def doChangePassword(self, form):
user = self.getCurrentUser()
cred = Credential.getByUser(user, 'password')
oldSecret = CredentialManager.protect_secret(form.oldPassword.data)
if cred.secret != oldSecret:
raise ReportedError([oldPasswordDoesNotMatch])
secret = CredentialManager.protect_secret(form.newPassword.data)
cred.secret = secret
cred.save()
return self.simple_response(passwordChangedSuccessfully)
def do_change_password(self, form):
user = self.getCurrentUser()
cred = Credential.getByUser(user, 'password')
oldSecret = CredentialManager.protect_secret(form.oldPassword.data)
if cred.secret != oldSecret:
raise ReportedError(["old password does not match"])
secret = CredentialManager.protect_secret(form.newPassword.data)
cred.secret = secret
cred.save()
return self.simple_response('password changed succesfully')
def doChangePassword(self, form):
user = self.getCurrentUser()
cred = Credential.getByUser(user, 'password')
oldSecret = CredentialManager.protect_secret(form.oldPassword.data)
if cred.secret != oldSecret:
raise ReportedError([oldPasswordDoesNotMatch])
secret = CredentialManager.protect_secret(form.newPassword.data)
cred.secret = secret
cred.save()
return self.simple_response(passwordChangedSuccessfully)
def test_change_password_does_change_password(self):
with app.test_client() as client:
self._preparePasswordChangeTest(client)
self._doPasswordChange(client)
cred = Credential.get('password', self.userCreationUserid)
self.assertEqual(
cred.secret,
CredentialManager.protect_secret(self.newPassword))
def test_password_reset_creates_password_if_it_does_not_exists(self):
form = self.createPasswordResetFormWithSecret()
user = User.getByEmail(self.userCreationEmail)
passcred = Credential.getByUser(user, "password")
passcred.rm()
self.controller.doPasswordReset(form)
newPassCred = Credential.getByUser(user, "password")
self.assertEqual(newPassCred.secret, CredentialManager.protect_secret(self.newPassword))
def do_password_reset(self, form):
cred = Credential.get(passwordResetCredentialType, form.secret.data)
if cred is None or (float(cred.secret) < time.time()):
Credential.deleteExpired(passwordResetCredentialType)
raise ReportedError(['The secret has expired'], 404)
passcred = Credential.getByUser(cred.user, 'password')
passcred.secret = CredentialManager.protect_secret(form.password.data)
cred.rm()
return self.simple_response('Password successfully changed')
def successful_password_reset_sets_the_password(self):
password = self.mkRandomPassword()
secret = unicode(uuid4())
user = User.getByEmail(self.usercreation_email)
Credential.new(user, 'email_for_password_reset', secret, time.time()+3600)
with app.test_client() as c:
data = dict(password=password, secret=secret)
c.post("/v1/password_reset", data = data)
cred = Credential.getByUser(user, "password")
self.assertEquals(cred.secret, CredentialManager.protect_secret(password))
def doPasswordReset(self, form):
Credential.deleteExpired(self.passwordResetCredentialType)
cred = Credential.getBySecret(
self.passwordResetCredentialType, form.secret.data)
if cred is None or (cred.getExpirationTime() < time.time()):
raise ReportedError([theSecretHasExpired], 404)
passcred = Credential.getByUser(cred.user, 'password')
protectedSecret = CredentialManager.protect_secret(form.password.data)
if not passcred:
passcred = Credential.new(cred.user, "password", cred.user.email, protectedSecret)
else:
passcred.secret = protectedSecret
cred.rm()
return self.simple_response(passwordSuccessfullyChanged)
def doPasswordReset(self, form):
Credential.deleteExpired(self.passwordResetCredentialType)
cred = Credential.getBySecret(
self.passwordResetCredentialType, form.secret.data)
if cred is None or (cred.getExpirationTime() < time.time()):
raise ReportedError([theSecretHasExpired], 404)
passcred = Credential.getByUser(cred.user, 'password')
protectedSecret = CredentialManager.protect_secret(form.password.data)
if not passcred:
passcred = Credential.new(cred.user, "password", cred.user.email, protectedSecret)
else:
passcred.secret = protectedSecret
cred.rm()
return self.simple_response(passwordSuccessfullyChanged)
def change_password_does_change_password(self):
with app.test_client() as c:
self._preparePasswordChangeTest(c)
self._doPasswordChange(c)
cred = Credential.get('password', self.usercreation_userid)
self.assertEquals(cred.secret, CredentialManager.protect_secret(self.newPassword))
def test_successful_password_reset_sets_the_password(self):
self.doPasswordReset()
self.assertEqual(self.cred.secret, CredentialManager.protect_secret(self.newPassword))