From 19ad5f1c2db1bd01ba96d621aafb1746adea282a Mon Sep 17 00:00:00 2001 From: farhaanbukhsh Date: Jan 19 2016 15:21:03 +0000 Subject: Fix login user bug --- diff --git a/pagure/templates/login/password_recover.html b/pagure/templates/login/password_recover.html index 8c6bcf9..3e9eae0 100644 --- a/pagure/templates/login/password_recover.html +++ b/pagure/templates/login/password_recover.html @@ -13,9 +13,7 @@
Change password
-
+ {{ render_bootstrap_field(form.old_password) }} {{ render_bootstrap_field(form.password) }} {{ render_bootstrap_field(form.confirm_password) }} diff --git a/pagure/ui/login.py b/pagure/ui/login.py index d9fb542..8c5be80 100644 --- a/pagure/ui/login.py +++ b/pagure/ui/login.py @@ -22,7 +22,7 @@ import pagure.lib import pagure.lib.login import pagure.lib.model as model import pagure.lib.notify -from pagure import APP, SESSION +from pagure import APP, SESSION, cla_required from pagure.lib.login import generate_hashed_value, check_password # pylint: disable=E1101 @@ -193,11 +193,12 @@ def lost_password(): return flask.redirect(flask.url_for('auth_login')) elif user_obj.token: current_time = datetime.datetime.utcnow() - invalid_period = user_obj.updated_on + datetime.timedelta(minutes=3) + invalid_period = user_obj.updated_on + \ + datetime.timedelta(minutes=3) if current_time < invalid_period: flask.flash('An email was sent to you less than 3 minutes ago, ' - 'did you check your spam folder? Otherwise, ' - 'try again after some time.', 'error') + 'did you check your spam folder? Otherwise, ' + 'try again after some time.', 'error') return flask.redirect(flask.url_for('auth_login')) token = pagure.lib.login.id_generator(40) @@ -268,19 +269,24 @@ def reset_password(token): form=form, token=token, ) +# +# Methods specific to local login. +# -@APP.route('/password/change//', methods=['GET', 'POST']) -@APP.route('/password/change/', methods=['GET', 'POST']) -def change_password(username): +@APP.route('/password/change/', methods=['GET', 'POST']) +@APP.route('/password/change', methods=['GET', 'POST']) +@cla_required +def change_password(): """ Method to change the password for local auth users. """ + form = forms.ChangePasswordForm() - user_obj = pagure.lib.search_user(SESSION, username=username) + user_obj = pagure.lib.search_user( + SESSION, username=flask.g.fas_user.username) if not user_obj: - flask.flash('No user associated with this username.', 'error') - return flask.redirect(flask.url_for('auth_login')) + flask.abort(404, 'User not found') if form.validate_on_submit(): @@ -321,14 +327,9 @@ def change_password(username): return flask.render_template( 'login/password_recover.html', form=form, - username=username, ) -# -# Methods specific to local login. -# - def send_confirmation_email(user): """ Sends the confirmation email asking the user to confirm its email address. diff --git a/tests/test_pagure_flask_ui_login.py b/tests/test_pagure_flask_ui_login.py index fbb6387..09f4284 100644 --- a/tests/test_pagure_flask_ui_login.py +++ b/tests/test_pagure_flask_ui_login.py @@ -84,7 +84,7 @@ class PagureFlaskLogintests(tests.Modeltests): '', output.data) csrf_token = output.data.split( - 'name="csrf_token" type="hidden" value="')[1].split('">')[0] + 'name="csrf_token" type="hidden" value="')[1].split('">')[0] # Submit the form with the csrf token data['csrf_token'] = csrf_token @@ -139,7 +139,7 @@ class PagureFlaskLogintests(tests.Modeltests): self.assertIn('Insufficient information provided', output.data) csrf_token = output.data.split( - 'name="csrf_token" type="hidden" value="')[1].split('">')[0] + 'name="csrf_token" type="hidden" value="')[1].split('">')[0] # Submit the form with the csrf token - but invalid user data['csrf_token'] = csrf_token @@ -335,7 +335,7 @@ class PagureFlaskLogintests(tests.Modeltests): '', output.data) csrf_token = output.data.split( - 'name="csrf_token" type="hidden" value="')[1].split('">')[0] + 'name="csrf_token" type="hidden" value="')[1].split('">')[0] # With the CSRF - But invalid user data['csrf_token'] = csrf_token @@ -407,7 +407,7 @@ class PagureFlaskLogintests(tests.Modeltests): '')[0] + 'name="csrf_token" type="hidden" value="')[1].split('">')[0] # With CSRF data['csrf_token'] = csrf_token @@ -436,7 +436,8 @@ class PagureFlaskLogintests(tests.Modeltests): with tests.user_set(pagure.APP, user): output = self.app.get('/password/change') self.assertEqual(output.status_code, 200) - self.assertIn('Change password - Pagure', output.data) + self.assertIn( + 'Change password - Pagure', output.data) self.assertIn( '', output.data) @@ -449,7 +450,8 @@ class PagureFlaskLogintests(tests.Modeltests): # No CSRF token output = self.app.post('/password/change', data=data) self.assertEqual(output.status_code, 200) - self.assertIn('Change password - Pagure', output.data) + self.assertIn( + 'Change password - Pagure', output.data) self.assertIn( '', output.data) @@ -481,7 +483,8 @@ class PagureFlaskLogintests(tests.Modeltests): with tests.user_set(pagure.APP, user): output = self.app.get('/password/change') self.assertEqual(output.status_code, 200) - self.assertIn('Change password - Pagure', output.data) + self.assertIn( + 'Change password - Pagure', output.data) self.assertIn( '', output.data) @@ -494,7 +497,8 @@ class PagureFlaskLogintests(tests.Modeltests): # No CSRF token output = self.app.post('/password/change', data=data) self.assertEqual(output.status_code, 200) - self.assertIn('Change password - Pagure', output.data) + self.assertIn( + 'Change password - Pagure', output.data) self.assertIn( '', output.data)