moved change_pass to basic_auth and fixed some typos with the moving of forgot pass

This commit is contained in:
Rodney Ewing 2013-07-08 17:17:12 -07:00
parent aeae6cc290
commit af665c4eb9
12 changed files with 127 additions and 96 deletions

View File

@ -98,16 +98,3 @@ class EditCollectionForm(wtforms.Form):
description=_(
"The title part of this collection's address. "
"You usually don't need to change this."))
class ChangePassForm(wtforms.Form):
old_password = wtforms.PasswordField(
_('Old password'),
[wtforms.validators.Required()],
description=_(
"Enter your old password to prove you own this account."))
new_password = wtforms.PasswordField(
_('New password'),
[wtforms.validators.Required(),
wtforms.validators.Length(min=6, max=30)],
id="password")

View File

@ -24,7 +24,5 @@ add_route('mediagoblin.edit.account', '/edit/account/',
'mediagoblin.edit.views:edit_account')
add_route('mediagoblin.edit.delete_account', '/edit/account/delete/',
'mediagoblin.edit.views:delete_account')
add_route('mediagoblin.edit.pass', '/edit/password/',
'mediagoblin.edit.views:change_pass')
add_route('mediagoblin.edit.verify_email', '/edit/verify_email/',
'mediagoblin.edit.views:verify_email')

View File

@ -23,7 +23,6 @@ from werkzeug.utils import secure_filename
from mediagoblin import messages
from mediagoblin import mg_globals
from mediagoblin import auth
from mediagoblin.auth import tools as auth_tools
from mediagoblin.edit import forms
from mediagoblin.edit.lib import may_edit_media
@ -340,46 +339,6 @@ def edit_collection(request, collection):
'form': form})
@require_active_login
def change_pass(request):
# If no password authentication, no need to change your password
if 'pass_auth' not in request.template_env.globals:
return redirect(request, 'index')
form = forms.ChangePassForm(request.form)
user = request.user
if request.method == 'POST' and form.validate():
if not auth.check_password(
form.old_password.data, user.pw_hash):
form.old_password.errors.append(
_('Wrong password'))
return render_to_response(
request,
'mediagoblin/edit/change_pass.html',
{'form': form,
'user': user})
# Password matches
user.pw_hash = auth.gen_password_hash(
form.new_password.data)
user.save()
messages.add_message(
request, messages.SUCCESS,
_('Your password was changed successfully'))
return redirect(request, 'mediagoblin.edit.account')
return render_to_response(
request,
'mediagoblin/edit/change_pass.html',
{'form': form,
'user': user})
def verify_email(request):
"""
Email verification view for changing email address

View File

@ -61,3 +61,16 @@ class ChangeForgotPassForm(wtforms.Form):
token = wtforms.HiddenField(
'',
[wtforms.validators.Required()])
class ChangePassForm(wtforms.Form):
old_password = wtforms.PasswordField(
_('Old password'),
[wtforms.validators.Required()],
description=_(
"Enter your old password to prove you own this account."))
new_password = wtforms.PasswordField(
_('New password'),
[wtforms.validators.Required(),
wtforms.validators.Length(min=6, max=30)],
id="password")

View File

@ -29,7 +29,7 @@
{%- endblock %}
{% block mediagoblin_content %}
<form action="{{ request.urlgen('mediagoblin.auth.verify_forgot_password') }}"
<form action="{{ request.urlgen('mediagoblin.plugins.basic_auth.verify_forgot_password') }}"
method="POST" enctype="multipart/form-data">
{{ csrf_token }}
<div class="form_box">

View File

@ -31,7 +31,7 @@
{%- endblock %}
{% block mediagoblin_content %}
<form action="{{ request.urlgen('mediagoblin.edit.pass') }}"
<form action="{{ request.urlgen('mediagoblin.plugins.basic_auth.edit.pass') }}"
method="POST" enctype="multipart/form-data">
<div class="form_box edit_box">
<h1>

View File

@ -24,7 +24,7 @@
{%- endblock %}
{% block mediagoblin_content %}
<form action="{{ request.urlgen('mediagoblin.auth.forgot_password') }}"
<form action="{{ request.urlgen('mediagoblin.plugins.basic_auth.forgot_password') }}"
method="POST" enctype="multipart/form-data">
{{ csrf_token }}
<div class="form_box">

View File

@ -0,0 +1,29 @@
{#
# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-#}
{% trans username=username, verification_url=verification_url|safe -%}
Hi,
We wanted to verify that you are {{ username }}. If this is the case, then
please follow the link below to verify your new email address.
{{ verification_url }}
If you are not {{ username }} or didn't request an email change, you can ignore
this email.
{%- endtrans %}

View File

@ -17,6 +17,7 @@ from itsdangerous import BadSignature
from mediagoblin import messages
from mediagoblin.db.models import User
from mediagoblin.decorators import require_active_login
from mediagoblin.plugins.basic_auth import forms, tools
from mediagoblin.tools.crypto import get_timed_signer_url
from mediagoblin.tools.mail import email_debug_message
@ -178,3 +179,39 @@ def _process_for_token(request):
'has_token': 'token' in formdata_vars}
return formdata
@require_active_login
def change_pass(request):
form = forms.ChangePassForm(request.form)
user = request.user
if request.method == 'POST' and form.validate():
if not tools.bcrypt_check_password(
form.old_password.data, user.pw_hash):
form.old_password.errors.append(
_('Wrong password'))
return render_to_response(
request,
'mediagoblin/plugins/basic_auth/change_pass.html',
{'form': form,
'user': user})
# Password matches
user.pw_hash = tools.bcrypt_gen_password_hash(
form.new_password.data)
user.save()
messages.add_message(
request, messages.SUCCESS,
_('Your password was changed successfully'))
return redirect(request, 'mediagoblin.edit.account')
return render_to_response(
request,
'mediagoblin/plugins/basic_auth/change_pass.html',
{'form': form,
'user': user})

View File

@ -183,7 +183,7 @@ def test_register_views(test_app):
message = mail.EMAIL_TEST_INBOX.pop()
assert message['To'] == 'happygrrl@example.org'
email_context = template.TEMPLATE_TEST_CONTEXT[
'mediagoblin/auth/fp_verification_email.txt']
'mediagoblin/plugins/basic_auth/fp_verification_email.txt']
#TODO - change the name of verification_url to something forgot-password-ish
assert email_context['verification_url'] in message.get_payload(decode=True)
@ -204,7 +204,8 @@ def test_register_views(test_app):
## Verify step 1 of password-change works -- can see form to change password
template.clear_test_template_context()
response = test_app.get("%s?%s" % (path, get_params))
assert 'mediagoblin/auth/change_fp.html' in template.TEMPLATE_TEST_CONTEXT
assert 'mediagoblin/plugins/basic_auth/change_fp.html' in \
template.TEMPLATE_TEST_CONTEXT
## Verify step 2.1 of password-change works -- report success to user
template.clear_test_template_context()

View File

@ -13,7 +13,12 @@
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import urlparse
from mediagoblin.db.models import User
from mediagoblin.plugins.basic_auth import tools as auth_tools
from mediagoblin.tests.tools import fixture_add_user
from mediagoblin.tools import template
from mediagoblin.tools.testing import _activate_testing
_activate_testing()
@ -57,3 +62,40 @@ def test_bcrypt_gen_password_hash():
pw, hashed_pw, '3><7R45417')
assert not auth_tools.bcrypt_check_password(
'notthepassword', hashed_pw, '3><7R45417')
def test_change_password(self, test_app):
"""Test changing password correctly and incorrectly"""
test_user = fixture_add_user(password=u'toast')
test_app.post(
'/auth/login/', {
'username': u'chris',
'password': u'toast'})
# test that the password can be changed
res = test_app.post(
'/edit/password/', {
'old_password': 'toast',
'new_password': '123456',
})
res.follow()
# Did we redirect to the correct page?
assert urlparse.urlsplit(res.location)[2] == '/edit/account/'
# test_user has to be fetched again in order to have the current values
test_user = User.query.filter_by(username=u'chris').first()
assert auth_tools.bcrypt_check_password('123456', test_user.pw_hash)
# test that the password cannot be changed if the given
# old_password is wrong
template.clear_test_template_context()
test_app.post(
'/edit/password/', {
'old_password': 'toast',
'new_password': '098765',
})
test_user = User.query.filter_by(username=u'chris').first()
assert not auth_tools.bcrypt_check_password('098765', test_user.pw_hash)

View File

@ -56,41 +56,6 @@ class TestUserEdit(object):
self.login(test_app)
def test_change_password(self, test_app):
"""Test changing password correctly and incorrectly"""
self.login(test_app)
# test that the password can be changed
template.clear_test_template_context()
res = test_app.post(
'/edit/password/', {
'old_password': 'toast',
'new_password': '123456',
})
res.follow()
# Did we redirect to the correct page?
assert urlparse.urlsplit(res.location)[2] == '/edit/account/'
# test_user has to be fetched again in order to have the current values
test_user = User.query.filter_by(username=u'chris').first()
assert auth.check_password('123456', test_user.pw_hash)
# Update current user passwd
self.user_password = '123456'
# test that the password cannot be changed if the given
# old_password is wrong
template.clear_test_template_context()
test_app.post(
'/edit/password/', {
'old_password': 'toast',
'new_password': '098765',
})
test_user = User.query.filter_by(username=u'chris').first()
assert not auth.check_password('098765', test_user.pw_hash)
def test_change_bio_url(self, test_app):
"""Test changing bio and URL"""
self.login(test_app)