def test_change_password(self, test_app): """Test changing password correctly and incorrectly""" self.login(test_app) # test that the password can be changed # template.clear_test_template_context() res = test_app.post( '/edit/account/', { 'old_password': '******', 'new_password': '******', 'wants_comment_notification': 'y' }) # Check for redirect on success assert res.status_int == 302 # test_user has to be fetched again in order to have the current values test_user = User.query.filter_by(username=u'chris').first() assert bcrypt_check_password('123456', test_user.pw_hash) # Update current user passwd self.user_password = '******' # test that the password cannot be changed if the given # old_password is wrong template.clear_test_template_context() test_app.post( '/edit/account/', { 'old_password': '******', 'new_password': '******', }) test_user = User.query.filter_by(username=u'chris').first() assert not bcrypt_check_password('098765', test_user.pw_hash)
def test_bcrypt_gen_password_hash(): pw = "youwillneverguessthis" # Normal password hash generation, and check on that hash hashed_pw = auth_lib.bcrypt_gen_password_hash(pw) assert auth_lib.bcrypt_check_password(pw, hashed_pw) assert not auth_lib.bcrypt_check_password("notthepassword", hashed_pw) # Same thing, extra salt. hashed_pw = auth_lib.bcrypt_gen_password_hash(pw, "3><7R45417") assert auth_lib.bcrypt_check_password(pw, hashed_pw, "3><7R45417") assert not auth_lib.bcrypt_check_password("notthepassword", hashed_pw, "3><7R45417")
def test_bcrypt_gen_password_hash(): pw = 'youwillneverguessthis' # Normal password hash generation, and check on that hash hashed_pw = auth_lib.bcrypt_gen_password_hash(pw) assert auth_lib.bcrypt_check_password(pw, hashed_pw) assert not auth_lib.bcrypt_check_password('notthepassword', hashed_pw) # Same thing, extra salt. hashed_pw = auth_lib.bcrypt_gen_password_hash(pw, '3><7R45417') assert auth_lib.bcrypt_check_password(pw, hashed_pw, '3><7R45417') assert not auth_lib.bcrypt_check_password('notthepassword', hashed_pw, '3><7R45417')
def test_bcrypt_check_password(): # Check known 'lollerskates' password against check function assert auth_lib.bcrypt_check_password( "lollerskates", "$2a$12$PXU03zfrVCujBhVeICTwtOaHTUs5FFwsscvSSTJkqx/2RQ0Lhy/nO" ) assert not auth_lib.bcrypt_check_password( "notthepassword", "$2a$12$PXU03zfrVCujBhVeICTwtOaHTUs5FFwsscvSSTJkqx/2RQ0Lhy/nO" ) # Same thing, but with extra fake salt. assert not auth_lib.bcrypt_check_password( "notthepassword", "$2a$12$ELVlnw3z1FMu6CEGs/L8XO8vl0BuWSlUHgh0rUrry9DUXGMUNWwl6", "3><7R45417" )
def test_bcrypt_check_password(): # Check known 'lollerskates' password against check function assert auth_lib.bcrypt_check_password( 'lollerskates', '$2a$12$PXU03zfrVCujBhVeICTwtOaHTUs5FFwsscvSSTJkqx/2RQ0Lhy/nO') assert not auth_lib.bcrypt_check_password( 'notthepassword', '$2a$12$PXU03zfrVCujBhVeICTwtOaHTUs5FFwsscvSSTJkqx/2RQ0Lhy/nO') # Same thing, but with extra fake salt. assert not auth_lib.bcrypt_check_password( 'notthepassword', '$2a$12$ELVlnw3z1FMu6CEGs/L8XO8vl0BuWSlUHgh0rUrry9DUXGMUNWwl6', '3><7R45417')
def edit_account(request): user = request.user form = forms.EditAccountForm( request.form, wants_comment_notification=user.wants_comment_notification, license_preference=user.license_preference, ) if request.method == "POST": form_validated = form.validate() if form_validated and form.wants_comment_notification.validate(form): user.wants_comment_notification = form.wants_comment_notification.data if form_validated and form.new_password.data or form.old_password.data: password_matches = auth_lib.bcrypt_check_password(form.old_password.data, user.pw_hash) if password_matches: # the entire form validates and the password matches user.pw_hash = auth_lib.bcrypt_gen_password_hash(form.new_password.data) else: form.old_password.errors.append(_("Wrong password")) if form_validated and form.license_preference.validate(form): user.license_preference = form.license_preference.data if form_validated and not form.errors: user.save() messages.add_message(request, messages.SUCCESS, _("Account settings saved")) return redirect(request, "mediagoblin.user_pages.user_home", user=user.username) return render_to_response(request, "mediagoblin/edit/edit_account.html", {"user": user, "form": form})
def edit_account(request): user = request.user form = forms.EditAccountForm(request.form, wants_comment_notification=user.get("wants_comment_notification")) if request.method == "POST": form_validated = form.validate() # if the user has not filled in the new or old password fields if not form.new_password.data and not form.old_password.data: if form.wants_comment_notification.validate(form): user.wants_comment_notification = form.wants_comment_notification.data user.save() messages.add_message(request, messages.SUCCESS, _("Account settings saved")) return redirect(request, "mediagoblin.user_pages.user_home", user=user.username) # so the user has filled in one or both of the password fields else: if form_validated: password_matches = auth_lib.bcrypt_check_password(form.old_password.data, user.pw_hash) if password_matches: # the entire form validates and the password matches user.pw_hash = auth_lib.bcrypt_gen_password_hash(form.new_password.data) user.wants_comment_notification = form.wants_comment_notification.data user.save() messages.add_message(request, messages.SUCCESS, _("Account settings saved")) return redirect(request, "mediagoblin.user_pages.user_home", user=user.username) else: form.old_password.errors.append(_("Wrong password")) return render_to_response(request, "mediagoblin/edit/edit_account.html", {"user": user, "form": form})
def test_change_password(test_app): """Test changing password correctly and incorrectly""" # set up new user test_user = fixture_add_user() test_app.post( '/auth/login/', { 'username': u'chris', 'password': '******'}) # test that the password can be changed # template.clear_test_template_context() test_app.post( '/edit/account/', { 'old_password': '******', 'new_password': '******', 'wants_comment_notification': 'y' }) # test_user has to be fetched again in order to have the current values test_user = mg_globals.database.User.one({'username': u'chris'}) assert bcrypt_check_password('123456', test_user.pw_hash) # test that the password cannot be changed if the given old_password # is wrong # template.clear_test_template_context() test_app.post( '/edit/account/', { 'old_password': '******', 'new_password': '******', }) test_user = mg_globals.database.User.one({'username': u'chris'}) assert not bcrypt_check_password('098765', test_user.pw_hash)
def check_login(self, password): """ See if a user can login with this password """ return auth_lib.bcrypt_check_password( password, self['pw_hash'])
def check_login(self, password): """ See if a user can login with this password """ return auth_lib.bcrypt_check_password(password, self['pw_hash'])