def validate(self, extra_validators=None):
valid = Form.validate(self)
user = UserMapper.get_by_id(self.user_id) if self.user_id else User()
if user.username != self.username.data and UserMapper.get_by_username(self.username.data):
self.username.errors.append(str(_('error username exists')))
valid = False
if user.email != self.email.data and UserMapper.get_by_email(self.email.data):
self.email.errors.append(str(_('error email exists')))
valid = False
if getattr(self, 'password'):
if self.password.data != self.password2.data:
self.password.errors.append(_('error passwords must match'))
self.password2.errors.append(_('error passwords must match'))
valid = False
if len(self.password.data) < session['settings']['minimum_password_length']:
self.password.errors.append(_('error password too short'))
valid = False
return valid
def login() -> str:
if current_user.is_authenticated:
return redirect('/')
form = LoginForm()
if form.validate_on_submit():
user = UserMapper.get_by_username(request.form['username'])
if user:
if user.login_attempts_exceeded():
logger.log('notice', 'auth',
'Login attempts exceeded: ' + user.username)
flash(_('error login attempts exceeded'), 'error')
return render_template('login/index.html', form=form)
hash_ = hashpw(request.form['password'].encode('utf-8'),
user.password.encode('utf-8'))
if hash_ == user.password.encode('utf-8'):
if user.active:
login_user(user)
session['login_previous_success'] = user.login_last_success
session[
'login_previous_failures'] = user.login_failed_count
if user.settings['language']:
session['language'] = user.settings['language']
user.login_last_success = datetime.datetime.now()
user.login_failed_count = 0
user.update()
logger.log('info', 'auth', 'Login of ' + user.username)
return redirect(
request.args.get('next') or url_for('index'))
else:
logger.log('notice', 'auth',
'Inactive login try ' + user.username)
flash(_('error inactive'), 'error')
else:
logger.log('notice', 'auth',
'Wrong password: '******'error wrong password'), 'error')
else:
logger.log('notice', 'auth',
'Wrong username: '******'username'])
flash(_('error username'), 'error')
return render_template('login/index.html', form=form)
def login():
if current_user.is_authenticated:
return redirect('/')
form = LoginForm()
if form.validate_on_submit():
user = UserMapper.get_by_username(request.form['username'])
if user:
if user.login_attempts_exceeded():
logger.log('notice', 'auth', 'Login attempts exceeded: ' + user.username)
flash(_('error login attempts exceeded'), 'error')
return render_template('login/index.html', form=form)
hash_ = hashpw(request.form['password'].encode('utf-8'), user.password.encode('utf-8'))
if hash_ == user.password.encode('utf-8'):
if user.active:
login_user(user)
session['login_previous_success'] = user.login_last_success
session['login_previous_failures'] = user.login_failed_count
if user.settings['language']:
session['language'] = user.settings['language']
user.login_last_success = datetime.datetime.now()
user.login_failed_count = 0
user.update()
logger.log('info', 'auth', 'Login of ' + user.username)
return redirect(request.args.get('next') or url_for('index'))
else:
logger.log('notice', 'auth', 'Inactive login try ' + user.username)
flash(_('error inactive'), 'error')
else:
logger.log('notice', 'auth', 'Wrong password: '******'error wrong password'), 'error')
else:
logger.log('notice', 'auth', 'Wrong username: '******'username'])
flash(_('error username'), 'error')
return render_template('login/index.html', form=form)
def test_user(self):
data = {
'active': '',
'username': '******',
'email': '*****@*****.**',
'password': '******',
'password2': 'you_never_guess_this',
'group': 'admin',
'name': 'Ripley Weaver',
'description': '',
'send_info': ''
}
data2 = {
'active': '',
'username': '******',
'email': '*****@*****.**',
'password': '******',
'password2': 'you_never_guess_this',
'group': 'admin',
'name': 'Newt',
'continue_': 'yes',
'send_info': ''
}
with app.app_context():
rv = self.app.get(url_for('user_insert'), follow_redirects=True)
assert b'Password' in rv.data
self.app.post('/login',
data={
'username': '******',
'password': '******'
})
rv = self.app.get(url_for('user_insert'), follow_redirects=True)
assert b'403 - Forbidden' in rv.data
self.app.get(url_for('logout'), follow_redirects=True)
self.login()
with app.test_request_context():
app.preprocess_request()
logged_in_user = UserMapper.get_by_username('Alice')
rv = self.app.get(url_for('user_insert'))
assert b'+ User' in rv.data
rv = self.app.post(url_for('user_insert'), data=data)
user_id = rv.location.split('/')[-1]
data['password'] = '******'
rv = self.app.post(url_for('user_insert'), data=data)
assert b'match' in rv.data
# Test insert with continue
rv = self.app.post(url_for('user_insert'),
follow_redirects=True,
data=data2)
assert b'Newt' not in rv.data
rv = self.app.get(url_for('user_view', id_=user_id))
assert b'Ripley' in rv.data
rv = self.app.get(url_for('user_update', id_=logged_in_user.id))
assert b'Alice' in rv.data
data['description'] = 'The warrant officer'
rv = self.app.post(url_for('user_update', id_=user_id),
data=data,
follow_redirects=True)
assert b'The warrant officer' in rv.data
rv = self.app.get(url_for('user_delete', id_=user_id),
follow_redirects=True)
assert b'User deleted' in rv.data
# Test activity log
data = {
'name': 'test',
'description': 'test'
} # insert a reference to show something
self.app.post(url_for('reference_insert', code='bibliography'),
data=data)
rv = self.app.get(url_for('user_activity'))
assert b'Activity' in rv.data
rv = self.app.get(url_for('user_activity', user_id=user_id))
assert b'Activity' in rv.data
data = {'limit': 'all', 'action': 'all', 'user': '******'}
rv = self.app.post(url_for('user_activity', data=data))
assert b'Activity' in rv.data
def test_user(self):
data = {
'active': '',
'username': '******',
'email': '*****@*****.**',
'password': '******',
'password2': 'you_never_guess_this',
'group': 'admin',
'name': 'Ripley Weaver',
'description': '',
'send_info': ''}
data2 = {
'active': '',
'username': '******',
'email': '*****@*****.**',
'password': '******',
'password2': 'you_never_guess_this',
'group': 'admin',
'name': 'Newt',
'continue_': 'yes',
'send_info': ''}
with app.app_context():
rv = self.app.get(url_for('user_insert'), follow_redirects=True)
assert b'Password' in rv.data
self.app.post('/login', data={'username': '******', 'password': '******'})
rv = self.app.get(url_for('user_insert'), follow_redirects=True)
assert b'403 - Forbidden' in rv.data
self.app.get(url_for('logout'), follow_redirects=True)
self.login()
with app.test_request_context():
app.preprocess_request()
logged_in_user_id = UserMapper.get_by_username('Alice').id
rv = self.app.get(url_for('user_insert'))
assert b'+ User' in rv.data
rv = self.app.post(url_for('user_insert'), data=data)
user_id = rv.location.split('/')[-1]
data['password'] = '******'
rv = self.app.post(url_for('user_insert'), data=data)
assert b'match' in rv.data
# Test with insert with continue
rv = self.app.post(url_for('user_insert'), follow_redirects=True, data=data2)
assert b'Newt' not in rv.data
rv = self.app.get(url_for('user_view', id_=user_id))
assert b'Ripley' in rv.data
rv = self.app.get(url_for('user_update', id_=logged_in_user_id))
assert b'Alice' in rv.data
data['description'] = 'The warrant officer'
rv = self.app.post(
url_for('user_update', id_=user_id), data=data, follow_redirects=True)
assert b'The warrant officer' in rv.data
rv = self.app.get(url_for('user_delete', id_=user_id), follow_redirects=True)
assert b'A user was deleted' in rv.data
# Test activity log
data = {'name': 'test', 'description': 'test'} # insert a reference to show something
self.app.post(url_for('reference_insert', code='bibliography'), data=data)
rv = self.app.get(url_for('user_activity'))
assert b'Activity' in rv.data
rv = self.app.get(url_for('user_activity', user_id=user_id))
assert b'Activity' in rv.data
data = {'limit': 'all', 'action': 'all', 'user': '******'}
rv = self.app.post(url_for('user_activity', data=data))
assert b'Activity' in rv.data