def _test_save_password(self, as_root=False):
user_id = self._create_new(as_root)
usr = Users.load(user_id)
orig_pwd = usr.password
R = self.post('/crm/users/save_password',
{'user_id': user_id,
'password': '******'})
R.mustcontain('True')
usr.invalidate_caches()
usr = Users.load(user_id)
self.assertNotEqual(usr.password, orig_pwd)
self._delete_new(user_id)
def _create_new(self, set_enterprise_id=False):
ent = Enterprise.find_by_name('Healthy U Store')
R = self.get('/crm/users/new')
assert R.status_int == 200
R.mustcontain('Edit User')
f = R.forms['frm_users']
self.assertEqual(f['user_id'].value, '')
f.set('username', '*****@*****.**')
f.set('email', '*****@*****.**')
f.set('fname', 'Test')
f.set('lname', 'User')
f.set('password', 'fishsticks')
f.set('confirm', 'fishsticks')
if set_enterprise_id:
f.set('enterprise_id', str(ent.enterprise_id))
R = f.submit('submit')
self.assertEqual(R.status_int, 302)
R = R.follow()
assert R.status_int == 200
f = R.forms['frm_users']
R.mustcontain('Edit User')
user_id = f['user_id'].value
self.assertEqual(f['username'].value, '*****@*****.**')
self.assertEqual(f['email'].value, '*****@*****.**')
usr = Users.load(user_id)
if set_enterprise_id:
assert str(usr.enterprise_id) == str(ent.enterprise_id)
assert usr is not None
assert usr.get_email_info() is not None
return user_id
def save(self):
usr = Users.load(self.request.POST.get('user_id'))
if not usr:
usr = Users()
if 'enterprise_id' not in self.request.POST:
usr.enterprise_id = self.enterprise_id
if not usr.priv:
usr.priv = UserPriv()
usr.priv.bind(self.request.POST, True, 'pv')
usr.priv.save()
usr.priv.flush()
orig_pass = usr.password
bogus_pass = ''.join(['-' for _ in range(usr.password_len)]) if usr.password_len else '-'
usr.bind(self.request.POST)
if usr.password != bogus_pass:
usr.password_len = len(usr.password)
usr.password = Users.encode_password(usr.password)
else:
usr.password = orig_pass
usr.save()
usr.flush()
usr.invalidate_self()
self.request.session.flash('Saved user %s' % usr.user_id)
return HTTPFound('/crm/users/edit/%s' % usr.user_id)
def save_password(self):
user_id = self.request.POST.get('user_id')
usr = Users.load(user_id)
self.forbid_if(not usr or usr.enterprise_id != self.enterprise_id)
usr.bind(self.request.POST, False, self.request.GET.get('pfx'))
usr.password = Users.encode_password(usr.password)
usr.save()
return 'True'
def exclog_tween(request, get_logger=logging.getLogger):
# getLogger injected for testing purposes
try:
return handler(request)
except ignored:
raise
except:
logger = get_logger('exc_logger')
ent = Enterprise.load(request.session['enterprise_id']) if 'enterprise_id' in request.session else None
cust = Customer.load(request.session['customer_id']) if 'customer_id' in request.session else None
user = Users.load(request.session['user_id']) if 'user_id' in request.session else None
if extra_info:
message = dedent("""\n
%(url)s
ENTERPRISE: %(ent)s
CUSTOMER: %(cust)s
USER: %(user)s
SESSION
%(sess)s
ENVIRONMENT
%(env)s
PARAMETERS
%(params)s
""" % dict(url=request.url,
sess=pformat(request.session.items()),
ent ="%s : %s" % (ent.enterprise_id, ent.name) if ent else None,
cust="%s : %s" % (cust.customer_id, cust.email) if cust else None,
user="******" % (user.user_id, user.email) if user else None,
env=pformat(request.environ),
params=pformat(request.params)))
else:
message = request.url
logger.exception(message)
raise
def _remember_user(request):
if 'user_id' in request.session:
request.ctx.user = Users.load(request.session['user_id'])
def _edit_impl(self, user_id=None):
user = priv = None
if user_id:
user = self.request.ctx.user if self.request.ctx.user.user_id == user_id else Users.load(user_id)
priv = user.priv if user.priv else UserPriv()
else:
user = Users()
priv = UserPriv()
return {
'enterprises' : util.select_list(Enterprise.find_all(), 'enterprise_id', 'name', True),
'user_types': Users.get_user_types(),
'vendors' : util.select_list(Vendor.find_all(self.enterprise_id), 'vendor_id', 'name', True),
'timezones' : country_timezones('US'),
'user' : user,
'priv' : priv
}
