def test_valid_user_preferences(client):
# create the user
add_user("foo", "*****@*****.**", "foobar")
preferences = {
"favorite_cast_member": "Goldie Hawn",
"favorite_genre": "Comedy",
"preferred_ratings": ["G", "PG", "PG-13"]
}
# update user preferences
result = update_prefs("*****@*****.**", preferences)
assert result.matched_count == 1
assert result.modified_count == 1
# get the user
user = get_user("*****@*****.**")
assert user.get('preferences') is not None
new_preferences = {
"favorite_cast_member": "Daniel Day-Lewis",
"favorite_genre": "Drama",
"preferred_ratings": ["R"]
}
result = update_prefs(user.get('email'), new_preferences)
assert result.matched_count == 1
assert result.modified_count == 1
user = get_user("*****@*****.**")
assert user.get("preferences") == new_preferences
def test_should_not_allow_None_as_prefs(client):
add_user("foo", "*****@*****.**", "foobar")
prefs = None
update_prefs("*****@*****.**", prefs)
user = get_user("*****@*****.**")
assert user.get("preferences") == {}
def signup():
if request.method == 'GET':
return redirect(url_for('login'))
email = request.form['email']
name = request.form['name']
pw = request.form['password']
if len(pw) < 8:
return render_template(
'login.html',
signuperror="Make sure that your password is at least 8 characters!"
)
if pw != request.form['confirmpassword']:
return render_template(
'login.html',
signuperror="Make sure that the passwords you enter match!")
insertionresult = add_user(
name, email,
bcrypt.generate_password_hash(pw.encode('utf8')).decode("utf-8"))
if 'error' in insertionresult:
return render_template('login.html',
signuperror=insertionresult["error"])
userdata = get_user(email)
if not userdata:
return render_template(
'login.html',
signuperror=
"There's something wrong on our end. Please try again later!")
user = create_user_object(userdata)
flask_login.login_user(user)
return redirect(url_for('show_movies'))
def delete():
claims = get_jwt_claims()
user = User.from_claims(claims)
try:
password = expect(request.get_json().get('password'), str, 'password')
userdata = get_user(user.email)
if (not user.email == userdata['email'] and not
bcrypt.check_password_hash(userdata['password'], password)):
response_object = {
'status': 'fail',
'error': {'password': '******'}
}
return make_response(jsonify(response_object)), 401
else:
delete_user(user.email)
response_object = {
'status': 'success'
}
return make_response(jsonify(response_object)), 201
except Exception as e:
response_object = {
'status': 'fail',
'error': {'internal': e}
}
return make_response(jsonify(response_object)), 500
def make_admin_user_for_ui_test():
try:
post_data = request.get_json()
email = expect(post_data['email'], str, 'email')
name = expect(post_data['name'], str, 'name')
password = expect(post_data['password'], str, 'password')
except Exception as e:
jsonify({'error': str(e)}), 400
errors = {}
if len(password) < 8:
errors['password'] = "******"
if len(name) <= 3:
errors['name'] = "You must specify a name of at least 3 characters."
if len(errors.keys()) != 0:
response_object = {'status': 'fail', 'error': errors}
return jsonify(response_object), 411
insertionresult = add_user(
name, email,
bcrypt.generate_password_hash(
password=password.encode('utf8')).decode("utf-8"))
if 'error' in insertionresult:
errors['email'] = insertionresult["error"]
make_admin(email)
userdata = get_user(email)
if not userdata:
errors['general'] = "Internal error, please try again later."
if len(errors.keys()) != 0:
response_object = {'status': 'fail', 'error': errors}
return make_response(jsonify(response_object)), 400
else:
userdata = {
"email": userdata['email'],
"name": userdata['name'],
"preferences": userdata.get('preferences'),
"isAdmin": True
}
user = User(userdata)
jwt = create_access_token(user.to_json())
try:
login_user(user.email, jwt)
response_object = {
'status': 'success',
'auth_token': jwt,
'info': userdata
}
return make_response(jsonify(response_object)), 201
except Exception as e:
response_object = {'status': 'fail', 'error': {'internal': e}}
return make_response(jsonify(response_object)), 500
def test_empty_prefs_are_valid(client):
new_prefs = {}
result = update_prefs("*****@*****.**", new_prefs)
assert result.matched_count == 1
assert result.modified_count == 1
user = get_user("*****@*****.**")
assert user.get("preferences") == {}
def make_admin_user_for_ui_test():
try:
post_data = request.get_json()
email = expect(post_data["email"], str, "email")
name = expect(post_data["name"], str, "name")
password = expect(post_data["password"], str, "password")
except Exception as e:
jsonify({"error": str(e)}), 400
errors = {}
if len(password) < 8:
errors["password"] = "******"
if len(name) <= 3:
errors["name"] = "You must specify a name of at least 3 characters."
if len(errors.keys()) != 0:
response_object = {"error": errors}
return jsonify(response_object), 411
insertionresult = add_user(
name,
email,
bcrypt.generate_password_hash(
password=password.encode("utf8")).decode("utf-8"),
)
if "error" in insertionresult:
errors["email"] = insertionresult["error"]
make_admin(email)
userdata = get_user(email)
if not userdata:
errors["general"] = "Internal error, please try again later."
if len(errors.keys()) != 0:
response_object = {"error": errors}
return make_response(jsonify(response_object)), 400
else:
userdata = {
"email": userdata["email"],
"name": userdata["name"],
"preferences": userdata.get("preferences"),
"isAdmin": True,
}
user = User(userdata)
jwt = create_access_token(user.to_json())
try:
login_user(user.email, jwt)
response_object = {"auth_token": jwt, "info": userdata}
return make_response(jsonify(response_object)), 201
except Exception as e:
response_object = {"error": {"internal": str(e)}}
return make_response(jsonify(response_object)), 500
def login():
email = ""
password = ""
try:
post_data = request.get_json()
email = expect(post_data['email'], str, 'email')
password = expect(post_data['password'], str, 'email')
except Exception as e:
jsonify({'error': str(e)}), 400
userdata = get_user(email)
if not userdata:
response_object = {
'status': 'fail',
'error': {
'email': 'Make sure your email is correct.'
}
}
return make_response(jsonify(response_object)), 401
#if not bcrypt.check_password_hash(userdata['password'], password):
if not bcrypt.check_password_hash(userdata['password'], password):
response_object = {
'status': 'fail',
'error': {
'password': '******'
}
}
return make_response(jsonify(response_object)), 401
userdata = {
"email": userdata['email'],
"name": userdata['name'],
"preferences": userdata.get('preferences'),
"isAdmin": userdata.get('isAdmin', False)
}
user = User(userdata)
jwt = create_access_token(user.to_json())
try:
login_user(user.email, jwt)
response_object = {
'status': 'success',
'auth_token': jwt,
'info': userdata,
}
return make_response(jsonify(response_object)), 201
except Exception as e:
response_object = {'status': 'fail', 'error': {'internal': e}}
return make_response(jsonify(response_object)), 500
def test_registration(client):
delete_user('*****@*****.**')
# the password will be hashed at the api layer
# NEVER
# NEVER
# NEVER store passwords in plaintext
result = add_user(test_user.get('name'), test_user.get('email'),
test_user.get('password'))
assert result == {'success': True}
found_user = get_user(test_user.get('email'))
assert found_user.get('name') == test_user.get('name')
assert found_user.get('email') == test_user.get('email')
assert found_user.get('password') == test_user.get('password')
def test_registration(client):
delete_user("*****@*****.**")
# the password will be hashed at the api layer
# NEVER
# NEVER
# NEVER store passwords in plaintext
result = add_user(test_user.get("name"), test_user.get("email"),
test_user.get("password"))
assert result == {"success": True}
found_user = get_user(test_user.get("email"))
assert found_user.get("name") == test_user.get("name")
assert found_user.get("email") == test_user.get("email")
assert found_user.get("password") == test_user.get("password")
def login():
if request.method == 'GET':
return render_template('login.html')
email = request.form['email']
pw = request.form['password']
userdata = get_user(email)
if not userdata:
return render_template('login.html', loginerror="Make sure your email is correct.")
if not bcrypt.check_password_hash(userdata['pw'], pw):
return render_template('login.html', loginerror="Make sure your password is correct.")
user = create_user_object(userdata)
flask_login.login_user(user)
return redirect(url_for('show_movies'))
def login():
email = ""
password = ""
try:
post_data = request.get_json()
email = expect(post_data["email"], str, "email")
password = expect(post_data["password"], str, "email")
except Exception as e:
jsonify({"error": str(e)}), 400
userdata = get_user(email)
if not userdata:
response_object = {
"error": {
"email": "Make sure your email is correct."
}
}
return make_response(jsonify(response_object)), 401
if not bcrypt.check_password_hash(userdata["password"], password):
response_object = {
"error": {
"password": "******"
}
}
return make_response(jsonify(response_object)), 401
userdata = {
"email": userdata["email"],
"name": userdata["name"],
"preferences": userdata.get("preferences"),
"isAdmin": userdata.get("isAdmin", False),
}
user = User(userdata)
jwt = create_access_token(user.to_json())
try:
login_user(user.email, jwt)
response_object = {
"auth_token": jwt,
"info": userdata,
}
return make_response(jsonify(response_object)), 201
except Exception as e:
response_object = {"error": {"internal": e}}
return make_response(jsonify(response_object)), 500
def save():
claims = get_jwt_claims()
user = User.from_claims(claims)
body = request.get_json()
prefs = expect(body.get('preferences'), dict, 'preferences')
try:
# get an updated user, remove the password
update_prefs(user.email, prefs)
updated_user = User(get_user(user.email))
del updated_user.password
updated_jwt = create_access_token(updated_user.to_json())
# lastly, update the user's session
response_object = {
'auth_token': updated_jwt,
'info': updated_user.to_json(),
}
return make_response(jsonify(response_object)), 201
except Exception as e:
response_object = {'error': {'internal': str(e)}}
return make_response(jsonify(response_object)), 500
def delete():
claims = get_jwt_claims()
user = User.from_claims(claims)
try:
password = expect(request.get_json().get("password"), str, "password")
userdata = get_user(user.email)
if not user.email == userdata[
"email"] and not bcrypt.check_password_hash(
userdata["password"], password):
response_object = {
"error": {
"password": "******"
}
}
return make_response(jsonify(response_object)), 401
else:
delete_user(user.email)
response_object = {"status": "deleted"}
return make_response(jsonify(response_object)), 201
except Exception as e:
response_object = {"error": {"internal": str(e)}}
return make_response(jsonify(response_object)), 500
def check_admin(user):
updated_user = get_user(user.email)
return updated_user.get('isAdmin', False)
def user_loader(email):
userdata = get_user(email)
if not userdata:
return
return create_user_object(userdata)