def test_set_user_by_instance(session_scope_function):
add_user(session_scope_function, name='test_user', password='******',
lastname='lastname', firstname='firstname',
email='*****@*****.**', access_level='asked')
add_user(session_scope_function, name='test_user_2',
password='******', lastname='lastname',
firstname='firstname', email='*****@*****.**',
access_level='asked')
user = get_user_by_name(session_scope_function, 'test_user')
set_user_by_instance(session_scope_function, user, lastname='a',
firstname='b', email='c', linkedin_url='d',
twitter_url='e', facebook_url='f', google_url='g',
github_url='h', website_url='i', bio='j',
is_want_news=False)
user = get_user_by_name(session_scope_function, 'test_user')
assert user.lastname == 'a'
assert user.firstname == 'b'
assert user.email == 'c'
assert user.linkedin_url == 'd'
assert user.twitter_url == 'e'
assert user.facebook_url == 'f'
assert user.google_url == 'g'
assert user.github_url == 'h'
assert user.website_url == 'i'
assert user.bio == 'j'
assert user.is_want_news is False
def test_reset_password(client_session):
client, session = client_session
# GET method
rv = client.get('/reset_password')
assert rv.status_code == 200
assert b'If you are a registered user, we are going to send' in rv.data
# POST method
# check that we raise an error if the email does not exist
rv = client.post('/reset_password', data={'email': '*****@*****.**'})
assert rv.status_code == 200
assert b'You can sign-up instead.' in rv.data
# set a user to "asked" access level
user = get_user_by_name(session, 'test_user')
user.access_level = 'asked'
session.commit()
rv = client.post('/reset_password', data={'email': user.email})
assert rv.status_code == 200
assert b'Your account has not been yet approved.' in rv.data
# set back the account to 'user' access level
user.access_level = 'user'
session.commit()
rv = client.post('/reset_password', data={'email': user.email})
with client.session_transaction() as cs:
flash_message = dict(cs['_flashes'])
assert flash_message['message'] == ('An email to reset your password has '
'been sent')
assert rv.status_code == 302
assert rv.location == 'http://localhost/login'
with client.application.app_context():
with mail.record_messages() as outbox:
rv = client.post('/reset_password', data={'email': user.email})
assert len(outbox) == 1
assert 'click on the link to reset your password' in outbox[0].body
# get the link to reset the password
reg_exp = re.search("http://localhost/reset/.*", outbox[0].body)
reset_password_link = reg_exp.group()
# remove the part with 'localhost' for the next query
reset_password_link = reset_password_link[reset_password_link.
find('/reset'):]
# check that we can reset the password using the previous link
# GET method
rv = client.get(reset_password_link)
assert rv.status_code == 200
assert b'Change my password' in rv.data
# POST method
new_password = '******'
rv = client.post(reset_password_link, data={'password': new_password})
assert rv.status_code == 302
assert rv.location == 'http://localhost/login'
# make a commit to be sure that the update has been done
session.commit()
user = get_user_by_name(session, 'test_user')
assert check_password(new_password, user.hashed_password)
def test_reset_token_error(client_session):
client, session = client_session
# POST method
new_password = '******'
rv = client.post('/reset/xxx', data={'password': new_password})
assert rv.status_code == 404
# Get get the link to a real token but remove the user in between
user = get_user_by_name(session, 'test_user')
with client.application.app_context():
with mail.record_messages() as outbox:
rv = client.post('/reset_password', data={'email': user.email})
assert len(outbox) == 1
assert 'click on the link to reset your password' in outbox[0].body
# get the link to reset the password
reg_exp = re.search("http://localhost/reset/.*", outbox[0].body)
reset_password_link = reg_exp.group()
# remove the part with 'localhost' for the next query
reset_password_link = reset_password_link[reset_password_link.
find('/reset'):]
user = get_user_by_name(session, 'test_user')
session.delete(user)
session.commit()
new_password = '******'
rv = client.post(reset_password_link, data={'password': new_password})
assert rv.status_code == 404
def test_add_user(session_scope_function):
name = 'test_user'
password = '******'
lastname = 'Test'
firstname = 'User'
email = '*****@*****.**'
access_level = 'asked'
add_user(session_scope_function,
name=name,
password=password,
lastname=lastname,
firstname=firstname,
email=email,
access_level=access_level)
user = get_user_by_name(session_scope_function, name)
assert user.name == name
assert check_password(password, user.hashed_password)
assert user.lastname == lastname
assert user.firstname == firstname
assert user.email == email
assert user.access_level == access_level
# check that a team was automatically added with the new user
team = get_team_by_name(session_scope_function, name)
assert team.name == name
assert team.admin_id == user.id
# check that we get an error if we try to add the same user
with pytest.raises(NameClashError, match='email is already in use'):
add_user(session_scope_function,
name=name,
password=password,
lastname=lastname,
firstname=firstname,
email=email,
access_level=access_level)
# check that the checking is case insensitive
with pytest.raises(NameClashError, match='email is already in use'):
add_user(session_scope_function,
name=name,
password=password,
lastname=lastname,
firstname=firstname,
email=email.capitalize(),
access_level=access_level)
# add a user email with some capital letters and check that only lower case
# are stored in the database
name = 'new_user_name'
email = '*****@*****.**'
add_user(session_scope_function,
name=name,
password=password,
lastname=lastname,
firstname=firstname,
email=email,
access_level=access_level)
user = get_user_by_name(session_scope_function, name)
assert user.email == '*****@*****.**'
def test_approve_user(session_scope_function):
add_user(session_scope_function, name='test_user', password='******',
lastname='Test', firstname='User', email='*****@*****.**',
access_level='asked')
user = get_user_by_name(session_scope_function, 'test_user')
assert user.access_level == 'asked'
assert user.is_authenticated is False
approve_user(session_scope_function, 'test_user')
user = get_user_by_name(session_scope_function, 'test_user')
assert user.access_level == 'user'
assert user.is_authenticated is True
def test_sign_up(client_session):
client, session = client_session
# GET on sign-up
rv = client.get('/sign_up')
assert rv.status_code == 200
assert b'Sign Up' in rv.data
# POST on sign-up
user_profile = {'user_name': 'xx', 'password': '******', 'firstname': 'xx',
'lastname': 'xx', 'email': 'xx'}
rv = client.post('/sign_up', data=user_profile)
assert rv.status_code == 200
user = get_user_by_name(session, 'xx')
assert user.name == 'xx'
user_profile = {'user_name': 'yy', 'password': '******', 'firstname': 'yy',
'lastname': 'yy', 'email': 'yy'}
rv = client.post('/sign_up', data=user_profile, follow_redirects=True)
assert rv.status_code == 200
# check that we catch a flash error if we try to sign-up with an identical
# username or email
user_profile = {'user_name': 'test_user', 'password': '******',
'firstname': 'xx', 'lastname': 'xx',
'email': '*****@*****.**'}
rv = client.post('/sign_up', data=user_profile)
with client.session_transaction() as cs:
flash_message = dict(cs['_flashes'])
assert (flash_message['message'] ==
'username is already in use and email is already in use')
assert rv.status_code == 200
def test_approve_single_user(client_session):
client, session = client_session
add_user(session, 'aa', 'aa', 'aa', 'aa', 'aa', access_level='asked')
with login_scope(client, 'test_iris_admin', 'test') as client:
rv = client.get('/sign_up/aa')
assert rv.status_code == 302
assert rv.location == 'http://localhost/problems'
with client.session_transaction() as cs:
flash_message = dict(cs['_flashes'])
assert re.match("User(.*aa.*) is signed up",
flash_message['Successful sign-up'])
# ensure that the previous change have been committed within our
# session
session.commit()
user = get_user_by_name(session, 'aa')
assert user.access_level == 'user'
rv = client.get("/sign_up/unknown_user")
session.commit()
assert rv.status_code == 302
assert rv.location == "http://localhost/problems"
with client.session_transaction() as cs:
flash_message = dict(cs['_flashes'])
assert flash_message['message'] == 'No user unknown_user'
def test_update_profile(client_session):
client, session = client_session
# try to change the profile without being logged-in
rv = client.get('/update_profile')
assert rv.status_code == 302
assert rv.location == 'http://localhost/login?next=%2Fupdate_profile'
rv = client.get('/update_profile', follow_redirects=True)
assert rv.status_code == 200
with login_scope(client, 'test_user', 'test') as client:
# GET function once logged-in
rv = client.get('/update_profile')
assert rv.status_code == 200
for attr in [b'Username', b'First name', b'Last name', b'Email',
b'User', b'Test', b'*****@*****.**']:
assert attr in rv.data
# POST function once logged-in
user_profile = {'lastname': 'XXX', 'firstname': 'YYY',
'email': '*****@*****.**'}
rv = client.post('/update_profile', data=user_profile)
assert rv.status_code == 302
assert rv.location == 'http://localhost/problems'
user = get_user_by_name(session, 'test_user')
assert user.lastname == 'XXX'
assert user.firstname == 'YYY'
assert user.email == '*****@*****.**'
user_profile = {'lastname': 'Test', 'firstname': 'User',
'email': '*****@*****.**'}
rv = client.post('/update_profile', data=user_profile,
follow_redirects=True)
assert rv.status_code == 200
def test_user_model_backref(session_scope_module, backref, expected_type):
user = get_user_by_name(session_scope_module, 'test_user')
backref_attr = getattr(user, backref)
assert isinstance(backref_attr, list)
# only check if the list is not empty
if backref_attr:
assert isinstance(backref_attr[0], expected_type)
def test_check_user_interactions(session_scope_function, output_format,
expected_format):
add_user(session_scope_function,
name='test_user',
password='******',
lastname='lastname',
firstname='firstname',
email='*****@*****.**',
access_level='asked')
params = {'interaction': 'landing'}
add_user_interaction(session_scope_function, **params)
params = {
'interaction': 'landing',
'user': get_user_by_name(session_scope_function, 'test_user')
}
add_user_interaction(session_scope_function, **params)
user_interaction = get_user_interactions_by_name(
session_scope_function, output_format=output_format)
if isinstance(user_interaction, pd.DataFrame):
assert user_interaction.shape[0] == 2
assert isinstance(user_interaction, expected_format)
user_interaction = get_user_interactions_by_name(
session_scope_function, name='test_user', output_format=output_format)
if isinstance(user_interaction, pd.DataFrame):
assert user_interaction.shape[0] == 1
def test_sign_up(client_session):
client, session = client_session
# GET on sign-up
rv = client.get('/sign_up')
assert rv.status_code == 200
assert b'Sign Up' in rv.data
# POST on sign-up
user_profile = {
'user_name': 'xx',
'password': '******',
'firstname': 'xx',
'lastname': 'xx',
'email': 'xx'
}
rv = client.post('/sign_up', data=user_profile)
assert rv.status_code == 302
assert rv.location == 'http://localhost/login'
user = get_user_by_name(session, 'xx')
assert user.name == 'xx'
user_profile = {
'user_name': 'yy',
'password': '******',
'firstname': 'yy',
'lastname': 'yy',
'email': 'yy'
}
rv = client.post('/sign_up', data=user_profile, follow_redirects=True)
assert rv.status_code == 200
def test_add_user(session_scope_function):
name = 'test_user'
password = '******'
lastname = 'Test'
firstname = 'User'
email = '*****@*****.**'
access_level = 'asked'
add_user(session_scope_function,
name=name,
password=password,
lastname=lastname,
firstname=firstname,
email=email,
access_level=access_level)
user = get_user_by_name(session_scope_function, name)
assert user.name == name
assert check_password(password, user.hashed_password)
assert user.lastname == lastname
assert user.firstname == firstname
assert user.email == email
assert user.access_level == access_level
# check that a team was automatically added with the new user
team = get_team_by_name(session_scope_function, name)
assert team.name == name
assert team.admin_id == user.id
def test_user_model_properties(session_scope_module):
user = get_user_by_name(session_scope_module, 'test_user')
assert user.is_active is True
assert user.is_anonymous is False
assert user.get_id() == '1'
assert re.match(r'User\(.*test_user.*\)', str(user))
assert re.match(r'User\(name=.*test_user.*, lastname.*\)', repr(user))
def test_body_formatter_user(client_session):
_, session = client_session
user = get_user_by_name(session, 'test_user')
for word in [
'test_user', 'User', 'Test', 'linkedin', 'twitter', 'facebook',
'github', 'notes', 'bio'
]:
assert word in body_formatter_user(user)
def test_add_users(session_scope_function):
add_users(session_scope_function)
users = get_user_by_name(session_scope_function, None)
for user in users:
assert user.name in ('test_user', 'test_user_2', 'test_iris_admin')
err_msg = 'username is already in use'
with pytest.raises(NameClashError, match=err_msg):
add_users(session_scope_function)
def test_is_accessible_code(session_toy_db):
event_name = 'iris_test'
# simulate a user which is not authenticated
user = get_user_by_name(session_toy_db, 'test_user_2')
user.is_authenticated = False
assert not is_accessible_code(session_toy_db, event_name, user.name)
# simulate a user which authenticated and author of the submission to a
# public event
user.is_authenticated = True
assert is_accessible_code(session_toy_db, event_name, user.name)
# simulate an admin user
user = get_user_by_name(session_toy_db, 'test_iris_admin')
user.is_authenticated = True
assert is_accessible_code(session_toy_db, event_name, 'test_iris_admin')
# simulate a user which is not signed up to the event
user = add_user(session_toy_db, 'xx', 'xx', 'xx', 'xx', 'xx', 'user')
user.is_authenticated = True
assert not is_accessible_code(session_toy_db, event_name, user.name)
def test_get_user_by_name(session_scope_function, name, query_type):
add_user(session_scope_function, name='test_user', password='******',
lastname='lastname', firstname='firstname',
email='*****@*****.**', access_level='asked')
add_user(session_scope_function, name='test_user_2',
password='******', lastname='lastname',
firstname='firstname', email='*****@*****.**',
access_level='asked')
user = get_user_by_name(session_scope_function, name)
assert isinstance(user, query_type)
def test_is_accessible_leaderboard(session_toy_db):
event_name = 'iris_test'
# simulate a user which is not authenticated
user = get_user_by_name(session_toy_db, 'test_user_2')
user.is_authenticated = False
assert not is_accessible_leaderboard(session_toy_db, event_name, user.name)
# simulate a user which authenticated and author of the submission to a
# public event
user.is_authenticated = True
assert not is_accessible_leaderboard(session_toy_db, event_name, user.name)
# simulate an admin user
user = get_user_by_name(session_toy_db, 'test_iris_admin')
user.is_authenticated = True
assert is_accessible_leaderboard(session_toy_db, event_name,
'test_iris_admin')
# simulate a close event
event = get_event(session_toy_db, event_name)
event.closing_timestamp = datetime.datetime.utcnow()
assert not is_accessible_leaderboard(session_toy_db, event_name,
'test_user_2')
def test_is_accessible_event(session_toy_db, event_name, user_name,
is_accessible):
# force one of the user to not be approved
if user_name == 'test_user':
user = get_user_by_name(session_toy_db, user_name)
user.access_level = 'asked'
session_toy_db.commit()
# force an event to be private
if event_name == 'boston_housing_test':
event = get_event(session_toy_db, event_name)
event.is_public = False
session_toy_db.commit()
assert is_accessible_event(session_toy_db, event_name,
user_name) is is_accessible
def test_set_user_access_level(session_scope_function, access_level):
username = '******'
user = add_user(session_scope_function,
name=username,
password='******',
lastname='lastname',
firstname='firstname',
email='*****@*****.**',
access_level='asked')
assert user.access_level == 'asked'
assert user.is_authenticated is False
set_user_access_level(session_scope_function, username, access_level)
user = get_user_by_name(session_scope_function, username)
assert user.access_level == access_level
assert user.is_authenticated is True
def test_add_submission_similarity(session_scope_module):
user = get_user_by_name(session_scope_module, 'test_user')
source_submission = get_submission_by_id(session_scope_module, 1)
target_submission = get_submission_by_id(session_scope_module, 2)
add_submission_similarity(session_scope_module, 'target_credit', user,
source_submission, target_submission, 0.5,
datetime.datetime.utcnow())
similarity = session_scope_module.query(SubmissionSimilarity).all()
assert len(similarity) == 1
similarity = similarity[0]
assert similarity.type == 'target_credit'
assert similarity.user == user
assert similarity.source_submission == source_submission
assert similarity.target_submission == target_submission
assert similarity.similarity == pytest.approx(0.5)
assert isinstance(similarity.timestamp, datetime.datetime)
def test_approve_users_remove(client_session):
client, session = client_session
# create 2 new users
add_user(session, 'xx', 'xx', 'xx', 'xx', 'xx', access_level='user')
add_user(session, 'yy', 'yy', 'yy', 'yy', 'yy', access_level='asked')
# ask for sign up for an event for the first user
_, _, event_team = ask_sign_up_team(session, 'iris_test', 'xx')
with login_scope(client, 'test_iris_admin', 'test') as client:
# GET check that we get all new user to be approved
rv = client.get('/approve_users')
assert rv.status_code == 200
# line for user approval
assert b'yy: yy yy - yy' in rv.data
# line for the event approval
assert b'iris_test - xx'
# POST check that we are able to approve a user and event
data = ImmutableMultiDict([('submit_button', 'Remove!'),
('approve_users', 'yy'),
('approve_event_teams', str(event_team.id))
])
rv = client.post('/approve_users', data=data)
assert rv.status_code == 302
assert rv.location == 'http://localhost/problems'
# ensure that the previous change have been committed within our
# session
session.commit()
user = get_user_by_name(session, 'yy')
assert user is None
event_team = get_event_team_by_name(session, 'iris_test', 'xx')
assert event_team is None
with client.session_transaction() as cs:
flash_message = dict(cs['_flashes'])
print(flash_message)
assert re.match(
r"Removed users:\nyy\nRemoved event_team:\n"
r"Event\(iris_test\)/Team\(.*xx.*\)\n",
flash_message['Removed users'])
def test_logout(client_session):
client, session = client_session
# logout without previous login
rv = client.get('/logout')
assert rv.status_code == 302
assert rv.location == 'http://localhost/login?next=%2Flogout'
rv = client.get('/logout', follow_redirects=True)
assert rv.status_code == 200
# logout from a previous login
login(client, 'test_user', 'test')
rv = client.get('/logout')
assert rv.status_code == 302
assert rv.location == 'http://localhost/login'
user = get_user_by_name(session, 'test_user')
assert not user.is_authenticated
login(client, 'test_user', 'test')
rv = client.get('/logout', follow_redirects=True)
assert rv.status_code == 200
def login():
"""Login request."""
if app.config['TRACK_USER_INTERACTION']:
add_user_interaction(db.session, interaction='landing')
if flask_login.current_user.is_authenticated:
logger.info('User already logged-in')
session['logged_in'] = True
return redirect(url_for('ramp.problems'))
form = LoginForm()
if form.validate_on_submit():
try:
user = get_user_by_name(db.session, name=form.user_name.data)
except NoResultFound:
msg = u'User "{}" does not exist'.format(form.user_name.data)
flash(msg)
logger.info(msg)
return redirect(url_for('auth.login'))
if not check_password(form.password.data, user.hashed_password):
msg = 'Wrong password'
flash(msg)
logger.info(msg)
return redirect(url_for('auth.login'))
flask_login.login_user(user, remember=True)
session['logged_in'] = True
user.is_authenticated = True
db.session.commit()
logger.info(u'User "{}" is logged in'.format(
flask_login.current_user.name))
if app.config['TRACK_USER_INTERACTION']:
add_user_interaction(db.session,
interaction='login',
user=flask_login.current_user)
next_ = request.args.get('next')
if next_ is None:
next_ = url_for('ramp.problems')
return redirect(next_)
return render_template('login.html', form=form)
def test_login(client_session):
client, session = client_session
# GET without any previous login
rv = client.get('/login')
assert rv.status_code == 200
assert b'Login' in rv.data
assert b'Username' in rv.data
assert b'Password' in rv.data
# GET with a previous login
with login_scope(client, 'test_user', 'test') as client:
rv = client.get('/login')
assert rv.status_code == 302
assert rv.location == 'http://localhost/problems'
rv = client.get('/login', follow_redirects=True)
assert rv.status_code == 200
# POST with unknown username
login_info = {'user_name': 'unknown', 'password': '******'}
rv = client.post('/login', data=login_info)
with client.session_transaction() as cs:
flash_message = dict(cs['_flashes'])
assert flash_message['message'] == 'User "unknown" does not exist'
assert rv.status_code == 302
assert rv.location == 'http://localhost/login'
rv = client.post('/login', data=login_info, follow_redirects=True)
assert rv.status_code == 200
# POST with wrong password
login_info = {'user_name': 'test_user', 'password': '******'}
rv = client.post('/login', data=login_info)
with client.session_transaction() as cs:
flash_message = dict(cs['_flashes'])
assert flash_message['message'] == 'Wrong password'
assert rv.status_code == 302
assert rv.location == 'http://localhost/login'
rv = client.post('/login', data=login_info, follow_redirects=True)
assert rv.status_code == 200
# POST with a right login and password
login_info = {'user_name': 'test_user', 'password': '******'}
rv = client.post('/login', data=login_info)
assert rv.status_code == 302
assert rv.location == 'http://localhost/problems'
user = get_user_by_name(session, login_info['user_name'])
assert user.is_authenticated
logout(client)
rv = client.post('/login', data=login_info, follow_redirects=True)
assert rv.status_code == 200
logout(client)
# POST with right login and password from a different location webpage
login_info = {'user_name': 'test_user', 'password': '******'}
landing_page = {'next': 'http://localhost/events/iris_test'}
rv = client.post('/login', data=login_info, query_string=landing_page)
assert rv.status_code == 302
assert rv.location == landing_page['next']
logout(client)
rv = client.post('/login',
data=login_info,
query_string=landing_page,
follow_redirects=True)
assert rv.status_code == 200
logout(client)
def test_is_accessible_code(session_toy_db):
# create a third user
add_user(
session_toy_db, name='test_user_3', password='******',
lastname='Test_3', firstname='User_3',
email='*****@*****.**', access_level='user')
approve_user(session_toy_db, 'test_user_3')
event_name = 'iris_test'
sign_up_team(session_toy_db, event_name, 'test_user_3')
# simulate a user which is not authenticated
user = get_user_by_name(session_toy_db, 'test_user_2')
user.is_authenticated = False
assert not is_accessible_code(session_toy_db, event_name, user.name)
# simulate a user which authenticated and author of the submission to a
# public event
user.is_authenticated = True
assert is_accessible_code(session_toy_db, event_name, user.name)
# simulate an admin user
user = get_user_by_name(session_toy_db, 'test_iris_admin')
user.is_authenticated = True
assert is_accessible_code(session_toy_db, event_name, 'test_iris_admin')
# simulate a user which is not signed up to the event
user = add_user(session_toy_db, 'xx', 'xx', 'xx', 'xx', 'xx', 'user')
user.is_authenticated = True
assert not is_accessible_code(session_toy_db, event_name, user.name)
# simulate that the event is not publicly opened
event = get_event(session_toy_db, event_name)
past_public_opening = event.public_opening_timestamp
tomorrow = datetime.datetime.utcnow() + datetime.timedelta(days=1)
event.public_opening_timestamp = tomorrow
session_toy_db.commit()
assert is_accessible_code(session_toy_db, event_name, 'test_user_3')
# Make a submission
submission_name = 'random_forest_10_10'
ramp_config = generate_ramp_config(read_config(ramp_config_template()))
path_submission = os.path.join(
os.path.dirname(ramp_config['ramp_sandbox_dir']), submission_name
)
sub = add_submission(
session_toy_db, event_name, 'test_user_3', submission_name,
path_submission
)
# check that the user submitting the submission could access it
assert is_accessible_code(
session_toy_db, event_name, 'test_user_3', sub.id
)
# change the admin of the team
from ramp_database.model import Team, User
team = (session_toy_db.query(Team)
.filter(Team.name == 'test_user_3')
.first())
user = (session_toy_db.query(User)
.filter(User.name == 'test_user_2')
.first())
team.admin_id = user.id
team.admin = user
session_toy_db.commit()
# check that the admin can access the submission
assert is_accessible_code(
session_toy_db, event_name, 'test_user_2', sub.id
)
# but others cannot
assert not is_accessible_code(
session_toy_db, event_name, 'test_user_3', sub.id
)
event.public_opening_timestamp = past_public_opening
session_toy_db.commit()
def test_sign_up_with_approval(client_session):
# check the sign-up and email confirmation framework
client, session = client_session
with client.application.app_context():
with mail.record_messages() as outbox:
user_profile = {
'user_name': 'new_user_1',
'password': '******',
'firstname': 'xx',
'lastname': 'xx',
'email': '*****@*****.**'
}
rv = client.post('/sign_up', data=user_profile)
# check the flash box to inform the user about the mail
with client.session_transaction() as cs:
flash_message = dict(cs['_flashes'])
assert 'We sent a confirmation email.' in flash_message['message']
# check that the email has been sent
assert len(outbox) == 1
assert ('click on the following link to confirm your email'
in outbox[0].body)
# get the link to reset the password
reg_exp = re.search("http://localhost/confirm_email/.*",
outbox[0].body)
confirm_email_link = reg_exp.group()
# remove the part with 'localhost' for the next query
confirm_email_link = confirm_email_link[confirm_email_link.
find('/confirm_email'):]
# check the redirection
assert rv.status_code == 200
user = get_user_by_name(session, 'new_user_1')
assert user is not None
assert user.access_level == 'not_confirmed'
# POST method of the email confirmation
with client.application.app_context():
with mail.record_messages() as outbox:
rv = client.post(confirm_email_link)
# check the flash box to inform the user to wait for admin's
# approval
with client.session_transaction() as cs:
flash_message = dict(cs['_flashes'])
assert ('An email has been sent to the RAMP administrator'
in flash_message['message'])
# check that we send an email to the administrator
assert len(outbox) == 1
assert "Approve registration of new_user_1" in outbox[0].subject
# ensure that we have the last changes
session.commit()
user = get_user_by_name(session, 'new_user_1')
assert user.access_level == 'asked'
assert rv.status_code == 302
assert rv.location == 'http://localhost/login'
# POST to check that we raise the right errors
# resend the confirmation for a user which already confirmed
rv = client.post(confirm_email_link)
with client.session_transaction() as cs:
flash_message = dict(cs['_flashes'])
assert ('Your email address already has been confirmed'
in flash_message['error'])
assert rv.status_code == 302
assert rv.location == 'http://localhost/'
# check when the user was already approved
for status in ('user', 'admin'):
user = get_user_by_name(session, 'new_user_1')
user.access_level = status
session.commit()
rv = client.post(confirm_email_link)
with client.session_transaction() as cs:
flash_message = dict(cs['_flashes'])
assert 'Your account is already approved.' in flash_message['error']
assert rv.status_code == 302
assert rv.location == 'http://localhost/login'
# delete the user in the middle
session.delete(user)
session.commit()
rv = client.post(confirm_email_link)
with client.session_transaction() as cs:
flash_message = dict(cs['_flashes'])
assert 'You did not sign-up yet to RAMP.' in flash_message['error']
assert rv.status_code == 302
assert rv.location == 'http://localhost/sign_up'
# access a token which does not exist
rv = client.post('/confirm_email/xxx')
assert rv.status_code == 404
