def test_post_sets_own_password_and_name(): old_password = "******" new_password = '******' old_first = "Blue" old_last = "Shirt" params = { "username": "******", "password": old_password, "new_password": new_password, "new_first_name": 'new_first', "new_last_name": 'new_last', } r, data = test_helpers.server_post("/user/blueshirt", params) assert r.status == 200 assert User("blueshirt")._user.bind(new_password) u = User("blueshirt") first = u.first_name last = u.last_name u.set_password(old_password) u.set_first_name(old_first) u.set_last_name(old_last) u.save() assert first == 'new_first' assert last == 'new_last'
def test_post_sets_own_password_and_name(): old_password = "******" new_password = '******' old_first = "Blue" old_last = "Shirt" params = {"username":"******", "password":old_password, "new_password":new_password, "new_first_name":'new_first', "new_last_name":'new_last', } r,data = test_helpers.server_post("/user/blueshirt", params) assert r.status == 200 assert User("blueshirt")._user.bind(new_password) u = User("blueshirt") first = u.first_name last = u.last_name u.set_password(old_password) u.set_first_name(old_first) u.set_last_name(old_last) u.save() assert first == 'new_first' assert last == 'new_last'
def activate_account(username, code): """ Verifies to the system that an email address exists, and that the related account should be made into a full account. Expected to be used only by users clicking links in account-activation emails. Not part of the documented API. """ pu = PendingUser(username) if not pu.in_db: return "No such user account", 404 if pu.age > timedelta(days=2): return "Request not valid", 410 if pu.verify_code != code: return "Invalid verification code", 403 log_action('activating user', pu) from libnemesis import srusers new_pass = srusers.users.GenPasswd() u = User(username) u.set_email(pu.email) u.set_team(pu.team) u.set_college(pu.college) u.set_password(new_pass) u.make_student() u.save() # let the team-leader know rq_user = User.create_user(pu.teacher_username) email_vars = { 'name': rq_user.first_name, 'au_username': username, 'au_first_name': u.first_name, 'au_last_name': u.last_name } mailer.email_template(rq_user.email, 'user_activated_team_leader', email_vars) pu.delete() html = open(PATH + "/templates/activate.html").read() replacements = { 'first_name': u.first_name, 'last_name': u.last_name, 'password': new_pass, 'email': u.email, 'username': username, 'root': url_for('.index') } html = html.format(**replacements) return html, 200
def activate_account(username, code): """ Verifies to the system that an email address exists, and that the related account should be made into a full account. Expected to be used only by users clicking links in account-activation emails. Not part of the documented API. """ pu = PendingUser(username) if not pu.in_db: return "No such user account", 404 if pu.age > timedelta(days = 2): return "Request not valid", 410 if pu.verify_code != code: return "Invalid verification code", 403 log_action('activating user', pu) from libnemesis import srusers new_pass = srusers.users.GenPasswd() u = User(username) u.set_email(pu.email) u.set_team(pu.team) u.set_college(pu.college) u.set_password(new_pass) u.make_student() u.save() # let the team-leader know rq_user = User.create_user(pu.teacher_username) email_vars = { 'name': rq_user.first_name, 'au_username': username, 'au_first_name': u.first_name, 'au_last_name': u.last_name } mailer.email_template(rq_user.email, 'user_activated_team_leader', email_vars) pu.delete() html = open(PATH + "/templates/activate.html").read() replacements = { 'first_name': u.first_name , 'last_name': u.last_name , 'password': new_pass , 'email': u.email , 'username': username , 'root': url_for('.index') } html = html.format(**replacements) return html, 200
def test_post_sets_others_password(): old_password = "******" params = {"username":"******", "password":"******", "new_password":"******", } r,data = test_helpers.server_post("/user/student_coll1_1", params) assert r.status == 200 assert User("student_coll1_1")._user.bind("com") u = User("student_coll1_1") u.set_password(old_password) u.save()
def test_post_sets_others_password(): old_password = "******" params = { "username": "******", "password": "******", "new_password": "******", } r, data = test_helpers.server_post("/user/student_coll1_1", params) assert r.status == 200 assert User("student_coll1_1")._user.bind("com") u = User("student_coll1_1") u.set_password(old_password) u.save()
def test_post_sets_own_password(): old_password = "******" new_password = '******' params = {"username":"******", "password":old_password, "new_password":new_password, } r,data = test_helpers.server_post("/user/blueshirt", params) assert r.status == 200 assert User("blueshirt")._user.bind(new_password) u = User("blueshirt") u.set_password(old_password) u.save()
def test_post_sets_own_password(): old_password = "******" new_password = '******' params = { "username": "******", "password": old_password, "new_password": new_password, } r, data = test_helpers.server_post("/user/blueshirt", params) assert r.status == 200 assert User("blueshirt")._user.bind(new_password) u = User("blueshirt") u.set_password(old_password) u.save()
def reset_password(username, code): """ Resets a user's password after they've clicked a link in an email we sent them, then serves up a page for them to change their password. Not part of the documented API. """ ppr = PendingPasswordReset(username) if not ppr.in_db: return "No such user account", 404, PLAINTEXT_HEADER if ppr.age > timedelta(days=PASSWORD_RESET_DAYS): return "Request not valid", 410, PLAINTEXT_HEADER if ppr.verify_code != code: return "Invalid verification code", 403, PLAINTEXT_HEADER log_action('resetting user password', ppr) from libnemesis import srusers new_pass = srusers.users.GenPasswd() u = User(username) u.set_password(new_pass) # No need to save since set_password happens immediately ppr.delete() html = open(PATH + "/templates/password_reset.html").read() replacements = { 'first_name': u.first_name, 'last_name': u.last_name, 'password': new_pass, 'username': username, 'root': url_for('.index') } html = html.format(**replacements) return html, 200, CSP_HEADER
def reset_password(username, code): """ Resets a user's password after they've clicked a link in an email we sent them, then serves up a page for them to change their password. Not part of the documented API. """ ppr = PendingPasswordReset(username) if not ppr.in_db: return "No such user account", 404, PLAINTEXT_HEADER if ppr.age > timedelta(days = PASSWORD_RESET_DAYS): return "Request not valid", 410, PLAINTEXT_HEADER if ppr.verify_code != code: return "Invalid verification code", 403, PLAINTEXT_HEADER log_action('resetting user password', ppr) from libnemesis import srusers new_pass = srusers.users.GenPasswd() u = User(username) u.set_password(new_pass) # No need to save since set_password happens immediately ppr.delete() html = open(PATH + "/templates/password_reset.html").read() replacements = { 'first_name': u.first_name , 'last_name': u.last_name , 'password': new_pass , 'username': username , 'root': url_for('.index') } html = html.format(**replacements) return html, 200, CSP_HEADER