def setUp(self): app = create_app('testing') self.context = app.test_request_context() self.context.push() self.client = app.test_client() self.user = User(email='*****@*****.**', username='******') self.user.set_password('123') self.user.save()
def manager_user(): grade = request.args.get('grade', '2') if grade == '1': users = User.objects(is_admin='1').all() else: users = User.objects(is_admin='2').all() page = request.args.get('page', 1, int) pagination = users.paginate(page, 10) targets = pagination.items return render_template('admin/manager_user.html', pagination=pagination, targets=targets)
def validate_token(user, token, operation, new_password=None): s = Serializer(current_app.config['SECRET_KEY']) try: data = s.loads(token) except (SignatureExpired, BadSignature): return False if operation != data.get('operation') or str(user.pk) != data.get('id'): return False if operation == 'confirm': user.confirmed = True elif operation == 'reset-password': user.set_password(new_password) elif operation == 'change_email': new_email = data.get('new_email') if new_email is None: return False if User.objects(email=new_email).first() is not None: return False user.email = new_email else: return False user.save() return True
def upgrade(user_id): form = UpgradeForm() user = User.objects(pk=user_id).first() if form.validate_on_submit(): user.update(is_admin=form.is_admin.data) flash('修改管理成功', 'success') return redirect(url_for('admin.manager_user')) form.is_admin.data = user.is_admin return render_template('admin/upgrade.html', form=form)
def register(): if current_user.is_authenticated: return redirect(url_for('base')) form = RegisterForm() if form.validate_on_submit(): email = form.email.data.lower() username = form.username.data user = User(email=email, username=username) user.set_password(form.password.data) user.judge_is_admin() user.save() token = generate_token(user=user, operation='confirm') send_confirm_email(user=user, token=token) flash('确认邮件已发送,请检查您的收件箱', 'info') return redirect(url_for('user.login')) return render_template('user/register.html', form=form)
def forget_password(): if current_user.is_authenticated: return redirect(url_for('base')) form = ForgetPasswordForm() if form.validate_on_submit(): user = User.objects(email=form.email.data.lower()).first() if user: token = generate_token(user=user, operation='reset-password') send_reset_password_email(user=user, token=token) flash('重置密码邮件已发送,请到邮箱中确认', 'info') return redirect(url_for('user.login')) flash('该邮箱不存在', 'warning') return redirect(url_for('user.forget_password')) return render_template('user/reset_password.html', form=form)
def test_register(self): self.logout() email = '*****@*****.**' username = '******' password = '******' password2 = '1234567a' res = self.client.post(url_for('user.register'), data=dict(email=email, username=username, password=password, password2=password2), follow_redirects=True) data = res.get_data(as_text=True) user = User.objects(username='******').first() user.delete() self.assertEqual(res.status_code, 200) self.assertIn('确认邮件已发送,请检查您的收件箱', data)
def test_reset_password_token(self): user = User(email='*****@*****.**', username='******') user.set_password('123') user.save() res = self.client.get(url_for('user.reset_password', token=False), follow_redirects=True) data = res.get_data(as_text=True) token = generate_token(user, 'reset-password') res1 = self.client.post(url_for('user.reset_password', token=token), data=dict(email=user.email, password='******', password2='12345678'), follow_redirects=True) data1 = res1.get_data(as_text=True) token = generate_token(user, 'reset') res2 = self.client.post(url_for('user.reset_password', token=token), data=dict(email=user.email, password='******', password2='1234567a'), follow_redirects=True) data2 = res2.get_data(as_text=True) token = generate_token(user, 'reset-password') res3 = self.client.post(url_for('user.reset_password', token=token), data=dict(email='*****@*****.**', password='******', password2='12345678'), follow_redirects=True) data3 = res3.get_data(as_text=True) user.delete() self.assertEqual(res.status_code, 200) self.assertIn('重置密码', data) self.assertEqual(res1.status_code, 200) self.assertIn('重置密码成功', data1) self.assertEqual(res2.status_code, 200) self.assertIn('无效或者过期的链接', data2) self.assertEqual(res3.status_code, 200) self.assertIn('邮箱不存在', data3)
def test_upgrade(self): self.user.is_admin = 3 self.user.save() self.login() user = User(email='*****@*****.**', username='******') user.set_password('123456789a') user.save() res = self.client.get(url_for('admin.upgrade', user_id=user.id)) data = res.get_data(as_text=True) res1 = self.client.post(url_for('admin.upgrade', user_id=user.id), data=dict(is_admin=2), follow_redirects=True) data1 = res1.get_data(as_text=True) user.delete() self.assertEqual(res.status_code, 200) self.assertIn('升级或降级管理员', data) self.assertEqual(res1.status_code, 200) self.assertIn('修改管理成功', data1)
def login(): if current_user.is_authenticated: return redirect(url_for('base')) form = LoginForm() if form.validate_on_submit(): user = User.objects(email=form.email.data).first() if user: if user.validate_password(form.password.data): login_user(user, form.remember_me.data) flash('欢迎回来.', 'info') return redirect_back() else: flash('密码错误', 'warning') return redirect(url_for('user.login')) else: flash('帐号不存在', 'warning') return redirect(url_for('user.login')) return render_template('user/login.html', form=form)
def reset_password(token): if current_user.is_authenticated: return redirect(url_for('base')) form = ResetPasswordForm() if form.validate_on_submit(): user = User.objects(email=form.email.data.lower()).first() if user is None: flash('邮箱不存在', 'warning') return redirect(url_for('base')) if validate_token(user=user, token=token, operation='reset-password', new_password=form.password.data): flash('重置密码成功', 'success') return redirect(url_for('user.login')) else: flash('无效或者过期的链接', 'danger') return redirect(url_for('user.forget_password')) return render_template('user/reset_password.html', form=form)
def test_useless_operation(self): self.user.confirmed = False self.user.save() self.login() user = User(email='*****@*****.**', username='******') user.set_password('123') user.save() token = generate_token(user, 'confirm') res = self.client.get(url_for('user.confirm', token=token), follow_redirects=True) data = res.get_data(as_text=True) token = generate_token(user, 'change_email', new_email='*****@*****.**') res1 = self.client.get(url_for('user.change_email', token=token), follow_redirects=True) data1 = res1.get_data(as_text=True) res2 = self.client.get(url_for('user.change_email', token=False), follow_redirects=True) data2 = res2.get_data(as_text=True) token = generate_token(self.user, 'confirmconfirm') res3 = self.client.get(url_for('user.confirm', token=token), follow_redirects=True) data3 = res3.get_data(as_text=True) user.delete() self.assertEqual(res.status_code, 200) self.assertIn('无效或者过期的链接', data) self.assertEqual(res1.status_code, 200) self.assertIn('无效或者过期的链接', data1) self.assertEqual(res2.status_code, 200) self.assertIn('无效或者过期的链接', data2) self.assertEqual(res3.status_code, 200) self.assertIn('无效或者过期的链接', data3)
class BaseTestCase(unittest.TestCase): def setUp(self): app = create_app('testing') self.context = app.test_request_context() self.context.push() self.client = app.test_client() self.user = User(email='*****@*****.**', username='******') self.user.set_password('123') self.user.save() def tearDown(self): self.user.delete() self.context.pop() def login(self): email = self.user.email password = '******' res = self.client.post(url_for('user.login'), data=dict(email=email, password=password), follow_redirects=True) return res def logout(self): return self.client.get(url_for('user.logout'), follow_redirects=True)
def validate_username(self, field): if User.objects(username=field.data).first(): raise ValidationError('帐号已经存在')
def validate_email(self, field): if User.objects(email=field.data.lower()).first(): raise ValidationError('该邮箱已被注册')