예제 #1
0
    def test_change_password(self, test_app):
        """Test changing password correctly and incorrectly"""
        self.login(test_app)

        # test that the password can be changed
        # template.clear_test_template_context()
        res = test_app.post(
            '/edit/account/', {
                'old_password': '******',
                'new_password': '******',
                'wants_comment_notification': 'y'
                })

        # Check for redirect on success
        assert res.status_int == 302
        # test_user has to be fetched again in order to have the current values
        test_user = User.query.filter_by(username=u'chris').first()
        assert bcrypt_check_password('123456', test_user.pw_hash)
        # Update current user passwd
        self.user_password = '******'

        # test that the password cannot be changed if the given
        # old_password is wrong template.clear_test_template_context()
        test_app.post(
            '/edit/account/', {
                'old_password': '******',
                'new_password': '******',
                })

        test_user = User.query.filter_by(username=u'chris').first()
        assert not bcrypt_check_password('098765', test_user.pw_hash)
예제 #2
0
def test_bcrypt_gen_password_hash():
    pw = "youwillneverguessthis"

    # Normal password hash generation, and check on that hash
    hashed_pw = auth_lib.bcrypt_gen_password_hash(pw)
    assert auth_lib.bcrypt_check_password(pw, hashed_pw)
    assert not auth_lib.bcrypt_check_password("notthepassword", hashed_pw)

    # Same thing, extra salt.
    hashed_pw = auth_lib.bcrypt_gen_password_hash(pw, "3><7R45417")
    assert auth_lib.bcrypt_check_password(pw, hashed_pw, "3><7R45417")
    assert not auth_lib.bcrypt_check_password("notthepassword", hashed_pw, "3><7R45417")
예제 #3
0
def test_bcrypt_gen_password_hash():
    pw = 'youwillneverguessthis'

    # Normal password hash generation, and check on that hash
    hashed_pw = auth_lib.bcrypt_gen_password_hash(pw)
    assert auth_lib.bcrypt_check_password(pw, hashed_pw)
    assert not auth_lib.bcrypt_check_password('notthepassword', hashed_pw)

    # Same thing, extra salt.
    hashed_pw = auth_lib.bcrypt_gen_password_hash(pw, '3><7R45417')
    assert auth_lib.bcrypt_check_password(pw, hashed_pw, '3><7R45417')
    assert not auth_lib.bcrypt_check_password('notthepassword', hashed_pw,
                                              '3><7R45417')
예제 #4
0
def test_bcrypt_check_password():
    # Check known 'lollerskates' password against check function
    assert auth_lib.bcrypt_check_password(
        "lollerskates", "$2a$12$PXU03zfrVCujBhVeICTwtOaHTUs5FFwsscvSSTJkqx/2RQ0Lhy/nO"
    )

    assert not auth_lib.bcrypt_check_password(
        "notthepassword", "$2a$12$PXU03zfrVCujBhVeICTwtOaHTUs5FFwsscvSSTJkqx/2RQ0Lhy/nO"
    )

    # Same thing, but with extra fake salt.
    assert not auth_lib.bcrypt_check_password(
        "notthepassword", "$2a$12$ELVlnw3z1FMu6CEGs/L8XO8vl0BuWSlUHgh0rUrry9DUXGMUNWwl6", "3><7R45417"
    )
예제 #5
0
def test_bcrypt_check_password():
    # Check known 'lollerskates' password against check function
    assert auth_lib.bcrypt_check_password(
        'lollerskates',
        '$2a$12$PXU03zfrVCujBhVeICTwtOaHTUs5FFwsscvSSTJkqx/2RQ0Lhy/nO')

    assert not auth_lib.bcrypt_check_password(
        'notthepassword',
        '$2a$12$PXU03zfrVCujBhVeICTwtOaHTUs5FFwsscvSSTJkqx/2RQ0Lhy/nO')

    # Same thing, but with extra fake salt.
    assert not auth_lib.bcrypt_check_password(
        'notthepassword',
        '$2a$12$ELVlnw3z1FMu6CEGs/L8XO8vl0BuWSlUHgh0rUrry9DUXGMUNWwl6',
        '3><7R45417')
예제 #6
0
def edit_account(request):
    user = request.user
    form = forms.EditAccountForm(
        request.form,
        wants_comment_notification=user.wants_comment_notification,
        license_preference=user.license_preference,
    )

    if request.method == "POST":
        form_validated = form.validate()

        if form_validated and form.wants_comment_notification.validate(form):
            user.wants_comment_notification = form.wants_comment_notification.data

        if form_validated and form.new_password.data or form.old_password.data:
            password_matches = auth_lib.bcrypt_check_password(form.old_password.data, user.pw_hash)
            if password_matches:
                # the entire form validates and the password matches
                user.pw_hash = auth_lib.bcrypt_gen_password_hash(form.new_password.data)
            else:
                form.old_password.errors.append(_("Wrong password"))

        if form_validated and form.license_preference.validate(form):
            user.license_preference = form.license_preference.data

        if form_validated and not form.errors:
            user.save()
            messages.add_message(request, messages.SUCCESS, _("Account settings saved"))
            return redirect(request, "mediagoblin.user_pages.user_home", user=user.username)

    return render_to_response(request, "mediagoblin/edit/edit_account.html", {"user": user, "form": form})
예제 #7
0
def edit_account(request):
    user = request.user
    form = forms.EditAccountForm(request.form, wants_comment_notification=user.get("wants_comment_notification"))

    if request.method == "POST":
        form_validated = form.validate()

        # if the user has not filled in the new or old password fields
        if not form.new_password.data and not form.old_password.data:
            if form.wants_comment_notification.validate(form):
                user.wants_comment_notification = form.wants_comment_notification.data
                user.save()
                messages.add_message(request, messages.SUCCESS, _("Account settings saved"))
                return redirect(request, "mediagoblin.user_pages.user_home", user=user.username)

        # so the user has filled in one or both of the password fields
        else:
            if form_validated:
                password_matches = auth_lib.bcrypt_check_password(form.old_password.data, user.pw_hash)
                if password_matches:
                    # the entire form validates and the password matches
                    user.pw_hash = auth_lib.bcrypt_gen_password_hash(form.new_password.data)
                    user.wants_comment_notification = form.wants_comment_notification.data
                    user.save()
                    messages.add_message(request, messages.SUCCESS, _("Account settings saved"))
                    return redirect(request, "mediagoblin.user_pages.user_home", user=user.username)
                else:
                    form.old_password.errors.append(_("Wrong password"))

    return render_to_response(request, "mediagoblin/edit/edit_account.html", {"user": user, "form": form})
예제 #8
0
def test_change_password(test_app):
    """Test changing password correctly and incorrectly"""
    # set up new user
    test_user = fixture_add_user()

    test_app.post(
        '/auth/login/', {
            'username': u'chris',
            'password': '******'})

    # test that the password can be changed
    # template.clear_test_template_context()
    test_app.post(
        '/edit/account/', {
            'old_password': '******',
            'new_password': '******',
            'wants_comment_notification': 'y'
            })

    # test_user has to be fetched again in order to have the current values
    test_user = mg_globals.database.User.one({'username': u'chris'})

    assert bcrypt_check_password('123456', test_user.pw_hash)

    # test that the password cannot be changed if the given old_password
    # is wrong
    # template.clear_test_template_context()
    test_app.post(
        '/edit/account/', {
            'old_password': '******',
            'new_password': '******',
            })

    test_user = mg_globals.database.User.one({'username': u'chris'})

    assert not bcrypt_check_password('098765', test_user.pw_hash)
예제 #9
0
 def check_login(self, password):
     """
     See if a user can login with this password
     """
     return auth_lib.bcrypt_check_password(
         password, self['pw_hash'])
예제 #10
0
 def check_login(self, password):
     """
     See if a user can login with this password
     """
     return auth_lib.bcrypt_check_password(password, self['pw_hash'])