示例#1
0
文件: app.py 项目: samphippen/nemesis
def verify_email(username, code):
    """
    Verifies to the system that an email address exists, and assigns it to a user.
    Expected to be used only by users clicking links in email-verfication emails.
    Not part of the documented API.
    """

    change_request = PendingEmail(username)

    if not change_request.in_db:
        return "No such change request", 404

    if change_request.age > timedelta(days = 2):
        return "Request not valid", 410

    if change_request.verify_code != code:
        return "Invalid verification code", 403

    log_action('changing email', user = username, new_email = change_request.new_email)

    u = User(change_request.username)
    u.set_email(change_request.new_email)
    u.save()

    return "Email address successfully changed", 200
示例#2
0
def verify_email(username, code):
    """
    Verifies to the system that an email address exists, and assigns it to a user.
    Expected to be used only by users clicking links in email-verfication emails.
    Not part of the documented API.
    """

    change_request = PendingEmail(username)

    if not change_request.in_db:
        return "No such change request", 404, PLAINTEXT_HEADER

    email_change_days = config.config.getint('nemesis', 'email_change_days')
    max_age = timedelta(days=email_change_days)

    if change_request.age > max_age:
        return "Request not valid", 410, PLAINTEXT_HEADER

    if change_request.verify_code != code:
        return "Invalid verification code", 403, PLAINTEXT_HEADER

    log_action('changing email',
               user=username,
               new_email=change_request.new_email)

    u = User(change_request.username)
    u.set_email(change_request.new_email)
    u.save()

    return "Email address successfully changed", 200, PLAINTEXT_HEADER
示例#3
0
def test_post_sets_own_password_and_name():
    old_password = "******"
    new_password = '******'
    old_first = "Blue"
    old_last = "Shirt"

    params = {
        "username": "******",
        "password": old_password,
        "new_password": new_password,
        "new_first_name": 'new_first',
        "new_last_name": 'new_last',
    }

    r, data = test_helpers.server_post("/user/blueshirt", params)
    assert r.status == 200
    assert User("blueshirt")._user.bind(new_password)

    u = User("blueshirt")
    first = u.first_name
    last = u.last_name
    u.set_password(old_password)
    u.set_first_name(old_first)
    u.set_last_name(old_last)
    u.save()

    assert first == 'new_first'
    assert last == 'new_last'
示例#4
0
文件: app.py 项目: PeterJCLaw/nemesis
def verify_email(username, code):
    """
    Verifies to the system that an email address exists, and assigns it to a user.
    Expected to be used only by users clicking links in email-verfication emails.
    Not part of the documented API.
    """

    change_request = PendingEmail(username)

    if not change_request.in_db:
        return "No such change request", 404, PLAINTEXT_HEADER

    email_change_days = config.config.getint('nemesis', 'email_change_days')
    max_age = timedelta(days = email_change_days)

    if change_request.age > max_age:
        return "Request not valid", 410, PLAINTEXT_HEADER

    if change_request.verify_code != code:
        return "Invalid verification code", 403, PLAINTEXT_HEADER

    log_action('changing email', user = username, new_email = change_request.new_email)

    u = User(change_request.username)
    u.set_email(change_request.new_email)
    u.save()

    return "Email address successfully changed", 200, PLAINTEXT_HEADER
示例#5
0
def verify_email(username, code):
    """
    Verifies to the system that an email address exists, and assigns it to a user.
    Expected to be used only by users clicking links in email-verfication emails.
    Not part of the documented API.
    """

    change_request = PendingEmail(username)

    if not change_request.in_db:
        return "No such change request", 404

    if change_request.age > timedelta(days=2):
        return "Request not valid", 410

    if change_request.verify_code != code:
        return "Invalid verification code", 403

    log_action('changing email',
               user=username,
               new_email=change_request.new_email)

    u = User(change_request.username)
    u.set_email(change_request.new_email)
    u.save()

    return "Email address successfully changed", 200
示例#6
0
def test_post_sets_own_password_and_name():
    old_password = "******"
    new_password = '******'
    old_first = "Blue"
    old_last  = "Shirt"

    params = {"username":"******",
              "password":old_password,
              "new_password":new_password,
              "new_first_name":'new_first',
              "new_last_name":'new_last',
              }

    r,data = test_helpers.server_post("/user/blueshirt", params)
    assert r.status == 200
    assert User("blueshirt")._user.bind(new_password)

    u = User("blueshirt")
    first = u.first_name
    last = u.last_name
    u.set_password(old_password)
    u.set_first_name(old_first)
    u.set_last_name(old_last)
    u.save()

    assert first == 'new_first'
    assert last == 'new_last'
示例#7
0
def test_student_post_doesnt_set_first_last_name():
    old_first = "student1i"
    old_last = "student"

    params = {
        "username": "******",
        "password": "******",
        "new_first_name": "asdf",
        "new_last_name": "cheese",
    }

    r, data = test_helpers.server_post("/user/student_coll1_1", params)
    assert r.status == 200

    details_dict = User("student_coll1_1").details_dictionary_for(
        User.create_user("student_coll1_1", "cows"))

    # restore original data
    u = User("student_coll1_1")
    u.set_first_name(old_first)
    u.set_last_name(old_last)
    u.save()

    assert details_dict["first_name"] == old_first
    assert details_dict["last_name"] == old_last
示例#8
0
def activate_account(username, code):
    """
    Verifies to the system that an email address exists, and that the related
    account should be made into a full account.
    Expected to be used only by users clicking links in account-activation emails.
    Not part of the documented API.
    """

    pu = PendingUser(username)

    if not pu.in_db:
        return "No such user account", 404

    if pu.age > timedelta(days=2):
        return "Request not valid", 410

    if pu.verify_code != code:
        return "Invalid verification code", 403

    log_action('activating user', pu)

    from libnemesis import srusers
    new_pass = srusers.users.GenPasswd()

    u = User(username)
    u.set_email(pu.email)
    u.set_team(pu.team)
    u.set_college(pu.college)
    u.set_password(new_pass)
    u.make_student()
    u.save()

    # let the team-leader know
    rq_user = User.create_user(pu.teacher_username)
    email_vars = {
        'name': rq_user.first_name,
        'au_username': username,
        'au_first_name': u.first_name,
        'au_last_name': u.last_name
    }
    mailer.email_template(rq_user.email, 'user_activated_team_leader',
                          email_vars)

    pu.delete()

    html = open(PATH + "/templates/activate.html").read()
    replacements = {
        'first_name': u.first_name,
        'last_name': u.last_name,
        'password': new_pass,
        'email': u.email,
        'username': username,
        'root': url_for('.index')
    }

    html = html.format(**replacements)

    return html, 200
示例#9
0
文件: app.py 项目: samphippen/nemesis
def activate_account(username, code):
    """
    Verifies to the system that an email address exists, and that the related
    account should be made into a full account.
    Expected to be used only by users clicking links in account-activation emails.
    Not part of the documented API.
    """

    pu = PendingUser(username)

    if not pu.in_db:
        return "No such user account", 404

    if pu.age > timedelta(days = 2):
        return "Request not valid", 410

    if pu.verify_code != code:
        return "Invalid verification code", 403

    log_action('activating user', pu)

    from libnemesis import srusers
    new_pass = srusers.users.GenPasswd()

    u = User(username)
    u.set_email(pu.email)
    u.set_team(pu.team)
    u.set_college(pu.college)
    u.set_password(new_pass)
    u.make_student()
    u.save()

    # let the team-leader know
    rq_user = User.create_user(pu.teacher_username)
    email_vars = { 'name': rq_user.first_name,
            'au_username': username,
          'au_first_name': u.first_name,
           'au_last_name': u.last_name
                 }
    mailer.email_template(rq_user.email, 'user_activated_team_leader', email_vars)

    pu.delete()

    html = open(PATH + "/templates/activate.html").read()
    replacements = { 'first_name': u.first_name
                   ,  'last_name': u.last_name
                   ,   'password': new_pass
                   ,      'email': u.email
                   ,   'username': username
                   ,       'root': url_for('.index')
                   }

    html = html.format(**replacements)

    return html, 200
示例#10
0
def test_post_sets_others_password():
    old_password = "******"

    params = {"username":"******",
              "password":"******",
              "new_password":"******",
              }

    r,data = test_helpers.server_post("/user/student_coll1_1", params)
    assert r.status == 200
    assert User("student_coll1_1")._user.bind("com")

    u = User("student_coll1_1")
    u.set_password(old_password)
    u.save()
示例#11
0
def test_team_leader_can_become_student():
    # We need to test against another teacher, because team leaders demoting themselves is not allowed
    u = User("student_coll1_1")
    u.make_teacher()
    u.save()

    params = {"username": "******",
              "password": "******",
              "new_type": "student",
              }

    r,data = test_helpers.server_post("/user/student_coll1_1", params)
    assert r.status == 200

    assert not User("student_coll1_1").is_teacher
示例#12
0
def test_post_sets_others_password():
    old_password = "******"

    params = {
        "username": "******",
        "password": "******",
        "new_password": "******",
    }

    r, data = test_helpers.server_post("/user/student_coll1_1", params)
    assert r.status == 200
    assert User("student_coll1_1")._user.bind("com")

    u = User("student_coll1_1")
    u.set_password(old_password)
    u.save()
示例#13
0
def test_team_leader_can_become_student():
    # We need to test against another teacher, because team leaders demoting themselves is not allowed
    u = User("student_coll1_1")
    u.make_teacher()
    u.save()

    params = {
        "username": "******",
        "password": "******",
        "new_type": "student",
    }

    r, data = test_helpers.server_post("/user/student_coll1_1", params)
    assert r.status == 200

    assert not User("student_coll1_1").is_teacher
示例#14
0
def test_post_sets_own_password():
    old_password = "******"
    new_password = '******'

    params = {"username":"******",
              "password":old_password,
              "new_password":new_password,
              }

    r,data = test_helpers.server_post("/user/blueshirt", params)
    assert r.status == 200
    assert User("blueshirt")._user.bind(new_password)

    u = User("blueshirt")
    u.set_password(old_password)
    u.save()
示例#15
0
def test_post_sets_own_password():
    old_password = "******"
    new_password = '******'

    params = {
        "username": "******",
        "password": old_password,
        "new_password": new_password,
    }

    r, data = test_helpers.server_post("/user/blueshirt", params)
    assert r.status == 200
    assert User("blueshirt")._user.bind(new_password)

    u = User("blueshirt")
    u.set_password(old_password)
    u.save()
示例#16
0
def test_team_leader_can_set_team_leader():
    params = {"username": "******",
              "password": "******",
              "new_type": "team-leader",
              }

    r,data = test_helpers.server_post("/user/student_coll1_1", params)
    assert r.status == 200

    u = User("student_coll1_1")
    is_teacher = u.is_teacher

    # Clean up
    u.make_student()
    u.save()

    # now assert (ensures the clean-up occurs)
    assert is_teacher
示例#17
0
def test_post_teacher_sets_team():
    old_team = "team-ABC"
    new_team = "team-DFE"

    params = {"username":"******",
              "password":"******",
              "new_team":new_team,
              }

    r,data = test_helpers.server_post("/user/student_coll1_1", params)
    assert r.status == 200

    u = User("student_coll1_1")
    teams = [t.name for t in u.teams]
    assert [new_team] == teams

    u.set_team(old_team)
    u.save()
示例#18
0
def test_verify_success():
    username = "******"
    old_email = User(username).email
    new_email = "*****@*****.**"

    setup_new_email('student_coll1_1', new_email, 'bees')

    r,data = test_helpers.server_get("/verify/" + username + "/bees")
    status = r.status
    assert status == 200, data

    u = User(username)
    email = u.email

    # restore the original first
    u.set_email(old_email)
    u.save()

    assert email == new_email
示例#19
0
def test_verify_success():
    username = "******"
    old_email = User(username).email
    new_email = "*****@*****.**"

    setup_new_email('student_coll1_1', new_email, 'bees')

    r, data = test_helpers.server_get("/verify/" + username + "/bees")
    status = r.status
    assert status == 200, data

    u = User(username)
    email = u.email

    # restore the original first
    u.set_email(old_email)
    u.save()

    assert email == new_email
示例#20
0
def test_post_teacher_sets_team():
    old_team = "team-ABC"
    new_team = "team-DFE"

    params = {
        "username": "******",
        "password": "******",
        "new_team": new_team,
    }

    r, data = test_helpers.server_post("/user/student_coll1_1", params)
    assert r.status == 200

    u = User("student_coll1_1")
    teams = [t.name for t in u.teams]
    assert [new_team] == teams

    u.set_team(old_team)
    u.save()
示例#21
0
def test_team_leader_can_set_team_leader():
    params = {
        "username": "******",
        "password": "******",
        "new_type": "team-leader",
    }

    r, data = test_helpers.server_post("/user/student_coll1_1", params)
    assert r.status == 200

    u = User("student_coll1_1")
    is_teacher = u.is_teacher

    # Clean up
    u.make_student()
    u.save()

    # now assert (ensures the clean-up occurs)
    assert is_teacher
示例#22
0
def test_post_sets_first_last_name():
    old_first = "student1i"
    old_last  = "student"

    params = {"username":"******",
              "password":"******",
              "new_first_name":"asdf",
              "new_last_name":"cheese",
              }

    r,data = test_helpers.server_post("/user/student_coll1_1", params)
    assert r.status == 200
    details_dict = User("student_coll1_1").details_dictionary_for(User.create_user("student_coll1_1", "cows"))

    assert details_dict["first_name"] == "asdf"
    assert details_dict["last_name"] == "cheese"
    u = User("student_coll1_1")
    u.set_first_name(old_first)
    u.set_last_name(old_last)
    u.save()