def doAddCredential(self, form):
user = self.getCurrentUser()
CredentialManager.addCredToUser(user,
form.credentialType.data,
form.identifier.data,
form.password.data)
return self.as_dict(user)
def doAddCredential(self, form):
user = self.getCurrentUser()
CredentialManager.addCredToUser(user,
form.credentialType.data,
form.identifier.data,
form.password.data)
return self.as_dict(user)
def registerCertUser(self, email, identifier, digest, cred):
if email is None:
raise ReportedError([youHaveToRegisterFirst], 403)
theEmail = email[0]
CredentialManager.create_user_with_creds("certificate", identifier,
digest, theEmail)
cred = Credential.get("certificate", identifier)
self.sendPasswordVerificationEmail(cred.user)
return cred
def emailChangeInit(self, newEmailAddress, user):
if User.getByEmail(newEmailAddress):
raise ReportedError(thereIsAlreadyAUserWithThatEmail, 418)
secret, expiry = CredentialManager.createTemporaryCredential(user, "changeemail",additionalInfo=newEmailAddress )
self.sendEmail(user, secret, expiry, "CHANGE_EMAIL_OLD", newemail=newEmailAddress, oldemail=user.email )
secret, expiry = CredentialManager.createTemporaryCredential(user, "changeemailandverify",additionalInfo=newEmailAddress )
self.sendEmail(user, secret, expiry, "CHANGE_EMAIL_NEW", recipient=newEmailAddress, newemail=newEmailAddress, oldemail=user.email)
Credential.deleteExpired("changeemail")
Credential.deleteExpired("changeemailandverify")
def doChangePassword(self, form):
user = self.getCurrentUser()
cred = Credential.getByUser(user, 'password')
oldSecret = CredentialManager.protect_secret(form.oldPassword.data)
if cred.secret != oldSecret:
raise ReportedError([oldPasswordDoesNotMatch])
secret = CredentialManager.protect_secret(form.newPassword.data)
cred.secret = secret
cred.save()
return self.simple_response(passwordChangedSuccessfully)
def doChangePassword(self, form):
user = self.getCurrentUser()
cred = Credential.getByUser(user, 'password')
oldSecret = CredentialManager.protect_secret(form.oldPassword.data)
if cred.secret != oldSecret:
raise ReportedError([oldPasswordDoesNotMatch])
secret = CredentialManager.protect_secret(form.newPassword.data)
cred.secret = secret
cred.save()
return self.simple_response(passwordChangedSuccessfully)
def do_change_password(self, form):
user = self.getCurrentUser()
cred = Credential.getByUser(user, 'password')
oldSecret = CredentialManager.protect_secret(form.oldPassword.data)
if cred.secret != oldSecret:
raise ReportedError(["old password does not match"])
secret = CredentialManager.protect_secret(form.newPassword.data)
cred.secret = secret
cred.save()
return self.simple_response('password changed succesfully')
def test_user_can_login_with_facebook_for_a_served_application(self):
user = config.facebookUser1
CredentialManager.create_user_with_creds(
'facebook',
user.userid,
user.userid,
user.email)
self.callOauthUri()
self.pushFbButtonWhenready(buttonId="login_facebook_button")
self.handleFbLoginPage(user)
self.waitForJsState('myApps')
self.click("acceptance_accept")
self.assertReachedRedirectUri()
def registerCertUser(self, cert, email):
if cert is None or cert == '':
raise ReportedError(["No certificate given"], 403)
identifier, digest = self.parseCert(cert)
cred = Credential.get("certificate", identifier)
if cred is None:
if email is None:
raise ReportedError(["You have to register first"], 403)
theEmail = email[0]
CredentialManager.create_user_with_creds("certificate", identifier, digest, theEmail)
cred = Credential.get("certificate", identifier)
self.sendPasswordVerificationEmail(cred.user)
cred.user.activate()
return cred
def User_email_can_be_stored(self):
self.setupRandom()
email = "email{0}@example.com".format(self.randString)
userid = "aaa_{0}".format(self.randString)
password = "******".format(self.randString)
user = CredentialManager.create_user_with_creds('password', userid, password, email)
self.assertEquals(user.email, email)
def test_User_with_credential_can_be_deleted(self):
self.setupUserCreationData()
cred = CredentialManager.create_user_with_creds(
'password',
self.userCreationUserid,
self.usercreationPassword,
self.userCreationEmail)
cred.user.rm()
def test_password_reset_creates_password_if_it_does_not_exists(self):
form = self.createPasswordResetFormWithSecret()
user = User.getByEmail(self.userCreationEmail)
passcred = Credential.getByUser(user, "password")
passcred.rm()
self.controller.doPasswordReset(form)
newPassCred = Credential.getByUser(user, "password")
self.assertEqual(newPassCred.secret, CredentialManager.protect_secret(self.newPassword))
def test_change_password_does_change_password(self):
with app.test_client() as client:
self._preparePasswordChangeTest(client)
self._doPasswordChange(client)
cred = Credential.get('password', self.userCreationUserid)
self.assertEqual(
cred.secret,
CredentialManager.protect_secret(self.newPassword))
def test_User_email_is_be_stored(self):
self.setupUserCreationData()
cred = CredentialManager.create_user_with_creds(
'password',
self.userCreationUserid,
self.usercreationPassword,
self.userCreationEmail)
self.assertEqual(cred.user.email, self.userCreationEmail)
def do_password_reset(self, form):
cred = Credential.get(passwordResetCredentialType, form.secret.data)
if cred is None or (float(cred.secret) < time.time()):
Credential.deleteExpired(passwordResetCredentialType)
raise ReportedError(['The secret has expired'], 404)
passcred = Credential.getByUser(cred.user, 'password')
passcred.secret = CredentialManager.protect_secret(form.password.data)
cred.rm()
return self.simple_response('Password successfully changed')
def sendPasswordVerificationEmail(self, user):
credentialType = 'emailcheck'
secret, expiry = CredentialManager.createTemporaryCredential(
user, credentialType)
self.sendEmail(user,
secret,
expiry,
"PASSWORD_VERIFICATION",
rmuser=True)
def successful_password_reset_sets_the_password(self):
password = self.mkRandomPassword()
secret = unicode(uuid4())
user = User.getByEmail(self.usercreation_email)
Credential.new(user, 'email_for_password_reset', secret, time.time()+3600)
with app.test_client() as c:
data = dict(password=password, secret=secret)
c.post("/v1/password_reset", data = data)
cred = Credential.getByUser(user, "password")
self.assertEquals(cred.secret, CredentialManager.protect_secret(password))
def test_User_hash_can_be_stored(self):
self.setupUserCreationData()
digest = self.createHash()
cred = CredentialManager.create_user_with_creds(
'password',
self.userCreationUserid,
self.usercreationPassword,
self.userCreationEmail,
digest)
self.assertEqual(cred.user.hash, digest)
def createUserWithCredentials(self,
credType='password',
userid=None,
password=None,
email=None):
self.setupUserCreationData(userid, password, email)
cred = CredentialManager.create_user_with_creds(
credType, self.userCreationUserid, self.usercreationPassword,
self.userCreationEmail)
cred.user.activate()
return cred
def emailChangeInit(self, newEmailAddress, user):
if User.getByEmail(newEmailAddress):
raise ReportedError(thereIsAlreadyAUserWithThatEmail, 418)
secret, expiry = CredentialManager.createTemporaryCredential(
user, "changeemail", additionalInfo=newEmailAddress)
self.sendEmail(user,
secret,
expiry,
"CHANGE_EMAIL_OLD",
newemail=newEmailAddress,
oldemail=user.email)
secret, expiry = CredentialManager.createTemporaryCredential(
user, "changeemailandverify", additionalInfo=newEmailAddress)
self.sendEmail(user,
secret,
expiry,
"CHANGE_EMAIL_NEW",
recipient=newEmailAddress,
newemail=newEmailAddress,
oldemail=user.email)
Credential.deleteExpired("changeemail")
Credential.deleteExpired("changeemailandverify")
def getAssurerUser():
userName = "******"
password = "******"
assurerEmail = "*****@*****.**"
user = User.getByEmail(assurerEmail)
if not user:
user = CredentialManager.create_user_with_creds('password', userName, password, assurerEmail).user
user.activate()
Assurance.new(user, "assurer", user).save()
Assurance.new(user, "assurer.test", user).save()
user.password=password
user.userName=userName
return user
def doPasswordReset(self, form):
Credential.deleteExpired(self.passwordResetCredentialType)
cred = Credential.getBySecret(
self.passwordResetCredentialType, form.secret.data)
if cred is None or (cred.getExpirationTime() < time.time()):
raise ReportedError([theSecretHasExpired], 404)
passcred = Credential.getByUser(cred.user, 'password')
protectedSecret = CredentialManager.protect_secret(form.password.data)
if not passcred:
passcred = Credential.new(cred.user, "password", cred.user.email, protectedSecret)
else:
passcred.secret = protectedSecret
cred.rm()
return self.simple_response(passwordSuccessfullyChanged)
def doPasswordReset(self, form):
Credential.deleteExpired(self.passwordResetCredentialType)
cred = Credential.getBySecret(
self.passwordResetCredentialType, form.secret.data)
if cred is None or (cred.getExpirationTime() < time.time()):
raise ReportedError([theSecretHasExpired], 404)
passcred = Credential.getByUser(cred.user, 'password')
protectedSecret = CredentialManager.protect_secret(form.password.data)
if not passcred:
passcred = Credential.new(cred.user, "password", cred.user.email, protectedSecret)
else:
passcred.secret = protectedSecret
cred.rm()
return self.simple_response(passwordSuccessfullyChanged)
def getAssurerUser():
userName = "******"
password = "******"
assurerEmail = "*****@*****.**"
user = User.getByEmail(assurerEmail)
if not user:
user = CredentialManager.create_user_with_creds(
'password', userName, password, assurerEmail).user
user.activate()
Assurance.new(user, "assurer", user).save()
Assurance.new(user, "assurer.test", user).save()
user.password = password
user.userName = userName
return user
def test_user_can_login_with_password_for_a_served_application(self):
cred=CredentialManager.create_user_with_creds(
'password',
self.userCreationUserid,
self.usercreationPassword,
self.userCreationEmail)
self.callOauthUri()
self.beginProcess("login with password in app")
self.fillInField("LoginForm_email_input", self.userCreationUserid)
self.fillInField("LoginForm_password_input", self.usercreationPassword)
self.click("loginform_submit-button")
self.waitForJsState("myApps")
self.click("acceptance_accept")
self.endProcess("login with password in app")
self.assertReachedRedirectUri()
def doRegistration(self, form):
Credential.deleteExpired('emailcheck')
cred = CredentialManager.create_user_with_creds(
form.credentialType.data,
form.identifier.data,
form.password.data,
form.email.data,
None)
user = cred.user
additionalInfo = self.checkAndUpdateHash(form, user)
self.sendPasswordVerificationEmail(user)
user.set_authenticated()
user.activate()
success = self.loginInFramework(cred)
if success:
return self.returnUserAndLoginCookie(user, additionalInfo)
def doRegistration(self, form):
Credential.deleteExpired('emailcheck')
cred = CredentialManager.create_user_with_creds(
form.credentialType.data,
form.identifier.data,
form.password.data,
form.email.data,
None)
user = cred.user
additionalInfo = self.checkAndUpdateHash(form, user)
self.sendPasswordVerificationEmail(user)
user.set_authenticated()
user.activate()
success = self.loginInFramework(cred)
if success:
return self.returnUserAndLoginCookie(user, additionalInfo)
def _do_registration(self, form):
additionalInfo = {}
digest = form.digest.data
if digest == '':
digest = None
if digest is not None:
anotherUsers = User.getByDigest(form.digest.data)
if anotherUsers:
if self.isAnyoneHandAssurredOf(anotherUsers):
raise ReportedError([anotherUserUsingYourHash], 400)
additionalInfo["message"] = anotherUserUsingYourHash
user = CredentialManager.create_user_with_creds(
form.credentialType.data,
form.identifier.data,
form.secret.data,
form.email.data,
digest)
self.sendPasswordVerificationEmail(user)
user.set_authenticated()
user.activate()
r = self.loginUserInFramework(user)
if r:
return self.returnUserAndLoginCookie(user, additionalInfo)
def sendDeregisterMail(self, user):
secret, expiry = CredentialManager.createTemporaryCredential(user, 'deregister')
self.sendEmail(user, secret, expiry, "DEREGISTRATION")
def sendPasswordResetMail(self, user):
secret, expiry = CredentialManager.createTemporaryCredential(
user,
self.passwordResetCredentialType,
expiry=CredentialManager.fourHoursInSeconds)
self.sendEmail(user, secret, expiry, "PASSWORD_RESET")
def sendDeregisterMail(self, user):
secret, expiry = CredentialManager.createTemporaryCredential(
user, 'deregister')
self.sendEmail(user, secret, expiry, "DEREGISTRATION")
def sendPasswordResetMail(self, user):
secret, expiry = CredentialManager.createTemporaryCredential(
user,
self.passwordResetCredentialType,
expiry=CredentialManager.fourHoursInSeconds)
self.sendEmail(user, secret, expiry, "PASSWORD_RESET")
def passwordLogin(self, form):
cred = CredentialManager.getCredentialFromForm(form)
if cred is None:
raise ReportedError([badUserNameOrPassword], status=403)
return self.finishLogin(cred)
def passwordLogin(self, form):
user = CredentialManager.validate_from_form(form)
if user is None:
raise ReportedError(["Bad username or password"], status=403)
return self.finishLogin(user)
def sendPasswordVerificationEmail(self, user):
credentialType = 'emailcheck'
secret, expiry = CredentialManager.createTemporaryCredential(user, credentialType)
self.sendEmail(user, secret, expiry, "PASSWORD_VERIFICATION", rmuser = True)
def createUserWithCredentials(self, credType='password', userid=None, password=None, email=None):
userid, password, email = self.setupUserCreationData(userid, password, email)
user = CredentialManager.create_user_with_creds(credType, userid, password, email)
self.assertTrue(user)
return user
def change_password_does_change_password(self):
with app.test_client() as c:
self._preparePasswordChangeTest(c)
self._doPasswordChange(c)
cred = Credential.get('password', self.usercreation_userid)
self.assertEquals(cred.secret, CredentialManager.protect_secret(self.newPassword))
def test_successful_password_reset_sets_the_password(self):
self.doPasswordReset()
self.assertEqual(self.cred.secret, CredentialManager.protect_secret(self.newPassword))