def test_client_updates_password_separately(mocker, api_user_active): expected_url = '/user/{}/update-password'.format(api_user_active.id) expected_params = {'_password': '******'} user_api_client.max_failed_login_count = 1 # doesn't matter for this test mock_update_password = mocker.patch('app.notify_client.user_api_client.UserApiClient.post') user_api_client.update_password(api_user_active.id, expected_params['_password']) mock_update_password.assert_called_once_with(expected_url, data=expected_params)
def user_profile_password(): # Validate password for form def _check_password(pwd): return user_api_client.verify_password(current_user.id, pwd) form = ChangePasswordForm(_check_password) if form.validate_on_submit(): user_api_client.update_password(current_user.id, password=form.new_password.data) return redirect(url_for('.user_profile')) return render_template( 'views/user-profile/change-password.html', form=form )
def test_client_updates_password_separately(mocker, api_user_active): expected_url = '/user/{}/update-password'.format(api_user_active['id']) expected_params = {'_password': '******'} user_api_client.max_failed_login_count = 1 # doesn't matter for this test mock_update_password = mocker.patch( 'app.notify_client.user_api_client.UserApiClient.post') user_api_client.update_password(api_user_active['id'], expected_params['_password']) mock_update_password.assert_called_once_with( expected_url, data={ '_password': '******' })
def log_in_user(user_id): user = user_api_client.get_user(user_id) if should_reverify_email(user.email_last_verified_at, user.created_at, user.auth_type): user_api_client.send_reverify_email(user.id, user.email_address) return redirect(url_for('main.reverify_email')) if should_rotate_password(user.password_changed_at): return redirect(url_for('main.rotate_password')) try: # the user will have a new current_session_id set by the API # store it in the cookie for future requests session['current_session_id'] = user.current_session_id # check if password needs to be updated if 'password' in session.get('user_details', {}): user = user_api_client.update_password( user.id, password=session['user_details']['password']) flash('Your password has been updated', 'default_with_tick') # check if email last verified date needs to be updated if 'set_last_verified_at' in session.get('user_details', {}): user_api_client.set_email_last_verified_at(user_id) flash('Thanks for verifying your email address', 'default_with_tick') activated_user = user_api_client.activate_user(user) login_user(activated_user) finally: # get rid of anything in the session that we don't expect to have been set during register/sign in flow session.pop('user_details', None) session.pop('file_uploads', None) return redirect_when_logged_in(user_id)
def log_in_user(user_id): try: user = user_api_client.get_user(user_id) # the user will have a new current_session_id set by the API - store it in the cookie for future requests session['current_session_id'] = user.current_session_id # Check if coming from new password page if 'password' in session.get('user_details', {}): user = user_api_client.update_password( user.id, password=session['user_details']['password']) activated_user = user_api_client.activate_user(user) login_user(activated_user) finally: session.pop("user_details", None) return redirect_when_logged_in(user_id)
def log_in_user(user_id): try: user = user_api_client.get_user(user_id) # the user will have a new current_session_id set by the API - store it in the cookie for future requests session['current_session_id'] = user.current_session_id # Check if coming from new password page if 'password' in session.get('user_details', {}): user = user_api_client.update_password( user.id, password=session['user_details']['password']) activated_user = user_api_client.activate_user(user) login_user(activated_user) finally: # get rid of anything in the session that we don't expect to have been set during register/sign in flow session.pop("user_details", None) session.pop("file_uploads", None) return redirect_when_logged_in(user_id)