email='*****@*****.**', password='******', ruolo=r)
self.assertTrue(u.can(Permission.FOLLOW))
self.assertTrue(u.can(Permission.COMMENT))
self.assertTrue(u.can(Permission.WRITE))
self.assertTrue(u.can(Permission.MODERATE))
self.assertTrue(u.can(Permission.ADMIN))
def password_reset(token):
if not current_user.is_anonymous:
return redirect(url_for('main.index'))
form = PasswordResetForm()
if form.validate_on_submit():
if Utente.reset_password(token, form.password.data):
db.session.commit()
flash('Password aggiornata', 'success')
return redirect(url_for('utenti.login'))
else:
return redirect(url_for('main.index'))
return render_template('reset_password.html', form=form)
def verify_password(email_or_token, password):
if email_or_token == '':
return False
if password == '':
g.current_user = Utente.verify_auth_token(email_or_token)
g.token_used = True
return g.current_user is not None
user = Utente.query.filter_by(email=email_or_token.lower()).first()
if not user:
return False
g.current_user = user
g.token_used = False
return user.verify_password(password)
def test_invalid_confirmation_token(self):
u1 = Utente(password='******')
u2 = Utente(password='******')
db.session.add(u1)
db.session.add(u2)
db.session.commit()
token = u1.generate_confirmation_token()
self.assertFalse(u2.confirm(token))
def test_unconfirmed_account(self):
# add an unconfirmed user
r = Ruolo.query.filter_by(name='Utente').first()
self.assertIsNotNone(r)
u = Utente(email='*****@*****.**', password='******', confirmed=False,
ruolo=r)
db.session.add(u)
db.session.commit()
# get list of posts with the unconfirmed account
response = self.client.get(
'/api/v1/posts/',
headers=self.get_api_headers('*****@*****.**', 'cat'))
self.assertEqual(response.status_code, 403)
def test_bad_auth(self):
# add a user
r = Ruolo.query.filter_by(name='Utente').first()
self.assertIsNotNone(r)
u = Utente(email='*****@*****.**', password='******', confirmed=True,
ruolo=r)
db.session.add(u)
db.session.commit()
# authenticate with bad password
response = self.client.get(
'/api/v1/posts/',
headers=self.get_api_headers('*****@*****.**', 'dog'))
self.assertEqual(response.status_code, 401)
def test_users(self):
# add two users
r = Ruolo.query.filter_by(name='Utente').first()
self.assertIsNotNone(r)
u1 = Utente(email='*****@*****.**', username='******',
password='******', confirmed=True, ruolo=r)
u2 = Utente(email='*****@*****.**', username='******',
password='******', confirmed=True, ruolo=r)
db.session.add_all([u1, u2])
db.session.commit()
# get users
response = self.client.get(
'/api/v1/utenti/{}'.format(u1.id),
headers=self.get_api_headers('*****@*****.**', 'dog'))
self.assertEqual(response.status_code, 200)
json_response = json.loads(response.get_data(as_text=True))
self.assertEqual(json_response['username'], 'john')
response = self.client.get(
'/api/v1/utenti/{}'.format(u2.id),
headers=self.get_api_headers('*****@*****.**', 'dog'))
self.assertEqual(response.status_code, 200)
json_response = json.loads(response.get_data(as_text=True))
self.assertEqual(json_response['username'], 'susan')
def test_gravatar(self):
u = Utente(email='*****@*****.**', password='******')
with self.app.test_request_context('/'):
gravatar = u.gravatar()
gravatar_256 = u.gravatar(size=256)
gravatar_pg = u.gravatar(rating='pg')
gravatar_retro = u.gravatar(default='retro')
self.assertTrue('https://secure.gravatar.com/avatar/' +
'd4c74594d841139328695756648b6bd6' in gravatar)
self.assertTrue('s=256' in gravatar_256)
self.assertTrue('r=pg' in gravatar_pg)
self.assertTrue('d=retro' in gravatar_retro)
def users(count=100):
fake = Faker('it_IT')
i = 0
while i < count:
u = Utente(email=fake.email(),
username=fake.user_name(),
password='******',
confirmed=True,
name=fake.name(),
location=fake.city(),
about_me=fake.text(),
member_since=fake.past_date())
db.session.add(u)
try:
db.session.commit()
i += 1
except IntegrityError:
db.session.rollback()
def test_password_salts_are_random(self):
u = Utente(password='******')
u2 = Utente(password='******')
self.assertTrue(u.password_hash != u2.password_hash)
def test_password_setter(self):
u = Utente(password='******')
self.assertTrue(u.password_hash is not None)
def create_test_db():
print("Start creating test db")
FLASK_CONFIG = os.getenv("FLASK_CONFIG", "None")
app = create_app(FLASK_CONFIG)
app_context = app.app_context()
app_context.push()
from project.serate.models import Serata
from project.corsi.models import Corso
from project.tags.models import Tag
from project.ruoli.models import Ruolo
from project.utenti.models import Utente
from project.blog.models import Post
from project.commenti.models import Comment
from random import randint
from faker import Faker
try:
user_list = Utente.query.all()
course_list = Corso.query.all()
post_list = Post.query.all()
comment_list = Comment.query.all()
post_list = Post.query.all()
ruolo_list = Ruolo.query.all()
print("DB Tables already exists")
except Exception as message:
print(f"No db data exist, inserting them:")
def users(count=100):
fake = Faker("it_IT")
i = 0
while i < count:
u = Utente(
email=fake.email(),
username=fake.user_name(),
password="******",
confirmed=True,
name=fake.name(),
location=fake.city(),
about_me=fake.text(),
member_since=fake.past_date(),
)
db.session.add(u)
try:
db.session.commit()
i += 1
except IntegrityError:
db.session.rollback()
def posts(count=100):
fake = Faker("it_IT")
user_count = Utente.query.count()
for i in range(count):
u = Utente.query.offset(randint(0, user_count - 1)).first()
p = Post(body=fake.text(),
timestamp=fake.past_date(),
author=u)
db.session.add(p)
db.session.commit()
def comments(count=100):
fake = Faker("it_IT")
user_count = Utente.query.count()
post_count = Post.query.count()
for i in range(count):
u = Utente.query.offset(randint(0, user_count - 1)).first()
p = Post.query.offset(randint(0, post_count - 1)).first()
c = Comment(body=fake.text(),
timestamp=fake.past_date(),
post=p,
author=u)
db.session.add(c)
db.session.commit()
print("Creating structure")
db.create_all()
db.session.commit()
print("Creating roles")
Ruolo.insert_roles()
print("Creating fake users")
users(2)
print("Creating test users")
Utente.insert_test_users()
print("Creating tags")
Tag.insert_test_tags()
print("Creating corsi")
Corso.insert_test_corsi()
print("Creating serate")
Serata.insert_test_serate()
print("Creating posts fake")
posts(3)
print("Creating commenti fake")
comments(3)
print("\nDB Dummy data inserted succesfully")
db.session.remove()
app_context.pop()
def test_comments(self):
# add two users
r = Ruolo.query.filter_by(name='Utente').first()
self.assertIsNotNone(r)
u1 = Utente(email='*****@*****.**', username='******',
password='******', confirmed=True, ruolo=r)
u2 = Utente(email='*****@*****.**', username='******',
password='******', confirmed=True, ruolo=r)
db.session.add_all([u1, u2])
db.session.commit()
# add a post
post = Post(body='body of the post', author=u1)
db.session.add(post)
db.session.commit()
# write a comment
response = self.client.post(
'/api/v1/posts/{}/comments/'.format(post.id),
headers=self.get_api_headers('*****@*****.**', 'dog'),
data=json.dumps({'body': 'Good [post](http://example.com)!'}))
self.assertEqual(response.status_code, 201)
json_response = json.loads(response.get_data(as_text=True))
url = response.headers.get('Location')
self.assertIsNotNone(url)
self.assertEqual(json_response['body'],
'Good [post](http://example.com)!')
self.assertEqual(
re.sub('<.*?>', '', json_response['body_html']), 'Good post!')
# get the new comment
response = self.client.get(
url,
headers=self.get_api_headers('*****@*****.**', 'cat'))
self.assertEqual(response.status_code, 200)
json_response = json.loads(response.get_data(as_text=True))
self.assertEqual('http://localhost' + json_response['url'], url)
self.assertEqual(json_response['body'],
'Good [post](http://example.com)!')
# add another comment
comment = Comment(body='Thank you!', author=u1, post=post)
db.session.add(comment)
db.session.commit()
# get the two comments from the post
response = self.client.get(
'/api/v1/posts/{}/commenti/'.format(post.id),
headers=self.get_api_headers('*****@*****.**', 'dog'))
self.assertEqual(response.status_code, 200)
json_response = json.loads(response.get_data(as_text=True))
self.assertIsNotNone(json_response.get('comments'))
self.assertEqual(json_response.get('count', 0), 2)
# get all the comments
response = self.client.get(
'/api/v1/posts/{}/commenti/'.format(post.id),
headers=self.get_api_headers('*****@*****.**', 'dog'))
self.assertEqual(response.status_code, 200)
json_response = json.loads(response.get_data(as_text=True))
self.assertIsNotNone(json_response.get('comments'))
self.assertEqual(json_response.get('count', 0), 2)
def test_no_password_getter(self):
u = Utente(password='******')
with self.assertRaises(AttributeError):
u.password
def test_password_verification(self):
u = Utente(password='******')
self.assertTrue(u.verify_password('cat'))
self.assertFalse(u.verify_password('dog'))
if CREATE_ALL:
# Utilizzo dell'application factory
app = create_app('development')
app_context = app.app_context()
app_context.push()
print("Creating structure")
db.create_all()
print("Creating roles")
Ruolo.insert_roles()
print("Creating fake users")
users(20)
print("Creating test users")
Utente.insert_test_users()
print("Creating tags")
Tag.insert_test_tags()
print("Creating corsi")
Corso.insert_test_corsi()
print("Creating serate")
Serata.insert_test_serate()
print("Creating posts fake")
posts()
print("Creating commenti fake")
comments()
def test_valid_confirmation_token(self):
u = Utente(password='******')
db.session.add(u)
db.session.commit()
token = u.generate_confirmation_token()
self.assertTrue(u.confirm(token))