def post(self):
auth_parser = reqparse.RequestParser()
auth_parser.add_argument('login', dest='login', required=True)
auth_parser.add_argument('password', dest='password', required=True)
args = auth_parser.parse_args()
user = User.verify_and_get(login=args.login,
plaintext_password=args.password)
if user is None:
abort(401, msg="Authentication failed")
return {'id': user.id}
def test_set_and_verify_password(self, user, session):
password = generate_password(4)
user.password = password
session.flush()
assert user.check_password(password)
assert User.verify_and_get(user.login, password) == user
assert User.verify_and_get(user.login, password + "_wrong") is None
# TODO reduce set of examples, this is excessive.
# Also, why do we depend on `generate_password` instead of testing it separately?
# All of this is very unperformant with little benefit.
for length in range(4, 10):
for cnt in range(1, 3):
pw = generate_password(length)
if pw == password:
continue
assert not user.check_password(pw)
assert User.verify_and_get(user.login, pw) is None
def login():
if current_user is not None and current_user.is_authenticated():
flash(u'Sie sind bereits als "%s" angemeldet!' % current_user.name, "warning")
return redirect(url_for('user.overview'))
form = LoginForm()
if form.validate_on_submit():
user = User.verify_and_get(form.login.data, form.password.data)
if user is not None:
login_user(user)
flash(u"Erfolgreich angemeldet.", "success")
return redirect(request.args.get("next") or url_for("user.overview"))
flash(u"Benutzername und/oder Passwort falsch", "error")
return render_template("login/login.html", form=form, next=request.args.get("next"))
def test_user_login_case_insensitive(self, session, user):
password = '******'
assert User.verify_and_get(user.login, password) == user
# Verification of login name should be case insensitive
assert User.verify_and_get(user.login.upper(), password) == user