def verify_email(username, code):
"""
Verifies to the system that an email address exists, and assigns it to a user.
Expected to be used only by users clicking links in email-verfication emails.
Not part of the documented API.
"""
change_request = PendingEmail(username)
if not change_request.in_db:
return "No such change request", 404
if change_request.age > timedelta(days = 2):
return "Request not valid", 410
if change_request.verify_code != code:
return "Invalid verification code", 403
log_action('changing email', user = username, new_email = change_request.new_email)
u = User(change_request.username)
u.set_email(change_request.new_email)
u.save()
return "Email address successfully changed", 200
def verify_email(username, code):
"""
Verifies to the system that an email address exists, and assigns it to a user.
Expected to be used only by users clicking links in email-verfication emails.
Not part of the documented API.
"""
change_request = PendingEmail(username)
if not change_request.in_db:
return "No such change request", 404, PLAINTEXT_HEADER
email_change_days = config.config.getint('nemesis', 'email_change_days')
max_age = timedelta(days=email_change_days)
if change_request.age > max_age:
return "Request not valid", 410, PLAINTEXT_HEADER
if change_request.verify_code != code:
return "Invalid verification code", 403, PLAINTEXT_HEADER
log_action('changing email',
user=username,
new_email=change_request.new_email)
u = User(change_request.username)
u.set_email(change_request.new_email)
u.save()
return "Email address successfully changed", 200, PLAINTEXT_HEADER
def test_post_sets_own_password_and_name():
old_password = "******"
new_password = '******'
old_first = "Blue"
old_last = "Shirt"
params = {
"username": "******",
"password": old_password,
"new_password": new_password,
"new_first_name": 'new_first',
"new_last_name": 'new_last',
}
r, data = test_helpers.server_post("/user/blueshirt", params)
assert r.status == 200
assert User("blueshirt")._user.bind(new_password)
u = User("blueshirt")
first = u.first_name
last = u.last_name
u.set_password(old_password)
u.set_first_name(old_first)
u.set_last_name(old_last)
u.save()
assert first == 'new_first'
assert last == 'new_last'
def verify_email(username, code):
"""
Verifies to the system that an email address exists, and assigns it to a user.
Expected to be used only by users clicking links in email-verfication emails.
Not part of the documented API.
"""
change_request = PendingEmail(username)
if not change_request.in_db:
return "No such change request", 404, PLAINTEXT_HEADER
email_change_days = config.config.getint('nemesis', 'email_change_days')
max_age = timedelta(days = email_change_days)
if change_request.age > max_age:
return "Request not valid", 410, PLAINTEXT_HEADER
if change_request.verify_code != code:
return "Invalid verification code", 403, PLAINTEXT_HEADER
log_action('changing email', user = username, new_email = change_request.new_email)
u = User(change_request.username)
u.set_email(change_request.new_email)
u.save()
return "Email address successfully changed", 200, PLAINTEXT_HEADER
def verify_email(username, code):
"""
Verifies to the system that an email address exists, and assigns it to a user.
Expected to be used only by users clicking links in email-verfication emails.
Not part of the documented API.
"""
change_request = PendingEmail(username)
if not change_request.in_db:
return "No such change request", 404
if change_request.age > timedelta(days=2):
return "Request not valid", 410
if change_request.verify_code != code:
return "Invalid verification code", 403
log_action('changing email',
user=username,
new_email=change_request.new_email)
u = User(change_request.username)
u.set_email(change_request.new_email)
u.save()
return "Email address successfully changed", 200
def test_post_sets_own_password_and_name():
old_password = "******"
new_password = '******'
old_first = "Blue"
old_last = "Shirt"
params = {"username":"******",
"password":old_password,
"new_password":new_password,
"new_first_name":'new_first',
"new_last_name":'new_last',
}
r,data = test_helpers.server_post("/user/blueshirt", params)
assert r.status == 200
assert User("blueshirt")._user.bind(new_password)
u = User("blueshirt")
first = u.first_name
last = u.last_name
u.set_password(old_password)
u.set_first_name(old_first)
u.set_last_name(old_last)
u.save()
assert first == 'new_first'
assert last == 'new_last'
def test_student_post_doesnt_set_first_last_name():
old_first = "student1i"
old_last = "student"
params = {
"username": "******",
"password": "******",
"new_first_name": "asdf",
"new_last_name": "cheese",
}
r, data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200
details_dict = User("student_coll1_1").details_dictionary_for(
User.create_user("student_coll1_1", "cows"))
# restore original data
u = User("student_coll1_1")
u.set_first_name(old_first)
u.set_last_name(old_last)
u.save()
assert details_dict["first_name"] == old_first
assert details_dict["last_name"] == old_last
def activate_account(username, code):
"""
Verifies to the system that an email address exists, and that the related
account should be made into a full account.
Expected to be used only by users clicking links in account-activation emails.
Not part of the documented API.
"""
pu = PendingUser(username)
if not pu.in_db:
return "No such user account", 404
if pu.age > timedelta(days=2):
return "Request not valid", 410
if pu.verify_code != code:
return "Invalid verification code", 403
log_action('activating user', pu)
from libnemesis import srusers
new_pass = srusers.users.GenPasswd()
u = User(username)
u.set_email(pu.email)
u.set_team(pu.team)
u.set_college(pu.college)
u.set_password(new_pass)
u.make_student()
u.save()
# let the team-leader know
rq_user = User.create_user(pu.teacher_username)
email_vars = {
'name': rq_user.first_name,
'au_username': username,
'au_first_name': u.first_name,
'au_last_name': u.last_name
}
mailer.email_template(rq_user.email, 'user_activated_team_leader',
email_vars)
pu.delete()
html = open(PATH + "/templates/activate.html").read()
replacements = {
'first_name': u.first_name,
'last_name': u.last_name,
'password': new_pass,
'email': u.email,
'username': username,
'root': url_for('.index')
}
html = html.format(**replacements)
return html, 200
def activate_account(username, code):
"""
Verifies to the system that an email address exists, and that the related
account should be made into a full account.
Expected to be used only by users clicking links in account-activation emails.
Not part of the documented API.
"""
pu = PendingUser(username)
if not pu.in_db:
return "No such user account", 404
if pu.age > timedelta(days = 2):
return "Request not valid", 410
if pu.verify_code != code:
return "Invalid verification code", 403
log_action('activating user', pu)
from libnemesis import srusers
new_pass = srusers.users.GenPasswd()
u = User(username)
u.set_email(pu.email)
u.set_team(pu.team)
u.set_college(pu.college)
u.set_password(new_pass)
u.make_student()
u.save()
# let the team-leader know
rq_user = User.create_user(pu.teacher_username)
email_vars = { 'name': rq_user.first_name,
'au_username': username,
'au_first_name': u.first_name,
'au_last_name': u.last_name
}
mailer.email_template(rq_user.email, 'user_activated_team_leader', email_vars)
pu.delete()
html = open(PATH + "/templates/activate.html").read()
replacements = { 'first_name': u.first_name
, 'last_name': u.last_name
, 'password': new_pass
, 'email': u.email
, 'username': username
, 'root': url_for('.index')
}
html = html.format(**replacements)
return html, 200
def test_post_sets_others_password():
old_password = "******"
params = {"username":"******",
"password":"******",
"new_password":"******",
}
r,data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200
assert User("student_coll1_1")._user.bind("com")
u = User("student_coll1_1")
u.set_password(old_password)
u.save()
def test_team_leader_can_become_student():
# We need to test against another teacher, because team leaders demoting themselves is not allowed
u = User("student_coll1_1")
u.make_teacher()
u.save()
params = {"username": "******",
"password": "******",
"new_type": "student",
}
r,data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200
assert not User("student_coll1_1").is_teacher
def test_post_sets_others_password():
old_password = "******"
params = {
"username": "******",
"password": "******",
"new_password": "******",
}
r, data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200
assert User("student_coll1_1")._user.bind("com")
u = User("student_coll1_1")
u.set_password(old_password)
u.save()
def test_team_leader_can_become_student():
# We need to test against another teacher, because team leaders demoting themselves is not allowed
u = User("student_coll1_1")
u.make_teacher()
u.save()
params = {
"username": "******",
"password": "******",
"new_type": "student",
}
r, data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200
assert not User("student_coll1_1").is_teacher
def test_post_sets_own_password():
old_password = "******"
new_password = '******'
params = {"username":"******",
"password":old_password,
"new_password":new_password,
}
r,data = test_helpers.server_post("/user/blueshirt", params)
assert r.status == 200
assert User("blueshirt")._user.bind(new_password)
u = User("blueshirt")
u.set_password(old_password)
u.save()
def test_post_sets_own_password():
old_password = "******"
new_password = '******'
params = {
"username": "******",
"password": old_password,
"new_password": new_password,
}
r, data = test_helpers.server_post("/user/blueshirt", params)
assert r.status == 200
assert User("blueshirt")._user.bind(new_password)
u = User("blueshirt")
u.set_password(old_password)
u.save()
def test_team_leader_can_set_team_leader():
params = {"username": "******",
"password": "******",
"new_type": "team-leader",
}
r,data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200
u = User("student_coll1_1")
is_teacher = u.is_teacher
# Clean up
u.make_student()
u.save()
# now assert (ensures the clean-up occurs)
assert is_teacher
def test_post_teacher_sets_team():
old_team = "team-ABC"
new_team = "team-DFE"
params = {"username":"******",
"password":"******",
"new_team":new_team,
}
r,data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200
u = User("student_coll1_1")
teams = [t.name for t in u.teams]
assert [new_team] == teams
u.set_team(old_team)
u.save()
def test_verify_success():
username = "******"
old_email = User(username).email
new_email = "*****@*****.**"
setup_new_email('student_coll1_1', new_email, 'bees')
r,data = test_helpers.server_get("/verify/" + username + "/bees")
status = r.status
assert status == 200, data
u = User(username)
email = u.email
# restore the original first
u.set_email(old_email)
u.save()
assert email == new_email
def test_verify_success():
username = "******"
old_email = User(username).email
new_email = "*****@*****.**"
setup_new_email('student_coll1_1', new_email, 'bees')
r, data = test_helpers.server_get("/verify/" + username + "/bees")
status = r.status
assert status == 200, data
u = User(username)
email = u.email
# restore the original first
u.set_email(old_email)
u.save()
assert email == new_email
def test_post_teacher_sets_team():
old_team = "team-ABC"
new_team = "team-DFE"
params = {
"username": "******",
"password": "******",
"new_team": new_team,
}
r, data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200
u = User("student_coll1_1")
teams = [t.name for t in u.teams]
assert [new_team] == teams
u.set_team(old_team)
u.save()
def test_team_leader_can_set_team_leader():
params = {
"username": "******",
"password": "******",
"new_type": "team-leader",
}
r, data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200
u = User("student_coll1_1")
is_teacher = u.is_teacher
# Clean up
u.make_student()
u.save()
# now assert (ensures the clean-up occurs)
assert is_teacher
def test_post_sets_first_last_name():
old_first = "student1i"
old_last = "student"
params = {"username":"******",
"password":"******",
"new_first_name":"asdf",
"new_last_name":"cheese",
}
r,data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200
details_dict = User("student_coll1_1").details_dictionary_for(User.create_user("student_coll1_1", "cows"))
assert details_dict["first_name"] == "asdf"
assert details_dict["last_name"] == "cheese"
u = User("student_coll1_1")
u.set_first_name(old_first)
u.set_last_name(old_last)
u.save()
