def login_route():
"""login route"""
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter(
User.active, User.username == form.username.data).one_or_none()
if user:
if form.password.data:
if PWS.compare(
PWS.hash(form.password.data,
PWS.get_salt(user.password)), user.password):
if user.totp:
session['totp_login_user_id'] = user.id
return redirect(
url_for('auth.login_totp_route', **request.args))
regenerate_session()
login_user(user)
return redirect_after_login()
else:
if user.webauthn_credentials:
session['webauthn_login_user_id'] = user.id
return redirect(
url_for('auth.login_webauthn_route', **request.args))
flash('Invalid credentials.', 'error')
return render_template('auth/login.html', form=form)
def test_profile_changepassword_route(cl_user):
"""user profile change password"""
cur_password = PWS().generate()
new_password = PWS().generate()
user = User.query.filter(User.username == 'pytest_user').one()
user.password = cur_password
db.session.commit()
form = cl_user.get(url_for('auth.profile_changepassword_route')).form
form['current_password'] = cur_password
form['password1'] = 'AlongPassword1'
form['password2'] = 'AlongPassword2'
response = form.submit()
assert response.status_code == HTTPStatus.OK
assert response.lxml.xpath(
'//div[@class="invalid-feedback" and text()="Passwords does not match."]'
)
form = cl_user.get(url_for('auth.profile_changepassword_route')).form
form['current_password'] = cur_password
form['password1'] = 'weak'
form['password2'] = 'weak'
response = form.submit()
assert response.status_code == HTTPStatus.OK
assert response.lxml.xpath(
'//div[@class="invalid-feedback" and contains(text(), "Password too short.")]'
)
form = cl_user.get(url_for('auth.profile_changepassword_route')).form
form['current_password'] = '******'
form['password1'] = new_password
form['password2'] = new_password
response = form.submit()
assert response.status_code == HTTPStatus.OK
assert response.lxml.xpath(
'//script[contains(text(), "toastr[\'error\'](\'Invalid current password.\');")]'
)
form = cl_user.get(url_for('auth.profile_changepassword_route')).form
form['current_password'] = cur_password
form['password1'] = new_password
form['password2'] = new_password
response = form.submit()
assert response.status_code == HTTPStatus.FOUND
user = User.query.filter(User.username == 'pytest_user').one()
assert PWS.compare(PWS.hash(new_password, PWS.get_salt(user.password)),
user.password)
def profile_changepassword_route():
"""user profile change password"""
form = UserChangePasswordForm()
if form.validate_on_submit():
user = User.query.filter(User.id == current_user.id).one()
if not PWS.compare(PWS.hash(form.current_password.data, PWS.get_salt(user.password)), user.password):
flash('Invalid current password.', 'error')
else:
user.password = PWS.hash(form.password1.data)
db.session.commit()
flash('Password changed.', 'info')
return redirect(url_for('auth.profile_route'))
return render_template('auth/profile/changepassword.html', form=form)
def test_user_edit_route(cl_admin, user):
"""user edit route test"""
password = PWS.generate()
form = cl_admin.get(url_for('auth.user_edit_route', user_id=user.id)).form
form['username'] = f'{form["username"].value}_edited'
form['new_password'] = password
form['roles'] = []
response = form.submit()
assert response.status_code == HTTPStatus.FOUND
tuser = User.query.filter(User.username == form['username'].value).one()
assert tuser.username == form['username'].value
assert PWS.compare(PWS.hash(password, PWS.get_salt(tuser.password)), tuser.password)
assert not user.roles
def test_user_add_route(cl_admin, user_factory):
"""user add route test"""
password = PWS.generate()
auser = user_factory.build()
form = cl_admin.get(url_for('auth.user_add_route')).form
form['username'] = auser.username
form['roles'] = auser.roles
form['active'] = auser.active
form['new_password'] = password
response = form.submit()
assert response.status_code == HTTPStatus.FOUND
tuser = User.query.filter(User.username == auser.username).one()
assert tuser.username == auser.username
assert PWS.compare(PWS.hash(password, PWS.get_salt(tuser.password)), tuser.password)
assert tuser.active == auser.active
assert tuser.roles == auser.roles
def test_user_add_route(cl_admin):
"""user add route test"""
tmp_password = PWS().generate()
test_user = create_test_user()
form = cl_admin.get(url_for('auth.user_add_route')).form
form['username'] = test_user.username
form['password'] = tmp_password
form['roles'] = test_user.roles
form['active'] = test_user.active
response = form.submit()
assert response.status_code == HTTPStatus.FOUND
user = User.query.filter(User.username == test_user.username).one()
assert user.username == test_user.username
assert PWS.compare(PWS.hash(tmp_password, PWS.get_salt(user.password)),
user.password)
assert user.active == test_user.active
assert user.roles == test_user.roles