def change_password():
"""
Renders the change password form or changes a user's password.
Logged in user required.
"""
errors = []
new_key = util.generate_new_pw(25)
if request.method == "POST":
if request.form.get("key", "") != session.get("key", None):
abort(403)
password = request.form.get("password")
new_pw = request.form.get("new_password")
confirm_pw = request.form.get("confirm_password")
user = user_q.get_one(g.user["user_id"])
if not secure.check_password_hash(user["password"], password):
errors.append("Password is Invalid")
errors = errors + user_v.check_password(new_pw)
if new_pw != confirm_pw:
errors.append("Passwords do not Match")
if not errors:
if user_q.update_password(new_pw, g.user["user_id"]):
flash("Password Updated")
else:
flash("Password Update Failed")
session["key"] = new_key
return render_template("user/change_password.html",
errors=errors,
new_key=new_key)
def register():
"""
Renders user registration form, or creates a new user.
Logged in user and admin privileges required.
"""
errors = []
new_user = {}
new_key = util.generate_new_pw(25)
if request.method == "POST":
if request.form.get("key", "") != session.get("key", None):
abort(403)
new_user["username"] = request.form.get("username", "")
new_user["first_name"] = request.form.get("first_name", "")
new_user["last_name"] = request.form.get("last_name", "")
new_user["email"] = request.form.get("email", "")
new_user["password"] = request.form.get("password", "")
new_user["confirm_pw"] = request.form.get("confirm_pw", "")
errors = user_v.validate_user(new_user)
if not errors:
message = ("User Account Created"
if user_q.create(new_user) else "User Creation Failed")
flash(message)
session["key"] = new_key
return render_template("user/register.html",
errors=errors,
new_user=new_user,
new_key=new_key)
def account():
"""
Renders the currently logged in user's information, or
updates changes to the user's information. Redirects
to login screen if user is not logged in.
"""
errors = []
new_key = util.generate_new_pw(25)
if request.method == "POST":
if request.form.get("key", "") != session.get("key", None):
abort(403)
user = {}
user["username"] = request.form.get("username")
user["first_name"] = request.form.get("first_name")
user["last_name"] = request.form.get("last_name")
user["email"] = request.form.get("email")
user["user_id"] = g.user["user_id"]
errors = user_v.validate_user(user, True)
if not errors:
if user_q.update(user):
flash("Account Updated")
else:
flash("Account Update Failed")
return redirect(url_for("user.account"))
session["key"] = new_key
return render_template("user/account.html", errors=errors, new_key=new_key)
def reset_password(self) -> bool:
""" Reset's a user's password, emails it to the user. """
new_pw = util.generate_new_pw()
if update_password(new_pw, user["user_id"]):
email_content = (
f"<h3>Password Reset</h3><p>Your Password has been reset "
f"by admin.</p><p>New Password: {new_pw}</p>"
f"<p>After login, please change your password</p>")
util.send_email(user, "Password Reset", email_content)
return True
return False
def accounts():
"""
Renders all user accounts. Logged in user and admin
privileges required.
"""
page = util.safe_int(request.args.get("page"), 0)
users = user_q.get_all(page)
count = len(users)
new_key = util.generate_new_pw(25)
# remove 11th row
if count > 10:
del users[10]
session["key"] = new_key
return render_template("user/all_accounts.html",
users=users,
page=page,
count=count,
new_key=new_key)
def test_generate_new_pw(self):
# test errors
with self.assertRaises(ValueError):
util.generate_new_pw(9)
with self.assertRaises(TypeError):
util.generate_new_pw("a string")
# test default behavior
new_pw = util.generate_new_pw()
self.assertEqual(len(new_pw), 10)
self.assertEqual(user_val.check_password(new_pw), [])
# test randomness
new_pw_2 = util.generate_new_pw()
self.assertNotEqual(new_pw, new_pw_2)
# test argument impact
new_pw = util.generate_new_pw(15)
self.assertEqual(len(new_pw), 15)
self.assertEqual(user_val.check_password(new_pw), [])