def _test_save_password(self, as_root=False): user_id = self._create_new(as_root) usr = Users.load(user_id) orig_pwd = usr.password R = self.post('/crm/users/save_password', {'user_id': user_id, 'password': '******'}) R.mustcontain('True') usr.invalidate_caches() usr = Users.load(user_id) self.assertNotEqual(usr.password, orig_pwd) self._delete_new(user_id)
def _create_new(self, set_enterprise_id=False): ent = Enterprise.find_by_name('Healthy U Store') R = self.get('/crm/users/new') assert R.status_int == 200 R.mustcontain('Edit User') f = R.forms['frm_users'] self.assertEqual(f['user_id'].value, '') f.set('username', '*****@*****.**') f.set('email', '*****@*****.**') f.set('fname', 'Test') f.set('lname', 'User') f.set('password', 'fishsticks') f.set('confirm', 'fishsticks') if set_enterprise_id: f.set('enterprise_id', str(ent.enterprise_id)) R = f.submit('submit') self.assertEqual(R.status_int, 302) R = R.follow() assert R.status_int == 200 f = R.forms['frm_users'] R.mustcontain('Edit User') user_id = f['user_id'].value self.assertEqual(f['username'].value, '*****@*****.**') self.assertEqual(f['email'].value, '*****@*****.**') usr = Users.load(user_id) if set_enterprise_id: assert str(usr.enterprise_id) == str(ent.enterprise_id) assert usr is not None assert usr.get_email_info() is not None return user_id
def save(self): usr = Users.load(self.request.POST.get('user_id')) if not usr: usr = Users() if 'enterprise_id' not in self.request.POST: usr.enterprise_id = self.enterprise_id if not usr.priv: usr.priv = UserPriv() usr.priv.bind(self.request.POST, True, 'pv') usr.priv.save() usr.priv.flush() orig_pass = usr.password bogus_pass = ''.join(['-' for _ in range(usr.password_len)]) if usr.password_len else '-' usr.bind(self.request.POST) if usr.password != bogus_pass: usr.password_len = len(usr.password) usr.password = Users.encode_password(usr.password) else: usr.password = orig_pass usr.save() usr.flush() usr.invalidate_self() self.request.session.flash('Saved user %s' % usr.user_id) return HTTPFound('/crm/users/edit/%s' % usr.user_id)
def save_password(self): user_id = self.request.POST.get('user_id') usr = Users.load(user_id) self.forbid_if(not usr or usr.enterprise_id != self.enterprise_id) usr.bind(self.request.POST, False, self.request.GET.get('pfx')) usr.password = Users.encode_password(usr.password) usr.save() return 'True'
def exclog_tween(request, get_logger=logging.getLogger): # getLogger injected for testing purposes try: return handler(request) except ignored: raise except: logger = get_logger('exc_logger') ent = Enterprise.load(request.session['enterprise_id']) if 'enterprise_id' in request.session else None cust = Customer.load(request.session['customer_id']) if 'customer_id' in request.session else None user = Users.load(request.session['user_id']) if 'user_id' in request.session else None if extra_info: message = dedent("""\n %(url)s ENTERPRISE: %(ent)s CUSTOMER: %(cust)s USER: %(user)s SESSION %(sess)s ENVIRONMENT %(env)s PARAMETERS %(params)s """ % dict(url=request.url, sess=pformat(request.session.items()), ent ="%s : %s" % (ent.enterprise_id, ent.name) if ent else None, cust="%s : %s" % (cust.customer_id, cust.email) if cust else None, user="******" % (user.user_id, user.email) if user else None, env=pformat(request.environ), params=pformat(request.params))) else: message = request.url logger.exception(message) raise
def _remember_user(request): if 'user_id' in request.session: request.ctx.user = Users.load(request.session['user_id'])
def _edit_impl(self, user_id=None): user = priv = None if user_id: user = self.request.ctx.user if self.request.ctx.user.user_id == user_id else Users.load(user_id) priv = user.priv if user.priv else UserPriv() else: user = Users() priv = UserPriv() return { 'enterprises' : util.select_list(Enterprise.find_all(), 'enterprise_id', 'name', True), 'user_types': Users.get_user_types(), 'vendors' : util.select_list(Vendor.find_all(self.enterprise_id), 'vendor_id', 'name', True), 'timezones' : country_timezones('US'), 'user' : user, 'priv' : priv }