def test_client_updates_password_separately(mocker, api_user_active):
expected_url = '/user/{}/update-password'.format(api_user_active.id)
expected_params = {'_password': '******'}
user_api_client.max_failed_login_count = 1 # doesn't matter for this test
mock_update_password = mocker.patch('app.notify_client.user_api_client.UserApiClient.post')
user_api_client.update_password(api_user_active.id, expected_params['_password'])
mock_update_password.assert_called_once_with(expected_url, data=expected_params)
def user_profile_password():
# Validate password for form
def _check_password(pwd):
return user_api_client.verify_password(current_user.id, pwd)
form = ChangePasswordForm(_check_password)
if form.validate_on_submit():
user_api_client.update_password(current_user.id, password=form.new_password.data)
return redirect(url_for('.user_profile'))
return render_template(
'views/user-profile/change-password.html',
form=form
)
def test_client_updates_password_separately(mocker, api_user_active):
expected_url = '/user/{}/update-password'.format(api_user_active['id'])
expected_params = {'_password': '******'}
user_api_client.max_failed_login_count = 1 # doesn't matter for this test
mock_update_password = mocker.patch(
'app.notify_client.user_api_client.UserApiClient.post')
user_api_client.update_password(api_user_active['id'],
expected_params['_password'])
mock_update_password.assert_called_once_with(
expected_url,
data={
'_password':
'******'
})
def log_in_user(user_id):
user = user_api_client.get_user(user_id)
if should_reverify_email(user.email_last_verified_at, user.created_at,
user.auth_type):
user_api_client.send_reverify_email(user.id, user.email_address)
return redirect(url_for('main.reverify_email'))
if should_rotate_password(user.password_changed_at):
return redirect(url_for('main.rotate_password'))
try:
# the user will have a new current_session_id set by the API
# store it in the cookie for future requests
session['current_session_id'] = user.current_session_id
# check if password needs to be updated
if 'password' in session.get('user_details', {}):
user = user_api_client.update_password(
user.id, password=session['user_details']['password'])
flash('Your password has been updated', 'default_with_tick')
# check if email last verified date needs to be updated
if 'set_last_verified_at' in session.get('user_details', {}):
user_api_client.set_email_last_verified_at(user_id)
flash('Thanks for verifying your email address',
'default_with_tick')
activated_user = user_api_client.activate_user(user)
login_user(activated_user)
finally:
# get rid of anything in the session that we don't expect to have been set during register/sign in flow
session.pop('user_details', None)
session.pop('file_uploads', None)
return redirect_when_logged_in(user_id)
def log_in_user(user_id):
try:
user = user_api_client.get_user(user_id)
# the user will have a new current_session_id set by the API - store it in the cookie for future requests
session['current_session_id'] = user.current_session_id
# Check if coming from new password page
if 'password' in session.get('user_details', {}):
user = user_api_client.update_password(
user.id, password=session['user_details']['password'])
activated_user = user_api_client.activate_user(user)
login_user(activated_user)
finally:
session.pop("user_details", None)
return redirect_when_logged_in(user_id)
def log_in_user(user_id):
try:
user = user_api_client.get_user(user_id)
# the user will have a new current_session_id set by the API - store it in the cookie for future requests
session['current_session_id'] = user.current_session_id
# Check if coming from new password page
if 'password' in session.get('user_details', {}):
user = user_api_client.update_password(
user.id, password=session['user_details']['password'])
activated_user = user_api_client.activate_user(user)
login_user(activated_user)
finally:
# get rid of anything in the session that we don't expect to have been set during register/sign in flow
session.pop("user_details", None)
session.pop("file_uploads", None)
return redirect_when_logged_in(user_id)
