def post(self, username):
username = username.lower()
#make sure we're not overwriting an existing user
user = User.get({u'username': username})
if user is None:
raise HTTPError(404)
if username != self.get_session()[u'username']:
raise HTTPError(403)
old_password = self.body_dict().get('old_password')
if old_password is None:
self.output({'error': 'MISSING_FIELD',
'field': 'old_password'}, 400)
return
new_password = self.body_dict().get('new_password')
if new_password is None:
self.output({'error': 'MISSING_FIELD',
'field': 'new_password'}, 400)
return
if not User.hash_password(old_password) == user[u'password']:
self.output({'error': 'INVALID_PASSWORD',
'field': 'old_password'}, 400)
return
user[u'password'] = User.hash_password(new_password)
user.save()
def test_case_insensitive_login(self):
User(**{
u'username': u'test',
u'password': User.hash_password(u'passw0rd'),
u'number': u'16475557000',
}).save()
response = self.get('/token/', {u'password': u'passw0rd',
u'username': u'TesT'}, auth=False)
self.assertEqual(response.status, 200, '/token/ GET')
def test_password_change(self):
new_pass = u'newPassw0rd'
response = self.post('/users/%s/' % self.get_user()[u'username'], {
u'old_password': self._gen_user_password_,
u'new_password': new_pass,
})
self.assertEqual(response.status, 200, 'password changed')
self.assertEqual(User.get(self.get_user()[u'id'])[u'password'],
User.hash_password(new_pass),
'password changed succesfully')
def make_user(self, username=None):
if username is None:
self.__user_number__ += 1
username = '******' % self.__user_number__
u = User(**{
u'username': username,
u'password': User.hash_password(self._gen_user_password_),
u'number': '+16656656665',
u'revision': uuid.uuid1().hex,
u'created': timestamp(),
})
u.save()
return u
def get(self):
#ensure that username and password are in the args
self.require_args('username', 'password')
username = self.get_argument(u'username').lower()
password = User.hash_password(self.get_argument('password'))
user = User.get({u'username': username, u'password': password})
if user is None: raise HTTPError(404)
#otherwise generate a token, save it, and return it
token = str(db.objects.session.insert({
u'timestamp': timestamp(),
u'username': username
}))
self.write(token)
def test_registraction_username_validation(self):
User(**{
u'username': u'test',
u'password': User.hash_password(u'passw0rd'),
u'number': u'16475557000',
}).save()
response = self.put('/users/test/', {
u'password': u'passw0rd',
u'number': u'+16747005290',
}, auth=False)
self.assertEqual(response.status, 409, 'cannot reuse usernames')
response = self.put('/users/tesT/', {
u'password': u'passw0rd',
u'number': u'+16747005290',
}, auth=False)
self.assertEqual(response.status, 409, 'usernames case insensitive')
def put(self, username):
username = username.lower()
#make sure we're not overwriting an existing user
if User.get({u'username': username}) is not None:
raise HTTPError(409)
#set up the password
password = self.body_dict().get('password')
if not password: raise HTTPError(403)
User(**{
u'username': username,
u'password': User.hash_password(password),
u'number': self.body_dict().get('number'),
u'revision': uuid.uuid1().hex,
u'created': int(timestamp()),
}).save()
self.set_status(201)