def add_user():
if not current_user.has_add_user_permission:
abort(403)
form = AddUserForm()
if form.validate_on_submit():
user = User()
user.username = form.username.data.lower()
user.email = form.email.data
user.first_name = form.first_name.data
user.last_name = form.last_name.data
password = generate_password()
user.set_initial_password(password)
db.session.add(user)
db.session.commit()
send_new_user_email(user, password)
message = (
"User added successfully. "
"An email has been sent to %s with the initial password and instructions on how to login. "
"Don't forget to add the user to groups."
) % user.email
flash(message, 'success')
return redirect(url_for('users.edit_user', user_id=user.id))
context = dict(
form=form
)
return render_template('add_user.html', **context)
def create_users(n):
for x in range(n):
user = User()
user.first_name = generate_first_name().capitalize()
user.last_name = generate_last_name().capitalize()
user.username = '******' % (
user.first_name.lower(),
user.last_name.lower(),
x + 1
)
user.email = '*****@*****.**' % user.username
user.set_password('password')
db.session.add(user)
def test_weak_passwords_for_user(app):
user = User()
user.username = '******'
user.email = '*****@*****.**'
user.first_name = 'fvgmptirzl'
user.last_name = 'uehnpqjarf'
suffix = 'hello418'
username_password = user.username + suffix
email_password = user.email + suffix
first_name_password = user.first_name + suffix
last_name_password = user.last_name + suffix
with app.app_context():
assert is_strong_password(username_password)
assert is_strong_password(email_password)
assert is_strong_password(first_name_password)
assert is_strong_password(last_name_password)