Beispiel #1
0
    def test_change_password(self, test_app):
        """Test changing password correctly and incorrectly"""
        self.login(test_app)

        # test that the password can be changed
        template.clear_test_template_context()
        res = test_app.post('/edit/password/', {
            'old_password': '******',
            'new_password': '******',
        })
        res.follow()

        # Did we redirect to the correct page?
        assert urlparse.urlsplit(res.location)[2] == '/edit/account/'

        # test_user has to be fetched again in order to have the current values
        test_user = User.query.filter_by(username=u'chris').first()
        assert auth.check_password('123456', test_user.pw_hash)
        # Update current user passwd
        self.user_password = '******'

        # test that the password cannot be changed if the given
        # old_password is wrong
        template.clear_test_template_context()
        test_app.post('/edit/password/', {
            'old_password': '******',
            'new_password': '******',
        })

        test_user = User.query.filter_by(username=u'chris').first()
        assert not auth.check_password('098765', test_user.pw_hash)
Beispiel #2
0
    def test_change_password(self, test_app):
        """Test changing password correctly and incorrectly"""
        self.login(test_app)

        # test that the password can be changed
        template.clear_test_template_context()
        res = test_app.post(
            '/edit/password/', {
                'old_password': '******',
                'new_password': '******',
                })
        res.follow()

        # Did we redirect to the correct page?
        assert urlparse.urlsplit(res.location)[2] == '/edit/account/'

        # test_user has to be fetched again in order to have the current values
        test_user = User.query.filter_by(username=u'chris').first()
        assert auth.check_password('123456', test_user.pw_hash)
        # Update current user passwd
        self.user_password = '******'

        # test that the password cannot be changed if the given
        # old_password is wrong
        template.clear_test_template_context()
        test_app.post(
            '/edit/password/', {
                'old_password': '******',
                'new_password': '******',
                })

        test_user = User.query.filter_by(username=u'chris').first()
        assert not auth.check_password('098765', test_user.pw_hash)
Beispiel #3
0
def change_pass(request):
    # If no password authentication, no need to change your password
    if 'pass_auth' not in request.template_env.globals:
        return redirect(request, 'index')

    form = forms.ChangePassForm(request.form)
    user = request.user

    if request.method == 'POST' and form.validate():

        if not auth.check_password(form.old_password.data, user.pw_hash):
            form.old_password.errors.append(_('Wrong password'))

            return render_to_response(request,
                                      'mediagoblin/edit/change_pass.html', {
                                          'form': form,
                                          'user': user
                                      })

        # Password matches
        user.pw_hash = auth.gen_password_hash(form.new_password.data)
        user.save()

        messages.add_message(request, messages.SUCCESS,
                             _('Your password was changed successfully'))

        return redirect(request, 'mediagoblin.edit.account')

    return render_to_response(request, 'mediagoblin/edit/change_pass.html', {
        'form': form,
        'user': user
    })
Beispiel #4
0
def check_login_simple(username, password):
    user = auth.get_user(username=username)
    if not user:
        _log.info("User %r not found", username)
        hook_handle("auth_fake_login_attempt")
        return None
    if not auth.check_password(password, user.pw_hash):
        _log.warn("Wrong password for %r", username)
        return None
    _log.info("Logging %r in", username)
    return user
Beispiel #5
0
def check_login_simple(username, password):
    user = auth.get_user(username=username)
    if not user:
        _log.info("User %r not found", username)
        hook_handle("auth_fake_login_attempt")
        return None
    if not auth.check_password(password, user.pw_hash):
        _log.warn("Wrong password for %r", username)
        return None
    _log.info("Logging %r in", username)
    return user
Beispiel #6
0
def change_email(request):
    """ View to change the user's email """
    form = forms.ChangeEmailForm(request.method == 'POST' and request.form
                                 or None)
    user = request.user

    # If no password authentication, no need to enter a password
    if 'pass_auth' not in request.template_env.globals or not user.pw_hash:
        form.__delitem__('password')

    if request.method == 'POST' and form.validate():
        new_email = form.new_email.data
        users_with_email = User.query.filter(
            LocalUser.email == new_email).count()

        if users_with_email:
            form.new_email.errors.append(
                _('Sorry, a user with that email address'
                  ' already exists.'))

        if form.password and user.pw_hash and not check_password(
                form.password.data, user.pw_hash):
            form.password.errors.append(_('Wrong password'))

        if not form.errors:
            verification_key = get_timed_signer_url(
                'mail_verification_token').dumps({
                    'user': user.id,
                    'email': new_email
                })

            rendered_email = render_template(
                request, 'mediagoblin/edit/verification.txt', {
                    'username':
                    user.username,
                    'verification_url':
                    EMAIL_VERIFICATION_TEMPLATE.format(
                        uri=request.urlgen('mediagoblin.edit.verify_email',
                                           qualified=True),
                        verification_key=verification_key)
                })

            email_debug_message(request)
            auth_tools.send_verification_email(user, request, new_email,
                                               rendered_email)

            return redirect(request, 'mediagoblin.edit.account')

    return render_to_response(request, 'mediagoblin/edit/change_email.html', {
        'form': form,
        'user': user
    })
Beispiel #7
0
def change_email(request):
    """ View to change the user's email """
    form = forms.ChangeEmailForm(request.form)
    user = request.user

    # If no password authentication, no need to enter a password
    if 'pass_auth' not in request.template_env.globals or not user.pw_hash:
        form.__delitem__('password')

    if request.method == 'POST' and form.validate():
        new_email = form.new_email.data
        users_with_email = User.query.filter(
            LocalUser.email==new_email
        ).count()

        if users_with_email:
            form.new_email.errors.append(
                _('Sorry, a user with that email address'
                    ' already exists.'))

        if form.password and user.pw_hash and not check_password(
                form.password.data, user.pw_hash):
            form.password.errors.append(
                _('Wrong password'))

        if not form.errors:
            verification_key = get_timed_signer_url(
                'mail_verification_token').dumps({
                    'user': user.id,
                    'email': new_email})

            rendered_email = render_template(
                request, 'mediagoblin/edit/verification.txt',
                {'username': user.username,
                    'verification_url': EMAIL_VERIFICATION_TEMPLATE.format(
                    uri=request.urlgen('mediagoblin.edit.verify_email',
                                    qualified=True),
                    verification_key=verification_key)})

            email_debug_message(request)
            auth_tools.send_verification_email(user, request, new_email,
                                            rendered_email)

            return redirect(request, 'mediagoblin.edit.account')

    return render_to_response(
        request,
        'mediagoblin/edit/change_email.html',
        {'form': form,
         'user': user})
Beispiel #8
0
def change_pass(request):
    # If no password authentication, no need to change your password
    if 'pass_auth' not in request.template_env.globals:
        return redirect(request, 'index')

    form = forms.ChangePassForm(request.form)
    user = request.user

    if request.method == 'POST' and form.validate():

        if not auth.check_password(
                form.old_password.data, user.pw_hash):
            form.old_password.errors.append(
                _('Wrong password'))

            return render_to_response(
                request,
                'mediagoblin/edit/change_pass.html',
                {'form': form,
                 'user': user})

        # Password matches
        user.pw_hash = auth.gen_password_hash(
            form.new_password.data)
        user.save()

        messages.add_message(
            request, messages.SUCCESS,
            _('Your password was changed successfully'))

        return redirect(request, 'mediagoblin.edit.account')

    return render_to_response(
        request,
        'mediagoblin/edit/change_pass.html',
        {'form': form,
         'user': user})
Beispiel #9
0
def change_pass(request):
    # If no password authentication, no need to change your password
    if "pass_auth" not in request.template_env.globals:
        return redirect(request, "index")

    form = forms.ChangePassForm(request.form)
    user = request.user

    if request.method == "POST" and form.validate():

        if not auth.check_password(form.old_password.data, user.pw_hash):
            form.old_password.errors.append(_("Wrong password"))

            return render_to_response(request, "mediagoblin/edit/change_pass.html", {"form": form, "user": user})

        # Password matches
        user.pw_hash = auth.gen_password_hash(form.new_password.data)
        user.save()

        messages.add_message(request, messages.SUCCESS, _("Your password was changed successfully"))

        return redirect(request, "mediagoblin.edit.account")

    return render_to_response(request, "mediagoblin/edit/change_pass.html", {"form": form, "user": user})