Пример #1
0
def test_too_short_password(not_logged_in_user):
    """ password test 1: too short password """
    app, user = not_logged_in_user
    activation_hash = models.get_activation_hash(user)
    rv = app.post('/user/activate/{}'.format(activation_hash),
                  data=dict(password='******', confirm='sec'),
                  follow_redirects=True)

    assert 'Password needs to have at least 6 characters' in rv.data
Пример #2
0
def test_activation_unsafe_nexturl(not_logged_in_user):
    """ check that the activation email does not re-direct to invalid urls """
    app, user = not_logged_in_user
    activation_hash = models.get_activation_hash(user)
    rv = app.post(("""/user/activate/{}?next=http://evilphish.com/""".format(
        activation_hash)),
                  data=dict(password='******', confirm='irrelevant'),
                  follow_redirects=True)
    assert rv.status_code == 400
Пример #3
0
def test_verify_email(not_logged_in_user):
    """ test verification of email through click on activation link """

    app, user = not_logged_in_user
    activation_hash = models.get_activation_hash(user)

    assert not user.email_validated
    rv = app.get('/user/activate/{}'.format(activation_hash),
                 follow_redirects=True)

    user = models.Users.from_email('*****@*****.**')
    assert user.email_validated
    assert not user.is_authenticated()

    assert 'Email address is verified' in rv.data
    assert 'Please select a password' in rv.data
    return app, user
Пример #4
0
def test_click_on_invalid_validation_link(not_logged_in_user):
    """
    invalid validation link.
    """

    app, user = not_logged_in_user
    assert not user.email_validated

    rv_invalid = app.get('/user/activate/invalid', follow_redirects=True)

    assert rv_invalid.status_code == 404

    class FakeUser(object):
        _id = ObjectId('123456789012')

    fake_user = FakeUser()
    activation_hash = models.get_activation_hash(fake_user)
    with app.application.app_context():
        target = url_for('user.activation', activation_hash=activation_hash)
    rv_invalid = app.get(target, follow_redirects=True)

    assert rv_invalid.status_code == 404
Пример #5
0
def test_set_password_after_email_verification(not_logged_in_user):
    """ set password successfully after activation of account """

    app, user = not_logged_in_user
    activation_hash = models.get_activation_hash(user)
    assert not user.email_validated
    assert not user.password

    rv = app.get('/user/login_required', follow_redirects=False)
    assert rv.status_code == 302

    rv = app.post('/user/activate/{}'.format(activation_hash),
                  data=dict(password='******', confirm='secret'),
                  follow_redirects=True)

    rv = app.get('/user/login_required', follow_redirects=False)
    assert 'John Doe' in rv.data

    user = models.Users.from_id(user._id)
    assert user.password
    assert user.is_authenticated()
    assert user.email_validated
    return app, user