def authorize():
if not request.path.startswith('/rest/'):
return
error = request.error_formatter(40, 'Unauthorized'), 401
if request.authorization:
status, user = UserManager.try_auth(store,
request.authorization.username,
request.authorization.password)
if status == UserManager.SUCCESS:
request.username = request.authorization.username
request.user = user
return
(username, password) = map(request.values.get, ['u', 'p'])
if not username or not password:
return error
password = decode_password(password)
status, user = UserManager.try_auth(store, username, password)
if status != UserManager.SUCCESS:
return error
request.username = username
request.user = user
def test_change_password(self):
self.create_data()
# With existing users
for name in ["alice", "bob", "charlie"]:
user = db.User.get(name=name)
# Good password
UserManager.change_password(user.id, name.upper(), "newpass")
self.assertEqual(UserManager.try_auth(name, "newpass"), user)
# Old password
self.assertEqual(UserManager.try_auth(name, name.upper()), None)
# Wrong password
self.assertRaises(ValueError, UserManager.change_password, user.id,
"badpass", "newpass")
# Ensure we still got the same number of users
self.assertEqual(db.User.select().count(), 3)
# With invalid UUID
self.assertRaises(
ValueError,
UserManager.change_password,
"invalid-uuid",
"oldpass",
"newpass",
)
# Non-existent user
self.assertRaises(
ObjectNotFound,
UserManager.change_password,
uuid.uuid4(),
"oldpass",
"newpass",
)
def test_try_auth(self):
# Test authentication
for name in ['alice', 'bob', 'charlie']:
user = self.store.find(db.User, db.User.name == name).one()
self.assertEqual(UserManager.try_auth(self.store, name, name), (UserManager.SUCCESS, user))
# Wrong password
self.assertEqual(UserManager.try_auth(self.store, name, 'bad'), (UserManager.WRONG_PASS, None))
# Non-existent user
self.assertEqual(UserManager.try_auth(self.store, 'null', 'null'), (UserManager.NO_SUCH_USER, None))
def test_change_password2(self):
# With existing users
for name in ['alice', 'bob', 'charlie']:
self.assertEqual(UserManager.change_password2(self.store, name, 'newpass'), UserManager.SUCCESS)
user = self.store.find(db.User, db.User.name == name).one()
self.assertEqual(UserManager.try_auth(self.store, name, 'newpass'), (UserManager.SUCCESS, user))
self.assertEqual(UserManager.try_auth(self.store, name, name.upper()), (UserManager.WRONG_PASS, None))
# Non-existent user
self.assertEqual(UserManager.change_password2(self.store, 'null', 'newpass'), UserManager.NO_SUCH_USER)
def test_try_auth(self):
# Test authentication
for name in ['alice', 'bob', 'charlie']:
user = self.store.find(db.User, db.User.name == name).one()
self.assertEqual(UserManager.try_auth(self.store, name, name.upper()), (UserManager.SUCCESS, user))
# Wrong password
self.assertEqual(UserManager.try_auth(self.store, 'alice', 'bad'), (UserManager.WRONG_PASS, None))
self.assertEqual(UserManager.try_auth(self.store, 'alice', 'alice'), (UserManager.WRONG_PASS, None))
# Non-existent user
self.assertEqual(UserManager.try_auth(self.store, 'null', 'null'), (UserManager.NO_SUCH_USER, None))
def test_change_password2(self):
self.create_data()
# With existing users
for name in ["alice", "bob", "charlie"]:
UserManager.change_password2(name, "newpass")
user = db.User.get(name=name)
self.assertEqual(UserManager.try_auth(name, "newpass"), user)
self.assertEqual(UserManager.try_auth(name, name.upper()), None)
# Non-existent user
self.assertRaises(ObjectNotFound, UserManager.change_password2, "null",
"newpass")
def test_try_auth(self):
self.create_data()
# Test authentication
for name in ["alice", "bob", "charlie"]:
user = db.User.get(name=name)
authed = UserManager.try_auth(name, name.upper())
self.assertEqual(authed, user)
# Wrong password
self.assertIsNone(UserManager.try_auth("alice", "bad"))
self.assertIsNone(UserManager.try_auth("alice", "alice"))
# Non-existent user
self.assertIsNone(UserManager.try_auth("null", "null"))
def login():
return_url = request.args.get('returnUrl') or url_for('index')
if session.get('userid'):
flash('Already logged in')
return redirect(return_url)
if request.method == 'GET':
return render_template('login.html')
name, password = map(request.form.get, [ 'user', 'password' ])
error = False
if name in ('', None):
flash('Missing user name')
error = True
if password in ('', None):
flash('Missing password')
error = True
if not error:
status, user = UserManager.try_auth(store, name, password)
if status == UserManager.SUCCESS:
session['userid'] = str(user.id)
session['username'] = user.name
flash('Logged in!')
return redirect(return_url)
else:
flash(UserManager.error_str(status))
return render_template('login.html')
def login():
return_url = request.args.get('returnUrl') or url_for('index')
if request.user:
flash('Already logged in')
return redirect(return_url)
if request.method == 'GET':
return render_template('login.html')
name, password = map(request.form.get, [ 'user', 'password' ])
error = False
if name in ('', None):
flash('Missing user name')
error = True
if password in ('', None):
flash('Missing password')
error = True
if not error:
status, user = UserManager.try_auth(store, name, password)
if status == UserManager.SUCCESS:
session['userid'] = str(user.id)
flash('Logged in!')
return redirect(return_url)
else:
flash(UserManager.error_str(status))
return render_template('login.html')
def test_change_password2(self):
self.create_data()
self.assertRaises(TypeError, UserManager.change_password2, uuid.uuid4(), "pass")
# With existing users
for name in ["alice", "bob", "charlie"]:
UserManager.change_password2(name, "newpass")
user = db.User.get(name=name)
self.assertEqual(UserManager.try_auth(name, "newpass"), user)
self.assertEqual(UserManager.try_auth(name, name.upper()), None)
# test passing the user directly
UserManager.change_password2(user, "NEWPASS")
self.assertEqual(UserManager.try_auth(name, "NEWPASS"), user)
# Non-existent user
self.assertRaises(
ObjectNotFound, UserManager.change_password2, "null", "newpass"
)
def test_change_password(self):
# With existing users
for name in ['alice', 'bob', 'charlie']:
user = self.store.find(db.User, db.User.name == name).one()
# Good password
self.assertEqual(UserManager.change_password(self.store, user.id, name.upper(), 'newpass'), UserManager.SUCCESS)
self.assertEqual(UserManager.try_auth(self.store, name, 'newpass'), (UserManager.SUCCESS, user))
# Old password
self.assertEqual(UserManager.try_auth(self.store, name, name.upper()), (UserManager.WRONG_PASS, None))
# Wrong password
self.assertEqual(UserManager.change_password(self.store, user.id, 'badpass', 'newpass'), UserManager.WRONG_PASS)
# Ensure we still got the same number of users
self.assertEqual(self.store.find(db.User).count(), 3)
# With invalid UUID
self.assertEqual(UserManager.change_password(self.store, 'invalid-uuid', 'oldpass', 'newpass'), UserManager.INVALID_ID)
# Non-existent user
self.assertEqual(UserManager.change_password(self.store, uuid.uuid4(), 'oldpass', 'newpass'), UserManager.NO_SUCH_USER)
def authorize():
if not request.path.startswith('/rest/'):
return
error = request.error_formatter(40, 'Unauthorized'), 401
if request.authorization:
status, user = UserManager.try_auth(store, request.authorization.username, request.authorization.password)
if status == UserManager.SUCCESS:
request.username = request.authorization.username
request.user = user
return
(username, password) = map(request.args.get, [ 'u', 'p' ])
if not username or not password:
return error
status, user = UserManager.try_auth(store, username, password)
if status != UserManager.SUCCESS:
return error
request.username = username
request.user = user
