def change_password(): """ Renders the change password form or changes a user's password. Logged in user required. """ errors = [] new_key = util.generate_new_pw(25) if request.method == "POST": if request.form.get("key", "") != session.get("key", None): abort(403) password = request.form.get("password") new_pw = request.form.get("new_password") confirm_pw = request.form.get("confirm_password") user = user_q.get_one(g.user["user_id"]) if not secure.check_password_hash(user["password"], password): errors.append("Password is Invalid") errors = errors + user_v.check_password(new_pw) if new_pw != confirm_pw: errors.append("Passwords do not Match") if not errors: if user_q.update_password(new_pw, g.user["user_id"]): flash("Password Updated") else: flash("Password Update Failed") session["key"] = new_key return render_template("user/change_password.html", errors=errors, new_key=new_key)
def register(): """ Renders user registration form, or creates a new user. Logged in user and admin privileges required. """ errors = [] new_user = {} new_key = util.generate_new_pw(25) if request.method == "POST": if request.form.get("key", "") != session.get("key", None): abort(403) new_user["username"] = request.form.get("username", "") new_user["first_name"] = request.form.get("first_name", "") new_user["last_name"] = request.form.get("last_name", "") new_user["email"] = request.form.get("email", "") new_user["password"] = request.form.get("password", "") new_user["confirm_pw"] = request.form.get("confirm_pw", "") errors = user_v.validate_user(new_user) if not errors: message = ("User Account Created" if user_q.create(new_user) else "User Creation Failed") flash(message) session["key"] = new_key return render_template("user/register.html", errors=errors, new_user=new_user, new_key=new_key)
def account(): """ Renders the currently logged in user's information, or updates changes to the user's information. Redirects to login screen if user is not logged in. """ errors = [] new_key = util.generate_new_pw(25) if request.method == "POST": if request.form.get("key", "") != session.get("key", None): abort(403) user = {} user["username"] = request.form.get("username") user["first_name"] = request.form.get("first_name") user["last_name"] = request.form.get("last_name") user["email"] = request.form.get("email") user["user_id"] = g.user["user_id"] errors = user_v.validate_user(user, True) if not errors: if user_q.update(user): flash("Account Updated") else: flash("Account Update Failed") return redirect(url_for("user.account")) session["key"] = new_key return render_template("user/account.html", errors=errors, new_key=new_key)
def reset_password(self) -> bool: """ Reset's a user's password, emails it to the user. """ new_pw = util.generate_new_pw() if update_password(new_pw, user["user_id"]): email_content = ( f"<h3>Password Reset</h3><p>Your Password has been reset " f"by admin.</p><p>New Password: {new_pw}</p>" f"<p>After login, please change your password</p>") util.send_email(user, "Password Reset", email_content) return True return False
def accounts(): """ Renders all user accounts. Logged in user and admin privileges required. """ page = util.safe_int(request.args.get("page"), 0) users = user_q.get_all(page) count = len(users) new_key = util.generate_new_pw(25) # remove 11th row if count > 10: del users[10] session["key"] = new_key return render_template("user/all_accounts.html", users=users, page=page, count=count, new_key=new_key)
def test_generate_new_pw(self): # test errors with self.assertRaises(ValueError): util.generate_new_pw(9) with self.assertRaises(TypeError): util.generate_new_pw("a string") # test default behavior new_pw = util.generate_new_pw() self.assertEqual(len(new_pw), 10) self.assertEqual(user_val.check_password(new_pw), []) # test randomness new_pw_2 = util.generate_new_pw() self.assertNotEqual(new_pw, new_pw_2) # test argument impact new_pw = util.generate_new_pw(15) self.assertEqual(len(new_pw), 15) self.assertEqual(user_val.check_password(new_pw), [])