def change_password(token=None): if not token and not flask.session.get("logged_in_email"): return flask.redirect("/login") if flask.request.method == "POST": form_data = flask.request.form.to_dict() new_pass = form_data["new_pass"] check_pass = form_data["check_pass"] if token: staff_member = database.find("staff", token=token) staff_member = staff_member.next() else: old_pass = form_data["old_pass"] email = flask.session["logged_in_email"] staff_member = database.find("staff", email=email) staff_member = staff_member.next() try: assert sugar.check_hash(old_pass, staff_member["password"]) except AssertionError: flask.flash("Wrong password.", "error") return try: assert sugar.check_hash(new_pass, sugar.make_hash(check_pass)) except AssertionError: flask.flash("New passwords do not match.", "error") return {"token": token} try: assert new_pass != u"" except AssertionError: flask.flash("Please enter a new password.", "error") else: session = database.get_session() staff_row = database.get_or_404("staff", id=staff_member.id) staff_schema = StaffSchema.from_flat(staff_row) staff_schema["password"].set(sugar.make_hash(new_pass)) if staff_schema.validate(): staff_row.update(staff_schema.flatten()) session.save(staff_row) session.commit() flask.flash("Password changed sucessfuly.", "success") if token: login_url = flask.url_for("auth.login", next=flask.url_for("meeting.home")) return flask.redirect(login_url) return {"token": token}
def test_change_password_updated_correctly(self): data = dict(self.STAFF_DATA) data["password"] = sugar.make_hash("password") data["email"] = "*****@*****.**" staff = models.Staff.create(data=data) password_data = {"old_pass": "******", "new_pass": "******", "check_pass": "******"} self.client.post("/change-password", data=password_data) staff = models.Staff.select().where(data__contains={"email": "*****@*****.**"}).get() self.assertTrue(sugar.check_hash("pass", staff.data["password"]))
def login(): login_email = flask.request.form.get("email", "").lower() login_password = flask.request.form.get("password", "") next_url = flask.request.values.get("next", flask.url_for("meeting.home")) if flask.request.method == "POST": try: staff_member = [i for i in database.find("staff", email=login_email)] assert len(staff_member) == 1 staff_member = staff_member[0] assert staff_member.get("password", None) assert sugar.check_hash(login_password, staff_member["password"]) except AssertionError: flask.flash(u"Login failed", "error") else: flask.session["logged_in_email"] = login_email return flask.redirect(next_url) return {"email": login_email, "next": next_url}