def reset(self): 'Reset password' # Get email email = request.POST.get('email') # Try to load the person person = Session.query(model.Person).filter(model.Person.email==email).first() # If the email is not in our database, if not person: return dict(isOk=0) # Reset account c.password = store.makeRandomAlphaNumericString(parameter.PASSWORD_LENGTH_AVERAGE) return changePerson(dict(username=person.username, password=c.password, nickname=person.nickname, email=person.email), 'reset', person)
def reset(self): 'Reset password' # Get email email = request.POST.get('email') # Try to load the person person = Session.query( model.Person).filter(model.Person.email == email).first() # If the email is not in our database, if not person: return dict(isOk=0) # Reset account c.password = store.makeRandomAlphaNumericString( parameter.PASSWORD_LENGTH_AVERAGE) return changePerson( dict(username=person.username, password=c.password, nickname=person.nickname, email=person.email), 'reset', person)
def test_update(self): """ Make sure that updating credentials works Make sure the update page only appears when the user is logged in Make sure the update form is filled with the user's credentials Make sure that update_ only works when the user is logged in Make sure that update confirmation works Make sure that update_ for SMS only works when the user is the owner """ # Initialize urlName = "person_update" # Assert that we are redirected to the login page if the person is not logged in self.assert_(url("person_login", url=url(urlName)) in self.app.get(url(urlName))) # Assert that we get rejected if we try to post without logging in self.assertEqualJSON(self.app.post(url(urlName)), 0) # Add people Session.add(model.Person(username, model.hashString(password), nickname, email)) Session.add(model.Person(username + "x", model.hashString(password), nickname + "x", email + "x")) Session.commit() # Log in self.app.post(url("person_login"), dict(username=username, password=password)) # Assert that the update form is filled with the user's credentials responseBody = self.app.get(url(urlName)).body self.assert_(username in responseBody) self.assert_(nickname in responseBody) self.assert_(email in responseBody) # Update credentials username_ = store.makeRandomString(parameter.USERNAME_LENGTH_MAXIMUM) password_ = store.makeRandomAlphaNumericString(parameter.PASSWORD_LENGTH_AVERAGE) nickname_ = unicode(store.makeRandomString(parameter.NICKNAME_LENGTH_MAXIMUM)) email_ = re.sub(r".*@", store.makeRandomString(16) + "@", email) self.assertEqualJSON( self.app.post(url(urlName), dict(username=username_, password=password_, nickname=nickname_, email=email_)), 1, ) # Make sure the credentials have not changed yet self.assertEqual( Session.query(model.Person) .filter_by(username=username_, password_hash=model.hashString(password_), nickname=nickname_, email=email_) .count(), 0, ) # Activate candidate self.app.get( url("person_confirm", ticket=Session.query(model.PersonCandidate.ticket).filter_by(email=email_).first()[0]) ) # Make sure the credentials have changed self.assertEqual( Session.query(model.Person) .filter_by(username=username_, password_hash=model.hashString(password_), nickname=nickname_, email=email_) .count(), 1, ) # Load people person1 = ( Session.query(model.Person) .filter_by(username=username_, password_hash=model.hashString(password_), nickname=nickname_, email=email_) .first() ) person2 = Session.query(model.Person).filter_by(username=username + "x").first() # Add SMSAddress smsAddress = model.SMSAddress(emailSMS, person2.id) Session.add(smsAddress) Session.commit() smsAddressID = smsAddress.id # Make sure that only the owner can update SMS information self.app.post(url("person_login"), dict(username=username, password=password)) self.assertEqualJSON(self.app.post(url(urlName), dict(smsAddressID=smsAddressID, action="activate")), 0) self.assertEqualJSON(self.app.post(url(urlName), dict(smsAddressID=smsAddressID, action="deactivate")), 0) self.assertEqualJSON(self.app.post(url(urlName), dict(smsAddressID=smsAddressID, action="remove")), 0) self.app.post(url("person_login"), dict(username=username + "x", password=password)) self.assertEqualJSON(self.app.post(url(urlName), dict(smsAddressID=smsAddressID, action="activate")), 1) self.assertEqualJSON(self.app.post(url(urlName), dict(smsAddressID=smsAddressID, action="deactivate")), 1) self.assertEqualJSON(self.app.post(url(urlName), dict(smsAddressID=smsAddressID, action="remove")), 1)
def test_update(self): """ Make sure that updating credentials works Make sure the update page only appears when the user is logged in Make sure the update form is filled with the user's credentials Make sure that update_ only works when the user is logged in Make sure that update confirmation works Make sure that update_ for SMS only works when the user is the owner """ # Initialize urlName = 'person_update' # Assert that we are redirected to the login page if the person is not logged in self.assert_( url('person_login', url=url(urlName)) in self.app.get(url( urlName))) # Assert that we get rejected if we try to post without logging in self.assertEqualJSON(self.app.post(url(urlName)), 0) # Add people Session.add( model.Person(username, model.hashString(password), nickname, email)) Session.add( model.Person(username + 'x', model.hashString(password), nickname + 'x', email + 'x')) Session.commit() # Log in self.app.post(url('person_login'), dict(username=username, password=password)) # Assert that the update form is filled with the user's credentials responseBody = self.app.get(url(urlName)).body self.assert_(username in responseBody) self.assert_(nickname in responseBody) self.assert_(email in responseBody) # Update credentials username_ = store.makeRandomString(parameter.USERNAME_LENGTH_MAXIMUM) password_ = store.makeRandomAlphaNumericString( parameter.PASSWORD_LENGTH_AVERAGE) nickname_ = unicode( store.makeRandomString(parameter.NICKNAME_LENGTH_MAXIMUM)) email_ = re.sub(r'.*@', store.makeRandomString(16) + '@', email) self.assertEqualJSON( self.app.post( url(urlName), dict(username=username_, password=password_, nickname=nickname_, email=email_)), 1) # Make sure the credentials have not changed yet self.assertEqual( Session.query(model.Person).filter_by( username=username_, password_hash=model.hashString(password_), nickname=nickname_, email=email_).count(), 0) # Activate candidate self.app.get( url('person_confirm', ticket=Session.query(model.PersonCandidate.ticket).filter_by( email=email_).first()[0])) # Make sure the credentials have changed self.assertEqual( Session.query(model.Person).filter_by( username=username_, password_hash=model.hashString(password_), nickname=nickname_, email=email_).count(), 1) # Load people person1 = Session.query(model.Person).filter_by( username=username_, password_hash=model.hashString(password_), nickname=nickname_, email=email_).first() person2 = Session.query(model.Person).filter_by(username=username + 'x').first() # Add SMSAddress smsAddress = model.SMSAddress(emailSMS, person2.id) Session.add(smsAddress) Session.commit() smsAddressID = smsAddress.id # Make sure that only the owner can update SMS information self.app.post(url('person_login'), dict(username=username, password=password)) self.assertEqualJSON( self.app.post(url(urlName), dict(smsAddressID=smsAddressID, action='activate')), 0) self.assertEqualJSON( self.app.post(url(urlName), dict(smsAddressID=smsAddressID, action='deactivate')), 0) self.assertEqualJSON( self.app.post(url(urlName), dict(smsAddressID=smsAddressID, action='remove')), 0) self.app.post(url('person_login'), dict(username=username + 'x', password=password)) self.assertEqualJSON( self.app.post(url(urlName), dict(smsAddressID=smsAddressID, action='activate')), 1) self.assertEqualJSON( self.app.post(url(urlName), dict(smsAddressID=smsAddressID, action='deactivate')), 1) self.assertEqualJSON( self.app.post(url(urlName), dict(smsAddressID=smsAddressID, action='remove')), 1)