def test_user_can_create_new_account(self):
email = 'steve-o'
password = '******'
encrypted_password = pwd_context.encrypt(password)
rv = self.app.post('/register', data=dict(
email=email,
password=password))
user = session.query(User).filter(User.email == email).first()
self.assertIsNotNone(user)
self.assertEqual(user.email, email)
pwd_context.verify(encrypted_password, user.password)
def login():
# If a user is already logged in. is_authenticated is a function
# of the User class in models.py
if g.user.is_authenticated():
return render_template('index.html',
message='A user is already logged in.',
email=g.user.email,
listings=get_listings())
# If the user is sending information (i.e. trying to log in),
# checks the selected email against the users in the database.
if request.method == 'POST':
email = request.form['email']
password = request.form['password']
# queries the database for a user with the email submitted
user = session.query(User).filter(User.email == email).first()
# if the user was in the database and the password matches,
# logs the user in and returns a message.
if user is not None and pwd_context.verify(password, user.password):
login_user(user)
return render_template('index.html',
message='Login was successful.',
email=user.email,
listings=get_listings())
return render_template('index.html',
message='Email or password invalid. Please try again.',
listings=get_listings())
# returns login form if request method was GET
return render_template('login.html')
def _verify_password(plain_password, hashed_password):
return pwd_context.verify(plain_password, hashed_password)
def verify_password(self, password):
return pwd_context.verify(password, self.password_hash)
def check_password_hash(plain_password: str, hashed_password: str):
return pwd_context.verify(plain_password + PASSWORD_SALT, hashed_password)
def verify_password(self, password): """ Check if hashed password matches actual password """ return pwd_context.verify(password, self.password_hash)
