moved change_pass to basic_auth and fixed some typos with the moving of forgot pass
This commit is contained in:
parent
aeae6cc290
commit
af665c4eb9
@ -98,16 +98,3 @@ class EditCollectionForm(wtforms.Form):
|
||||
description=_(
|
||||
"The title part of this collection's address. "
|
||||
"You usually don't need to change this."))
|
||||
|
||||
|
||||
class ChangePassForm(wtforms.Form):
|
||||
old_password = wtforms.PasswordField(
|
||||
_('Old password'),
|
||||
[wtforms.validators.Required()],
|
||||
description=_(
|
||||
"Enter your old password to prove you own this account."))
|
||||
new_password = wtforms.PasswordField(
|
||||
_('New password'),
|
||||
[wtforms.validators.Required(),
|
||||
wtforms.validators.Length(min=6, max=30)],
|
||||
id="password")
|
||||
|
@ -24,7 +24,5 @@ add_route('mediagoblin.edit.account', '/edit/account/',
|
||||
'mediagoblin.edit.views:edit_account')
|
||||
add_route('mediagoblin.edit.delete_account', '/edit/account/delete/',
|
||||
'mediagoblin.edit.views:delete_account')
|
||||
add_route('mediagoblin.edit.pass', '/edit/password/',
|
||||
'mediagoblin.edit.views:change_pass')
|
||||
add_route('mediagoblin.edit.verify_email', '/edit/verify_email/',
|
||||
'mediagoblin.edit.views:verify_email')
|
||||
|
@ -23,7 +23,6 @@ from werkzeug.utils import secure_filename
|
||||
from mediagoblin import messages
|
||||
from mediagoblin import mg_globals
|
||||
|
||||
from mediagoblin import auth
|
||||
from mediagoblin.auth import tools as auth_tools
|
||||
from mediagoblin.edit import forms
|
||||
from mediagoblin.edit.lib import may_edit_media
|
||||
@ -340,46 +339,6 @@ def edit_collection(request, collection):
|
||||
'form': form})
|
||||
|
||||
|
||||
@require_active_login
|
||||
def change_pass(request):
|
||||
# If no password authentication, no need to change your password
|
||||
if 'pass_auth' not in request.template_env.globals:
|
||||
return redirect(request, 'index')
|
||||
|
||||
form = forms.ChangePassForm(request.form)
|
||||
user = request.user
|
||||
|
||||
if request.method == 'POST' and form.validate():
|
||||
|
||||
if not auth.check_password(
|
||||
form.old_password.data, user.pw_hash):
|
||||
form.old_password.errors.append(
|
||||
_('Wrong password'))
|
||||
|
||||
return render_to_response(
|
||||
request,
|
||||
'mediagoblin/edit/change_pass.html',
|
||||
{'form': form,
|
||||
'user': user})
|
||||
|
||||
# Password matches
|
||||
user.pw_hash = auth.gen_password_hash(
|
||||
form.new_password.data)
|
||||
user.save()
|
||||
|
||||
messages.add_message(
|
||||
request, messages.SUCCESS,
|
||||
_('Your password was changed successfully'))
|
||||
|
||||
return redirect(request, 'mediagoblin.edit.account')
|
||||
|
||||
return render_to_response(
|
||||
request,
|
||||
'mediagoblin/edit/change_pass.html',
|
||||
{'form': form,
|
||||
'user': user})
|
||||
|
||||
|
||||
def verify_email(request):
|
||||
"""
|
||||
Email verification view for changing email address
|
||||
|
@ -61,3 +61,16 @@ class ChangeForgotPassForm(wtforms.Form):
|
||||
token = wtforms.HiddenField(
|
||||
'',
|
||||
[wtforms.validators.Required()])
|
||||
|
||||
|
||||
class ChangePassForm(wtforms.Form):
|
||||
old_password = wtforms.PasswordField(
|
||||
_('Old password'),
|
||||
[wtforms.validators.Required()],
|
||||
description=_(
|
||||
"Enter your old password to prove you own this account."))
|
||||
new_password = wtforms.PasswordField(
|
||||
_('New password'),
|
||||
[wtforms.validators.Required(),
|
||||
wtforms.validators.Length(min=6, max=30)],
|
||||
id="password")
|
||||
|
@ -29,7 +29,7 @@
|
||||
{%- endblock %}
|
||||
|
||||
{% block mediagoblin_content %}
|
||||
<form action="{{ request.urlgen('mediagoblin.auth.verify_forgot_password') }}"
|
||||
<form action="{{ request.urlgen('mediagoblin.plugins.basic_auth.verify_forgot_password') }}"
|
||||
method="POST" enctype="multipart/form-data">
|
||||
{{ csrf_token }}
|
||||
<div class="form_box">
|
||||
|
@ -31,7 +31,7 @@
|
||||
{%- endblock %}
|
||||
|
||||
{% block mediagoblin_content %}
|
||||
<form action="{{ request.urlgen('mediagoblin.edit.pass') }}"
|
||||
<form action="{{ request.urlgen('mediagoblin.plugins.basic_auth.edit.pass') }}"
|
||||
method="POST" enctype="multipart/form-data">
|
||||
<div class="form_box edit_box">
|
||||
<h1>
|
@ -24,7 +24,7 @@
|
||||
{%- endblock %}
|
||||
|
||||
{% block mediagoblin_content %}
|
||||
<form action="{{ request.urlgen('mediagoblin.auth.forgot_password') }}"
|
||||
<form action="{{ request.urlgen('mediagoblin.plugins.basic_auth.forgot_password') }}"
|
||||
method="POST" enctype="multipart/form-data">
|
||||
{{ csrf_token }}
|
||||
<div class="form_box">
|
||||
|
@ -0,0 +1,29 @@
|
||||
{#
|
||||
# GNU MediaGoblin -- federated, autonomous media hosting
|
||||
# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU Affero General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
-#}
|
||||
|
||||
{% trans username=username, verification_url=verification_url|safe -%}
|
||||
Hi,
|
||||
|
||||
We wanted to verify that you are {{ username }}. If this is the case, then
|
||||
please follow the link below to verify your new email address.
|
||||
|
||||
{{ verification_url }}
|
||||
|
||||
If you are not {{ username }} or didn't request an email change, you can ignore
|
||||
this email.
|
||||
{%- endtrans %}
|
@ -17,6 +17,7 @@ from itsdangerous import BadSignature
|
||||
|
||||
from mediagoblin import messages
|
||||
from mediagoblin.db.models import User
|
||||
from mediagoblin.decorators import require_active_login
|
||||
from mediagoblin.plugins.basic_auth import forms, tools
|
||||
from mediagoblin.tools.crypto import get_timed_signer_url
|
||||
from mediagoblin.tools.mail import email_debug_message
|
||||
@ -178,3 +179,39 @@ def _process_for_token(request):
|
||||
'has_token': 'token' in formdata_vars}
|
||||
|
||||
return formdata
|
||||
|
||||
|
||||
@require_active_login
|
||||
def change_pass(request):
|
||||
form = forms.ChangePassForm(request.form)
|
||||
user = request.user
|
||||
|
||||
if request.method == 'POST' and form.validate():
|
||||
|
||||
if not tools.bcrypt_check_password(
|
||||
form.old_password.data, user.pw_hash):
|
||||
form.old_password.errors.append(
|
||||
_('Wrong password'))
|
||||
|
||||
return render_to_response(
|
||||
request,
|
||||
'mediagoblin/plugins/basic_auth/change_pass.html',
|
||||
{'form': form,
|
||||
'user': user})
|
||||
|
||||
# Password matches
|
||||
user.pw_hash = tools.bcrypt_gen_password_hash(
|
||||
form.new_password.data)
|
||||
user.save()
|
||||
|
||||
messages.add_message(
|
||||
request, messages.SUCCESS,
|
||||
_('Your password was changed successfully'))
|
||||
|
||||
return redirect(request, 'mediagoblin.edit.account')
|
||||
|
||||
return render_to_response(
|
||||
request,
|
||||
'mediagoblin/plugins/basic_auth/change_pass.html',
|
||||
{'form': form,
|
||||
'user': user})
|
||||
|
@ -183,7 +183,7 @@ def test_register_views(test_app):
|
||||
message = mail.EMAIL_TEST_INBOX.pop()
|
||||
assert message['To'] == 'happygrrl@example.org'
|
||||
email_context = template.TEMPLATE_TEST_CONTEXT[
|
||||
'mediagoblin/auth/fp_verification_email.txt']
|
||||
'mediagoblin/plugins/basic_auth/fp_verification_email.txt']
|
||||
#TODO - change the name of verification_url to something forgot-password-ish
|
||||
assert email_context['verification_url'] in message.get_payload(decode=True)
|
||||
|
||||
@ -204,7 +204,8 @@ def test_register_views(test_app):
|
||||
## Verify step 1 of password-change works -- can see form to change password
|
||||
template.clear_test_template_context()
|
||||
response = test_app.get("%s?%s" % (path, get_params))
|
||||
assert 'mediagoblin/auth/change_fp.html' in template.TEMPLATE_TEST_CONTEXT
|
||||
assert 'mediagoblin/plugins/basic_auth/change_fp.html' in \
|
||||
template.TEMPLATE_TEST_CONTEXT
|
||||
|
||||
## Verify step 2.1 of password-change works -- report success to user
|
||||
template.clear_test_template_context()
|
||||
|
@ -13,7 +13,12 @@
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
import urlparse
|
||||
|
||||
from mediagoblin.db.models import User
|
||||
from mediagoblin.plugins.basic_auth import tools as auth_tools
|
||||
from mediagoblin.tests.tools import fixture_add_user
|
||||
from mediagoblin.tools import template
|
||||
from mediagoblin.tools.testing import _activate_testing
|
||||
|
||||
_activate_testing()
|
||||
@ -57,3 +62,40 @@ def test_bcrypt_gen_password_hash():
|
||||
pw, hashed_pw, '3><7R45417')
|
||||
assert not auth_tools.bcrypt_check_password(
|
||||
'notthepassword', hashed_pw, '3><7R45417')
|
||||
|
||||
|
||||
def test_change_password(self, test_app):
|
||||
"""Test changing password correctly and incorrectly"""
|
||||
test_user = fixture_add_user(password=u'toast')
|
||||
|
||||
test_app.post(
|
||||
'/auth/login/', {
|
||||
'username': u'chris',
|
||||
'password': u'toast'})
|
||||
|
||||
# test that the password can be changed
|
||||
res = test_app.post(
|
||||
'/edit/password/', {
|
||||
'old_password': 'toast',
|
||||
'new_password': '123456',
|
||||
})
|
||||
res.follow()
|
||||
|
||||
# Did we redirect to the correct page?
|
||||
assert urlparse.urlsplit(res.location)[2] == '/edit/account/'
|
||||
|
||||
# test_user has to be fetched again in order to have the current values
|
||||
test_user = User.query.filter_by(username=u'chris').first()
|
||||
assert auth_tools.bcrypt_check_password('123456', test_user.pw_hash)
|
||||
|
||||
# test that the password cannot be changed if the given
|
||||
# old_password is wrong
|
||||
template.clear_test_template_context()
|
||||
test_app.post(
|
||||
'/edit/password/', {
|
||||
'old_password': 'toast',
|
||||
'new_password': '098765',
|
||||
})
|
||||
|
||||
test_user = User.query.filter_by(username=u'chris').first()
|
||||
assert not auth_tools.bcrypt_check_password('098765', test_user.pw_hash)
|
||||
|
@ -56,41 +56,6 @@ class TestUserEdit(object):
|
||||
self.login(test_app)
|
||||
|
||||
|
||||
def test_change_password(self, test_app):
|
||||
"""Test changing password correctly and incorrectly"""
|
||||
self.login(test_app)
|
||||
|
||||
# test that the password can be changed
|
||||
template.clear_test_template_context()
|
||||
res = test_app.post(
|
||||
'/edit/password/', {
|
||||
'old_password': 'toast',
|
||||
'new_password': '123456',
|
||||
})
|
||||
res.follow()
|
||||
|
||||
# Did we redirect to the correct page?
|
||||
assert urlparse.urlsplit(res.location)[2] == '/edit/account/'
|
||||
|
||||
# test_user has to be fetched again in order to have the current values
|
||||
test_user = User.query.filter_by(username=u'chris').first()
|
||||
assert auth.check_password('123456', test_user.pw_hash)
|
||||
# Update current user passwd
|
||||
self.user_password = '123456'
|
||||
|
||||
# test that the password cannot be changed if the given
|
||||
# old_password is wrong
|
||||
template.clear_test_template_context()
|
||||
test_app.post(
|
||||
'/edit/password/', {
|
||||
'old_password': 'toast',
|
||||
'new_password': '098765',
|
||||
})
|
||||
|
||||
test_user = User.query.filter_by(username=u'chris').first()
|
||||
assert not auth.check_password('098765', test_user.pw_hash)
|
||||
|
||||
|
||||
def test_change_bio_url(self, test_app):
|
||||
"""Test changing bio and URL"""
|
||||
self.login(test_app)
|
||||
|
Loading…
x
Reference in New Issue
Block a user