def test_change_password2(self):
# With existing users
for name in ['alice', 'bob', 'charlie']:
self.assertEqual(UserManager.change_password2(self.store, name, 'newpass'), UserManager.SUCCESS)
user = self.store.find(db.User, db.User.name == name).one()
self.assertEqual(UserManager.try_auth(self.store, name, 'newpass'), (UserManager.SUCCESS, user))
# Non-existent user
self.assertEqual(UserManager.change_password2(self.store, 'null', 'newpass'), UserManager.NO_SUCH_USER)
def test_change_password2(self):
# With existing users
for name in ['alice', 'bob', 'charlie']:
self.assertEqual(UserManager.change_password2(self.store, name, 'newpass'), UserManager.SUCCESS)
user = self.store.find(db.User, db.User.name == name).one()
self.assertEqual(UserManager.try_auth(self.store, name, 'newpass'), (UserManager.SUCCESS, user))
self.assertEqual(UserManager.try_auth(self.store, name, name.upper()), (UserManager.WRONG_PASS, None))
# Non-existent user
self.assertEqual(UserManager.change_password2(self.store, 'null', 'newpass'), UserManager.NO_SUCH_USER)
def test_change_password2(self):
self.create_data()
# With existing users
for name in ["alice", "bob", "charlie"]:
UserManager.change_password2(name, "newpass")
user = db.User.get(name=name)
self.assertEqual(UserManager.try_auth(name, "newpass"), user)
self.assertEqual(UserManager.try_auth(name, name.upper()), None)
# Non-existent user
self.assertRaises(ObjectNotFound, UserManager.change_password2, "null",
"newpass")
def change_password(uid):
if uid == 'me':
user = UserManager.get(store, session.get('userid'))[1].name
else:
if not UserManager.get(store, session.get('userid'))[1].admin or not UserManager.get(store, uid)[0] is UserManager.SUCCESS:
return redirect(url_for('index'))
user = UserManager.get(store, uid)[1].name
if request.method == 'POST':
error = False
if uid == 'me' or uid == session.get('userid'):
current, new, confirm = map(request.form.get, [ 'current', 'new', 'confirm' ])
if current in ('', None):
flash('The current password is required')
error = True
else:
new, confirm = map(request.form.get, [ 'new', 'confirm' ])
if new in ('', None):
flash('The new password is required')
error = True
if new != confirm:
flash("The new password and its confirmation don't match")
error = True
if not error:
if uid == 'me' or uid == session.get('userid'):
status = UserManager.change_password(store, session.get('userid'), current, new)
else:
status = UserManager.change_password2(store, UserManager.get(store, uid)[1].name, new)
if status != UserManager.SUCCESS:
flash(UserManager.error_str(status))
else:
flash('Password changed')
return redirect(url_for('user_profile', uid = uid))
return render_template('change_pass.html', user = user, admin = UserManager.get(store, session.get('userid'))[1].admin)
def change_password_post(uid, user):
error = False
if user.id == request.user.id:
current = request.form.get('current')
if not current:
flash('The current password is required')
error = True
new, confirm = map(request.form.get, [ 'new', 'confirm' ])
if not new:
flash('The new password is required')
error = True
if new != confirm:
flash("The new password and its confirmation don't match")
error = True
if not error:
if user.id == request.user.id:
status = UserManager.change_password(store, user.id, current, new)
else:
status = UserManager.change_password2(store, user.name, new)
if status != UserManager.SUCCESS:
flash(UserManager.error_str(status))
else:
flash('Password changed')
return redirect(url_for('user_profile', uid = uid))
return change_password_form(uid, user)
def change_password_post(uid, user):
error = False
if user.id == request.user.id:
current = request.form.get('current')
if not current:
flash('The current password is required')
error = True
new, confirm = map(request.form.get, [ 'new', 'confirm' ])
if not new:
flash('The new password is required')
error = True
if new != confirm:
flash("The new password and its confirmation don't match")
error = True
if not error:
if user.id == request.user.id:
status = UserManager.change_password(store, user.id, current, new)
else:
status = UserManager.change_password2(store, user.name, new)
if status != UserManager.SUCCESS:
flash(UserManager.error_str(status))
else:
flash('Password changed')
return redirect(url_for('user_profile', uid = uid))
return change_password_form(uid, user)
def test_change_password2(self):
self.create_data()
self.assertRaises(TypeError, UserManager.change_password2, uuid.uuid4(), "pass")
# With existing users
for name in ["alice", "bob", "charlie"]:
UserManager.change_password2(name, "newpass")
user = db.User.get(name=name)
self.assertEqual(UserManager.try_auth(name, "newpass"), user)
self.assertEqual(UserManager.try_auth(name, name.upper()), None)
# test passing the user directly
UserManager.change_password2(user, "NEWPASS")
self.assertEqual(UserManager.try_auth(name, "NEWPASS"), user)
# Non-existent user
self.assertRaises(
ObjectNotFound, UserManager.change_password2, "null", "newpass"
)
def user_changepass():
username, password = map(request.args.get, ['username', 'password'])
if not username or not password:
return request.error_formatter(10, 'Missing parameter')
if username != request.username and not request.user.admin:
return request.error_formatter(50, 'Admin restricted')
status = UserManager.change_password2(store, username, password)
if status != UserManager.SUCCESS:
return request.error_formatter(0, UserManager.error_str(status))
return request.formatter({})
def user_changepass():
username, password = map(request.args.get, [ 'username', 'password' ])
if not username or not password:
return request.error_formatter(10, 'Missing parameter')
if username != request.username and not request.user.admin:
return request.error_formatter(50, 'Admin restricted')
status = UserManager.change_password2(store, username, password)
if status != UserManager.SUCCESS:
return request.error_formatter(0, UserManager.error_str(status))
return request.formatter({})
def user_changepass():
username, password = map(request.values.get, [ 'username', 'password' ])
if not username or not password:
return request.error_formatter(10, 'Missing parameter')
if username != request.username and not request.user.admin:
return request.error_formatter(50, 'Admin restricted')
password = decode_password(password)
status = UserManager.change_password2(store, username, password)
if status != UserManager.SUCCESS:
code = 0
if status == UserManager.NO_SUCH_USER:
code = 70
return request.error_formatter(code, UserManager.error_str(status))
return request.formatter({})
def user_changepass():
username, password = map(request.values.get, ['username', 'password'])
if not username or not password:
return request.error_formatter(10, 'Missing parameter')
if username != request.username and not request.user.admin:
return request.error_formatter(50, 'Admin restricted')
password = decode_password(password)
status = UserManager.change_password2(store, username, password)
if status != UserManager.SUCCESS:
code = 0
if status == UserManager.NO_SUCH_USER:
code = 70
return request.error_formatter(code, UserManager.error_str(status))
return request.formatter({})
