def test_change_password(self, test_app):
"""Test changing password correctly and incorrectly"""
self.login(test_app)
# test that the password can be changed
# template.clear_test_template_context()
res = test_app.post(
'/edit/account/', {
'old_password': '******',
'new_password': '******',
'wants_comment_notification': 'y'
})
# Check for redirect on success
assert res.status_int == 302
# test_user has to be fetched again in order to have the current values
test_user = User.query.filter_by(username=u'chris').first()
assert bcrypt_check_password('123456', test_user.pw_hash)
# Update current user passwd
self.user_password = '******'
# test that the password cannot be changed if the given
# old_password is wrong template.clear_test_template_context()
test_app.post(
'/edit/account/', {
'old_password': '******',
'new_password': '******',
})
test_user = User.query.filter_by(username=u'chris').first()
assert not bcrypt_check_password('098765', test_user.pw_hash)
def test_bcrypt_gen_password_hash():
pw = "youwillneverguessthis"
# Normal password hash generation, and check on that hash
hashed_pw = auth_lib.bcrypt_gen_password_hash(pw)
assert auth_lib.bcrypt_check_password(pw, hashed_pw)
assert not auth_lib.bcrypt_check_password("notthepassword", hashed_pw)
# Same thing, extra salt.
hashed_pw = auth_lib.bcrypt_gen_password_hash(pw, "3><7R45417")
assert auth_lib.bcrypt_check_password(pw, hashed_pw, "3><7R45417")
assert not auth_lib.bcrypt_check_password("notthepassword", hashed_pw, "3><7R45417")
def test_bcrypt_gen_password_hash():
pw = 'youwillneverguessthis'
# Normal password hash generation, and check on that hash
hashed_pw = auth_lib.bcrypt_gen_password_hash(pw)
assert auth_lib.bcrypt_check_password(pw, hashed_pw)
assert not auth_lib.bcrypt_check_password('notthepassword', hashed_pw)
# Same thing, extra salt.
hashed_pw = auth_lib.bcrypt_gen_password_hash(pw, '3><7R45417')
assert auth_lib.bcrypt_check_password(pw, hashed_pw, '3><7R45417')
assert not auth_lib.bcrypt_check_password('notthepassword', hashed_pw,
'3><7R45417')
def test_bcrypt_check_password():
# Check known 'lollerskates' password against check function
assert auth_lib.bcrypt_check_password(
"lollerskates", "$2a$12$PXU03zfrVCujBhVeICTwtOaHTUs5FFwsscvSSTJkqx/2RQ0Lhy/nO"
)
assert not auth_lib.bcrypt_check_password(
"notthepassword", "$2a$12$PXU03zfrVCujBhVeICTwtOaHTUs5FFwsscvSSTJkqx/2RQ0Lhy/nO"
)
# Same thing, but with extra fake salt.
assert not auth_lib.bcrypt_check_password(
"notthepassword", "$2a$12$ELVlnw3z1FMu6CEGs/L8XO8vl0BuWSlUHgh0rUrry9DUXGMUNWwl6", "3><7R45417"
)
def test_bcrypt_check_password():
# Check known 'lollerskates' password against check function
assert auth_lib.bcrypt_check_password(
'lollerskates',
'$2a$12$PXU03zfrVCujBhVeICTwtOaHTUs5FFwsscvSSTJkqx/2RQ0Lhy/nO')
assert not auth_lib.bcrypt_check_password(
'notthepassword',
'$2a$12$PXU03zfrVCujBhVeICTwtOaHTUs5FFwsscvSSTJkqx/2RQ0Lhy/nO')
# Same thing, but with extra fake salt.
assert not auth_lib.bcrypt_check_password(
'notthepassword',
'$2a$12$ELVlnw3z1FMu6CEGs/L8XO8vl0BuWSlUHgh0rUrry9DUXGMUNWwl6',
'3><7R45417')
def edit_account(request):
user = request.user
form = forms.EditAccountForm(
request.form,
wants_comment_notification=user.wants_comment_notification,
license_preference=user.license_preference,
)
if request.method == "POST":
form_validated = form.validate()
if form_validated and form.wants_comment_notification.validate(form):
user.wants_comment_notification = form.wants_comment_notification.data
if form_validated and form.new_password.data or form.old_password.data:
password_matches = auth_lib.bcrypt_check_password(form.old_password.data, user.pw_hash)
if password_matches:
# the entire form validates and the password matches
user.pw_hash = auth_lib.bcrypt_gen_password_hash(form.new_password.data)
else:
form.old_password.errors.append(_("Wrong password"))
if form_validated and form.license_preference.validate(form):
user.license_preference = form.license_preference.data
if form_validated and not form.errors:
user.save()
messages.add_message(request, messages.SUCCESS, _("Account settings saved"))
return redirect(request, "mediagoblin.user_pages.user_home", user=user.username)
return render_to_response(request, "mediagoblin/edit/edit_account.html", {"user": user, "form": form})
def edit_account(request):
user = request.user
form = forms.EditAccountForm(request.form, wants_comment_notification=user.get("wants_comment_notification"))
if request.method == "POST":
form_validated = form.validate()
# if the user has not filled in the new or old password fields
if not form.new_password.data and not form.old_password.data:
if form.wants_comment_notification.validate(form):
user.wants_comment_notification = form.wants_comment_notification.data
user.save()
messages.add_message(request, messages.SUCCESS, _("Account settings saved"))
return redirect(request, "mediagoblin.user_pages.user_home", user=user.username)
# so the user has filled in one or both of the password fields
else:
if form_validated:
password_matches = auth_lib.bcrypt_check_password(form.old_password.data, user.pw_hash)
if password_matches:
# the entire form validates and the password matches
user.pw_hash = auth_lib.bcrypt_gen_password_hash(form.new_password.data)
user.wants_comment_notification = form.wants_comment_notification.data
user.save()
messages.add_message(request, messages.SUCCESS, _("Account settings saved"))
return redirect(request, "mediagoblin.user_pages.user_home", user=user.username)
else:
form.old_password.errors.append(_("Wrong password"))
return render_to_response(request, "mediagoblin/edit/edit_account.html", {"user": user, "form": form})
def test_change_password(test_app):
"""Test changing password correctly and incorrectly"""
# set up new user
test_user = fixture_add_user()
test_app.post(
'/auth/login/', {
'username': u'chris',
'password': '******'})
# test that the password can be changed
# template.clear_test_template_context()
test_app.post(
'/edit/account/', {
'old_password': '******',
'new_password': '******',
'wants_comment_notification': 'y'
})
# test_user has to be fetched again in order to have the current values
test_user = mg_globals.database.User.one({'username': u'chris'})
assert bcrypt_check_password('123456', test_user.pw_hash)
# test that the password cannot be changed if the given old_password
# is wrong
# template.clear_test_template_context()
test_app.post(
'/edit/account/', {
'old_password': '******',
'new_password': '******',
})
test_user = mg_globals.database.User.one({'username': u'chris'})
assert not bcrypt_check_password('098765', test_user.pw_hash)
def check_login(self, password):
"""
See if a user can login with this password
"""
return auth_lib.bcrypt_check_password(
password, self['pw_hash'])
def check_login(self, password):
"""
See if a user can login with this password
"""
return auth_lib.bcrypt_check_password(password, self['pw_hash'])
