def test_force_login_fails_if_email_unconfirmed_for_new_users(self):
""" Abort force login if email is not confirmed for new users"""
with user_events.disconnect_receivers():
user = self.create_user(False)
with self.app.test_request_context():
with self.assertRaises(x.EmailNotConfirmed):
user_service.force_login(user)
def test_force_login_drops_counter_on_success(self):
""" Drop failed login counter on force login """
with user_events.disconnect_receivers():
user = self.create_user()
user.failed_logins = 5
user_service.save(user)
with self.app.test_request_context():
user_service.force_login(user)
self.assertEqual(0, user.failed_logins)
def test_force_login_fails_if_locked(self):
""" Abort force login if locked """
with user_events.disconnect_receivers():
user = self.create_user()
user.lock_account()
user_service.save(user)
with self.app.test_request_context():
with self.assertRaises(x.AccountLocked):
user_service.force_login(user)
def test_password_change(self):
""" Password change possible """
u = self.create_user()
with events.events.disconnect_receivers():
with self.app.test_request_context():
user_service.force_login(u)
self.assertTrue(current_user.is_authenticated)
user_service.change_password(u, '0987654')
self.assertFalse(current_user.is_authenticated)
self.assertTrue(u.verify_password('0987654'))
def test_password_change_emits_event(self):
""" Password change """
u = self.create_user()
with events.events.disconnect_receivers():
spy = mock.Mock()
events.password_changed_event.connect(spy, weak=False)
with self.app.test_request_context():
user_service.force_login(u)
self.assertTrue(current_user.is_authenticated)
user_service.change_password(u, '0987654')
self.assertFalse(current_user.is_authenticated)
self.assertTrue(u.verify_password('0987654'))
spy.assert_called_with(u)
def dispatch_request(self, id=None, link=None):
try:
ok = user_service.confirm_email_with_link(link)
except x.EmailLinkExpired:
return redirect(url_for(self.expired_endpoint, id=id))
if not ok:
abort(404)
user_service.force_login(ok)
session.pop('_flashes', None)
if self.flash:
flash(self.confirmed_message, 'success')
return redirect(self.redirect)
def test_changing_email_sends_email(self):
""" Send email message with confirmation link when changing email"""
with events.events.disconnect_receivers():
with mail.record_messages() as out:
with self.app.test_request_context():
u = self.create_user()
user_service.force_login(u)
self.assertTrue(current_user.is_authenticated)
res = user_service.change_email(u, '*****@*****.**')
self.assertIsInstance(res, User)
self.assertEqual('*****@*****.**', u.email_new)
self.assertIsNotNone(u.email_link)
self.assertEquals(1, len(out))
# regression: ensure email sent to **new** email not the current one
self.assertEquals(1, len(out[0].recipients))
self.assertIn(u.email_new, out[0].recipients)
def test_change_email_possible(self):
""" Email change procedure is possible"""
with events.events.disconnect_receivers():
with self.app.test_request_context():
u = self.create_user()
user_service.force_login(u)
self.assertTrue(current_user.is_authenticated)
res = user_service.change_email(u,
'*****@*****.**',
send_message=False)
self.assertIsInstance(res, User)
self.assertEqual('*****@*****.**', u.email_new)
self.assertIsNotNone(u.email_link)
# do not log out
self.assertTrue(current_user.is_authenticated)
def test_force_login(self):
""" Can force login a user """
user = self.create_user()
with user_events.disconnect_receivers():
with self.app.test_request_context():
res = user_service.force_login(user)
self.assertTrue(res)
self.assertTrue(current_user.is_authenticated)
def dispatch_request(self):
if current_user.is_authenticated:
return redirect('/')
cfg = current_app.config
send_welcome = cfg.get('USER_SEND_WELCOME_MESSAGE')
base_confirm_url = cfg.get('USER_BASE_EMAIL_CONFIRM_URL')
if not base_confirm_url:
base_confirm_url = url_for('user.confirm.email.request',
_external=True)
form = self.form(schema=self.schema())
if form.validate_on_submit():
data = {}
for field in self.data_fields:
data[field] = getattr(form, field).data
user = user_service.register(user_data=data,
send_welcome=send_welcome,
base_confirm_url=base_confirm_url)
if not user:
redirect(url_for(self.redirect_fail_endpoint))
elif user and user_service.require_confirmation:
return redirect(url_for(self.redirect_success_endpoint))
else:
user_service.force_login(user)
if self.flash:
flash(self.force_login_message, 'success')
return redirect(self.force_login_redirect)
elif form.is_submitted():
if self.flash:
flash(self.invalid_message, 'danger')
params = dict(form=form)
if self.params:
additional = deepcopy(self.params)
params = params.update(additional)
return render_template(self.template, **params)
def test_force_login_doesnt_fail_if_email_unconfirmed_for_existing(self):
""" Force login for existing users with unconfirmed email """
with user_events.disconnect_receivers():
user = self.create_user()
with self.app.test_request_context():
user_service.force_login(user)
