2019-03-17 16:08:52 +00:00
|
|
|
#!/usr/bin/env python
|
|
|
|
# -*- coding: utf-8 -*-
|
|
|
|
|
2019-04-17 05:36:30 +00:00
|
|
|
from CTFd.models import Users
|
2019-03-17 16:08:52 +00:00
|
|
|
from CTFd.utils.crypto import verify_password
|
2019-05-12 01:09:37 +00:00
|
|
|
from tests.helpers import create_ctfd, register_user, login_as_user, destroy_ctfd
|
2019-03-17 16:08:52 +00:00
|
|
|
|
|
|
|
|
|
|
|
def test_user_set_profile():
|
|
|
|
"""Test that a user can set and remove their information in their profile"""
|
|
|
|
app = create_ctfd()
|
|
|
|
with app.app_context():
|
|
|
|
register_user(app)
|
|
|
|
client = login_as_user(app)
|
|
|
|
|
|
|
|
data = {
|
2019-05-12 01:09:37 +00:00
|
|
|
"name": "user",
|
|
|
|
"email": "user@ctfd.io",
|
|
|
|
"confirm": "",
|
|
|
|
"password": "",
|
|
|
|
"affiliation": "affiliation_test",
|
|
|
|
"website": "https://ctfd.io",
|
|
|
|
"country": "US",
|
2019-03-17 16:08:52 +00:00
|
|
|
}
|
|
|
|
|
2019-05-12 01:09:37 +00:00
|
|
|
r = client.patch("/api/v1/users/me", json=data)
|
2019-03-17 16:08:52 +00:00
|
|
|
assert r.status_code == 200
|
|
|
|
|
|
|
|
user = Users.query.filter_by(id=2).first()
|
2019-05-12 01:09:37 +00:00
|
|
|
assert user.affiliation == data["affiliation"]
|
|
|
|
assert user.website == data["website"]
|
|
|
|
assert user.country == data["country"]
|
2019-03-17 16:08:52 +00:00
|
|
|
|
2019-05-12 01:09:37 +00:00
|
|
|
r = client.get("/settings")
|
2019-03-17 16:08:52 +00:00
|
|
|
resp = r.get_data(as_text=True)
|
|
|
|
for k, v in data.items():
|
|
|
|
assert v in resp
|
|
|
|
|
|
|
|
data = {
|
2019-05-12 01:09:37 +00:00
|
|
|
"name": "user",
|
|
|
|
"email": "user@ctfd.io",
|
|
|
|
"confirm": "",
|
|
|
|
"password": "",
|
|
|
|
"affiliation": "",
|
|
|
|
"website": "",
|
|
|
|
"country": "",
|
2019-03-17 16:08:52 +00:00
|
|
|
}
|
|
|
|
|
2019-05-12 01:09:37 +00:00
|
|
|
r = client.patch("/api/v1/users/me", json=data)
|
2019-03-17 16:08:52 +00:00
|
|
|
assert r.status_code == 200
|
|
|
|
|
|
|
|
user = Users.query.filter_by(id=2).first()
|
2019-05-12 01:09:37 +00:00
|
|
|
assert user.affiliation == data["affiliation"]
|
|
|
|
assert user.website == data["website"]
|
|
|
|
assert user.country == data["country"]
|
2019-03-17 16:08:52 +00:00
|
|
|
destroy_ctfd(app)
|
|
|
|
|
|
|
|
|
|
|
|
def test_user_can_change_password():
|
|
|
|
"""Test that a user can change their password and is prompted properly"""
|
|
|
|
app = create_ctfd()
|
|
|
|
with app.app_context():
|
|
|
|
register_user(app)
|
|
|
|
client = login_as_user(app)
|
|
|
|
|
|
|
|
data = {
|
2019-05-12 01:09:37 +00:00
|
|
|
"name": "user",
|
|
|
|
"email": "user@ctfd.io",
|
|
|
|
"confirm": "",
|
|
|
|
"password": "new_password",
|
|
|
|
"affiliation": "",
|
|
|
|
"website": "",
|
|
|
|
"country": "",
|
2019-03-17 16:08:52 +00:00
|
|
|
}
|
|
|
|
|
2019-05-12 01:09:37 +00:00
|
|
|
r = client.patch("/api/v1/users/me", json=data)
|
2019-03-17 16:08:52 +00:00
|
|
|
user = Users.query.filter_by(id=2).first()
|
2019-05-12 01:09:37 +00:00
|
|
|
assert verify_password(data["password"], user.password) is False
|
2019-03-17 16:08:52 +00:00
|
|
|
assert r.status_code == 400
|
|
|
|
assert r.get_json() == {
|
2019-05-12 01:09:37 +00:00
|
|
|
"errors": {"confirm": ["Please confirm your current password"]},
|
|
|
|
"success": False,
|
2019-03-17 16:08:52 +00:00
|
|
|
}
|
|
|
|
|
2019-05-12 01:09:37 +00:00
|
|
|
data["confirm"] = "wrong_password"
|
2019-03-17 16:08:52 +00:00
|
|
|
|
2019-05-12 01:09:37 +00:00
|
|
|
r = client.patch("/api/v1/users/me", json=data)
|
2019-03-17 16:08:52 +00:00
|
|
|
user = Users.query.filter_by(id=2).first()
|
2019-05-12 01:09:37 +00:00
|
|
|
assert verify_password(data["password"], user.password) is False
|
2019-03-17 16:08:52 +00:00
|
|
|
assert r.status_code == 400
|
|
|
|
assert r.get_json() == {
|
2019-05-12 01:09:37 +00:00
|
|
|
"errors": {"confirm": ["Your previous password is incorrect"]},
|
|
|
|
"success": False,
|
2019-03-17 16:08:52 +00:00
|
|
|
}
|
|
|
|
|
2019-05-12 01:09:37 +00:00
|
|
|
data["confirm"] = "password"
|
|
|
|
r = client.patch("/api/v1/users/me", json=data)
|
2019-03-17 16:08:52 +00:00
|
|
|
assert r.status_code == 200
|
|
|
|
user = Users.query.filter_by(id=2).first()
|
2019-05-12 01:09:37 +00:00
|
|
|
assert verify_password(data["password"], user.password) is True
|
2019-03-17 16:08:52 +00:00
|
|
|
destroy_ctfd(app)
|