def test_valid_reset_token(self):
u = User(password='******')
db.session.add(u)
db.session.commit()
token = u.generate_token()
self.assertTrue(u.confirm_reset(token, 'dog'))
self.assertTrue(u.verify_password('dog'))
def test_expired_confirmation_token(self):
u = User(password='******')
db.session.add(u)
db.session.commit()
token = u.generate_token(expiration=1)
time.sleep(2)
self.assertFalse(u.confirm_registration(token))
def test_valid_email_change_token(self):
u = User(email='*****@*****.**', password='******')
db.session.add(u)
db.session.commit()
token = u.generate_token(new_email='*****@*****.**')
self.assertTrue(u.confirm_new_email(token))
self.assertTrue(u.email == '*****@*****.**')
def test_ping(self):
u = User(password='******')
db.session.add(u)
db.session.commit()
time.sleep(2)
last_seen_before = u.last_seen
u.ping()
self.assertTrue(u.last_seen > last_seen_before)
def test_duplicate_email_change_token(self):
u1 = User(email='*****@*****.**', password='******')
u2 = User(email='*****@*****.**', password='******')
db.session.add(u1)
db.session.add(u2)
db.session.commit()
token = u2.generate_token(new_email='*****@*****.**')
self.assertFalse(u2.confirm_new_email(token))
self.assertTrue(u2.email == '*****@*****.**')
def test_invalid_reset_token(self):
u1 = User(password='******')
u2 = User(password='******')
db.session.add(u1)
db.session.add(u2)
db.session.commit()
token = u1.generate_token()
self.assertFalse(u2.confirm_reset(token, 'horse'))
self.assertTrue(u2.verify_password('dog'))
def test_invalid_confirmation_token(self):
u1 = User(password='******')
u2 = User(password='******')
db.session.add(u1)
db.session.add(u2)
db.session.commit()
token = u1.generate_token()
self.assertFalse(u2.confirm_registration(token))
def signup():
if current_user.is_authenticated:
return redirect(url_for('main.home'))
form = SignupForm()
if form.validate_on_submit():
hashed_password = bcrypt.generate_password_hash(
form.password.data).decode('utf-8')
user = User(username=form.username.data,
email=form.email.data,
password=hashed_password)
db.session.add(user)
db.session.commit()
flash('Your account has been created!', 'success')
return redirect(url_for('users.login'))
return render_template('signup.html', title='Register', form=form)
def register():
form = RegistrationForm()
if form.validate_on_submit():
hashed_password = bcrypt.generate_password_hash(
form.password.data).decode('utf-8')
user = User(username=form.username.data,
email=form.email.data,
password=hashed_password)
db.session.add(user)
db.session.commit()
flash('Your account has been created! You are now able to log in',
'success')
flash(f'Account created successfuly! login', 'success')
return redirect(url_for('login'))
return render_template('register.html', form=form)
def test_gravatar(self):
u = User(email='*****@*****.**', password='******')
gravatar = u.gravatar()
gravatar_256 = u.gravatar(size=256)
gravatar_pg = u.gravatar(rating='pg')
gravatar_retro = u.gravatar(default='retro')
self.assertTrue(self.app.config['BASE_GRAVATAR_URL'] +
'/d4c74594d841139328695756648b6bd6' in gravatar)
self.assertTrue('s=256' in gravatar_256)
self.assertTrue('r=pg' in gravatar_pg)
self.assertTrue('d=retro' in gravatar_retro)
def reset_token(token):
if current_user.is_authenticated:
return redirect(url_for('main.home'))
user = User.verify_reset_token(token)
if user is None:
flash('That is an invalid or expired token', 'warning')
return redirect(url_for('users.reset_request'))
form = ResetPasswordForm()
if form.validate_on_submit():
hashed_password = bcrypt.generate_password_hash(
form.password.data).decode('utf-8')
user.password = hashed_password
db.session.commit()
flash('Your password has been updated!', 'success')
return redirect(url_for('users.login'))
return render_template('reset_token.html',
title='Reset Password',
form=form)
def generate_fake_users(count=100):
seed()
for i in range(count):
user_name = forgery_py.internet.user_name(True)[:32]
u = User(email=forgery_py.internet.email_address(),
username=user_name,
username_normalized=user_name.lower(),
password=forgery_py.lorem_ipsum.word(),
confirmed=True,
name=forgery_py.name.full_name()[:64],
homeland=forgery_py.address.city()[:64],
about=forgery_py.lorem_ipsum.sentence(),
created_at=forgery_py.date.date(True))
db.session.add(u)
try:
db.session.commit()
except IntegrityError:
db.session.rollback()
def test_valid_confirmation_token(self):
u = User(password='******')
db.session.add(u)
db.session.commit()
token = u.generate_token()
self.assertTrue(u.confirm_registration(token))
def test_timestamps(self):
u = User(password='******')
db.session.add(u)
db.session.commit()
self.assertTrue((datetime.utcnow() - u.created_at).total_seconds() < 3)
self.assertTrue((datetime.utcnow() - u.last_seen).total_seconds() < 3)
def test_password_setter(self):
u = User(password='******')
self.assertTrue(u.password_hash is not None)
def test_no_password_getter(self):
u = User(password='******')
with self.assertRaises(AttributeError):
u.password
def test_password_verification(self):
u = User(password='******')
self.assertTrue(u.verify_password('cat'))
self.assertFalse(u.verify_password('dog'))
def test_roles_and_permissions(self):
u = User(email='*****@*****.**', password='******')
self.assertTrue(u.can(Permission.WRITE))
self.assertFalse(u.can(Permission.MODERATE))
def test_password_salts_are_random(self):
u = User(password='******')
u2 = User(password='******')
self.assertTrue(u.password_hash != u2.password_hash)