def test_auth_login_logout(self):
# Test that login view functions as expected
db.session.add(Settings(login_required=False, first_run=False))
user = User(username='******')
user.set_password('passwd')
db.session.add(user)
db.session.commit()
# Test login page without login_required
response = self.test_client.get('/auth/login', follow_redirects=True)
self.assertTrue('<h1 class="page-header">Dashboard</h1>' \
in response.data.decode('utf-8'))
# Test correct login data
settings = Settings.query.first()
settings.login_required = True
db.session.commit()
response = self.login('user', 'passwd')
self.assertTrue('<h1 class="page-header">Dashboard</h1>' \
in response.data.decode('utf-8'))
# Test logout
response = self.test_client.get('/auth/logout', follow_redirects=True)
self.assertTrue(True)
# Test submit form with no data
response = self.login('', '')
self.assertTrue('This field is required' \
in response.data.decode('utf-8'))
# Test bad password
response = self.login('user', 'monkey')
self.assertTrue('Invalid username or password' \
in response.data.decode('utf-8'))
# Test bad username
response = self.login('nobody', 'passwd')
self.assertTrue('Invalid username or password' \
in response.data.decode('utf-8'))
def test_password_verification(self):
# Test that correct passwords are successful
# and incorrect passwords are not
u = User(username='******')
u.set_password('passwd')
self.assertTrue(u.check_password('passwd'))
self.assertFalse(u.check_password('monkey'))
def adduser():
user = User()
admin = User(username='******',
email='*****@*****.**',
password=user.set_password('!QAZ2wsx'))
print admin
db.session.add(admin)
db.session.commit()
def test_registered_users(self):
# Test no users registered
url = '/api/users'
db.session.add(Settings())
db.session.commit()
response = self.client.get(url)
data = json.loads(response.data.decode('utf-8'))
self.assertTrue(not data['success'])
self.assertTrue('No users' in data['message'])
# Test with users registered
user = User(username='******')
user.set_password('passwd')
db.session.add(user)
db.session.commit()
response = self.client.get(url)
data = json.loads(response.data.decode('utf-8'))
self.assertTrue(data['success'])
self.assertTrue(len(data['users']) > 0)
def signup():
if current_user.is_authenticated:
return redirect(url_for('main.index'))
form = SignUpForm()
if form.validate_on_submit():
hashed_password = bcrypt.generate_password_hash(form.password.data).decode('utf-8')
user = User(username=form.username.data, email=form.email.data, password=hashed_password)
db.session.add(user)
db.session.commit()
flash(f'Your Account has been created! You are now able to login.', 'success')
return redirect(url_for('users.login'))
return render_template('signup.html', title="Sign Up | ServerMonitor", form=form)
def register():
if current_user.is_authenticated:
return redirect(url_for('home'))
form = RegistrationForm()
if form.validate_on_submit():
hashed_password = bcrypt.generate_password_hash(form.password.data).decode('utf-8')
user = User(username=form.username.data, email=form.email.data, password=hashed_password)
db.session.add(user)
db.session.commit()
flash(f"Your account has been created! You are now able to log in", "success")
return redirect(url_for('login'))
return render_template('register.html', title='Register', form=form)
def test_delete_user(self):
url = '/api/user/delete'
db.session.add(Settings())
user = User(username='******')
user.set_password('passwd')
db.session.add(user)
user = User(username='******')
user.set_password('passwd')
db.session.add(user)
db.session.commit()
user = User.query.first()
# Test deleting single user
data = json.dumps({'id': user.id, 'username': user.username})
data = self.postAPI(url, data)
self.assertTrue(data['success'])
# Test deleting non existing user
data = json.dumps({'id': user.id, 'username': user.username})
data = self.postAPI(url, data)
self.assertTrue(not data['success'])
# Test deleting all users
user = User.query.first()
data = json.dumps({'id': user.id, 'username': user.username})
data = self.postAPI(url, data)
settings = Settings.query.first()
self.assertTrue(data['success'])
self.assertTrue(not settings.login_required)
def test_password_salts_are_random(self):
# Test that password salts are random, that is
# the password hash stored for the same passwords is different.
# The werkzeug module should generate different salts for hashed passwords
u1 = User(username='******')
u1.set_password('passwd')
u2 = User(username='******')
u2.set_password('passwd')
self.assertTrue(u1.password != u2.password)
def reset_token(token):
if current_user.is_authenticated:
return redirect(url_for('main.index'))
user = User.verify_reset_token(token)
if user is None:
flash('That is an invalid or expired token', 'warning')
return redirect(url_for('users.reset_request'))
form = ResetPasswordForm()
if form.validate_on_submit():
hashed_password = bcrypt.generate_password_hash(form.password.data).decode('utf-8')
user.password = hashed_password
db.session.commit()
flash(f'Your password has been updated! You are now able to login.', 'success')
return redirect(url_for('users.login'))
return render_template('reset_token.html', title="Reset Password | ServerMonitor", form=form)
def register(request) -> HttpResponse:
msg = "Fill out following form to create new user account."
register_form = RegisterForm()
if request.method == "POST":
register_form = RegisterForm(request.POST)
if register_form.is_valid():
if register_form.data['password'] == register_form.data['password_repeated']:
password_hash = bcrypt.hashpw(register_form.data['password'].encode(), bcrypt.gensalt(17))
new_user = User()
new_user.email = register_form.data['email']
new_user.username = register_form.data['username']
new_user.password = password_hash.decode()
new_user.save()
msg = "Registration succeeded. You may now login."
else:
msg = "Invalid data supplied. Check registration form and try again."
return render(request, "index/register.html", {"register_form": register_form, "form_msg": msg})
#Setup and create database file
from monitor.models import CheckedWebsite, User
from monitor import db, create_app
db.create_all(app=create_app())
app = create_app()
app.app_context().push()
with app.app_context():
# Create CheckedWebsite
new_website = CheckedWebsite(website_url='https://monitor.inspiredprogrammer.com', response_code='200', response_message='OK', isdown=False)
db.session.add(new_website)
db.session.commit()
# Create User
new_user = User(username='******', email='*****@*****.**', password='******')
db.session.add(new_user)
db.session.commit()
def test_password_setter(self):
# Test that password setter actually sets a password
u = User(username='******')
u.set_password('passwd')
self.assertTrue(u.password is not None)