def _assert_settings_account_details_POST_bad_request(
self, user_id, data, expected_text):
response = self._send_settings_account_details_POST_request(data)
user = User.objects(id=user_id).first()
assert response.status_code == 400
assert expected_text.encode() in response.data
assert not user.last_updated
def _assert_verify_GET_ok(self, token, email):
response = self._send_verify_GET_request(token)
user = User.objects(email=email).first()
assert response.status_code == 200
assert b'Personal Boards' in response.data
assert user.is_active
assert user.last_updated
def _assert_settings_update_password_POST_bad_request(
self, auth_id, data, expected_text):
response = self._send_settings_update_password_POST_request(data)
user = User.objects(auth_id=auth_id).first()
assert response.status_code == 400
assert expected_text.encode() in response.data
assert not user.last_updated
def _assert_reset_password_POST_bad_request(self, auth_id, data,
expected_text):
token = self._get_reset_password_token(auth_id=str(auth_id))
response = self._send_reset_password_POST_request(data, token)
user = User.objects(auth_id=auth_id).first()
assert response.status_code == 400
assert expected_text.encode() in response.data
assert not user.last_updated
assert not user.verify_password(data.get('new_password'))
def _assert_reset_password_POST_ok(self, user_id, auth_id, data):
token = self._get_reset_password_token(auth_id=str(auth_id))
response = self._send_reset_password_POST_request(data, token)
user = User.objects(id=user_id).first()
assert response.status_code == 200
assert b'Your password has been reset' in response.data
assert user.auth_id != auth_id
assert user.last_updated
assert user.verify_password(data['new_password'])
def _assert_settings_update_email_POST_bad_request(self, user_id, auth_id,
data, expected_text):
response = self._send_settings_update_email_POST_request(data)
user = User.objects(id=user_id).first()
assert response.status_code == 400
assert expected_text.encode() in response.data
assert user.is_active
assert user.auth_id == auth_id
assert user.email != data['email']
assert not user.last_updated
def validate_on_submit(self):
if not super().validate_on_submit():
return False
if User.objects(email=self.email.data).first():
self.email.errors.append(
'There is already an account with this email', )
return False
return True
def reset_password_GET(token):
auth_id = deserialize_password_reset_token(token)
user = User.objects(auth_id=auth_id).first()
if not user:
abort(404)
return render_template(
'auth/reset-password.html',
form=ResetPasswordForm(request.form),
)
def validate_on_submit(self):
if not super().validate_on_submit():
return False
self.user = User.objects(email=self.email.data).first()
if not self.user:
self.email.errors.append('There is no account with this email')
return False
return True
def _assert_sign_up_POST_ok(self, data, sent_email=True):
response = self._send_sign_up_POST_request(data)
user = User.objects(email=data['email']).first()
assert response.status_code == 200
if sent_email:
assert b'A verification email has been sent' in response.data
else:
assert b'Could not send a verification email' in response.data
assert not user.is_active
assert user.initials
assert user.name == data['name']
assert user.verify_password(data['password'])
def validate_on_submit(self):
if not super().validate_on_submit():
return False
self.user = User.objects(email=self.email.data).first()
if not self.user:
self.email.errors.append('There is no account with this email')
return False
if self.user.is_active:
self.email.errors.append('This account has already been verified')
return False
return True
def _assert_settings_account_details_POST_ok(self,
user_id,
data,
updated=True):
response = self._send_settings_account_details_POST_request(data)
user = User.objects(id=user_id).first()
assert response.status_code == 200
assert user.initials == data['initials'].upper()
assert user.name == data['name']
if updated:
assert b'Your account details have been updated' in response.data
assert user.last_updated
else:
assert b'No update needed' in response.data
assert not user.last_updated
def validate_on_submit(self):
if not super().validate_on_submit():
return False
if not current_user.verify_password(self.password.data):
self.password.errors.append('Incorrect password')
return False
existing_user = User.objects(email=self.email.data).first()
if current_user.email != self.email.data and existing_user:
self.email.errors.append(
'There is already an account with this email',
)
return False
return True
def _assert_settings_update_password_POST_ok(self,
user_id,
auth_id,
data,
updated=True):
response = self._send_settings_update_password_POST_request(data)
user = User.objects(id=user_id).first()
assert response.status_code == 200
assert user.verify_password(data['new_password'])
if updated:
assert b'Your password has been updated' in response.data
assert user.auth_id != auth_id
assert user.last_updated
else:
assert b'No update needed' in response.data
assert user.auth_id == auth_id
assert not user.last_updated
def validate_on_submit(self):
if not super().validate_on_submit():
return False
self.user = User.objects(email=self.email.data).first()
if not self.user or not self.user.verify_password(self.password.data):
self.email.errors.append('Incorrect email')
self.password.errors.append('Incorrect password')
return False
if not self.user.is_active:
self.email.errors.append(
'Please verify your email before logging in', )
return False
return True
def _assert_settings_update_email_POST_ok(self,
user_id,
auth_id,
data,
updated=True):
response = self._send_settings_update_email_POST_request(data)
user = User.objects(id=user_id).first()
assert response.status_code == 200
assert user.email == data['email']
if updated:
assert b'A verification email has been sent' in response.data
assert not user.is_active
assert user.auth_id != auth_id
assert user.last_updated
else:
assert b'No update needed' in response.data
assert user.is_active
assert user.auth_id == auth_id
assert not user.last_updated
def verify_GET(token):
auth_id = deserialize_verification_token(token)
user = User.objects(auth_id=auth_id).first()
if not user:
abort(404)
user.active = True
user.auth_id = ObjectId()
user.last_updated = datetime.utcnow()
user.save()
login_user(user)
flash('Your email address has been verified.', 'success')
next_target = request.args.get('next')
if not is_safe_url(next_target):
abort(400)
return redirect(next_target or url_for('user.boards_GET'))
def reset_password_POST(token):
auth_id = deserialize_password_reset_token(token)
user = User.objects(auth_id=auth_id).first()
if not user:
abort(404)
form = ResetPasswordForm(request.form)
if not form.validate_on_submit():
return render_template('auth/reset-password.html', form=form), 400
user.password = User.encrypt_password(form.new_password.data)
user.auth_id = ObjectId()
user.last_updated = datetime.utcnow()
user.save()
flash('Your password has been reset.', 'success')
login_user(user)
return redirect(url_for('user.boards_GET'))
def load_user(user_id):
return User.objects(auth_id=to_ObjectId(user_id)).first()
def _assert_verify_GET_not_found(self, token, email):
response = self._send_verify_GET_request(token)
user = User.objects(email=email).first()
assert response.status_code == 404
assert b'Not Found' in response.data
assert not user or not user.is_active
def get_owner_from_id(owner_id):
return User.objects(id=to_ObjectId(owner_id)).first()
def _assert_sign_up_POST_bad_request(self, data, expected_text):
response = self._send_sign_up_POST_request(data)
user = User.objects(email=data.get('email')).first()
assert response.status_code == 400
assert expected_text.encode() in response.data
assert not user or user == self.user