def handler(event, context): params = event.get( "queryStringParameters") or dict() # can be None in event email, code = params.get("email"), params.get("code") try: cognito.confirm_sign_up( ClientId=CLIENT_ID, Username=email, ConfirmationCode=code, ) except cognito.exceptions.ExpiredCodeException: user = cognito.admin_get_user(UserPoolId=USER_POOL_ID, Username=email) # check if email is already verified email_verified = [ attr["Value"] for attr in user["UserAttributes"] if attr["Name"] == "email_verified" ][0] if email_verified == "true": redirect_to(REDIRECT_WHEN_ALREADY_CONFIRMED) return redirect_to(REDIRECT_WHEN_CODE_EXPIRED) except (cognito.exceptions.CodeMismatchException, cognito.exceptions.LimitExceededException) as e: # here should be some page with "Oops, something went wrong. Please request another verification link later" logging.warning(repr(e)) return redirect_to(REDIRECT_WHEN_CODE_EXPIRED) return redirect_to(REDIRECT_AFTER_VERIFICATION)
def test_get_delete_user(client, admin, user): login(client, admin) assert redirect_to(client.get(url_for('admin.delete_user', user_id=str(user.id)))) == \ real_url('admin.registered_users') with pytest.raises(DoesNotExist): User.objects.get(id=user.id) assert redirect_to(client.get(url_for('admin.delete_user', user_id=str(admin.id)))) == \ real_url('admin.registered_users') assert User.objects.get(id=admin.id) == admin
def test_post_reset_password_request_failure(client, admin, monkeypatch): assert redirect_to(client.post( url_for('account.reset_password_request'))) == real_url('main.index') login(client, admin) monkeypatch.setattr(User, 'generate_password_reset_token', lambda s: 'token') assert redirect_to( client.post( url_for('account.reset_password_request'), data={'email': '*****@*****.**'})) == real_url('account.login')
def test_post_delete_doc_meta_success_for_author(client, user, doc): login(client, user) assert redirect_to( client.post(url_for('task.delete_doc_meta', doc_meta_id=str( doc.id)))) == real_url('task.my_doc_meta') assert not DocumentMeta.objects(theme=doc.theme).first()
def test_post_update_doc_meta_success(client, admin, doc): login(client, admin) with captured_templates(client.application) as templates: assert client.get( url_for('task.update_doc_meta', doc_meta_id=str(doc.id))).status_code == 200 template, context = templates.pop() assert template.name == 'task/manage_document.html' assert context['action'] == 'Update' assert context['data_type'] == str(doc) form = context['form'] assert isinstance(form, DocMetaForm) form.theme.data = 'new theme' form.category.data = Category.LONG_TERM.value form.url.data = 'https://www.newtest.com' form.priority.data = 3 assert redirect_to(client.post(url_for('task.update_doc_meta', doc_meta_id=str(doc.id)), data=form.data)) == \ real_url('task.update_doc_meta', doc_meta_id=str(doc.id)) doc.reload() assert doc.theme == 'new theme' assert doc.category == Category.LONG_TERM.value assert doc.url == 'https://www.newtest.com' assert doc.priority == 3
def test_get_confirm_failure(client, admin): login(client, admin) admin.confirmed = False admin.save() admin.generate_confirmation_token() assert redirect_to( client.get(url_for('account.confirm', token='invalid'))) == real_url('main.index') admin.reload() assert not admin.confirmed admin.confirmed = True admin.save() assert redirect_to( client.get(url_for('account.confirm', token='invalid'))) == real_url('main.index')
def test_login_with_valid_next_endpoint(client, admin): assert redirect_to( client.post( url_for('account.login', next='/task/doc_meta/my_documents'), data={ 'email': admin.email, 'password': '******' })) == real_url('task.my_doc_meta')
def test_get_change_email_success(client, admin): login(client, admin) token = admin.generate_email_change_token('*****@*****.**') assert redirect_to( client.get(url_for('account.change_email', token=token))) == real_url('main.index') admin.reload() assert admin.email == '*****@*****.**'
def test_get_change_email_failure(client, admin): login(client, admin) admin.generate_email_change_token('*****@*****.**') assert redirect_to( client.get(url_for('account.change_email', token='notvalid'))) == real_url('main.index') admin.reload() assert admin.email == '*****@*****.**'
def test_get_confirm_success(client, admin): login(client, admin) admin.confirmed = False admin.save() token = admin.generate_confirmation_token() assert redirect_to(client.get(url_for( 'account.confirm', token=token))) == real_url('main.index') admin.reload() assert admin.confirmed
def test_get_confirm_request(client, admin, monkeypatch): login(client, admin) monkeypatch.setattr(User, 'generate_confirmation_token', lambda s: 'token') assert redirect_to(client.get( url_for('account.confirm_request'))) == real_url('main.index') queued_object = rq.get_queue(MessageQueue.email.value).get_kwargs() assert queued_object['recipient'] == admin.email assert queued_object['user'] == admin assert queued_object['confirm_link'] == url_for( 'account.confirm', token='token', _external=True)
def test_post_reset_password_failure(client, admin): data = { 'email': admin.email, 'new_password': '******', 'new_password2': '54321t' } login(client, admin) assert redirect_to( client.post( url_for('account.reset_password', token='valid'), data=data)) == real_url('main.index') logout(client) assert redirect_to( client.post( url_for('account.reset_password', token='not valid'), data=data)) == real_url('main.index') admin.reload() assert not admin.verify_password(data['new_password'])
def test_post_join_from_invite_failure(client, admin, monkeypatch): new_user = User(email='*****@*****.**') new_user.save() token = new_user.generate_confirmation_token() login(client, admin) assert redirect_to( client.post( url_for( 'account.join_from_invite', user_id=str(new_user.id), token=token))) == real_url('main.index') logout(client) assert client.post( url_for( 'account.join_from_invite', user_id=INVALID_OBJECT_ID, token=token)).status_code == 404 assert redirect_to( client.post( url_for( 'account.join_from_invite', user_id=str(admin.id), token=token))) == real_url('main.index') monkeypatch.setattr(User, 'generate_confirmation_token', lambda s: 'new_token') assert redirect_to( client.post( url_for( 'account.join_from_invite', user_id=str(new_user.id), token='invalid'))) == real_url('main.index') queued_object = rq.get_queue(MessageQueue.email.value).get_kwargs() assert queued_object['recipient'] == new_user.email assert queued_object['user'] == new_user assert queued_object['invite_link'] == url_for( 'account.join_from_invite', user_id=str(new_user.id), token='new_token', _external=True)
def test_post_new_doc_meta_success(client, admin): login(client, admin) data = { 'theme': 'whats up', 'category': Category.SHORT_TERM.value, 'url': 'https://www.helloword.com', } assert redirect_to(client.post(url_for('task.new_doc_meta'), data=data)) == real_url('task.new_doc_meta') assert DocumentMeta.objects.get(theme=data['theme']).url == data['url'] assert DocumentMeta.objects(theme=data['theme']).first()
def test_post_change_password_success(client, admin): login(client, admin) data = { 'old_password': '******', 'new_password': '******', 'new_password2': 't12345' } assert redirect_to( client.post(url_for('account.change_password'), data=data)) == real_url('main.index') admin.reload() assert admin.verify_password(data['new_password'])
def test_post_reset_password_success(client, admin): data = { 'email': admin.email, 'new_password': '******', 'new_password2': '54321t' } token = admin.generate_password_reset_token() assert redirect_to( client.post(url_for('account.reset_password', token=token), data=data)) == real_url('account.login') admin.reload() assert admin.verify_password(data['new_password'])
def test_get_unconfirmed(client, admin): login(client, admin) admin.confirmed = False admin.save() with captured_templates(client.application) as templates: assert client.get(url_for('account.unconfirmed')).status_code == 200 template, context = templates.pop() assert template.name == 'account/unconfirmed.html' admin.confirmed = True admin.save() assert redirect_to(client.get( url_for('account.unconfirmed'))) == real_url('main.index')
def test_post_reset_password_request_success(client, admin, monkeypatch): login(client, admin) monkeypatch.setattr(User, 'generate_password_reset_token', lambda s: 'token') assert redirect_to( client.post( url_for('account.reset_password_request'), data={'email': admin.email})) == real_url('account.login') queued_object = rq.get_queue(MessageQueue.email.value).get_kwargs() assert queued_object['recipient'] == admin.email assert queued_object['user'] == admin assert queued_object['reset_link'] == url_for( 'account.reset_password', token='token', _external=True)
def test_post_join_from_invite_success(client): new_user = User(email='*****@*****.**') new_user.save() token = new_user.generate_confirmation_token() data = {'password': '******', 'password2': 't12345'} assert redirect_to( client.post( url_for( 'account.join_from_invite', user_id=str(new_user.id), token=token), data=data)) == real_url('account.login') new_user.reload() assert new_user.verify_password('t12345') new_user.delete()
def test_post_change_email_request_success(client, admin, monkeypatch): login(client, admin) monkeypatch.setattr(User, 'generate_email_change_token', lambda s, e: 'token') data = { 'email': '*****@*****.**', 'password': '******', } assert redirect_to( client.post(url_for('account.change_email_request'), data=data)) == real_url('main.index') admin.reload() queued_object = rq.get_queue(MessageQueue.email.value).get_kwargs() assert queued_object['recipient'] == data['email'] assert queued_object['user'] == admin assert queued_object['change_email_link'] == url_for( 'account.change_email', token='token', _external=True)
def test_post_register(client, monkeypatch): monkeypatch.setattr(User, 'generate_confirmation_token', lambda s: 'token') data = { 'first_name': 'first', 'last_name': 'last', 'email': '*****@*****.**', 'password': '******', 'password2': 't12345', } assert redirect_to(client.post(url_for('account.register'), data=data)) == real_url('main.index') user = User.objects(email=data['email']).first() assert user.first_name == data['first_name'] assert user.last_name == data['last_name'] assert user.verify_password(data['password']) queued_object = rq.get_queue(MessageQueue.email.value).get_kwargs() assert queued_object['recipient'] == data['email'] assert queued_object['user'] == user assert queued_object['confirm_link'] == url_for( 'account.confirm', token='token', _external=True)
def test_post_change_account_type(client, admin, user): login(client, admin) admin_role = Role.objects(name='Administrator').first() data = {'role': str(admin_role.id)} with captured_templates(client.application) as templates: assert client.post( url_for('admin.change_account_type', user_id=str(user.id)), data=data).status_code == 200 template, context = templates.pop() assert template.name == 'admin/manage_user.html' assert context['user'] == user assert isinstance(context['form'], ChangeAccountTypeForm) user.reload() assert user.role == admin_role assert redirect_to(client.post(url_for('admin.change_account_type', user_id=str(admin.id)), data=data)) == \ real_url('admin.user_info', user_id=admin.id) assert client.post( url_for('admin.change_account_type', user_id=INVALID_OBJECT_ID), data=data).status_code == 404
def test_api_require_login(client, endpoint, arguments): assert redirect_to(client.get(url_for( endpoint, **arguments))) == real_url('account.login')
def test_logout(client, admin): login(client, admin) assert current_user == admin assert redirect_to(client.get( url_for('account.logout'))) == real_url('main.index') assert current_user.is_anonymous