def test_user_password_validate(db_conn, users_table): """ Ensure a password can be validated. """ user, errors = insert_user( {"id": "abcd1234", "name": "test", "email": "*****@*****.**", "password": "******"}, db_conn ) assert not is_password_valid(user["password"], "1234abcd") assert is_password_valid(user["password"], "abcd1234")
def test_is_password_valid(): real_password = '******' # NOTE do not set rounds this low in production! real_encrypted_password = bcrypt.encrypt(real_password, rounds=4) given_password = None assert not is_password_valid(real_encrypted_password, given_password) given_password = '******' assert not is_password_valid(real_encrypted_password, given_password) given_password = real_password assert is_password_valid(real_encrypted_password, given_password)
def test_user_password_validate(db_conn, users_table): """ Ensure a password can be validated. """ user, errors = insert_user( { 'id': 'abcd1234', 'name': 'test', 'email': '*****@*****.**', 'password': '******' }, db_conn) assert not is_password_valid(user['password'], '1234abcd') assert is_password_valid(user['password'], 'abcd1234')
def log_in_route(request): """ Log in user. """ db_conn = request['db_conn'] name = request['params'].get('name') or '' name = name.lower().strip() user = get_user(db_conn, {'name': name}) if not user: user = get_user(db_conn, {'email': name}) if not user: return 404, { 'errors': [{ 'name': 'name', 'message': c('no_user'), 'ref': 'dfhMHDFbT42CmRRmN14gdA', }], } real_encrypted_password = user['password'] given_password = request['params'].get('password') if not is_password_valid(real_encrypted_password, given_password): return 400, { 'errors': [{ 'name': 'password', 'message': c('no_match'), 'ref': 'DTarUzzsSLKarq-uIsXkFQ', }], } return _log_in(user)
def log_in_route(request): """ Log in user. """ db_conn = request['db_conn'] name = request['params'].get('name') or '' name = name.lower().strip() user = get_user({'name': name}, db_conn) if not user: user = get_user({'email': request['params'].get('name')}, db_conn) if not user: return 404, { 'errors': [{ 'name': 'name', 'message': c('no_user'), }], 'ref': 'FYIPOI8g2nzrIEcJYSDAfmti' } real_encrypted_password = user['password'] given_password = request['params'].get('password') if not is_password_valid(real_encrypted_password, given_password): return 400, { 'errors': [{ 'name': 'password', 'message': c('no_match'), }], 'ref': 'UwCRydZ7Agi7LYKv9c1y07ft' } return _log_in(user)
def log_in_route(request): """ Log in user. """ db_conn = request["db_conn"] name = request["params"].get("name") or "" name = name.lower().strip() user = get_user({"name": name}, db_conn) if not user: user = get_user({"email": request["params"].get("name")}, db_conn) if not user: return 404, {"errors": [{"name": "name", "message": c("no_user")}], "ref": "FYIPOI8g2nzrIEcJYSDAfmti"} real_encrypted_password = user["password"] given_password = request["params"].get("password") if not is_password_valid(real_encrypted_password, given_password): return 400, {"errors": [{"name": "password", "message": c("no_match")}], "ref": "UwCRydZ7Agi7LYKv9c1y07ft"} return _log_in(user)