예제 #1
0
def user_account():
    def respond(message=None):
        if message:
            flash(message)

        check_user_validation()
        return render_template('user-account.j2')

    if request.method == 'GET':
        return respond()

    if request.form.get('action') == 'change-name':
        name = request.form.get('name')
        current_user.name = name
        current_user.save()

        db.session.commit()

    if request.form.get('action') == 'change-email':
        email = request.form.get('email')
        password = request.form.get('password')

        if User.exists(email=email):
            return respond(_('This email address is already in use'))

        if User.exists(name=name):
            return respond(_('This name is already in use'))

        if not current_user.check_password(password):
            return respond(
                _('The password you entered did not match your '
                  'current password'))

        current_user.email = email
        current_user.validated = False
        current_user.save()

        token = Token.make(current_user, email)
        token.save()

        db.session.commit()

        current_user.sendmail('confirmation', token=token.digest)

    if request.form.get('action') == 'change-password':
        current_password = request.form.get('current-password')
        new_password = request.form.get('new-password')

        if not current_user.check_password(current_password):
            return respond(
                _('The password you entered did not match your '
                  'current password'))

        current_user.set_password(new_password)
        current_user.save()

        db.session.commit()

    return respond()
예제 #2
0
def users_impersonate(user):
    if not current_user.admin:
        return render_template('error.j2',
                               error=_('You are not allowed to '
                                       'access this page')), 403

    user = User.get(id=user)

    login_user(user)

    return redirect(url_for('read'))
예제 #3
0
def users():
    if not current_user.admin:
        return render_template('error.j2',
                               error=_('You are not allowed to '
                                       'access this page')), 403

    page_arg = get_int_arg('page', 1)

    users = User.get() \
            .paginate(page_arg, 100)

    if request.method == 'GET':
        return render_template('admin-users.j2', users=users)
예제 #4
0
def users_toggle_admin(user):
    if not current_user.admin:
        return render_template('error.j2',
                               error=_('You are not allowed to '
                                       'access this page')), 403

    user = User.get(id=user)

    if not user == current_user:
        user.admin = not user.admin
        user.save()

        db.session.commit()

    return redirect(url_for('users'))
예제 #5
0
def test_b_string(database):
    user = User(email='*****@*****.**', name='b-string') \
            .set_password(b'\xc3\xa9') \
            .save()

    db.session.commit()

    user = User.get('*****@*****.**')

    assert user.check_password('é')
    assert user.check_password(u'é')
    assert user.check_password(b'\xc3\xa9')
예제 #6
0
def test_all(database):
    assert not User.exists(email='[email protected]')
    assert not User.exists(email='[email protected]')
    assert not User.exists(email='[email protected]')
    assert not User.exists(email='[email protected]')

    assert not User.exists(name='a')
    assert not User.exists(name='b')
    assert not User.exists(name='c')
    assert not User.exists(name='d')

    assert User.is_first()

    user = User(email='[email protected]', name='a', password='').save()

    db.session.commit()

    assert not user.admin

    assert not User.is_first()

    User(email='[email protected]', name='B', password='').save()
    User(email='[email protected]', name='C', password='').save()
    User(email='[email protected]', name='D', password='').save()

    db.session.commit()

    assert User.exists(email='[email protected]')
    assert User.exists(email='[email protected]')
    assert User.exists(email='[email protected]')
    assert User.exists(email='[email protected]')

    assert User.exists(name='a')
    assert User.exists(name='B')
    assert User.exists(name='C')
    assert User.exists(name='D')

    assert User.get('[email protected]').name == 'a'
    assert User.get('[email protected]').name == 'B'
    assert User.get('[email protected]').name == 'C'
    assert User.get('[email protected]').name == 'D'

    assert not User.get('[email protected]')