def test_change_password(self):
self.create_data()
# With existing users
for name in ["alice", "bob", "charlie"]:
user = db.User.get(name=name)
# Good password
UserManager.change_password(user.id, name.upper(), "newpass")
self.assertEqual(UserManager.try_auth(name, "newpass"), user)
# Old password
self.assertEqual(UserManager.try_auth(name, name.upper()), None)
# Wrong password
self.assertRaises(ValueError, UserManager.change_password, user.id,
"badpass", "newpass")
# Ensure we still got the same number of users
self.assertEqual(db.User.select().count(), 3)
# With invalid UUID
self.assertRaises(
ValueError,
UserManager.change_password,
"invalid-uuid",
"oldpass",
"newpass",
)
# Non-existent user
self.assertRaises(
ObjectNotFound,
UserManager.change_password,
uuid.uuid4(),
"oldpass",
"newpass",
)
def test_change_password(self):
# With existing users
for name in ['alice', 'bob', 'charlie']:
user = self.store.find(db.User, db.User.name == name).one()
# God password
self.assertEqual(UserManager.change_password(self.store, user.id, name, 'newpass'), UserManager.SUCCESS)
self.assertEqual(UserManager.try_auth(self.store, name, 'newpass'), (UserManager.SUCCESS, user))
# Wrong password
self.assertEqual(UserManager.change_password(self.store, user.id, 'badpass', 'newpass'), UserManager.WRONG_PASS)
# With invalid UUID
self.assertEqual(UserManager.change_password(self.store, 'invalid-uuid', 'oldpass', 'newpass'), UserManager.INVALID_ID)
# Non-existent user
self.assertEqual(UserManager.change_password(self.store, uuid.uuid4(), 'oldpass', 'newpass'), UserManager.NO_SUCH_USER)
def change_password(uid):
if uid == 'me':
user = UserManager.get(store, session.get('userid'))[1].name
else:
if not UserManager.get(store, session.get('userid'))[1].admin or not UserManager.get(store, uid)[0] is UserManager.SUCCESS:
return redirect(url_for('index'))
user = UserManager.get(store, uid)[1].name
if request.method == 'POST':
error = False
if uid == 'me' or uid == session.get('userid'):
current, new, confirm = map(request.form.get, [ 'current', 'new', 'confirm' ])
if current in ('', None):
flash('The current password is required')
error = True
else:
new, confirm = map(request.form.get, [ 'new', 'confirm' ])
if new in ('', None):
flash('The new password is required')
error = True
if new != confirm:
flash("The new password and its confirmation don't match")
error = True
if not error:
if uid == 'me' or uid == session.get('userid'):
status = UserManager.change_password(store, session.get('userid'), current, new)
else:
status = UserManager.change_password2(store, UserManager.get(store, uid)[1].name, new)
if status != UserManager.SUCCESS:
flash(UserManager.error_str(status))
else:
flash('Password changed')
return redirect(url_for('user_profile', uid = uid))
return render_template('change_pass.html', user = user, admin = UserManager.get(store, session.get('userid'))[1].admin)
def change_password_post(uid, user):
error = False
if user.id == request.user.id:
current = request.form.get('current')
if not current:
flash('The current password is required')
error = True
new, confirm = map(request.form.get, [ 'new', 'confirm' ])
if not new:
flash('The new password is required')
error = True
if new != confirm:
flash("The new password and its confirmation don't match")
error = True
if not error:
if user.id == request.user.id:
status = UserManager.change_password(store, user.id, current, new)
else:
status = UserManager.change_password2(store, user.name, new)
if status != UserManager.SUCCESS:
flash(UserManager.error_str(status))
else:
flash('Password changed')
return redirect(url_for('user_profile', uid = uid))
return change_password_form(uid, user)
def change_password_post(uid, user):
error = False
if user.id == request.user.id:
current = request.form.get('current')
if not current:
flash('The current password is required')
error = True
new, confirm = map(request.form.get, [ 'new', 'confirm' ])
if not new:
flash('The new password is required')
error = True
if new != confirm:
flash("The new password and its confirmation don't match")
error = True
if not error:
if user.id == request.user.id:
status = UserManager.change_password(store, user.id, current, new)
else:
status = UserManager.change_password2(store, user.name, new)
if status != UserManager.SUCCESS:
flash(UserManager.error_str(status))
else:
flash('Password changed')
return redirect(url_for('user_profile', uid = uid))
return change_password_form(uid, user)
def test_change_password(self):
# With existing users
for name in ['alice', 'bob', 'charlie']:
user = self.store.find(db.User, db.User.name == name).one()
# Good password
self.assertEqual(UserManager.change_password(self.store, user.id, name.upper(), 'newpass'), UserManager.SUCCESS)
self.assertEqual(UserManager.try_auth(self.store, name, 'newpass'), (UserManager.SUCCESS, user))
# Old password
self.assertEqual(UserManager.try_auth(self.store, name, name.upper()), (UserManager.WRONG_PASS, None))
# Wrong password
self.assertEqual(UserManager.change_password(self.store, user.id, 'badpass', 'newpass'), UserManager.WRONG_PASS)
# Ensure we still got the same number of users
self.assertEqual(self.store.find(db.User).count(), 3)
# With invalid UUID
self.assertEqual(UserManager.change_password(self.store, 'invalid-uuid', 'oldpass', 'newpass'), UserManager.INVALID_ID)
# Non-existent user
self.assertEqual(UserManager.change_password(self.store, uuid.uuid4(), 'oldpass', 'newpass'), UserManager.NO_SUCH_USER)
def change_password():
if request.method == 'POST':
current, new, confirm = map(request.form.get, [ 'current', 'new', 'confirm' ])
error = False
if current in ('', None):
flash('The current password is required')
error = True
if new in ('', None):
flash('The new password is required')
error = True
if new != confirm:
flash("The new password and its confirmation don't match")
error = True
if not error:
status = UserManager.change_password(store, session.get('userid'), current, new)
if status != UserManager.SUCCESS:
flash(UserManager.error_str(status))
else:
flash('Password changed')
return redirect(url_for('user_profile'))
return render_template('change_pass.html', user = UserManager.get(store, session.get('userid'))[1].name)
