def setUp(self): MongoTestCase.setUp(self, None, None) self.vccs_client = TestVCCSClient() self.central_user = self.amdb.get_user_by_mail('*****@*****.**') self.user = ChpassUser.from_central_user(self.central_user) vccs_module.add_credentials('dummy', None, 'abcd', self.user, vccs=self.vccs_client)
def test_add_credentials_bad_old_password(self): added = vccs_module.add_credentials('dummy', 'fghi', 'wxyz', self.user, vccs=self.vccs_client) self.assertFalse(added) result1 = self._check_credentials('abcd') self.assertTrue(result1) result2 = self._check_credentials('fghi') self.assertFalse(result2) result3 = self._check_credentials('wxyz') self.assertFalse(result3)
def test_add_credentials_error_adding(self): from eduid_common.authn.testing import TestVCCSClient with patch.object(TestVCCSClient, 'add_credentials'): TestVCCSClient.add_credentials.return_value = False added = vccs_module.add_credentials('dummy', 'abcd', 'wxyz', self.user, vccs=self.vccs_client) self.assertFalse(added) result1 = self._check_credentials('abcd') self.assertTrue(result1) result2 = self._check_credentials('fghi') self.assertFalse(result2) result3 = self._check_credentials('wxyz') self.assertFalse(result3)
def test_add_credentials_error_revoking(self): from eduid_common.authn.testing import TestVCCSClient from vccs_client import VCCSClientHTTPError def mock_revoke_creds(*args): raise VCCSClientHTTPError('dummy', 500) with patch.object(TestVCCSClient, 'revoke_credentials', mock_revoke_creds): added = vccs_module.add_credentials('dummy', None, 'wxyz', self.user, vccs=self.vccs_client) self.assertTrue(added) result1 = self._check_credentials('abcd') self.assertFalse(result1) result2 = self._check_credentials('fghi') self.assertFalse(result2) result3 = self._check_credentials('wxyz') self.assertTrue(result3)
def change_password(user, old_password, new_password): """ View to change the password """ security_user = SecurityUser.from_user(user, current_app.private_userdb) authn_ts = session.get('reauthn-for-chpass', None) if authn_ts is None: return error_message('chpass.no_reauthn') now = datetime.utcnow() delta = now - datetime.fromtimestamp(authn_ts) timeout = current_app.config.get('CHPASS_TIMEOUT', 600) if int(delta.total_seconds()) > timeout: return error_message('chpass.stale_reauthn') vccs_url = current_app.config.get('VCCS_URL') added = add_credentials(vccs_url, old_password, new_password, security_user, source='security') if not added: current_app.logger.debug('Problem verifying the old credentials for {}'.format(user)) return error_message('chpass.unable-to-verify-old-password') security_user.terminated = False try: save_and_sync_user(security_user) except UserOutOfSync: return error_message('user-out-of-sync') del session['reauthn-for-chpass'] current_app.stats.count(name='security_password_changed', value=1) current_app.logger.info('Changed password for user {}'.format(security_user.eppn)) next_url = current_app.config.get('DASHBOARD_URL', '/profile') credentials = { 'next_url': next_url, 'credentials': compile_credential_list(security_user), 'message': 'chpass.password-changed' } return CredentialList().dump(credentials).data
def _change_password(self, request, user, old_password): if request.POST.get('use_custom_password') == 'true': # The user has entered his own password and it was verified by # validators logger.debug("Password change for user {!r} " "(custom password).".format(user.user_id)) new_password = request.POST.get('custom_password') else: # If the user has selected the suggested password, then it should # be in session logger.debug("Password change for user {!r} " "(suggested password).".format(user.user_id)) new_password = generate_suggested_password(request) new_password = new_password.replace(' ', '') vccs_url = request.registry.settings.get('vccs_url') added = add_credentials(vccs_url, old_password, new_password, user, source='change_passwd') return added
def change_password(user): """ View to change the password """ security_user = SecurityUser.from_user(user, current_app.private_userdb) min_entropy = current_app.config.password_entropy schema = ChangePasswordSchema(zxcvbn_terms=get_zxcvbn_terms( security_user.eppn), min_entropy=int(min_entropy)) if not request.data: return error_response(message='chpass.no-data') try: form = schema.load(json.loads(request.data)) current_app.logger.debug(form) except ValidationError as e: current_app.logger.error(e) return error_response(message='chpass.weak-password') else: old_password = form.get('old_password') new_password = form.get('new_password') if session.get_csrf_token() != form['csrf_token']: return error_response(message='csrf.try_again') authn_ts = session.get('reauthn-for-chpass', None) if authn_ts is None: return error_response(message='chpass.no_reauthn') now = datetime.utcnow() delta = now - datetime.fromtimestamp(authn_ts) timeout = current_app.config.chpass_timeout if int(delta.total_seconds()) > timeout: return error_response(message='chpass.stale_reauthn') vccs_url = current_app.config.vccs_url added = add_credentials(vccs_url, old_password, new_password, security_user, source='security') if not added: current_app.logger.debug( 'Problem verifying the old credentials for {}'.format(user)) return error_response(message='chpass.unable-to-verify-old-password') security_user.terminated = False try: save_and_sync_user(security_user) except UserOutOfSync: return error_response(message='user-out-of-sync') del session['reauthn-for-chpass'] current_app.stats.count(name='security_password_changed', value=1) current_app.logger.info('Changed password for user {}'.format( security_user.eppn)) next_url = current_app.config.dashboard_url credentials = { 'next_url': next_url, 'credentials': compile_credential_list(security_user), 'message': 'chpass.password-changed', } return credentials