def test_page_success(self):
from dbas.views import main_settings as d
db_user = DBDiscussionSession.query(User).filter_by(
nickname='Tobias').first()
db_user.password = get_hashed_password('tobias')
transaction.commit()
request = testing.DummyRequest(
params={
'form.passwordchange.submitted': '',
'passwordold': 'tobias',
'password': '******',
'passwordconfirm': 'tobiass'
})
response = d(request)
verify_dictionary_of_view(response)
# check settings
self.assertTrue(len(response['settings']['passwordold']) == 0)
self.assertTrue(len(response['settings']['password']) == 0)
self.assertTrue(len(response['settings']['passwordconfirm']) == 0)
db_user = DBDiscussionSession.query(User).filter_by(
nickname='Tobias').first()
db_user.password = get_hashed_password('tobias')
transaction.commit()
def test_user_password_request(self):
db_user = DBDiscussionSession.query(User).filter_by(nickname='Tobias').first()
request = construct_dummy_request(json_body={'email': '*****@*****.**'})
response = user_password_request(request)
self.assertIsNotNone(response)
self.assertNotEqual(db_user.password, get_hashed_password('tobias'))
db_user.password = get_hashed_password('tobias')
transaction.commit()
def test_user_password_request(self):
db_user = DBDiscussionSession.query(User).filter_by(
nickname='Tobias').first()
request = testing.DummyRequest(
json_body={'email': '*****@*****.**'},
mailer=DummyMailer)
response = user_password_request(request)
self.assertIsNotNone(response)
self.assertTrue(db_user.password != get_hashed_password('tobias'))
db_user.password = get_hashed_password('tobias')
transaction.commit()
def change_password(user, old_pw, new_pw, confirm_pw, lang):
"""
Change password of given user
:param user: current database user
:param old_pw: old received password
:param new_pw: new received password
:param confirm_pw: confirmation of the password
:param lang: current language
:return: an message and boolean for error and success
"""
logger('User', 'def')
_t = Translator(lang)
success = False
# is the old password given?
if not old_pw:
logger('User', 'old pwd is empty')
message = _t.get(_.oldPwdEmpty) # 'The old password field is empty.'
# is the new password given?
elif not new_pw:
logger('User', 'new pwd is empty')
message = _t.get(_.newPwdEmtpy) # 'The new password field is empty.'
# is the confirmation password given?
elif not confirm_pw:
logger('User', 'confirm pwd is empty')
message = _t.get(_.confPwdEmpty) # 'The password confirmation field is empty.'
# is new password equals the confirmation?
elif not new_pw == confirm_pw:
logger('User', 'new pwds not equal')
message = _t.get(_.newPwdNotEqual) # 'The new passwords are not equal'
# is new old password equals the new one?
elif old_pw == new_pw:
logger('User', 'pwds are the same')
message = _t.get(_.pwdsSame) # 'The new and old password are the same'
else:
# is the old password valid?
if not user.validate_password(old_pw):
logger('User', 'old password is wrong')
message = _t.get(_.oldPwdWrong) # 'Your old password is wrong.'
else:
hashed_pw = password_handler.get_hashed_password(new_pw)
# set the hashed one
user.password = hashed_pw
DBDiscussionSession.add(user)
transaction.commit()
logger('User', 'password was changed')
message = _t.get(_.pwdChanged) # 'Your password was changed'
success = True
return message, success
def __create_new_user(user,
ui_locales,
oauth_provider='',
oauth_provider_id=''):
"""
Insert a new user row
:param user: dict with every information for a user needed
:param ui_locales: Language.ui_locales
:param oauth_provider: String
:param oauth_provider_id: String
:return: String, String, User
"""
success = ''
info = ''
_t = Translator(ui_locales)
# creating a new user with hashed password
LOG.debug("Adding user %s", user['nickname'])
hashed_password = password_handler.get_hashed_password(user['password'])
newuser = User(firstname=user['firstname'],
surname=user['lastname'],
email=user['email'],
nickname=user['nickname'],
password=hashed_password,
gender=user['gender'],
group_uid=user['db_group_uid'],
oauth_provider=oauth_provider,
oauth_provider_id=oauth_provider_id)
DBDiscussionSession.add(newuser)
transaction.commit()
db_user = DBDiscussionSession.query(User).filter_by(
nickname=user['nickname']).first()
settings = Settings(author_uid=db_user.uid,
send_mails=False,
send_notifications=True,
should_show_public_nickname=True)
DBDiscussionSession.add(settings)
transaction.commit()
# sanity check, whether the user exists
db_user = DBDiscussionSession.query(User).filter_by(
nickname=user['nickname']).first()
if db_user:
LOG.debug("New data was added with uid %s", db_user.uid)
success = _t.get(_.accountWasAdded).format(user['nickname'])
else:
LOG.debug("New data was not added")
info = _t.get(_.accoutErrorTryLateOrContant)
return success, info, db_user
def test_user_login(self):
db_user = DBDiscussionSession.query(User).filter_by(nickname='Tobias').first()
db_user.password = get_hashed_password('tobias')
transaction.commit()
from dbas.views import user_login as ajax
request = construct_dummy_request(json_body={
'user': '******',
'password': '******',
'keep_login': False,
'url': ''
})
response = ajax(request)
self.assertIsInstance(response, HTTPFound)
def test_user_login(self):
db_user = DBDiscussionSession.query(User).filter_by(
nickname='Tobias').first()
db_user.password = get_hashed_password('tobias')
transaction.commit()
from dbas.views import user_login as ajax
request = testing.DummyRequest(json_body={
'user': '******',
'password': '******',
'keep_login': False,
'url': ''
},
mailer=DummyMailer)
response = ajax(request)
self.assertTrue(type(response) is HTTPFound)
def __create_new_user(user_info: Dict[str, Any],
ui_locales: str,
oauth_provider: str = '',
oauth_provider_id: str = '') -> Tuple[str, str, User]:
"""
Create a new user.
:param user_info: A dictionary containing information about the desired user.
:param ui_locales: Language which shall be used for messaging.
:param oauth_provider: If applicable: Which oauth-provider is referring the user.
:param oauth_provider_id: If applicable: The ID of the oauth-provider.
:return: Returns a tuple containing a success message, a information message and the freshly created user.
"""
success = ''
info = ''
_t = Translator(ui_locales)
# creating a new user_info with hashed password
LOG.debug("Adding user_info for %s", user_info['nickname'])
hashed_password = password_handler.get_hashed_password(
user_info['password'])
new_user = User(firstname=user_info['firstname'],
surname=user_info['lastname'],
email=user_info['email'],
nickname=user_info['nickname'],
password=hashed_password,
gender=user_info['gender'],
group_uid=user_info['db_group_uid'],
oauth_provider=oauth_provider,
oauth_provider_id=oauth_provider_id)
DBDiscussionSession.add(new_user)
DBDiscussionSession.flush()
settings = Settings(author_uid=new_user.uid,
send_mails=False,
send_notifications=True,
should_show_public_nickname=True)
DBDiscussionSession.add(settings)
if new_user:
LOG.debug("New data was added with uid %s", new_user.uid)
success = _t.get(Keywords.accountWasAdded).format(
user_info['nickname'])
else:
LOG.debug("New data was not added")
info = _t.get(Keywords.accoutErrorTryLateOrContant)
return success, info, new_user
def __check_in_local_known_user(db_user: User, password: str, _tn) -> dict:
"""
Tries to check in a local known user.
:param db_user: current instance of User
:param password: password of the user
:param _tn: instance of current translator
:return: dict()
"""
logger('Auth.Login', 'user: {}'.format(db_user.nickname))
if db_user.validate_password(password):
return {'user': db_user}
if not (db_user.validate_password('NO_PW_BECAUSE_LDAP')
or db_user.password is get_hashed_password('NO_PW_BECAUSE_LDAP')):
logger('Auth.Login', 'invalid password for the local user')
return {'error': _tn.get(_.userPasswordNotMatch)}
data = verify_ldap_user_data(db_user.nickname, password, _tn)
if data['error']:
return {'error': data['error']}
return {'user': db_user}