def test_change_password(logger, mongodb):
"""The the single call to change a users password.
"""
username = '******'
plain_pw = '1234567890'
confirm_plain_pw = '1234567890'
new_plain_pw = '0987654321'
assert user.count() == 0
assert user.find(username=username) == []
with pytest.raises(user.UserNotFoundError):
# The user isn't present to recover
user.change_password(
username,
plain_pw,
confirm_plain_pw,
new_plain_pw
)
# Add the user:
user_dict = dict(
username=username,
password=plain_pw,
display_name='Bob Sprocket',
email='*****@*****.**',
)
item1 = user.add(**user_dict)
is_valid = pwtools.validate_password(plain_pw, item1['password_hash'])
assert is_valid is True
# Now change the password
user.change_password(
username,
plain_pw,
confirm_plain_pw,
new_plain_pw
)
item2 = user.get(username)
# old password is not valid:
is_valid = pwtools.validate_password(plain_pw, item2['password_hash'])
assert is_valid is False
is_valid = pwtools.validate_password(
new_plain_pw, item2['password_hash']
)
assert is_valid is True
def authenticate(self, environ, identity):
"""
Check the given auth details and if its ok return the
userid for the given details.
See: (IAuthenticatorPlugin)
http://docs.repoze.org/who/narr.html#writing-an-authenticator-plugin
:returns: None indicated auth failure.
"""
get_log().info("authenticate: %r" % identity)
returned = None
login = identity['login']
password = identity['password']
# Recover the password and check the given one against it:
user = self.userDetails.get(login)
get_log().info("authenticate: found user: %r" % user)
if user:
#print "user '%s' hpw '%s'" % (user,user['password'])
if pwtools.validate_password(password, user['password']):
returned = user['username']
get_log().info("authenticate: validated user: %r" % returned)
else:
get_log().info("authenticate: failed")
else:
get_log().info("authenticate: no mathcing user")
return returned
def validate_password(self, plain_text):
"""Called to validate the given password.
:param password: This is plain text of the user.
The password will be hashed and the result compared against
the stored password_hash.
This is a convenience wrapper around pwtools.validate_password.
:returns: True for password is valid.
"""
return pwtools.validate_password(plain_text, self.password_hash)
def user_auth(request):
"""Handle password verification.
The username is given along with the POSTed password_hash.
No plain text password is sent. The hashed version is given and needs to
verfied.
:returns: True, password hash is ok otherwise False.
"""
log = get_log("user_auth")
username = request.matchdict['username'].strip().lower()
log.debug(
"attempting to verify user <{!r}> authentication".format(username)
)
user_data = request.json_body
log.debug("raw_auth data: {!r}".format(user_data))
# obuscate the password so its not immediately obvious:
# Need to convert to SSL or some other form of secure
# transport.
pw = user_data['password'].decode("base64")
found_user = user.get(username)
# log.error("\n\nSHOULD NOT BE SHOWN: user<%s> password <%s>\n\n" % (
# found_user, pw
# ))
result = pwtools.validate_password(
pw, found_user['password_hash']
)
log.debug("user <{!r}> password validated? {}".format(
found_user['username'], result
))
return result
def test_unicode_fields(logger, mongodb):
"""Test the entry of unicode username, email, display name.
"""
username = u'andrés.bolívar'
assert user.count() == 0
assert user.find(username=username) == []
plain_pw = u'í12345í67890é'
user_dict = dict(
username=username,
password=plain_pw,
display_name=u'Andrés Plácido Bolívar',
email=u'andrés.bolí[email protected]',
phone=u''
)
item1 = user.add(**user_dict)
# Check the password is converted into a hashed password correctly:
is_validate = pwtools.validate_password(
plain_pw, item1['password_hash']
)
assert is_validate is True
# Try recoving by username, display_name, etc
#
for field in user_dict:
if field == "password":
# skip, no such thing as find via password.
continue
items = user.find(**{field: user_dict[field]})
assert items == [item1]
item1 = items[0]
assert item1['username'] == user_dict['username']
assert item1['display_name'] == user_dict['display_name']
assert item1['email'] == user_dict['email']
assert item1['phone'] == user_dict['phone']
def testBasicCRUD(self):
"""Test the basic add and get method
"""
username = '******'
self.assertEquals(user.count(), 0)
self.assertEquals(user.find(username=username), [])
# Test I cannot add a user if I don't provide either a
# password or a password_hash
#
user_dict = dict(
username=username,
# Not provied password or password hash
#password='******',
)
self.assertRaises(ValueError, user.add, **user_dict)
plain_pw = '1234567890'
user_dict = dict(
username=username,
password=plain_pw,
display_name='Bob Sprocket',
email='*****@*****.**',
phone='9876543210'
)
item1 = user.add(**user_dict)
self.assertEquals(
str(item1), "'UserTable <%s>: %s'" % (item1.id, item1.username)
)
# Check the password is converted into a hashed password correctly:
is_validate = pwtools.validate_password(plain_pw, item1.password_hash)
self.assertTrue(is_validate)
# Check the convenience method on the user instance:
is_validate = item1.validate_password(plain_pw)
self.assertTrue(is_validate)
# Make sure I cannot add the same username again:
self.assertRaises(user.UserPresentError, user.add, **user_dict)
self.assertEquals(user.find(username=username), [item1])
self.assertEquals(user.has(username), True)
self.assertEquals(user.count(), 1)
item2 = user.get(username)
self.assertEquals(item2.username, user_dict['username'])
self.assertEquals(item2.display_name, user_dict['display_name'])
self.assertEquals(item2.email, user_dict['email'])
self.assertEquals(item2.phone, user_dict['phone'])
u = item2.to_dict()
self.assertEquals(u['username'], user_dict['username'])
self.assertEquals(u['display_name'], user_dict['display_name'])
self.assertEquals(u['email'], user_dict['email'])
self.assertEquals(u['phone'], user_dict['phone'])
user.remove(item2.id) # remove just by id
self.assertEquals(user.count(), 0)
self.assertEquals(user.has(item2.id), False)
self.assertRaises(utils.DBRemoveError, user.remove, item2.id)
def testBasicCRUD(self):
"""Test the basic add and get method
"""
username = '******'
self.assertEquals(user.count(), 0)
self.assertEquals(user.find(username=username), [])
# Test I cannot add a user if I don't provide either a
# password or a password_hash
#
user_dict = dict(
username=username,
# Not provied password or password hash
#password='******',
)
self.assertRaises(ValueError, user.add, **user_dict)
plain_pw = '1234567890'
user_dict = dict(username=username,
password=plain_pw,
display_name='Bob Sprocket',
email='*****@*****.**',
phone='9876543210')
item1 = user.add(**user_dict)
self.assertEquals(str(item1),
"'UserTable <%s>: %s'" % (item1.id, item1.username))
# Check the password is converted into a hashed password correctly:
is_validate = pwtools.validate_password(plain_pw, item1.password_hash)
self.assertTrue(is_validate)
# Check the convenience method on the user instance:
is_validate = item1.validate_password(plain_pw)
self.assertTrue(is_validate)
# Make sure I cannot add the same username again:
self.assertRaises(user.UserPresentError, user.add, **user_dict)
self.assertEquals(user.find(username=username), [item1])
self.assertEquals(user.has(username), True)
self.assertEquals(user.count(), 1)
item2 = user.get(username)
self.assertEquals(item2.username, user_dict['username'])
self.assertEquals(item2.display_name, user_dict['display_name'])
self.assertEquals(item2.email, user_dict['email'])
self.assertEquals(item2.phone, user_dict['phone'])
u = item2.to_dict()
self.assertEquals(u['username'], user_dict['username'])
self.assertEquals(u['display_name'], user_dict['display_name'])
self.assertEquals(u['email'], user_dict['email'])
self.assertEquals(u['phone'], user_dict['phone'])
user.remove(item2.id) # remove just by id
self.assertEquals(user.count(), 0)
self.assertEquals(user.has(item2.id), False)
self.assertRaises(utils.DBRemoveError, user.remove, item2.id)
def testBasicCRUD(logger, mongodb):
"""Test the basic add and get method
"""
username = '******'
assert user.count() == 0
assert user.find(username=username) == []
# Test I cannot add a user if I don't provide either a
# password or a password_hash
#
user_dict = dict(
username=username,
# Not provied password or password hash
#password='******',
)
with pytest.raises(user.UserAddError):
user.add(**user_dict)
plain_pw = '1234567890'
user_dict = dict(
username=username,
password=plain_pw,
display_name='Bob Sprocket',
email='*****@*****.**',
phone='9876543210'
)
item1 = user.add(**user_dict)
# The password is hashed and then stored as password_hash. The password
# it removed and never stored.
assert "password" not in item1
# Check the password is converted into a hashed password correctly:
is_validate = pwtools.validate_password(
plain_pw, item1['password_hash']
)
assert is_validate is True
# Make sure I cannot add the same username again:
with pytest.raises(user.UserPresentError):
user.add(**user_dict)
assert user.find(username=username) == [item1]
assert user.has(username) is True
assert user.count() == 1
item2 = user.get(username)
assert item2["username"] == user_dict['username']
assert item2['display_name'] == user_dict['display_name']
assert item2['email'] == user_dict['email']
assert item2['phone'] == user_dict['phone']
user.remove(item2['username'])
assert user.count() == 0
assert user.has(item2['username']) is False
with pytest.raises(user.UserRemoveError):
user.remove(item2['username'])
def testExtraField(logger, mongodb):
"""Test the arbitrary dic that can be used to store useful fields
per user.
"""
username = '******'
plain_pw = '1234567890'
assert user.count() == 0
assert user.find(username=username) == []
user_dict = dict(
username=username,
password=plain_pw,
display_name='Bob Sprocket',
email='*****@*****.**',
phone='9876543210'
)
item1 = user.add(**user_dict)
# Make sure I cannot add the same username again:
with pytest.raises(user.UserPresentError):
user.add(**user_dict)
assert user.find(username=username) == [item1]
assert user.has(username) is True
assert user.count() == 1
item2 = user.get(username)
assert item2['username'] == user_dict['username']
assert item2['display_name'] == user_dict['display_name']
is_validate = pwtools.validate_password(
plain_pw, item1['password_hash']
)
assert is_validate is True
is_validate = pwtools.validate_password(
"not the right one", item1['password_hash']
)
assert is_validate is False
assert item2['email'] == user_dict['email']
assert item2['phone'] == user_dict['phone']
# Now update all the user fields that can be changed
# and add some extra data to the arbitrary fields:
#
oauth_tokens = dict(
# Some pretend googleservice oauth data:
googleauth=dict(
request_token="1234567890",
)
)
user_dict = dict(
username=username,
# change the password. new_password will be hashed and
# its has stored as password_hash:
new_password="******",
display_name='Bobby',
email='*****@*****.**',
phone='12121212',
oauth_tokens=oauth_tokens,
cats='big',
teatime=1,
)
user.update(**user_dict)
item2 = user.get(username)
assert item2['username'] == user_dict['username']
assert item2['display_name'] == user_dict['display_name']
is_validate = pwtools.validate_password(
"ifidexmemwb", item2['password_hash']
)
assert is_validate is True
is_validate = pwtools.validate_password(
plain_pw, item2['password_hash']
)
assert is_validate is False
is_validate = pwtools.validate_password(
"not the right one", item1['password_hash']
)
assert is_validate is False
assert item2['email'] == user_dict['email']
assert item2['phone'] == user_dict['phone']
assert item2['oauth_tokens'] == oauth_tokens
assert item2['cats'] == 'big'
assert item2['teatime'] == 1
def test_hash_then_unhash():
plain_password = "******"
hashed_pw = pwtools.hash_password(plain_password)
assert pwtools.validate_password(plain_password, hashed_pw)
def test_hash_then_unhash_fail_unicode_other():
plain_password = u"manÃna123"
hashed_pw = pwtools.hash_password(plain_password)
assert not pwtools.validate_password("not the password", hashed_pw)
def test_hash_then_unhash_fail_unicode():
plain_password = u"manÃna123"
hashed_pw = pwtools.hash_password(plain_password)
assert not pwtools.validate_password(u"Àôøôò°", hashed_pw)
def test_hash_then_unhash_unicode():
plain_password = u"manÃna123"
hashed_pw = pwtools.hash_password(plain_password)
assert pwtools.validate_password(plain_password, hashed_pw)
def test_hash_then_unhash_leading_and_trailing_space():
plain_password = "******"
hashed_pw = pwtools.hash_password(plain_password)
assert pwtools.validate_password(plain_password, hashed_pw)