def test_login_logout(self):
self.create_users()
with self.flask_app.test_client() as c:
resp = c.post('/accounts/login/',
data={
'username': '******',
'password': '******',
})
self.assertEqual(auth.get_logged_in_user(), self.normal)
resp = c.post('/accounts/logout/')
self.assertEqual(auth.get_logged_in_user(), None)
resp = c.post('/accounts/login/',
data={
'username': '******',
'password': '******',
})
self.assertEqual(auth.get_logged_in_user(), self.admin)
# log back in without logging out
resp = c.post('/accounts/login/',
data={
'username': '******',
'password': '******',
})
self.assertEqual(auth.get_logged_in_user(), self.normal)
def test_login_logout(self):
self.create_users()
with self.flask_app.test_client() as c:
resp = c.post('/accounts/login/', data={
'username': '******',
'password': '******',
})
self.assertEqual(auth.get_logged_in_user(), self.normal)
resp = c.post('/accounts/logout/')
self.assertEqual(auth.get_logged_in_user(), None)
resp = c.post('/accounts/login/', data={
'username': '******',
'password': '******',
})
self.assertEqual(auth.get_logged_in_user(), self.admin)
# log back in without logging out
resp = c.post('/accounts/login/', data={
'username': '******',
'password': '******',
})
self.assertEqual(auth.get_logged_in_user(), self.normal)
def test_login_view(self):
self.create_users()
with self.flask_app.test_client() as c:
resp = c.get("/accounts/login/")
self.assertEqual(resp.status_code, 200)
# check that we have no logged-in user
self.assertContext("user", None)
frm = self.get_context("form")
self.assertTrue(isinstance(frm, LoginForm))
self.assertEqual(frm.data, {"username": None, "password": None})
# make a post missing the username
resp = c.post("/accounts/login/", data={"username": "", "password": "******"})
self.assertEqual(resp.status_code, 200)
# check form for errors
frm = self.get_context("form")
self.assertEqual(frm.errors, {"username": [u"This field is required."]})
# check that no messages were generated
self.assertFalse("_flashes" in session)
# check that the auth API does not indicate a logged-in user
self.assertEqual(auth.get_logged_in_user(), None)
# make a post with a bad username/password combo
resp = c.post("/accounts/login/", data={"username": "******", "password": "******"})
self.assertEqual(resp.status_code, 200)
# both fields were present so no form errors, but flash the user
# indicating bad username/password combo
self.assertTrue("_flashes" in session)
messages = get_flashed_messages()
self.assertEqual(messages, ["Incorrect username or password"])
# check that the auth API does not indicate a logged-in user
self.assertEqual(auth.get_logged_in_user(), None)
# make a post with an inactive user
resp = c.post("/accounts/login/", data={"username": "******", "password": "******"})
self.assertEqual(resp.status_code, 200)
# still no logged-in user
self.assertContext("user", None)
# check that the auth API does not indicate a logged-in user
self.assertEqual(auth.get_logged_in_user(), None)
# finally post as a known good user
resp = c.post("/accounts/login/", data={"username": "******", "password": "******"})
self.assertEqual(resp.status_code, 302)
# check that we now have a logged-in user
self.assertEqual(auth.get_logged_in_user(), self.normal)
def test_login_logout(self):
self.create_users()
with self.flask_app.test_client() as c:
resp = c.post("/accounts/login/", data={"username": "******", "password": "******"})
self.assertEqual(auth.get_logged_in_user(), self.normal)
resp = c.post("/accounts/logout/")
self.assertEqual(auth.get_logged_in_user(), None)
resp = c.post("/accounts/login/", data={"username": "******", "password": "******"})
self.assertEqual(auth.get_logged_in_user(), self.admin)
# log back in without logging out
resp = c.post("/accounts/login/", data={"username": "******", "password": "******"})
self.assertEqual(auth.get_logged_in_user(), self.normal)
def test_admin_required(self):
self.create_users()
with self.flask_app.test_client() as c:
resp = c.get('/secret/')
self.assertEqual(resp.status_code, 302)
self.assertTrue(resp.headers['location'].endswith('/accounts/login/?next=%2Fsecret%2F'))
self.login('normal', 'normal', c)
resp = c.get('/secret/')
self.assertEqual(resp.status_code, 302)
self.assertTrue(resp.headers['location'].endswith('/accounts/login/?next=%2Fsecret%2F'))
self.assertEqual(auth.get_logged_in_user(), self.normal)
self.login('admin', 'admin', c)
resp = c.get('/secret/')
self.assertEqual(resp.status_code, 200)
self.assertEqual(auth.get_logged_in_user(), self.admin)
def test_admin_required(self):
self.create_users()
with self.flask_app.test_client() as c:
resp = c.get("/secret/")
self.assertEqual(resp.status_code, 302)
self.assertTrue(resp.headers["location"].endswith("/accounts/login/?next=%2Fsecret%2F"))
self.login("normal", "normal", c)
resp = c.get("/secret/")
self.assertEqual(resp.status_code, 302)
self.assertTrue(resp.headers["location"].endswith("/accounts/login/?next=%2Fsecret%2F"))
self.assertEqual(auth.get_logged_in_user(), self.normal)
self.login("admin", "admin", c)
resp = c.get("/secret/")
self.assertEqual(resp.status_code, 200)
self.assertEqual(auth.get_logged_in_user(), self.admin)
def test_admin_required(self):
self.create_users()
with self.flask_app.test_client() as c:
resp = c.get('/secret/')
self.assertEqual(resp.status_code, 302)
self.assertTrue(resp.headers['location'].endswith(
'/accounts/login/?next=%2Fsecret%2F'))
self.login('normal', 'normal', c)
resp = c.get('/secret/')
self.assertEqual(resp.status_code, 302)
self.assertTrue(resp.headers['location'].endswith(
'/accounts/login/?next=%2Fsecret%2F'))
self.assertEqual(auth.get_logged_in_user(), self.normal)
self.login('admin', 'admin', c)
resp = c.get('/secret/')
self.assertEqual(resp.status_code, 200)
self.assertEqual(auth.get_logged_in_user(), self.admin)
def test_login_view(self):
self.create_users()
with self.flask_app.test_client() as c:
resp = c.get('/accounts/login/')
self.assertEqual(resp.status_code, 200)
# check that we have no logged-in user
self.assertContext('user', None)
frm = self.get_context('form')
self.assertTrue(isinstance(frm, LoginForm))
self.assertEqual(frm.data, {'username': None, 'password': None})
# make a post missing the username
resp = c.post('/accounts/login/', data={
'username': '',
'password': '******',
})
self.assertEqual(resp.status_code, 200)
# check form for errors
frm = self.get_context('form')
self.assertEqual(frm.errors, {'username': [u'This field is required.']})
# check that no messages were generated
self.assertFalse('_flashes' in session)
# check that the auth API does not indicate a logged-in user
self.assertEqual(auth.get_logged_in_user(), None)
# make a post with a bad username/password combo
resp = c.post('/accounts/login/', data={
'username': '******',
'password': '******',
})
self.assertEqual(resp.status_code, 200)
# both fields were present so no form errors, but flash the user
# indicating bad username/password combo
self.assertTrue('_flashes' in session)
messages = get_flashed_messages()
self.assertEqual(messages, [
'Incorrect username or password',
])
# check that the auth API does not indicate a logged-in user
self.assertEqual(auth.get_logged_in_user(), None)
# make a post with an inactive user
resp = c.post('/accounts/login/', data={
'username': '******',
'password': '******',
})
self.assertEqual(resp.status_code, 200)
# still no logged-in user
self.assertContext('user', None)
# check that the auth API does not indicate a logged-in user
self.assertEqual(auth.get_logged_in_user(), None)
# finally post as a known good user
resp = c.post('/accounts/login/', data={
'username': '******',
'password': '******',
})
self.assertEqual(resp.status_code, 302)
# check that we now have a logged-in user
self.assertEqual(auth.get_logged_in_user(), self.normal)
def test_login_view(self):
self.create_users()
with self.flask_app.test_client() as c:
resp = c.get('/accounts/login/')
self.assertEqual(resp.status_code, 200)
# check that we have no logged-in user
self.assertContext('user', None)
frm = self.get_context('form')
self.assertTrue(isinstance(frm, LoginForm))
self.assertEqual(frm.data, {'username': None, 'password': None})
# make a post missing the username
resp = c.post('/accounts/login/',
data={
'username': '',
'password': '******',
})
self.assertEqual(resp.status_code, 200)
# check form for errors
frm = self.get_context('form')
self.assertEqual(frm.errors,
{'username': [u'This field is required.']})
# check that no messages were generated
self.assertFalse('_flashes' in session)
# check that the auth API does not indicate a logged-in user
self.assertEqual(auth.get_logged_in_user(), None)
# make a post with a bad username/password combo
resp = c.post('/accounts/login/',
data={
'username': '******',
'password': '******',
})
self.assertEqual(resp.status_code, 200)
# both fields were present so no form errors, but flash the user
# indicating bad username/password combo
self.assertTrue('_flashes' in session)
messages = get_flashed_messages()
self.assertEqual(messages, [
'Incorrect username or password',
])
# check that the auth API does not indicate a logged-in user
self.assertEqual(auth.get_logged_in_user(), None)
# make a post with an inactive user
resp = c.post('/accounts/login/',
data={
'username': '******',
'password': '******',
})
self.assertEqual(resp.status_code, 200)
# still no logged-in user
self.assertContext('user', None)
# check that the auth API does not indicate a logged-in user
self.assertEqual(auth.get_logged_in_user(), None)
# finally post as a known good user
resp = c.post('/accounts/login/',
data={
'username': '******',
'password': '******',
})
self.assertEqual(resp.status_code, 302)
# check that we now have a logged-in user
self.assertEqual(auth.get_logged_in_user(), self.normal)
