def test_login(self):
user = self.session.query(User).filter_by(login="******").one()
hashed = hash_password("admin", user.salt)
assert hashed == user.password
hashed = hash_password("wrong", user.salt)
assert hashed != user.password
def add_submit(self, login=None, mail=None, roles=None, password1=None, password2=None):
AdminUsers._validate_user_params(login, mail, roles, password1, password2)
if roles is None:
roles = []
if isinstance(roles, str):
roles = [roles]
salt = ''.join(random.choice(string.ascii_letters + string.digits) for i in range(64))
password = hash_password(password1, salt)
user = User(login, password, mail, salt)
get_database().add(user)
for role in get_database().query(Role).filter(Role.id.in_(roles)):
role.users.append(user)
get_database().commit()
messages_service.success('User was added.')
raise HTTPRedirect('/admin/users')
def edit_submit(self, user_id, login=None, mail=None, roles=None,
password1=None, password2=None):
try:
user = (get_database().query(User)
.filter_by(id=user_id).one())
except NoResultFound:
raise cherrypy.NotFound()
AdminUsers._validate_user_params(login, mail, roles, password1, password2)
if roles is None:
roles = []
if isinstance(roles, str):
roles = [roles]
password = hash_password(password1, user.salt)
user.login = login
user.mail = mail
user.password = password
user.roles[:] = []
for role in get_database().query(Role).filter(Role.id.in_(roles)):
role.users.append(user)
get_database().commit()
messages_service.success('User was edited.')
raise HTTPRedirect('/admin/users')
def submit(self, login=None, mail=None, password1=None, password2=None):
user = cherrypy.request.user
if mail == '':
mail = None
if password1 == '':
password1 = None
if password2 == '':
password2 = None
if mail is not None and user.mail != mail:
user.mail = mail
messages_service.success('Your mail was changed.')
if password1 is not None and password2 is not None:
if password1 != password2:
messages_service.warning('The passwords do not match.')
else:
user.password = hash_password(password1, user.salt)
messages_service.success('Your password was changed.')
raise HTTPRedirect('/settings')
def run_fixtures(database=None):
if database is None:
database = get_raw_session()
# begin fixtures
salt = ''.join(random.choice(string.ascii_letters + string.digits) for i in range(64))
admin_user = User('admin', hash_password("admin", salt), '*****@*****.**', salt)
salt = ''.join(random.choice(string.ascii_letters + string.digits) for i in range(64))
user_user = User('user', hash_password("user", salt), '*****@*****.**', salt)
database.add(admin_user)
database.add(user_user)
admin_role = Role('admin')
database.add(admin_role)
admin_role.users.append(admin_user)
# end fixtures
database.commit()
def command_user(action=None, *args):
if action == "add_role":
if len(args) >= 1:
name = args[0]
database = get_raw_session()
role = Role(name)
database.add(role)
database.commit()
else:
parser.error('Needs to provide a name.')
elif action == "add":
if len(args) >= 3:
login = args[0]
password = args[1]
mail = args[2]
if len(args) >= 4:
role = args[3]
else:
role = None
database = get_raw_session()
salt = ''.join(random.choice(string.ascii_letters + string.digits) for i in range(64))
user = User(login, hash_password(password, salt), mail, salt)
database.add(user)
if role is not None:
role = database.query(Role).filter(Role.name == role).one()
role.users.append(user)
database.commit()
else:
parser.error('Needs to provide a login, password, mail and optionally role.')
else:
parser.error('Needs to provide a valid action (add, add_role).')
