def generate_passcode():
form = PasscodeRequestForm(request.form)
if request.method == 'POST' and form.validate():
# checking account info should ideally happen in form.validate
try:
n = int(form.count.data)
user = db.get_user(form.email.data)
if user is not None:
uid, email, password, hotp_secret, counter = user
else:
raise UserDataNotFoundException(
"No user data was found with the provided email.")
if not pwd_context.verify(form.password.data, password):
raise WrongPasswordException(
"Password does not match the one in the DB.")
except AuthenticationException as e:
flash(
"We\'re sorry. There is no user with the given credentials. Check your email and password."
)
return redirect(url_for('generate_passcode'))
except Exception as e:
app.logger.debug("Exception in generate_passcode: {}".format(e))
flash(
"I\'m sorry. Try again later. Let the adminstrator know about the error: {}"
.format(e))
return redirect(url_for('generate_passcode'))
app.logger.debug(
"Password verified, hotp_secret:{}".format(hotp_secret))
try:
hotp_list = duo.generate_hotp(hotp_secret, current_at=counter, n=n)
db.update_user(uid, counter=counter + n)
except Exception as e:
app.logger.error("Exception while producing new hotp", type(e), e)
flash(
"I\'m sorry. Try again later. Let the adminstrator know about the error: {} {}"
.format(type(e), e))
return redirect(url_for('generate_passcode'))
app.logger.debug(
'We\'ll send an email to {0} with your new passcodes! Received {0} {1} {2} {3} {4}'
.format(form.email.data, form.password.data, form.count.data,
hotp_secret, hotp_list))
app.logger.debug("New counter: {}".format(counter + n))
return render_template('display-passcode.html',
title='Retrieved Passcodes',
hotp_list=hotp_list,
urls={r: url_for(r)
for r in routes})
else:
return render_template('generate-passcode.html',
title='Generate Passcode',
form=form,
urls={r: url_for(r)
for r in routes})
def test_edit_user_db(self):
""" Tests if a user is edited successfully - Username is homer."""
mockuser = self.create_mock_user('name_changed', 'email_changed',
'username_shouldnt_change',
'password_changed')
db.update_user(mockuser, 1)
user = db.get_user('homer', mockuser['password'])
self.assertEqual(user['name'], mockuser['name'])
self.assertEqual(user['email'], mockuser['email'])
self.assertEqual(user['username'], 'homer')
self.assertEqual(user['password'], mockuser['password'])
def update_user(id):
if id != get_jwt_identity():
return error_response(403)
try:
user = user_schema.loads(request.data)
except ValidationError as err:
return error_response(400, err.messages)
if db.get_user(id) is None:
return error_response(404)
# "id" in request data is optional
if user.id == 0:
user.id = id
# if "id" was provided in request data then it has to match the resource id
if user.id != id:
return error_response(400, "Request data id has to match resource id.")
if not db.update_user(user):
return error_response(400)
response = jsonify(user_schema.dump(user))
return response
def put(self):
"""
Updates all the attributes of a user except the password
param: none
"""
body = request.get_json()
user_dict_updated = json.loads(json.dumps(body))
user_updated = User(**user_dict_updated)
print(user_updated.email)
result = get_user_for_login(user_updated.email)[0]
if result['row_count'] == 1:
e = update_user(user_updated)
return {'msg': f'user {user_updated.email} updated'}
else:
return {'error': 'email does not exist'}
def test_update_user_with_none_argument(app):
assert db.update_user(None) == False
def test_update_user_with_bad_id(app):
user1 = User(id=0, name="?", password="******")
user2 = User(id=-1, name="?", password="******")
assert db.update_user(user1) == False
assert db.update_user(user2) == False
def test_update_non_existing_user(app):
user = User(id=5, name="?", password="******")
assert db.update_user(user) == False
def test_update_user(app):
userA = User(id=2, name="new_name", password="******")
assert db.update_user(userA)
userB = db.get_user(2)
assert userA.id == userB.id
assert userA.name == userB.name
