def register(): if request.method == 'POST': username = request.form.get('username') password = request.form.get('password') psswd_cf = request.form.get('psswd_cf') email = request.form.get('email') error = None if not username or not password: error = 'Username and password are required!' elif not psswd_cf: error = 'Confirm your password!' elif not email: error = 'Provide an email for possible recover of passwords!' elif password != psswd_cf: error = 'Password does not match its confirmation!' elif get_db().execute('SELECT id from users WHERE username = ?', (username, )).fetchone() is not None: error = 'User {} is already registered!'.format(username) if error is None: get_db().execute( 'INSERT INTO users (username, email, password) VALUES (?, ?, ?)', (username, email, generate_password_hash(password))) get_db().commit() return redirect(url_for('auth.login')) flash(error) return render_template('auth/register.html')
def test_get_close_db(app): with app.app_context(): db = get_db() assert db is get_db() with pytest.raises(sqlite3.ProgrammingError) as error: db.execute('SELECT 1') assert 'closed' in str(error.value)
def test_user_required(app, client, auth): with app.app_context(): get_db().execute('UPDATE accounts SET user_id = 2 WHERE id = 1') get_db().commit() auth.login() assert client.post('/1/update').status_code == 403 assert client.post('/1/updated').status_code == 403 assert client.post('/1/delete').status_code == 403
def app(): db_fd, db_path = tempfile.mkstemp() app = create_app({ 'TESTING': True, 'DATABASE': db_path, }) with app.app_context(): init_db() get_db().executescript(_data_sql) yield app os.close(db_fd) os.unlink(db_path)
def load_logged_in_user(): user_id = session.get('user_id') if user_id is None: g.user = None else: g.user = get_db().execute('SELECT * FROM users WHERE id = ?', (user_id, )).fetchone()
def update(id): account = get_account(id) psswd_len = random.SystemRandom().randint(int(account['psswd_min']), int(account['psswd_max'])) password = ''.join(random.SystemRandom().choice(chars) for x in range(psswd_len)) last_password = account['password'] get_db().execute( 'UPDATE accounts SET last_password = ?, password = ?, updated = 0 WHERE id = ?', ( last_password, password, id, )) get_db().commit() return redirect(url_for('index'))
def test_delete(client, auth, app): auth.login() response = client.post('/1/delete') assert response.headers['Location'] == 'http://localhost/' with app.app_context(): account = get_db().execute( 'SELECT * FROM accounts WHERE id = 1').fetchone() assert account is None
def index(): accounts = get_db().execute( 'SELECT accounts.id as id,' ' accounts.account as account,' ' accounts.password as password,' ' accounts.last_password as last_password,' ' accounts.updated as updated FROM accounts' ' INNER JOIN users ON users.id = accounts.user_id' ' WHERE user_id = ?', (session.get('user_id'), )).fetchall() return render_template('generator/index.html', accounts=accounts)
def new_account(): if request.method == 'POST': account = request.form.get('account').capitalize() psswd_min = request.form.get('psswd_min') psswd_max = request.form.get('psswd_max') error = None if not account: error = 'Account name required!' elif not psswd_min or not psswd_max: error = 'Set password boundaries!' elif int(psswd_min) > int(psswd_max): error = 'Password minimum length must be smaller than password maximum length!' elif int(psswd_min) < 2 or int(psswd_max) > 25: error = 'Password boundaries must be between 2 and 25!' elif get_db().execute( 'SELECT id FROM accounts WHERE account = ? AND user_id = ?', ( account, session.get('user_id'), )).fetchone() is not None: error = 'Account already registered!' if error is None: psswd_len = random.SystemRandom().randint(int(psswd_min), int(psswd_max)) password = ''.join(random.SystemRandom().choice(chars) for x in range(psswd_len)) last_password = '******' get_db().execute( 'INSERT INTO accounts (user_id, account, psswd_min, psswd_max, password, last_password, updated) VALUES (?, ?, ?, ?, ?, ?, ?)', (session.get('user_id'), account, psswd_min, psswd_max, password, last_password, 0)) get_db().commit() return redirect(url_for('index')) flash(error) return render_template('generator/new_account.html')
def get_account(id, check_user=True): account = get_db().execute( 'SELECT * FROM accounts' ' INNER JOIN users ON users.id = accounts.user_id' ' WHERE accounts.id = ?', (id, )).fetchone() if account is None: abort(404, 'Account id {0}, does not exist!'.format(id, )) if check_user and account['user_id'] != g.user['id']: abort(403) return account
def test_register(client, app): assert client.get('/auth/register').status_code == 200 response = client.post('/auth/register', data={ 'username': '******', 'email': '*****@*****.**', 'password': '******', 'psswd_cf': 'a' }) assert 'http://localhost/auth/login' == response.headers['Location'] with app.app_context(): assert get_db().execute("SELECT * FROM users WHERE username = '******'", ).fetchone() is not None
def test_new_account(client, auth, app): auth.login() assert client.get('/new_account').status_code == 200 response = client.post('/new_account', data={ 'account': 'a', 'psswd_min': '5', 'psswd_max': '10' }) assert response.headers['Location'] == 'http://localhost/' with app.app_context(): assert get_db().execute("SELECT * FROM accounts WHERE account = 'A'" ).fetchone() is not None
def login(): if request.method == 'POST': username = request.form.get('username') password = request.form.get('password') error = None user = get_db().execute('SELECT * FROM users WHERE username = ?', (username, )).fetchone() if user is None: error = 'Incorrect username!' elif not check_password_hash(user['password'], password): error = 'Incorrect password!' if error is None: session.clear() session['user_id'] = user['id'] return redirect(url_for('index')) flash(error) return render_template('auth/login.html')
def updated(id): get_account(id) get_db().execute('UPDATE accounts SET updated = 1 WHERE id = ?', (id, )) get_db().commit() return redirect(url_for('index'))
def delete(id): get_account(id) get_db().execute('DELETE FROM accounts WHERE id = ?', (id, )) get_db().commit() return redirect(url_for('index'))