def test_bcrypt_gen_password_hash():
pw = "youwillneverguessthis"
# Normal password hash generation, and check on that hash
hashed_pw = auth_tools.bcrypt_gen_password_hash(pw)
assert auth_tools.bcrypt_check_password(pw, hashed_pw)
assert not auth_tools.bcrypt_check_password("notthepassword", hashed_pw)
# Same thing, extra salt.
hashed_pw = auth_tools.bcrypt_gen_password_hash(pw, "3><7R45417")
assert auth_tools.bcrypt_check_password(pw, hashed_pw, "3><7R45417")
assert not auth_tools.bcrypt_check_password("notthepassword", hashed_pw, "3><7R45417")
def test_bcrypt_gen_password_hash():
pw = 'youwillneverguessthis'
# Normal password hash generation, and check on that hash
hashed_pw = auth_tools.bcrypt_gen_password_hash(pw)
assert auth_tools.bcrypt_check_password(pw, hashed_pw)
assert not auth_tools.bcrypt_check_password('notthepassword', hashed_pw)
# Same thing, extra salt.
hashed_pw = auth_tools.bcrypt_gen_password_hash(pw, '3><7R45417')
assert auth_tools.bcrypt_check_password(pw, hashed_pw, '3><7R45417')
assert not auth_tools.bcrypt_check_password('notthepassword', hashed_pw,
'3><7R45417')
def change_pass(request):
form = forms.ChangePassForm(request.form)
user = request.user
if request.method == 'POST' and form.validate():
if not tools.bcrypt_check_password(
form.old_password.data, user.pw_hash):
form.old_password.errors.append(
_('Wrong password'))
return render_to_response(
request,
'mediagoblin/plugins/basic_auth/change_pass.html',
{'form': form,
'user': user})
# Password matches
user.pw_hash = tools.bcrypt_gen_password_hash(
form.new_password.data)
user.save()
messages.add_message(
request, messages.SUCCESS,
_('Your password was changed successfully'))
return redirect(request, 'mediagoblin.edit.account')
return render_to_response(
request,
'mediagoblin/plugins/basic_auth/change_pass.html',
{'form': form,
'user': user})
def change_pass(request):
form = forms.ChangePassForm(request.form)
user = request.user
if request.method == 'POST' and form.validate():
if not tools.bcrypt_check_password(form.old_password.data,
user.pw_hash):
form.old_password.errors.append(_('Wrong password'))
return render_to_response(
request, 'mediagoblin/plugins/basic_auth/change_pass.html', {
'form': form,
'user': user
})
# Password matches
user.pw_hash = tools.bcrypt_gen_password_hash(form.new_password.data)
user.save()
messages.add_message(request, messages.SUCCESS,
_('Your password was changed successfully'))
return redirect(request, 'mediagoblin.edit.account')
return render_to_response(
request, 'mediagoblin/plugins/basic_auth/change_pass.html', {
'form': form,
'user': user
})
def gen_password_hash(raw_pass, extra_salt=None):
return auth_tools.bcrypt_gen_password_hash(raw_pass, extra_salt)
def verify_forgot_password(request):
"""
Check the forgot-password verification and possibly let the user
change their password because of it.
"""
# get form data variables, and specifically check for presence of token
formdata = _process_for_token(request)
if not formdata['has_token']:
return render_404(request)
formdata_vars = formdata['vars']
# Catch error if token is faked or expired
try:
token = get_timed_signer_url("mail_verification_token") \
.loads(formdata_vars['token'], max_age=10*24*3600)
except BadSignature:
messages.add_message(
request,
messages.ERROR,
_('The verification key or user id is incorrect.'))
return redirect(
request,
'index')
# check if it's a valid user id
user = User.query.filter_by(id=int(token)).first()
# no user in db
if not user:
messages.add_message(
request, messages.ERROR,
_('The user id is incorrect.'))
return redirect(
request, 'index')
# check if user active and has email verified
if user.has_privilege(u'active'):
cp_form = forms.ChangeForgotPassForm(formdata_vars)
if request.method == 'POST' and cp_form.validate():
user.pw_hash = tools.bcrypt_gen_password_hash(
cp_form.password.data)
user.save()
messages.add_message(
request,
messages.INFO,
_("You can now log in using your new password."))
return redirect(request, 'mediagoblin.auth.login')
else:
return render_to_response(
request,
'mediagoblin/plugins/basic_auth/change_fp.html',
{'cp_form': cp_form})
## Commenting this out temporarily because I'm checking into
## what's going on with user.email_verified.
##
## ... if this commit lasts long enough for anyone but me (cwebber) to
## notice it, they should pester me to remove this or remove it
## themselves ;)
#
# if not user.email_verified:
# messages.add_message(
# request, messages.ERROR,
# _('You need to verify your email before you can reset your'
# ' password.'))
if not user.status == 'active':
messages.add_message(
request, messages.ERROR,
_('You are no longer an active user. Please contact the system'
' admin to reactivate your accoutn.'))
return redirect(
request, 'index')
def gen_password_hash(raw_pass, extra_salt=None):
return auth_tools.bcrypt_gen_password_hash(raw_pass, extra_salt)
def verify_forgot_password(request):
"""
Check the forgot-password verification and possibly let the user
change their password because of it.
"""
# get form data variables, and specifically check for presence of token
formdata = _process_for_token(request)
if not formdata['has_token']:
return render_404(request)
formdata_vars = formdata['vars']
# Catch error if token is faked or expired
try:
token = get_timed_signer_url("mail_verification_token") \
.loads(formdata_vars['token'], max_age=10*24*3600)
except BadSignature:
messages.add_message(
request, messages.ERROR,
_('The verification key or user id is incorrect.'))
return redirect(request, 'index')
# check if it's a valid user id
user = User.query.filter_by(id=int(token)).first()
# no user in db
if not user:
messages.add_message(request, messages.ERROR,
_('The user id is incorrect.'))
return redirect(request, 'index')
# check if user active and has email verified
if user.has_privilege(u'active'):
cp_form = forms.ChangeForgotPassForm(formdata_vars)
if request.method == 'POST' and cp_form.validate():
user.pw_hash = tools.bcrypt_gen_password_hash(
cp_form.password.data)
user.save()
messages.add_message(
request, messages.INFO,
_("You can now log in using your new password."))
return redirect(request, 'mediagoblin.auth.login')
else:
return render_to_response(
request, 'mediagoblin/plugins/basic_auth/change_fp.html',
{'cp_form': cp_form})
## Commenting this out temporarily because I'm checking into
## what's going on with user.email_verified.
##
## ... if this commit lasts long enough for anyone but me (cwebber) to
## notice it, they should pester me to remove this or remove it
## themselves ;)
#
# if not user.email_verified:
# messages.add_message(
# request, messages.ERROR,
# _('You need to verify your email before you can reset your'
# ' password.'))
if not user.status == 'active':
messages.add_message(
request, messages.ERROR,
_('You are no longer an active user. Please contact the system'
' admin to reactivate your account.'))
return redirect(request, 'index')
