def test_login_fails_if_email_unconfirmed_for_new_users(self):
""" Abort login if email is not confirmed for new users"""
with user_events.disconnect_receivers():
user = self.create_user(False)
with self.app.test_request_context():
with self.assertRaises(x.EmailNotConfirmed):
user_service.login(user.email, '123456')
def test_login_increments_on_failure(self):
""" Increment failed logins counter on failure """
user = self.create_user()
self.assertEqual(0, user.failed_logins)
with user_events.disconnect_receivers():
with self.app.test_request_context():
user_service.login(user.email, 'BAD!')
self.assertEqual(1, user.failed_logins)
def test_login_drops_counter_on_success(self):
""" Drop failed login counter on success """
with user_events.disconnect_receivers():
user = self.create_user()
user.failed_logins = 5
user_service.save(user)
with self.app.test_request_context():
user_service.login(user.email, '123456')
self.assertEqual(0, user.failed_logins)
def test_login_fails_if_locked(self):
""" Abort login if account locked """
with user_events.disconnect_receivers():
user = self.create_user()
user.lock_account()
user_service.save(user)
with self.app.test_request_context():
with self.assertRaises(x.AccountLocked):
user_service.login(user.email, '123456')
def test_force_login_emits_event(self):
""" Force login emits event """
user = self.create_user()
with user_events.disconnect_receivers():
with self.app.test_request_context():
spy = mock.Mock()
events.login_event.connect(spy, weak=False)
user_service.login(user.email, '123456')
spy.assert_called_with(user)
def test_login_emit_event_on_nonexistent_user(self):
""" Login emits event on nonexistent user login """
event = events.login_failed_nonexistent_event
with user_events.disconnect_receivers():
spy = mock.Mock()
event.connect(spy, weak=False) # weak please
with self.app.test_request_context():
user_service.login('NONEXISTENT', 'BAD!')
spy.assert_called_with(None)
def test_login_locks_on_reaching_limit(self):
""" Lock account on reaching failed logins limit """
with user_events.disconnect_receivers():
user = self.create_user()
user.failed_logins = 10
user_service.save(user)
with self.app.test_request_context():
user_service.login(user.email, 'BAD!')
self.assertEqual(0, user.failed_logins)
self.assertTrue(user.is_locked())
def test_login_emits_event_on_bad_credentials(self):
""" Login emits event on bad credentials"""
user = self.create_user()
event = events.login_failed_event
with user_events.disconnect_receivers():
spy = mock.Mock()
event.connect(spy, weak=False) # weak please
with self.app.test_request_context():
user_service.login(user.email, 'BAD!')
spy.assert_called_with(user)
def test_login_emits_event_on_success(self):
""" Login emits event on success """
user = self.create_user()
event = events.login_event
with user_events.disconnect_receivers():
spy = mock.Mock()
event.connect(spy, weak=False)
with self.app.test_request_context():
user_service.login(user.email, '123456')
spy.assert_called_with(user)
def test_login_validates_password_before_requiring_confirmation(self):
""" Validate password first before requiring account confirmation"""
with user_events.disconnect_receivers():
user = self.create_user(False)
with self.app.test_request_context():
result = user_service.login(user.email, 'BAD!')
self.assertFalse(result)
def dispatch_request(self):
if current_user.is_authenticated:
if self.flash:
flash(self.valid_message, 'success')
return redirect(self.redirect)
next_redirect = self.redirect
if request.args.get('next'):
next_redirect = request.args.get('next')
form = self.form()
if form.validate_on_submit():
try:
ok = user_service.login(form.email.data, form.password.data,
form.remember.data)
if ok:
if self.flash:
flash(self.valid_message, 'success')
return redirect(next_redirect)
else:
if self.flash:
flash(self.invalid_message, 'danger')
except x.AccountLocked as locked:
if self.flash:
flash(self.lock_msg.format(locked.locked_until), 'danger')
except x.EmailNotConfirmed:
return redirect(url_for(self.unconfirmed_email_endpoint))
params = dict(form=form)
if self.params:
additional = deepcopy(self.params)
params = params.update(additional)
return render_template(self.template, **params)
def test_login_fails_with_bad_credentials(self):
""" Fail to login with bad credentials """
with user_events.disconnect_receivers():
with self.app.test_request_context():
email = 'no-such-email'
password = '******'
res = user_service.login(email, password)
self.assertFalse(res)
def test_login_successful_with_valid_credentials(self):
""" Can login with valid credentials """
user = self.create_user()
with user_events.disconnect_receivers():
with self.app.test_request_context():
res = user_service.login(user.email, '123456')
self.assertTrue(res)
self.assertTrue(current_user.is_authenticated)
def test_logout(self):
""" Can logout """
user = self.create_user()
with user_events.disconnect_receivers():
with self.app.test_request_context():
result = user_service.login(user.email, '123456')
self.assertTrue(result) # login first
self.assertTrue(current_user.is_authenticated)
result = user_service.logout() # now logout
self.assertTrue(result)
self.assertFalse(current_user.is_authenticated)
def test_logout_emits_event(self):
""" Logout emits event """
user = self.create_user()
event = events.logout_event
with user_events.disconnect_receivers():
spy = mock.Mock()
event.connect(spy, weak=False) # weak please
with self.app.test_request_context():
result = user_service.login(user.email, '123456')
self.assertTrue(result) # login first
result = user_service.logout() # now logout
self.assertTrue(result)
current_user = None # None, since mocked
spy.assert_called_with(current_user)
def test_login_possible_if_email_unconfirmed_for_existing_users(self):
""" Login possible if email is not confirmed for existing users"""
with user_events.disconnect_receivers():
user = self.create_user()
with self.app.test_request_context():
user_service.login(user.email, 'BAD!')