def test_change_password(self, test_app): """Test changing password correctly and incorrectly""" self.login(test_app) # test that the password can be changed template.clear_test_template_context() res = test_app.post('/edit/password/', { 'old_password': '******', 'new_password': '******', }) res.follow() # Did we redirect to the correct page? assert urlparse.urlsplit(res.location)[2] == '/edit/account/' # test_user has to be fetched again in order to have the current values test_user = User.query.filter_by(username=u'chris').first() assert auth.check_password('123456', test_user.pw_hash) # Update current user passwd self.user_password = '******' # test that the password cannot be changed if the given # old_password is wrong template.clear_test_template_context() test_app.post('/edit/password/', { 'old_password': '******', 'new_password': '******', }) test_user = User.query.filter_by(username=u'chris').first() assert not auth.check_password('098765', test_user.pw_hash)
def test_change_password(self, test_app): """Test changing password correctly and incorrectly""" self.login(test_app) # test that the password can be changed template.clear_test_template_context() res = test_app.post( '/edit/password/', { 'old_password': '******', 'new_password': '******', }) res.follow() # Did we redirect to the correct page? assert urlparse.urlsplit(res.location)[2] == '/edit/account/' # test_user has to be fetched again in order to have the current values test_user = User.query.filter_by(username=u'chris').first() assert auth.check_password('123456', test_user.pw_hash) # Update current user passwd self.user_password = '******' # test that the password cannot be changed if the given # old_password is wrong template.clear_test_template_context() test_app.post( '/edit/password/', { 'old_password': '******', 'new_password': '******', }) test_user = User.query.filter_by(username=u'chris').first() assert not auth.check_password('098765', test_user.pw_hash)
def change_pass(request): # If no password authentication, no need to change your password if 'pass_auth' not in request.template_env.globals: return redirect(request, 'index') form = forms.ChangePassForm(request.form) user = request.user if request.method == 'POST' and form.validate(): if not auth.check_password(form.old_password.data, user.pw_hash): form.old_password.errors.append(_('Wrong password')) return render_to_response(request, 'mediagoblin/edit/change_pass.html', { 'form': form, 'user': user }) # Password matches user.pw_hash = auth.gen_password_hash(form.new_password.data) user.save() messages.add_message(request, messages.SUCCESS, _('Your password was changed successfully')) return redirect(request, 'mediagoblin.edit.account') return render_to_response(request, 'mediagoblin/edit/change_pass.html', { 'form': form, 'user': user })
def check_login_simple(username, password): user = auth.get_user(username=username) if not user: _log.info("User %r not found", username) hook_handle("auth_fake_login_attempt") return None if not auth.check_password(password, user.pw_hash): _log.warn("Wrong password for %r", username) return None _log.info("Logging %r in", username) return user
def change_email(request): """ View to change the user's email """ form = forms.ChangeEmailForm(request.method == 'POST' and request.form or None) user = request.user # If no password authentication, no need to enter a password if 'pass_auth' not in request.template_env.globals or not user.pw_hash: form.__delitem__('password') if request.method == 'POST' and form.validate(): new_email = form.new_email.data users_with_email = User.query.filter( LocalUser.email == new_email).count() if users_with_email: form.new_email.errors.append( _('Sorry, a user with that email address' ' already exists.')) if form.password and user.pw_hash and not check_password( form.password.data, user.pw_hash): form.password.errors.append(_('Wrong password')) if not form.errors: verification_key = get_timed_signer_url( 'mail_verification_token').dumps({ 'user': user.id, 'email': new_email }) rendered_email = render_template( request, 'mediagoblin/edit/verification.txt', { 'username': user.username, 'verification_url': EMAIL_VERIFICATION_TEMPLATE.format( uri=request.urlgen('mediagoblin.edit.verify_email', qualified=True), verification_key=verification_key) }) email_debug_message(request) auth_tools.send_verification_email(user, request, new_email, rendered_email) return redirect(request, 'mediagoblin.edit.account') return render_to_response(request, 'mediagoblin/edit/change_email.html', { 'form': form, 'user': user })
def change_email(request): """ View to change the user's email """ form = forms.ChangeEmailForm(request.form) user = request.user # If no password authentication, no need to enter a password if 'pass_auth' not in request.template_env.globals or not user.pw_hash: form.__delitem__('password') if request.method == 'POST' and form.validate(): new_email = form.new_email.data users_with_email = User.query.filter( LocalUser.email==new_email ).count() if users_with_email: form.new_email.errors.append( _('Sorry, a user with that email address' ' already exists.')) if form.password and user.pw_hash and not check_password( form.password.data, user.pw_hash): form.password.errors.append( _('Wrong password')) if not form.errors: verification_key = get_timed_signer_url( 'mail_verification_token').dumps({ 'user': user.id, 'email': new_email}) rendered_email = render_template( request, 'mediagoblin/edit/verification.txt', {'username': user.username, 'verification_url': EMAIL_VERIFICATION_TEMPLATE.format( uri=request.urlgen('mediagoblin.edit.verify_email', qualified=True), verification_key=verification_key)}) email_debug_message(request) auth_tools.send_verification_email(user, request, new_email, rendered_email) return redirect(request, 'mediagoblin.edit.account') return render_to_response( request, 'mediagoblin/edit/change_email.html', {'form': form, 'user': user})
def change_pass(request): # If no password authentication, no need to change your password if 'pass_auth' not in request.template_env.globals: return redirect(request, 'index') form = forms.ChangePassForm(request.form) user = request.user if request.method == 'POST' and form.validate(): if not auth.check_password( form.old_password.data, user.pw_hash): form.old_password.errors.append( _('Wrong password')) return render_to_response( request, 'mediagoblin/edit/change_pass.html', {'form': form, 'user': user}) # Password matches user.pw_hash = auth.gen_password_hash( form.new_password.data) user.save() messages.add_message( request, messages.SUCCESS, _('Your password was changed successfully')) return redirect(request, 'mediagoblin.edit.account') return render_to_response( request, 'mediagoblin/edit/change_pass.html', {'form': form, 'user': user})
def change_pass(request): # If no password authentication, no need to change your password if "pass_auth" not in request.template_env.globals: return redirect(request, "index") form = forms.ChangePassForm(request.form) user = request.user if request.method == "POST" and form.validate(): if not auth.check_password(form.old_password.data, user.pw_hash): form.old_password.errors.append(_("Wrong password")) return render_to_response(request, "mediagoblin/edit/change_pass.html", {"form": form, "user": user}) # Password matches user.pw_hash = auth.gen_password_hash(form.new_password.data) user.save() messages.add_message(request, messages.SUCCESS, _("Your password was changed successfully")) return redirect(request, "mediagoblin.edit.account") return render_to_response(request, "mediagoblin/edit/change_pass.html", {"form": form, "user": user})