def validate(self): if self.name.data.strip() == '': self.name.errors.append(get_message('NAME_NOT_PROVIDED')[0]) return False if self.password.data.strip() == '': self.password.errors.append( get_message('PASSWORD_NOT_PROVIDED')[0]) return False self.user = User.first(name=self.name.data) if self.user is None: self.user = User.create(name=self.name.data, active=True, password=encrypt_password( self.password.data)) return True if self.user is None: self.name.errors.append(get_message('USER_DOES_NOT_EXIST')[0]) return False if not self.user.password: self.password.errors.append(get_message('PASSWORD_NOT_SET')[0]) return False if not verify_and_update_password(self.password.data, self.user): self.password.errors.append(get_message('INVALID_PASSWORD')[0]) return False return True
def validate(self): if not super(ExtendedChangePasswordForm, self).validate(): return False if not verify_and_update_password(self.password.data, current_user): self.password.errors.append(get_message('INVALID_PASSWORD')[0]) return False if self.password.data.strip() == self.new_password.data.strip(): self.password.errors.append(get_message('PASSWORD_IS_THE_SAME')[0]) return False return True
def validate(self): if not super(DeploymentLoginForm, self).validate(): return False if self.email.data.strip() == '': self.email.errors.append(get_message('EMAIL_NOT_PROVIDED')[0]) return False if self.password.data.strip() == '': self.password.errors.append( get_message('PASSWORD_NOT_PROVIDED')[0]) return False self.user = _datastore.find_user(email=self.email.data, deployment=g.deployment) if self.user is None: self.email.errors.append(get_message('USER_DOES_NOT_EXIST')[0]) return False if not self.user.password: self.password.errors.append(get_message('PASSWORD_NOT_SET')[0]) return False if not verify_and_update_password(self.password.data, self.user): self.password.errors.append(get_message('INVALID_PASSWORD')[0]) return False if requires_confirmation(self.user): self.email.errors.append(get_message('CONFIRMATION_REQUIRED')[0]) return False if not self.user.is_active(): self.email.errors.append(get_message('DISABLED_ACCOUNT')[0]) return False return True
def test_invalid_password(self): self.extendedLoginForm.email.data = '*****@*****.**' self.extendedLoginForm.password.data = 'incorrect password' self.extendedLoginForm.validate() self.log(self.extendedLoginForm) assert get_message('INVALID_PASSWORD')[0] not in self.extendedLoginForm.password.errors assert ExtendedLoginForm.MSG_INVALID_USERNAME_OR_PASSWORD in self.extendedLoginForm.form_errors
def test_user_does_not_exist_message(self): self.extendedLoginForm.email.data = '*****@*****.**' self.extendedLoginForm.password.data = 'does not matter' self.extendedLoginForm.validate() self.log(self.extendedLoginForm) assert get_message('USER_DOES_NOT_EXIST')[0] not in self.extendedLoginForm.email.errors assert ExtendedLoginForm.MSG_INVALID_USERNAME_OR_PASSWORD in self.extendedLoginForm.form_errors
def change_password(): form = ResetPasswordForm() if form.validate_on_submit(): update_password(current_user, form.password.data) flash(*get_message('PASSWORD_RESET')) db.session.commit() return redirect(url_for('general.profile')) return render_template('general/change_password.html', form=form)
def confirm_email(token): """View function which handles a email confirmation request.""" expired, invalid, user = confirm_email_token_status(token) if not user or invalid: invalid = True do_flash(*get_message('INVALID_CONFIRMATION_TOKEN')) if expired: send_confirmation_instructions(user) do_flash(*get_message('CONFIRMATION_EXPIRED', email=user.email, within=_security.confirm_email_within)) if invalid or expired: return redirect(get_url(_security.confirm_error_view) or url_for_security('send_confirmation')) if user.confirmed_at is not None: do_flash(*get_message('ALREADY_CONFIRMED')) return redirect(get_url(_security.post_confirm_view) or get_url(_security.post_login_view)) if request.json: form_data = MultiDict(request.json) else: form_data = request.form form = forms.ConfirmEmailForm(form_data) if form.validate_on_submit(): user.password = form.password.data confirm_user(user) # this saves 'user' if user != current_user: logout_user() login_user(user) do_flash(*get_message('EMAIL_CONFIRMED')) return redirect(get_url(_security.post_confirm_view) or get_url(_security.post_login_view)) return render_template('security/confirm.html', token=token, confirm_form=form, **_ctx('change_password') )
def validate(self): if not super(ExtendedLoginForm, self).validate(): return False if self.login_name.data.strip() == '': self.login_name.errors.append(get_message('EMAIL_NOT_PROVIDED')[0]) return False if self.password.data.strip() == '': self.password.errors.append(get_message('PASSWORD_NOT_PROVIDED')[0]) return False self.user = _datastore.get_user(self.login_name.data) if self.user is None: self.login_name.errors.append(get_message('USER_DOES_NOT_EXIST')[0]) return False if not self.user.password: self.password.errors.append(get_message('PASSWORD_NOT_SET')[0]) return False if not verify_and_update_password(self.password.data, self.user): self.password.errors.append(get_message('INVALID_PASSWORD')[0]) return False if not self.user.is_active: self.login_name.errors.append(get_message('DISABLED_ACCOUNT')[0]) return False return True
def validate(self): if not super(LoginForm, self).validate(): return False self.user = m.User.query.filter_by(username=self.username.data).first() if self.user is None: self.user.errors.append(get_message('USER_DOES_NOT_EXIST')[0]) return False if not self.user.password: self.password.errors.append(get_message('PASSWORD_NOT_SET')[0]) return False if not verify_and_update_password(self.password.data, self.user): self.password.errors.append(get_message('INVALID_PASSWORD')[0]) return False if requires_confirmation(self.user): self.user.errors.append(get_message('CONFIRMATION_REQUIRED')[0]) return False if not self.user.is_active(): self.user.errors.append(get_message('DISABLED_ACCOUNT')[0]) return False return True
def validate(self): print "in validate" # if not super(LoginForm, self).validate(): # print "False1" # return False if self.name.data.strip() == '': print "False2" self.name.errors.append(get_message('NAME_NOT_PROVIDED')[0]) return False if self.password.data.strip() == '': self.password.errors.append( get_message('PASSWORD_NOT_PROVIDED')[0]) return False self.user = User.first(name=self.name.data) if self.user is None: self.user = User.create(name=self.name.data, active=True, password=encrypt_password( self.password.data)) return True print "got user as %s" % self.user if self.user is None: self.name.errors.append(get_message('USER_DOES_NOT_EXIST')[0]) return False if not self.user.password: print self.password.errors self.password.errors.append(get_message('PASSWORD_NOT_SET')[0]) return False if not verify_and_update_password(self.password.data, self.user): print self.password.errors self.password.errors.append(get_message('INVALID_PASSWORD')[0]) return False return True
def validate(self): print "in validate" # if not super(LoginForm, self).validate(): # print "False1" # return False if self.name.data.strip() == '': print "False2" self.name.errors.append(get_message('NAME_NOT_PROVIDED')[0]) return False if self.password.data.strip() == '': self.password.errors.append( get_message('PASSWORD_NOT_PROVIDED')[0]) return False self.user = User.first(name=self.name.data) if self.user is None: self.user = User.create( name=self.name.data, active=True, password=encrypt_password(self.password.data)) return True print "got user as %s" % self.user if self.user is None: self.name.errors.append(get_message('USER_DOES_NOT_EXIST')[0]) return False if not self.user.password: print self.password.errors self.password.errors.append(get_message('PASSWORD_NOT_SET')[0]) return False if not verify_and_update_password(self.password.data, self.user): print self.password.errors self.password.errors.append(get_message('INVALID_PASSWORD')[0]) return False return True
def can_create_user(email, password, password_confirm, deployment): data = MultiDict(dict(email=email, password=password, password_confirm=password_confirm)) form = RegisterForm(data, csrf_enabled=False) if form.validate(): return True, {} email_errors = form.errors.get('email', []) if (len(email_errors) == 1) and \ (email_errors[0] == get_message('EMAIL_ALREADY_ASSOCIATED', email=email)[0]): accounts = users.find(email=email, deployment=deployment) if not accounts: return True, {} return False, form.errors
def validate(self): # this is a temporary fix to allow login to accounts with empty # passwords; this should not be permitted generally. if self.password.data.strip() == '': self.password.data = '_empty_' # skip calling parent's validate, but do call parent's parent if not super(SecurityLoginForm, self).validate(): return False if self.email.data.strip() == '': self.email.errors.append(get_message('EMAIL_NOT_PROVIDED')[0]) return False # TODO: this will become functional once empty passwords are disallowed if self.password.data.strip() == '': self.password.errors.append(get_message('PASSWORD_NOT_PROVIDED')[0]) return False self.user = _datastore.get_user(self.email.data) if self.user is None: self.email.errors.append(get_message('USER_DOES_NOT_EXIST')[0]) return False # this is changed from upstream, to make non-PasswordUsers fail early # and reliably if not isinstance(self.user, models.PasswordUser): self.password.errors.append(get_message('PASSWORD_NOT_SET')[0]) return False # this is changed from upstream, to fail due to unconfirmed before # checking for wrong password, to ensure a better error message if self.user.confirmed_at is None: self.email.errors.append(get_message('CONFIRMATION_REQUIRED')[0]) return False if not verify_and_update_password(self.password.data, self.user): self.password.errors.append(get_message('INVALID_PASSWORD')[0]) return False if not self.user.is_active(): self.email.errors.append(get_message('DISABLED_ACCOUNT')[0]) return False return True
def unique_user_subdomain(form, field): if User.query.filter_by(subdomain=field.data).first(): msg = get_message('SUBDOMAIN_ALREADY_ASSOCIATED', subdomain=field.data)[0] raise ValidationError(msg)