def test_change_password2(self): # With existing users for name in ['alice', 'bob', 'charlie']: self.assertEqual(UserManager.change_password2(self.store, name, 'newpass'), UserManager.SUCCESS) user = self.store.find(db.User, db.User.name == name).one() self.assertEqual(UserManager.try_auth(self.store, name, 'newpass'), (UserManager.SUCCESS, user)) # Non-existent user self.assertEqual(UserManager.change_password2(self.store, 'null', 'newpass'), UserManager.NO_SUCH_USER)
def test_change_password2(self): # With existing users for name in ['alice', 'bob', 'charlie']: self.assertEqual(UserManager.change_password2(self.store, name, 'newpass'), UserManager.SUCCESS) user = self.store.find(db.User, db.User.name == name).one() self.assertEqual(UserManager.try_auth(self.store, name, 'newpass'), (UserManager.SUCCESS, user)) self.assertEqual(UserManager.try_auth(self.store, name, name.upper()), (UserManager.WRONG_PASS, None)) # Non-existent user self.assertEqual(UserManager.change_password2(self.store, 'null', 'newpass'), UserManager.NO_SUCH_USER)
def test_change_password2(self): self.create_data() # With existing users for name in ["alice", "bob", "charlie"]: UserManager.change_password2(name, "newpass") user = db.User.get(name=name) self.assertEqual(UserManager.try_auth(name, "newpass"), user) self.assertEqual(UserManager.try_auth(name, name.upper()), None) # Non-existent user self.assertRaises(ObjectNotFound, UserManager.change_password2, "null", "newpass")
def change_password(uid): if uid == 'me': user = UserManager.get(store, session.get('userid'))[1].name else: if not UserManager.get(store, session.get('userid'))[1].admin or not UserManager.get(store, uid)[0] is UserManager.SUCCESS: return redirect(url_for('index')) user = UserManager.get(store, uid)[1].name if request.method == 'POST': error = False if uid == 'me' or uid == session.get('userid'): current, new, confirm = map(request.form.get, [ 'current', 'new', 'confirm' ]) if current in ('', None): flash('The current password is required') error = True else: new, confirm = map(request.form.get, [ 'new', 'confirm' ]) if new in ('', None): flash('The new password is required') error = True if new != confirm: flash("The new password and its confirmation don't match") error = True if not error: if uid == 'me' or uid == session.get('userid'): status = UserManager.change_password(store, session.get('userid'), current, new) else: status = UserManager.change_password2(store, UserManager.get(store, uid)[1].name, new) if status != UserManager.SUCCESS: flash(UserManager.error_str(status)) else: flash('Password changed') return redirect(url_for('user_profile', uid = uid)) return render_template('change_pass.html', user = user, admin = UserManager.get(store, session.get('userid'))[1].admin)
def change_password_post(uid, user): error = False if user.id == request.user.id: current = request.form.get('current') if not current: flash('The current password is required') error = True new, confirm = map(request.form.get, [ 'new', 'confirm' ]) if not new: flash('The new password is required') error = True if new != confirm: flash("The new password and its confirmation don't match") error = True if not error: if user.id == request.user.id: status = UserManager.change_password(store, user.id, current, new) else: status = UserManager.change_password2(store, user.name, new) if status != UserManager.SUCCESS: flash(UserManager.error_str(status)) else: flash('Password changed') return redirect(url_for('user_profile', uid = uid)) return change_password_form(uid, user)
def test_change_password2(self): self.create_data() self.assertRaises(TypeError, UserManager.change_password2, uuid.uuid4(), "pass") # With existing users for name in ["alice", "bob", "charlie"]: UserManager.change_password2(name, "newpass") user = db.User.get(name=name) self.assertEqual(UserManager.try_auth(name, "newpass"), user) self.assertEqual(UserManager.try_auth(name, name.upper()), None) # test passing the user directly UserManager.change_password2(user, "NEWPASS") self.assertEqual(UserManager.try_auth(name, "NEWPASS"), user) # Non-existent user self.assertRaises( ObjectNotFound, UserManager.change_password2, "null", "newpass" )
def user_changepass(): username, password = map(request.args.get, ['username', 'password']) if not username or not password: return request.error_formatter(10, 'Missing parameter') if username != request.username and not request.user.admin: return request.error_formatter(50, 'Admin restricted') status = UserManager.change_password2(store, username, password) if status != UserManager.SUCCESS: return request.error_formatter(0, UserManager.error_str(status)) return request.formatter({})
def user_changepass(): username, password = map(request.args.get, [ 'username', 'password' ]) if not username or not password: return request.error_formatter(10, 'Missing parameter') if username != request.username and not request.user.admin: return request.error_formatter(50, 'Admin restricted') status = UserManager.change_password2(store, username, password) if status != UserManager.SUCCESS: return request.error_formatter(0, UserManager.error_str(status)) return request.formatter({})
def user_changepass(): username, password = map(request.values.get, [ 'username', 'password' ]) if not username or not password: return request.error_formatter(10, 'Missing parameter') if username != request.username and not request.user.admin: return request.error_formatter(50, 'Admin restricted') password = decode_password(password) status = UserManager.change_password2(store, username, password) if status != UserManager.SUCCESS: code = 0 if status == UserManager.NO_SUCH_USER: code = 70 return request.error_formatter(code, UserManager.error_str(status)) return request.formatter({})
def user_changepass(): username, password = map(request.values.get, ['username', 'password']) if not username or not password: return request.error_formatter(10, 'Missing parameter') if username != request.username and not request.user.admin: return request.error_formatter(50, 'Admin restricted') password = decode_password(password) status = UserManager.change_password2(store, username, password) if status != UserManager.SUCCESS: code = 0 if status == UserManager.NO_SUCH_USER: code = 70 return request.error_formatter(code, UserManager.error_str(status)) return request.formatter({})