def user_account():
def respond(message=None):
if message:
flash(message)
check_user_validation()
return render_template('user-account.j2')
if request.method == 'GET':
return respond()
if request.form.get('action') == 'change-name':
name = request.form.get('name')
current_user.name = name
current_user.save()
db.session.commit()
if request.form.get('action') == 'change-email':
email = request.form.get('email')
password = request.form.get('password')
if User.exists(email=email):
return respond(_('This email address is already in use'))
if User.exists(name=name):
return respond(_('This name is already in use'))
if not current_user.check_password(password):
return respond(
_('The password you entered did not match your '
'current password'))
current_user.email = email
current_user.validated = False
current_user.save()
token = Token.make(current_user, email)
token.save()
db.session.commit()
current_user.sendmail('confirmation', token=token.digest)
if request.form.get('action') == 'change-password':
current_password = request.form.get('current-password')
new_password = request.form.get('new-password')
if not current_user.check_password(current_password):
return respond(
_('The password you entered did not match your '
'current password'))
current_user.set_password(new_password)
current_user.save()
db.session.commit()
return respond()
def users_impersonate(user):
if not current_user.admin:
return render_template('error.j2',
error=_('You are not allowed to '
'access this page')), 403
user = User.get(id=user)
login_user(user)
return redirect(url_for('read'))
def users():
if not current_user.admin:
return render_template('error.j2',
error=_('You are not allowed to '
'access this page')), 403
page_arg = get_int_arg('page', 1)
users = User.get() \
.paginate(page_arg, 100)
if request.method == 'GET':
return render_template('admin-users.j2', users=users)
def users_toggle_admin(user):
if not current_user.admin:
return render_template('error.j2',
error=_('You are not allowed to '
'access this page')), 403
user = User.get(id=user)
if not user == current_user:
user.admin = not user.admin
user.save()
db.session.commit()
return redirect(url_for('users'))
def test_b_string(database):
user = User(email='*****@*****.**', name='b-string') \
.set_password(b'\xc3\xa9') \
.save()
db.session.commit()
user = User.get('*****@*****.**')
assert user.check_password('é')
assert user.check_password(u'é')
assert user.check_password(b'\xc3\xa9')
def test_all(database):
assert not User.exists(email='[email protected]')
assert not User.exists(email='[email protected]')
assert not User.exists(email='[email protected]')
assert not User.exists(email='[email protected]')
assert not User.exists(name='a')
assert not User.exists(name='b')
assert not User.exists(name='c')
assert not User.exists(name='d')
assert User.is_first()
user = User(email='[email protected]', name='a', password='').save()
db.session.commit()
assert not user.admin
assert not User.is_first()
User(email='[email protected]', name='B', password='').save()
User(email='[email protected]', name='C', password='').save()
User(email='[email protected]', name='D', password='').save()
db.session.commit()
assert User.exists(email='[email protected]')
assert User.exists(email='[email protected]')
assert User.exists(email='[email protected]')
assert User.exists(email='[email protected]')
assert User.exists(name='a')
assert User.exists(name='B')
assert User.exists(name='C')
assert User.exists(name='D')
assert User.get('[email protected]').name == 'a'
assert User.get('[email protected]').name == 'B'
assert User.get('[email protected]').name == 'C'
assert User.get('[email protected]').name == 'D'
assert not User.get('[email protected]')