def test_password_strength(self):
# Test Password without Password Strength Policy
frappe.db.set_value("System Settings", "System Settings",
"enable_password_policy", 0)
# password policy is disabled, test_password_strength should be ignored
result = test_password_strength("test_password")
self.assertFalse(result.get("feedback", None))
# Test Password with Password Strenth Policy Set
frappe.db.set_value("System Settings", "System Settings",
"enable_password_policy", 1)
frappe.db.set_value("System Settings", "System Settings",
"minimum_password_score", 2)
# Score 1; should now fail
result = test_password_strength("bee2ve")
self.assertEqual(
result['feedback']['password_policy_validation_passed'], False)
# Score 4; should pass
result = test_password_strength("Eastern_43A1W")
self.assertEqual(
result['feedback']['password_policy_validation_passed'], True)
# test password strength while saving user with new password
user = frappe.get_doc("User", "*****@*****.**")
frappe.flags.in_test = False
user.new_password = "******"
self.assertRaisesRegex(frappe.exceptions.ValidationError,
"Invalid Password", user.save)
user.reload()
user.new_password = "******"
user.save()
frappe.flags.in_test = True
def test_password_strength(self):
# Test Password without Password Strenth Policy
frappe.db.set_value("System Settings", "System Settings",
"enable_password_policy", 0)
frappe.db.set_value("System Settings", "System Settings",
"minimum_password_score", "")
# Score 0; should fail
result = test_password_strength("test_password")
self.assertEqual(
result['feedback']['password_policy_validation_passed'], False)
# Score 1; should pass
result = test_password_strength("bee2ve")
self.assertEqual(
result['feedback']['password_policy_validation_passed'], True)
# Test Password with Password Strenth Policy Set
frappe.db.set_value("System Settings", "System Settings",
"enable_password_policy", 1)
frappe.db.set_value("System Settings", "System Settings",
"minimum_password_score", 2)
# Score 1; should now fail
result = test_password_strength("bee2ve")
self.assertEqual(
result['feedback']['password_policy_validation_passed'], False)
# Score 4; should pass
result = test_password_strength("Eastern_43A1W")
self.assertEqual(
result['feedback']['password_policy_validation_passed'], True)
def reset_pwd_resolver(obj, info: GraphQLResolveInfo, **kwargs):
user = get_linked_user(id_type=kwargs.get("medium"), id=kwargs.get("medium_id"))
new_password = kwargs.get("new_password")
if not user:
return frappe._dict(status="NO_LINKED_USER")
user = frappe.get_doc("User", user)
r = verify_otp(
medium=kwargs.get("medium"),
medium_id=kwargs.get("medium_id"),
otp=kwargs.get("otp"),
purpose="reset_password"
)
if r.status != "verified":
status = "FAILED"
if r.status in VERIFY_OTP_STATUS_MAP:
status = VERIFY_OTP_STATUS_MAP[r.status]
return frappe._dict(status=status, user=user)
from frappe.core.doctype.user.user import test_password_strength
user_data = (user.first_name, user.middle_name,
user.last_name, user.email, user.birth_date)
result = test_password_strength(new_password, '', None, user_data)
feedback = result.get("feedback", None)
if feedback and not feedback.get('password_policy_validation_passed', False):
return frappe._dict(status="WEAK_PASSWORD", user=user)
update_password(user.name, new_password)
return frappe._dict(status="SUCCESS", user=user)
def update_password(reset_token, new_password):
"""
Updates the user password
:param reset_token: The token obtained while verifying otp
:param new_password: The new password to be set for the user
"""
from frappe.core.doctype.user.user import test_password_strength
user = frappe.db.get_value("User", {"reset_password_key": reset_token})
if not user:
return frappe._dict(updated=0, reason="invalid-or-expired-key")
user = frappe.get_doc("User", user)
user_data = (user.first_name, user.middle_name,
user.last_name, user.email, user.birth_date)
result = test_password_strength(new_password, '', None, user_data)
feedback = result.get("feedback", None)
if feedback and not feedback.get('password_policy_validation_passed', False):
return frappe._dict(
updated=0, reason="weak-password"
)
from frappe.utils.password import update_password as _update_password
_update_password(user.name, new_password)
frappe.db.set_value("User", user.name, "reset_password_key", "")
return frappe._dict(
updated=1
)
def update_password(data):
dat = json.loads(data)
new_password = dat.get('new_password')
old_password = dat.get('old_password')
key = None
from frappe.core.doctype.user import user as _core_user
result = _core_user.test_password_strength(new_password, key, old_password)
feedback = result.get("feedback", None)
if feedback and not feedback.get('password_policy_validation_passed', False):
return { 'error': 1, 'text': feedback.get('warning') }
# _core_user.handle_password_test_fail(result)
#if fail, chances are wrong old_password given for current user
try:
res = _core_user._get_user_for_update_password(key, old_password)
except:
return { 'error': 1, 'text': 'Wrong password given!', 'wrong_password': 1 }
if res.get('message'):
return { 'error': 1, 'text': res['message'] }
else:
user = res['user']
_core_user._update_password(user, new_password)
return { 'text': 'Password is successfully updated!' }
def test_password_strength(self):
# Test Password without Password Strenth Policy
frappe.db.set_value("System Settings", "System Settings", "enable_password_policy", 0)
# password policy is disabled, test_password_strength should be ignored
result = test_password_strength("test_password")
self.assertFalse(result.get("feedback", None))
# Test Password with Password Strenth Policy Set
frappe.db.set_value("System Settings", "System Settings", "enable_password_policy", 1)
frappe.db.set_value("System Settings", "System Settings", "minimum_password_score", 2)
# Score 1; should now fail
result = test_password_strength("bee2ve")
self.assertEqual(result['feedback']['password_policy_validation_passed'], False)
# Score 4; should pass
result = test_password_strength("Eastern_43A1W")
self.assertEqual(result['feedback']['password_policy_validation_passed'], True)
def check_password_strength(email, new_password):
_user = frappe.get_doc("User", email)
user_data = (_user.first_name, _user.middle_name, _user.last_name,
_user.email, _user.birth_date)
result = user.test_password_strength(new_password=new_password,
user_data=user_data)
feedback = result.get("feedback", None)
if feedback and not feedback.get('password_policy_validation_passed',
False):
user.handle_password_test_fail(result)
def change_password(old_password, new_password):
"""
Update the password when old password is given
:param old_password: The old password of the User
:param new_password: The new password to set for the user
"""
from frappe.core.doctype.user.user import test_password_strength, handle_password_test_fail
check_password(user=frappe.session.user, pwd=old_password)
user = frappe.get_doc("User", frappe.session.user)
user_data = (user.first_name, user.middle_name,
user.last_name, user.email, user.birth_date)
result = test_password_strength(new_password, '', None, user_data)
feedback = result.get("feedback", None)
if feedback and not feedback.get('password_policy_validation_passed', False):
handle_password_test_fail(result)
update_password(user.name, new_password)
return True
def update_password(new_password, key=None, old_password=None):
from frappe.core.doctype.user import user as _core_user
result = _core_user.test_password_strength(new_password, key, old_password)
feedback = result.get("feedback", None)
if feedback and not feedback.get('password_policy_validation_passed',
False):
_core_user.handle_password_test_fail(result)
res = _core_user._get_user_for_update_password(key, old_password)
if res.get('message'):
return res['message']
else:
user = res['user']
_core_user._update_password(user, new_password)
user_doc, redirect_url = _core_user.reset_user_data(user)
# return user_doc.roles
is_prulia_member = False
for user_role in user_doc.roles:
if user_role.role == "PRULIA Member":
is_prulia_member = True
break
if is_prulia_member:
return "/password_changed"
else:
# get redirect url from cache
redirect_to = frappe.cache().hget('redirect_after_login', user)
if redirect_to:
redirect_url = redirect_to
frappe.cache().hdel('redirect_after_login', user)
frappe.local.login_manager.login_as(user)
if user_doc.user_type == "System User":
return "/desk"
else:
return redirect_url if redirect_url else "/"
