def change_password(): """Change password **Change user password using json params.** --- tags: - Core parameters: - in: body name: body required: true schema: id: change_password_form required: - old_password - password - confirm_password properties: old_password: type: string password: type: string confirm_password: type: string responses: 200: description: Change with success schema: id: generic_success properties: message: type: string 400: description: Invalid json informations schema: $ref: "#/definitions/generic_error" 401: description: Invalid credentials schema: $ref: "#/definitions/generic_error" """ required_fields = ('old_password', 'password', 'confirm_password') if all(request.json.get(field) for field in required_fields): old_password = request.json.get('old_password') password = request.json.get('password') confirm_password = request.json.get('confirm_password') else: return abort(400) try: user = User.by_login(current_user.username) user.change_password(old_password=old_password, password=password, confirm_password=confirm_password) return jsonify({'message': 'success'}), 200 except (InvalidPassword, PasswordMismatch): return abort(400) except InvalidCredentials: return abort(401)
if g.user: return redirect(url_for('profile')) form = RegisterForm(request.form) if request.method == 'POST' and form.is_valid(): user = form.save() user.add_role('user') db.commit() # commit BEFORE doing auth.login! auth.login(user) return redirect(url_for('profile')) return render_template('index.html', **locals()) @app.route('/user/') @auth.protected() def profile(): return render_template('profile.html', **locals()) if __name__ == '__main__': # Just for this demo db.create_all() if not User.by_login(u'example'): db.add(User(login=u'example', password='******')) db.commit() # port = int(os.getenv("PORT", 5000)) app.run(host='0.0.0.0', port=port)
def test_get_inexistent_user(): with pytest.raises(UserNotFound): User.by_login('Luke_Skywalker')
def test_get_user_with_email(user): user = User.by_login('*****@*****.**') assert str(user) == '<User[1] username=\'Darth_Vader\'>'
def test_get_user_with_username(user): user = User.by_login('Darth_Vader') assert user.email == '*****@*****.**'
def login(): """Login **Authenticate user using json params.** --- tags: - Core parameters: - in: body name: body required: true schema: id: login_form required: - username - password properties: username: type: string password: type: string remember: type: boolean responses: 200: description: Login with success schema: id: generic_success properties: message: type: string 400: description: Invalid json informations schema: id: generic_error properties: error_code: type: string 401: description: Invalid credentials schema: $ref: "#/definitions/generic_error" 404: description: User not found schema: $ref: "#/definitions/generic_error" """ required_fields = ('username', 'password') if all(request.json.get(field) for field in required_fields): username = request.json.get('username') password = request.json.get('password') remember = request.json.get('remember') else: return abort(400) try: user = User.by_login(username) if user.validate_password(password): login_user(user, remember) return jsonify({'message': 'success'}), 200 else: return abort(401) except UserNotFound: return abort(404)