def test_invalid_confirmation_token(self):
""" Tests that confirmation tokens fail, when
the wrong user is given another user's token """
u1 = User(username='******', password='******')
u2 = User(username='******', password='******')
db.session.add(u1, u2)
db.session.commit()
u1_token = u1.generate_confirmation_token()
u2_token = u2.generate_confirmation_token()
self.assertFalse(u2.confirm(u1_token))
self.assertFalse(u1.confirm(u2_token))
self.assertFalse(u1.confirm(None))
def test_user_is_confirmed(self):
u = User(password='******')
db.session.add(u)
db.session.commit()
token = u.generate_confirmation_token()
self.assertTrue(u.confirm(token))
self.assertTrue(u.confirmed)
def test_expired_confirmation_token(self):
u = User(password='******')
db.session.add(u)
db.session.commit()
token = u.generate_confirmation_token(1)
time.sleep(2)
self.assertFalse(u.confirm(token))
def test_invalid_confirmation_token(self):
u1 = User(password='******')
u2 = User(password='******')
db.session.add(u1)
db.session.add(u2)
db.session.commit()
token = u1.generate_confirmation_token()
self.assertFalse(u2.confirm(token))
def test_valid_confirmation_token(self):
""" Tests whether confirmation sent to newly
registered user is valid
This test should pass, because it tests the token
against the user itself (actually it checks that the
id is the the same one as the user's id.) """
u = User(username='******', password='******')
db.session.add(u)
db.session.commit()
token = u.generate_confirmation_token()
self.assertTrue(u.confirm(token))
def test_expired_confirmation_token(self):
""" Tests that confirmation tokens fail,
when out of date. """
u1 = User(username='******', password='******')
db.session.add(u1)
db.session.commit()
# Creates a confirmation token with expiration
# time of 1 second.
token = u1.generate_confirmation_token(1)
# Wait for 2 seconds to ensure token will be
# expired
time.sleep(2)
self.assertFalse(u1.confirm(token))
def register():
form = RegistrationForm()
if form.validate_on_submit():
user = User(email=form.email.data,
username=form.username.data,
password=form.password.data)
db.session.add(user)
db.session.commit()
token = user.generate_confirmation_token()
send_email(user.email,
'Confirm Your Account',
'auth/email/confirm',
user=user,
token=token)
flash('A confirmation email has been sent to you by email.')
return redirect(url_for('main.index'))
return render_template('auth/register.html', form=form)
def register():
form = Registration()
if form.validate_on_submit():
# noinspection PyArgumentList
user = User(email=form.email.data,
username=form.username.data,
password=form.password.data)
db.session.add(user)
db.session.commit()
token = user.generate_confirmation_token()
send_email(subject='Confirm your account',
recipients=user.email,
template_name='auth/email/confirm',
user=user,
token=token)
flash('A confirmation email has been sent to your inbox.')
return redirect(url_for('main.index'))
return render_template('auth/register.html', form=form)
def register():
if current_user.is_authenticated:
return redirect(url_for('main.index'))
form = RegistrationForm()
if form.validate_on_submit():
user = None
# If EMAIL_CONFIGURED environment variable is set
# to false, all users are confirmed upon registration.
# this is risky, because the only thing keeping someone
# from highjacking the admin account is the registered
# email addresses of users having to be confirmed.
if os.getenv('EMAIL_CONFIGURED') != 0 and os.getenv('EMAIL_CONFIGURED') is not None:
user = User(
username=form.username.data,
email=form.email.data.lower(),
confirmed=True
)
else:
user = User(
username=form.username.data,
email=form.email.data.lower(),
created = datetime.utcnow())
user.set_password(form.password.data)
db.session.add(user)
db.session.commit()
# Token for email confirmation email
if os.getenv('EMAIL_CONFIGURED') != 0:
send_confirmation_email(user)
token = user.generate_confirmation_token()
user_new = User.query.filter_by(username=user.username).first()
flash("Congrats, you're now a user! We sent a confirmation link to your email.")
return redirect(url_for("auth.login"))
return render_template('auth/register.html', form=form)