def test_by_credentials_ok(self):
from pyvac.models import User
user = User.by_credentials(self.session, u'jdoe', u'changeme')
self.assertIsInstance(user, User)
self.assertEqual(user.login, u'jdoe')
self.assertEqual(user.name, u'John Doe')
self.assertEqual(user.role, u'user')
def authenticated_userid(self, request):
auth = request.environ.get('HTTP_AUTHORIZATION')
try:
authmeth, auth = auth.split(' ', 1)
except AttributeError as ValueError: # not enough values to unpack
return None
if authmeth.lower() != 'basic':
return None
try:
# Python 3's string is already unicode
auth = auth.strip().decode('base64')
if sys.version_info[0] == 2:
auth = unicode(auth)
except binascii.Error: # can't decode
return None
try:
login, password = auth.split(':', 1)
except ValueError: # not enough values to unpack
return None
if User.by_credentials(DBSession(), login, password):
return login
return None
def test_change_password_post_ko_unchanged(self):
from pyvac.models import User
from pyvac.views.user import ChangePassword as ChangePwd
view = ChangePwd(self.create_request({'form.submitted': u'1',
'current_password': u'changeme',
'user.password': u'changeme',
'confirm_password': u'changeme',
}))()
self.assertEqual(view['errors'],
[u'password is inchanged'])
admin = User.by_credentials(self.session, u'admin', u'changeme')
self.assertIsInstance(admin, User)
def test_change_password_post_ok(self):
from pyvac.models import User
from pyvac.views.user import ChangePassword as ChangePwd
ChangePwd(self.create_request({'form.submitted': u'1',
'current_password': u'changeme',
'user.password': u'newpassw',
'confirm_password': u'newpassw',
}))()
admin = User.by_credentials(self.session, u'admin', u'newpassw')
self.assertIsInstance(admin, User)
admin.password = u'changeme'
self.session.add(admin)
def test_change_password_post_ko_not_matched(self):
from pyvac.models import User
from pyvac.views.user import ChangePassword as ChangePwd
view = ChangePwd(self.create_request({'form.submitted': u'1',
'current_password': u'CHANGEME',
'user.password': u'newpassw',
'confirm_password': u'NEWPASSW',
}))()
self.assertEqual(view['errors'],
[u'current password is not correct',
u'passwords do not match'])
admin = User.by_credentials(self.session, u'admin', u'changeme')
self.assertIsInstance(admin, User)
def validate(self, model, errors):
r = self.request
if not User.by_credentials(self.session, model.login,
r.params['current_password']):
errors.append(_(u'current password is not correct'))
elif r.params['user.password'] == r.params['current_password']:
errors.append(_(u'password is inchanged'))
if r.params['user.password'] != r.params['confirm_password']:
errors.append(_(u'passwords do not match'))
return len(errors) == 0
def test_change_password_post_ok(self):
from pyvac.models import User
from pyvac.views.user import ChangePassword as ChangePwd
ChangePwd(
self.create_request({
'form.submitted': u'1',
'current_password': u'changeme',
'user.password': u'newpassw',
'confirm_password': u'newpassw',
}))()
admin = User.by_credentials(self.session, u'admin', u'newpassw')
self.assertIsInstance(admin, User)
admin.password = u'changeme'
self.session.add(admin)
def test_change_password_post_ko_not_matched(self):
from pyvac.models import User
from pyvac.views.user import ChangePassword as ChangePwd
view = ChangePwd(
self.create_request({
'form.submitted': u'1',
'current_password': u'CHANGEME',
'user.password': u'newpassw',
'confirm_password': u'NEWPASSW',
}))()
self.assertEqual(
view['errors'],
[u'current password is not correct', u'passwords do not match'])
admin = User.by_credentials(self.session, u'admin', u'changeme')
self.assertIsInstance(admin, User)
def render(self):
login_url = resource_url(self.request.context, self.request, "login")
referrer = self.request.url
# never use the login form itself as came_from
if referrer == login_url:
referrer = "/"
came_from = self.request.params.get("came_from", referrer)
if came_from == "/":
came_from = "/home"
login = self.request.params.get("login", "")
if "submit" in self.request.params:
password = self.request.params.get("password", u"")
if password:
settings = self.request.registry.settings
ldap = False
if "pyvac.use_ldap" in settings:
ldap = asbool(settings.get("pyvac.use_ldap"))
try:
user = User.by_credentials(self.session, login, password, ldap)
if user is not None:
log.info("login %r succeed" % user.login)
headers = remember(self.request, user.login)
# check for available users for sudo
sudoers = Sudoer.alias(self.session, user)
if sudoers:
location = route_url("sudo", self.request)
return HTTPFound(location=location, headers=headers)
return HTTPFound(location=came_from, headers=headers)
else:
msg = "Invalid credentials."
self.request.session.flash("error;%s" % msg)
except SERVER_DOWN:
msg = "Cannot reach ldap server."
self.request.session.flash("error;%s" % msg)
except INVALID_CREDENTIALS:
msg = "Invalid credentials."
self.request.session.flash("error;%s" % msg)
except UnknownLdapUser:
msg = "Unknown ldap user %s" % login
self.request.session.flash("error;%s" % msg)
return {"came_from": came_from, "csrf_token": self.request.session.get_csrf_token()}
def render(self):
login_url = resource_url(self.request.context, self.request, 'login')
referrer = self.request.url
# never use the login form itself as came_from
if referrer == login_url:
referrer = '/'
came_from = self.request.params.get('came_from', referrer)
if came_from == '/':
came_from = '/home'
login = self.request.params.get('login', '')
if 'submit' in self.request.params:
password = self.request.params.get('password', u'')
if password:
settings = self.request.registry.settings
ldap = False
if 'pyvac.use_ldap' in settings:
ldap = asbool(settings.get('pyvac.use_ldap'))
try:
user = User.by_credentials(self.session, login,
password, ldap)
if user is not None:
log.info('login %r succeed' % login)
headers = remember(self.request, login)
return HTTPFound(location=came_from,
headers=headers)
else:
msg = 'Invalid credentials.'
self.request.session.flash('error;%s' % msg)
except SERVER_DOWN:
msg = 'Cannot reach ldap server.'
self.request.session.flash('error;%s' % msg)
except INVALID_CREDENTIALS:
msg = 'Invalid credentials.'
self.request.session.flash('error;%s' % msg)
except UnknownLdapUser:
msg = 'Unknown ldap user %s' % login
self.request.session.flash('error;%s' % msg)
return {'came_from': came_from,
'csrf_token': self.request.session.get_csrf_token(),
}
def validate(self, model, errors):
r = self.request
settings = r.registry.settings
ldap = False
if 'pyvac.use_ldap' in settings:
ldap = asbool(settings.get('pyvac.use_ldap'))
if 'current_password' in r.params and r.params['current_password']:
if not User.by_credentials(self.session, model.login,
r.params['current_password'], ldap):
errors.append(_('current password is not correct'))
elif r.params['user.password'] == r.params['current_password']:
errors.append(_('password is unchanged'))
if r.params['user.password'] != r.params['confirm_password']:
errors.append(_('passwords do not match'))
if (r.params.get('remove_photo', 'no') == 'no'):
try:
photo = r.POST['photofile'].file.read()
photo_size = len(photo)
if photo_size > 200000:
errors.append(_('Invalid photo size: %d' % photo_size))
except:
pass
for up in model.pools:
key = 'up%d' % up.id
if key in r.params:
new = r.params[key]
# add some sanity checks
try:
float(new)
except Exception as exc:
log.error('cannot update %s: %s' % (up, exc))
errors.append(
_('Wrong value for %s: %s' % (up.fullname, new)))
if errors:
self.request.session.flash('error;%s' % ','.join(errors))
return len(errors) == 0
def test_update_post_ok(self):
from pyvac.models import User
from pyvac.views.user import Edit
view = Edit(self.create_request({'form.submitted': '1',
'user.login': '******',
'user.firstname': 'Admin',
'user.lastname': 'Istrator',
}))()
self.assertIsRedirect(view)
self.session.flush()
admin = User.by_credentials(self.session, 'root', 'changeme')
self.assertIsInstance(admin, User)
self.assertEqual(admin.login, 'root')
self.assertEqual(admin.firstname, 'Admin')
self.assertEqual(admin.lastname, 'Istrator')
admin.login = '******'
admin.password = '******'
admin.firstname = None
admin.lastname = None
self.session.add(admin)
def test_update_post_ok(self):
from pyvac.models import User
from pyvac.views.user import Edit
view = Edit(self.create_request({'form.submitted': u'1',
'user.login': u'root',
'user.firstname': u'Admin',
'user.lastname': u'Istrator',
}))()
self.assertIsRedirect(view)
self.session.flush()
admin = User.by_credentials(self.session, u'root', u'changeme')
self.assertIsInstance(admin, User)
self.assertEqual(admin.login, u'root')
self.assertEqual(admin.firstname, u'Admin')
self.assertEqual(admin.lastname, u'Istrator')
admin.login = u'admin'
admin.password = u'changeme'
admin.firstname = None
admin.lastname = None
self.session.add(admin)
def validate(self, model, errors):
r = self.request
settings = r.registry.settings
ldap = False
if 'pyvac.use_ldap' in settings:
ldap = asbool(settings.get('pyvac.use_ldap'))
if 'current_password' in r.params and r.params['current_password']:
if not User.by_credentials(self.session, model.login,
r.params['current_password'], ldap):
errors.append(_(u'current password is not correct'))
elif r.params['user.password'] == r.params['current_password']:
errors.append(_(u'password is unchanged'))
if r.params['user.password'] != r.params['confirm_password']:
errors.append(_(u'passwords do not match'))
if errors:
self.request.session.flash('error;%s' % ','.join(errors))
return len(errors) == 0
def test_by_credentials_ko_mirrored(self):
from pyvac.models import User
user = User.by_credentials(self.session, u'johndo', '')
self.assertEqual(user, None)
def test_by_credentials_ko_password(self):
from pyvac.models import User
user = User.by_credentials(self.session, u'admin', 'CHANGEME')
self.assertIsNone(user)
def test_by_credentials_ko_mirrored(self):
from pyvac.models import User
user = User.by_credentials(self.session, u'johndo', '')
self.assertEqual(user, None)
def test_by_credentials_ko_unexists(self):
from pyvac.models import User
user = User.by_credentials(self.session, u'u404', u"' OR 1 = 1 #")
self.assertEqual(user, None)
def test_by_credentials_ko_unexists(self):
from pyvac.models import User
user = User.by_credentials(self.session, u'u404', u"' OR 1 = 1 #")
self.assertEqual(user, None)
def test_by_credentials_ko_password(self):
from pyvac.models import User
user = User.by_credentials(self.session, u'admin', 'CHANGEME')
self.assertIsNone(user)
