Fix removing profile details (Closes #894) (#899)

* Fix removing profile details (Closes #894) * Update tests to properly check setting and removing profile values
2025-12-17 22:14:25 +01:00 · 2019-03-17 09:08:52 -07:00
parent bf799fb220
commit 79b7b1dd5c
7 changed files with 130 additions and 39 deletions
--- a/tests/users/test_settings.py
+++ b/tests/users/test_settings.py
@@ -0,0 +1,104 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+from CTFd.utils.crypto import verify_password
+from tests.helpers import *
+
+
+def test_user_set_profile():
+    """Test that a user can set and remove their information in their profile"""
+    app = create_ctfd()
+    with app.app_context():
+        register_user(app)
+        client = login_as_user(app)
+
+        data = {
+            'name': 'user',
+            'email': 'user@ctfd.io',
+            'confirm': '',
+            'password': '',
+            'affiliation': 'affiliation_test',
+            'website': 'https://ctfd.io',
+            'country': 'US',
+        }
+
+        r = client.patch('/api/v1/users/me', json=data)
+        assert r.status_code == 200
+
+        user = Users.query.filter_by(id=2).first()
+        assert user.affiliation == data['affiliation']
+        assert user.website == data['website']
+        assert user.country == data['country']
+
+        r = client.get('/settings')
+        resp = r.get_data(as_text=True)
+        for k, v in data.items():
+            assert v in resp
+
+        data = {
+            'name': 'user',
+            'email': 'user@ctfd.io',
+            'confirm': '',
+            'password': '',
+            'affiliation': '',
+            'website': '',
+            'country': '',
+        }
+
+        r = client.patch('/api/v1/users/me', json=data)
+        assert r.status_code == 200
+
+        user = Users.query.filter_by(id=2).first()
+        assert user.affiliation == data['affiliation']
+        assert user.website == data['website']
+        assert user.country == data['country']
+    destroy_ctfd(app)
+
+
+def test_user_can_change_password():
+    """Test that a user can change their password and is prompted properly"""
+    app = create_ctfd()
+    with app.app_context():
+        register_user(app)
+        client = login_as_user(app)
+
+        data = {
+            'name': 'user',
+            'email': 'user@ctfd.io',
+            'confirm': '',
+            'password': 'new_password',
+            'affiliation': '',
+            'website': '',
+            'country': '',
+        }
+
+        r = client.patch('/api/v1/users/me', json=data)
+        user = Users.query.filter_by(id=2).first()
+        assert verify_password(data['password'], user.password) is False
+        assert r.status_code == 400
+        assert r.get_json() == {
+            'errors': {
+                'confirm': ['Please confirm your current password']
+            },
+            'success': False
+        }
+
+        data['confirm'] = 'wrong_password'
+
+        r = client.patch('/api/v1/users/me', json=data)
+        user = Users.query.filter_by(id=2).first()
+        assert verify_password(data['password'], user.password) is False
+        assert r.status_code == 400
+        assert r.get_json() == {
+            'errors': {
+                'confirm': ['Your previous password is incorrect']
+            },
+            'success': False
+        }
+
+        data['confirm'] = 'password'
+        r = client.patch('/api/v1/users/me', json=data)
+        assert r.status_code == 200
+        user = Users.query.filter_by(id=2).first()
+        assert verify_password(data['password'], user.password) is True
+    destroy_ctfd(app)