def test_update_user_password(self, _):
user = User()
# Test valid password hash
user_1 = user.get_user_by_username("user_1")
user_1[
"password_hash"] = "$2b$12$nChdB1EJj1DZbtJgNSOFz.fTxPXu565.ic3xtXJvjLf64F4ELnuXG"
user.update_user_password("user_1", "test3")
self.assertEqual(user_1, user.get_user_by_username("user_1"))
# Test invalid password hash
self.assertRaises(ValueError, user.update_user_password, "user_1", "")
self.assertRaises(ValueError, user.update_user_password, "user_1", "a")
self.assertRaises(ValueError, user.update_user_password, "user_1",
"aa")
self.assertRaises(ValueError, user.update_user_password, "user_1",
"aaa")
# Test invalid user
self.assertRaises(
ValueError,
user.update_user_password,
"user_x",
"$2b$12$G/Kb.r3YAJbenM7Ul9gQXO6bIjMZtVAt1uY.nKZMQL.1i6L50LLTW",
)
def change_password(event, _):
"""
Change the password of the user
:param event: event
:return: 200 if the change was successful, 400 if there was a problem with the new password
"""
# Parse the parameters
params = parse_qs(event["body"])
# Check if a password is missing or they don't match
if ("newpassword" not in params or "newpassword2" not in params
or params["newpassword"][0] != params["newpassword2"][0]):
return create_response(400, "POST", "The two passwords don't match")
# Check if the user is logged in correctly
username = get_logged_in_user(event)
if not username:
return create_response(400, "POST", "User not logged in correctly")
# Try to change the password
user = User()
try:
user.update_user_password(username, params["newpassword"][0])
return create_response(200, "POST")
except ValueError as error:
return create_response(400, "POST", str(error))