def test_create_chat_in_put_data_event(self):
with self.app.test_client() as client1, self.app.test_client() as client2:
self.init_two_clients(client1, client2)
socket_io_client1, socket_io_client2 = self.get_socket_io_clients(client1, client2)
socket_io_client1.emit('enter_room', namespace=self.events_namespace)
socket_io_client2.emit('enter_room', namespace=self.events_namespace)
result = db.session.execute(select(chats))
self.assertEqual(len(result.all()), 0)
result.close()
self.assertFalse(User.is_chat_between(1, 2))
self.assertEqual(User.is_chat_between.cache_info().currsize, 1)
socket_io_client1.emit('put_data',
{'message': 'test_message', 'timestamp_milliseconds': time.time() * 1000},
namespace=self.events_namespace)
self.assertEqual(User.is_chat_between.cache_info().currsize, 0)
result = db.session.execute(select(chats))
self.assertEqual(len(result.all()), 1)
result.close()
self.assertTrue(User.is_chat_between(1, 2))
self.assertTrue(User.is_chat_between(2, 1))
self.assertEqual(User.is_chat_between.cache_info().currsize, 2)
User.is_chat_between.cache_clear()
self.assertTrue(User.is_chat_between(1, 2))
socket_io_client2.emit('put_data',
{'message': 'test_message2', 'timestamp_milliseconds': time.time() * 1000},
namespace=self.events_namespace)
self.assertEqual(User.is_chat_between.cache_info().currsize, 2)
result = db.session.execute(select(chats))
self.assertEqual(len(result.all()), 1)
result.close()
self.assertTrue(User.is_chat_between(2, 1))
self.assertEqual(User.is_chat_between.cache_info().currsize, 2)
def test_chat_messages_list_post(self):
self.init_main_user()
self.register_users(1)
User.create_chat(1, 2)
db.session.commit()
self.assertEqual(db.session.query(Message).count(), 0)
response = self.test_client.post('/api/chats/1/messages', json={'texts': ['first']},
headers=self.basic_auth_header)
self.assertEqual(response.status_code, 201)
data = response.json
self.assertTrue(data['user_id'] == 1 and data['chat_id'] == 1)
self.assertEqual(db.session.query(Message).count(), 1)
message = Message.query.first()
self.assertTrue(
message.text == 'first' and message.sender_id == 1 and message.receiver_id == 2 and message.chat_id == 1)
response = self.test_client.post('/api/chats/1/messages', json={'texts': ['second', 'third', 'fourth']},
headers=self.bearer_auth_header)
self.assertEqual(response.status_code, 201)
data = response.json
self.assertTrue(data['user_id'] == 1 and data['chat_id'] == 1)
self.assertEqual(db.session.query(Message).count(), 4)
new_messages = Message.query.all()[1:]
self.assertTrue(
new_messages[0].text == 'second' and new_messages[1].text == 'third' and new_messages[2].text == 'fourth')
def test_chats_list(self):
self.init_main_user()
self.register_users(3)
User.create_chat(1, 2)
User.create_chat(1, 3)
db.session.commit()
self.assertEqual(db.session.query(chats).count(), 2)
response = self.test_client.get('/api/chats', headers=self.bearer_auth_header)
self.assertEqual(response.status_code, 200)
data = response.json
self.assertEqual(data['user_id'], 1)
self.assertEqual(len(data['data']), 2)
chat1, chat2 = data['data']
self.assertTrue(chat1['chat_id'] == 1 and chat1['user1_id'] == 1 and chat1['user2_id'] == 2)
self.assertTrue(chat2['chat_id'] == 2 and chat2['user1_id'] == 1 and chat2['user2_id'] == 3)
response = self.test_client.post('/api/chats', json={'companion_id': 4}, headers=self.bearer_auth_header)
self.assertEqual(response.status_code, 201)
self.assertEqual(db.session.query(chats).count(), 3)
data = response.json
self.assertTrue(data['user_id'] == 1 and data['companion_id'] == 4 and data['chat_id'] == 3)
response = self.test_client.get('/api/chats', headers=self.bearer_auth_header)
self.assertEqual(response.status_code, 200)
data = response.json
self.assertEqual(len(data['data']), 3)
chat3 = data['data'][2]
self.assertTrue(chat3['chat_id'] == 3 and chat3['user1_id'] == 1 and chat3['user2_id'] == 4)
response = self.test_client.post('/api/chats', json={'companion_id': 4}, headers=self.bearer_auth_header)
self.assertEqual(response.status_code, 400)
def test_return_chat_or_abort(self):
users = init_users(2)
User.create_chat(1, 2)
db.session.add_all(users)
db.session.commit()
chat = return_chat_or_abort(1)
self.assertEqual(chat.user1_id, 1)
self.assertEqual(chat.user2_id, 2)
with self.assertRaises(NotFound):
return_chat_or_abort(2)
def test_abort_if_not_a_participant(self):
users = init_users(3)
User.create_chat(1, 2)
User.create_chat(2, 3)
db.session.add_all(users)
with self.assertRaises(Forbidden):
abort_if_not_a_participant(1, return_chat_or_abort(2))
try:
abort_if_not_a_participant(2, return_chat_or_abort(2))
except Forbidden:
self.fail(msg="403 error must not have been raised")
def testfunctionhashpassword(self):
new_user = User(
username='******',
email='*****@*****.**',
password='******',
role=1,
status=1
)
db.session.add(new_user)
db.session.commit()
self.assertTrue(new_user.check_password('test'))
def test_reset_password_expired_get(self):
user = User(email='*****@*****.**',
username='******',
password_hash='123')
db.session.add(user)
db.session.commit()
token = user.get_reset_password_token(0.5)
time.sleep(1)
response = self.test_client.get(
f'/authentication/reset_password/{token}')
self.assertEqual(response.status_code, 200)
self.assertTrue('<title>Expired</title>' in response.data.decode())
def delete(self, chat_id: int):
"""Deletes the certain chat with a given id."""
current_user_id = g.user.user_id
chat = return_chat_or_abort(chat_id)
abort_if_not_a_participant(current_user_id, chat)
Message.delete_messages(chat_id=chat_id)
User.delete_chat(chat_id=chat_id)
db.session.commit()
return {
'user_id': current_user_id,
'chat_id': chat_id,
'message': 'Chat was successfully deleted'
}, 200
def test_generate_token(self):
user = User(
username='******',
email='*****@*****.**',
password='******',
role=1,
status=1
)
db.session.add(user)
db.session.commit()
with app.test_request_context():
token = user.generate_token()
self.assertTrue(user.verify_token(token) == user)
def register_user():
form = RegistrationForm()
if current_user.is_authenticated:
flash('you are already registered')
return redirect(url_for('main.display_books'))
if form.validate_on_submit():
User.create_user(
user=form.name.data,
email=form.email.data,
password=form.password.data)
flash('Registration Successful')
return redirect(url_for('authentication.do_the_login'))
return render_template('registration.html', form=form)
def test_get_more_messages(self):
messages_limit = self.app.config['MESSAGES_PER_LOAD_EVENT']
with self.app.test_client() as client1, self.app.test_client() as client2:
self.init_two_clients(client1, client2)
socket_io_client1, socket_io_client2 = self.get_socket_io_clients(client1, client2)
socket_io_client1.emit('enter_room', namespace=self.events_namespace)
socket_io_client2.emit('enter_room', namespace=self.events_namespace)
User.create_chat(1, 2)
# erase status messages
socket_io_client1.get_received(namespace=self.events_namespace)
socket_io_client2.get_received(namespace=self.events_namespace)
number_of_messages = 15
db.session.add_all(
[Message(text=str(figure), sender_id=1, receiver_id=2) for figure in range(number_of_messages)])
db.session.commit()
self.assertEqual(len(Message.query.all()), number_of_messages)
for messages_offset in range(0, number_of_messages):
socket_io_client1.emit('get_more_messages', {'messages_offset': messages_offset},
namespace=self.events_namespace)
received1 = socket_io_client1.get_received(self.events_namespace)
received2 = socket_io_client2.get_received(self.events_namespace)
self.assertEqual(len(received2), 0)
self.assertEqual(len(received1), 1)
received_data = received1[0]['args'][0]
self.assertTrue(received_data['messages_number'] <= messages_limit)
self.assertEqual(received_data['messages_number'],
number_of_messages - messages_offset if number_of_messages - messages_offset <= messages_limit else messages_limit)
messages_offset = 10
socket_io_client1.emit('get_more_messages', {'messages_offset': messages_offset},
namespace=self.events_namespace)
received1 = socket_io_client1.get_received(self.events_namespace)
received_messages = received1[0]['args'][0]['messages']
for message, message_text in zip(received_messages, reversed(range(
number_of_messages - messages_offset if number_of_messages - messages_offset <= messages_limit else messages_limit))):
self.assertTrue(message['is_current_user'])
self.assertEqual(message['message_text'], str(message_text))
messages_offset = 10
socket_io_client2.emit('get_more_messages', {'messages_offset': messages_offset},
namespace=self.events_namespace)
received2 = socket_io_client2.get_received(self.events_namespace)
received_messages = received2[0]['args'][0]['messages']
for message in received_messages:
self.assertFalse(message['is_current_user'])
def get_user():
"""Get the password from env vars or a default."""
username = environ.get('SEED_USER_USERNAME', 'bchrobot')
email = environ.get('SEED_USER_EMAIL', '*****@*****.**')
password = environ.get('SEED_USER_PASSWORD', 'Foobar22')
new_user = User(
username=username,
email=email,
user_type='user',
)
new_user.password_authentication = PasswordAuthentication(
password=password)
return new_user
def test_verify_token(self):
user = User(
username='******',
email='*****@*****.**',
password='******',
role=1,
status=1
)
db.session.add(user)
db.session.commit()
usertest = User.query.filter(User.username == 'Testuser').first()
with app.test_request_context():
token = user.generate_token(expiration=10)
self.assertIs(user.verify_token(token), user)
self.assertIsNot(user, usertest.verify_token(token))
def article_update():
if 'token' not in session:
flash(u'You Need Login', 'error')
return redirect(url_for('auth.signin'))
user = User.verify_token(session['token'])
if user is None:
return redirect(url_for('auth.signin'))
form = ArticleUpdateForm()
if request.method == 'POST':
if form.validate_on_submit():
section = str(form.section.data)
section = section[section.find("'") + 1: section.find(">") - 1]
my_article = Article.find_by_id(form.id_article.data)
my_article.section_name = section
my_article.title = form.title.data
my_article.body = form.body.data
db.session.commit()
return 'update realizado'
else:
id_article = request.args.get('id')
my_article = Article.find_by_id(id_article)
if user.username != my_article.user_name:
return 'No tiene permisos'
form.id_article.data = id_article
form.user_name.data = my_article.user_name
form.title.data = my_article.title
form.body.data = my_article.body
form.section.data = my_article.section
return render_template('article/update.html', form=form)
def signup():
new_user = request.json
phone = new_user['phone']
email = new_user['email']
country = new_user['country']
name = new_user['name']
region = new_user['region']
district = new_user['district']
password = new_user['password']
status = new_user['status']
if user_exist_by_contact(phone):
return jsonify(error_return(301, 'user with phone already exists'))
if user_exist_by_email(email):
return jsonify(
error_return(301, 'user with email address already exists'))
hashed_password = generate_password_hash(password)
new_user_data = User(country, region, district, phone, name, email,
hashed_password, status)
db.session.add(new_user_data)
db.session.commit()
return jsonify(success_return(201, {'name': name, 'phone': phone}))
def test_register(self):
self.assertEqual(len(User.query.all()), 0)
response = self.test_client.post('/api/register', json={'email': '*****@*****.**', 'username': '******',
'name': 'test_name', 'password': '******'})
self.assertEqual(response.status_code, 201)
self.assertEqual(len(User.query.all()), 1)
user = User.get_user_by_id(1)
self.assertTrue(
user.email == '*****@*****.**' and user.username == 'test_username' and user.name == 'test_name' and
user.verify_password('12345678'))
# an existing email
response = self.test_client.post('/api/register', json={'email': '*****@*****.**', 'username': '******',
'name': 'test_name', 'password': '******'})
self.assertEqual(response.status_code, 400)
# an existing username
response = self.test_client.post('/api/register', json={'email': '*****@*****.**', 'username': '******',
'name': 'test_name', 'password': '******'})
self.assertEqual(response.status_code, 400)
# an invalid email
response = self.test_client.post('/api/register', json={'email': 'test-gmail.com', 'username': '******',
'name': 'test_name', 'password': '******'})
self.assertEqual(response.status_code, 400)
# an invalid username
response = self.test_client.post('/api/register', json={'email': '*****@*****.**', 'username': '******',
'name': 'test_name', 'password': '******'})
self.assertEqual(response.status_code, 400)
# an invalid name
response = self.test_client.post('/api/register', json={'email': '*****@*****.**', 'username': '******',
'name': 'te', 'password': '******'})
self.assertEqual(response.status_code, 400)
# an invalid password
response = self.test_client.post('/api/register', json={'email': '*****@*****.**', 'username': '******',
'name': 'test', 'password': '******'})
self.assertEqual(response.status_code, 400)
def test_basic_or_bearer_authorization_required(self):
self.init_main_user()
user = User.get_user_by_id(1)
basic = {'Authorization': f'Basic {base64.b64encode(f"{user.email}:12345678".encode()).decode()}'}
self.assertEqual(self.test_client.get('/api/token', headers=basic).status_code, 200)
basic_not_existing_email = {
'Authorization': f'Basic {base64.b64encode(f"[email protected]:12345678".encode()).decode()}'}
response = self.test_client.get('/api/token', headers=basic_not_existing_email)
self.assertEqual(response.status_code, 401)
self.assertEqual(response.json['message'], 'Wrong login! Maybe, you have not been registered')
basic_wrong_password = {
'Authorization': f'Basic {base64.b64encode(f"{user.email}:wrong".encode()).decode()}'}
response = self.test_client.get('/api/token', headers=basic_wrong_password)
self.assertEqual(response.status_code, 401)
self.assertEqual(response.json['message'], 'Wrong password! Try again')
token = user.get_authentication_token(0.5)
time.sleep(1)
bearer_expired_token = {'Authorization': f'Bearer {token}'}
response = self.test_client.get('/api/token', headers=bearer_expired_token)
self.assertEqual(response.status_code, 401)
self.assertEqual(response.json['message'], 'Your authentication token period has expired')
token = user.get_authentication_token()
bearer_bad_token = {'Authorization': f'Bearer {token + "salt"}'}
response = self.test_client.get('/api/token', headers=bearer_bad_token)
self.assertEqual(response.status_code, 401)
self.assertEqual(response.json['message'], 'Authentication token is not valid')
response_without_auth = self.test_client.get('/api/token')
self.assertEqual(response_without_auth.status_code, 403)
self.assertEqual(response_without_auth.json['message'],
'To access use Basic (base64) or Bearer (jwt) http authorization')
def recognize_logged_in_user():
"""Before each request to the server the function takes user id from the session, receives user instance by the id
and add him to flask application context variable. So, each view has an access to the current logged in user"""
current_user_id = session.get('current_user_id')
user = User.get_user_by_id(
current_user_id) if current_user_id is not None else None
setattr(g, 'user', user)
def return_user_or_abort(user_id: int) -> 'User':
"""Returns user model instance if it exists, else - makes abort"""
try:
return User.get_user_by_id(user_id)
except UserNotFoundByIndexError:
logger.info('Abort because user was not found')
abort(404, message=f'User {user_id} does not exist')
def test_update(self):
self.init_main_user()
user = User.get_user_by_id(1)
self.assertEqual(user.username, 'main_username')
self.assertEqual(user.name, 'main_name')
response = self.test_client.post('/api/update', json={'name': 'new_name'}, headers=self.basic_auth_header)
self.assertEqual(response.status_code, 202)
self.assertEqual(user.name, 'new_name')
self.assertEqual(response.json['name'], 'new_name')
response = self.test_client.post('/api/update', json={'username': '******'},
headers=self.bearer_auth_header)
self.assertEqual(response.status_code, 202)
self.assertEqual(user.username, 'new_username')
self.assertEqual(response.json['username'], 'new_username')
response = self.test_client.post('/api/update', json={'name': 'old_name', 'username': '******'},
headers=self.bearer_auth_header)
self.assertEqual(response.status_code, 202)
self.assertEqual(user.name, 'old_name')
self.assertEqual(user.username, 'old_username')
self.assertEqual(response.json['name'], 'old_name')
self.assertEqual(response.json['username'], 'old_username')
response = self.test_client.post('/api/update', json={'name': 'old_name'}, headers=self.basic_auth_header)
self.assertEqual(response.status_code, 400)
self.assertEqual(response.json['message'], 'Nothing was updated')
response = self.test_client.post('/api/update', json={'username': '******'},
headers=self.bearer_auth_header)
self.assertEqual(response.status_code, 400)
self.assertEqual(response.json['message'], 'Nothing was updated')
def post(self):
parser = reqparse.RequestParser()
parser.add_argument('username')
parser.add_argument('password')
parser.add_argument('email')
parser.add_argument('displayName')
args = parser.parse_args()
permissions = 2
rows = db.session.query(User).count()
if (rows == 0):
permissions = 0
test_user = User.query.get(args.username)
if (test_user is not None):
return "{'registrationError': true, 'userExists': true}", 409
password = bcrypt_sha256.hash(args.password)
try:
user = User(args.username, password, args.displayName, args.email,
None, None, permissions)
db.session.add(user)
setting = Setting("configured", "true")
db.session.add(setting)
db.session.commit()
except InvalidRequestError:
return "{'registrationError': true, 'databaseError': true}", 409
return "{'registrationError': false}", 201
def __init__(self, *args, **kwargs):
sender_id = kwargs.get('sender_id')
receiver_id = kwargs.get('receiver_id')
if not User.is_chat_between(sender_id, receiver_id):
logger.info('Message __init__ is making a chat between users')
User.create_chat(sender_id, receiver_id)
if 'chat_id' not in kwargs:
self.chat_id = User.get_chat_id_by_users_ids(
sender_id, receiver_id)
else:
if not kwargs.get('chat_id') == User.get_chat_id_by_users_ids(
sender_id, receiver_id):
logger.critical(
"Chat id in message __init__ turned out to be wrong somehow"
)
raise AssertionError
super().__init__(*args, **kwargs)
def article_views():
if 'token' not in session:
flash(u'You Need Login', 'error')
return redirect(url_for('auth.signin'))
user = User.verify_token(session['token'])
if user is None:
return redirect(url_for('auth.signin'))
article = Article.find_by_author(user.username)
return render_template("article/views.html", article=article)
def get(self, token):
"""Checks token and if it is right, allows user to visit the page and fill out the form"""
try:
user = User.get_user_by_reset_password_token(token)
except SignatureExpired:
return render_template(
'authentication/reset_password_expired.html')
except BadSignature:
abort(404)
return render_template('authentication/reset_password.html', user=user)
def profile():
if 'token' not in session:
return redirect(url_for('auth.signin'))
user = User.verify_token(session['token'])
if user is None:
flash(u'Token Time Out', 'error')
return redirect(url_for('auth.signin'))
else:
return render_template('authentication/profile.html')
def test_get_user_chats_and_last_messages(self):
users = init_users(5)
User.create_chat(1, 2)
User.create_chat(1, 3)
User.create_chat(1, 4)
User.create_chat(2, 3)
db.session.add_all(users)
m1 = Message(text='m1', sender_id=1, receiver_id=2)
m2 = Message(text='m2', sender_id=2, receiver_id=1)
m3 = Message(text='m3', sender_id=1, receiver_id=2)
m4 = Message(text='m4', sender_id=1, receiver_id=3)
m5 = Message(text='m5', sender_id=3, receiver_id=1)
m6 = Message(text='m6', sender_id=1, receiver_id=4)
m7 = Message(text='m7', sender_id=2, receiver_id=3)
m8 = Message(text='m8', sender_id=3, receiver_id=2)
db.session.add_all([m1, m2, m3, m4, m5, m6, m7, m8])
db.session.commit()
chats1 = get_uc(1).all()
self.assertEqual(len(chats1), 3)
self.assertEqual(chats1[0][0], 'user4')
self.assertEqual(chats1[1][0], 'user3')
self.assertEqual(chats1[2][0], 'user2')
self.assertEqual(chats1[0][2], 'm6')
self.assertEqual(chats1[1][2], 'm5')
self.assertEqual(chats1[2][2], 'm3')
chats2 = get_uc(2).all()
self.assertEqual(len(chats2), 2)
self.assertEqual(chats2[0][0], 'user3')
self.assertEqual(chats2[1][0], 'user1')
self.assertEqual(chats2[0][2], 'm8')
self.assertEqual(chats2[1][2], 'm3')
chats3 = get_uc(3).all()
self.assertEqual(len(chats3), 2)
self.assertEqual(chats3[0][0], 'user2')
self.assertEqual(chats3[1][0], 'user1')
self.assertEqual(chats3[0][2], 'm8')
self.assertEqual(chats3[1][2], 'm5')
chats4 = get_uc(4).all()
self.assertEqual(len(chats4), 1)
self.assertEqual(chats4[0][0], 'user1')
self.assertEqual(chats4[0][2], 'm6')
chats5 = get_uc(5).all()
self.assertEqual(len(chats5), 0)
def test_token(self):
self.test_client.post('/api/register', json={'email': '*****@*****.**', 'username': '******',
'name': 'test_name', 'password': '******'})
response = self.test_client.get('/api/token', headers={
'Authorization': f'Basic {base64.b64encode(b"[email protected]:12345678").decode()}'})
self.assertEqual(response.status_code, 200)
data = response.json
self.assertEqual(data['expires_in'], current_app.config['AUTHENTICATION_TOKEN_DEFAULT_EXPIRES_IN'])
self.assertEqual(User.get_user_by_authentication_token(data['token']).email, '*****@*****.**')
response = self.test_client.get('/api/token', headers={'Authorization': f'Bearer {data["token"]}'})
self.assertEqual(response.status_code, 200)
def signup():
form = SignupForm()
if ('token' in session) and (User.verify_token(session['token'])):
return redirect(url_for('auth.profile'))
if request.method == 'POST':
if form.validate() is False:
return render_template("authentication/signup.html", form=form)
else:
new_user = User(form.username.data,
form.email.data,
form.password.data,
READ_ROLE + COMMENT_ROLE + WRITE_ROLE, 1)
db.session.add(new_user)
db.session.commit()
session['user_id'] = new_user.id
session['token'] = new_user.generate_token()
session['email'] = new_user.email
session['user_name'] = new_user.username
return redirect(url_for('auth.profile'))
elif request.method == 'GET':
return render_template("authentication/signup.html", form=form)
def change_pass():
token = request.args.get('token',None)
verified_result = User.verify_token_email(token)
if token and verified_result:
print verified_result
password_submit_form = ResetPasswordSubmit(request.form)
if password_submit_form.validate_on_submit():
verified_result.password = generate_password_hash(password_submit_form.password.data)
db.session.commit()
flash("password updated successfully")
return render_template('authentication/base.html')
return render_template("authentication/change_pass.html",form=password_submit_form)
def post(self):
"""Simple registration route. Any user can put his credentials and receive an answer. If everything is alright,
the user will be registered by system"""
parser = reqparse.RequestParser()
parser.add_argument('email', type=str, required=True)
parser.add_argument('username', type=str, required=True)
parser.add_argument('name', type=str, required=True)
parser.add_argument('password', type=str, required=True)
args = parser.parse_args()
email = args.get('email')
username = args.get('username')
name = args.get('name')
password = args.get('password')
try:
validate_email(email)
validate_length(
username,
3,
25,
error_message='Username length must be between 3 and 25 chars')
validate_length(
name,
3,
25,
error_message='Name length must be between 3 and 25 chars')
validate_password_length(password)
except ValidationError as error:
abort(400, message=error.message)
if User.query.filter_by(email=email).first():
abort(400, message=f"User '{email}' has been registered!")
elif User.query.filter_by(username=username).first():
abort(400,
message=
f"Username '{username}' is busy! Try putting another one")
else:
user = User(email=email, username=username, name=name)
user.set_password(password)
db.session.add(user)
db.session.commit()
return {'email': email, 'message': 'Successfully registered!'}, 201
def change_pass():
token = request.args.get("token", None)
verified_result = User.verify_token(token)
if token and verified_result:
print verified_result
password_submit_form = ResetPasswordSubmit(request.form)
if password_submit_form.validate_on_submit():
verified_result.password = generate_password_hash(password_submit_form.password.data)
db.session.commit()
flash("password updated successfully")
return redirect("users")
return render_template("change_pass.html", form=password_submit_form)
def test_user_chats_list(self):
with self.test_client as client:
client.post('/authentication/register',
data={
'email': '*****@*****.**',
'username': '******',
'name': 'Ann1',
'password1': 'Who am I',
'password2': 'Who am I'
},
follow_redirects=True)
client.post('/authentication/register',
data={
'email': '*****@*****.**',
'username': '******',
'name': 'Ann2',
'password1': 'Who am I',
'password2': 'Who am I'
},
follow_redirects=True)
client.post('/authentication/login',
data={
'email': '*****@*****.**',
'password': '******'
},
follow_redirects=True)
User.create_chat(1, 2)
db.session.add(
Message(text='test_text', sender_id=1, receiver_id=2))
db.session.commit()
response = client.get('/chats/list')
self.assertEqual(response.status_code, 200)
response_data = response.data.decode()
self.assertTrue('<title>Chats list</title>' in response_data)
self.assertTrue('test_text' in response_data)
self.assertTrue('Ann2' in response_data)
self.assertTrue('test_user2' in response_data)
def post(self):
"""
Receives user data, verify it and add new user to database.
:return: rendered html code or :class:`Response` (redirect)
:rtype:str, Response
"""
email = request.form['email']
username = request.form['username']
name = request.form['name']
password1 = request.form['password1']
password2 = request.form['password2']
try:
validate_email(email)
validate_length(
name,
3,
25,
error_message=
'Please, input name with a length between 3 and 25 chars')
validate_equal_passwords(password1, password2)
validate_password_length(password2)
except ValidationError as error:
flash(error.message)
return render_template('authentication/register.html')
if User.query.filter_by(email=email).first():
flash('User with such an email has been registered!')
elif User.query.filter_by(username=username).first():
flash('This username is busy! Try putting another one')
else:
user = User(email=email, username=username, name=name)
user.set_password(password2)
db.session.add(user)
db.session.commit()
flash('Successfully registered!')
return redirect(url_for('authentication.login'))
return render_template('authentication/register.html')
def delete_messages(two_users_ids: list = None, chat_id: int = None):
"""
Deletes all the messages from the chat between two given users in the list. Instead of list, chat id can be
used directly to delete all the messages from it. Changes must be committed after executing this method in order
to save them.
:param two_users_ids: users ids in a list. The chat between them will be deleted
:type two_users_ids: list
:param chat_id: the chat, which will be deleted
:type chat_id: int
"""
chat_id = chat_id or User.get_chat_id_by_users_ids(*two_users_ids)
db.session.execute(delete(Message).where(Message.chat_id == chat_id))
logger.warning(
f"All the messages between {two_users_ids} were deleted")
def change_pass():
token = request.args.get('token', None)
verified_result = User.verify_token_email(token)
if token and verified_result:
print verified_result
password_submit_form = ResetPasswordSubmit(request.form)
if password_submit_form.validate_on_submit():
verified_result.password = generate_password_hash(
password_submit_form.password.data)
db.session.commit()
flash("password updated successfully")
return render_template('authentication/base.html')
return render_template("authentication/change_pass.html",
form=password_submit_form)
def signin():
form = LoginForm(request.form)
if 'token' in session:
user = User.verify_token(session['token'])
if user:
return redirect(url_for('auth.profile'))
if request.method == 'POST':
if form.validate():
user = User.query.filter_by(email=form.email.data).first()
session['user_id'] = user.id
session['token'] = user.generate_token()
session['email'] = user.email
session['user_name'] = user.username
return redirect(url_for('auth.profile'))
return render_template("authentication/signin.html", form=form)
def post(self):
"""Creates a new chat between the current user and the users with the given in json id"""
parser = reqparse.RequestParser()
parser.add_argument('companion_id',
required=True,
type=int,
help='User\'s id to create a chat with')
args = parser.parse_args()
current_user_id = g.user.user_id
user_id = args.get('companion_id')
return_user_or_abort(user_id)
try:
User.create_chat(current_user_id, user_id)
except ChatAlreadyExistsError:
abort(400,
message=f'Your chat with the user {user_id} already exists')
db.session.commit()
return {
'user_id': current_user_id,
'companion_id': user_id,
'chat_id': User.get_chat_id_by_users_ids(current_user_id, user_id),
'message': 'Chat was successfully created'
}, 201
def article_delete():
if 'token' not in session:
flash(u'You Need Login', 'error')
return redirect(url_for('auth.signin'))
user = User.verify_token(session['token'])
if user is None:
return redirect(url_for('auth.signin'))
id = request.args.get('id', None)
if(id):
article = Article.query.filter_by(id=id).first()
if(not (article is None)):
db.session.delete(article)
db.session.commit()
flash(u'Article Deleted', 'messages')
return redirect(url_for('art.article_views'))
def test_forgot_password_expired_and_bad_token(self):
self.init_main_user()
user = User.get_user_by_id(1)
token = user.get_reset_password_token(0.5)
time.sleep(1)
response = self.test_client.post('/api/reset-password', json={'token': token, 'password': '******'})
self.assertEqual(response.status_code, 400)
self.assertEqual(response.json['message'], 'Reset password token has expired. Use a new one')
token = user.get_reset_password_token()
response = self.test_client.post('/api/reset-password', json={'token': token + 'salt', 'password': '******'})
self.assertEqual(response.status_code, 400)
self.assertEqual(response.json['message'], 'Reset password token is not valid')
response = self.test_client.post('/api/reset-password', json={'token': token, 'password': '******'})
self.assertEqual(response.status_code, 400)
self.assertEqual(response.json['message'], 'Password is too short')
def post(self, token):
"""Receives new user password and save it"""
password1 = request.form['password1']
password2 = request.form['password2']
user = User.get_user_by_reset_password_token(token)
try:
validate_equal_passwords(password1, password2)
validate_password_length(password2)
except ValidationError as error:
flash(error.message)
return render_template('authentication/reset_password.html',
user=user)
user.set_password(password2)
db.session.add(user)
db.session.commit()
flash('You password was successfully reset')
return redirect(url_for('authentication.login'))
def article_create():
if 'token' not in session:
flash(u'You Need Login', 'error')
return redirect(url_for('auth.signin'))
user = User.verify_token(session['token'])
if user is None:
return redirect(url_for('auth.signin'))
username = user.username
form = ArticleCreateForm()
form.user_name.data = user.username
if request.method == 'POST':
if form.validate_on_submit():
article = Article()
form.populate_obj(article)
db.session.add(article)
db.session.commit()
return 'CREADO'
return render_template('article/create.html', form=form, user=user,
username=username)
def seed_db():
"""Seed the database."""
default_user = get_user()
# Create Mason Lab
mason_lab = User(
username='******',
email='*****@*****.**',
user_type='organization',
)
membership = OrganizationMembership(role='admin')
membership.user = default_user
mason_lab.user_memberships.append(membership)
db.session.add_all([mason_lab, membership])
db.session.commit()
# Create ABRF sample group
abrf_uuid = UUID('00000000-0000-4000-8000-000000000000')
abrf_description = 'ABRF San Diego Mar 24th-29th 2017'
abrf_2017_group = SampleGroup(
name='ABRF 2017',
owner_uuid=mason_lab.uuid,
owner_name=mason_lab.username,
is_library=True,
analysis_result=create_abrf_result(save=True),
description=abrf_description)
abrf_2017_group.uuid = abrf_uuid
abrf_sample_01 = Sample(name='SomethingUnique_A',
library_uuid=abrf_uuid,
analysis_result=create_abrf_result(save=True),
metadata=generate_metadata()).save()
abrf_sample_02 = Sample(name='SomethingUnique_B',
library_uuid=abrf_uuid,
analysis_result=create_abrf_result(save=True),
metadata=generate_metadata()).save()
abrf_2017_group.samples = [abrf_sample_01, abrf_sample_02]
db.session.add(abrf_2017_group)
db.session.commit()
# Create fuzzed group
fuzz_uuid = UUID('00000000-0000-4000-8000-000000000001')
create_saved_group(owner=mason_lab, uuid=fuzz_uuid)
def testarticlecreateget(self):
test = app.test_client(self)
response = test.get('/art/create/', content_type='html/text')
self.assertEqual(response.status_code, 302)
assert 'token' in session
self.assertTrue(User.verify_token(session['token'])!=None)
