def test_login_mixed_case(self): resp = self.client.post(url_for('user.register'), content_type='application/json', data=json.dumps({ 'email': '*****@*****.**', 'password': self.USER_PASSWORD })) assert resp.status_code == 201 confirmation_token = generate_confirmation_token('*****@*****.**') resp = self.client.get( url_for('user.confirm', token=confirmation_token)) assert resp.status_code == 200 resp = self.client.post(url_for('authentication.login'), content_type='application/json', data=json.dumps({ 'email': '*****@*****.**', 'password': self.USER_PASSWORD }), headers={'Accept': 'application/json'}) assert resp.status_code == 200 resp = self.client.post(url_for('authentication.login'), content_type='application/json', data=json.dumps({ 'email': '*****@*****.**', 'password': self.USER_PASSWORD }), headers={'Accept': 'application/json'}) assert resp.status_code == 200
def register_user(self): # we won't accept a registration for a user not in the company... resp = self.client.post(url_for('user.register'), content_type='application/json', data=json.dumps({ 'email': '*****@*****.**', 'password': '******' })) assert resp.status_code == 400 resp = self.client.post(url_for('user.register'), content_type='application/json', data=json.dumps({ 'email': self.USER_EMAIL, 'password': self.USER_PASSWORD })) assert resp.status_code == 201 confirmation_token = generate_confirmation_token('*****@*****.**') # we won't accept a login for a unconfirmed user... resp = self.client.post(url_for('authentication.login'), content_type='application/json', data=json.dumps({ 'email': self.USER_EMAIL, 'password': self.USER_PASSWORD })) assert resp.status_code == 401 # we now require a confirmation for the user resp = self.client.get( url_for('user.confirm', token=confirmation_token)) assert resp.status_code == 200
def register(): email = g.json.get('email') password = g.json.get('password') assert email and password, abort( 400, 'Please specify a user email and password') company = services.company.get_for_email(email) if not company: logging.warning("No company could be found for %s", email) abort(400, f"No company could be found for {email}") if not is_valid_email_for_company(email, company): logging.warning("Invalid email %s for company: %s", email, company.domain) abort(401, f"Invalid email {email} for company: {company.domain}") user = services.user.get_by_email(email) if user is not None: abort(400, 'Cannot register an existing user!') user = User(email=email, confirmed=False, company_id=company.id, password=password) user = services.user.insert(user) confirmation_token = generate_confirmation_token(user.email) logging.info("Confirmation token for %s: %s", user.email, confirmation_token) # Only admins can create users for now #services.email.send_confirmation_email(user.email, confirmation_token) response = ApiResponse(content_type=request.accept_mimetypes.best, next=url_for('main.login'), status_code=201, context={ 'email': user.email, 'id': user.id, 'confirmation_token': confirmation_token }) return response()
def test_user_confirmation(self): self.login_superuser() self.register_company() # first register a user resp = self.client.post(url_for('user.register'), content_type='application/json', data=json.dumps({ 'email': self.USER_EMAIL, 'password': self.USER_PASSWORD })) assert resp.status_code == 201 confirmation_token = generate_confirmation_token('*****@*****.**') resp = self.client.get(url_for('user.confirm', token=confirmation_token), headers={'Accept': 'application/html'}) assert resp.status_code == 200 assert resp.headers.get('Location') == url_for('main.login', _external=True)