def test_account_edit(self):
"""
Verify that account editing works as expected
"""
new_pass = self.password[::-1]
new_email = '*****@*****.**'
form_data = {
'current_password': self.password,
'change_password': '******',
'password': new_pass,
'verify_password': new_pass,
'change_email': 'on',
'email': new_email,
'regenerate': 'on',
}
self.update_account(form_data)
updated_account = get_account(self.username)
assert updated_account.email == new_email
assert updated_account.password != self.account.password
assert updated_account.apikey != self.account.apikey
assert updated_account.secret != self.account.secret
self.account = updated_account
self.password = new_pass
def user_edit():
form = AccountEditForm()
if form.validate_on_submit():
try:
account = get_account(current_user.username)
if form.change_password.data:
if form.password.data == current_user.username:
raise ValidationError(
'Password can not be the same as the username.')
account.set_password(form.password.data)
if form.change_email.data:
email = form.email.data.strip()
account.email = email if len(email) > 0 else None
if form.regenerate.data:
account.update_api_tokens()
account.validate()
account.save()
flash('Account information was successfully updated!',
category='info')
return redirect(url_for('auth.user_account'))
except ValueError as ve:
flash(ve.message, category='error')
except ValidationError as ve:
invalids = ','.join([f.title() for f in ve.errors.keys()])
msg = 'Invalid: %s' % (invalids)
flash(escape(msg), category='error')
except Exception as ex:
current_app.logger.info(ex)
flash('An unknown error has occured.', category='error')
return render_template('account_edit.html', form=form)
def user_edit():
try:
account = get_account(current_user.username)
field = request.form.get('field', None)
if field is None:
raise ValidationError('Update was requested for an unknown field.')
if field == FIELD_KEYS['PASSWORD']:
user_edit_password(account)
elif field == FIELD_KEYS['EMAIL']:
email = request.form.get('email', '').strip()
account.email = email if len(email) > 0 else None
elif field == FIELD_KEYS['SECRET']:
account.update_api_tokens()
account.validate()
account.save()
flash('Account information was successfully updated!', category='info')
except ValueError as ve:
flash(ve.message, category='error')
except ValidationError as ve:
invalids = ','.join([f.title() for f in ve.errors.keys()])
msg = 'Invalid: %s' % (invalids)
flash(escape(msg), category='error')
except Exception as ex:
current_app.logger.info(ex)
flash('An unknown error has occured.', category='error')
return redirect(url_for('auth.user_account'))
def test_lastlogin(self):
"""
Ensure that lastlogin field is updated
"""
lastlogin = datetime.utcnow()
self._login(self.username, self.password)
account = get_account(self.username)
assert lastlogin < account.lastlogin
def user_account():
account = get_account(current_user.username)
content = {
'username': account.username,
'email': account.email,
'apikey': str(account.apikey),
'secret': str(account.secret),
}
return render_template('account.html', **content)
def api_username(apikey):
"""
Fetch the username who holds a given apikey. Returns None if no match.
:Parameters:
- `apikey`: API Key to search for.
"""
account = get_account(apikey, 'apikey')
if account:
return account.username
return None
def generate_signature(apikey, method, path, date, md5sums):
md5sums.sort()
ordered = [method, path, date] + md5sums
string = ''
for content in ordered:
if content is None:
raise ValueError('Required header not found')
string += str(content)
user = get_account(apikey, 'apikey')
if user is None:
raise ValueError('Invalid apikey')
if user.secret is None:
raise ValueError('No client secret known')
return HMAC(
key=bytes(user.secret),
msg=string.lower(),
digestmod=sha512
).hexdigest().upper()
def test_account_edit(self):
"""
Verify that account editing works as expected
"""
new_pass = self.password[::-1]
new_email = '*****@*****.**'
form_data = {
'password': new_pass,
'verify_password': new_pass,
'email': new_email,
}
for field in ['password', 'email', 'secret']:
form_data['field'] = field
self.update_account(form_data)
updated_account = get_account(self.username)
assert updated_account.email == new_email
assert updated_account.password != self.account.password
assert updated_account.apikey != self.account.apikey
assert updated_account.secret != self.account.secret
self.account = updated_account
self.password = new_pass
def authenticate(username, password):
user = get_account(str(username))
if user:
if check_password_hash(user.password, password):
return True
return False
def api_request_user_account():
"""
Get the account associated with the current API requrst
"""
username = api_request_user()
return get_account(username)
