def login(): errors = get_errors() if request.method == 'POST': name = request.form['name'] # Check if the user submitted an email address or a team name if validators.validate_email(name) is True: user = Users.query.filter_by(email=name).first() else: user = Users.query.filter_by(name=name).first() if user: if user and check_password(request.form['password'], user.password): session.regenerate() login_user(user) log('logins', "[{date}] {ip} - {name} logged in") db.session.close() if request.args.get('next') and validators.is_safe_url( request.args.get('next')): return redirect(request.args.get('next')) return redirect(url_for('challenges.listing')) else: # This user exists but the password is wrong log('logins', "[{date}] {ip} - submitted invalid password for {name}") errors.append("Your username or password is incorrect") db.session.close() return render_template('login.html', errors=errors) else: # This user just doesn't exist log('logins', "[{date}] {ip} - submitted invalid account information") errors.append("Your username or password is incorrect") db.session.close() return render_template('login.html', errors=errors) else: db.session.close() return render_template('login.html', errors=errors)
def test_check_password(): assert check_password( 'asdf', '$bcrypt-sha256$2b,12$I0CNXRkGD2Bi/lbC4vZ7Y.$1WoilsadKpOjXa/be9x3dyu7p.mslZ6' ) == True
def test_user_can_reset_password(mock_smtp): """Test that a user is capable of resetting their password""" from email.mime.text import MIMEText app = create_ctfd() with app.app_context(), freeze_time("2012-01-14 03:21:34"): # Set CTFd to send emails set_config('mail_server', 'localhost') set_config('mail_port', 25) set_config('mail_useauth', True) set_config('mail_username', 'username') set_config('mail_password', 'password') # Create a user register_user(app, name="user1", email="*****@*****.**") with app.test_client() as client: r = client.get('/reset_password') # Build reset password data with client.session_transaction() as sess: data = { 'nonce': sess.get('nonce'), 'email': '*****@*****.**' } # Issue the password reset request r = client.post('/reset_password', data=data) from_addr = get_config('mailfrom_addr') or app.config.get('MAILFROM_ADDR') to_addr = '*****@*****.**' # Build the email msg = ("""Did you initiate a password reset? Click the following link to reset """ """your password:\n\nhttp://localhost/reset_password/InVzZXIxIg.TxD0vg.-gvVg-KVy0RWkiclAE6JViv1I0M\n\n""") email_msg = MIMEText(msg) email_msg['Subject'] = "Message from CTFd" email_msg['From'] = from_addr email_msg['To'] = to_addr # Make sure that the reset password email is sent mock_smtp.return_value.sendmail.assert_called_with(from_addr, [to_addr], email_msg.as_string()) # Get user's original password user = Users.query.filter_by(email="*****@*****.**").first() user_password_saved = user.password # Build the POST data with client.session_transaction() as sess: data = { 'nonce': sess.get('nonce'), 'password': '******' } # Do the password reset r = client.get('/reset_password/InVzZXIxIg.TxD0vg.-gvVg-KVy0RWkiclAE6JViv1I0M') r = client.post('/reset_password/InVzZXIxIg.TxD0vg.-gvVg-KVy0RWkiclAE6JViv1I0M', data=data) # Make sure that the user's password changed user = Users.query.filter_by(email="*****@*****.**").first() assert check_password('passwordtwo', user.password) destroy_ctfd(app)