def edit_account(user_id): form = EditAccountForm(request.form) if not session.get('logged_in'): return "You are not logged in" user = dbOps.get_user_by_ID(user_id) if not user: return "No user account associated with that user" if request.method == 'GET': return render_template("edit_account_page.html", user_id=user_id, form=form) if request.method == 'POST' and form.validate(): errors = [] new_email = form.email.data new_pword = form.password.data if (not new_email) and (not new_pword): errors += ['Please enter a new email or password'] errors += validate_password(new_pword) + validate_email(new_email) if dbOps.user_exists(new_email): flash("Account already exists for this email") return render_template("edit_account_page.html", user_id=user_id, form=form) if len(errors) is not 0: if errors[0] !='field is required': flash(errors[0]) return render_template("edit_account_page.html", user_id=user_id, form=form) if new_email: dbOps.send_verification_email(new_email, mail_manager) flash("you will receive a confirmation email with an activation URL, to prove that the new email address belongs to you") dbOps.edit_user_account(user_id, new_email, encrypt(new_pword)) return redirect(url_for('index')) dbOps.edit_user_account(user_id, new_email, encrypt(new_pword)) flash("Account successfully updated") return redirect(url_for('show_user_page', user_id=user_id)) else: flash("Please fix any errors") return render_template("edit_account_page.html", user_id=user_id, form=form)
def login(): if request.method == 'POST': email = request.form['email'] password = request.form['password'] if len(email) is 0 or len(password) is 0: flash("Please provide an email address and a password") return render_template("index.html") is_valid = dbOps.validate_login_credentials(email, encrypt(password)) user = dbOps.get_user_by_email(email) if is_valid: if dbOps.is_user_account_activated(email): session['logged_in'] = True session['user_id'] = user.user_id session.permanent = True app.permanent_session_lifetime = timedelta(minutes=20) return redirect(url_for('show_user_page', user_id=user.user_id)) else: flash( "Your account has not been activated yet. Please follow the URL in your email" ) return render_template("index.html") else: flash("invalid login credentials") return render_template("index.html")
def test_edit_invalid_password(self): user = self.create_test_account() self.login() rv = self.app.post('/edit_account/{0}'.format(user.user_id), data=dict(email="", password="******"), follow_redirects=True) self.assertEqual(str(user.password), encrypt("Somepass1234"))
def create_test_account_and_post(self): DB.insert_user("*****@*****.**", encrypt("Somepass1234")) DB.activate_user("*****@*****.**") user = DB.get_user_by_email("*****@*****.**") post = DB.insert_post('test_title', user.user_id, 'test_author', user.email) return dict(user=user, post=post)
def test_edit_invalid_password(self): user = self.create_test_account() self.login() rv = self.app.post('/edit_account/{0}'.format(user.user_id), data=dict( email="", password="******" ), follow_redirects=True) self.assertEqual(str(user.password), encrypt("Somepass1234"))
def edit_account(user_id): form = EditAccountForm(request.form) if not session.get('logged_in'): return "You are not logged in" user = dbOps.get_user_by_ID(user_id) if not user: return "No user account associated with that user" if request.method == 'GET': return render_template("edit_account_page.html", user_id=user_id, form=form) if request.method == 'POST' and form.validate(): errors = [] new_email = form.email.data new_pword = form.password.data if (not new_email) and (not new_pword): errors += ['Please enter a new email or password'] errors += validate_password(new_pword) + validate_email(new_email) if dbOps.user_exists(new_email): flash("Account already exists for this email") return render_template("edit_account_page.html", user_id=user_id, form=form) if len(errors) is not 0: if errors[0] != 'field is required': flash(errors[0]) return render_template("edit_account_page.html", user_id=user_id, form=form) if new_email: dbOps.send_verification_email(new_email, mail_manager) flash( "you will receive a confirmation email with an activation URL, to prove that the new email address belongs to you" ) dbOps.edit_user_account(user_id, new_email, encrypt(new_pword)) return redirect(url_for('index')) dbOps.edit_user_account(user_id, new_email, encrypt(new_pword)) flash("Account successfully updated") return redirect(url_for('show_user_page', user_id=user_id)) else: flash("Please fix any errors") return render_template("edit_account_page.html", user_id=user_id, form=form)
def reset_password(): if request.method == 'GET': token = request.args.get('token') return render_template('update_password.html', token=token) elif request.method == 'POST': token = request.form['token'] email = Token.confirm_token(token) new_password = request.form['password'] errors = [] errors.append(validate_password(new_password)) flattened_errors_list = [error for errorSublist in errors for error in errorSublist] if(len(flattened_errors_list) == 0): user = dbOps.get_user_by_email(email) dbOps.edit_user_account(user.user_id, None, encrypt(new_password)) flash("Successfully updated password", 'Success') return render_template('index.html') else: formatted_error = '. '.join(str(error) for error in flattened_errors_list) flash(formatted_error) return render_template('update_password.html', token=token)
def create_account(): errors = [] password = request.form['password'] email = request.form['email'] if request.method == 'POST': errors = validate_password(password) email_errors = validate_email(email) if len(email_errors) is not 0: errors.append(email_errors) if len(errors) is 0: if dbOps.user_exists(email): flash("Account already exists for this email") return render_template('signup.html', error=errors) else: dbOps.insert_user(email, encrypt(password)) dbOps.send_verification_email(email, mail_manager) return render_template('index.html') else: formatted_error = '. '.join(str(error) for error in errors) flash(formatted_error) return render_template('signup.html')
def reset_password(): if request.method == 'GET': token = request.args.get('token') return render_template('update_password.html', token=token) elif request.method == 'POST': token = request.form['token'] email = Token.confirm_token(token) new_password = request.form['password'] errors = [] errors.append(validate_password(new_password)) flattened_errors_list = [ error for errorSublist in errors for error in errorSublist ] if (len(flattened_errors_list) == 0): user = dbOps.get_user_by_email(email) dbOps.edit_user_account(user.user_id, None, encrypt(new_password)) flash("Successfully updated password", 'Success') return render_template('index.html') else: formatted_error = '. '.join( str(error) for error in flattened_errors_list) flash(formatted_error) return render_template('update_password.html', token=token)
def login(): if request.method == 'POST': email = request.form['email'] password = request.form['password'] if len(email) is 0 or len(password) is 0: flash("Please provide an email address and a password") return render_template("index.html") is_valid = dbOps.validate_login_credentials(email, encrypt(password)) user = dbOps.get_user_by_email(email) if is_valid: if dbOps.is_user_account_activated(email): session['logged_in'] = True session['user_id'] = user.user_id session.permanent = True app.permanent_session_lifetime = timedelta(minutes=20) return redirect(url_for('show_user_page', user_id=user.user_id)) else: flash("Your account has not been activated yet. Please follow the URL in your email") return render_template("index.html") else: flash("invalid login credentials") return render_template("index.html")
def create_test_account(self): DB.insert_user("*****@*****.**", encrypt("Somepass1234")) DB.activate_user("*****@*****.**") return DB.get_user_by_email("*****@*****.**")
def create_test_account(self): DB.insert_user("*****@*****.**", encrypt("Somepass1234")) DB.activate_user("*****@*****.**")
def create_test_account(self): DB.insert_user(test_email, encrypt(test_password)) DB.activate_user(test_email)