def post(self, username): username = username.lower() #make sure we're not overwriting an existing user user = User.get({u'username': username}) if user is None: raise HTTPError(404) if username != self.get_session()[u'username']: raise HTTPError(403) old_password = self.body_dict().get('old_password') if old_password is None: self.output({'error': 'MISSING_FIELD', 'field': 'old_password'}, 400) return new_password = self.body_dict().get('new_password') if new_password is None: self.output({'error': 'MISSING_FIELD', 'field': 'new_password'}, 400) return if not User.hash_password(old_password) == user[u'password']: self.output({'error': 'INVALID_PASSWORD', 'field': 'old_password'}, 400) return user[u'password'] = User.hash_password(new_password) user.save()
def test_case_insensitive_login(self): User(**{ u'username': u'test', u'password': User.hash_password(u'passw0rd'), u'number': u'16475557000', }).save() response = self.get('/token/', {u'password': u'passw0rd', u'username': u'TesT'}, auth=False) self.assertEqual(response.status, 200, '/token/ GET')
def test_password_change(self): new_pass = u'newPassw0rd' response = self.post('/users/%s/' % self.get_user()[u'username'], { u'old_password': self._gen_user_password_, u'new_password': new_pass, }) self.assertEqual(response.status, 200, 'password changed') self.assertEqual(User.get(self.get_user()[u'id'])[u'password'], User.hash_password(new_pass), 'password changed succesfully')
def make_user(self, username=None): if username is None: self.__user_number__ += 1 username = '******' % self.__user_number__ u = User(**{ u'username': username, u'password': User.hash_password(self._gen_user_password_), u'number': '+16656656665', u'revision': uuid.uuid1().hex, u'created': timestamp(), }) u.save() return u
def get(self): #ensure that username and password are in the args self.require_args('username', 'password') username = self.get_argument(u'username').lower() password = User.hash_password(self.get_argument('password')) user = User.get({u'username': username, u'password': password}) if user is None: raise HTTPError(404) #otherwise generate a token, save it, and return it token = str(db.objects.session.insert({ u'timestamp': timestamp(), u'username': username })) self.write(token)
def test_registraction_username_validation(self): User(**{ u'username': u'test', u'password': User.hash_password(u'passw0rd'), u'number': u'16475557000', }).save() response = self.put('/users/test/', { u'password': u'passw0rd', u'number': u'+16747005290', }, auth=False) self.assertEqual(response.status, 409, 'cannot reuse usernames') response = self.put('/users/tesT/', { u'password': u'passw0rd', u'number': u'+16747005290', }, auth=False) self.assertEqual(response.status, 409, 'usernames case insensitive')
def put(self, username): username = username.lower() #make sure we're not overwriting an existing user if User.get({u'username': username}) is not None: raise HTTPError(409) #set up the password password = self.body_dict().get('password') if not password: raise HTTPError(403) User(**{ u'username': username, u'password': User.hash_password(password), u'number': self.body_dict().get('number'), u'revision': uuid.uuid1().hex, u'created': int(timestamp()), }).save() self.set_status(201)