def change_password(token=None):
if not token and not flask.session.get("logged_in_email"):
return flask.redirect("/login")
if flask.request.method == "POST":
form_data = flask.request.form.to_dict()
new_pass = form_data["new_pass"]
check_pass = form_data["check_pass"]
if token:
staff_member = database.find("staff", token=token)
staff_member = staff_member.next()
else:
old_pass = form_data["old_pass"]
email = flask.session["logged_in_email"]
staff_member = database.find("staff", email=email)
staff_member = staff_member.next()
try:
assert sugar.check_hash(old_pass, staff_member["password"])
except AssertionError:
flask.flash("Wrong password.", "error")
return
try:
assert sugar.check_hash(new_pass, sugar.make_hash(check_pass))
except AssertionError:
flask.flash("New passwords do not match.", "error")
return {"token": token}
try:
assert new_pass != u""
except AssertionError:
flask.flash("Please enter a new password.", "error")
else:
session = database.get_session()
staff_row = database.get_or_404("staff", id=staff_member.id)
staff_schema = StaffSchema.from_flat(staff_row)
staff_schema["password"].set(sugar.make_hash(new_pass))
if staff_schema.validate():
staff_row.update(staff_schema.flatten())
session.save(staff_row)
session.commit()
flask.flash("Password changed sucessfuly.", "success")
if token:
login_url = flask.url_for("auth.login", next=flask.url_for("meeting.home"))
return flask.redirect(login_url)
return {"token": token}
def test_login_failed_for_non_admin(self):
data = dict(self.STAFF_DATA)
data["password"] = sugar.make_hash("password")
staff = models.Staff.create(data=data)
data = {"email": "*****@*****.**", "password": "******"}
resp = self.client.post("/login", data=data)
self.assertEqual(200, resp.status_code)
def test_login_success(self):
data = dict(self.STAFF_DATA)
data["password"] = sugar.make_hash("password")
data["is_admin"] = "1"
staff = models.Staff.create(data=data)
login_data = {"email": "*****@*****.**", "password": "******"}
resp = self.client.post("/login", data=login_data)
self.assertEqual(302, resp.status_code)
def test_change_password_success(self):
data = dict(self.STAFF_DATA)
data["password"] = sugar.make_hash("password")
data["email"] = "*****@*****.**"
staff = models.Staff.create(data=data)
password_data = {"old_pass": "******", "new_pass": "******", "check_pass": "******"}
resp = self.client.post("/change-password", data=password_data)
self.assertIn("Password changed sucessfuly.", resp.data)
def test_change_password_updated_correctly(self):
data = dict(self.STAFF_DATA)
data["password"] = sugar.make_hash("password")
data["email"] = "*****@*****.**"
staff = models.Staff.create(data=data)
password_data = {"old_pass": "******", "new_pass": "******", "check_pass": "******"}
self.client.post("/change-password", data=password_data)
staff = models.Staff.select().where(data__contains={"email": "*****@*****.**"}).get()
self.assertTrue(sugar.check_hash("pass", staff.data["password"]))
def test_change_password_fail_different_passwords(self):
data = dict(self.STAFF_DATA)
data["password"] = sugar.make_hash("password")
data["email"] = "*****@*****.**"
staff = models.Staff.create(data=data)
password_data = {"old_pass": "******", "new_pass": "******", "check_pass": "******"}
resp = self.client.post("/change-password", data=password_data)
self.assertIn("New passwords do not match.", resp.data)
def update_staff_members_passwords():
session = database.get_session()
app = flask.current_app
staff_members = [i for i in database.get_all("staff")]
for account in app.config["ACCOUNTS"]:
staff_member = [i for i in staff_members if i.get("email") == account[0]]
if staff_member:
staff_member = staff_member[0]
staff_member["password"] = sugar.make_hash(account[1])
session.save(staff_member)
session.commit()
