def login_route(): """login route""" form = LoginForm() if form.validate_on_submit(): user = User.query.filter( User.active, User.username == form.username.data).one_or_none() if user: if form.password.data: if PWS.compare( PWS.hash(form.password.data, PWS.get_salt(user.password)), user.password): if user.totp: session['totp_login_user_id'] = user.id return redirect( url_for('auth.login_totp_route', **request.args)) regenerate_session() login_user(user) return redirect_after_login() else: if user.webauthn_credentials: session['webauthn_login_user_id'] = user.id return redirect( url_for('auth.login_webauthn_route', **request.args)) flash('Invalid credentials.', 'error') return render_template('auth/login.html', form=form)
def test_profile_changepassword_route(cl_user): """user profile change password""" cur_password = PWS().generate() new_password = PWS().generate() user = User.query.filter(User.username == 'pytest_user').one() user.password = cur_password db.session.commit() form = cl_user.get(url_for('auth.profile_changepassword_route')).form form['current_password'] = cur_password form['password1'] = 'AlongPassword1' form['password2'] = 'AlongPassword2' response = form.submit() assert response.status_code == HTTPStatus.OK assert response.lxml.xpath( '//div[@class="invalid-feedback" and text()="Passwords does not match."]' ) form = cl_user.get(url_for('auth.profile_changepassword_route')).form form['current_password'] = cur_password form['password1'] = 'weak' form['password2'] = 'weak' response = form.submit() assert response.status_code == HTTPStatus.OK assert response.lxml.xpath( '//div[@class="invalid-feedback" and contains(text(), "Password too short.")]' ) form = cl_user.get(url_for('auth.profile_changepassword_route')).form form['current_password'] = '******' form['password1'] = new_password form['password2'] = new_password response = form.submit() assert response.status_code == HTTPStatus.OK assert response.lxml.xpath( '//script[contains(text(), "toastr[\'error\'](\'Invalid current password.\');")]' ) form = cl_user.get(url_for('auth.profile_changepassword_route')).form form['current_password'] = cur_password form['password1'] = new_password form['password2'] = new_password response = form.submit() assert response.status_code == HTTPStatus.FOUND user = User.query.filter(User.username == 'pytest_user').one() assert PWS.compare(PWS.hash(new_password, PWS.get_salt(user.password)), user.password)
def profile_changepassword_route(): """user profile change password""" form = UserChangePasswordForm() if form.validate_on_submit(): user = User.query.filter(User.id == current_user.id).one() if not PWS.compare(PWS.hash(form.current_password.data, PWS.get_salt(user.password)), user.password): flash('Invalid current password.', 'error') else: user.password = PWS.hash(form.password1.data) db.session.commit() flash('Password changed.', 'info') return redirect(url_for('auth.profile_route')) return render_template('auth/profile/changepassword.html', form=form)
def test_user_edit_route(cl_admin, user): """user edit route test""" password = PWS.generate() form = cl_admin.get(url_for('auth.user_edit_route', user_id=user.id)).form form['username'] = f'{form["username"].value}_edited' form['new_password'] = password form['roles'] = [] response = form.submit() assert response.status_code == HTTPStatus.FOUND tuser = User.query.filter(User.username == form['username'].value).one() assert tuser.username == form['username'].value assert PWS.compare(PWS.hash(password, PWS.get_salt(tuser.password)), tuser.password) assert not user.roles
def test_user_add_route(cl_admin, user_factory): """user add route test""" password = PWS.generate() auser = user_factory.build() form = cl_admin.get(url_for('auth.user_add_route')).form form['username'] = auser.username form['roles'] = auser.roles form['active'] = auser.active form['new_password'] = password response = form.submit() assert response.status_code == HTTPStatus.FOUND tuser = User.query.filter(User.username == auser.username).one() assert tuser.username == auser.username assert PWS.compare(PWS.hash(password, PWS.get_salt(tuser.password)), tuser.password) assert tuser.active == auser.active assert tuser.roles == auser.roles
def test_user_add_route(cl_admin): """user add route test""" tmp_password = PWS().generate() test_user = create_test_user() form = cl_admin.get(url_for('auth.user_add_route')).form form['username'] = test_user.username form['password'] = tmp_password form['roles'] = test_user.roles form['active'] = test_user.active response = form.submit() assert response.status_code == HTTPStatus.FOUND user = User.query.filter(User.username == test_user.username).one() assert user.username == test_user.username assert PWS.compare(PWS.hash(tmp_password, PWS.get_salt(user.password)), user.password) assert user.active == test_user.active assert user.roles == test_user.roles