def test_password(p):
hashed = hash_password(p)
hashed2 = hash_password(p)
self.assertNotEqual(hashed, hashed2) # Should be salted
self.assertTrue(is_password_correct(p, hashed))
self.assertTrue(is_password_correct(p, hashed2))
self.assertFalse(is_password_correct(p + "a", hashed))
def test_password(p):
hashed = hash_password(p)
hashed2 = hash_password(p)
self.assertNotEqual(hashed, hashed2) # Should be salted
self.assertTrue(is_password_correct(p, hashed))
self.assertTrue(is_password_correct(p, hashed2))
self.assertFalse(is_password_correct(p + "a", hashed))
def create_user(db_sess, password, full_name, email, expires):
# Check if the user already exists.
try:
lookup_user_id(db_sess, email)
except NotFound:
pass
else:
_log.info("Email %s already exists", email)
raise AlreadyExists()
hashed_password = utils.hash_password(password)
user_id = uuid.uuid4()
expires_date = (datetime.datetime.now() + datetime.timedelta(days = expires)).strftime("%Y-%m-%d %H:%M:%S") if expires else None
user = {
"user_id": user_id,
"hashed_password": hashed_password,
"full_name": full_name,
"email": email,
"expires": expires_date
}
db_sess.execute("""
INSERT INTO users (user_id, password, full_name, email, expires)
VALUES (:user_id, :hashed_password, :full_name, :email, :expires)
""",
user)
return user
def set_recovered_password(db_sess, email, token, password):
"""Use a password recovery token to set a new password.
Checks the email address and token are correct, and sets the new
password. If the email address is unknown, throws ValueError. If
there is no token in the database, throws NotFound. If the token
is wrong, throws ValueError.
"""
expected_token = _get_valid_token(db_sess, email)
if token == expected_token:
_log.warn("Set password for %s", email)
hashed_password = utils.hash_password(password)
db_sess.execute("""
UPDATE users
SET password = :hashed_password,
recovery_token = NULL,
recovery_token_created = NULL
WHERE email = :email
""", {"email": email,
"hashed_password": hashed_password}),
else:
raise ValueError('Wrong token')
