def test_edit_save(self):
form_config = self.config.get_form('userform2')
item = self._insert_item()
item = self._insert_item()
result = self.session.query(User).all()
form = Form(form_config, item)
result = self.session.query(User).all()
values = {"name": "paulpaulpaul", "fullname": "Paul Wright",
"password": "******"}
if form.validate(values):
form.save()
result = self.session.query(User).all()
self.assertEqual(len(result), 2)
self.assertEqual(result[0].name, "ed")
self.assertEqual(result[1].name, "paulpaulpaul")
def rest_create(request, callback=None):
"""Create a new item of type clazz. The item will be
initialised with the data provided in the submitted POST request.
The submitted data will be validated before the item is actually
saved. If the submission fails the item is not saved in the
database. In all cases the item is returned as JSON object with the
item and updated values back to the client. The JSON Response will
include further details on the reason why the validation failed.
:clazz: Class of item to create
:request: Current request
:returns: JSON object.
"""
clazz = request.context.__model__
# Create a new item.
factory = clazz.get_item_factory()
item = factory.create(request.user)
# Initialise the create form for the item to be able to validate the
# submitted data.
form = Form(get_form_config(item, 'create'),
item, request.db, translate=request.translate,
csrf_token=request.session.get_csrf_token())
if form.validate(request.params):
sitem = form.save()
return JSONResponse(True, sitem)
else:
# Validation fails! return item
return JSONResponse(False, sitem)
def test_edit_save(self):
form_config = self.config.get_form('userform2')
item = self._insert_item()
item = self._insert_item()
result = self.session.query(User).all()
form = Form(form_config, item)
result = self.session.query(User).all()
values = {
"name": "paulpaulpaul",
"fullname": "Paul Wright",
"password": "******"
}
if form.validate(values):
form.save()
result = self.session.query(User).all()
self.assertEqual(len(result), 2)
self.assertEqual(result[0].name, "ed")
self.assertEqual(result[1].name, "paulpaulpaul")
def test_create_save(self):
form_config = self.config.get_form('userform2')
item = User()
# Important! Provide the dbsession if you want to create a new
# item
form = Form(form_config, item, self.session)
values = {"name": "paulpaulpaul", "fullname": "Paul Wright",
"password": "******"}
if form.validate(values):
saved_item = form.save()
self.assertEqual(saved_item, item)
result = self.session.query(User).all()
self.assertEqual(len(result), 1)
self.assertEqual(result[0].name, "paulpaulpaul")
def test_create_save(self):
form_config = self.config.get_form('userform2')
item = User()
# Important! Provide the dbsession if you want to create a new
# item
form = Form(form_config, item, self.session)
values = {
"name": "paulpaulpaul",
"fullname": "Paul Wright",
"password": "******"
}
if form.validate(values):
saved_item = form.save()
self.assertEqual(saved_item, item)
result = self.session.query(User).all()
self.assertEqual(len(result), 1)
self.assertEqual(result[0].name, "paulpaulpaul")
def changepassword(request):
"""Method to change the users password by the user. The user user
musst provide his old and the new pasword. Users are only allowed to
change their own password."""
# Check authentification
# As this view has now security configured it is
# generally callable by all users. For this reason we first check if
# the user is authenticated. If the user is not authenticated the
# raise an 401 (unauthorized) exception.
if not request.user:
raise HTTPUnauthorized
clazz = User
_ = request.translate
rvalue = {}
# Load the item return 400 if the item can not be found.
id = request.matchdict.get('id')
factory = clazz.get_item_factory()
try:
item = factory.load(id, request.db)
# Check authorisation
# User are only allowed to set their own password.
if item.id != request.user.id:
raise HTTPForbidden()
except sa.orm.exc.NoResultFound:
raise HTTPBadRequest()
form = Form(get_form_config(item, 'changepassword'),
item, request.db, translate=_,
renderers={},
change_page_callback={'url': 'set_current_form_page',
'item': clazz.__tablename__,
'itemid': id},
request=request, csrf_token=request.session.get_csrf_token())
if request.POST:
mapping = {'item': item}
# Do extra validation which is not handled by formbar.
# Is the provided old password correct?
validator = Validator('oldpassword',
_('The given password is not correct'),
check_password)
pw_len_validator = Validator('password',
_('Password must be at least 12 '
'characters long.'),
password_minlength_validator)
pw_nonchar_validator = Validator('password',
_('Password must contain at least 2 '
'non-letters.'),
password_nonletter_validator)
form.add_validator(validator)
form.add_validator(pw_len_validator)
form.add_validator(pw_nonchar_validator)
if form.validate(request.params):
form.save()
# Actually save the password. This is not done in the form
# as the password needs to be encrypted.
encrypt_password_callback(request, item)
msg = _('Changed password for "${item}" successfull.',
mapping=mapping)
log.info(msg)
request.session.flash(msg, 'success')
route_name = get_action_routename(item, 'changepassword')
url = request.route_path(route_name, id=item.id)
# Invalidate cache
invalidate_cache()
return HTTPFound(location=url)
else:
msg = _('Error on changing the password for '
'"${item}".', mapping=mapping)
log.info(msg)
request.session.flash(msg, 'error')
rvalue['clazz'] = clazz
rvalue['item'] = item
rvalue['form'] = form.render(page=get_current_form_page(clazz, request))
return rvalue
def changepassword(request):
"""Method to change the users password by the user. The user user
musst provide his old and the new pasword. Users are only allowed to
change their own password."""
# Check authentification
# As this view has now security configured it is
# generally callable by all users. For this reason we first check if
# the user is authenticated. If the user is not authenticated the
# raise an 401 (unauthorized) exception.
if not request.user:
raise HTTPUnauthorized
clazz = User
handle_history(request)
handle_params(request)
_ = request.translate
rvalue = {}
# Load the item return 400 if the item can not be found.
id = request.matchdict.get('id')
factory = clazz.get_item_factory()
try:
item = factory.load(id, request.db)
# Check authorisation
# User are only allowed to set their own password.
if item.id != request.user.id:
raise HTTPForbidden()
except sa.orm.exc.NoResultFound:
raise HTTPBadRequest()
form = Form(get_form_config(item, 'changepassword'),
item, request.db, translate=_,
renderers={},
change_page_callback={'url': 'set_current_form_page',
'item': clazz.__tablename__,
'itemid': id},
request=request, csrf_token=request.session.get_csrf_token())
if request.POST:
mapping = {'item': item}
# Do extra validation which is not handled by formbar.
# Is the provided old password correct?
validator = Validator('oldpassword',
_('The given password is not correct'),
check_password)
pw_len_validator = Validator('password',
_('Password must be at least 12 '
'characters long.'),
password_minlength_validator)
pw_nonchar_validator = Validator('password',
_('Password must contain at least 2 '
'non-letters.'),
password_nonletter_validator)
form.add_validator(validator)
form.add_validator(pw_len_validator)
form.add_validator(pw_nonchar_validator)
if form.validate(request.params):
form.save()
# Actually save the password. This is not done in the form
# as the password needs to be encrypted.
encrypt_password_callback(request, item)
msg = _('Changed password for "${item}" successfull.',
mapping=mapping)
log.info(msg)
request.session.flash(msg, 'success')
route_name = get_action_routename(item, 'changepassword')
url = request.route_path(route_name, id=item.id)
# Invalidate cache
invalidate_cache()
return HTTPFound(location=url)
else:
msg = _('Error on changing the password for '
'"${item}".', mapping=mapping)
log.info(msg)
request.session.flash(msg, 'error')
rvalue['clazz'] = clazz
rvalue['item'] = item
rvalue['form'] = form.render(page=get_current_form_page(clazz, request))
return rvalue
