def test_post_sets_own_password_and_name():
old_password = "******"
new_password = '******'
old_first = "Blue"
old_last = "Shirt"
params = {
"username": "******",
"password": old_password,
"new_password": new_password,
"new_first_name": 'new_first',
"new_last_name": 'new_last',
}
r, data = test_helpers.server_post("/user/blueshirt", params)
assert r.status == 200
assert User("blueshirt")._user.bind(new_password)
u = User("blueshirt")
first = u.first_name
last = u.last_name
u.set_password(old_password)
u.set_first_name(old_first)
u.set_last_name(old_last)
u.save()
assert first == 'new_first'
assert last == 'new_last'
def test_post_sets_own_password_and_name():
old_password = "******"
new_password = '******'
old_first = "Blue"
old_last = "Shirt"
params = {"username":"******",
"password":old_password,
"new_password":new_password,
"new_first_name":'new_first',
"new_last_name":'new_last',
}
r,data = test_helpers.server_post("/user/blueshirt", params)
assert r.status == 200
assert User("blueshirt")._user.bind(new_password)
u = User("blueshirt")
first = u.first_name
last = u.last_name
u.set_password(old_password)
u.set_first_name(old_first)
u.set_last_name(old_last)
u.save()
assert first == 'new_first'
assert last == 'new_last'
def activate_account(username, code):
"""
Verifies to the system that an email address exists, and that the related
account should be made into a full account.
Expected to be used only by users clicking links in account-activation emails.
Not part of the documented API.
"""
pu = PendingUser(username)
if not pu.in_db:
return "No such user account", 404
if pu.age > timedelta(days=2):
return "Request not valid", 410
if pu.verify_code != code:
return "Invalid verification code", 403
log_action('activating user', pu)
from libnemesis import srusers
new_pass = srusers.users.GenPasswd()
u = User(username)
u.set_email(pu.email)
u.set_team(pu.team)
u.set_college(pu.college)
u.set_password(new_pass)
u.make_student()
u.save()
# let the team-leader know
rq_user = User.create_user(pu.teacher_username)
email_vars = {
'name': rq_user.first_name,
'au_username': username,
'au_first_name': u.first_name,
'au_last_name': u.last_name
}
mailer.email_template(rq_user.email, 'user_activated_team_leader',
email_vars)
pu.delete()
html = open(PATH + "/templates/activate.html").read()
replacements = {
'first_name': u.first_name,
'last_name': u.last_name,
'password': new_pass,
'email': u.email,
'username': username,
'root': url_for('.index')
}
html = html.format(**replacements)
return html, 200
def activate_account(username, code):
"""
Verifies to the system that an email address exists, and that the related
account should be made into a full account.
Expected to be used only by users clicking links in account-activation emails.
Not part of the documented API.
"""
pu = PendingUser(username)
if not pu.in_db:
return "No such user account", 404
if pu.age > timedelta(days = 2):
return "Request not valid", 410
if pu.verify_code != code:
return "Invalid verification code", 403
log_action('activating user', pu)
from libnemesis import srusers
new_pass = srusers.users.GenPasswd()
u = User(username)
u.set_email(pu.email)
u.set_team(pu.team)
u.set_college(pu.college)
u.set_password(new_pass)
u.make_student()
u.save()
# let the team-leader know
rq_user = User.create_user(pu.teacher_username)
email_vars = { 'name': rq_user.first_name,
'au_username': username,
'au_first_name': u.first_name,
'au_last_name': u.last_name
}
mailer.email_template(rq_user.email, 'user_activated_team_leader', email_vars)
pu.delete()
html = open(PATH + "/templates/activate.html").read()
replacements = { 'first_name': u.first_name
, 'last_name': u.last_name
, 'password': new_pass
, 'email': u.email
, 'username': username
, 'root': url_for('.index')
}
html = html.format(**replacements)
return html, 200
def test_post_sets_others_password():
old_password = "******"
params = {"username":"******",
"password":"******",
"new_password":"******",
}
r,data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200
assert User("student_coll1_1")._user.bind("com")
u = User("student_coll1_1")
u.set_password(old_password)
u.save()
def test_post_sets_others_password():
old_password = "******"
params = {
"username": "******",
"password": "******",
"new_password": "******",
}
r, data = test_helpers.server_post("/user/student_coll1_1", params)
assert r.status == 200
assert User("student_coll1_1")._user.bind("com")
u = User("student_coll1_1")
u.set_password(old_password)
u.save()
def test_post_sets_own_password():
old_password = "******"
new_password = '******'
params = {"username":"******",
"password":old_password,
"new_password":new_password,
}
r,data = test_helpers.server_post("/user/blueshirt", params)
assert r.status == 200
assert User("blueshirt")._user.bind(new_password)
u = User("blueshirt")
u.set_password(old_password)
u.save()
def test_post_sets_own_password():
old_password = "******"
new_password = '******'
params = {
"username": "******",
"password": old_password,
"new_password": new_password,
}
r, data = test_helpers.server_post("/user/blueshirt", params)
assert r.status == 200
assert User("blueshirt")._user.bind(new_password)
u = User("blueshirt")
u.set_password(old_password)
u.save()
def reset_password(username, code):
"""
Resets a user's password after they've clicked a link in an email we
sent them, then serves up a page for them to change their password.
Not part of the documented API.
"""
ppr = PendingPasswordReset(username)
if not ppr.in_db:
return "No such user account", 404, PLAINTEXT_HEADER
if ppr.age > timedelta(days=PASSWORD_RESET_DAYS):
return "Request not valid", 410, PLAINTEXT_HEADER
if ppr.verify_code != code:
return "Invalid verification code", 403, PLAINTEXT_HEADER
log_action('resetting user password', ppr)
from libnemesis import srusers
new_pass = srusers.users.GenPasswd()
u = User(username)
u.set_password(new_pass)
# No need to save since set_password happens immediately
ppr.delete()
html = open(PATH + "/templates/password_reset.html").read()
replacements = {
'first_name': u.first_name,
'last_name': u.last_name,
'password': new_pass,
'username': username,
'root': url_for('.index')
}
html = html.format(**replacements)
return html, 200, CSP_HEADER
def reset_password(username, code):
"""
Resets a user's password after they've clicked a link in an email we
sent them, then serves up a page for them to change their password.
Not part of the documented API.
"""
ppr = PendingPasswordReset(username)
if not ppr.in_db:
return "No such user account", 404, PLAINTEXT_HEADER
if ppr.age > timedelta(days = PASSWORD_RESET_DAYS):
return "Request not valid", 410, PLAINTEXT_HEADER
if ppr.verify_code != code:
return "Invalid verification code", 403, PLAINTEXT_HEADER
log_action('resetting user password', ppr)
from libnemesis import srusers
new_pass = srusers.users.GenPasswd()
u = User(username)
u.set_password(new_pass)
# No need to save since set_password happens immediately
ppr.delete()
html = open(PATH + "/templates/password_reset.html").read()
replacements = { 'first_name': u.first_name
, 'last_name': u.last_name
, 'password': new_pass
, 'username': username
, 'root': url_for('.index')
}
html = html.format(**replacements)
return html, 200, CSP_HEADER
