def test_update_user_password(
client: TestClient,
user: User,
session: Session,
user_auth_header: dict,
user_create_data: dict,
):
old_password = user_create_data["password"]
new_password = "******"
assert util.password_is_match(old_password, user.hashed_password)
assert not util.password_is_match(new_password, user.hashed_password)
response = client.put(
"/api/me/password",
headers=user_auth_header,
json={
"oldPassword": old_password,
"newPassword": new_password,
},
)
assert response.status_code == 200
result = response.json()
assert "firstName" in result
assert "lastName" in result
assert "email" in result
assert "id" in result
assert "phoneNumber" in result
assert "dob" in result
assert "description" in result
assert "city" in result
assert "gender" in result
session.expire_all()
assert not util.password_is_match(old_password, user.hashed_password)
assert util.password_is_match(new_password, user.hashed_password)
def test_update_password(
user: User,
user_create_data: dict,
session: Session,
application: Application,
):
old_password = user_create_data["password"]
new_password = "******"
assert old_password != new_password
application.update_password(session, user, old_password, new_password)
assert user.hashed_password != old_password
assert user.hashed_password != new_password
assert not util.password_is_match(old_password, user.hashed_password)
assert util.password_is_match(new_password, user.hashed_password)
def update_password(self, session: Session, user: User, old_password: str,
new_password: str) -> User:
if not util.password_is_match(old_password, user.hashed_password):
raise ApplicationError("Wrong password")
new_hashed_password = util.hash_password(new_password)
return self.user_service.update(session,
user,
hashed_password=new_hashed_password)
def authenticate_user(self, session: Session, login: str,
password: str) -> bytes:
existing_user: Optional[User] = self.user_service.get_by_email(
session, login) or self.user_service.get_by_phone_number(
session, login)
if not existing_user:
raise ApplicationError("Invalid login credentials")
if not util.password_is_match(password, existing_user.hashed_password):
raise ApplicationError("Invalid login credentials")
return util.create_access_token(data={"sub": str(existing_user.id)})
def test_password_is_match():
password = "******"
hashed_password = util.hash_password(password)
assert not util.password_is_match("wrong", hashed_password)
assert util.password_is_match(password, hashed_password)