def test_edit_user_username_blank(self, testdir_class, test_utils): testdir_class.activate() username = test_utils.random_string(5) email = test_utils.random_email() Users.create_user(username, '123456', email) errors = Users.edit_user(username, new_username='') assert errors == ['Username cannot be blank']
def test_delete_user(self, testdir_class, test_utils): testdir_class.activate() username = test_utils.random_string(5) Users.create_user(username, '123456') errors = Users.delete_user(username) assert errors == [] assert not Users.user_exists(username)
def test_verify_password(self, testdir_class, test_utils): testdir_class.activate() username = test_utils.random_string(5) password = '******' Users.create_user(username, password) assert Users.verify_password(username, password) assert not Users.verify_password(username, 'invalid_password')
def login(): if current_user is not None and current_user.is_authenticated: return redirect(url_for('webapp.index')) if request.method == 'POST': errors = [] username = request.form['username'] password = request.form['password'] next_url = request.form['next'] if not username: errors.append('Username is required') elif not password: errors.append('Password is required') elif not Users.user_exists(username): errors.append('Username does not exists') elif not Users.verify_password(username, password): errors.append('Username and password do not match') if errors: return render_template('login.html', next_url=next_url, errors=errors) else: login_user(Users.get_user_by_username(username)) if not next_url or not is_safe_url(next_url): next_url = '/' return redirect(next_url) else: next_url = request.args.get('next') if not next_url or not is_safe_url(next_url): next_url = '/' return render_template('login.html', next_url=next_url, errors=[])
def test_add_project_to_user(self, project_function_clean, test_utils): testdir, project = project_function_clean.activate() username = test_utils.random_string(5) Users.create_user(username, '123456') Users.add_project_to_user(username, project, Permissions.SUPER_USER) user = Users.get_user_by_username(username) assert project in user.projects assert user.projects[project] == Permissions.SUPER_USER
def test_verify_auth_token_invalid_token(self, testdir_class, test_utils): testdir_class.activate() username = test_utils.random_string(5) password = '******' Users.create_user(username, password) app = create_app() with pytest.raises(BadSignature) as _: Users.verify_auth_token(app.secret_key, 'invalid_token')
def test_edit_user_new_username_exists(self, testdir_class, test_utils): testdir_class.activate() username = test_utils.random_string(5) Users.create_user(username, '123456') new_username = test_utils.random_string(5) Users.create_user(new_username, '123456') errors = Users.edit_user(username, new_username=new_username) assert errors == [f'Username {new_username} already exists']
def test_edit_user_invalid_email(self, testdir_class, test_utils): testdir_class.activate() username = test_utils.random_string(5) email = test_utils.random_email() Users.create_user(username, '123456', email) new_email = 'test@' errors = Users.edit_user(username, new_email=new_email) assert errors == [f'{new_email} is not a valid email address']
def test_project_weight(self, project_class, test_utils): testdir, project = project_class.activate() username = test_utils.random_string(5) Users.create_user(username, '123456') Users.add_project_to_user(username, project, Permissions.ADMIN) user = Users.get_user_by_username(username) assert user.project_weight(project) == Permissions.weights[ Permissions.ADMIN]
def test_create_user_file_not_exist(self, testdir_function, test_utils): """Users file is created if it does not exist""" testdir_function.activate() username = test_utils.random_string(5) os.remove(Users.file_path()) Users.create_user(username, '123', None) assert os.path.isfile(Users.file_path()) assert Users.user_exists(username)
def test_users(self, testdir_function, test_utils): testdir_function.activate() users = Users.users() assert len(users) == 1 username = test_utils.random_string(10) Users.create_user(username, '123') users = Users.users() assert len(users) == 2 assert Users.user_exists(username)
def test_reset_user_password(self, testdir_class, test_utils): testdir_class.activate() username = test_utils.random_string(5) Users.create_user(username, '123456') hashed_password = Users.get_user_by_username(username).password errors = Users.reset_user_password(username, '234567') assert errors == [] new_hashed_password = Users.get_user_by_username(username).password assert hashed_password != new_hashed_password
def test_verify_password(self, testdir_class, test_utils): testdir_class.activate() username = test_utils.random_string(5) password = '******' Users.create_user(username, password) user = Users.get_user_by_username(username) assert user.password != password assert user.verify_password(password) assert not user.verify_password('invalid_password')
def test_verify_auth_token(self, testdir_class, test_utils): testdir_class.activate() username = test_utils.random_string(5) password = '******' Users.create_user(username, password) app = create_app() token = Users.get_user_by_username(username).generate_auth_token( app.secret_key) user = Users.verify_auth_token(app.secret_key, token) assert user.username == username
def create_test_directory(testdir): file_manager.create_directory(path_list=[testdir], add_init=True) file_manager.create_directory(path_list=[testdir, 'projects'], add_init=True) file_manager.create_directory(path_list=[testdir, 'drivers'], add_init=False) settings_manager.create_global_settings_file(testdir) create_testdir_golem_file(testdir) session.testdir = testdir Users.create_super_user('admin', 'admin')
def test_edit_user_remove_all_superuser_permissions( self, testdir_function): """Cannot edit a user and remove superuser permissions if it's the only superuser available """ testdir_function.activate() assert len(Users.users()) == 1 Users.create_user('standard', '123456') assert len(Users.users()) == 2 errors = Users.edit_user('admin', new_is_superuser=False) assert errors == ['Cannot remove Superuser permission for this user']
def test_verify_auth_token_expired_token(self, testdir_class, test_utils): testdir_class.activate() username = test_utils.random_string(5) password = '******' Users.create_user(username, password) app = create_app() user = Users.get_user_by_username(username) token = user.generate_auth_token(app.secret_key, expiration=1) time.sleep(2) with pytest.raises(SignatureExpired): Users.verify_auth_token(app.secret_key, token)
def test_edit_user(self, testdir_class, test_utils): testdir_class.activate() username = test_utils.random_string(5) email = test_utils.random_email() Users.create_user(username, '123456', email) new_username = test_utils.random_string(5) new_email = test_utils.random_email() errors = Users.edit_user(username, new_username, new_email) assert errors == [] user = Users.get_user_by_username(new_username) assert user.email == new_email
def test_create_superuser_command(self, testdir_class, test_utils, capsys): testdir_class.activate() username = test_utils.random_string(5) email = test_utils.random_email() password = test_utils.random_string(5) commands.createsuperuser_command(username, email, password, no_input=True) out, err = capsys.readouterr() assert f'Superuser {username} was created successfully.' in out assert Users.user_exists(username) user = Users.get_user_by_username(username) assert user.email == email
def user_get(): _verify_permissions(Permissions.SUPER_USER) username = request.args['username'] user = Users.get_user_dictionary(username) if user: del user['password'] return jsonify(user)
def createsuperuser_command(username, email, password, no_input=False): if no_input: if username is None or password is None: sys.exit( 'Error: --username and --password are required for --noinput.') else: try: while True: username = input('Username: '******'Email address (optional): ').strip() if email and not utils.validate_email(email): print('Error: Enter a valid email address.') else: break while True: password = input('Password: '******'Password (again): ') if not len(password): print('Error: Blank passwords are not allowed.') elif password != repeat_password: print('Error: The passwords did not match.') else: break except KeyboardInterrupt: sys.exit('Cancelled.') errors = Users.create_super_user(username, password, email) if errors: for error in errors: print('Error: {}'.format(error)) exit(1) else: print('Superuser {} was created successfully.'.format(username))
def user_reset_user_password(): username = request.json['username'] if username == current_user.username: new_password = request.json['newPassword'] errors = Users.reset_user_password(username, new_password) else: errors = ['Cannot change current user password'] return jsonify({'errors': errors})
def auth_token(): username = request.json['username'] password = request.json['password'] user = Users.get_user_by_username(username=username) if user is None: abort(401, 'User does not exist') elif not user.verify_password(password): abort(401, 'Incorrect password') else: token = user.generate_auth_token(current_app.secret_key) return jsonify(token.decode())
def test_create_superuser_command_no_email(self, testdir_class, test_utils): testdir_class.activate() username = test_utils.random_string(5) password = test_utils.random_string(5) commands.createsuperuser_command(username, None, password, no_input=True) user = Users.get_user_by_username(username) assert user.email is None
def users_new(): username = request.json['username'] email = request.json['email'] password = request.json['password'] is_superuser = request.json['isSuperuser'] _verify_permissions(Permissions.SUPER_USER) project_permissions_raw = request.json['projectPermissions'] project_permissions = {} for project_permission in project_permissions_raw: project_permissions[project_permission['project']] = project_permission['permission'] errors = Users.create_user(username, password, email, is_superuser, project_permissions) return jsonify(errors)
def users_edit(): old_username = request.json['oldUsername'] new_username = request.json['newUsername'] email = request.json['email'] is_superuser = request.json['isSuperuser'] project_permissions_raw = request.json['projectPermissions'] _verify_permissions(Permissions.SUPER_USER) project_permissions = {} if project_permissions_raw is not None: for p in project_permissions_raw: project_permissions[p['project']] = p['permission'] errors = Users.edit_user(old_username, new_username, email, is_superuser, project_permissions) return jsonify(errors)
def test_refresh_users(self, testdir_function): testdir_function.activate() user1 = Users.generate_user_dictionary('01', 'username01', '123', None, True, []) user2 = Users.generate_user_dictionary('02', 'username02', '123', None, True, []) assert len(Users.users()) == 1 with open(Users.file_path(), 'w') as f: json.dump([user1, user2], f) Users.refresh_users() assert len(Users.users()) == 2
def test_create_users_file(self, testdir_function): testdir_function.activate() os.remove(Users.file_path()) Users.create_users_file() assert os.path.isfile(Users.file_path()) with open(Users.file_path()) as f: assert f.read() == '[]' assert Users.users() == []
def decorated_view(*args, **kwargs): if not current_user.is_authenticated: token = request.headers.get('token', None) if token: try: user = Users.verify_auth_token(current_app.secret_key, token) request.api_user = user except BadSignature: abort(401, 'Token did not match') except SignatureExpired: abort(401, 'Signature Expired') except Exception: abort(401, 'Unknown error') else: abort(400, 'Missing token') return func(*args, **kwargs)
def test_create_user_password_is_hashed(self, testdir_class, test_utils): testdir_class.activate() username = test_utils.random_string(5) password = '******' Users.create_user(username, password) assert Users.get_user_by_username(username).password != password