def test_update_forgotten_password(client, db):
TEST_RESET_USER = '******'
NEW_PASSWORD = '******'
USER_ENTITY = get_user_by_name(TEST_RESET_USER)
TOKEN_VALUE = USER_ENTITY.get_reset_token()
# Creates a session variable for id to be passed in to route
with client.session_transaction() as sess:
sess['reset_user_id'] = USER_ENTITY.get_id()
# Sends a post request to change_password with retrieved token
r = client.post('/reset/change_password',
data={
'token': TOKEN_VALUE,
'new_password': NEW_PASSWORD
},
follow_redirects=True)
login_response = login(client, TEST_RESET_USER, NEW_PASSWORD)
# Assert TEST_RESET_USER token is None
assert not get_user_by_name(TEST_RESET_USER).get_reset_token()
# Assert successful login with new password
assert login_response.status_code == 200
assert b'dashboard' in login_response.data
def register():
logger.debug("Entering register function")
if current_user.is_authenticated:
logger.info("User is logged in, redirecting to dashboard")
return redirect(url_for('dashboard'))
form = RegistrationForm()
if request.method == 'POST':
logger.debug("Register form submitted")
if form.validate_on_submit():
user_exist = get_user_by_name(form.username.data)
if user_exist == None:
new_user = User(username=form.username.data)
new_user.set_password(form.password.data)
new_user.set_last_logged_in(datetime.now())
db.session.add(new_user)
db.session.commit()
login_user(new_user)
session["user_id"] = new_user.get_id()
session["username"] = new_user.get_username()
logger.debug("Successfully created user %s", new_user)
return redirect(url_for('dashboard'))
else:
flash("Username already taken!")
logger.error("Username already taken")
logger.warning("Registration failed, user not registered")
return redirect(url_for("register"))
return render_template('register.html', form=form)
def reset():
form = ResetPasswordRequestForm()
if current_user.is_authenticated:
return redirect(url_for('dashboard'))
if form.validate_on_submit():
user = get_user_by_name(form.username.data)
email = get_email_address_by_address(form.email_address.data)
if user is None:
flash('Account does not exist!')
return redirect(url_for('reset'))
if user.get_active_status() == False:
flash('Account is disabled, contact support for assistance!')
return redirect(url_for('reset'))
if (user and email) and user.get_id() == email.get_owner_id():
user.generate_reset_token()
db.session.commit()
logger.info("Generated User Token: %s", user.get_reset_token())
session["reset_user_id"] = user.get_id()
send_password_token(email.get_email_address()\
, user.get_username(), user.get_reset_token())
return redirect(url_for('reset_change_password'))
else:
flash('Invalid username or email address!')
redirect(url_for('reset'))
return render_template('reset.html', form=form)
def login():
if current_user.is_authenticated:
return redirect(url_for('dashboard'))
logger.debug("Entering login function")
form = LoginForm()
if form.validate_on_submit():
user = get_user_by_name(form.username.data)
if user is None or not user.check_password(form.password.data):
flash('Invalid username or password', 'error')
return redirect(url_for('login'))
if user.get_active_status() == False:
flash('Account is disabled, contact support!', 'error')
return redirect(url_for('login'))
login_user(user, remember=form.remember_me.data)
user.set_last_logged_in(datetime.now())
db.session.commit()
session["user_id"] = user.get_id()
session["username"] = user.get_username()
logger.debug("Successfully logged in user %s", user)
return redirect(url_for('admin.index'))\
if user.get_admin_status() == True else redirect(url_for('dashboard'))
return render_template('login.html', title='Sign In', form=form)
def test_invalid_change_no_password(client, db):
USERNAME = '******'
CURRENT_PW = 'password'
login(client, USERNAME, CURRENT_PW)
change_user_settings_password(client, USERNAME, '', '', '')
user = get_user_by_name(USERNAME)
assert not (user.check_password(''))
def test_request_reset_password(client, db):
# Creates a new user
TEST_RESET_USER = '******'
TEST_RESET_PASSWORD = '******'
new_user = User(username=TEST_RESET_USER)
new_user.set_password(TEST_RESET_PASSWORD)
db.session.add(new_user)
db.session.commit()
# Logs in to user and add an email address and log out
login_response = login(client, TEST_RESET_USER, TEST_RESET_PASSWORD)
assert login_response.status_code == 200
assert b'dashboard' in login_response.data
MAIL_CREDS = get_server_mail_cred()
TEST_EMAIL_ADDRESS = MAIL_CREDS[2]
TEST_EMAIL_PASSWORD = MAIL_CREDS[3]
response = add_mail(client, TEST_EMAIL_ADDRESS, TEST_EMAIL_PASSWORD)
assert response.status_code == 200
assert get_email_address_by_address(TEST_EMAIL_ADDRESS)
assert b'*****@*****.**' in response.data
logout(client)
reset_response = request_reset_password(client, db, TEST_RESET_USER\
, TEST_EMAIL_ADDRESS)
# Assert redirected to update password page
assert b'token' in reset_response.data
# Assert token is generated
assert get_user_by_name(TEST_RESET_USER).get_reset_token()
def test_valid_register(client, db):
USERNAME = '******'
PASSWORD = '******'
CONF_PASSWORD = '******'
response = register(client, USERNAME, PASSWORD, CONF_PASSWORD, True)
assert response.status_code == 200
assert get_user_by_name(USERNAME)
assert b'dashboard' in response.data
logout(client)
def test_disable_account_without_slider(client, db):
USERNAME = '******'
CURRENT_PW = 'newpassword'
DISABLE_ACCOUNT = "off"
login(client, USERNAME, CURRENT_PW)
change_user_settings_disable_acc(client, USERNAME, CURRENT_PW,
DISABLE_ACCOUNT)
user = get_user_by_name(USERNAME)
assert user.get_active_status()
def test_valid_change_password(client, db):
USERNAME = '******'
CURRENT_PW = 'password'
NEW_PW = 'newpassword'
CONF_NEW_PW = 'newpassword'
login(client, USERNAME, CURRENT_PW)
change_user_settings_password(client, USERNAME, CURRENT_PW, NEW_PW,
CONF_NEW_PW)
assert get_user_by_name(USERNAME).check_password(NEW_PW)
def test_invalid_change_mismatched_password(client, db):
USERNAME = '******'
CURRENT_PW = 'password'
NEW_PW = 'newpassword'
CONF_NEW_PW = 'newpassword123'
login(client, USERNAME, CURRENT_PW)
change_user_settings_password(client, USERNAME, CURRENT_PW, NEW_PW,
CONF_NEW_PW)
user = get_user_by_name(USERNAME)
assert not (user.check_password(NEW_PW))
def test_disable_account_wrong_password(client, db):
USERNAME = '******'
CURRENT_PW = 'newpassword'
DISABLE_ACCOUNT = "on"
WRONG_CURRENT_PW = 'password'
login(client, USERNAME, CURRENT_PW)
change_user_settings_disable_acc(client, USERNAME, WRONG_CURRENT_PW\
, DISABLE_ACCOUNT)
user = get_user_by_name(USERNAME)
assert user.get_active_status()
def test_invalid_change_wrong_current_password(client, db):
USERNAME = '******'
CURRENT_PW = 'password'
WRONG_CURRENT_PW = 'password123'
NEW_PW = 'newpassword'
CONF_NEW_PW = 'newpassword'
login(client, USERNAME, CURRENT_PW)
change_user_settings_password(client, USERNAME, WRONG_CURRENT_PW, \
NEW_PW, CONF_NEW_PW)
user = get_user_by_name(USERNAME)
assert not (user.check_password(NEW_PW))
def enable_account(client, db):
USERNAME = '******'
user = get_user_by_name(USERNAME)
user.set_active_status(True)
db.session.commit()