def test_reset_password(self):
with self.app.app_context():
# test login
response = self.client.get(
f"user/reset-password/{self.TEST_USER2}")
self.assertTrue(response.status_code, 200)
# test admin required
self.login("test_user", "test_password")
response = self.client.get(
f"user/reset-password/{self.TEST_USER2}")
self.assertTrue(response.status_code, 403)
# login admin account
self.login("admin", "Admin12345")
# confirm user's current password
user = user_q.get_one(self.TEST_USER2)
self.assertTrue(
secure.check_password_hash(user["password"], "test_password2"))
# reset password
response = self.client.post(
f"user/reset-password/{self.TEST_USER2}",
follow_redirects=True)
self.assertEqual(response.status_code, 200)
self.assertIn(b"Password Reset!", response.data)
user = user_q.get_one(self.TEST_USER2)
self.assertFalse(
secure.check_password_hash(user["password"], "test_password2"))
def test_reset_password(self):
with self.app.app_context():
# validate user's current password
old_password = "******"
user = user_q.get_one(self.TEST_USER)
self.assertTrue(
secure.check_password_hash(user["password"], old_password))
# reset user's password
self.assertTrue(user_q.reset_password(self.TEST_USER))
# ensure password updated
user = user_q.get_one(self.TEST_USER)
self.assertFalse(
secure.check_password_hash(user["password"], old_password))
def change_password():
"""
Renders the change password form or changes a user's password.
Logged in user required.
"""
errors = []
new_key = util.generate_new_pw(25)
if request.method == "POST":
if request.form.get("key", "") != session.get("key", None):
abort(403)
password = request.form.get("password")
new_pw = request.form.get("new_password")
confirm_pw = request.form.get("confirm_password")
user = user_q.get_one(g.user["user_id"])
if not secure.check_password_hash(user["password"], password):
errors.append("Password is Invalid")
errors = errors + user_v.check_password(new_pw)
if new_pw != confirm_pw:
errors.append("Passwords do not Match")
if not errors:
if user_q.update_password(new_pw, g.user["user_id"]):
flash("Password Updated")
else:
flash("Password Update Failed")
session["key"] = new_key
return render_template("user/change_password.html",
errors=errors,
new_key=new_key)
def load_logged_in_user():
""" Stores a user's info. """
user_id = session.get("user_id")
if user_id is None:
g.user = None
else:
g.user = user_q.get_one(user_id)
def test_delete_user_by_id(self):
with self.app.app_context():
# delete user
self.assertTrue(user_q.delete(self.TEST_USER))
# verify query result
self.assertFalse(user_q.get_one(self.TEST_USER))
# reset db
database.init()
def test_delete_user(self):
with self.app.app_context():
# test login
response = self.client.get(f"user/delete/{self.TEST_USER2}")
self.assertTrue(response.status_code, 200)
# test admin required
self.login("test_user", "test_password")
response = self.client.get(f"user/delete/{self.TEST_USER2}")
self.assertTrue(response.status_code, 403)
# login admin account
self.login("admin", "Admin12345")
self.assertTrue(user_q.get_one(self.TEST_USER1))
response = self.client.post(f"/user/delete/{self.TEST_USER1}",
follow_redirects=True)
self.assertEqual(response.status_code, 200)
self.assertIn(b"Account Deleted", response.data)
self.assertFalse(user_q.get_one(self.TEST_USER1))
def test_update_password(self):
with self.app.app_context():
new_password = "******"
# submit query, fetch updated password
self.assertTrue(
user_q.update_password(new_password, self.TEST_USER))
user = user_q.get_one(self.TEST_USER)
# validate password updated
self.assertTrue(
secure.check_password_hash(user["password"], new_password))
def test_change_password(self):
with self.client:
response = self.client.get("/user/change_password")
self.assertEqual(response.status_code, 302)
self.login("test_user2", "test_password2")
response = self.client.get("/user/change_password")
self.assertEqual(response.status_code, 200)
# successfully update password
response = self.update_password("test_password2", "Password12345",
"Password12345")
self.assertEqual(response.status_code, 200)
self.assertIn(b"Password Updated", response.data)
user = user_q.get_one(self.TEST_USER2)
self.assertTrue(
secure.check_password_hash(user["password"], "Password12345"))
# check that error messages work
response = self.update_password("Password12345", "badpw", "badpw")
user = user_q.get_one(self.TEST_USER2)
self.assertTrue(
secure.check_password_hash(user["password"], "Password12345"))
self.assertEqual(response.status_code, 200)
self.assertIn(
b"Password must be greater then 9"
b" characters and less then 50 characters", response.data)
self.assertIn(
b"Password must contain at least"
b" one upper case character", response.data)
self.assertIn(b"Password must contain at least one digit",
response.data)
# reset password to testing default value
self.set_password("test_password2")
def test_create_user(self):
with self.app.app_context():
# create a new user
user_id = user_q.create({
"username": "******",
"password": "******",
"first_name": "Dug",
"last_name": "Jug",
"email": "*****@*****.**"
})
# test query results
self.assertTrue(user_id)
user = user_q.get_one(user_id)
self.assertTrue(user)
self.assertEqual(user["first_name"], "Dug")
self.assertEqual(user["last_name"], "Jug")
self.assertEqual(user["username"], "dug.jug")
self.assertTrue(user["password"])
self.assertEqual(user["email"], "*****@*****.**")
def test_update_user(self):
with self.app.app_context():
# updated data
user_info = {
"username": "******",
"first_name": "TEST_FIRST_NAME",
"last_name": "TEST_LAST_NAME",
"email": "*****@*****.**",
"user_id": self.TEST_USER
}
# update user
self.assertTrue(user_q.update(user_info))
# test query results
user = user_q.get_one(self.TEST_USER)
self.assertEqual(user["username"], user_info["username"])
self.assertEqual(user["first_name"], user_info["first_name"])
self.assertEqual(user["last_name"], user_info["last_name"])
self.assertEqual(user["email"], user_info["email"])
# reset db
database.init()
def test_account(self):
with self.client:
response = self.client.get("/user/account")
self.assertEqual(response.status_code, 302)
self.login("test_user2", "test_password2")
response = self.client.get("/user/account")
self.assertEqual(response.status_code, 200)
# succesfully update username
new_info = {
"username": "******",
"first_name": "test_first_name2",
"last_name": "test_last_name2",
"email": "*****@*****.**",
"user_id": self.TEST_USER2
}
response = self.change_user(new_info)
self.assertEqual(response.status_code, 200)
self.assertIn(b"Account Updated", response.data)
user = user_q.get_one(self.TEST_USER2)
self.assertEqual(user["username"], "new_username")
# check error messages - no username
new_info["username"] = ""
response = self.change_user(new_info)
self.assertIn(b"Username is Required", response.data)
# check error messages - username too long
new_info["username"] = "******" * 257
response = self.change_user(new_info)
self.assertIn(b"User name must be less the 256 characters",
response.data)
# reset username to testing default value
new_info["username"] = "******"
self.change_user(new_info)
def test_get_one(self):
with self.app.app_context():
user = user_q.get_one(self.TEST_USER)
self.assertTrue(user)
self.assertEqual(user["username"], "test_user")