def test_model_unauth(self, app): """Does our static method `User.authenticate()` fail properly when given an invalid username/PW combo?""" with app.app_context(): # Non existent username: att_user = User.authenticate('asdf', 'asdf') assert att_user is None # Existing username but bad password: att_user = User.authenticate('testing', 'asdf') assert att_user is None # Correct password but non existing username: att_user = User.authenticate('asdf', 'Qweqweqwe123') assert att_user is None
def test_route_clears_session(self, app, client, valid_data): """Does the route properly clear our `uid` key out of session?""" with app.test_request_context(): User.create( name=valid_data['name'], username=valid_data['username'], email=valid_data['email'], password=valid_data['password'], ) # I see. So you can't send requests with the # `session_transaction()` open. You have to close it first, then # send a request, and then re-open it to re-examine the session # object. You also can't use out-of-context things (like our # helper functions `do_login`/`do_logout`), so you must set the # keys in session manually. with client.session_transaction() as session: session['uid'] = User.authenticate(valid_data['username'], valid_data['password']).id assert 'uid' in session # Exmaple of persistence between open-close context managers for # `session_transaction()`. with client.session_transaction() as session: assert 'uid' in session resp = client.post(type(self).LOGOUT_URL, follow_redirects=True) with client.session_transaction() as session: assert resp.status_code == 200 assert 'uid' not in session
def test_model_authenticate(self, app): """Does our static method `User.authenticate()` retrieve an existing user given a correct username/PW combo?""" with app.app_context(): user = User.query.first() att_user = User.authenticate('testing', 'Qweqweqwe123') assert att_user is not None assert user.id == att_user.id assert user.username == att_user.username assert user.password == att_user.password
def login(): """User login page.""" form = LoginForm() if form.validate_on_submit(): user = User.authenticate(form.username.data, form.password.data) if user is not None: do_login(user) return redirect(url_for('twitter.dashboard')) else: form.username.errors.append( 'The username and password you entered did not match our records. Please double-check and try again.' ) return render_template('auth/login.html', form=form)