def edit_account(user_id):
form = EditAccountForm(request.form)
if not session.get('logged_in'):
return "You are not logged in"
user = dbOps.get_user_by_ID(user_id)
if not user:
return "No user account associated with that user"
if request.method == 'GET':
return render_template("edit_account_page.html", user_id=user_id, form=form)
if request.method == 'POST' and form.validate():
errors = []
new_email = form.email.data
new_pword = form.password.data
if (not new_email) and (not new_pword):
errors += ['Please enter a new email or password']
errors += validate_password(new_pword) + validate_email(new_email)
if dbOps.user_exists(new_email):
flash("Account already exists for this email")
return render_template("edit_account_page.html", user_id=user_id, form=form)
if len(errors) is not 0:
if errors[0] !='field is required':
flash(errors[0])
return render_template("edit_account_page.html", user_id=user_id, form=form)
if new_email:
dbOps.send_verification_email(new_email, mail_manager)
flash("you will receive a confirmation email with an activation URL, to prove that the new email address belongs to you")
dbOps.edit_user_account(user_id, new_email, encrypt(new_pword))
return redirect(url_for('index'))
dbOps.edit_user_account(user_id, new_email, encrypt(new_pword))
flash("Account successfully updated")
return redirect(url_for('show_user_page', user_id=user_id))
else:
flash("Please fix any errors")
return render_template("edit_account_page.html", user_id=user_id, form=form)
def edit_account(user_id):
form = EditAccountForm(request.form)
if not session.get('logged_in'):
return "You are not logged in"
user = dbOps.get_user_by_ID(user_id)
if not user:
return "No user account associated with that user"
if request.method == 'GET':
return render_template("edit_account_page.html",
user_id=user_id,
form=form)
if request.method == 'POST' and form.validate():
errors = []
new_email = form.email.data
new_pword = form.password.data
if (not new_email) and (not new_pword):
errors += ['Please enter a new email or password']
errors += validate_password(new_pword) + validate_email(new_email)
if dbOps.user_exists(new_email):
flash("Account already exists for this email")
return render_template("edit_account_page.html",
user_id=user_id,
form=form)
if len(errors) is not 0:
if errors[0] != 'field is required':
flash(errors[0])
return render_template("edit_account_page.html",
user_id=user_id,
form=form)
if new_email:
dbOps.send_verification_email(new_email, mail_manager)
flash(
"you will receive a confirmation email with an activation URL, to prove that the new email address belongs to you"
)
dbOps.edit_user_account(user_id, new_email, encrypt(new_pword))
return redirect(url_for('index'))
dbOps.edit_user_account(user_id, new_email, encrypt(new_pword))
flash("Account successfully updated")
return redirect(url_for('show_user_page', user_id=user_id))
else:
flash("Please fix any errors")
return render_template("edit_account_page.html",
user_id=user_id,
form=form)
def reset_password():
if request.method == 'GET':
token = request.args.get('token')
return render_template('update_password.html', token=token)
elif request.method == 'POST':
token = request.form['token']
email = Token.confirm_token(token)
new_password = request.form['password']
errors = []
errors.append(validate_password(new_password))
flattened_errors_list = [error for errorSublist in errors for error in errorSublist]
if(len(flattened_errors_list) == 0):
user = dbOps.get_user_by_email(email)
dbOps.edit_user_account(user.user_id, None, encrypt(new_password))
flash("Successfully updated password", 'Success')
return render_template('index.html')
else:
formatted_error = '. '.join(str(error) for error in flattened_errors_list)
flash(formatted_error)
return render_template('update_password.html', token=token)
def create_account():
errors = []
password = request.form['password']
email = request.form['email']
if request.method == 'POST':
errors = validate_password(password)
email_errors = validate_email(email)
if len(email_errors) is not 0:
errors.append(email_errors)
if len(errors) is 0:
if dbOps.user_exists(email):
flash("Account already exists for this email")
return render_template('signup.html', error=errors)
else:
dbOps.insert_user(email, encrypt(password))
dbOps.send_verification_email(email, mail_manager)
return render_template('index.html')
else:
formatted_error = '. '.join(str(error) for error in errors)
flash(formatted_error)
return render_template('signup.html')
def create_account():
errors = []
password = request.form['password']
email = request.form['email']
if request.method == 'POST':
errors = validate_password(password)
email_errors = validate_email(email)
if len(email_errors) is not 0:
errors.append(email_errors)
if len(errors) is 0:
if dbOps.user_exists(email):
flash("Account already exists for this email")
return render_template('signup.html', error=errors)
else:
dbOps.insert_user(email, encrypt(password))
dbOps.send_verification_email(email, mail_manager)
return render_template('index.html')
else:
formatted_error = '. '.join(str(error) for error in errors)
flash(formatted_error)
return render_template('signup.html')
def reset_password():
if request.method == 'GET':
token = request.args.get('token')
return render_template('update_password.html', token=token)
elif request.method == 'POST':
token = request.form['token']
email = Token.confirm_token(token)
new_password = request.form['password']
errors = []
errors.append(validate_password(new_password))
flattened_errors_list = [
error for errorSublist in errors for error in errorSublist
]
if (len(flattened_errors_list) == 0):
user = dbOps.get_user_by_email(email)
dbOps.edit_user_account(user.user_id, None, encrypt(new_password))
flash("Successfully updated password", 'Success')
return render_template('index.html')
else:
formatted_error = '. '.join(
str(error) for error in flattened_errors_list)
flash(formatted_error)
return render_template('update_password.html', token=token)
def test_lowercase(self):
self.assertEqual(validate_password("ABCDEFG123"), ['Lowercase character required'])
self.assertEqual(validate_password("abcdefG123"), [])
def test_general(self):
self.assertEquals(validate_password("passwor"), ['Uppercase character required', 'Number required', 'Password must be at least 8 alphanumeric characters long'])
self.assertEquals(validate_password(123), ['string characters only'])
def test_symbols(self):
self.assertEquals(validate_password("abc^ABC123"), ['alphanumeric characters only'])
self.assertEquals(validate_password("abc~:ABC123"), ['alphanumeric characters only'])
def test_null(self):
self.assertEquals(validate_password(""), ['field is required'])
self.assertEquals(validate_password(None), ['field is required'])
def test_max_length(self):
self.assertEqual(validate_password("abcdefghijklmnopqrstuvwxyzABCDEFG123456789"), ['Password must be at most 30 alphanumeric characters long'])
self.assertEqual(validate_password("abcdefghijklmnopqrstuvwxyzABC1"), [])
def test_min_length(self):
self.assertEqual(validate_password("ABC1fgh"), ['Password must be at least 8 alphanumeric characters long'])
self.assertEqual(validate_password("ABCDg234"), [])
def test_number(self):
self.assertEqual(validate_password("abcdefgHIJ"), ['Number required'])
self.assertEqual(validate_password("ABCDEFg123"), [])
def test_uppercase(self):
self.assertEqual(validate_password("abcdefg123"), ['Uppercase character required'])
self.assertEqual(validate_password("ABCDEFg123"), [])