コード例 #1
0
 def test_login_bad_data(self, app, db):
     """login should flash an error message if login is incorrect."""
     with app.test_client() as tc:
         rv = login('not', 'themama', tc=tc)
     assert 'Error: Login information' in str(rv.data)
     user = make_dummy_user()
     user.confirmed = True
     db.session.add(user)
     db.session.commit()
     with app.test_client() as tc:
         rv2 = login(user.name, 'badpassword', tc=tc)
     assert 'Error: Login information' in str(rv2.data)
     with app.test_client() as tc:
         rv3 = login('badusername', 'hunter2', tc=tc)
     assert 'Error: Login information' in str(rv3.data)
コード例 #2
0
 def test_login_success(self, app, db):
     """login should flash a success message on success."""
     user = make_dummy_user()
     user.confirmed = True
     db.session.add(user)
     db.session.commit()
     with app.test_client() as tc:
         rv = login(user.name, 'hunter2', tc=tc)
     assert 'You are now logged in' in str(rv.data)
コード例 #3
0
def test_index(app):
    ma = Marshmallow(app)
    views.index
    app.register_blueprint(bp)
    with app.test_client() as client:
        resp = client.get('/index')
        data = json.loads(resp.data.decode())
        db.session.remove()
        assert resp.status_code == 200
コード例 #4
0
def test_count(app):
    ma = Marshmallow(app)
    views.create_short_url
    app.register_blueprint(bp)
    with app.test_client() as client:
        test_link = Url.query.filter_by(long_url=link).delete()
        db.session.commit()
        db.session.remove()
        assert Url.query.filter_by(long_url=link).first() == None
コード例 #5
0
 def test_login_not_confirmed(self, app, db):
     """login should flash an error message if account isn't confirmed."""
     user = make_dummy_user()
     user.confirmed = False
     db.session.add(user)
     db.session.commit()
     with app.test_client() as tc:
         rv = login(user.name, 'hunter2', tc=tc)
     assert 'Error: Account not confirmed!' in str(rv.data)
コード例 #6
0
 def test_confirm_account_confirms_account_with_valid_token(self, app, db):
     """User.confirmed is true if confirm_account given a valid token."""
     user = make_dummy_user()
     db.session.add(user)
     db.session.commit()
     assert not user.confirmed
     token = user.generate_account_confirmation_token()
     with app.test_client() as tc:
         tc.get(url_for('auth.confirm_account', token=token))
     assert user.confirmed
コード例 #7
0
 def test_delete_user_nonexistent(self, app, db):
     """Flash an error if user does not exist."""
     user = make_smart_user()
     db.session.add(user)
     db.session.commit()
     with app.test_client() as tc:
         login(user.name, 'hunter2', tc=tc)
         rv = tc.get(url_for('auth.delete_user', uid=42),
                     follow_redirects=True)
     assert 'Error: No user exists with that ID number!' in str(rv.data)
コード例 #8
0
 def test_manage_user_no_user_with_user_id(self, app, db):
     """manage_user flashes an error if no matching user.id found in db."""
     user = make_smart_user()
     db.session.add(user)
     db.session.commit()
     with app.test_client() as tc:
         login(user.name, 'hunter2', tc=tc)
         rv = tc.get(url_for('auth.manage_user', user_id=999),
                     follow_redirects=True)
     assert 'Error: No user exists with' in str(rv.data)
コード例 #9
0
 def test_manage_user_user_id_not_integer(self, app, db):
     """manage_user flashes an error if user_id is not an integer."""
     user = make_smart_user()
     db.session.add(user)
     db.session.commit()
     with app.test_client() as tc:
         login(user.name, 'hunter2', tc=tc)
         rv = tc.get(url_for('auth.manage_user', user_id='3d'),
                     follow_redirects=True)
     assert 'Error: User id must be an integer!' in str(rv.data)
コード例 #10
0
 def test_delete_user_malformed_uid(self, app, db):
     """Flash an error when uid is not an integer."""
     user = make_smart_user()
     db.session.add(user)
     db.session.commit()
     with app.test_client() as tc:
         login(user.name, 'hunter2', tc=tc)
         rv = tc.get(url_for('auth.delete_user', uid='frogs'),
                     follow_redirects=True)
     assert 'Error: Invalid or malformed user ID!' in str(rv.data)
コード例 #11
0
 def test_delete_user_delete_self(self, app, db):
     """Flash an error when user tries to delete their own account."""
     user = make_smart_user()
     db.session.add(user)
     db.session.commit()
     with app.test_client() as tc:
         login(user.name, 'hunter2', tc=tc)
         rv = tc.get(url_for('auth.delete_user', uid=user.id),
                     follow_redirects=True)
     assert 'Error: You cannot delete yourself!' in str(rv.data)
コード例 #12
0
 def test_logout(self, app, db):
     """logout flashes a message telling the user they logged out."""
     user = make_dummy_user()
     user.confirmed = True
     db.session.add(user)
     db.session.commit()
     with app.test_client() as tc:
         login(user.name, 'hunter2', tc=tc)
         rv = tc.get(url_for('auth.logout'), follow_redirects=True)
     assert 'You have been logged out.' in str(rv.data)
コード例 #13
0
 def test_manage_user_no_user_id(self, app, db):
     """manage_user redirects to /auth/select_user if given no user_id."""
     user = make_smart_user()
     db.session.add(user)
     db.session.commit()
     with app.test_client() as tc:
         login(user.name, 'hunter2', tc=tc)
         rv = tc.get(url_for('auth.manage_user'), follow_redirects=False)
         print(rv.data)
     assert '/auth/select_user' in str(rv.location)
コード例 #14
0
 def test_add_to_app(self, app):
     """Add a url_rule for redirect to given app."""
     rd = Redirect('/old/path', '/new/path', 302)
     with app.test_client():
         assert '/old/path' not in [rule.rule for
                                    rule in
                                    app.url_map.iter_rules()]
         rd.add_to_app(app)
         assert '/old/path' in [rule.rule for
                                rule in
                                app.url_map.iter_rules()]
コード例 #15
0
 def test_resend_confirmation_success_message(self, app, db):
     """resend_confirmation flashes a success message on successful sub."""
     user = make_dummy_user()
     user.confirmed = False
     db.session.add(user)
     db.session.commit()
     with app.test_client() as tc:
         rv = tc.post(url_for('auth.resend_confirmation'),
                      data=dict(email=user.email),
                      follow_redirects=True)
     assert 'Confirmation email sent to' in str(rv.data)
コード例 #16
0
 def test_delete_user_renders_page(self, app, db):
     """The page for deleting a user is presented if uid is valid."""
     user = make_smart_user()
     cavy = make_guinea_pig()
     db.session.add(cavy)
     db.session.add(user)
     db.session.commit()
     with app.test_client() as tc:
         login(user.name, 'hunter2', tc=tc)
         rv = tc.get(url_for('auth.delete_user', uid=cavy.id),
                     follow_redirects=True)
     assert 'THIS CANNOT BE UNDONE' in str(rv.data)
コード例 #17
0
 def test_reset_password_request_email_request_too_soon(self, app, db):
     """Flash an error if request made too soon after previous one."""
     app.config['ERFP_MINUTES_BETWEEN_REQUESTS'] = 5
     user = make_dummy_user()
     user.log_email_request('reset password')
     db.session.add(user)
     db.session.commit()
     with app.test_client() as tc:
         rv = tc.post(url_for('auth.reset_password_request'),
                      data=dict(email=user.email),
                      follow_redirects=True)
     assert 'Error: A request to reset your password has' in str(rv.data)
コード例 #18
0
 def test_manage_user_change_username(self, app, db):
     """manage_user changes username if not in use already."""
     user = make_smart_user()
     db.session.add(user)
     db.session.commit()
     with app.test_client() as tc:
         login(user.name, 'hunter2', tc=tc)
         data = self.make_form_data(user, username='******')
         tc.post(url_for('auth.manage_user', user_id=user.id),
                 data=data,
                 follow_redirects=True)
     assert user.name == 'BlueZirconia'
コード例 #19
0
 def test_confirm_new_email_with_bad_token(self, app, db):
     """confirm_new_email given a bad token redirects w/ error message."""
     user = make_dummy_user()
     user.confirmed = True
     db.session.add(user)
     db.session.commit()
     with app.test_client() as tc:
         login(user.name, 'hunter2', tc=tc)
         rv = tc.get(url_for('auth.confirm_new_email',
                             token='badtoken'),
                     follow_redirects=True)
     assert 'Error: could not change email' in str(rv.data)
コード例 #20
0
 def test_manage_user_no_changes(self, app, db):
     """manage_user flashes a message if no changes are made."""
     user = make_smart_user()
     db.session.add(user)
     db.session.commit()
     data = self.make_form_data(user)
     with app.test_client() as tc:
         login(user.name, 'hunter2', tc=tc)
         rv = tc.post(url_for('auth.manage_user', user_id=user.id),
                      data=data,
                      follow_redirects=True)
     assert 'No changes made' in str(rv.data)
コード例 #21
0
 def test_reset_password_request_success_message(self, app, db):
     """reset_password_request flashes a success message on success."""
     user = make_dummy_user()
     user.confirmed = True
     db.session.add(user)
     db.session.commit()
     data = dict(email=user.email)
     with app.test_client() as tc:
         rv = tc.post(url_for('auth.reset_password_request'),
                      data=data,
                      follow_redirects=True)
     assert 'An email with instructions' in str(rv.data)
コード例 #22
0
 def test_manage_user_prevents_confirmed_lockout(self, app, db):
     """Flash error if user tries to revoke own account confirmation."""
     user = make_smart_user()
     db.session.add(user)
     db.session.commit()
     with app.test_client() as tc:
         login(user.name, 'hunter2', tc=tc)
         data = self.make_form_data(user, confirmed=False)
         rv = tc.post(url_for('auth.manage_user', user_id=user.id),
                      data=data,
                      follow_redirects=True)
     assert user.confirmed
     assert 'Error: You cannot revoke your own' in str(rv.data)
コード例 #23
0
 def test_confirm_new_email_with_valid_token(self, app, db):
     """confirm_new_email sets new email address w/ valid token."""
     user = make_dummy_user()
     user.confirmed = True
     db.session.add(user)
     db.session.commit()
     new_email = '*****@*****.**'
     token = user.generate_new_email_token(new_email)
     with app.test_client() as tc:
         login(user.name, 'hunter2', tc=tc)
         tc.get(url_for('auth.confirm_new_email', token=token))
     user2 = User.query.get(user.id)
     assert new_email == user2.email
コード例 #24
0
 def test_register_success_message(self, app, db):
     """register flashes a success message on successful submission."""
     data = dict(
         email='*****@*****.**',
         email2='*****@*****.**',
         password='******',
         password2='hunter2',
         username='******')
     with app.test_client() as tc:
         rv = tc.post(url_for('auth.register'),
                      data=data,
                      follow_redirects=True)
     assert 'A confirmation email has been sent' in str(rv.data)
コード例 #25
0
 def test_manage_user_change_email_address(self, app, db):
     """manage_user changes email address if new one not in use already."""
     user = make_smart_user()
     db.session.add(user)
     db.session.commit()
     new_email = '*****@*****.**'
     data = self.make_form_data(user, email=new_email)
     with app.test_client() as tc:
         login(user.name, 'hunter2', tc=tc)
         tc.post(url_for('auth.manage_user', user_id=user.id),
                 data=data,
                 follow_redirects=True)
     assert user.email == new_email
コード例 #26
0
 def test_manage_user_prevents_manage_users_lockout(self, app, db):
     """Flash error if user tries to revoke their own MANAGE_USERS perm."""
     user = make_smart_user()
     db.session.add(user)
     db.session.commit()
     with app.test_client() as tc:
         login(user.name, 'hunter2', tc=tc)
         data = self.make_form_data(user, manage_users=False)
         rv = tc.post(url_for('auth.manage_user', user_id=user.id),
                      data=data,
                      follow_redirects=True)
     assert user.can(Permission.MANAGE_USERS)
     assert 'Error: Please do not try to remove' in str(rv.data)
コード例 #27
0
 def test_validate_current_password(self, app, db):
     """validate_current_password raises exception w/ bad password."""
     user = create_dummy_user()
     user.confirmed = True
     db.session.add(user)
     db.session.commit()
     with app.test_client() as tc:
         tc.post('/auth/login', data=dict(login=user.name,
                                          password='******'),
                 follow_redirects=True)
         form = EditUserForm()
         form.current_password.data = 'turtles'
         with pytest.raises(ValidationError):
             form.validate_current_password(form.current_password)
コード例 #28
0
 def test_resend_confirmation_email_request_too_soon(self, app, db):
     """Flash an errror if request made too soon after previous one."""
     app.config['ERFP_MINUTES_BETWEEN_REQUESTS'] = 5
     user = make_dummy_user()
     db.session.add(user)
     db.session.commit()
     user.log_email_request('confirm account')
     data = dict(email=user.email)
     with app.test_client() as tc:
         rv = tc.post(url_for('auth.resend_confirmation'),
                      data=data,
                      follow_redirects=True)
     assert 'Error: A confirmation email has already been sent' in\
         str(rv.data)
コード例 #29
0
 def test_register_adds_user_to_database(self, app, db):
     """register adds user to db if form validates."""
     data = dict(
         email='*****@*****.**',
         email2='*****@*****.**',
         password='******',
         password2='hunter2',
         username='******')
     with app.test_client() as tc:
         tc.post(url_for('auth.register'),
                 data=data,
                 follow_redirects=True)
     user = User.query.filter_by(name='AzureDiamond').first()
     assert user.email == '*****@*****.**'
コード例 #30
0
def test_api(app):
    ma = Marshmallow(app)
    views.create_short_url
    app.register_blueprint(bp)
    with app.test_client() as client:
        response = client.post(
            '/long_to_short',
            data=json.dumps(dict(long_url=link)),
            content_type='application/json',
        )
        data = json.loads(response.data.decode())
        db.session.remove()
        assert response.status_code == 201
        assert 'localhost' in data['short_link']
コード例 #31
0
 def test_manage_user_prevents_change_to_email_of_other_user(self, app, db):
     """Flash an error if new email is in use by another user."""
     user = make_smart_user()
     db.session.add(user)
     cavy = make_guinea_pig()
     db.session.add(cavy)
     db.session.commit()
     with app.test_client() as tc:
         login(user.name, 'hunter2', tc=tc)
         data = self.make_form_data(cavy, email=user.email)
         rv = tc.post(url_for('auth.manage_user', user_id=cavy.id),
                      data=data,
                      follow_redirects=True)
     assert 'Error: Email address already in' in str(rv.data)
コード例 #32
0
 def test_select_user_success_redirect(self, app, db):
     """select_user should redirect to target_route if successful."""
     user = make_smart_user()
     db.session.add(user)
     db.session.commit()
     with app.test_client() as tc:
         login(user.name, 'hunter2', tc=tc)
         rv = tc.post(url_for('auth.select_user',
                              target_route='auth.manage_user'),
                      data=dict(select_user=1),
                      follow_redirects=False)
         assert rv.location == url_for('auth.manage_user',
                                       user_id=1,
                                       _external=True)
コード例 #33
0
    def test_resend_confirmation_logged_in_user(self, app, db):
        """resend_confirmation flashes an error if user is logged in.

        Since users can't log in without being confirmed, there's no point in
        letting them resend confirmation emails if they're logged in!
        """
        user = make_dummy_user()
        user.confirmed = True
        db.session.add(user)
        db.session.commit()
        with app.test_client() as tc:
            login(user.name, 'hunter2', tc=tc)
            rv = tc.get(url_for('auth.resend_confirmation'),
                        follow_redirects=True)
        assert 'Error: Your account is already' in str(rv.data)
コード例 #34
0
 def test_get_wtforms_errors(self):
     """ Tests the get_wtforms_errors function by posting to /login with
     missing parameters. This also tests the new_line_to_break Jinja2
     filter. The expected return value is an error stating that both the
     username and password was not provided with a <br> in between
     """
     client = app.test_client()
     rv = client.post('/login',
                      data=dict(auth_source='PostMaster User'),
                      follow_redirects=True)
     error_option_one = \
         'The username was not provided<br>The password was not provided'
     error_option_two = \
         'The password was not provided<br>The username was not provided'
     assert error_option_one in rv.data.decode('utf-8') or \
         error_option_two in rv.data.decode('utf-8')
コード例 #35
0
    def test_account_lockout_from_ui(self):
        """ Tests that the user gets an account lockout message after 5 failed
        attempts.
        """
        client = app.test_client()

        for i in range(6):
            rv = client.post('/login',
                             data=dict(username='******',
                                       password='******',
                                       auth_source='PostMaster User'),
                             follow_redirects=True)

        error_msg = ('The user is currently locked out. Please try logging in '
                     'again later.')
        assert error_msg in rv.data.decode('utf-8')
コード例 #36
0
    def __init__(self, access_token, refresh_token, default_auth=None):

        # Use basic auth for socketio client
        self.socketio = socketio.test_client(
            app, headers={'Authorization': 'Basic dGVzdDp0ZXN0'})
        # Use jwt
        self.socketio_jwt = socketio.test_client(
            app, headers={'Authorization': f'Bearer {access_token}'})

        self.http = app.test_client()
        self.headers = {}
        self.access_token = access_token
        self.refresh_token = refresh_token

        if default_auth:
            self.set_auth(default_auth)
コード例 #37
0
    def test_validate_wtforms_password(self):
        """ Tests the validate_wtforms_password function by logging in with an
        authorized LDAP user, and expects the Dashboard page (view when logged
        in) to be returned
        """
        user_dn = 'CN=Test User,OU=PostMaster,DC=postmaster,DC=local'
        # Mocks the AD instantiation in validate_wtforms_password with the
        # Mocked LDAP instance created from the manage_mock_ldap decorator.
        # We are patching utils because of the way it is imported
        with patch('postmaster.utils.AD') as mock_ad:
            self.ad_obj.check_nested_group_membership = Mock(return_value=True)
            mock_ad.return_value = self.ad_obj
            client = app.test_client()
            rv = client.post('/login',
                             data=dict(username=user_dn,
                                       password='******',
                                       auth_source='postmaster.local'),
                             follow_redirects=True)

        assert '<h2 class="textHeading">Dashboard</h2>' in \
               rv.data.decode('utf-8')