def test_update_user_password( client: TestClient, user: User, session: Session, user_auth_header: dict, user_create_data: dict, ): old_password = user_create_data["password"] new_password = "******" assert util.password_is_match(old_password, user.hashed_password) assert not util.password_is_match(new_password, user.hashed_password) response = client.put( "/api/me/password", headers=user_auth_header, json={ "oldPassword": old_password, "newPassword": new_password, }, ) assert response.status_code == 200 result = response.json() assert "firstName" in result assert "lastName" in result assert "email" in result assert "id" in result assert "phoneNumber" in result assert "dob" in result assert "description" in result assert "city" in result assert "gender" in result session.expire_all() assert not util.password_is_match(old_password, user.hashed_password) assert util.password_is_match(new_password, user.hashed_password)
def test_update_password( user: User, user_create_data: dict, session: Session, application: Application, ): old_password = user_create_data["password"] new_password = "******" assert old_password != new_password application.update_password(session, user, old_password, new_password) assert user.hashed_password != old_password assert user.hashed_password != new_password assert not util.password_is_match(old_password, user.hashed_password) assert util.password_is_match(new_password, user.hashed_password)
def update_password(self, session: Session, user: User, old_password: str, new_password: str) -> User: if not util.password_is_match(old_password, user.hashed_password): raise ApplicationError("Wrong password") new_hashed_password = util.hash_password(new_password) return self.user_service.update(session, user, hashed_password=new_hashed_password)
def authenticate_user(self, session: Session, login: str, password: str) -> bytes: existing_user: Optional[User] = self.user_service.get_by_email( session, login) or self.user_service.get_by_phone_number( session, login) if not existing_user: raise ApplicationError("Invalid login credentials") if not util.password_is_match(password, existing_user.hashed_password): raise ApplicationError("Invalid login credentials") return util.create_access_token(data={"sub": str(existing_user.id)})
def test_password_is_match(): password = "******" hashed_password = util.hash_password(password) assert not util.password_is_match("wrong", hashed_password) assert util.password_is_match(password, hashed_password)