def test_update_password(self):
self.create_example_user(self.user_data["user1"]["email"])
user_id = user.identify_by_email(self.database,
self.user_data["user1"]["email"])
user.update(self.database, user_id,
{"hashed_password": "******"})
self.verify_user_data(self.user_data["user1"]["email"],
self.user_data["user1"]["name"],
self.user_data["user1"]["group_name"],
"new_hashed_password",
self.user_data["user1"]["admin"])
def test_update_other_fields(self):
self.create_example_user(self.user_data["user1"]["email"])
user_id = user.identify_by_email(self.database,
self.user_data["user1"]["email"])
user.update(
self.database, user_id, {
"email": "*****@*****.**",
"admin": True,
"name": "newname",
"group_name": "newgroupname"
})
self.verify_user_data("*****@*****.**", "newname",
"newgroupname",
self.user_data["user1"]["hashed_password"], True)
def put_from_user_id(user_id):
user_db_data = user_db_util.read(g.database, user_id)
if not user_db_data:
error(404, "User id not recognized.")
if not current_user.is_admin and current_user.user_id != user_id:
error(403,
"Logged in user not admin and doesn't match requested user id.")
data = request.get_json()
if data is None:
error(400, "No json data in request body")
if not any([
key in data.keys()
for key in ["email", "name", "group_name", "password", "admin"]
]):
error(
400,
"Json data must define one or more of: \
email, name, group_name, password, admin",
)
if ("admin" in data.keys()) and (data["admin"] is
True) and (not current_user.is_admin):
error(403, "Logged in user can not grant self admin privileges.")
if "password" in data.keys() and len(data["password"]) > 0:
if len(data["password"]) < 8:
error(422, "New password is less than 8 characters long.")
data["hashed_password"] = generate_password_hash(data["password"])
try:
update_user_result = user_db_util.update(g.database, user_id, data)
except UniqueViolation:
error(422, "User with that email address already exists")
if update_user_result is None:
# Returns None if the user doesn't exist. We already checked this,
# but if it still fails, throw 404
error(404, "User id not recognized")
response_data = {
"user_id": update_user_result["user_id"],
"email": update_user_result["email"],
"admin": update_user_result["admin"],
"name": update_user_result["name"],
"group_name": update_user_result["group_name"],
"timestamp": update_user_result["date_modified"],
}
return jsonify(response_data), 200