def app():
db_dir = tempfile.mkdtemp()
media_dir = tempfile.mkdtemp()
app = create_app({
"TESTTING":
True,
"SERVER_NAME":
"localhost.localdomain",
"SQLALCHEMY_DATABASE_URI":
"sqlite:////{}/db.sqlite".format(db_dir),
"UPLOAD_FOLDER":
media_dir,
})
with app.app_context():
db.create_all()
user = User("admin", "*****@*****.**", stuff=True, superuser=True)
user.set_password("admin")
db.session.add(user)
db.session.commit()
yield app
shutil.rmtree(db_dir)
shutil.rmtree(media_dir)
def test_user_roles():
user = User("test", "*****@*****.**")
assert user.get_roles() == "ordinary"
user.stuff = True
assert user.get_roles() == "stuff"
user.superuser = True
assert user.get_roles() == "admin"
def test_transfer_money_zero_balance(self, db_session: Session,
client: TestClient):
"""Перевод денежных средств, недостаточно стредст у пользователя"""
self._setup(db_session)
db_balance = db_session.query(Balance).first()
data_detail = self.add_money(db_session, client, db_balance.id)
db_balance = db_session.query(Balance).first()
assert db_balance.amount == 22
db_recipient_user = User(username='******', is_active=True)
db_session.add(db_recipient_user)
db_recipient_balance = Balance(user=db_recipient_user)
db_session.add(db_recipient_balance)
db_session.commit()
db_session.refresh(db_recipient_user)
db_session.refresh(db_recipient_balance)
url = f"/v1/balances/transfer/{db_balance.id}"
post_date = {'amount': 100, 'to_balance': db_recipient_balance.id}
response = client.put(url, json=post_date)
assert response.status_code == 400
assert response.json(
)['detail'] == f"Insufficient funds on the balance: {db_balance.id}"
self._teardown(db_session)
def setup():
# create admin user
if not User.query.count():
app.logger.info('No users found. Creating new admin user.')
admin = User(username='******',
password='******',
name='Administrative User',
has_access=True)
admin.hash_password()
db.session.add(admin)
db.session.add(
RadCheck(username='******',
attribute='Cleartext-Password',
op=':=',
value='freeradius@admin'))
db.session.commit()
# create default users groups
if not Group.query.count():
app.logger.info('No groups found. Creating default user group.')
db.session.add(Group(name='user', description='Default user group'))
# create default parameters for groups
db.session.add(
RadUserGroup(username='******', groupname='user', priority=1))
db.session.commit()
def signup_post():
email = request.form.get('email')
name = request.form.get('name')
password = request.form.get('password')
confirmation_password = request.form.get('confirmation_password')
if password != confirmation_password:
flash('Confirmation password mismatch. Please re-enter signup data.')
return redirect(url_for('auth.signup'))
user = User.query.filter_by(email=email).first()
if user: # if a user is found, we want to redirect back to signup page so user can try again
flash('Email address already exists')
return redirect(url_for('auth.signup'))
# create new user with the form data. Hash the password so plaintext version isn't saved.
new_user = User(email=email,
name=name,
password=generate_password_hash(password, method='sha256'))
# add the new user to the database
db.session.add(new_user)
db.session.commit()
app.logger.info('user %s created successfully', user.name)
return redirect(url_for('auth.login'))
def create_superuser(app: Flask) -> None:
print("create superuser...")
with app.app_context():
admin = User("admin", "*****@*****.**", stuff=True, superuser=True)
admin.set_password("admin")
db.session.add(admin)
db.session.commit()
def create_users(app: Flask) -> None:
print("create some fake users...")
with app.app_context():
for _ in range(10):
username = name()
user = User(username, "{}@{}.org".format(username, word()))
user.set_password("password")
db.session.add(user)
db.session.commit()
def create_superuser(username, email, password) -> None:
if not username or not email or not password:
click.echo("Failed.")
return
user = User(username, email, stuff=True, superuser=True)
user.set_password(password)
db.session.add(user)
db.session.commit()
click.echo("Created.")
def register():
form = RegisterForm(request.form)
if request.method == 'POST' and form.validate():
user = User()
user.email = form.email.data
user.password = form.password.data
db.session.add(user)
db.session.commit()
flash("注册成功")
return render_template('auth/register.html', form=form)
def get(self):
current_user = users.get_current_user()
profile = User.query(User.email == str(current_user.email())).get()
if not profile:
profile = User()
profile.email = current_user.email()
profile.put()
params = {"profile": profile}
self.render_template("admin/profile.html", params)
def register():
form = RegisterForm(request.form)
if request.method == 'POST' and form.validate():
user = User()
user.set_attrs(form.data)
db.session.add(user)
db.session.commit()
# redirect 需要endpoint
return redirect(url_for('web.login'))
return render_template('signup.html', form=form)
def new_user():
groups = Group.query.all()
form = UserForm()
form.group.choices = [(group.name, group.name) for group in groups]
if form.validate_on_submit():
user = User(username=form.username.data,
email=form.email.data,
password=form.password.data,
active=form.active.data,
name=form.name.data,
phone=form.phone.data,
address=form.address.data,
has_access=form.has_access.data)
user.hash_password()
db.session.add(user)
app.logger.debug('Creating new user %s', user.username)
db.session.add(
RadUserGroup(username=form.username.data,
groupname=form.group.data,
priority=0))
app.logger.debug(
'Creating relation user-group for user %s and group %s',
user.username, form.group.data)
db.session.add(
RadCheck(username=form.username.data,
attribute='Cleartext-Password',
op=':=',
value=form.password.data))
app.logger.debug('Creating Cleartext-Password user check')
if not form.active.data:
db.session.add(
RadCheck(username=form.username.data,
attribute='Auth-Type',
op=':=',
value='Reject'))
app.logger.debug(
'Creating Auth-Type Reject check for disabled user')
db.session.commit()
flash(_('New user added'), 'success')
return redirect(url_for('list_users'))
elif form.errors:
app.logger.debug('Create User form errors: %s', form.errors)
flash(_('Form has errors'), 'error')
return render_template('radius/user_form.html',
form=form,
form_errors=form.errors,
action='add')
def _setup(self, db_session):
user = db_session.query(User).filter(User.id == 1).first()
if not user:
db_user = User(username='******', is_active=True)
db_session.add(db_user)
db_balance = Balance(user=db_user)
db_session.add(db_balance)
db_session.commit()
db_session.refresh(db_user)
db_session.refresh(db_balance)
def register():
if current_user.is_authenticated:
return redirect(url_for('main.index'))
form = RegistrationForm()
if form.validate_on_submit():
user = User(username=form.username.data, email=form.email.data)
user.set_password(form.password.data)
db.session.add(user)
db.session.commit()
flash('Congratulations, you are now a registered user!')
return redirect(url_for('main.login'))
return render_template('register.html', title='Register', form=form)
def get(self, **kwargs):
parser = reqparse.RequestParser()
parser.add_argument('username', required=True)
parser.add_argument('password', required=True)
args = parser.parse_args()
args = hash_pass(args)
user = User.from_sql('select * from User where username=?',
(args['username'], ))
if len(user) != 0:
return Response('Username already exist.', status=400)
user = User(**args)
user.save()
return {'status': 'OK'}
def post(self):
data = request.get_json() or {}
username = data.get("username")
password = data.get("password")
email = data.get("email")
if not username or not password or not email:
return invalid_api_usage("No username, password, email provided",
400)
if not check_password(password):
return invalid_api_usage("Invalid password", 400)
user = User(username, email)
user.set_password(password)
db.session.add(user)
db.session.commit()
return {"message": "success"}, 201
def stuff_client(app: Flask):
client = app.test_client()
user = User("stuff", "*****@*****.**", stuff=True)
user.set_password("stuffpsw")
with app.app_context():
db.session.add(user)
db.session.commit()
res = client.post("/auth/token/login",
json={
"username": "******",
"password": "******",
})
assert res.is_json
token = res.get_json().get("token")
client.environ_base["HTTP_AUTHORIZATION"] = "Bearer {}".format(token)
return client
def test_transfer_money(self, db_session: Session, client: TestClient):
"""Перевод денежных средств с одного кошелька на другой"""
self._setup(db_session)
db_balance = db_session.query(Balance).first()
data_detail = self.add_money(db_session, client, db_balance.id)
db_balance = db_session.query(Balance).first()
assert db_balance.amount == 22
db_recipient_user = User(username='******', is_active=True)
db_session.add(db_recipient_user)
db_recipient_balance = Balance(user=db_recipient_user)
db_session.add(db_recipient_balance)
db_session.commit()
db_session.refresh(db_recipient_user)
db_session.refresh(db_recipient_balance)
url = f"/v1/balances/transfer/{db_balance.id}"
post_date = {'amount': 10, 'to_balance': db_recipient_balance.id}
response = client.put(url, json=post_date)
assert response.status_code == 200
data_detail = response.json()
assert data_detail['id'] == db_balance.id
assert data_detail['recipient_balance'] == db_recipient_balance.id
assert data_detail['amount'] == 10
assert data_detail['currency'] == "USD"
db_recipient_balance = db_session.query(Balance).filter(
Balance.id == db_recipient_balance.id).first()
assert db_recipient_balance.amount == 10
db_balance = db_session.query(Balance).filter(
Balance.id == db_balance.id).first()
assert db_balance.amount == 12
self._teardown(db_session)
def test_operations_list(self, db_session: Session, client: TestClient):
"""список операций по балансу"""
self._setup(db_session)
balance1 = db_session.query(Balance).first()
data_detail = self.add_money(db_session, client, balance1.id)
db_system_balance = db_session.query(Balance).join(User).filter(
User.username == 'system_user').first()
balance1 = db_session.query(Balance).first()
assert balance1.amount == 22
user2 = User(username='******', is_active=True)
db_session.add(user2)
balance2 = Balance(user=user2)
db_session.add(balance2)
db_session.commit()
db_session.refresh(user2)
db_session.refresh(balance2)
url = f"/v1/balances/transfer/{balance1.id}"
post_date = {'amount': 10, 'to_balance': balance2.id}
response = client.put(url, json=post_date)
assert response.status_code == 200
url = f"/v1/balances/operations/{balance1.id}"
response = client.get(url)
print(response.json())
assert response.status_code == 200
data_list = response.json()
assert data_list['totalCount'] == 2
assert db_system_balance.id in [
o['more_balance_id'] for o in data_list['items']
]
assert balance2.id in [
o['more_balance_id'] for o in data_list['items']
]
response = client.get(f'{url}?limit=1')
assert response.status_code == 200
data_list = response.json()
assert len(data_list['items']) == 1
assert data_list['totalCount'] == 2
response = client.get(f'{url}?limit=10&offset=1')
assert response.status_code == 200
data_list = response.json()
assert len(data_list['items']) == 1
assert data_list['totalCount'] == 2
response = client.get(
f'{url}?field=more_balance_id&value={db_system_balance.id}&op=!%3D'
)
assert response.status_code == 200
data_list = response.json()
assert len(data_list['items']) == 1
assert data_list['totalCount'] == 1
assert balance2.id in [
o['more_balance_id'] for o in data_list['items']
]
response = client.get(f'{url}?sort_by=id&sort_order=asc')
assert response.status_code == 200
data_list = response.json()
assert [2, 3] == [o['id'] for o in data_list['items']]
response = client.get(f'{url}?sort_by=id&sort_order=desc')
assert response.status_code == 200
data_list = response.json()
assert [3, 2] == [o['id'] for o in data_list['items']]
self._teardown(db_session)
def store_user(username: str, password: str):
_user = User(username=username, password=password)
db.session.add(_user)
db.session.commit()
return _user
def test_user_representation():
user = User("test", "*****@*****.**")
assert isinstance(user.__repr__(), str)
