def test_ChangePassword_add_no_passwords(db, fast_passwords):
# user does not have an old password and called with empty body
user, token = generate_user(db, hashed_password=None)
with account_session(db, token) as account:
with pytest.raises(grpc.RpcError) as e:
account.ChangePassword(account_pb2.ChangePasswordReq())
assert e.value.code() == grpc.StatusCode.INVALID_ARGUMENT
assert e.value.details() == errors.MISSING_BOTH_PASSWORDS
with session_scope(db) as session:
updated_user = session.query(User).filter(User.id == user.id).one()
assert updated_user.hashed_password == None
def test_ChangePassword_remove(db, fast_passwords):
old_password = random_hex()
user, token = generate_user(hashed_password=hash_password(old_password))
with account_session(token) as account:
with patch("couchers.servicers.account.send_password_changed_email") as mock:
account.ChangePassword(
account_pb2.ChangePasswordReq(
old_password=wrappers_pb2.StringValue(value=old_password),
)
)
mock.assert_called_once()
with session_scope() as session:
updated_user = session.query(User).filter(User.id == user.id).one()
assert updated_user.hashed_password is None
def test_ChangePassword_remove_wrong_password(db, fast_passwords):
old_password = random_hex()
user, token = generate_user(db,
hashed_password=hash_password(old_password))
with account_session(db, token) as account:
with pytest.raises(grpc.RpcError) as e:
account.ChangePassword(
account_pb2.ChangePasswordReq(
old_password=wrappers_pb2.StringValue(
value="wrong password"), ))
assert e.value.code() == grpc.StatusCode.INVALID_ARGUMENT
assert e.value.details() == errors.INVALID_USERNAME_OR_PASSWORD
with session_scope(db) as session:
updated_user = session.query(User).filter(User.id == user.id).one()
assert updated_user.hashed_password == hash_password(old_password)
def test_ChangePassword_add(db, fast_passwords):
# user does not have an old password and is adding a new password
new_password = random_hex()
user, token = generate_user(db, hashed_password=None)
with account_session(db, token) as account:
with patch("couchers.servicers.account.send_password_changed_email"
) as mock:
account.ChangePassword(
account_pb2.ChangePasswordReq(
new_password=wrappers_pb2.StringValue(
value=new_password), ))
mock.assert_called_once()
with session_scope(db) as session:
updated_user = session.query(User).filter(User.id == user.id).one()
assert updated_user.hashed_password == hash_password(new_password)
def test_ChangePassword_normal_no_password(db, fast_passwords):
# user has old password and is changing to new password, but didn't supply old password
old_password = random_hex()
new_password = random_hex()
user, token = generate_user(db,
hashed_password=hash_password(old_password))
with account_session(db, token) as account:
with pytest.raises(grpc.RpcError) as e:
account.ChangePassword(
account_pb2.ChangePasswordReq(
new_password=wrappers_pb2.StringValue(
value=new_password), ))
assert e.value.code() == grpc.StatusCode.INVALID_ARGUMENT
assert e.value.details() == errors.MISSING_PASSWORD
with session_scope(db) as session:
updated_user = session.query(User).filter(User.id == user.id).one()
assert updated_user.hashed_password == hash_password(old_password)
def test_ChangePassword_add_with_password(db, fast_passwords):
# user does not have an old password and is adding a new password, but supplied a password
new_password = random_hex()
user, token = generate_user(db, hashed_password=None)
with account_session(db, token) as account:
with pytest.raises(grpc.RpcError) as e:
account.ChangePassword(
account_pb2.ChangePasswordReq(
old_password=wrappers_pb2.StringValue(
value="wrong password"),
new_password=wrappers_pb2.StringValue(value=new_password),
))
assert e.value.code() == grpc.StatusCode.INVALID_ARGUMENT
assert e.value.details() == errors.NO_PASSWORD
with session_scope(db) as session:
updated_user = session.query(User).filter(User.id == user.id).one()
assert updated_user.hashed_password == None
def test_ChangePassword_normal_long_password(db, fast_passwords):
# user has old password and is changing to new password, but used short password
old_password = random_hex()
new_password = random_hex(length=1000)
user, token = generate_user(hashed_password=hash_password(old_password))
with account_session(token) as account:
with pytest.raises(grpc.RpcError) as e:
account.ChangePassword(
account_pb2.ChangePasswordReq(
old_password=wrappers_pb2.StringValue(value=old_password),
new_password=wrappers_pb2.StringValue(value=new_password),
)
)
assert e.value.code() == grpc.StatusCode.INVALID_ARGUMENT
assert e.value.details() == errors.PASSWORD_TOO_LONG
with session_scope() as session:
updated_user = session.query(User).filter(User.id == user.id).one()
assert updated_user.hashed_password == hash_password(old_password)
