def test_change_password(self, test_app):
"""Test changing password correctly and incorrectly"""
self.login(test_app)
# test that the password can be changed
template.clear_test_template_context()
res = test_app.post('/edit/password/', {
'old_password': '******',
'new_password': '******',
})
res.follow()
# Did we redirect to the correct page?
assert urlparse.urlsplit(res.location)[2] == '/edit/account/'
# test_user has to be fetched again in order to have the current values
test_user = User.query.filter_by(username=u'chris').first()
assert auth.check_password('123456', test_user.pw_hash)
# Update current user passwd
self.user_password = '******'
# test that the password cannot be changed if the given
# old_password is wrong
template.clear_test_template_context()
test_app.post('/edit/password/', {
'old_password': '******',
'new_password': '******',
})
test_user = User.query.filter_by(username=u'chris').first()
assert not auth.check_password('098765', test_user.pw_hash)
def test_change_password(self, test_app):
"""Test changing password correctly and incorrectly"""
self.login(test_app)
# test that the password can be changed
template.clear_test_template_context()
res = test_app.post(
'/edit/password/', {
'old_password': '******',
'new_password': '******',
})
res.follow()
# Did we redirect to the correct page?
assert urlparse.urlsplit(res.location)[2] == '/edit/account/'
# test_user has to be fetched again in order to have the current values
test_user = User.query.filter_by(username=u'chris').first()
assert auth.check_password('123456', test_user.pw_hash)
# Update current user passwd
self.user_password = '******'
# test that the password cannot be changed if the given
# old_password is wrong
template.clear_test_template_context()
test_app.post(
'/edit/password/', {
'old_password': '******',
'new_password': '******',
})
test_user = User.query.filter_by(username=u'chris').first()
assert not auth.check_password('098765', test_user.pw_hash)
def change_pass(request):
# If no password authentication, no need to change your password
if 'pass_auth' not in request.template_env.globals:
return redirect(request, 'index')
form = forms.ChangePassForm(request.form)
user = request.user
if request.method == 'POST' and form.validate():
if not auth.check_password(form.old_password.data, user.pw_hash):
form.old_password.errors.append(_('Wrong password'))
return render_to_response(request,
'mediagoblin/edit/change_pass.html', {
'form': form,
'user': user
})
# Password matches
user.pw_hash = auth.gen_password_hash(form.new_password.data)
user.save()
messages.add_message(request, messages.SUCCESS,
_('Your password was changed successfully'))
return redirect(request, 'mediagoblin.edit.account')
return render_to_response(request, 'mediagoblin/edit/change_pass.html', {
'form': form,
'user': user
})
def check_login_simple(username, password):
user = auth.get_user(username=username)
if not user:
_log.info("User %r not found", username)
hook_handle("auth_fake_login_attempt")
return None
if not auth.check_password(password, user.pw_hash):
_log.warn("Wrong password for %r", username)
return None
_log.info("Logging %r in", username)
return user
def check_login_simple(username, password):
user = auth.get_user(username=username)
if not user:
_log.info("User %r not found", username)
hook_handle("auth_fake_login_attempt")
return None
if not auth.check_password(password, user.pw_hash):
_log.warn("Wrong password for %r", username)
return None
_log.info("Logging %r in", username)
return user
def change_email(request):
""" View to change the user's email """
form = forms.ChangeEmailForm(request.method == 'POST' and request.form
or None)
user = request.user
# If no password authentication, no need to enter a password
if 'pass_auth' not in request.template_env.globals or not user.pw_hash:
form.__delitem__('password')
if request.method == 'POST' and form.validate():
new_email = form.new_email.data
users_with_email = User.query.filter(
LocalUser.email == new_email).count()
if users_with_email:
form.new_email.errors.append(
_('Sorry, a user with that email address'
' already exists.'))
if form.password and user.pw_hash and not check_password(
form.password.data, user.pw_hash):
form.password.errors.append(_('Wrong password'))
if not form.errors:
verification_key = get_timed_signer_url(
'mail_verification_token').dumps({
'user': user.id,
'email': new_email
})
rendered_email = render_template(
request, 'mediagoblin/edit/verification.txt', {
'username':
user.username,
'verification_url':
EMAIL_VERIFICATION_TEMPLATE.format(
uri=request.urlgen('mediagoblin.edit.verify_email',
qualified=True),
verification_key=verification_key)
})
email_debug_message(request)
auth_tools.send_verification_email(user, request, new_email,
rendered_email)
return redirect(request, 'mediagoblin.edit.account')
return render_to_response(request, 'mediagoblin/edit/change_email.html', {
'form': form,
'user': user
})
def change_email(request):
""" View to change the user's email """
form = forms.ChangeEmailForm(request.form)
user = request.user
# If no password authentication, no need to enter a password
if 'pass_auth' not in request.template_env.globals or not user.pw_hash:
form.__delitem__('password')
if request.method == 'POST' and form.validate():
new_email = form.new_email.data
users_with_email = User.query.filter(
LocalUser.email==new_email
).count()
if users_with_email:
form.new_email.errors.append(
_('Sorry, a user with that email address'
' already exists.'))
if form.password and user.pw_hash and not check_password(
form.password.data, user.pw_hash):
form.password.errors.append(
_('Wrong password'))
if not form.errors:
verification_key = get_timed_signer_url(
'mail_verification_token').dumps({
'user': user.id,
'email': new_email})
rendered_email = render_template(
request, 'mediagoblin/edit/verification.txt',
{'username': user.username,
'verification_url': EMAIL_VERIFICATION_TEMPLATE.format(
uri=request.urlgen('mediagoblin.edit.verify_email',
qualified=True),
verification_key=verification_key)})
email_debug_message(request)
auth_tools.send_verification_email(user, request, new_email,
rendered_email)
return redirect(request, 'mediagoblin.edit.account')
return render_to_response(
request,
'mediagoblin/edit/change_email.html',
{'form': form,
'user': user})
def change_pass(request):
# If no password authentication, no need to change your password
if 'pass_auth' not in request.template_env.globals:
return redirect(request, 'index')
form = forms.ChangePassForm(request.form)
user = request.user
if request.method == 'POST' and form.validate():
if not auth.check_password(
form.old_password.data, user.pw_hash):
form.old_password.errors.append(
_('Wrong password'))
return render_to_response(
request,
'mediagoblin/edit/change_pass.html',
{'form': form,
'user': user})
# Password matches
user.pw_hash = auth.gen_password_hash(
form.new_password.data)
user.save()
messages.add_message(
request, messages.SUCCESS,
_('Your password was changed successfully'))
return redirect(request, 'mediagoblin.edit.account')
return render_to_response(
request,
'mediagoblin/edit/change_pass.html',
{'form': form,
'user': user})
def change_pass(request):
# If no password authentication, no need to change your password
if "pass_auth" not in request.template_env.globals:
return redirect(request, "index")
form = forms.ChangePassForm(request.form)
user = request.user
if request.method == "POST" and form.validate():
if not auth.check_password(form.old_password.data, user.pw_hash):
form.old_password.errors.append(_("Wrong password"))
return render_to_response(request, "mediagoblin/edit/change_pass.html", {"form": form, "user": user})
# Password matches
user.pw_hash = auth.gen_password_hash(form.new_password.data)
user.save()
messages.add_message(request, messages.SUCCESS, _("Your password was changed successfully"))
return redirect(request, "mediagoblin.edit.account")
return render_to_response(request, "mediagoblin/edit/change_pass.html", {"form": form, "user": user})