Пример #1
0
    def test_invalid_confirmation_token(self):
        """ Tests that confirmation tokens fail, when
        the wrong user is given another user's token """
        u1 = User(username='******', password='******')
        u2 = User(username='******', password='******')
        db.session.add(u1, u2)
        db.session.commit()

        u1_token = u1.generate_confirmation_token()
        u2_token = u2.generate_confirmation_token()
        self.assertFalse(u2.confirm(u1_token))
        self.assertFalse(u1.confirm(u2_token))
        self.assertFalse(u1.confirm(None))
Пример #2
0
 def test_user_is_confirmed(self):
     u = User(password='******')
     db.session.add(u)
     db.session.commit()
     token = u.generate_confirmation_token()
     self.assertTrue(u.confirm(token))
     self.assertTrue(u.confirmed)
Пример #3
0
 def test_expired_confirmation_token(self):
     u = User(password='******')
     db.session.add(u)
     db.session.commit()
     token = u.generate_confirmation_token(1)
     time.sleep(2)
     self.assertFalse(u.confirm(token))
Пример #4
0
 def test_invalid_confirmation_token(self):
     u1 = User(password='******')
     u2 = User(password='******')
     db.session.add(u1)
     db.session.add(u2)
     db.session.commit()
     token = u1.generate_confirmation_token()
     self.assertFalse(u2.confirm(token))
Пример #5
0
 def test_valid_confirmation_token(self):
     """ Tests whether confirmation sent to newly
     registered user is valid 
     
     This test should pass, because it tests the token
     against the user itself (actually it checks that the
     id is the the same one as the user's id.) """
     u = User(username='******', password='******')
     db.session.add(u)
     db.session.commit()
     token = u.generate_confirmation_token()
     self.assertTrue(u.confirm(token))
Пример #6
0
    def test_expired_confirmation_token(self):
        """ Tests that confirmation tokens fail,
        when out of date. """
        u1 = User(username='******', password='******')
        db.session.add(u1)
        db.session.commit()

        # Creates a confirmation token with expiration
        # time of 1 second.
        token = u1.generate_confirmation_token(1)

        # Wait for 2 seconds to ensure token will be
        # expired
        time.sleep(2)
        self.assertFalse(u1.confirm(token))
Пример #7
0
def register():
    form = RegistrationForm()
    if form.validate_on_submit():
        user = User(email=form.email.data,
                    username=form.username.data,
                    password=form.password.data)
        db.session.add(user)
        db.session.commit()
        token = user.generate_confirmation_token()
        send_email(user.email,
                   'Confirm Your Account',
                   'auth/email/confirm',
                   user=user,
                   token=token)
        flash('A confirmation email has been sent to you by email.')
        return redirect(url_for('main.index'))
    return render_template('auth/register.html', form=form)
Пример #8
0
def register():
    form = Registration()
    if form.validate_on_submit():
        # noinspection PyArgumentList
        user = User(email=form.email.data,
                    username=form.username.data,
                    password=form.password.data)
        db.session.add(user)
        db.session.commit()
        token = user.generate_confirmation_token()
        send_email(subject='Confirm your account',
                   recipients=user.email,
                   template_name='auth/email/confirm',
                   user=user,
                   token=token)
        flash('A confirmation email has been sent to your inbox.')
        return redirect(url_for('main.index'))
    return render_template('auth/register.html', form=form)
Пример #9
0
def register():
    if current_user.is_authenticated:
        return redirect(url_for('main.index'))
    form = RegistrationForm()
    if form.validate_on_submit():

        user = None
        
        # If EMAIL_CONFIGURED environment variable is set
        # to false, all users are confirmed upon registration.
        # this is risky, because the only thing keeping someone
        # from highjacking the admin account is the registered
        # email addresses of users having to be confirmed.
        if os.getenv('EMAIL_CONFIGURED') != 0 and os.getenv('EMAIL_CONFIGURED') is not None:

            user = User(
                username=form.username.data,
                email=form.email.data.lower(), 
                confirmed=True
            )
            
        else:
            user = User(
                username=form.username.data,
                email=form.email.data.lower(),
                created = datetime.utcnow())
        
        user.set_password(form.password.data)
        db.session.add(user)
        db.session.commit()

        # Token for email confirmation email
        if os.getenv('EMAIL_CONFIGURED') != 0:
            send_confirmation_email(user)
            token = user.generate_confirmation_token()

        user_new = User.query.filter_by(username=user.username).first()
        flash("Congrats, you're now a user! We sent a confirmation link to your email.")
        return redirect(url_for("auth.login"))
    return render_template('auth/register.html', form=form)