# -*- coding: utf-8 -*- from __future__ import with_statement import time try: import simplejson as json except ImportError: import json from flask.ext.security.utils import capture_registrations, \ capture_reset_password_requests from example import app from tests import SecurityTest class DefaultSecurityTests(SecurityTest): def test_login_view(self): r = self._get('/login') self.assertIn('Login Page', r.data) def test_authenticate(self): r = self.authenticate() self.assertIn('Hello matt@lp.com', r.data) def test_unprovided_username(self): r = self.authenticate("") self.assertIn("Email not provided", r.data) def test_unprovided_password(self): r = self.authenticate(password="") self.assertIn("Password not provided", r.data) def test_invalid_email(self): r = self.authenticate(email="bogus") self.assertIn("Invalid email address", r.data) def test_invalid_user(self): r = self.authenticate(email="bogus@bogus.com") self.assertIn("Specified user does not exist", r.data) def test_bad_password(self): r = self.authenticate(password="bogus") self.assertIn("Password does not match", r.data) def test_inactive_user(self): r = self.authenticate("tiya@lp.com", "password") self.assertIn("Inactive user", r.data) def test_logout(self): self.authenticate() r = self.logout() self.assertIsHomePage(r.data) def test_unauthorized_access(self): r = self._get('/profile', follow_redirects=True) self.assertIn('Please log in to access this page', r.data) def test_authorized_access(self): self.authenticate() r = self._get("/profile") self.assertIn('profile', r.data) def test_valid_admin_role(self): self.authenticate() r = self._get("/admin") self.assertIn('Admin Page', r.data) def test_invalid_admin_role(self): self.authenticate("joe@lp.com") r = self._get("/admin", follow_redirects=True) self.assertIsHomePage(r.data) def test_roles_accepted(self): for user in ("matt@lp.com", "joe@lp.com"): self.authenticate(user) r = self._get("/admin_or_editor") self.assertIn('Admin or Editor Page', r.data) self.logout() self.authenticate("jill@lp.com") r = self._get("/admin_or_editor", follow_redirects=True) self.assertIsHomePage(r.data) def test_unauthenticated_role_required(self): r = self._get('/admin', follow_redirects=True) self.assertIn('