def test_properties():
ppr = PendingPasswordReset('abc')
ppr.requestor_username = '******'
ppr.verify_code = 'bibble'
assert ppr.username == 'abc'
assert ppr.requestor_username == 'dave'
assert ppr.verify_code == 'bibble'
def test_properties():
ppr = PendingPasswordReset('abc')
ppr.requestor_username = '******'
ppr.verify_code = 'bibble'
assert ppr.username == 'abc'
assert ppr.requestor_username == 'dave'
assert ppr.verify_code == 'bibble'
def test_none_listed_after_removal():
test_creation()
all_list = PendingPasswordReset.ListAll()
for ppr in all_list:
ppr.delete()
all_list = PendingPasswordReset.ListAll()
assert len(all_list) == 0
def test_delete():
test_creation()
ppr = PendingPasswordReset('abc')
ppr.delete()
assert not ppr.in_db
ppr = PendingPasswordReset('abc')
assert not ppr.in_db
def send_password_reset(requesting_user, userid):
user_to_update = User.create_user(userid)
if not requesting_user.can_administrate(user_to_update):
return AUTHORIZATION_DENIED
verify_code = helpers.create_verify_code(user_to_update.username,
requesting_user.username)
ppr = PendingPasswordReset(user_to_update.username)
ppr.requestor_username = requesting_user.username
ppr.verify_code = verify_code
ppr.save()
log_action('sending password reset', ppr)
url = url_for('reset_password',
username=user_to_update.username,
code=verify_code,
_external=True)
ppr.send_reset_email(
user_to_update.email,
user_to_update.first_name,
url,
"{0} {1}".format(requesting_user.first_name,
requesting_user.last_name),
)
return "{}", 202
def test_post_by_blueshirt(self):
params = {"username": "******", "password": "******"}
r, data = test_helpers.server_post(
"/send-password-reset/student_coll1_1", params)
self.assertEqual(202, r.status, data)
user = User('student_coll1_1')
ps = test_helpers.last_email()
toaddr = ps.toaddr
self.assertEqual(user.email, toaddr)
vars = ps.template_vars
self.assertEqual(user.first_name, vars['name'], "Wrong first name")
self.assertEqual('Blue Shirt', vars['requestor_name'],
"Wrong requestor name")
template = ps.template_name
self.assertEqual('password_reset', template, "Wrong email template")
test_helpers.assert_load_template(template, vars)
ppr = PendingPasswordReset('student_coll1_1')
self.assertTrue(ppr.in_db,
"{0} should been in the database.".format(ppr))
self.assertEqual('blueshirt', ppr.requestor_username,
"Wrong requestor username.")
self.assertIn(ppr.verify_code, vars['password_reset_url'],
"Wrong verify code")
def clear_old_password_resets():
# deliberately a larger delta than we restrict against to avoid
# accidentally removing vaild entries
password_reset_days = config.getint('nemesis', 'password_reset_days')
password_reset_days += 0.5
max_age = timedelta(days=password_reset_days)
for ppr in PendingPasswordReset.ListAll():
if ppr.age > max_age:
log_action('expiring password reset', ppr)
ppr.delete()
def reset_password(username, code):
"""
Resets a user's password after they've clicked a link in an email we
sent them, then serves up a page for them to change their password.
Not part of the documented API.
"""
ppr = PendingPasswordReset(username)
if not ppr.in_db:
return "No such user account", 404, PLAINTEXT_HEADER
if ppr.age > timedelta(days=PASSWORD_RESET_DAYS):
return "Request not valid", 410, PLAINTEXT_HEADER
if ppr.verify_code != code:
return "Invalid verification code", 403, PLAINTEXT_HEADER
log_action('resetting user password', ppr)
from libnemesis import srusers
new_pass = srusers.users.GenPasswd()
u = User(username)
u.set_password(new_pass)
# No need to save since set_password happens immediately
ppr.delete()
html = open(PATH + "/templates/password_reset.html").read()
replacements = {
'first_name': u.first_name,
'last_name': u.last_name,
'password': new_pass,
'username': username,
'root': url_for('.index')
}
html = html.format(**replacements)
return html, 200, CSP_HEADER
def reset_password(username, code):
"""
Resets a user's password after they've clicked a link in an email we
sent them, then serves up a page for them to change their password.
Not part of the documented API.
"""
ppr = PendingPasswordReset(username)
if not ppr.in_db:
return "No such user account", 404, PLAINTEXT_HEADER
if ppr.age > timedelta(days = PASSWORD_RESET_DAYS):
return "Request not valid", 410, PLAINTEXT_HEADER
if ppr.verify_code != code:
return "Invalid verification code", 403, PLAINTEXT_HEADER
log_action('resetting user password', ppr)
from libnemesis import srusers
new_pass = srusers.users.GenPasswd()
u = User(username)
u.set_password(new_pass)
# No need to save since set_password happens immediately
ppr.delete()
html = open(PATH + "/templates/password_reset.html").read()
replacements = { 'first_name': u.first_name
, 'last_name': u.last_name
, 'password': new_pass
, 'username': username
, 'root': url_for('.index')
}
html = html.format(**replacements)
return html, 200, CSP_HEADER
def test_creation():
ppr = PendingPasswordReset('abc')
ppr.requestor_username = '******'
ppr.verify_code = 'bibble'
ppr.save()
assert ppr.in_db
ppr = PendingPasswordReset('abc')
assert ppr.in_db
assert ppr.username == 'abc'
assert ppr.requestor_username == 'dave'
assert ppr.verify_code == 'bibble'
age = ppr.age
assert age > timedelta()
assert age < timedelta(minutes=1)
def test_send_email():
first_name = 'jim'
verification_url = 'http://verify'
email = '*****@*****.**'
requestor_name = 'Dave Smith'
ppr = PendingPasswordReset('abc')
ppr.requestor_username = '******'
ppr.send_reset_email(email, first_name, verification_url, requestor_name)
ps = test_helpers.last_email()
vars = ps.template_vars
assert first_name == vars['name']
assert verification_url == vars['password_reset_url']
assert requestor_name == vars['requestor_name']
toaddr = ps.toaddr
assert email == toaddr
template = ps.template_name
assert template == 'password_reset'
test_helpers.assert_load_template(template, vars)
def test_send_email():
first_name = 'jim'
verification_url = 'https://verify'
email = '*****@*****.**'
requestor_name = 'Dave Smith'
ppr = PendingPasswordReset('abc')
ppr.requestor_username = '******'
ppr.send_reset_email(email, first_name, verification_url, requestor_name)
ps = test_helpers.last_email()
vars = ps.template_vars
assert first_name == vars['name']
assert verification_url == vars['password_reset_url']
assert requestor_name == vars['requestor_name']
toaddr = ps.toaddr
assert email == toaddr
template = ps.template_name
assert template == 'password_reset'
test_helpers.assert_load_template(template, vars)
def test_one_listed():
test_creation()
all_list = PendingPasswordReset.ListAll()
assert len(all_list) == 1
ppr = all_list[0]
assert type(ppr) == PendingPasswordReset
assert ppr.in_db
assert ppr.username == 'abc'
assert ppr.requestor_username == 'dave'
assert ppr.verify_code == 'bibble'
def test_delete():
test_creation()
ppr = PendingPasswordReset('abc')
ppr.delete()
assert not ppr.in_db
ppr = PendingPasswordReset('abc')
assert not ppr.in_db
def test_creation():
ppr = PendingPasswordReset('abc')
ppr.requestor_username = '******'
ppr.verify_code = 'bibble'
ppr.save()
assert ppr.in_db
ppr = PendingPasswordReset('abc')
assert ppr.in_db
assert ppr.username == 'abc'
assert ppr.requestor_username == 'dave'
assert ppr.verify_code == 'bibble'
age = ppr.age
assert age > timedelta()
assert age < timedelta(minutes = 1)
def test_verify_success(self):
username = "******"
setup_password_reset(username, 'bees')
r, data = test_helpers.server_get("/reset_password/" + username +
"/bees")
self.assertEqual(200, r.status, data)
try:
match = re.search(r'"password": "******"]+)"', data)
self.assertTrue(match, "Failed to extract password")
new_password = match.group(1)
user = User.create_user(username, new_password)
self.assertTrue(
user.is_authenticated,
"Wrong password ({0}) found in page!".format(new_password))
finally:
User(username).set_password('cows')
ppr = PendingPasswordReset('student_coll1_1')
self.assertFalse(ppr.in_db,
"{0} should no longer in the database.".format(ppr))
def send_password_reset(requesting_user, userid):
user_to_update = User.create_user(userid)
if not requesting_user.can_administrate(user_to_update):
return AUTHORIZATION_DENIED
verify_code = helpers.create_verify_code(user_to_update.username, requesting_user.username)
ppr = PendingPasswordReset(user_to_update.username)
ppr.requestor_username = requesting_user.username
ppr.verify_code = verify_code
ppr.save()
log_action('sending password reset', ppr)
url = url_for('reset_password', username=user_to_update.username, code=verify_code, _external=True)
ppr.send_reset_email(
user_to_update.email,
user_to_update.first_name,
url,
"{0} {1}".format(requesting_user.first_name, requesting_user.last_name),
)
return "{}", 202
def test_none_listed_at_start():
all_list = PendingPasswordReset.ListAll()
assert len(all_list) == 0
def test_empty_at_start():
ppr = PendingPasswordReset('abc')
assert ppr.in_db == False
assert ppr.requestor_username is None
assert ppr.verify_code is None
assert ppr.age == timedelta()
def test_invalid_property():
ppr = PendingPasswordReset('abc')
print ppr.bacon
def test_clear_old_password_resets(self):
ppr = PendingPasswordReset('old')
ppr.requestor_username = '******'
ppr.verify_code = 'bibble-old'
ppr.save()
self._make_old('password_resets', 'old')
ppr = PendingPasswordReset('abc')
ppr.requestor_username = '******'
ppr.verify_code = 'bibble-new'
ppr.save()
helpers.clear_old_password_resets()
ppr = PendingPasswordReset('old')
assert not ppr.in_db
ppr = PendingPasswordReset('abc')
assert ppr.in_db
def test_clear_old_password_resets(self):
ppr = PendingPasswordReset('old')
ppr.requestor_username = '******'
ppr.verify_code = 'bibble-old'
ppr.save()
self._make_old('password_resets', 'old')
ppr = PendingPasswordReset('abc')
ppr.requestor_username = '******'
ppr.verify_code = 'bibble-new'
ppr.save()
helpers.clear_old_password_resets()
ppr = PendingPasswordReset('old')
assert not ppr.in_db
ppr = PendingPasswordReset('abc')
assert ppr.in_db
def setup_password_reset(for_user, verify_code):
ppr = PendingPasswordReset(for_user)
ppr.requestor_username = '******'
ppr.verify_code = verify_code
ppr.save()
def setup_password_reset(for_user, verify_code):
ppr = PendingPasswordReset(for_user)
ppr.requestor_username = '******'
ppr.verify_code = verify_code
ppr.save()
