Exemplo n.º 1
0
def test_properties():
    ppr = PendingPasswordReset('abc')
    ppr.requestor_username = '******'
    ppr.verify_code = 'bibble'

    assert ppr.username == 'abc'
    assert ppr.requestor_username == 'dave'
    assert ppr.verify_code == 'bibble'
def test_properties():
    ppr = PendingPasswordReset('abc')
    ppr.requestor_username = '******'
    ppr.verify_code = 'bibble'

    assert ppr.username == 'abc'
    assert ppr.requestor_username == 'dave'
    assert ppr.verify_code == 'bibble'
Exemplo n.º 3
0
def test_none_listed_after_removal():
    test_creation()

    all_list = PendingPasswordReset.ListAll()
    for ppr in all_list:
        ppr.delete()

    all_list = PendingPasswordReset.ListAll()
    assert len(all_list) == 0
def test_delete():
    test_creation()

    ppr = PendingPasswordReset('abc')
    ppr.delete()
    assert not ppr.in_db

    ppr = PendingPasswordReset('abc')
    assert not ppr.in_db
Exemplo n.º 5
0
def send_password_reset(requesting_user, userid):
    user_to_update = User.create_user(userid)
    if not requesting_user.can_administrate(user_to_update):
        return AUTHORIZATION_DENIED

    verify_code = helpers.create_verify_code(user_to_update.username,
                                             requesting_user.username)

    ppr = PendingPasswordReset(user_to_update.username)
    ppr.requestor_username = requesting_user.username
    ppr.verify_code = verify_code
    ppr.save()

    log_action('sending password reset', ppr)

    url = url_for('reset_password',
                  username=user_to_update.username,
                  code=verify_code,
                  _external=True)
    ppr.send_reset_email(
        user_to_update.email,
        user_to_update.first_name,
        url,
        "{0} {1}".format(requesting_user.first_name,
                         requesting_user.last_name),
    )

    return "{}", 202
Exemplo n.º 6
0
    def test_post_by_blueshirt(self):
        params = {"username": "******", "password": "******"}

        r, data = test_helpers.server_post(
            "/send-password-reset/student_coll1_1", params)

        self.assertEqual(202, r.status, data)

        user = User('student_coll1_1')

        ps = test_helpers.last_email()
        toaddr = ps.toaddr
        self.assertEqual(user.email, toaddr)

        vars = ps.template_vars
        self.assertEqual(user.first_name, vars['name'], "Wrong first name")
        self.assertEqual('Blue Shirt', vars['requestor_name'],
                         "Wrong requestor name")

        template = ps.template_name
        self.assertEqual('password_reset', template, "Wrong email template")

        test_helpers.assert_load_template(template, vars)

        ppr = PendingPasswordReset('student_coll1_1')
        self.assertTrue(ppr.in_db,
                        "{0} should been in the database.".format(ppr))
        self.assertEqual('blueshirt', ppr.requestor_username,
                         "Wrong requestor username.")

        self.assertIn(ppr.verify_code, vars['password_reset_url'],
                      "Wrong verify code")
Exemplo n.º 7
0
def clear_old_password_resets():
    # deliberately a larger delta than we restrict against to avoid
    # accidentally removing vaild entries
    password_reset_days = config.getint('nemesis', 'password_reset_days')
    password_reset_days += 0.5
    max_age = timedelta(days=password_reset_days)

    for ppr in PendingPasswordReset.ListAll():
        if ppr.age > max_age:
            log_action('expiring password reset', ppr)
            ppr.delete()
Exemplo n.º 8
0
def reset_password(username, code):
    """
    Resets a user's password after they've clicked a link in an email we
    sent them, then serves up a page for them to change their password.
    Not part of the documented API.
    """

    ppr = PendingPasswordReset(username)

    if not ppr.in_db:
        return "No such user account", 404, PLAINTEXT_HEADER

    if ppr.age > timedelta(days=PASSWORD_RESET_DAYS):
        return "Request not valid", 410, PLAINTEXT_HEADER

    if ppr.verify_code != code:
        return "Invalid verification code", 403, PLAINTEXT_HEADER

    log_action('resetting user password', ppr)

    from libnemesis import srusers
    new_pass = srusers.users.GenPasswd()

    u = User(username)
    u.set_password(new_pass)
    # No need to save since set_password happens immediately

    ppr.delete()

    html = open(PATH + "/templates/password_reset.html").read()
    replacements = {
        'first_name': u.first_name,
        'last_name': u.last_name,
        'password': new_pass,
        'username': username,
        'root': url_for('.index')
    }

    html = html.format(**replacements)

    return html, 200, CSP_HEADER
Exemplo n.º 9
0
def reset_password(username, code):
    """
    Resets a user's password after they've clicked a link in an email we
    sent them, then serves up a page for them to change their password.
    Not part of the documented API.
    """

    ppr = PendingPasswordReset(username)

    if not ppr.in_db:
        return "No such user account", 404, PLAINTEXT_HEADER

    if ppr.age > timedelta(days = PASSWORD_RESET_DAYS):
        return "Request not valid", 410, PLAINTEXT_HEADER

    if ppr.verify_code != code:
        return "Invalid verification code", 403, PLAINTEXT_HEADER

    log_action('resetting user password', ppr)

    from libnemesis import srusers
    new_pass = srusers.users.GenPasswd()

    u = User(username)
    u.set_password(new_pass)
    # No need to save since set_password happens immediately

    ppr.delete()

    html = open(PATH + "/templates/password_reset.html").read()
    replacements = { 'first_name': u.first_name
                   ,  'last_name': u.last_name
                   ,   'password': new_pass
                   ,   'username': username
                   ,       'root': url_for('.index')
                   }

    html = html.format(**replacements)

    return html, 200, CSP_HEADER
Exemplo n.º 10
0
def test_creation():
    ppr = PendingPasswordReset('abc')
    ppr.requestor_username = '******'
    ppr.verify_code = 'bibble'

    ppr.save()
    assert ppr.in_db

    ppr = PendingPasswordReset('abc')
    assert ppr.in_db
    assert ppr.username == 'abc'
    assert ppr.requestor_username == 'dave'
    assert ppr.verify_code == 'bibble'
    age = ppr.age
    assert age > timedelta()
    assert age < timedelta(minutes=1)
Exemplo n.º 11
0
def test_send_email():
    first_name = 'jim'
    verification_url = 'http://verify'
    email = '*****@*****.**'
    requestor_name = 'Dave Smith'

    ppr = PendingPasswordReset('abc')
    ppr.requestor_username = '******'
    ppr.send_reset_email(email, first_name, verification_url, requestor_name)

    ps = test_helpers.last_email()

    vars = ps.template_vars
    assert first_name == vars['name']
    assert verification_url == vars['password_reset_url']
    assert requestor_name == vars['requestor_name']
    toaddr = ps.toaddr
    assert email == toaddr

    template = ps.template_name
    assert template == 'password_reset'

    test_helpers.assert_load_template(template, vars)
Exemplo n.º 12
0
def test_send_email():
    first_name = 'jim'
    verification_url = 'https://verify'
    email = '*****@*****.**'
    requestor_name = 'Dave Smith'

    ppr = PendingPasswordReset('abc')
    ppr.requestor_username = '******'
    ppr.send_reset_email(email, first_name, verification_url, requestor_name)

    ps = test_helpers.last_email()

    vars = ps.template_vars
    assert first_name == vars['name']
    assert verification_url == vars['password_reset_url']
    assert requestor_name == vars['requestor_name']
    toaddr = ps.toaddr
    assert email == toaddr

    template = ps.template_name
    assert template == 'password_reset'

    test_helpers.assert_load_template(template, vars)
Exemplo n.º 13
0
def test_one_listed():
    test_creation()

    all_list = PendingPasswordReset.ListAll()
    assert len(all_list) == 1

    ppr = all_list[0]

    assert type(ppr) == PendingPasswordReset

    assert ppr.in_db
    assert ppr.username == 'abc'
    assert ppr.requestor_username == 'dave'
    assert ppr.verify_code == 'bibble'
Exemplo n.º 14
0
def test_delete():
    test_creation()

    ppr = PendingPasswordReset('abc')
    ppr.delete()
    assert not ppr.in_db

    ppr = PendingPasswordReset('abc')
    assert not ppr.in_db
Exemplo n.º 15
0
def test_creation():
    ppr = PendingPasswordReset('abc')
    ppr.requestor_username = '******'
    ppr.verify_code = 'bibble'

    ppr.save()
    assert ppr.in_db

    ppr = PendingPasswordReset('abc')
    assert ppr.in_db
    assert ppr.username == 'abc'
    assert ppr.requestor_username == 'dave'
    assert ppr.verify_code == 'bibble'
    age = ppr.age
    assert age > timedelta()
    assert age < timedelta(minutes = 1)
Exemplo n.º 16
0
    def test_verify_success(self):
        username = "******"
        setup_password_reset(username, 'bees')

        r, data = test_helpers.server_get("/reset_password/" + username +
                                          "/bees")
        self.assertEqual(200, r.status, data)

        try:
            match = re.search(r'"password": "******"]+)"', data)
            self.assertTrue(match, "Failed to extract password")

            new_password = match.group(1)

            user = User.create_user(username, new_password)
            self.assertTrue(
                user.is_authenticated,
                "Wrong password ({0}) found in page!".format(new_password))
        finally:
            User(username).set_password('cows')

        ppr = PendingPasswordReset('student_coll1_1')
        self.assertFalse(ppr.in_db,
                         "{0} should no longer in the database.".format(ppr))
Exemplo n.º 17
0
def send_password_reset(requesting_user, userid):
    user_to_update = User.create_user(userid)
    if not requesting_user.can_administrate(user_to_update):
        return AUTHORIZATION_DENIED

    verify_code = helpers.create_verify_code(user_to_update.username, requesting_user.username)

    ppr = PendingPasswordReset(user_to_update.username)
    ppr.requestor_username = requesting_user.username
    ppr.verify_code = verify_code
    ppr.save()

    log_action('sending password reset', ppr)

    url = url_for('reset_password', username=user_to_update.username, code=verify_code, _external=True)
    ppr.send_reset_email(
        user_to_update.email,
        user_to_update.first_name,
        url,
        "{0} {1}".format(requesting_user.first_name, requesting_user.last_name),
    )

    return "{}", 202
Exemplo n.º 18
0
def test_none_listed_at_start():
    all_list = PendingPasswordReset.ListAll()
    assert len(all_list) == 0
Exemplo n.º 19
0
def test_empty_at_start():
    ppr = PendingPasswordReset('abc')
    assert ppr.in_db == False
    assert ppr.requestor_username is None
    assert ppr.verify_code is None
    assert ppr.age == timedelta()
Exemplo n.º 20
0
def test_invalid_property():
    ppr = PendingPasswordReset('abc')
    print ppr.bacon
Exemplo n.º 21
0
    def test_clear_old_password_resets(self):
        ppr = PendingPasswordReset('old')
        ppr.requestor_username = '******'
        ppr.verify_code = 'bibble-old'
        ppr.save()

        self._make_old('password_resets', 'old')

        ppr = PendingPasswordReset('abc')
        ppr.requestor_username = '******'
        ppr.verify_code = 'bibble-new'
        ppr.save()

        helpers.clear_old_password_resets()

        ppr = PendingPasswordReset('old')
        assert not ppr.in_db

        ppr = PendingPasswordReset('abc')
        assert ppr.in_db
Exemplo n.º 22
0
    def test_clear_old_password_resets(self):
        ppr = PendingPasswordReset('old')
        ppr.requestor_username = '******'
        ppr.verify_code = 'bibble-old'
        ppr.save()

        self._make_old('password_resets', 'old')

        ppr = PendingPasswordReset('abc')
        ppr.requestor_username = '******'
        ppr.verify_code = 'bibble-new'
        ppr.save()

        helpers.clear_old_password_resets()

        ppr = PendingPasswordReset('old')
        assert not ppr.in_db

        ppr = PendingPasswordReset('abc')
        assert ppr.in_db
Exemplo n.º 23
0
def setup_password_reset(for_user, verify_code):
    ppr = PendingPasswordReset(for_user)
    ppr.requestor_username = '******'
    ppr.verify_code = verify_code
    ppr.save()
Exemplo n.º 24
0
def setup_password_reset(for_user, verify_code):
    ppr = PendingPasswordReset(for_user)
    ppr.requestor_username = '******'
    ppr.verify_code = verify_code
    ppr.save()