def change_password(token=None): if not token and not flask.session.get("logged_in_email"): return flask.redirect("/login") if flask.request.method == "POST": form_data = flask.request.form.to_dict() new_pass = form_data["new_pass"] check_pass = form_data["check_pass"] if token: staff_member = database.find("staff", token=token) staff_member = staff_member.next() else: old_pass = form_data["old_pass"] email = flask.session["logged_in_email"] staff_member = database.find("staff", email=email) staff_member = staff_member.next() try: assert sugar.check_hash(old_pass, staff_member["password"]) except AssertionError: flask.flash("Wrong password.", "error") return try: assert sugar.check_hash(new_pass, sugar.make_hash(check_pass)) except AssertionError: flask.flash("New passwords do not match.", "error") return {"token": token} try: assert new_pass != u"" except AssertionError: flask.flash("Please enter a new password.", "error") else: session = database.get_session() staff_row = database.get_or_404("staff", id=staff_member.id) staff_schema = StaffSchema.from_flat(staff_row) staff_schema["password"].set(sugar.make_hash(new_pass)) if staff_schema.validate(): staff_row.update(staff_schema.flatten()) session.save(staff_row) session.commit() flask.flash("Password changed sucessfuly.", "success") if token: login_url = flask.url_for("auth.login", next=flask.url_for("meeting.home")) return flask.redirect(login_url) return {"token": token}
def test_login_failed_for_non_admin(self): data = dict(self.STAFF_DATA) data["password"] = sugar.make_hash("password") staff = models.Staff.create(data=data) data = {"email": "*****@*****.**", "password": "******"} resp = self.client.post("/login", data=data) self.assertEqual(200, resp.status_code)
def test_login_success(self): data = dict(self.STAFF_DATA) data["password"] = sugar.make_hash("password") data["is_admin"] = "1" staff = models.Staff.create(data=data) login_data = {"email": "*****@*****.**", "password": "******"} resp = self.client.post("/login", data=login_data) self.assertEqual(302, resp.status_code)
def test_change_password_success(self): data = dict(self.STAFF_DATA) data["password"] = sugar.make_hash("password") data["email"] = "*****@*****.**" staff = models.Staff.create(data=data) password_data = {"old_pass": "******", "new_pass": "******", "check_pass": "******"} resp = self.client.post("/change-password", data=password_data) self.assertIn("Password changed sucessfuly.", resp.data)
def test_change_password_updated_correctly(self): data = dict(self.STAFF_DATA) data["password"] = sugar.make_hash("password") data["email"] = "*****@*****.**" staff = models.Staff.create(data=data) password_data = {"old_pass": "******", "new_pass": "******", "check_pass": "******"} self.client.post("/change-password", data=password_data) staff = models.Staff.select().where(data__contains={"email": "*****@*****.**"}).get() self.assertTrue(sugar.check_hash("pass", staff.data["password"]))
def test_change_password_fail_different_passwords(self): data = dict(self.STAFF_DATA) data["password"] = sugar.make_hash("password") data["email"] = "*****@*****.**" staff = models.Staff.create(data=data) password_data = {"old_pass": "******", "new_pass": "******", "check_pass": "******"} resp = self.client.post("/change-password", data=password_data) self.assertIn("New passwords do not match.", resp.data)
def update_staff_members_passwords(): session = database.get_session() app = flask.current_app staff_members = [i for i in database.get_all("staff")] for account in app.config["ACCOUNTS"]: staff_member = [i for i in staff_members if i.get("email") == account[0]] if staff_member: staff_member = staff_member[0] staff_member["password"] = sugar.make_hash(account[1]) session.save(staff_member) session.commit()