def test_check_password_MD5k():
pass_string = crypt_password("secret", "MD5k")
assert check_password(pass_string,
"secret"), "Password verification failed"
pass_string = crypt_password("geheim", "MD5k")
assert check_password(
pass_string,
"secret") == False, "Password verification passed for wrong password"
def submit(self, id=None):
form_email = str(request.params.get('email'))
form_password = str(request.params.get('password'))
s = Session()
user = s.query(User).filter_by(email=unicode(form_email)).first()
if user is None:
if id == "ajax":
return "password mismatch"
session['messages'] = ["Password mismatch"]
session.save()
redirect_to(action='login')
if not user.active:
if id == "ajax":
return "account disabled"
session['messages'] = ["Account disabled"]
session.save()
redirect_to(action='login')
if not check_password(user.password, form_password):
if id == "ajax":
return "password mismatch"
session['messages'] = ["Password mismatch"]
session.save()
redirect_to(action='login')
session['user'] = user.id
session.save()
if id == "ajax":
return "success"
else:
path_info = session.get('path_before_login')
if path_info is not None:
del session['path_before_login']
session.save()
redirect_to(path_info)
else:
redirect_to(action='logged_in')
def submit(self, id=None):
form_email = str(request.params.get("email"))
form_password = str(request.params.get("password"))
s = Session()
user = s.query(User).filter_by(email=unicode(form_email)).first()
if user is None:
if id == "ajax":
return "password mismatch"
session["messages"] = ["Password mismatch"]
session.save()
redirect_to(action="login")
if not user.active:
if id == "ajax":
return "account disabled"
session["messages"] = ["Account disabled"]
session.save()
redirect_to(action="login")
if not check_password(user.password, form_password):
if id == "ajax":
return "password mismatch"
session["messages"] = ["Password mismatch"]
session.save()
redirect_to(action="login")
session["user"] = user.id
session.save()
if id == "ajax":
return "success"
else:
path_info = session.get("path_before_login")
if path_info is not None:
del session["path_before_login"]
session.save()
redirect_to(path_info)
else:
redirect_to(action="logged_in")
def change(self, id=None):
user_email = unicode(request.params.get('user_email'))
user_email_c = unicode(request.params.get('user_email_confirm'))
current_password = str(request.params.get('current_password'))
edit_user = session.get('edit_user')
if edit_user is None:
abort(404)
del session['edit_user']
session.save()
s = Session()
user = s.query(User).get(edit_user)
if user is None:
abort(404)
if not check_role("admin"):
if not check_password(user.password, current_password):
if id == "ajax":
return "incorrect password"
session['messages'] = ["Incorrect password"]
session.save()
redirect_to(action="edit", id=edit_user)
if user_email != user_email_c:
if id == "ajax":
return "email address mismatch"
else:
session['messages'] = ["Email address mismatch"]
session.save()
redirect_to(action="edit", id=edit_user)
if not self._is_email_valid(user_email):
if id == "ajax":
return "invalid email address"
else:
session['messages'] = ["Invalid email address"]
session.save()
redirect_to(action="edit", id=edit_user)
# check if the email matches the current user's email
u_by_email = s.query(User).filter_by(email=user_email).first()
if u_by_email is not None:
if u_by_email.id != user.id:
if id == "ajax":
return "email already associated with an account"
else:
session['messages'] = [
"Email already associated with an account"
]
session.save()
redirect_to(action="edit", id=edit_user)
user.email = user_email
user_pass = unicode(request.params.get('user_pass'))
user_pass_c = unicode(request.params.get('user_pass_confirm'))
if user_pass != user_pass_c:
if id == "ajax":
return "password mismatch"
else:
session['messages'] = ["Password mismatch"]
session.save()
redirect_to(action="edit", id=edit_user)
if user_pass != "":
user.password = crypt_password(user_pass)
if request.params.get('user_vcs_pass') is not None:
vcs_pass = unicode(request.params.get('user_vcs_pass'))
vcs_pass_c = unicode(request.params.get('user_vcs_pass_confirm'))
if vcs_pass != vcs_pass_c:
if id == "ajax":
return "VCS password mismatch"
else:
session['messages'] = ["VCS password mismatch"]
session.save()
redirect_to(action="edit", id=edit_user)
user.user_data.vcs_pass = vcs_pass
if request.params.get('user_name') is not None:
user_name = unicode(request.params.get('user_name'))
else:
user_name = u"Unnamed User"
user.user_data.name = user_name
if request.params.get('user_nick') is not None:
user_nick = unicode(request.params.get('user_nick'))
else:
user_nick = u"anonymous"
user.user_data.nick = user_nick
if request.params.get('user_vcs_user') is not None:
vcs_user = unicode(request.params.get('user_vcs_user'))
user.user_data.vcs_user = vcs_user
else:
vcs_user = None
s.add(user)
s.commit()
if id == "ajax":
return "user data updated"
else:
redirect_to(action='changed', id=None)
def test_check_password_MD5k():
pass_string = crypt_password("secret", "MD5k")
assert check_password(pass_string, "secret"), "Password verification failed"
pass_string = crypt_password("geheim", "MD5k")
assert check_password(pass_string, "secret") == False, "Password verification passed for wrong password"
def change(self, id=None):
user_email = unicode(request.params.get('user_email'))
user_email_c = unicode(request.params.get('user_email_confirm'))
current_password = str(request.params.get('current_password'))
edit_user = session.get('edit_user')
if edit_user is None:
abort(404)
del session['edit_user']
session.save()
s = Session()
user = s.query(User).get(edit_user)
if user is None:
abort(404)
if not check_role("admin"):
if not check_password(user.password, current_password):
if id == "ajax":
return "incorrect password"
session['messages'] = ["Incorrect password"]
session.save()
redirect_to(action="edit", id=edit_user)
if user_email != user_email_c:
if id == "ajax":
return "email address mismatch"
else:
session['messages'] = ["Email address mismatch"]
session.save()
redirect_to(action="edit", id=edit_user)
if not self._is_email_valid(user_email):
if id == "ajax":
return "invalid email address"
else:
session['messages'] = ["Invalid email address"]
session.save()
redirect_to(action="edit", id=edit_user)
# check if the email matches the current user's email
u_by_email = s.query(User).filter_by(email=user_email).first()
if u_by_email is not None:
if u_by_email.id != user.id:
if id == "ajax":
return "email already associated with an account"
else:
session['messages'] = ["Email already associated with an account"]
session.save()
redirect_to(action="edit",id=edit_user)
user.email = user_email
user_pass = unicode(request.params.get('user_pass'))
user_pass_c = unicode(request.params.get('user_pass_confirm'))
if user_pass != user_pass_c:
if id == "ajax":
return "password mismatch"
else:
session['messages'] = ["Password mismatch"]
session.save()
redirect_to(action="edit", id=edit_user)
if user_pass != "":
user.password = crypt_password(user_pass)
if request.params.get('user_vcs_pass') is not None:
vcs_pass = unicode(request.params.get('user_vcs_pass'))
vcs_pass_c = unicode(request.params.get('user_vcs_pass_confirm'))
if vcs_pass != vcs_pass_c:
if id == "ajax":
return "VCS password mismatch"
else:
session['messages'] = ["VCS password mismatch"]
session.save()
redirect_to(action="edit", id=edit_user)
user.user_data.vcs_pass = vcs_pass
if request.params.get('user_name') is not None:
user_name = unicode(request.params.get('user_name'))
else:
user_name = u"Unnamed User"
user.user_data.name = user_name
if request.params.get('user_nick') is not None:
user_nick = unicode(request.params.get('user_nick'))
else:
user_nick = u"anonymous"
user.user_data.nick = user_nick
if request.params.get('user_vcs_user') is not None:
vcs_user = unicode(request.params.get('user_vcs_user'))
user.user_data.vcs_user = vcs_user
else:
vcs_user = None
s.add(user)
s.commit()
if id == "ajax":
return "user data updated"
else:
redirect_to(action='changed', id=None)
