def test_reset_password(self): with self.app.app_context(): # test login response = self.client.get( f"user/reset-password/{self.TEST_USER2}") self.assertTrue(response.status_code, 200) # test admin required self.login("test_user", "test_password") response = self.client.get( f"user/reset-password/{self.TEST_USER2}") self.assertTrue(response.status_code, 403) # login admin account self.login("admin", "Admin12345") # confirm user's current password user = user_q.get_one(self.TEST_USER2) self.assertTrue( secure.check_password_hash(user["password"], "test_password2")) # reset password response = self.client.post( f"user/reset-password/{self.TEST_USER2}", follow_redirects=True) self.assertEqual(response.status_code, 200) self.assertIn(b"Password Reset!", response.data) user = user_q.get_one(self.TEST_USER2) self.assertFalse( secure.check_password_hash(user["password"], "test_password2"))
def test_reset_password(self): with self.app.app_context(): # validate user's current password old_password = "******" user = user_q.get_one(self.TEST_USER) self.assertTrue( secure.check_password_hash(user["password"], old_password)) # reset user's password self.assertTrue(user_q.reset_password(self.TEST_USER)) # ensure password updated user = user_q.get_one(self.TEST_USER) self.assertFalse( secure.check_password_hash(user["password"], old_password))
def change_password(): """ Renders the change password form or changes a user's password. Logged in user required. """ errors = [] new_key = util.generate_new_pw(25) if request.method == "POST": if request.form.get("key", "") != session.get("key", None): abort(403) password = request.form.get("password") new_pw = request.form.get("new_password") confirm_pw = request.form.get("confirm_password") user = user_q.get_one(g.user["user_id"]) if not secure.check_password_hash(user["password"], password): errors.append("Password is Invalid") errors = errors + user_v.check_password(new_pw) if new_pw != confirm_pw: errors.append("Passwords do not Match") if not errors: if user_q.update_password(new_pw, g.user["user_id"]): flash("Password Updated") else: flash("Password Update Failed") session["key"] = new_key return render_template("user/change_password.html", errors=errors, new_key=new_key)
def load_logged_in_user(): """ Stores a user's info. """ user_id = session.get("user_id") if user_id is None: g.user = None else: g.user = user_q.get_one(user_id)
def test_delete_user_by_id(self): with self.app.app_context(): # delete user self.assertTrue(user_q.delete(self.TEST_USER)) # verify query result self.assertFalse(user_q.get_one(self.TEST_USER)) # reset db database.init()
def test_delete_user(self): with self.app.app_context(): # test login response = self.client.get(f"user/delete/{self.TEST_USER2}") self.assertTrue(response.status_code, 200) # test admin required self.login("test_user", "test_password") response = self.client.get(f"user/delete/{self.TEST_USER2}") self.assertTrue(response.status_code, 403) # login admin account self.login("admin", "Admin12345") self.assertTrue(user_q.get_one(self.TEST_USER1)) response = self.client.post(f"/user/delete/{self.TEST_USER1}", follow_redirects=True) self.assertEqual(response.status_code, 200) self.assertIn(b"Account Deleted", response.data) self.assertFalse(user_q.get_one(self.TEST_USER1))
def test_update_password(self): with self.app.app_context(): new_password = "******" # submit query, fetch updated password self.assertTrue( user_q.update_password(new_password, self.TEST_USER)) user = user_q.get_one(self.TEST_USER) # validate password updated self.assertTrue( secure.check_password_hash(user["password"], new_password))
def test_change_password(self): with self.client: response = self.client.get("/user/change_password") self.assertEqual(response.status_code, 302) self.login("test_user2", "test_password2") response = self.client.get("/user/change_password") self.assertEqual(response.status_code, 200) # successfully update password response = self.update_password("test_password2", "Password12345", "Password12345") self.assertEqual(response.status_code, 200) self.assertIn(b"Password Updated", response.data) user = user_q.get_one(self.TEST_USER2) self.assertTrue( secure.check_password_hash(user["password"], "Password12345")) # check that error messages work response = self.update_password("Password12345", "badpw", "badpw") user = user_q.get_one(self.TEST_USER2) self.assertTrue( secure.check_password_hash(user["password"], "Password12345")) self.assertEqual(response.status_code, 200) self.assertIn( b"Password must be greater then 9" b" characters and less then 50 characters", response.data) self.assertIn( b"Password must contain at least" b" one upper case character", response.data) self.assertIn(b"Password must contain at least one digit", response.data) # reset password to testing default value self.set_password("test_password2")
def test_create_user(self): with self.app.app_context(): # create a new user user_id = user_q.create({ "username": "******", "password": "******", "first_name": "Dug", "last_name": "Jug", "email": "*****@*****.**" }) # test query results self.assertTrue(user_id) user = user_q.get_one(user_id) self.assertTrue(user) self.assertEqual(user["first_name"], "Dug") self.assertEqual(user["last_name"], "Jug") self.assertEqual(user["username"], "dug.jug") self.assertTrue(user["password"]) self.assertEqual(user["email"], "*****@*****.**")
def test_update_user(self): with self.app.app_context(): # updated data user_info = { "username": "******", "first_name": "TEST_FIRST_NAME", "last_name": "TEST_LAST_NAME", "email": "*****@*****.**", "user_id": self.TEST_USER } # update user self.assertTrue(user_q.update(user_info)) # test query results user = user_q.get_one(self.TEST_USER) self.assertEqual(user["username"], user_info["username"]) self.assertEqual(user["first_name"], user_info["first_name"]) self.assertEqual(user["last_name"], user_info["last_name"]) self.assertEqual(user["email"], user_info["email"]) # reset db database.init()
def test_account(self): with self.client: response = self.client.get("/user/account") self.assertEqual(response.status_code, 302) self.login("test_user2", "test_password2") response = self.client.get("/user/account") self.assertEqual(response.status_code, 200) # succesfully update username new_info = { "username": "******", "first_name": "test_first_name2", "last_name": "test_last_name2", "email": "*****@*****.**", "user_id": self.TEST_USER2 } response = self.change_user(new_info) self.assertEqual(response.status_code, 200) self.assertIn(b"Account Updated", response.data) user = user_q.get_one(self.TEST_USER2) self.assertEqual(user["username"], "new_username") # check error messages - no username new_info["username"] = "" response = self.change_user(new_info) self.assertIn(b"Username is Required", response.data) # check error messages - username too long new_info["username"] = "******" * 257 response = self.change_user(new_info) self.assertIn(b"User name must be less the 256 characters", response.data) # reset username to testing default value new_info["username"] = "******" self.change_user(new_info)
def test_get_one(self): with self.app.app_context(): user = user_q.get_one(self.TEST_USER) self.assertTrue(user) self.assertEqual(user["username"], "test_user")