def _populate(self, app): from zope.password.password import SSHAPasswordManager pwd_mgr = SSHAPasswordManager() encoded = pwd_mgr.encodePassword('password') cartouche = app.cartouche = FauxCartouche() cartouche.by_uuid['UUID'] = Dummy(uuid='UUID', password=encoded) cartouche.by_login['login'] = '******'
def sendGeneratedPassword(request, uuid, confirmed): record = confirmed.get(uuid) if record is None: raise KeyError pwd_mgr = SSHAPasswordManager() generator = request.registry.queryUtility(IPasswordGenerator, default=randomPassword) new_password = generator() encoded = pwd_mgr.encodePassword(new_password) confirmed.set( uuid, email=record.email, login=record.login, password=encoded, security_question=record.security_question, security_answer=record.security_answer, token=record.token, ) from_addr = request.registry.settings['cartouche.from_addr'] delivery = request.registry.queryUtility(IMailDelivery, default=localhost_mta) login_url = view_url(request.context, request, 'login_url', 'login.html') body = PASSWORD_EMAIL % {'password': new_password, 'login_url': login_url} message = Message() message['Subject'] = 'Your new site password' message.set_payload(body) delivery.send(from_addr, [record.email], message)
def edit_account_view(context, request): confirmed = request.registry.queryAdapter(context, IRegistrations, name='confirmed') if confirmed is None: #pragma NO COVERAGE confirmed = ConfirmedRegistrations(context) identity = request.environ.get('repoze.who.identity') if identity is None: return HTTPUnauthorized() userid = identity['repoze.who.userid'] account_info = confirmed.get(userid) if account_info is None: return HTTPForbidden() appstruct = { 'login_name': account_info.login, 'email': account_info.email, 'security': { 'question': account_info.security_question or '', 'answer': account_info.security_answer or '', }, } schema = EditAccount().bind(current_login_name=account_info.login, confirmed=confirmed, old_password=account_info.password) form = Form(schema, buttons=('update', )) rendered_form = form.render(appstruct) if 'update' in request.POST: try: appstruct = form.validate(request.POST.items()) except ValidationFailure, e: rendered_form = e.render() else: login = appstruct['login_name'] email = appstruct['email'] pwd_mgr = SSHAPasswordManager() password = pwd_mgr.encodePassword(appstruct['password']) security_question = appstruct['security']['question'] security_answer = appstruct['security']['answer'] confirmed.set( userid, email=email, login=login, password=password, security_question=security_question, security_answer=security_answer, ) return HTTPFound(location=view_url( context, request, 'after_edit_url', request.view_name, ))
def old_password_validator(node, kw): old_password = kw.get('old_password') if old_password is not None: pwd_mgr = SSHAPasswordManager() def _check(node, value): if not pwd_mgr.checkPassword(old_password, value): raise Invalid('Old password incorrect') return _check
def do_login(self, **data): login = Login() self.applyData(login, **data) principals = IOAuthPrincipalSource(grok.getApplication()) account = principals.find(login=login.login, domain=principals.domain) if account: # check password, and authenticate if match from zope.password.password import SSHAPasswordManager mgr = SSHAPasswordManager() if mgr.checkPassword(account.secret, login.secret): session = ISession(self.request)['OAuth2'] session['principal'] = account # Found the principal
def authenticate(self, environ, identity): try: login = identity['login'] password = identity['password'] except KeyError: return None pwd_mgr = SSHAPasswordManager() record = FauxConfirmedRegistrations(None).get_by_login(login) if (record is not None and pwd_mgr.checkPassword(record.password, password)): return record.uuid
def test_POST_w_password_match_w_after_edit_url(self): from webob.exc import HTTPFound from webob.multidict import MultiDict from zope.password.password import SSHAPasswordManager AFTER = '/' OLD_EMAIL = '*****@*****.**' NEW_EMAIL = '*****@*****.**' ENVIRON = {'repoze.who.identity': {'repoze.who.userid': 'UUID'}} self.config.registry.settings['cartouche.after_edit_url'] = AFTER pwd_mgr = SSHAPasswordManager() encoded = pwd_mgr.encodePassword('old_password') by_uuid, by_login, by_email = self._registerConfirmed() by_uuid['UUID'] = Dummy(login='******', email=OLD_EMAIL, password=encoded, security_question='borncity', security_answer='FXBG') by_email[OLD_EMAIL] = by_login['before'] = 'UUID' POST = MultiDict([ ('login_name', 'after'), ('email', NEW_EMAIL), ('old_password', 'old_password'), ('__start__', 'password:mapping'), ('value', 'newpassword'), ('confirm', 'newpassword'), ('__end__', 'password:mapping'), ('__start__', 'security:mapping'), ('question', 'petname'), ('answer', 'Fido'), ('__end__', 'security:mapping'), ('update', ''), ]) request = self._makeRequest(POST=POST, environ=ENVIRON, view_name='edit_account.html') response = self._callFUT(request=request) self.failUnless(isinstance(response, HTTPFound)) self.assertEqual(response.location, 'http://example.com/') new_record = by_uuid['UUID'] self.assertEqual(new_record.login, 'after') self.failUnless( pwd_mgr.checkPassword(new_record.password, 'newpassword')) self.assertEqual(new_record.security_question, 'petname') self.assertEqual(new_record.security_answer, 'Fido') self.failIf(OLD_EMAIL in by_email) self.assertEqual(by_email[NEW_EMAIL], 'UUID') self.failIf('before' in by_login) self.assertEqual(by_login['after'], 'UUID')
def test_hit_w_password_utility(self): import re from repoze.sendmail.interfaces import IMailDelivery from zope.password.password import SSHAPasswordManager from cartouche.interfaces import IPasswordGenerator GENERATED = re.compile(r'Your new password is:\s+(?P<password>[^\s]+)', re.MULTILINE) FROM_EMAIL = '*****@*****.**' TO_EMAIL = '*****@*****.**' def _password(): return 'PASSWORD' self.config.registry.registerUtility(_password, IPasswordGenerator) self.config.registry.settings['cartouche.from_addr'] = FROM_EMAIL delivery = DummyMailer() self.config.registry.registerUtility(delivery, IMailDelivery) confirmed = DummyConfirmed() confirmed.set( 'UUID', email=TO_EMAIL, login='******', password='******', security_question='question', security_answer='answer', token=None, ) self._callFUT(userid='UUID', confirmed=confirmed) record = confirmed.get('UUID') self.assertEqual(record.uuid, 'UUID') self.assertEqual(record.email, TO_EMAIL) self.assertEqual(record.login, 'phred') password = record.password self.assertNotEqual(password, 'old_password') self.failUnless(password.startswith('{SSHA}')) self.assertEqual(record.security_question, 'question') self.assertEqual(record.security_answer, 'answer') self.assertEqual(record.token, None) login_url = 'http://example.com/login.html' self.assertEqual(delivery._sent[0], FROM_EMAIL) self.assertEqual(list(delivery._sent[1]), [TO_EMAIL]) payload = delivery._sent[2].get_payload() self.failUnless(login_url in payload) found = GENERATED.search(payload) generated = found.group('password') self.assertEqual(generated, 'PASSWORD') pwd_mgr = SSHAPasswordManager() self.failUnless(pwd_mgr.checkPassword(password, generated))
def test_POST_w_password_match_new_login_not_unique(self): import re from webob.multidict import MultiDict from zope.password.password import SSHAPasswordManager SUMMARY_ERROR = re.compile('<h3[^>]*>There was a problem', re.MULTILINE) FIELD_ERROR = re.compile('<p class="errorMsg"', re.MULTILINE) OLD_EMAIL = '*****@*****.**' NEW_EMAIL = '*****@*****.**' ENVIRON = {'repoze.who.identity': {'repoze.who.userid': 'UUID'}} pwd_mgr = SSHAPasswordManager() encoded = pwd_mgr.encodePassword('old_password') by_uuid, by_login, by_email = self._registerConfirmed() by_uuid['UUID'] = Dummy(login='******', email=OLD_EMAIL, password=encoded, security_question='borncity', security_answer='FXBG') by_email[OLD_EMAIL] = by_login['before'] = 'UUID' by_uuid['OTHER_UUID'] = Dummy(login='******') by_login['taken'] = 'OTHER_UUID' POST = MultiDict([ ('login_name', 'taken'), ('email', NEW_EMAIL), ('old_password', 'old_password'), ('__start__', 'password:mapping'), ('value', 'newpassword'), ('confirm', 'newpassword'), ('__end__', 'password:mapping'), ('__start__', 'security:mapping'), ('question', 'petname'), ('answer', 'Fido'), ('__end__', 'security:mapping'), ('update', ''), ]) request = self._makeRequest(POST=POST, environ=ENVIRON) info = self._callFUT(request=request) rendered_form = info['rendered_form'] self.failUnless(SUMMARY_ERROR.search(rendered_form)) self.failUnless(FIELD_ERROR.search(rendered_form)) self.failUnless(OLD_EMAIL in by_email) self.failIf(NEW_EMAIL in by_email) self.assertEqual(by_login['before'], 'UUID') self.assertEqual(by_login['taken'], 'OTHER_UUID')
def _registerConfirmed(self): from zope.password.password import SSHAPasswordManager from cartouche.interfaces import IRegistrations pwd_mgr = SSHAPasswordManager() encoded = pwd_mgr.encodePassword('password') class DummyConfirmed: def __init__(self, context): pass def get_by_login(self, login, default=None): if login == 'login': return Dummy(uuid='UUID', password=encoded) return default self.config.registry.registerAdapter(DummyConfirmed, (None, ), IRegistrations, name='confirmed')
def test_GET_w_known_credentials_later_edit(self): import re from zope.password.password import SSHAPasswordManager INPUT = re.compile( '<input.* name="(?P<name>\w+)" ' 'value="(?P<value>[^"]*)"', re.MULTILINE) SELECT = re.compile('<select.* name="(?P<name>\w+)"', re.MULTILINE) EMAIL = '*****@*****.**' ENVIRON = {'repoze.who.identity': {'repoze.who.userid': 'UUID'}} pwd_mgr = SSHAPasswordManager() encoded = pwd_mgr.encodePassword('old_password') by_uuid, by_login, by_email = self._registerConfirmed() by_uuid['UUID'] = Dummy( login='******', email=EMAIL, password=encoded, security_question='borncity', security_answer='FXBG', ) by_email[EMAIL] = by_login['login'] = '******' mtr = self.config.testing_add_template('templates/main.pt') request = self._makeRequest(environ=ENVIRON) info = self._callFUT(request=request) self.failUnless(info['main_template'] is mtr.implementation()) rendered_form = info['rendered_form'] inputs = [ x for x in INPUT.findall(rendered_form) if not x[0].startswith('_') ] self.assertEqual(inputs, [ ('login_name', 'before'), ('email', EMAIL), ('old_password', ''), ('value', ''), ('confirm', ''), ('answer', 'FXBG'), ]) selects = [x for x in SELECT.findall(rendered_form)] self.assertEqual(selects, ['question'])
def __init__(self, zodb_uri): self._zodb_uri = zodb_uri self._pwd_mgr = SSHAPasswordManager()