Example #1
0
def change_password(token=None):
    if not token and not flask.session.get("logged_in_email"):
        return flask.redirect("/login")

    if flask.request.method == "POST":
        form_data = flask.request.form.to_dict()

        new_pass = form_data["new_pass"]
        check_pass = form_data["check_pass"]

        if token:
            staff_member = database.find("staff", token=token)
            staff_member = staff_member.next()

        else:
            old_pass = form_data["old_pass"]

            email = flask.session["logged_in_email"]
            staff_member = database.find("staff", email=email)
            staff_member = staff_member.next()

            try:
                assert sugar.check_hash(old_pass, staff_member["password"])
            except AssertionError:
                flask.flash("Wrong password.", "error")
                return

        try:
            assert sugar.check_hash(new_pass, sugar.make_hash(check_pass))
        except AssertionError:
            flask.flash("New passwords do not match.", "error")
            return {"token": token}

        try:
            assert new_pass != u""
        except AssertionError:
            flask.flash("Please enter a new password.", "error")
        else:
            session = database.get_session()

            staff_row = database.get_or_404("staff", id=staff_member.id)
            staff_schema = StaffSchema.from_flat(staff_row)

            staff_schema["password"].set(sugar.make_hash(new_pass))

            if staff_schema.validate():
                staff_row.update(staff_schema.flatten())
                session.save(staff_row)
                session.commit()

                flask.flash("Password changed sucessfuly.", "success")

                if token:
                    login_url = flask.url_for("auth.login", next=flask.url_for("meeting.home"))
                    return flask.redirect(login_url)

    return {"token": token}
Example #2
0
    def test_login_failed_for_non_admin(self):
        data = dict(self.STAFF_DATA)
        data["password"] = sugar.make_hash("password")
        staff = models.Staff.create(data=data)

        data = {"email": "*****@*****.**", "password": "******"}
        resp = self.client.post("/login", data=data)
        self.assertEqual(200, resp.status_code)
Example #3
0
    def test_login_success(self):
        data = dict(self.STAFF_DATA)
        data["password"] = sugar.make_hash("password")
        data["is_admin"] = "1"
        staff = models.Staff.create(data=data)

        login_data = {"email": "*****@*****.**", "password": "******"}
        resp = self.client.post("/login", data=login_data)
        self.assertEqual(302, resp.status_code)
Example #4
0
    def test_change_password_success(self):
        data = dict(self.STAFF_DATA)
        data["password"] = sugar.make_hash("password")
        data["email"] = "*****@*****.**"
        staff = models.Staff.create(data=data)

        password_data = {"old_pass": "******", "new_pass": "******", "check_pass": "******"}
        resp = self.client.post("/change-password", data=password_data)
        self.assertIn("Password changed sucessfuly.", resp.data)
Example #5
0
    def test_change_password_updated_correctly(self):
        data = dict(self.STAFF_DATA)
        data["password"] = sugar.make_hash("password")
        data["email"] = "*****@*****.**"
        staff = models.Staff.create(data=data)

        password_data = {"old_pass": "******", "new_pass": "******", "check_pass": "******"}
        self.client.post("/change-password", data=password_data)
        staff = models.Staff.select().where(data__contains={"email": "*****@*****.**"}).get()
        self.assertTrue(sugar.check_hash("pass", staff.data["password"]))
Example #6
0
    def test_change_password_fail_different_passwords(self):
        data = dict(self.STAFF_DATA)
        data["password"] = sugar.make_hash("password")
        data["email"] = "*****@*****.**"
        staff = models.Staff.create(data=data)

        password_data = {"old_pass": "******", "new_pass": "******", "check_pass": "******"}

        resp = self.client.post("/change-password", data=password_data)
        self.assertIn("New passwords do not match.", resp.data)
Example #7
0
def update_staff_members_passwords():
    session = database.get_session()
    app = flask.current_app

    staff_members = [i for i in database.get_all("staff")]

    for account in app.config["ACCOUNTS"]:
        staff_member = [i for i in staff_members if i.get("email")  == account[0]]
        if staff_member:
            staff_member = staff_member[0]
            staff_member["password"] = sugar.make_hash(account[1])

            session.save(staff_member)
            session.commit()