def test_check_password_MD5k(): pass_string = crypt_password("secret", "MD5k") assert check_password(pass_string, "secret"), "Password verification failed" pass_string = crypt_password("geheim", "MD5k") assert check_password( pass_string, "secret") == False, "Password verification passed for wrong password"
def submit(self, id=None): form_email = str(request.params.get('email')) form_password = str(request.params.get('password')) s = Session() user = s.query(User).filter_by(email=unicode(form_email)).first() if user is None: if id == "ajax": return "password mismatch" session['messages'] = ["Password mismatch"] session.save() redirect_to(action='login') if not user.active: if id == "ajax": return "account disabled" session['messages'] = ["Account disabled"] session.save() redirect_to(action='login') if not check_password(user.password, form_password): if id == "ajax": return "password mismatch" session['messages'] = ["Password mismatch"] session.save() redirect_to(action='login') session['user'] = user.id session.save() if id == "ajax": return "success" else: path_info = session.get('path_before_login') if path_info is not None: del session['path_before_login'] session.save() redirect_to(path_info) else: redirect_to(action='logged_in')
def submit(self, id=None): form_email = str(request.params.get("email")) form_password = str(request.params.get("password")) s = Session() user = s.query(User).filter_by(email=unicode(form_email)).first() if user is None: if id == "ajax": return "password mismatch" session["messages"] = ["Password mismatch"] session.save() redirect_to(action="login") if not user.active: if id == "ajax": return "account disabled" session["messages"] = ["Account disabled"] session.save() redirect_to(action="login") if not check_password(user.password, form_password): if id == "ajax": return "password mismatch" session["messages"] = ["Password mismatch"] session.save() redirect_to(action="login") session["user"] = user.id session.save() if id == "ajax": return "success" else: path_info = session.get("path_before_login") if path_info is not None: del session["path_before_login"] session.save() redirect_to(path_info) else: redirect_to(action="logged_in")
def change(self, id=None): user_email = unicode(request.params.get('user_email')) user_email_c = unicode(request.params.get('user_email_confirm')) current_password = str(request.params.get('current_password')) edit_user = session.get('edit_user') if edit_user is None: abort(404) del session['edit_user'] session.save() s = Session() user = s.query(User).get(edit_user) if user is None: abort(404) if not check_role("admin"): if not check_password(user.password, current_password): if id == "ajax": return "incorrect password" session['messages'] = ["Incorrect password"] session.save() redirect_to(action="edit", id=edit_user) if user_email != user_email_c: if id == "ajax": return "email address mismatch" else: session['messages'] = ["Email address mismatch"] session.save() redirect_to(action="edit", id=edit_user) if not self._is_email_valid(user_email): if id == "ajax": return "invalid email address" else: session['messages'] = ["Invalid email address"] session.save() redirect_to(action="edit", id=edit_user) # check if the email matches the current user's email u_by_email = s.query(User).filter_by(email=user_email).first() if u_by_email is not None: if u_by_email.id != user.id: if id == "ajax": return "email already associated with an account" else: session['messages'] = [ "Email already associated with an account" ] session.save() redirect_to(action="edit", id=edit_user) user.email = user_email user_pass = unicode(request.params.get('user_pass')) user_pass_c = unicode(request.params.get('user_pass_confirm')) if user_pass != user_pass_c: if id == "ajax": return "password mismatch" else: session['messages'] = ["Password mismatch"] session.save() redirect_to(action="edit", id=edit_user) if user_pass != "": user.password = crypt_password(user_pass) if request.params.get('user_vcs_pass') is not None: vcs_pass = unicode(request.params.get('user_vcs_pass')) vcs_pass_c = unicode(request.params.get('user_vcs_pass_confirm')) if vcs_pass != vcs_pass_c: if id == "ajax": return "VCS password mismatch" else: session['messages'] = ["VCS password mismatch"] session.save() redirect_to(action="edit", id=edit_user) user.user_data.vcs_pass = vcs_pass if request.params.get('user_name') is not None: user_name = unicode(request.params.get('user_name')) else: user_name = u"Unnamed User" user.user_data.name = user_name if request.params.get('user_nick') is not None: user_nick = unicode(request.params.get('user_nick')) else: user_nick = u"anonymous" user.user_data.nick = user_nick if request.params.get('user_vcs_user') is not None: vcs_user = unicode(request.params.get('user_vcs_user')) user.user_data.vcs_user = vcs_user else: vcs_user = None s.add(user) s.commit() if id == "ajax": return "user data updated" else: redirect_to(action='changed', id=None)
def test_check_password_MD5k(): pass_string = crypt_password("secret", "MD5k") assert check_password(pass_string, "secret"), "Password verification failed" pass_string = crypt_password("geheim", "MD5k") assert check_password(pass_string, "secret") == False, "Password verification passed for wrong password"
def change(self, id=None): user_email = unicode(request.params.get('user_email')) user_email_c = unicode(request.params.get('user_email_confirm')) current_password = str(request.params.get('current_password')) edit_user = session.get('edit_user') if edit_user is None: abort(404) del session['edit_user'] session.save() s = Session() user = s.query(User).get(edit_user) if user is None: abort(404) if not check_role("admin"): if not check_password(user.password, current_password): if id == "ajax": return "incorrect password" session['messages'] = ["Incorrect password"] session.save() redirect_to(action="edit", id=edit_user) if user_email != user_email_c: if id == "ajax": return "email address mismatch" else: session['messages'] = ["Email address mismatch"] session.save() redirect_to(action="edit", id=edit_user) if not self._is_email_valid(user_email): if id == "ajax": return "invalid email address" else: session['messages'] = ["Invalid email address"] session.save() redirect_to(action="edit", id=edit_user) # check if the email matches the current user's email u_by_email = s.query(User).filter_by(email=user_email).first() if u_by_email is not None: if u_by_email.id != user.id: if id == "ajax": return "email already associated with an account" else: session['messages'] = ["Email already associated with an account"] session.save() redirect_to(action="edit",id=edit_user) user.email = user_email user_pass = unicode(request.params.get('user_pass')) user_pass_c = unicode(request.params.get('user_pass_confirm')) if user_pass != user_pass_c: if id == "ajax": return "password mismatch" else: session['messages'] = ["Password mismatch"] session.save() redirect_to(action="edit", id=edit_user) if user_pass != "": user.password = crypt_password(user_pass) if request.params.get('user_vcs_pass') is not None: vcs_pass = unicode(request.params.get('user_vcs_pass')) vcs_pass_c = unicode(request.params.get('user_vcs_pass_confirm')) if vcs_pass != vcs_pass_c: if id == "ajax": return "VCS password mismatch" else: session['messages'] = ["VCS password mismatch"] session.save() redirect_to(action="edit", id=edit_user) user.user_data.vcs_pass = vcs_pass if request.params.get('user_name') is not None: user_name = unicode(request.params.get('user_name')) else: user_name = u"Unnamed User" user.user_data.name = user_name if request.params.get('user_nick') is not None: user_nick = unicode(request.params.get('user_nick')) else: user_nick = u"anonymous" user.user_data.nick = user_nick if request.params.get('user_vcs_user') is not None: vcs_user = unicode(request.params.get('user_vcs_user')) user.user_data.vcs_user = vcs_user else: vcs_user = None s.add(user) s.commit() if id == "ajax": return "user data updated" else: redirect_to(action='changed', id=None)