def authorize(): if not request.path.startswith('/rest/'): return error = request.error_formatter(40, 'Unauthorized'), 401 if request.authorization: status, user = UserManager.try_auth(store, request.authorization.username, request.authorization.password) if status == UserManager.SUCCESS: request.username = request.authorization.username request.user = user return (username, password) = map(request.values.get, ['u', 'p']) if not username or not password: return error password = decode_password(password) status, user = UserManager.try_auth(store, username, password) if status != UserManager.SUCCESS: return error request.username = username request.user = user
def test_change_password(self): self.create_data() # With existing users for name in ["alice", "bob", "charlie"]: user = db.User.get(name=name) # Good password UserManager.change_password(user.id, name.upper(), "newpass") self.assertEqual(UserManager.try_auth(name, "newpass"), user) # Old password self.assertEqual(UserManager.try_auth(name, name.upper()), None) # Wrong password self.assertRaises(ValueError, UserManager.change_password, user.id, "badpass", "newpass") # Ensure we still got the same number of users self.assertEqual(db.User.select().count(), 3) # With invalid UUID self.assertRaises( ValueError, UserManager.change_password, "invalid-uuid", "oldpass", "newpass", ) # Non-existent user self.assertRaises( ObjectNotFound, UserManager.change_password, uuid.uuid4(), "oldpass", "newpass", )
def test_try_auth(self): # Test authentication for name in ['alice', 'bob', 'charlie']: user = self.store.find(db.User, db.User.name == name).one() self.assertEqual(UserManager.try_auth(self.store, name, name), (UserManager.SUCCESS, user)) # Wrong password self.assertEqual(UserManager.try_auth(self.store, name, 'bad'), (UserManager.WRONG_PASS, None)) # Non-existent user self.assertEqual(UserManager.try_auth(self.store, 'null', 'null'), (UserManager.NO_SUCH_USER, None))
def test_change_password2(self): # With existing users for name in ['alice', 'bob', 'charlie']: self.assertEqual(UserManager.change_password2(self.store, name, 'newpass'), UserManager.SUCCESS) user = self.store.find(db.User, db.User.name == name).one() self.assertEqual(UserManager.try_auth(self.store, name, 'newpass'), (UserManager.SUCCESS, user)) self.assertEqual(UserManager.try_auth(self.store, name, name.upper()), (UserManager.WRONG_PASS, None)) # Non-existent user self.assertEqual(UserManager.change_password2(self.store, 'null', 'newpass'), UserManager.NO_SUCH_USER)
def test_try_auth(self): # Test authentication for name in ['alice', 'bob', 'charlie']: user = self.store.find(db.User, db.User.name == name).one() self.assertEqual(UserManager.try_auth(self.store, name, name.upper()), (UserManager.SUCCESS, user)) # Wrong password self.assertEqual(UserManager.try_auth(self.store, 'alice', 'bad'), (UserManager.WRONG_PASS, None)) self.assertEqual(UserManager.try_auth(self.store, 'alice', 'alice'), (UserManager.WRONG_PASS, None)) # Non-existent user self.assertEqual(UserManager.try_auth(self.store, 'null', 'null'), (UserManager.NO_SUCH_USER, None))
def test_change_password2(self): self.create_data() # With existing users for name in ["alice", "bob", "charlie"]: UserManager.change_password2(name, "newpass") user = db.User.get(name=name) self.assertEqual(UserManager.try_auth(name, "newpass"), user) self.assertEqual(UserManager.try_auth(name, name.upper()), None) # Non-existent user self.assertRaises(ObjectNotFound, UserManager.change_password2, "null", "newpass")
def test_try_auth(self): self.create_data() # Test authentication for name in ["alice", "bob", "charlie"]: user = db.User.get(name=name) authed = UserManager.try_auth(name, name.upper()) self.assertEqual(authed, user) # Wrong password self.assertIsNone(UserManager.try_auth("alice", "bad")) self.assertIsNone(UserManager.try_auth("alice", "alice")) # Non-existent user self.assertIsNone(UserManager.try_auth("null", "null"))
def login(): return_url = request.args.get('returnUrl') or url_for('index') if session.get('userid'): flash('Already logged in') return redirect(return_url) if request.method == 'GET': return render_template('login.html') name, password = map(request.form.get, [ 'user', 'password' ]) error = False if name in ('', None): flash('Missing user name') error = True if password in ('', None): flash('Missing password') error = True if not error: status, user = UserManager.try_auth(store, name, password) if status == UserManager.SUCCESS: session['userid'] = str(user.id) session['username'] = user.name flash('Logged in!') return redirect(return_url) else: flash(UserManager.error_str(status)) return render_template('login.html')
def login(): return_url = request.args.get('returnUrl') or url_for('index') if request.user: flash('Already logged in') return redirect(return_url) if request.method == 'GET': return render_template('login.html') name, password = map(request.form.get, [ 'user', 'password' ]) error = False if name in ('', None): flash('Missing user name') error = True if password in ('', None): flash('Missing password') error = True if not error: status, user = UserManager.try_auth(store, name, password) if status == UserManager.SUCCESS: session['userid'] = str(user.id) flash('Logged in!') return redirect(return_url) else: flash(UserManager.error_str(status)) return render_template('login.html')
def test_change_password2(self): self.create_data() self.assertRaises(TypeError, UserManager.change_password2, uuid.uuid4(), "pass") # With existing users for name in ["alice", "bob", "charlie"]: UserManager.change_password2(name, "newpass") user = db.User.get(name=name) self.assertEqual(UserManager.try_auth(name, "newpass"), user) self.assertEqual(UserManager.try_auth(name, name.upper()), None) # test passing the user directly UserManager.change_password2(user, "NEWPASS") self.assertEqual(UserManager.try_auth(name, "NEWPASS"), user) # Non-existent user self.assertRaises( ObjectNotFound, UserManager.change_password2, "null", "newpass" )
def test_change_password(self): # With existing users for name in ['alice', 'bob', 'charlie']: user = self.store.find(db.User, db.User.name == name).one() # Good password self.assertEqual(UserManager.change_password(self.store, user.id, name.upper(), 'newpass'), UserManager.SUCCESS) self.assertEqual(UserManager.try_auth(self.store, name, 'newpass'), (UserManager.SUCCESS, user)) # Old password self.assertEqual(UserManager.try_auth(self.store, name, name.upper()), (UserManager.WRONG_PASS, None)) # Wrong password self.assertEqual(UserManager.change_password(self.store, user.id, 'badpass', 'newpass'), UserManager.WRONG_PASS) # Ensure we still got the same number of users self.assertEqual(self.store.find(db.User).count(), 3) # With invalid UUID self.assertEqual(UserManager.change_password(self.store, 'invalid-uuid', 'oldpass', 'newpass'), UserManager.INVALID_ID) # Non-existent user self.assertEqual(UserManager.change_password(self.store, uuid.uuid4(), 'oldpass', 'newpass'), UserManager.NO_SUCH_USER)
def authorize(): if not request.path.startswith('/rest/'): return error = request.error_formatter(40, 'Unauthorized'), 401 if request.authorization: status, user = UserManager.try_auth(store, request.authorization.username, request.authorization.password) if status == UserManager.SUCCESS: request.username = request.authorization.username request.user = user return (username, password) = map(request.args.get, [ 'u', 'p' ]) if not username or not password: return error status, user = UserManager.try_auth(store, username, password) if status != UserManager.SUCCESS: return error request.username = username request.user = user