def test_reset_password(client_session): client, session = client_session # GET method rv = client.get('/reset_password') assert rv.status_code == 200 assert b'If you are a registered user, we are going to send' in rv.data # POST method # check that we raise an error if the email does not exist rv = client.post('/reset_password', data={'email': '*****@*****.**'}) assert rv.status_code == 200 assert b'You can sign-up instead.' in rv.data # set a user to "asked" access level user = get_user_by_name(session, 'test_user') user.access_level = 'asked' session.commit() rv = client.post('/reset_password', data={'email': user.email}) assert rv.status_code == 200 assert b'Your account has not been yet approved.' in rv.data # set back the account to 'user' access level user.access_level = 'user' session.commit() rv = client.post('/reset_password', data={'email': user.email}) with client.session_transaction() as cs: flash_message = dict(cs['_flashes']) assert flash_message['message'] == ('An email to reset your password has ' 'been sent') assert rv.status_code == 302 assert rv.location == 'http://localhost/login' with client.application.app_context(): with mail.record_messages() as outbox: rv = client.post('/reset_password', data={'email': user.email}) assert len(outbox) == 1 assert 'click on the link to reset your password' in outbox[0].body # get the link to reset the password reg_exp = re.search("http://localhost/reset/.*", outbox[0].body) reset_password_link = reg_exp.group() # remove the part with 'localhost' for the next query reset_password_link = reset_password_link[reset_password_link. find('/reset'):] # check that we can reset the password using the previous link # GET method rv = client.get(reset_password_link) assert rv.status_code == 200 assert b'Change my password' in rv.data # POST method new_password = '******' rv = client.post(reset_password_link, data={'password': new_password}) assert rv.status_code == 302 assert rv.location == 'http://localhost/login' # make a commit to be sure that the update has been done session.commit() user = get_user_by_name(session, 'test_user') assert check_password(new_password, user.hashed_password)
def test_add_user(session_scope_function): name = 'test_user' password = '******' lastname = 'Test' firstname = 'User' email = '*****@*****.**' access_level = 'asked' add_user(session_scope_function, name=name, password=password, lastname=lastname, firstname=firstname, email=email, access_level=access_level) user = get_user_by_name(session_scope_function, name) assert user.name == name assert check_password(password, user.hashed_password) assert user.lastname == lastname assert user.firstname == firstname assert user.email == email assert user.access_level == access_level # check that a team was automatically added with the new user team = get_team_by_name(session_scope_function, name) assert team.name == name assert team.admin_id == user.id
def test_add_user(session_scope_function): name = 'test_user' password = '******' lastname = 'Test' firstname = 'User' email = '*****@*****.**' access_level = 'asked' add_user(session_scope_function, name=name, password=password, lastname=lastname, firstname=firstname, email=email, access_level=access_level) user = get_user_by_name(session_scope_function, name) assert user.name == name assert check_password(password, user.hashed_password) assert user.lastname == lastname assert user.firstname == firstname assert user.email == email assert user.access_level == access_level # check that a team was automatically added with the new user team = get_team_by_name(session_scope_function, name) assert team.name == name assert team.admin_id == user.id # check that we get an error if we try to add the same user with pytest.raises(NameClashError, match='email is already in use'): add_user(session_scope_function, name=name, password=password, lastname=lastname, firstname=firstname, email=email, access_level=access_level) # check that the checking is case insensitive with pytest.raises(NameClashError, match='email is already in use'): add_user(session_scope_function, name=name, password=password, lastname=lastname, firstname=firstname, email=email.capitalize(), access_level=access_level) # add a user email with some capital letters and check that only lower case # are stored in the database name = 'new_user_name' email = '*****@*****.**' add_user(session_scope_function, name=name, password=password, lastname=lastname, firstname=firstname, email=email, access_level=access_level) user = get_user_by_name(session_scope_function, name) assert user.email == '*****@*****.**'
def login(): """Login request.""" if app.config['TRACK_USER_INTERACTION']: add_user_interaction(db.session, interaction='landing') if flask_login.current_user.is_authenticated: logger.info('User already logged-in') session['logged_in'] = True return redirect(url_for('ramp.problems')) form = LoginForm() if form.validate_on_submit(): try: user = get_user_by_name_or_email(db.session, name=form.user_name.data) except NoResultFound: msg = 'User "{}" does not exist'.format(form.user_name.data) flash(msg) logger.info(msg) return redirect(url_for('auth.login')) if not check_password(form.password.data, user.hashed_password): msg = 'Wrong password' flash(msg) logger.info(msg) return redirect(url_for('auth.login')) flask_login.login_user(user, remember=True) session['logged_in'] = True user.is_authenticated = True db.session.commit() logger.info('User "{}" is logged in'.format( flask_login.current_user.name)) if app.config['TRACK_USER_INTERACTION']: add_user_interaction(db.session, interaction='login', user=flask_login.current_user) next_ = request.args.get('next') if next_ is None: next_ = url_for('ramp.problems') return redirect(next_) return render_template('login.html', form=form)
def test_check_password(): password = "******" hashed_password = hash_password(password) assert check_password(password, hashed_password) assert not check_password("hjst3789ep;ocikaqji", hashed_password)