def test_registered_reviewer_can_login(client, registrant, monkeypatch):
monkeypatch.setitem(app.config, 'REVIEWING_ALLOWED', True)
user = User.query.filter_by(email=registrant['email']).all()
assert len(user) == 0
add_new_user(registrant)
user = User.query.filter_by(email=registrant['email']).all()
assert len(user) == 1
user = user[0]
assert user.email == registrant['email']
assert user.passphrase == hash_passphrase(registrant['passphrase'])
assert user.role == Role.user
user.role = Role.reviewer
db.session.commit()
post_and_check_content(
client,
'/login',
json.dumps({
'email': registrant['email'],
'passphrase': registrant['passphrase']
}),
'application/json',
includes=('login_success', ),
excludes=(),
)
get_and_check_content(
client,
'/login_success',
includes=(' – Login Successful', 'Login successful', logout_menu_item,
registration_update_menu_item),
excludes=(login_menu_item, my_proposals_menu_item, register_menu_item,
submit_menu_item),
)
def test_user_can_register(client, registrant, monkeypatch):
monkeypatch.setitem(app.config, 'CALL_OPEN', True)
user = User.query.filter_by(email=registrant['email']).all()
assert len(user) == 0
post_and_check_content(
client,
'/register',
json.dumps(registrant),
'application/json',
includes=('register_success', ),
excludes=(
login_menu_item,
register_menu_item,
),
)
get_and_check_content(
client,
'/register_success',
includes=(' – Registration Successful',
'You have successfully registered', login_menu_item,
register_menu_item),
excludes=(logout_menu_item, my_proposals_menu_item,
registration_update_menu_item, submit_menu_item),
)
user = User.query.filter_by(email=registrant['email']).all()
assert len(user) == 1
assert user[0].email == registrant['email']
assert user[0].passphrase == hash_passphrase(registrant['passphrase'])
def test_ensure_registration_and_login(client, registrant, monkeypatch):
monkeypatch.setitem(app.config, 'CALL_OPEN', True)
user = User.query.filter_by(email=registrant['email']).all()
assert len(user) == 0
post_and_check_content(
client,
'/register',
json.dumps(registrant),
'application/json',
includes=('register_success', ),
excludes=(),
)
user = User.query.filter_by(email=registrant['email']).all()
assert len(user) == 1
assert user[0].passphrase == hash_passphrase(registrant['passphrase'])
post_and_check_content(
client,
'/login',
json.dumps({
'email': registrant['email'],
'passphrase': registrant['passphrase']
}),
'application/json',
includes=('login_success', ),
excludes=(),
)
get_and_check_content(
client,
'/login_success',
includes=(' – Login Successful', 'Login successful'),
excludes=(),
)
def registration_update():
check = utils.is_acceptable_route()
if not check[0]:
return check[1]
assert check[1] is None
if not utils.is_logged_in():
return redirect('/')
user = User.query.filter_by(email=session['email']).first()
if request.method == 'POST':
registration_data = request.json
status, message = validate_registration_data(registration_data)
if not status:
# NB This should never be executed.
response = jsonify(message)
response.status_code = 400
return response
for field in registration_data.keys():
if field == 'passphrase':
if registration_data['passphrase']:
user.passphrase = utils.hash_passphrase(
registration_data['passphrase'])
elif field in user.__dict__ and user.__dict__[
field] != registration_data[field]:
user.__dict__[field] = registration_data[field]
db.session.commit()
session['just_updated_register'] = True
return jsonify('registration_update_success')
return render_template('register.html',
page=utils.md(
base_page, {
'pagetitle':
'Registration Details Updating',
'data':
Markup('''
Here you can edit your registration information.
</p>
<p>
If you do not wish to make any changes just navigate away from this page. There
is no specific button for "leave things as they are" that is the default action.
(Or rather inaction.)
'''),
'email':
user.email,
'name':
user.name,
'phone':
user.phone,
'country':
user.country,
'submit_button':
'Save',
'passphrase_required':
'false',
'countries':
sorted(countries),
}))
def register():
check = utils.is_acceptable_route()
if not check[0]:
return check[1]
assert check[1] is None
if utils.is_logged_in():
return redirect('/')
if request.method == 'POST':
registration_data = request.json
status, message = validate_registration_data(registration_data)
if not status:
# NB This should never be executed.
response = jsonify(message)
response.status_code = 400
return response
if not registration_data['passphrase']:
# NB This should never be executed.
response = jsonify('No passphrase for new registration.')
response.status_code = 400
return response
if User.query.filter_by(email=registration_data['email']).first():
# Currently this can happen as client-site checking is not implemented.
# TODO implement client side checking so this becomes redundant.
response = jsonify('The email address is already in use.')
response.status_code = 400
return response
registration_data['passphrase'] = utils.hash_passphrase(
registration_data['passphrase'])
db.session.add(User(**registration_data))
db.session.commit()
session['just_registered'] = True
return jsonify('register_success')
default_country = 'United Kingdom'
assert default_country in countries
return render_template(
'register.html',
page=utils.md(
base_page, {
'pagetitle':
'Register',
'data':
'Register here for submitting proposals to the ACCU {} Conference'
.format(year),
'submit_button':
'Register',
'passphrase_required':
'true',
'country':
default_country,
'countries':
sorted(countries),
}))
def register_reviewer():
registration_data = request.json
status, message = validate_registration_data(registration_data)
if not status:
raise ValueError(message)
if not registration_data['passphrase']:
raise ValueError('No passphrase for new registration.')
if User.query.filter_by(email=registration_data['email']).first():
raise ValueError('The email address is already in use.')
registration_data['passphrase'] = utils.hash_passphrase(
registration_data['passphrase'])
registration_data['role'] = Role.reviewer
db.session.add(User(**registration_data))
db.session.commit()
return jsonify('Reviewer added.')
def validate_login_data(login_data):
if not login_data:
return False, 'No JSON data returned.'
mandatory_keys = ['email', 'passphrase']
missing_keys = [key for key in mandatory_keys if key not in login_data]
if missing_keys:
return False, 'Missing keys in registration data: {}'.format(
missing_keys)
if not is_valid_email(login_data['email']):
return False, 'The email address is invalid.'
user = User.query.filter_by(email=login_data['email']).first()
if not user or user.passphrase != hash_passphrase(
login_data['passphrase']):
return False, 'User/passphrase not recognised.'
return user, None
def replace_passphrase_of_user(email, passphrase):
"""Replace the passphrase of the user.
:param email: email of the user of whom to replace the passphrase
:param passphrase: the plain text passphrase to use as the replacement
"""
user = User.query.filter_by(email=email).all()
if len(user) != 1:
click.echo(click.style('Something wrong with email', fg='red'))
else:
user = user[0]
# Shell and Click between them conspire to create a tuple from the space separted passphrase.
passphrase = ' '.join(passphrase)
click.echo(click.style('Replacing previous passphrase with "{}"'.format(passphrase), fg='green'))
user.passphrase = hash_passphrase(passphrase)
click.echo(click.style('Generated {}'.format(user.passphrase), fg='yellow'))
db.session.commit()
def test_user_can_register(client, registrant, monkeypatch):
monkeypatch.setitem(app.config, 'CALL_OPEN', True)
monkeypatch.setitem(app.config, 'MAINTENANCE', False)
user = User.query.filter_by(email=registrant['email']).all()
assert len(user) == 0
post_and_check_content(
client,
'/register',
json.dumps(registrant),
'application/json',
includes=('register_success_new', ),
excludes=(
login_menu_item,
register_menu_item,
),
)
user = User.query.filter_by(email=registrant['email']).all()
assert len(user) == 1
assert user[0].email == registrant['email']
assert user[0].passphrase == hash_passphrase(registrant['passphrase'])
def validate_login_data(login_data):
"""Check some aspects of putative login details.
Return a pair with the zero element being a Boolean determining whether validation
has been successful, the one element is a message in the case of failure and "validated"
in the case of success.
"""
if not login_data:
return False, 'No JSON data returned.'
mandatory_keys = ['email', 'passphrase']
missing_keys = [key for key in mandatory_keys if key not in login_data]
if missing_keys:
return False, 'Missing keys in registration data: {}'.format(
missing_keys)
if not is_valid_email(login_data['email']):
return False, 'The email address is invalid.'
user = User.query.filter_by(email=login_data['email']).first()
if not user or user.passphrase != hash_passphrase(
login_data['passphrase']):
return False, 'User/passphrase not recognised.'
return user, None
def test_hash_passphrase():
assert utils.hash_passphrase(
'Hello World.'
) == 'fee4e02329c0e1c9005d0590f4773d8e519e0cda859775ac9c83641e3a960c57e7ad461354e4860722b6e3c161e493e04f5ef07d9169ff7bdab659d6a57cc316'
def add_new_user(user_details):
"""Given a dictionary of user details create a user in the data base."""
user = User(**user_details)
user.passphrase = hash_passphrase(user.passphrase)
db.session.add(user)
db.session.commit()
def register():
check = utils.is_acceptable_route()
if not check[0]:
return check[1]
assert check[1] is None
user = User.query.filter_by(
email=session['email']).first() if utils.is_logged_in() else None
edit_mode = bool(user)
if request.method == 'POST':
registration_data = request.json
status, message = validate_registration_data(registration_data)
if not status:
# NB This should never be executed.
response = jsonify(message)
response.status_code = 400
return response
if not edit_mode:
if not registration_data['passphrase']:
# NB This should never be executed.
response = jsonify('No passphrase for new registration.')
response.status_code = 400
return response
if User.query.filter_by(email=registration_data['email']).first():
# Currently this can happen as client-site checking is not implemented.
# TODO implement client side checking so this becomes redundant.
response = jsonify('The email address is already in use.')
response.status_code = 400
return response
if registration_data['passphrase']:
registration_data['passphrase'] = utils.hash_passphrase(
registration_data['passphrase'])
if edit_mode:
User.query.filter_by(
email=registration_data['email']).update(registration_data)
db.session.commit()
return jsonify('register_success_update')
db.session.add(User(**registration_data))
db.session.commit()
return jsonify('register_success_new')
else:
return render_template(
'register.html',
page=utils.md(
base_page,
{
'email':
user.email if edit_mode else '',
'name':
user.name if edit_mode else '',
'phone':
user.phone if edit_mode else '',
'street_address':
user.street_address if edit_mode else '',
'town_city':
user.town_city if edit_mode else '',
'state':
user.state if edit_mode else '',
'postal_code':
user.postal_code if edit_mode else '',
'country':
user.country
if edit_mode else 'GBR', # UK shall be the default
'title':
'Account Information' if edit_mode else 'Register',
'data':
'Here you can edit your account information'
if edit_mode else
'Register here for submitting proposals to ACCU Conference',
'submit_button':
'Save' if edit_mode else 'Register',
'countries':
sorted(list(countries.keys())),
}))