def test_reset_password(client_session):
client, session = client_session
# GET method
rv = client.get('/reset_password')
assert rv.status_code == 200
assert b'If you are a registered user, we are going to send' in rv.data
# POST method
# check that we raise an error if the email does not exist
rv = client.post('/reset_password', data={'email': '*****@*****.**'})
assert rv.status_code == 200
assert b'You can sign-up instead.' in rv.data
# set a user to "asked" access level
user = get_user_by_name(session, 'test_user')
user.access_level = 'asked'
session.commit()
rv = client.post('/reset_password', data={'email': user.email})
assert rv.status_code == 200
assert b'Your account has not been yet approved.' in rv.data
# set back the account to 'user' access level
user.access_level = 'user'
session.commit()
rv = client.post('/reset_password', data={'email': user.email})
with client.session_transaction() as cs:
flash_message = dict(cs['_flashes'])
assert flash_message['message'] == ('An email to reset your password has '
'been sent')
assert rv.status_code == 302
assert rv.location == 'http://localhost/login'
with client.application.app_context():
with mail.record_messages() as outbox:
rv = client.post('/reset_password', data={'email': user.email})
assert len(outbox) == 1
assert 'click on the link to reset your password' in outbox[0].body
# get the link to reset the password
reg_exp = re.search("http://localhost/reset/.*", outbox[0].body)
reset_password_link = reg_exp.group()
# remove the part with 'localhost' for the next query
reset_password_link = reset_password_link[reset_password_link.
find('/reset'):]
# check that we can reset the password using the previous link
# GET method
rv = client.get(reset_password_link)
assert rv.status_code == 200
assert b'Change my password' in rv.data
# POST method
new_password = '******'
rv = client.post(reset_password_link, data={'password': new_password})
assert rv.status_code == 302
assert rv.location == 'http://localhost/login'
# make a commit to be sure that the update has been done
session.commit()
user = get_user_by_name(session, 'test_user')
assert check_password(new_password, user.hashed_password)
def test_add_user(session_scope_function):
name = 'test_user'
password = '******'
lastname = 'Test'
firstname = 'User'
email = '*****@*****.**'
access_level = 'asked'
add_user(session_scope_function,
name=name,
password=password,
lastname=lastname,
firstname=firstname,
email=email,
access_level=access_level)
user = get_user_by_name(session_scope_function, name)
assert user.name == name
assert check_password(password, user.hashed_password)
assert user.lastname == lastname
assert user.firstname == firstname
assert user.email == email
assert user.access_level == access_level
# check that a team was automatically added with the new user
team = get_team_by_name(session_scope_function, name)
assert team.name == name
assert team.admin_id == user.id
def test_add_user(session_scope_function):
name = 'test_user'
password = '******'
lastname = 'Test'
firstname = 'User'
email = '*****@*****.**'
access_level = 'asked'
add_user(session_scope_function,
name=name,
password=password,
lastname=lastname,
firstname=firstname,
email=email,
access_level=access_level)
user = get_user_by_name(session_scope_function, name)
assert user.name == name
assert check_password(password, user.hashed_password)
assert user.lastname == lastname
assert user.firstname == firstname
assert user.email == email
assert user.access_level == access_level
# check that a team was automatically added with the new user
team = get_team_by_name(session_scope_function, name)
assert team.name == name
assert team.admin_id == user.id
# check that we get an error if we try to add the same user
with pytest.raises(NameClashError, match='email is already in use'):
add_user(session_scope_function,
name=name,
password=password,
lastname=lastname,
firstname=firstname,
email=email,
access_level=access_level)
# check that the checking is case insensitive
with pytest.raises(NameClashError, match='email is already in use'):
add_user(session_scope_function,
name=name,
password=password,
lastname=lastname,
firstname=firstname,
email=email.capitalize(),
access_level=access_level)
# add a user email with some capital letters and check that only lower case
# are stored in the database
name = 'new_user_name'
email = '*****@*****.**'
add_user(session_scope_function,
name=name,
password=password,
lastname=lastname,
firstname=firstname,
email=email,
access_level=access_level)
user = get_user_by_name(session_scope_function, name)
assert user.email == '*****@*****.**'
def login():
"""Login request."""
if app.config['TRACK_USER_INTERACTION']:
add_user_interaction(db.session, interaction='landing')
if flask_login.current_user.is_authenticated:
logger.info('User already logged-in')
session['logged_in'] = True
return redirect(url_for('ramp.problems'))
form = LoginForm()
if form.validate_on_submit():
try:
user = get_user_by_name_or_email(db.session,
name=form.user_name.data)
except NoResultFound:
msg = 'User "{}" does not exist'.format(form.user_name.data)
flash(msg)
logger.info(msg)
return redirect(url_for('auth.login'))
if not check_password(form.password.data, user.hashed_password):
msg = 'Wrong password'
flash(msg)
logger.info(msg)
return redirect(url_for('auth.login'))
flask_login.login_user(user, remember=True)
session['logged_in'] = True
user.is_authenticated = True
db.session.commit()
logger.info('User "{}" is logged in'.format(
flask_login.current_user.name))
if app.config['TRACK_USER_INTERACTION']:
add_user_interaction(db.session,
interaction='login',
user=flask_login.current_user)
next_ = request.args.get('next')
if next_ is None:
next_ = url_for('ramp.problems')
return redirect(next_)
return render_template('login.html', form=form)
def test_check_password():
password = "******"
hashed_password = hash_password(password)
assert check_password(password, hashed_password)
assert not check_password("hjst3789ep;ocikaqji", hashed_password)